Tasos Laskos edited this page Jan 31, 2017 · 23 revisions

Some of those executables are only available via the self-contained packages.


Provides a command-line interface to the Arachni scanner. See the relevant reference for more details.


Generates reports in various formats from AFR (Arachni Framework Report -- .afr) files. (AFR files are generated by all interfaces that can perform scans.)


Restores a suspended scan from an AFS (Arachni Framework Snapshot -- .afs) file. (AFS files are generated by the arachni executable upon succesful suspension on a scan.)


arachni_reproduce let's you reproduce all issues in a report and then creates a new report containing only the issues that still exist.

For example, if you've got an Arachni report and are working to fix all the identified issues, you can pass that report to arachni_reproduce and get immediate feedback as to how you're doing instead of having to rerun a full scan.

For each run, arachni_reproduce will generate a new report that only includes unfixed issues, so, again, you won't have to spend time testing issues that you've already fixed.

In addition to that, you can specify individual issues to be reproduced, based on their digest, if you only care about particular issues rather than the entire report.

Lastly, during the reproduction of each issue, extra HTTP request headers are set that contain information about which issue is being reproduced, thus allowing you to set server-side debugging or instrumentation in order to make fixing it even easier:

  1. X-Arachni-Issue-Replay-Id: Unique token for requests pertaining to individual issues.
  • Differs for each run and can be used to group requests for each issue together.
  1. X-Arachni-Issue-Seed: Seed payload used to identify the original issue.
  • Initial payload used to identify the vulnerability in the given report.
  1. X-Arachni-Issue-Digest: Digest uniquely identifying each issue across scans and reports.


Starts a REST server.


Provides a command-line RPC client for a Dispatcher. Allows you to run a scan remotely.
See the relevant reference for more details.


Starts a Dispatcher.


Connects to a Dispatcher and shows a few statistics like running scans and their resource usage.

arachni_web (Package only)

Starts the Web User Interface.

arachni_web_script (Package only)

Runs Ruby code in the context of the WebUI Rails environment, essentially delegates to rails runner.

arachni_web_import (Package only)

Imports the database and configuration of an older package to a new one in order to ease the transitioning between different versions/packages.

arachni_web_scan_import (Package only)

Imports AFR (Arachni Framework Report -- .afr) files as scans.

arachni_web_create_user (Package only)

Allows you to create a new user for the Web interface from the command line.

arachni_web_change_password (Package only)

Allows you to reset a Web interface user's password from the command line.


Fires up an IRB console after configuring it to operate under the namespace of the Arachni libraries.

It provides tab completion for class/module names and methods and command history.


Used to run scripts under the namespace of the Arachni libraries -- provided for just for convenience.

arachni_shell (Package only)

Starts a bash shell under the environment of the package.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.