Arachni - Web Application Security Scanner Framework

Version 0.4.7
Homepage http://arachni-scanner.com
Blog http://arachni-scanner.com/blog
Github http://github.com/Arachni/arachni
Documentation https://github.com/Arachni/arachni/wiki
Code Documentation http://rubydoc.info/github/Arachni/arachni
Support http://support.arachni-scanner.com
Author Tasos Laskos (@Zap0tek)
Twitter @ArachniScanner
Copyright 2010-2014 Tasos Laskos
License Apache License Version 2.0

Arachni logo

Synopsis

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.

Moreover, Arachni yields great performance due to its asynchronous HTTP model (courtesy of Typhoeus) — especially when combined with a High Performance Grid setup which allows you to combine the resources of multiple nodes for lightning fast scans. Thus, you’ll only be limited by the responsiveness of the server under audit.

Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

Note: Despite the fact that Arachni is mostly targeted towards web application security, it can easily be used for general purpose scraping, data-mining, etc with the addition of custom modules.

Arachni offers:

A stable, efficient, high-performance framework

Module, report and plugin writers are allowed to easily and quickly create and deploy their components with the minimum amount of restrictions imposed upon them, while provided with the necessary infrastructure to accomplish their goals.

Furthermore, they are encouraged to take full advantage of the Ruby language under a unified framework that will increase their productivity without stifling them or complicating their tasks.

Moreover, that same framework can be utilized as any other Ruby library and lead to the development of brand new scanners or help you create highly customized scan/audit scenarios and/or scripted scans.

Simplicity

Although some parts of the Framework are fairly complex you will never have to deal them directly. From a user’s or a component developer’s point of view everything appears simple and straight-forward all the while providing power, performance and flexibility.

From the simple command-line utility scanner to the intuitive and user-friendly Web interface and collaboration platform, Arachni follows the principle of least surprise and provides you with plenty of feedback and guidance.

In simple terms

Arachni is designed to automatically detect security issues in web applications. All it expects is the URL of the target website and after a while it will present you with its findings.

Features

General

Open distributed architecture

Crawler

Auditor

Platform fingerprinter

In order to make efficient use of the available bandwidth, Arachni performs some basic platform fingerprinting and tailors the audit process to the server-side deployed platforms by only injecting applicable payloads.

Currently, the following platforms can be identified:

The user also has the option of specifying extra platforms (like a DB server) in order to help the system be as efficient as possible. Alternatively, fingerprinting can be disabled altogether.

Finally, Arachni will always err on the side of caution and send all available payloads when it fails to identify specific platforms.

HTML Parser

Can extract and analyze:

Module Management

Available modules (security checks)

Modules are system components which perform security checks and log issues.

Audit (Active)

Audit modules actively engage the web application via its inputs.

Recon (Passive)

Recon modules look for the existence of files, folders and signatures.

Report Management

Available reports

Plug-in Management

Available plugins

Plugins add extra functionality to the system in a modular fashion, this way the core remains lean and makes it easy for anyone to add arbitrary functionality.

Defaults

Default plugins will run for every scan and are placed under /plugins/defaults/.

Meta

Plugins under /plugins/defaults/meta/ perform analysis on the scan results to determine trustworthiness or just add context information or general insights.

Trainer subsystem

The Trainer is what enables Arachni to learn from the scan it performs and incorporate that knowledge, on the fly, for the duration of the audit.

Modules have the ability to individually force the Framework to learn from the HTTP responses they are going to induce.

However, this is usually not required since Arachni is aware of which requests are more likely to uncover new elements or attack vectors and will adapt itself accordingly.

Still, this can be an invaluable asset to Fuzzer modules.

Installation

Usage

Configuration of extras

The extras directory holds components that are considered too specialised, dangerous or in some way unsuitable for utilising without explicit user interaction.

This directory was mainly added to distribute modules which can be helpful but should not be put in the default modules directory to prevent them from being automatically loaded.

Should you want to use these extra components simply move them from the extras folder to their appropriate system directories.

Running the specs

You can run rake spec to run all specs or you can run them selectively using the following:

rake spec:core            # for the core libraries
rake spec:modules         # for the modules
rake spec:plugins         # for the plugins
rake spec:reports         # for the reports
rake spec:path_extractors # for the path extractors

Please be warned, the core specs will require a beast of a machine due to the necessity to test the Grid/multi-Instance features of the system.

Note: The module specs will take about 90 minutes due to the timing-attack tests.

Bug reports/Feature requests

Submit bugs using GitHub Issues and get support via the Support Portal.

Contributing

(Before starting any work, please read the instructions for working with the source code.)

We're happy to accept help from fellow code-monkeys and these are the steps you need to follow in order to contribute code:

License

Arachni is licensed under the Apache License Version 2.0.
See the LICENSE file for more information.

Disclaimer

This is free software and you are allowed to use it as you see fit. However, neither the development team nor any of our contributors can held responsible for your actions or for any damage caused by the use of this software.