Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.
This version includes lots of goodies, including:
- A new light-weight RPC implementation (No more XMLRPC)
- High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans
- Updated WebUI to provide access to HPG features and context-sensitive help
- Accuracy improvements and bugfixes for the XSS, SQL Injection and Path Traversal modules
- New report formats (JSON, Marshal, YAML)
- Cygwin package for Windows
New plugins
- ReScan — It uses the AFR report of a previous scan to extract the sitemap in order to avoid a redundant crawl.
- BeepNotify — Beeps when the scan finishes.
- LibNotify — Uses the libnotify library to send notifications for each discovered issue and a summary at the end of the scan.
- EmailNotify — Sends a notification (and optionally a report) over SMTP at the end of the scan.
- Manual verification — Flags issues that require manual verification as untrusted in order to reduce the signal-to-noise ratio.
- Resolver — Resolves vulnerable hostnames to IP addresses.
IF you want a slightly more detailed description of what’s changed you can check here, or view the ChangeLog.
You can download Arachni v0.4 here:
Windows – arachni-v0.4.0.2-cygwin.exe
Linux – arachni-v0.4.0.2-cde.tar.gz
Or read more here.