1. Installing Arachni from source (github)
  2. Running Arachni (cli)
  3. Running Arachni (web)

Arachni is a tool used to audit web applications.

Installing Arachni from source (github)

git clone
cd arachni
gem install bundler # may need to use sudo
bundle install --without prof # resolve possible dev dependencies
rake install # optional, will install to PATH

Running Arachni (cli)

# scan the target for all types of vulnerabilities
./arachni <target>
# note: stop the scan by pressing <enter>

# scan the target for specific vulnerability
# in this example, the sql_injection_timing check is selected
./arachni <target> --checks= sql_injection_timing

# you can also apply the wildcard to select a variety of a checks
./arachni <target> --checks= sql*

# it is also possible to exclude checks from the scanning process
# in this example, all xss vulnerability tests are excluded
./arachni <target> --checks= *, -xss*
  • Note: A complete list of command line options can be found on the project’s wiki

Running Arachni (web)

# starting arachni web

# access the WebUI at localhost:9292
# default administrator email , password
# admin@admin.admin , administrator

# default user email , password
# user@user.user , regular_user
  • Note: More info on the Arachni WebUI can be found here

Resources and More

arachni - github