Web Application Security
Back to list
Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework)
Aug 29 2014 11:45PM
Tasos Laskos (tasos laskos gmail com)
There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.
This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even the most established commercial products in crawl coverage, vulnerability
identification and accuracy -- scores can be found in the release announcement.
Brief list of changes:
* Updated workflow:
* No more crawl-first, scan workload is discovered and handled on-the-fly.
* Support for suspending scans to disk.
* Addition of an integrated browser environment, supporting:
* Detection of DOM-based issues.
* New input vectors:
* DOM forms
* DOM links (with parameters in URL fragments)
* DOM cookies
* Link templates (for extracting arbitrary inputs from generic paths).
* DOM link templates (for extracting arbitrary inputs from generic URL fragments).
* Support for URL-rewrite rules.
* New checks:
* NoSQL injection (error based and blind).
* DOM XSS variants.
* New reports providing enormous amounts of context for easy issue verification
and resolution -- especially for DOM-based ones.
* Cleaned up RPC API.
* License update:
* Proprietary, commercial license for SaaS providers and commercial distributors.
* Apache License v2.0 for all other use cases.
For more details about the new release please visit:
Download page: http://www.arachni-scanner.com/download/
Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2014 Tasos Laskos
License - Dual-licensed (Apache License v2/Proprietary)
This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
[ reply ]
Copyright 2010, SecurityFocus