EDIT: Removed notice about YAML engine being changed to Psych, see this post for details.
Hey folks, the time has come to release the 0.4.2 version of Arachni with plenty of features, improvements and fixes to go around. In addition to the new release, we also have a brand new (proper this time) website and a new initiative called the Arachni Liaison Program, put forth to facilitate better communication between users and developers.
And of course, the pièce de résistance, the brand new Web User Interface — which ended up being more of a scan management and collaboration platform.
There is a smallish downside to this release though, there is no Cygwin package for our MS Windows users. Those packages were more of a preview, making it easy for Windows users to check out the system (while incurring a big performance penalty) before going into the trouble of installing Linux in a VM and properly run Arachni. This time though I’m afraid you’ll have to go the VM route from the beginning.
Now, like I said above, this release has a lot of improvements and since Arachni has accumulated very different audiences I thought I’d split the updates accordingly:
Regular users can enjoy:
- The ability to easily perform and manage scans via the brand new, Rails-based, simple, intuitive and beautiful web user interface — I’m overselling it a bit out of excitement.
- Much reduced RAM usage.
- More fluid and smoother progress %.
- Issue remarks — Providing extra context to logged issues and assisting you in determining the nature, variation and special circumstances that may apply.
- More resilient stance towards non-responsive servers.
- Much improved profiling and detection of custom 404 responses.
- Improved payloads for Windows machines for path traversal and OS command injection.
- The ability to exclude pages from the scan based on content.
Oh you devs out there controlling Arachni via RPC are gonna love these:
- Default serialization changed to Marshal, which translates to much faster and less bandwidth consuming RPC calls.
- YAML serialization is still supported and it is an automatic fallback, YAML requests will still illicit a YAML response.
- A bunch of convenience methods have been added to Arachni::RPC::Server::Instance, allowing you to perform and control scans much easier than before.
- More data returned for logged Issues during runtime.
Well, you get to enjoy all of the above but at a higher, more abstract level:
- Significantly reduced RAM consumption.
- Significantly reduced bandwidth and CPU usage for RPC calls.
- Improved progress information for statistics, issues and progress %.
I.e. Fewer costs, happier devs and happier clients.
At this point, I would like to stress that the Arachni Framework (and subsequently, the arachni gem) do not contain the web interface (which has its own repository). The gem is there to provide the Framework to developers and it is assumes a strictly configured and properly setup environment.
Users should instead grab one of the self-contained packages which bundle a well tested environment and the web interface.
Download now and please don’t forget to provide feedback.
(For a full list of changes see the CHANGELOG.)