Skip to content
This repository has been archived by the owner on Feb 26, 2021. It is now read-only.

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

License

Notifications You must be signed in to change notification settings

secureCodeBox/scanner-webapplication-arachni

Repository files navigation

title path category usecase release
Arachni
scanner/Arachni
scanner
Webapplication Vulnerabilty Scanner

arachni logo

WARNING: Arachni Development has been halted for some time. The latest released version of arachni has problems running on newer operating systems. The secureCodeBox integration of arachni is considered unstable at the moment. Try ZAP instead.

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

Important License information

The code in this repository is licensed under Apache 2.0.

Arachni is licensed under the Arachni Public Source License with using this scanner you have to agree to the license!

About

This is a self contained µService utilizing the Arachni Web Scanner for the secureBox Application. To learn more about the Arachni scanner itself visit arachni-scanner.com.

Arachni parameters

To hand over supported parameters through api usage, you can set following attributes:

[
  {
    "context": "some context",
    "name": "arachni",
    "target": {
      "name": "some name",
      "location": "your-target",
      "attributes": {
        "ARACHNI_DOM_DEPTH_LIMIT": "[int limit]",
        "ARACHNI_DIR_DEPTH_LIMIT": "[int limit]",
        "ARACHNI_PAGE_LIMIT": "[int limit]",
        "ARACHNI_EXCLUDE_PATTERNS": [
          "patterns e.g. :"
          ".*\\.png",
          ".*util\\.js",
          ".*style\\.css"
        ],
        "ARACHNI_SCAN_METHODS": "[method name]",
        "ARACHNI_REQUESTS_PER_SECOND": "[seconds]",
        "ARACHNI_POOL_SIZE": "[size]",
        "ARACHNI_REQUEST_CONCURRENCY": "[int concurency]"
      }
    }
  }
]

Example

Example configuration:

[
  {
    "name": "arachni",
    "context": "Example Test",
    "target": {
      "name": "BodgeIT",
      "location": "bodgeit.example.com",
      "attributes": {}
    }
  }
]

Example output: Due to some technical problems we cannot provide Arachni scans at the moment.

Development

Configuration Options

To configure this service specify the following environment variables:

Environment Variable Value Example
ENGINE_ADDRESS http://engine
ENGINE_BASIC_AUTH_USER username
ENGINE_BASIC_AUTH_PASSWORD 123456

Development

Local setup

  1. Clone the repository
  2. You might need to install some dependencies gem install sinatra rest-client
  3. Run locally ruby src/main.rb

Test

To run the testsuite run:

rake test

Build with docker

To build the docker container run:

docker build -t IMAGE_NAME:LABEL .

Build Status License GitHub release