[WEB SECURITY] Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework)

Tasos Laskos tasos.laskos at gmail.com
Sat Sep 14 18:57:51 EDT 2013

Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
     be matched against the per-platform payloads. Bottom line, pattern matching
     operations have been greatly reduced overall and vulnerabilities can be used
     to fingerprint the remote platform.
* Modules
     * Path traversal (path_traversal)
         * Updated to use more generic signatures.
         * Added dot-truncation for MS Windows payloads.
         * Moved non-traversal payloads to the file_inclusion module.
     * File inclusion (file_inclusion) — Extracted from path_traversal.
         * Uses common server-side files and errors to identify issues.
     * SQL Injection (sqli) — Added support for the following databases:
         * Firebird
         * SAP Max DB
         * Sybase
         * Frontbase
         * IngresDB
         * HSQLDB
         * MS Access
     * localstart_asp — Checks if localstart.asp is accessible.
* Plugins — Added:
         * Uncommon headers (uncommon_headers) — Logs uncommon headers.

For more details about the new release please visit:

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2013 Tasos Laskos
License            - Apache License v2

Tasos Laskos.

More information about the websecurity mailing list