arachni

arachni

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives. Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly. Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX. Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

Rubygem arachni

Total Downloads
53728
Releases
32
Current Version
1.1
Released
2015-05-01 00:00:00 UTC
First Release
2011-02-13 00:00:00 UTC
Depending Gems
1

Github Arachni/arachni

Watchers
682
Forks
146
Development activity
Less active
Last commit
2015-05-24 12:37:01 UTC
First commit

Comments

There are no comments yet, be the first to write one!

Post a comment

Markdown supported
or
×

In order to continue, you must be signed in using your Github account.

If you're signing in using this account for the first time Github will ask for your permission to give access to your public user data to the Ruby Toolbox.

Although the Github Authorization page does not mention it, the request includes read-only access to your verified email address (user:email OAuth scope). This is neccessary so there's a way to notify you about comments, information about your accepted project edits and the like. You can review your notification settings on your account page once you're signed in.