Penetration Testing
Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework) Aug 12 2013 06:44PM
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but some bullet points follow.

For the Framework (v0.4.4):

* New checks
* Source code disclosure (source_code_disclosure)
* Code execution via the php://input wrapper (code_execution_php_input_wrapper)
* X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass)
* Form-based upload logging (form_upload)
* Accuracy improvements
* Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff)
* Improved payloads and analysis technique.
* Path traversal (path_traversal)
* Updated to start with / and go all the way up to /../../../../../../.
* Added fingerprints for /proc/self/environ.
* Improved coverage for MS Windows
* Remote file inclusion (rfi)
* Updated to handle cases where the web application appends its own extension to the injected string.

For the Web User Interface (v0.4.2):

* Fixed bug causing the system to hang after 1:24 hours of scan monitoring,
caused by improper caching of RPC clients.
* Profiles
* Added HTTP auth options -- instead of only allowing credentials to
be passed via the URL.

For more details about the new release please visit:

Download page:

Homepage -
Blog -
Documentation -
Support -
GitHub page -
Code Documentation -
Author - Tasos "Zapotek" Laskos (
Twitter -
Copyright - 2010-2013 Tasos Laskos
License - Apache License v2

Tasos Laskos.


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus