Arachni - Web User Interface
|Author||Tasos Laskos (@Zap0tek)|
|Copyright||2013-2015 Tasos Laskos|
|License||Dual-licensed (Apache License v2.0/Commercial) - (see LICENSE file)|
A web user interface and collaboration platform for the Arachni open source web application security scanner framework.
- Administrators can manage all:
- Scan configuration Profiles
- Can set Global Profiles which are available to everyone.
- Can set the system-wide default Profile.
- Scan Issues
- Scan Groups
- Can set Global Dispatchers which are available to everyone.
- Can set the system-wide default Dispatcher.
- Allowed types.
- Target whitelist using regular expressions.
- Target blacklist using regular expressions.
- Global scan limit -- Amount of active scans at any given time.
- Per user limit -- Amount of active scans at any given time per user.
- Allowed modules.
- Users can:
- Manage, create and share Dispatchers with each other.
- Manage, create, export, import and share Scan configuration Profiles with each other.
- Start Scans using one of the available Profiles (and optionally Dispatchers).
- Organize Scans into Scan Groups for easier management and share their Groups with each other.
- Manage, comment, share and export reports of their Scans.
- Discuss and Review Issues:
- Mark them as false positives
- Mark them as fixed
- Mark them as requiring manual verification
- Add verification steps
- Mark them as verified
- Receive Notifications for:
- Shared Profiles -- Created, updated, shared, deleted.
- Shared Scans -- Started, paused, resumed, aborted, commented, timed out, suspended.
- Issues of shared Scans -- Reviewed, verified, commented.
- Review their Activity.
- Export reports, review and comment on Scans which have been shared with them by other users.
- Available Scan types:
- Direct -- From the WebUI machine to the webapp, no need to setup anything else.
- Remote -- Using a Dispatcher.
- Scan is performed from the machine of the Dispatcher to the webapp.
- Scan assignments can be load balanced when there are multiple Dispatchers available.
- Grid -- Using multiple Dispatchers.
- Scan is performed using multiple machines for a super-fast crawl and audit.
- Scan assignments can be load balanced.
- Repeats a finished scan to identify fixed or new issues.
- Can use sitemaps of previous revisions to:
- Avoid crawling
- Extend a new crawl
- Overview -- Combines the results of multiple revisions for easy review/management.
- Scans can be scheduled to be performed at a later date or at predefined intervals.
- Recurring scans are incremental, with each occurrence being a separate revision.
- Scan reports can be exported in multiple formats (HTML, XML, YAML and more).
- Simple, clean, responsive design suitable for desktops, tablets and mobile phones.
Bug reports/Feature requests
If you make improvements to this application, please share with others.
Before starting any work, please read the instructions for working with the source code.
- Fork the project.
- Start a feature branch based on the experimental
git checkout -b <feature-name> experimental).
- Add specs for your code.
- Run the spec suite to make sure you didn't break anything (
- Commit and push your changes.
- Issue a pull request and wait for your code to be reviewed.
Dual-licensed (Apache License v2.0/Commercial) -- please see the LICENSE file for more information.