Acabou de sair uma nova versão do Arachni, um scan de vulnerabilidades WEB desenvolvido em Ruby. Rápido, simples de configurar e capaz de criar e adicionar novas funcionalidades via módulos. O Arachni é uma ferramenta opensource para a realização de scan de segurança ou pentest para aquela aplicação WEB que você ou seu amigo acabaram de desenvolver.

Eu recomendo a todos que trabalham com desenvolvimento de aplicações ou sites para o WEB que rodem um scan de vulnerabilidades na procura de algum erro. Depois não vai falar que algum FDP detou o seu site ou a sua aplicação. 🙂

Abaixo segue uma lista com todas as funcionalidades desta ferramenta:

General

  • Cookie-jar support
  • SSL support.
  • User Agent spoofing.
  • Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
  • Proxy authentication.
  • Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and others)
  • Highlighted command line output.
  • UI abstraction.
    • Command line UI
    • XMLRPC command line client/server
  • Pause/resume functionality.
  • High performance asynchronous HTTP requests.

Website Crawler

The crawler is provided by a modified version of Anemone.

  • Filters for redundant pages like galleries, catalogs, etc based on regular expressions and counters.
  • URL exclusion filter based on regular expressions.
  • URL inclusion filter based on regular expressions.
  • Can optionally follow subdomains.
  • Adjustable depth limit.
  • Adjustable link count limit.
  • Adjustable redirect limit.
  • Modular path extraction via “Path Extractor” components.

HTML Parser

Can extract and analyze:

  • Forms
  • Links
  • Cookies

The analyzer can graciously handle badly written HTML code due to a combination of regular expression analysis and the Nokogiri HTML parser.

Module Management

  • Very simple and easy to use module API providing access to multiple levels of complexity.
  • Helper audit methods:
    • For forms, links and cookies auditing.
    • A wide range of injection strings/input combinations.
    • Writing RFI, SQL injection, XSS etc modules is a matter of minutes if not seconds.
  • Currently available modules:
    • Audit:
      • Blind SQL injection
      • CSRF detection
      • Eval/Code injection
      • LDAP injection
      • Path traversal
      • Response splitting
      • OS command injection
      • Remote file inclusion
      • SQL injection
      • Unvalidated redirects
      • XPath injection
      • Path XSS
      • URI XSS
      • XSS
    • Recon:
      • Allowed HTTP methods
      • Back-up files
      • Common directories
      • Common files
      • HTTP PUT
      • Insufficient Transport Layer Protection for password forms
      • WebDAV detection
      • HTTP TRACE detection
      • Credit Card number disclosure
      • CVS/SVN user disclosure
      • Private IP address disclosure

Report Management

  • Modular design.
  • Currently available reports:

Plug-in Management

  • Modular design
  • Plug-ins are framework demi-gods, they have direct access to the framework instance.
  • Can be used to add any functionality to Arachni.
  • Currently available plugins:
    • Passive Proxy
    • Form based AutoLogin

Como é a cara do script:

   Arachni - Web Application Security Scanner Framework v0.2.1 [0.2]
   Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
                                  <zapotek@segfault.gr>
           (With the support of the community and the Arachni Team.)

   Website:       http://github.com/Zapotek/arachni
   Documentation: http://github.com/Zapotek/arachni/wiki

  Usage:  arachni [options] url


Exemplo da linha de comando

$ ./arachni.rb http://test.com

O Download do Arachni pode ser feito no seguinte link.