lunes, 12 de agosto de 2013

Arachni v0.4.4-0.4.2 has been released (Open Source Web Application Security Scanner Framework)



For the Framework (v0.4.4):
  •   New checks
  •   Source code disclosure (source_code_disclosure)
  •   Code execution via the php://input wrapper (code_execution_php_input_wrapper)
  •   X-Forwarded-For Access Restriction Bypass (x_forwarded_for_access_restriction_bypass)
  •   Form-based upload logging (form_upload)
  •   Accuracy improvements
  •   Blind SQL Injection (Boolean/Differential analysis) (sqli_blind_rdiff)
  •   Improved payloads and analysis technique.
  •   Path traversal (path_traversal)
  •   Updated to start with / and go all the way up to /../../../../../../.
  •   Added fingerprints for /proc/self/environ.
  •   Improved coverage for MS Windows
  •   Remote file inclusion (rfi)
  •   Updated to handle cases where the web application appends its own extension to the injected string.

For the Web User Interface (v0.4.2):
  * Fixed bug causing the system to hang after 1:24 hours of scan monitoring,
    caused by improper caching of RPC clients.
  * Profiles
      * Added HTTP auth options -- instead of only allowing credentials to
        be passed via the URL.

For more details about the new release please visit:
     http://www.arachni-scanner.com/blog/arachni-0-4-4-0-4-2-release/

Download page: http://www.arachni-scanner.com/download/