Hey folks,
There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.
The change-log is quite sizeable but some bullet points follow.
For the Framework (v0.4.4):
- New checks
- Source code disclosure (source_code_disclosure)
- Code execution via the php://input wrapper (code_execution_php_input_wrapper)
- X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass)
- Form-based upload logging (form_upload)
- Accuracy improvements
- Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff)
- Improved payloads and analysis technique.
- Path traversal (path_traversal)
- Updated to start with / and go all the way up to /../../../../../../.
- Added fingerprints for /proc/self/environ.
- Improved coverage for MS Windows
- Remote file inclusion (rfi)
- Updated to handle cases where the web application appends its own extension to the injected string.
For the Web User Interface (v0.4.2):
- Fixed bug causing the system to hang after 1:24 hours of scan monitoring,
caused by improper caching of RPC clients.
- Profiles
- Added HTTP auth options -- instead of only allowing credentials to
be passed via the URL.
For more details about the new release please visit:
http://www.arachni-scanner.com/blog/arachni-0-4-4-0-4-2-release/
Download page: http://www.arachni-scanner.com/download/
Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2013 Tasos Laskos
License - Apache License v2
Cheers,
Tasos Laskos.
Hey folks,
There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.
The change-log is quite sizeable but some bullet points follow.
For the Framework (v0.4.4):
* New checks
* Source code disclosure (source_code_disclosure)
* Code execution via the php://input wrapper (code_execution_php_input_wrapper)
* X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass)
* Form-based upload logging (form_upload)
* Accuracy improvements
* Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff)
* Improved payloads and analysis technique.
* Path traversal (path_traversal)
* Updated to start with / and go all the way up to /../../../../../../.
* Added fingerprints for /proc/self/environ.
* Improved coverage for MS Windows
* Remote file inclusion (rfi)
* Updated to handle cases where the web application appends its own extension to the injected string.
For the Web User Interface (v0.4.2):
* Fixed bug causing the system to hang after 1:24 hours of scan monitoring,
caused by improper caching of RPC clients.
* Profiles
* Added HTTP auth options -- instead of only allowing credentials to
be passed via the URL.
For more details about the new release please visit:
http://www.arachni-scanner.com/blog/arachni-0-4-4-0-4-2-release/
Download page: http://www.arachni-scanner.com/download/
Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2013 Tasos Laskos
License - Apache License v2
Cheers,
Tasos Laskos.