Web Application Security
Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) Aug 29 2014 11:45PM
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.

The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even the most established commercial products in crawl coverage, vulnerability
identification and accuracy -- scores can be found in the release announcement.

Brief list of changes:

* Updated workflow:
* No more crawl-first, scan workload is discovered and handled on-the-fly.
* Support for suspending scans to disk.
* Addition of an integrated browser environment, supporting:
* HTML5/DOM/JavaScript/AJAX
* Detection of DOM-based issues.
* New input vectors:
* DOM forms
* DOM links (with parameters in URL fragments)
* DOM cookies
* Link templates (for extracting arbitrary inputs from generic paths).
* DOM link templates (for extracting arbitrary inputs from generic URL fragments).
* Support for URL-rewrite rules.
* New checks:
* NoSQL injection (error based and blind).
* DOM XSS variants.
* New reports providing enormous amounts of context for easy issue verification
and resolution -- especially for DOM-based ones.
* Cleaned up RPC API.
* License update:
* Proprietary, commercial license for SaaS providers and commercial distributors.
* Apache License v2.0 for all other use cases.

For more details about the new release please visit:

Download page: http://www.arachni-scanner.com/download/

Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2014 Tasos Laskos
License - Dual-licensed (Apache License v2/Proprietary)

Tasos Laskos.

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus