Fork me on GitHub
GET THE LATEST RELEASE: v0.4.0.2

Features

The system offers a plethora of features in order to try and provide as much coverage and flexibility as possible.

General

  • Cookie-jar support.
  • Custom header support.
  • SSL support.
  • User Agent spoofing.
  • Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
  • Proxy authentication.
  • Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and others)
  • Highlighted command line output.
  • UI abstraction:
    • Command line UI
    • Web UI (Utilizing the Client - Dispatcher RPC infrastructure)
  • Pause/resume functionality.
  • High performance asynchronous HTTP requests.
  • Open RPC Client/Dispatcher Infrastructure
    • Distributed deployment
    • Multiple clients
    • Parallel scans
    • SSL encryption (with peer authentication)
    • Remote monitoring
    • Support for High Performance Grid configuration, combining the resources of multiple nodes to perform fast scans.

Website Crawler

  • Filters for redundant pages like galleries, catalogs, etc based on regular expressions and counters.
  • URL exclusion filter based on regular expressions.
  • URL inclusion filter based on regular expressions.
  • Can optionally follow subdomains.
  • Adjustable link count limit.
  • Adjustable redirect limit.
  • Modular path extraction via "Path Extractor" components.
  • Can read paths from multiple user supplied files (to both restrict and extend the scope of the crawl).

HTML Parser

Can extract and analyze:

  • Forms
  • Links
  • Cookies
  • Headers

The analyzer can graciously handle badly written HTML code due to a combination of regular expression analysis and the Nokogiri HTML parser.

Module Management

Arachni has over 40 audit (active) and recon (passive) modules which identify and log entities of security and informational interest.
These entities range from serious vulnerabilities (code injection, XSS, SQL injection and many more) to simple data scrapping (e-mail addresses, client-side code comments, etc.).

  • Very simple and easy to use module API providing access to multiple levels of complexity.
  • Helper audit methods:
    • For forms, links and cookies auditing.
    • For time/delay, differential analysis and taint analysis.
    • A wide range of injection strings/input combinations.

Report Management

Report components allow you to format scan results any way you wish. If the existing reports (HTML, Plain Text, XML, etc.) don't fulfill your needs it is very easy to create one that suits you.

  • Modular design.
  • New report types can be added as needed.

Plug-in Management

Arachni offers plug-ins to help automate several tasks ranging from logging-in to a web application to performing high-level meta-analysis by cross-referencing scan results with a large number of environmental data.

  • Modular design
  • Plug-ins are framework demi-gods, they have direct access to the framework instance.
  • Can be used to add any functionality to Arachni.

Trainer subsystem

The Trainer is what enables Arachni to learn from the scan it performs and incorporate that knowledge, on the fly, for the duration of the audit.

Modules have the ability to individually force the Framework to learn from the HTTP responses they are going to induce.
However, this is usually not required since Arachni is aware of which requests are more likely to uncover new elements or attack vectors and will adapt itself accordingly.

Still, this can be an invaluable asset to Fuzzer modules.