i Arachni – web application security scanner framework – All things in moderation

Arachni – web application security scanner framework

Introduction

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of moderm web applications.

It is free, with its source code public and avaiable for review.

Features

Free/Public source software

Arachni’ source code is publicly avaiable thus, providing a verifiable, inspectable code to ensure your results have the highest of protection, and that all possible issues are identified.

For those tricky and highly specialized environments, custom modification can easily be added into arachni to supplement its features. Customizations can include:
* Checks – to identify custom issues
* Plugins – to cleanly extend the system’s funcionality
* Reporters – to store/format scan results in whatever way suits you bets.
* RPC service – to control remote resources in your own way

Multiple deployment options

Whatever the environment, it’s highly likely that Arachni will adapt your needs. Deployment options include:
* Ruby library, fo highly-customized, scripted scans
* CLI scanner utility, for quick scans
* WebUI, for mul-User, multi-Scan, multi-Dispatcher management.
* Distributed system using remote agents

The WebUI comes pre-configured with SQLite3; however, for larger workloads PostgreSQL is recommend

Abundance of security checks

Out of the box, arachni has all the full featured support and vulnerability analysis that one would expect form a list calss web application scanner.

All the usual suspects are supported, including:
* XSS
* SQL injection
* NoSQL injection
* Code injection
* File inclusion variants
* Many more …

Integrated browser environment

Arachni can handle complex moderm web applications thanks to its real browser engine, providing:

  • Support for JS/DOM/HML5/AJAX
  • Detection of DOM-based vulnerabilities
  • Tracing of data and execution flows of DOM and Javascipt environments
  • Extra tracing optimizations for common Javascript frameworks: Jquery, AngularJS, …

Intelligent, on-the-fly adaptions to each web application

Arachni analyzes each application resouce individualy, which in turn allow it to tailor each request to the technologies begin used. This results in only applicable payloads being injected when performing its checks, leading less bandwidth consumption, less stress to the web applicaiton.

In addition, web application behavior is constantly fingerprinted and monitored, enabling the identification of custom-404 handlers, server health, etc. with the scanner adjusting its strategy on-the-fly, to ensure accuracy and stability throughout the scan.

Mobile ready – in more ways than one

Arachini can be configured to replicate multiple different client platforms including phones and tables. This is archieved using both user-agent identification, and the viewport size and orientation. This provides a real browser experience for the unparralleled coverage and tesing of mobile sites.

High performance

Arachni wastes no time and minimizes any delay by utilizing:
* Asyncchronous HTTP requests for lightweight concurrency and fast communications
* Clustered browser environment for parallel JS/DOM/operations
* Support for multi-instance scans, utilzing multiple instances/processes, for super-fast audits

Highly detailed, well-structed reports

All reports include an abundance of context for easy reproduction and verification of identified issues, such as:
* Affected page snapshots
* Referring page snapshots
* Full Javascript stack data

As touched on, reports are avaiable in a number of formats that allow you to interpret and use the information contained within. Format include:
* HTML
* JSON
* XML
* YAML
* Text

Architecture

Arachni is a highly modular system, employing serveral componets of distinct types to perform its duties.

Platform fingerprinters

Checks

  • Activate
  • Passivate

Reporters

Plugins

Plugins add extra functionality to the system is a modular fashion, this way the core remains lean and make it easy for anyone to add arbitrary functionality
Default
Default plugins will run for every scan and are place under /plugins/defaults/
Meta
Plugins under /plugins/defaults/meta/ perform analysis on the scan results to determine trustworthiness or just add context information or general insights
For more detail you can visit here

Installation

can download the latest self-contained archive for their system from the website’s download page or build from source

I most recommend you download from the website’s download. After download, extract file and change directory to bin folder:

Arachni provide for you many options to interact with thi framework. In this case I try run arachni_web
In first open website at http://localhost:9292 you need using default credential to login:

Administrator account
E-mail: [email protected]
Password: administrator

Regular user account
E-mail: [email protected]
Password: regular_user

Usage

As I mentioned in section above, arachni provides many interface for you just your own suit.
Here are list interface arachni provides:

  • Command line user interface
  • Web user interface
  • RPC client
  • RPC server
  • REST server

You can follow user guide very detailed here

Bellow are result I tried with a test site using web interface

Conclution

Arachni is one of the best open source web scanner. But it’s also need more improve to compare with web canner commercial verion. If you like it, you can folk it on github and make it more efficently.

Reference

arachni-scanner.com

Leave a Reply