You can find an update here.
I’ve got something really cool to show you today. It’s not ground-braking and commercial tools have had similar functionality for some time now, however, as usual in Arachni-land, this approach will have some interesting twists that set it apart from the rest.
In all honesty, I should be working on Arachni v1.1, implementing support for JSON/XML input vectors, but I got this idea and once I started prototyping and seeing how amazingly well it works, I couldn’t help but keeping at it until I had a working system. This is still purely experimental and it’s not part of Arachni, but complements it beautifully.
I don’t know when, if or how it’ll be released, but I figured I better post this demo and see if there’s any interest.
In simple terms
This is what this system allows Arachni to do:
- Directly scan your Ruby web application, by actually running the web application itself.
- Know exactly what code got executed as a result of each request.
- Have complete access to the web application execution context and environment.
In more bullet-list-formatted words: