The gist of it:
(As a long-scroll-landing-page-thing everyone’s doing these days…)
Free/Open Source Software
Security is built on trust, and trust requires openness and transparency.
With scan results being one of the main metrics used in determining the web application security posture for an organization, it is paramount that these results are not only handled in a trusted, safe and secure manner, but are accurate and complete without leaving you with a false sense of security.
Arachni is open source, thus, providing a verifiable, inspectable code base to ensure your results have the highest level of protection, and that all possible issues are identified.
Due to its open source heritage, Arachni can make no false claims about its capabilities just to tick and flick a marketing checklist, but it does achieve what it is designed to, with exceptional results. This is proven through rigorous benchmarking, test cases, and community support.
For those tricky and highly specialized environments, custom modifications can easily be added into Arachni to supplement its features. Customizations can include:
- Checks — To identify custom issues.
- Plugins — To cleanly extend the system’s functionality.
- Reporters — To store/format scan results in whatever way suits you best.
- RPC services — To control remote resources in your own way.
Arachni is dual-licensed Free/Open Source Software, please see the license terms for more information.
Multiple deployment options
Arachni is designed to be usable regardless of the environment in which it’s deployed. Depending on the requirements, this can be anywhere from the simple and point and shoot web interface through to the highly customized and scripted use cases utilizing the core Ruby library.
Whatever the environment, it’s highly likely that Arachni will adapt to your needs. Deployment options include:
- Ruby library, for highly-customized, scripted scans.
- CLI scanner utility, for quick scans.
- WebUI, for multi-User, multi-Scan, multi-Dispatcher management.
- Distributed system using remote agents.
- Simple, lightweight and open RPC protocol.
- Support for self-healing Grid configuration.
- Automated load-balancing.
- Utilization of multiple nodes for multi-Instance scans.
- Scale up/down by hot-plugging/hot-unplugging nodes.
In all cases, deployment is simple. There are no dependencies like databases*, system services, libraries nor any configuration overhead. Simply, download and extract one of our packages to a supported OS and run a script, a scan, fire-up the web interface or convert the machine to a Grid node — all with a single command.
From submitting a form with a single line of code, to a global Grid of scanners, Arachni’s got you covered — with the latter not being much harder than the former.
* The WebUI comes pre-configured with SQLite3; however, for larger workloads a real DB (preferably PostgreSQL) is recommended.
Abundance of security checks
Out of the box, Arachni has all the full featured support and vulnerability analysis that one would expect from a first class web application scanner.
All the usual suspects are supported, including:
- XSS (with DOM variants)
- SQL injection
- NoSQL injection
- Code injection
- File inclusion variants
- Many more…
In addition, Arachni’s analysis techniques are unparalleled in reliability, accuracy and resiliency, even under unstable network conditions or when dealing with misbehaving web applications.
With continued support from its growing community, Arachni is continually pushing the boundaries in web application scanning.
Integrated browser environment
Arachni can handle complex modern web applications thanks to its real browser engine, providing:
- Detection of DOM-based vulnerabilities.
Arachni provides full stack data* at your fingertips including: stacktraces, function signatures, names, locations, source codes and argument lists, captured upon detection of a vulnerable state.
Intelligent, on-the-fly adaptation to each web application
Arachni analyzes each application resource individually, which in turn allows it to tailor each request to the technologies being used. This results in only applicable payloads being injected when performing its checks, leading to less bandwidth consumption, less stress to the web application and, as a result, faster and more reliable scans.
In addition, web application behavior is constantly fingerprinted and monitored, enabling the identification of custom-404 handlers, server health, etc. with the scanner adjusting its strategy on-the-fly, to ensure accuracy and stability throughout the scan.
Finally, Arachni trains itself during the entire scan, by learning from HTTP responses, in order to identify new vectors and handle complex workflows like wizards etc.
Mobile ready — in more ways that one
Arachni can be configured to replicate multiple different client platforms including phones and tablets. This is achieved using both user-agent identification, and the viewport size and orientation. This provides a real browser experience for the unparralleled coverage and testing of mobile sites.
Furthermore, you can easily organize multi-device scans by using the WebUI to create, manage and share scan-groups and associated configuration profiles.
In addition to the above, there’s another way in which Arachni is mobile-ready and that’s via its responsive web user interface. Fire-up the WebUI on a machine with a supported OS and start, control or monitor scans from your tablet or phone.
Scanners work with enormous amounts of workloads, often dealing with thousands of pages and performing millions of requests. When dealing with those kinds of numbers, small latencies can quickly accumulate to large delays.
Arachni wastes no time and minimizes any delay by utilizing:
- Asynchronous HTTP requests for lightweight concurrency and fast communications.
- Support for multi-Instance scans, utilizing multiple Instances/processes, for super-fast audits.
- Even when distributed across multiple nodes.
After all, the sooner you learn about issues, the sooner you can mitigate risks.
Highly detailed, well-structured reports
Reports can be generated in a number of open formats that allow you to consume all relevant information and context from a single file that is intuitively organised and well-structured. Making the next stages of the vulnerability lifecyle a sinch.
All reports include an abundance of context for easy reproduction and verification of identified issues, such as:
- Affected page snapshots, including:
- DOM transitions, allowing for restoration of state.
- DOM capture as HTML code.
- Referring page snapshots, for easy comparison of before and after states.
- Function names.
- Function argument signatures.
- Function locations.
- Function source codes.
- Function argument lists.
As touched on, reports are available in a number of formats that allow you to interpret and use the information contained within. Formats include: