Monday, October 03, 2011

Arachni v0.3 is out!

Arachni - a dramatic improvement in the detection accuracy of Reflected XSS exposures, and a dramatic improvement in the detection accuracy of SQL Injection exposures (verified on mysql).

Arachni uses various techniques to compensate for the widely heterogeneous environment of web applications.
This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along with novel technologies (rDiff analysis, modular meta-analysis) developed specifically for the framework.
This allows the system to make highly informed decisions using a variety of different inputs; a process which diminishes false positives and even uses them to provide human-like insights into the inner workings of web applications.

Version v0.3 has just been released and it includes a lot of goodies including:
  • A new custom-written, lightweight Spider
  • Add-on support for the WebUI
    • Scan scheduler
    • AutoDeploy -- Convert any SSH enabled Linux box into a Dispatcher
  • Improved accuracy of differential analysis audits
  • Improved accuracy of timing attack audits
  • Highly optimized timing attacks
For more information about this scanner, please see this link:
http://arachni.segfault.gr/news

To download Arachni:
https://github.com/Zapotek/arachni/downloads

1 comment:

Dubai said...

Excellent pieces. Keep posting such kind of information on your blog. I really impressed by your blog.
Android apps developer| Android development|