Arachni: Web application security scanner framework

Arachni is an open source Web application security scanner framework, a modular framework that allows fast, accurate and flexible vulnerability assessment.

In order to maximize bandwidth utilization, Arachni uses asynchronous HTTP requests which assures the scan will be as fast as possible and performance will only be limited by the user’s and the audited server’s physical resources.

The software uses various techniques to compensate for the widely heterogeneous environment of web applications. This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along with novel technologies (rDiff analysis, modular meta-analysis) developed specifically for the framework.

The framework can be extended indefinitely by the addition of components like path extractors, modules, plug-ins, or even user interfaces.

Arachni is not only meant to serve as a security scanner but also as a platform for any sort of black box testing or data scraping. Full fledged applications can be converted into framework plug-ins so as to take advantage of the framework’s power and resources.