WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework)

From: Tasos Laskos <tasos.laskos () gmail com>
Date: Sat, 30 Aug 2014 02:45:28 +0300
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.

The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even the most established commercial products in crawl coverage, vulnerability
identification and accuracy -- scores can be found in the release announcement.

Brief list of changes:

* Updated workflow:
    * No more crawl-first, scan workload is discovered and handled on-the-fly.
    * Support for suspending scans to disk.
* Addition of an integrated browser environment, supporting:
    * HTML5/DOM/JavaScript/AJAX
    * Detection of DOM-based issues.
* New input vectors:
    * DOM forms
    * DOM links (with parameters in URL fragments)
    * DOM cookies
    * Link templates (for extracting arbitrary inputs from generic paths).
    * DOM link templates (for extracting arbitrary inputs from generic URL fragments).
* Support for URL-rewrite rules.
* New checks:
    * NoSQL injection (error based and blind).
    * DOM XSS variants.
* New reports providing enormous amounts of context for easy issue verification
    and resolution -- especially for DOM-based ones.
* Cleaned up RPC API.
* License update:
    * Proprietary, commercial license for SaaS providers and commercial distributors.
    * Apache License v2.0 for all other use cases.

For more details about the new release please visit:
     http://www.arachni-scanner.com/blog/arachni-v1-0-webui-v0-5/

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2014 Tasos Laskos
License            - Dual-licensed (Apache License v2/Proprietary)
                        (http://www.arachni-scanner.com/license/)

Cheers,
Tasos Laskos.



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: