WebApp Sec mailing list archives
Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework)
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Sat, 30 Aug 2014 02:45:28 +0300
Hey folks, There's a new version of Arachni, an Open Source, modular and high-performance Web Application Security Scanner Framework written in Ruby. This release makes Arachni the first F/OSS system to have support for a browser environment, allowing it to handle modern web applications which make use of technologies such as HTML5/DOM/JavaScript/AJAX. The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than even the most established commercial products in crawl coverage, vulnerability identification and accuracy -- scores can be found in the release announcement. Brief list of changes: * Updated workflow: * No more crawl-first, scan workload is discovered and handled on-the-fly. * Support for suspending scans to disk. * Addition of an integrated browser environment, supporting: * HTML5/DOM/JavaScript/AJAX * Detection of DOM-based issues. * New input vectors: * DOM forms * DOM links (with parameters in URL fragments) * DOM cookies * Link templates (for extracting arbitrary inputs from generic paths). * DOM link templates (for extracting arbitrary inputs from generic URL fragments). * Support for URL-rewrite rules. * New checks: * NoSQL injection (error based and blind). * DOM XSS variants. * New reports providing enormous amounts of context for easy issue verification and resolution -- especially for DOM-based ones. * Cleaned up RPC API. * License update: * Proprietary, commercial license for SaaS providers and commercial distributors. * Apache License v2.0 for all other use cases. For more details about the new release please visit: http://www.arachni-scanner.com/blog/arachni-v1-0-webui-v0-5/ Download page: http://www.arachni-scanner.com/download/ Homepage - http://www.arachni-scanner.com Blog - http://www.arachni-scanner.com/blog Documentation - https://github.com/Arachni/arachni/wiki Support - http://support.arachni-scanner.com GitHub page - http://github.com/Arachni/arachni Code Documentation - http://rubydoc.info/github/Arachni/arachni Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek) Twitter - http://twitter.com/ArachniScanner Copyright - 2010-2014 Tasos Laskos License - Dual-licensed (Apache License v2/Proprietary) (http://www.arachni-scanner.com/license/) Cheers, Tasos Laskos. This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Aug 31)