Arachni uses various techniques to compensate for the widely heterogeneous environment of web applications.
This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along with novel technologies (rDiff analysis, modular meta-analysis) developed specifically for the framework.
This allows the system to make highly informed decisions using a variety of different inputs; a process which diminishes false positives and even uses them to provide human-like insights into the inner workings of web applications.
Version v0.3 has just been released and it includes a lot of goodies including:
- A new custom-written, lightweight Spider
- Add-on support for the WebUI
- Scan scheduler
- AutoDeploy -- Convert any SSH enabled Linux box into a Dispatcher
- Improved accuracy of differential analysis audits
- Improved accuracy of timing attack audits
- Highly optimized timing attacks
To download Arachni: