Go to Top

Arachni release

Hey folks,

There’s a new release with a few useful improvements you may want to check out. The changes aren’t massive but result in non-negligible improvements in vulnerability identification. Also, the WebUI is still in v0.4.2, only the Framework has been updated.

  • Optimized pattern matching to use less resources by grouping patterns to only be matched against the per-platform payloads. Bottom line, pattern matching operations have been greatly reduced overall and vulnerabilities can be used to fingerprint the remote platform.
  • Modules
    • Path traversal ( path_traversal)
      • Updated to use more generic signatures.
      • Added dot-truncation for MS Windows payloads.
      • Moved non-traversal payloads to the file_inclusion module.
    • File inclusion ( file_inclusion) — Extracted from path_traversal.
      • Uses common server-side files and errors to identify issues.
    • SQL Injection ( sqli) — Added support for the following databases:
      • Firebird
      • SAP Max DB
      • Sybase
      • Frontbase
      • IngresDB
      • HSQLDB
      • MS Access
    • localstart_asp — Checks if localstart.asp is accessible.
  • Plugins — Added:
    • Uncommon headers ( uncommon_headers) — Logs uncommon headers.



Tasos L.



About Tasos Laskos

CEO of Sarosys LLC, founder and lead developer of Arachni.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.