Security Tools-arachni
Arachni is a versatile, modular, high-performance Ruby framework designed to help infiltrate testers and administrators to assess the security of Web applications. At the same time Arachni open source for free, can be installed on Windows, Linux and Mac systems, and can export evaluation reports.
First, Arachni download and start, take Linux environment as an example
Download Address: http://www.arachni-scanner.com/download/
Unzip the file arachni-1.5.1-0.5.12-darwin-x86_64.tar.gz, then go to the Bin folder in the arachni-1.5.1-0.5.12 directory, run./arachni_web, then browser access http:/ /localhost:9292
Second, ARACHNI configuration scan
The Arachni directory contains simple instructions about the tool, and you can find the initial user name and password after installation View code
Browser access to http://localhost:9292, enter the login page
Click administrator-in the upper right corner after login to modify the default password
New scan, scans-"+new and configure scan options, security policies include XSS, SQL injection, etc., by default.
Scan results Analysis, check out the total number of weaknesses and vulnerability classification list
Click Awaiting review to enter the vulnerability detailed description interface
Report export, for example in HTML format
View reports, including summary charts and vulnerabilities detailed description
Reprint: https://www.cnblogs.com/tdcqma/p/7517313.html
Thank you