Arachni: A Framework Of Web App Security Scanner
Definition: Arachni is a framework of web application security scanner. The main goal is to help penetration testers and administrators.
Components:
It has several components of distinct types to perform its duties.
1. Platform fingerprinters
These are the following platforms that can be identified:
Operating systems include(BSD, Linux, Unix, Windows, Solaris, Web servers, Apache) and many much more. Programming languages include(PHP, ASP, Java, Python, Ruby, Frameworks), and other languages are also there.
2. Checks
It performs security checks and log issues. It is categorized into two one is "Active" and "Passive". So some of them are mentioned below if you want full you can go to GitHub website.
Active
It checks engaging in the web application via its inputs.
Passive
It only checks for the existence of files, folders, and signatures.
Features:
- Arachni is a feature-full, modular, high-performance Ruby framework.
- During scan process, Arachni trains itself from the web application's behavior.
- By using a number of factors, it can easily perform meta-analysis.
- It can easily detect changes caused while traveling through the paths of a web application’s cyclomatic complexity.
- Because of its integrated browser environment, it can able to audit and inspect the client-side code.
- It supports many web applications like JavaScript, HTML5, DOM manipulation and AJAX.
- It is versatile in many cases like dealing with use cases, a global high- performance grid of scanners, etc.
What Arachni Framework offers:
1. It provides a framework that is stable, efficient, high-performance.
Developers can easily create and deploy their components with very fewer restrictions. While using the Ruby language they can increase their productivity.
2. It offers simplicity also.
From the perspective of users and developers, it is simple, straight and provide power, performance, and flexibility too. It has a user-friendly platform.
3. It detects security issues
It can automatically detect security issues in web applications. It needs only the URL of the target website and after a while, it will present you with its findings.
Running the specs:
You can run rake spec to run all specs, or you can run them selectively using the following:
rake spec:core # for the core libraries
rake spec:checks # for the checks
rake spec:plugins # for the plugins
rake spec:reports # for the reports
rake spec:path_extractors # for the path extractors
License:
ليست هناك تعليقات:
إرسال تعليق