Hey folks,
There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.
This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.
The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even the most established commercial products in crawl coverage, vulnerability
identification and accuracy -- scores can be found in the release announcement.
Brief list of changes:
- Updated workflow:
- No more crawl-first, scan workload is discovered and handled on-the-fly.
- Support for suspending scans to disk.
- Addition of an integrated browser environment, supporting:
- HTML5/DOM/JavaScript/AJAX
- Detection of DOM-based issues.
- New input vectors:
- DOM forms
- DOM links (with parameters in URL fragments)
- DOM cookies
- Link templates (for extracting arbitrary inputs from generic paths).
- DOM link templates (for extracting arbitrary inputs from generic URL fragments).
- Support for URL-rewrite rules.
- New checks:
- NoSQL injection (error based and blind).
- DOM XSS variants.
- New reports providing enormous amounts of context for easy issue verification
and resolution -- especially for DOM-based ones.
- Cleaned up RPC API.
- License update:
- Proprietary, commercial license for SaaS providers and commercial distributors.
- Apache License v2.0 for all other use cases.
For more details about the new release please visit:
http://www.arachni-scanner.com/blog/arachni-v1-0-webui-v0-5/
Download page: http://www.arachni-scanner.com/download/
Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2014 Tasos Laskos
License - Dual-licensed (Apache License v2/Proprietary)
(http://www.arachni-scanner.com/license/)
Cheers,
Tasos Laskos.
Hey folks,
There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.
This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.
The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even the most established commercial products in crawl coverage, vulnerability
identification and accuracy -- scores can be found in the release announcement.
Brief list of changes:
* Updated workflow:
* No more crawl-first, scan workload is discovered and handled on-the-fly.
* Support for suspending scans to disk.
* Addition of an integrated browser environment, supporting:
* HTML5/DOM/JavaScript/AJAX
* Detection of DOM-based issues.
* New input vectors:
* DOM forms
* DOM links (with parameters in URL fragments)
* DOM cookies
* Link templates (for extracting arbitrary inputs from generic paths).
* DOM link templates (for extracting arbitrary inputs from generic URL fragments).
* Support for URL-rewrite rules.
* New checks:
* NoSQL injection (error based and blind).
* DOM XSS variants.
* New reports providing enormous amounts of context for easy issue verification
and resolution -- especially for DOM-based ones.
* Cleaned up RPC API.
* License update:
* Proprietary, commercial license for SaaS providers and commercial distributors.
* Apache License v2.0 for all other use cases.
For more details about the new release please visit:
http://www.arachni-scanner.com/blog/arachni-v1-0-webui-v0-5/
Download page: http://www.arachni-scanner.com/download/
Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2014 Tasos Laskos
License - Dual-licensed (Apache License v2/Proprietary)
(http://www.arachni-scanner.com/license/)
Cheers,
Tasos Laskos.