Menu

arachni-en




arachni

Phase(s):

Primary: Discovery.
Secondary: Mapping.

Description:

Tool that automates the search for vulnerabilities.

Objective:

  • Detect vulnerabilities present on a web application.

Features:

Supported technologies: Web applications (HTTP/ HTTPS).

Operative mode: Active.

Detect vulnerabilities present on a web application.

  • Provides a configurable scan which includes several vulnerabilities plugins such as: Cross Site Scripting, Cross Site Request Forgery, Blind SQL Injection, Xpath Injection, etc.
  • Provides both a fingerprinting and spidering modules.

Reports:
Output reports:

  • AFR base report to be imported on arachnid and export the results in other formats.
  • HTML report with statistics graphics.
  • Plain text report.

    Basic usage:

    Perform a customized Cross Site Scripting scan on a web application. The following command initiates the scan on the web application.

    ./arachni --modules=xss* --report=txt:outfile=[Directorio]/ReportXSS.txt [URL]


    Where:

    • URL: Web application URL address
    • --modules: vulnerabilities plugins to be included or excluded from the scan.
    • report: Report export format and path.

    Which defines a scan in which every plugin with the name “xss” is to be executed. The scan execution will be displayed by the tool, The first step is performing a spidering on the application.

    [*] Initialising...
    [*] Waiting for plugins to settle...
    [*] Spider: [HTTP: 301] http://localhost/miaplicacion
    [*] Spider: [HTTP: 200] http://localhost/miaplicacion/
    [*] Spider: [HTTP: 200] http://localhost/miaplicacion/about.php
    …..


    Once the spidering is completed, it will begin testing the detected URL against the vulnerabilities plugins. The scan execution time is relevant to the number of detected URLs and parameter present on them.

    [*] Auditing: [HTTP: 200] http://localhost/miaplicacion/search
    [*] XSS in HTML element event attribute: Auditing form variable 'name' with action
    'http://localhost/miaplicacion/search/results.php'

    [*] XSS in HTML 'script' tag: Auditing form variable 'key' with action 'http://localhost/miaplicacion/search/results.php'.

    [*] XSS: Auditing form variable 'send' with action 'http://localhost/miaplicacion/search/results.php'.


    At the end of the scan the results summary will be displayed.

    [*] Done! [~] 100.0% [====================================>] 100%
    [~] Est. remaining time: --:--:--

    [~] Crawler has discovered 20 pages.

    [~] Sent 447 requests.
    [~] Received and analyzed 447 responses.
    [~] In 00:00:03
    [~] Average: 133 requests/second.

    [~] Currently auditing http://localhost/miaplicacion
    [~] Burst response time total 0
    [~] Burst response count total 0
    [~] Burst average response time 0
    [~] Burst average 0 requests/second
    [~] Timed-out requests 0
    [~] Original max concurrency 20
    [~] Throttled max concurrency 20


    Then the results are exported by the tool. In case no option was selected, the results will be saved on a default file with the date, timestamp and name in AFR format.

    [*] Dumping audit results in '2013-08-23 23.14.52 -0500.afr'.
    [*] Done!

    [*] Dumping audit results in ../Report_TMP/ReportXSS.txt.
    [*] Done!


    Resources:

    Link: http://www.arachni-scanner.com/
    Author(s): Tasos "Zapotek" Laskos
    Contact: contact [at] arachni-scanner.com
    License: Apache License Version 2.0