Go to Top


Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit.

Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible  security/vulnerability assessments. More than that, Arachni is highly extend-able allowing for anyone to improve upon it by adding custom components and tailoring most aspects to meet most needs.

(For a detailed list of features see the Features page.)


Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother you for anything nor require further user interaction.

Upon completion, you will be able to export the scan results to several different formats (HTML, Plain Text, XML, etc.).


In order to maximize bandwidth utilization and get the most bang for the buck (an unfortunate choice of words since Arachni is free) the system uses asynchronous HTTP requests.

Thus, you can rest assured that the scan will be as fast as possible and performance will only be limited by your or the audited server’s physical resources.


Arachni uses various techniques to compensate for the widely heterogeneous environment of web applications.

This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along with novel technologies (rDiff analysis, modular meta-analysis) developed specifically for the framework.

This allows the system to make highly informed decisions using a variety of different inputs; a process which diminishes false positives and even uses them to provide human-like insights into the inner workings of web applications.


The Trainer is what enables Arachni to learn from the scan it performs and incorporate that knowledge, on the fly, for the duration of the audit.

Arachni is aware of which requests are more likely to uncover new elements or attack vectors and adapts itself accordingly.

Also, components have the ability to individually force the Framework to learn from the HTTP responses they are going to induce thus improving the chance of uncovering a hidden vector that would appear as a result of their probing.


One of the biggest advantages of Arachni is its highly modular nature.

The framework can be extended indefinitely by the addition of components like path extractors, modules, plug-ins, or even user interfaces.

Arachni is not only meant to serve as a security scanner but also as a platform for any sort of black box testing or data scraping; full fledged applications can be converted into framework plug-ins so as to take advantage of the framework’s power and resources.

Arachni’s flexibility goes so far as to enable system components (like plug-ins) to create their own component types and reap the benefits of a modular design as well.


Arachni has over 40 audit (active) and recon (passive) modules which identify and log entities of security and informational interest.

These entities range from serious vulnerabilities (code injection, XSS, SQL injection and many more) to simple data scrapping (e-mail addresses, client-side code comments, etc.).


Arachni offers plug-ins to help automate several tasks ranging from logging-in to a web application to performing high-level meta-analysis by cross-referencing scan results with a large number of environmental data.


Report components allow you to format scan results any way you wish. If the existing reports (HTML, Plain Text, XML, etc.) don’t fulfill your needs it is very easy to create one that suits you.

Flexible deployment

The system allows for multiple deployment options ranging from a simple single-user single-scan command line interface to multi-user multiple/parallel-scan distributed deployment to a High Performance Grid for lightning fast scans.

Control of distributed deployments is achieved using a simple and open RPC API in an effort to increase interoperability and cross-platform compliance.