Arachni web application security scanner Pt.1

Arachni is a free, simple and powerful vulnerability scanner for web applications. It is built upon Ruby framework, and supports Windows, Linux and Mac operating systems. Arachni is a modular and distributed scanner solution which has a command line scanner utility and Web interface. It is a great work by Tasos Laskos (https://github.com/Zapotek)

Arachni can be downloaded from,
http://www.arachni-scanner.com/download/  OR https://github.com/Arachni

For demonstration purposes, i have downloaded the Linux package of Arachni and going to check out how to create a basic scan using Arachni scanner.

Extract the downloaded archive (arachni-1.5.1-0.5.12-linux-x86_64.tar.gz) to somewhere on your home directory.

1

To perform a basic scan against a web application via the command line interface, just do the following. I have used the acunetix vulnerable test site “http://testhtml5.vulnweb.com” for testing purposes.  Remember this is very basic and quick scanning method. We cannot perform authenticated and deep scanning using the Arachni – quick scan.

./arachni http://testhtml5.vulnweb.com

Initiating a basic scan using Arachni command line interface:
2

Now lets wait till the scan gets finished!
3

So the scan has finished; It took 1 hour and 11 minutes to complete and has 19 findings.
A scan report was created within the same directory under the project name.
4
The scan results are exported as Arachni framework report (*.afr) file. To view this, it must be converted as HTML or any other format.

Addition to that, the current stable version of Arachni (Ver. 1.5.1-0.5.12) has some minor issues with generating HTML reports. This issue was fixed in the “Nightly builds of Arachni” which is still under development.
So, we have to use the nightly build to export *.AFR report to *.HTML
Nightly builds can be downloaded from here: http://downloads.arachni-scanner.com/nightlies/

Copy the *.AFR report to the bin directory of Archni Nightly build, and use the following command to export it as HTML report.

./arachni_reporter rep1.afr --reporter=html:outfile=test_scan_report.html.zip

And the HTML report is created successfully!  Pease note the version of Archni in this image.

5

Lets review our final report. To do that, extract “test_scan_report.html.zip” to somewhere, then open the  “index.html” file.

This is the first look of our scan report. A nice graphical representation of security findings.
6

From the “Issues” tab, we’ll get an overall view of the security issues detected. Click on the view button of the left end of each ‘security finding’ box, so that you can review the issues individually and try to reproduce the security findings in order to validate it.
7

The command-line version of Arachni offers many options and parameters. To view the available command-line functionalities, use the command shown below.

./arachni -h

I’ll describe about the Arachni Web-UI in the next part of this article.

For more information about the Arachni command-line scanner please feel free to visit: https://github.com/Arachni/arachni/wiki/Command-line-user-interface