Skip to content
This repository has been archived by the owner on Feb 26, 2021. It is now read-only.

secureCodeBox/scanner-webapplication-arachni

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

126 Commits

.github

.github

 
 

.travis

.travis

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

ARACHNI_LICENSE.md

ARACHNI_LICENSE.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Dockerfile

Dockerfile

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Rakefile

Rakefile

 
 

Repository files navigation

title path category usecase release
Arachni
scanner/Arachni
scanner
Webapplication Vulnerabilty Scanner

arachni logo

WARNING: Arachni Development has been halted for some time. The latest released version of arachni has problems running on newer operating systems. The secureCodeBox integration of arachni is considered unstable at the moment. Try ZAP instead.

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

Important License information

The code in this repository is licensed under Apache 2.0.

Arachni is licensed under the Arachni Public Source License with using this scanner you have to agree to the license!

About

This is a self contained µService utilizing the Arachni Web Scanner for the secureBox Application. To learn more about the Arachni scanner itself visit arachni-scanner.com.

Arachni parameters

To hand over supported parameters through api usage, you can set following attributes:

[
  {
    "context": "some context",
    "name": "arachni",
    "target": {
      "name": "some name",
      "location": "your-target",
      "attributes": {
        "ARACHNI_DOM_DEPTH_LIMIT": "[int limit]",
        "ARACHNI_DIR_DEPTH_LIMIT": "[int limit]",
        "ARACHNI_PAGE_LIMIT": "[int limit]",
        "ARACHNI_EXCLUDE_PATTERNS": [
          "patterns e.g. :"
          ".*\\.png",
          ".*util\\.js",
          ".*style\\.css"
        ],
        "ARACHNI_SCAN_METHODS": "[method name]",
        "ARACHNI_REQUESTS_PER_SECOND": "[seconds]",
        "ARACHNI_POOL_SIZE": "[size]",
        "ARACHNI_REQUEST_CONCURRENCY": "[int concurency]"
      }
    }
  }
]

Example

Example configuration:

[
  {
    "name": "arachni",
    "context": "Example Test",
    "target": {
      "name": "BodgeIT",
      "location": "bodgeit.example.com",
      "attributes": {}
    }
  }
]

Example output: Due to some technical problems we cannot provide Arachni scans at the moment.

Development

Configuration Options

To configure this service specify the following environment variables:

Environment Variable Value Example
ENGINE_ADDRESS http://engine
ENGINE_BASIC_AUTH_USER username
ENGINE_BASIC_AUTH_PASSWORD 123456

Development

Local setup

  1. Clone the repository
  2. You might need to install some dependencies gem install sinatra rest-client
  3. Run locally ruby src/main.rb

Test

To run the testsuite run:

rake test

Build with docker

To build the docker container run:

docker build -t IMAGE_NAME:LABEL .

Build Status License GitHub release

About

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

Topics

security microservice arachni security-scanner security-automation security-tools

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

12 watching

Forks

0 forks
Report repository

Releases 4

v1.0.3 Latest
Oct 18, 2019
+ 3 releases

Packages

No packages published

Contributors 8

Languages