Penetration Testing
Arachni v0.4.5.1-0.4.2 has been released (Open Source Web Application Security Scanner Framework) Sep 14 2013 10:57PM
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and
high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
be matched against the per-platform payloads. Bottom line, pattern matching
operations have been greatly reduced overall and vulnerabilities can be used
to fingerprint the remote platform.
* Modules
* Path traversal (path_traversal)
* Updated to use more generic signatures.
* Added dot-truncation for MS Windows payloads.
* Moved non-traversal payloads to the file_inclusion module.
* File inclusion (file_inclusion) â?? Extracted from path_traversal.
* Uses common server-side files and errors to identify issues.
* SQL Injection (sqli) â?? Added support for the following databases:
* Firebird
* SAP Max DB
* Sybase
* Frontbase
* IngresDB
* MS Access
* localstart_asp â?? Checks if localstart.asp is accessible.
* Plugins â?? Added:
* Uncommon headers (uncommon_headers) â?? Logs uncommon headers.

For more details about the new release please visit:

Download page:

Homepage -
Blog -
Documentation -
Support -
GitHub page -
Code Documentation -
Author - Tasos "Zapotek" Laskos (
Twitter -
Copyright - 2010-2013 Tasos Laskos
License - Apache License v2

Tasos Laskos.


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus