Arachni
Arachni is an open-source web application scanner available with both command line and web-based graphical interfaces.
- By default, the scanner audits:
- HTML forms
- JavaScript forms
- JSON input
- XML input
- links
- and any orphan input elements
- actively tests many different vulnerabilities
- e.g., code injection, SQL injection, XSS, CSRF, local and remote file inclusion, session fixation, directory traversal, backdoors, insecure policies, server information leakage, personal data exposure
- categorizes the severity of potential issues as high, medium, low, or informational
- provides:
- a detailed description of each vulnerability
- the location in the web app where the vulnerability was exploited
- what input was used to exploit it
- and what document object model (DOM) element was exploited
- may also link to the Common Weakness Enumeration (CWE) entry for some vulnerabilities
- reports specific information about how the scanner managed to exploit a vulnerability
- including the specific HTTP request that triggered the issue and the server’s response
- has tabs for case management and issue timelines
