(http://arachni-scanner.com/images/logo.png)
Arachni es un framework que nos permite realizar ataques sobre una aplicación web y
obtener las vulnerabilidades encontradas.
¿Qué pruebas podemos realizar con él?Arachni posee los siguientes modulos con los que poder realizar pruebas sobre una aplicación web
-Path_traversal
http://www.owasp.org/index.php/Path_Traversal
-os_cmd_injection_timing/os_cmd_injection
http://www.owasp.org/index.php/OS_Command_Injection
-response_splitting
http://www.owasp.org/index.php/HTTP_Response_Splitting
-xpath
http://www.owasp.org/index.php/XPATH_Injection
-xss/xss_event/xss_uri/xss_tag/xss_path
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
-code_injection/code_injection_timing
https://www.owasp.org/index.php/Code_Injection
-sqli_blid_rdiff /sqli_blind_timing
http://www.owasp.org/index.php/Blind_SQL_Injection
-rfi(Remote File Inclusion)
http://projects.webappsec.org/w/page/13246955/Remote%20File%20Inclusion
-unvalidated_redirect
http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
-ldapi
http://www.owasp.org/index.php/LDAP_injection
-csrf
http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
-sqli
http://www.owasp.org/index.php/SQL_Injection
-xst
http://www.owasp.org/index.php/Cross_Site_Tracing
-unencrypted_password_forms
http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
Arachni web application security scanner Framework (http://arachni-scanner.com/latest)