There's a new version of Arachni, an Open Source, modular and high-performance Web Application Security Scanner Framework written in Ruby.
Brief list of changes:
* Optimized pattern matching to use less resources by grouping patterns to only
be matched against the per-platform payloads. Bottom line, pattern matching
operations have been greatly reduced overall and vulnerabilities can be used
to fingerprint the remote platform.
* Modules
* Path traversal (path_traversal)
* Updated to use more generic signatures.
* Added dot-truncation for MS Windows payloads.
* Moved non-traversal payloads to the file_inclusion module.
* File inclusion (file_inclusion) — Extracted from path_traversal.
* Uses common server-side files and errors to identify issues.
* SQL Injection (sqli) — Added support for the following databases:
* Firebird
* SAP Max DB
* Sybase
* Frontbase
* IngresDB
* HSQLDB
* MS Access
* localstart_asp — Checks if localstart.asp is accessible.
* Plugins — Added:
* Uncommon headers (uncommon_headers) — Logs uncommon headers.
For more details about the new release please visit:
http://www.arachni-scanner.com/blog/arachni-0-4-5-1-0-4-2-release/
Download page: http://www.arachni-scanner.com/download/
Homepage - http://www.arachni-scanner.com
Blog - http://www.arachni-scanner.com/blog
Documentation - https://github.com/Arachni/arachni/wiki
Support - http://support.arachni-scanner.com
GitHub page - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter - http://twitter.com/ArachniScanner
Copyright - 2010-2013 Tasos Laskos
License - Apache License v2
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.