Web Security Scan Tool-arachni

Arachni is a versatile, modular, high-performance ruby framework designed to help infiltrate testers and administrators evaluate the security of Web applications. At the same time Arachni open source is free, can be installed on Windows, Linux and Mac systems, and can export evaluation reports.

First, Arachni download and start, take the Linux environment as an example

: http://www.arachni-scanner.com/download/

Unzip the file arachni-1.5.1-0.5.12-darwin-x86_64.tar.gz, then go to the Bin folder under the arachni-1.5.1-0.5.12 directory, run the./arachni_web, and then the browser accesses http:/ /localhost:9292

Second, ARACHNI configuration scan

The Arachni directory has easy-to-use instructions for the tool, and you can find the initial user name and password after installation

tdcqma:arachni-1.5.1-0.5.12 $ lslicensetroubleshootingbinreadmeversionsystemtdcqma:arachni-1.5.1-0.5.12 $ cat               README arachni-web application Security Scanner Frameworkhomepage-http://arachni-scanner.comblog -Http://arachni-scanner.com/blogDocumentation-https://github.com/Arachni/arachni/wikiSupport-ht Tp://support.arachni-scanner.comgithub Page-http://github.com/arachni/arachnicode Documentation-http://rubydoc. Info/github/arachni/arachniauthor-tasos "Zapotek" Laskos (Http://twitter.com/Zap0tek) twitter-ht tp://twitter.com/arachniscannercopyright-2010-2017 sarosys Llclicense-arachni Public Source Licens E v1.0--see LICENSE file)--------------------------------------------------------------------------------to use Arachni Run the executables under "bin/". To launch the Web Interface:bin/arachni_webdefault account details:administrator:e-mail Address: [EMAIL&NB SpProtected] Password:administrator user:e-mail address: [email protected] Password: Regular_userfor a quick Scan:via the command-line Interface:bin/arachni http://test.comTo see the available CLI O Ptions:bin/arachni-hfor Detailed Documentation see:http://arachni-scanner.com/wiki/user-guideupgrading/migrating- -------------to migrate your existing data into this new package see:https://github.com/arachni/arachni-ui-web/ Wiki/upgradingtroubleshooting--------------See the included troubleshooting file. Disclaimer--------------Arachni is the free software and you are allowed to use it as a see fit. However, I can ' t be held responsible for your actions or for any damagecaused by the use of this software. Copying--------------for the Arachni license the license file. The bundled PHANTOMJS (http://phantomjs.org/) executable is distributedunder the BSD license:https://github.com/ariya/ Phantomjs/blob/master/license. BsdtdcQma:arachni-1.5.1-0.5.12 $  

Browser access http://localhost:9292, enter login page

After logging in, click administrator-in the upper right corner to edit the default password

New scan, scans-"+new and configure scan options, security policies include XSS, SQL injection, etc., by default.

Scan results analysis, detection of the total number of weaknesses and vulnerability classification list

Click Awaiting review to enter the vulnerability Details screen

Report export, in HTML format as an example

View reports, including summary charts and vulnerability details

Web Security Scan Tool-arachni