arachni

Installing Arachni from source (github)
Running Arachni (cli)
Running Arachni (web)

Arachni is a tool used to audit web applications.

Installing Arachni from source (github)

# 
git clone https://github.com/Arachni/arachni.git
cd arachni
gem install bundler # may need to use sudo
bundle install --without prof # resolve possible dev dependencies
rake install # optional, will install to PATH

Running Arachni (cli)

# scan the target for all types of vulnerabilities
./arachni <target>
# note: stop the scan by pressing <enter>

# scan the target for specific vulnerability
# in this example, the sql_injection_timing check is selected
./arachni <target> --checks= sql_injection_timing

# you can also apply the wildcard to select a variety of a checks
./arachni <target> --checks= sql*

# it is also possible to exclude checks from the scanning process
# in this example, all xss vulnerability tests are excluded
./arachni <target> --checks= *, -xss*

Note: A complete list of command line options can be found on the project’s wiki

Running Arachni (web)

# starting arachni web
./arachni_web
./arachni_rpcd

# access the WebUI at localhost:9292
# default administrator email , password
# admin@admin.admin , administrator

# default user email , password
# user@user.user , regular_user

Note: More info on the Arachni WebUI can be found here

Installing Arachni from source (github)

Running Arachni (cli)

Running Arachni (web)

Resources and More

Links

Reference