Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework


Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

This version includes lots of goodies, including:

  • A new light-weight RPC implementation (No more XMLRPC)
  • High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans
  • Updated WebUI to provide access to HPG features and context-sensitive help
  • Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules
  • New report formats (JSON, Marshal, YAML)
  • Cygwin package for Windows

New plugins


  • ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl.
  • BeepNotify — Beeps when the scan finishes.
  • LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan.
  • EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan.
  • Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio.
  • Resolver — Resolves vulnerable hostnames to IP addresses.

IF you want a slightly more detailed description of what’s changed you can check here, or view the ChangeLog.

You can download Arachni v0.4 here:

Windows – arachni-v0.4.0.2-cygwin.exe
Linux – arachni-v0.4.0.2-cde.tar.gz

Or read more here.

Posted in: Hacking Tools, Web Hacking

, , , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.