Arachni Cheat Blatt
Überblick
Arachni ist ein funktionsreicher, modularer, leistungsstarker Ruby-Rahmen zielt darauf ab, Penetrationsprüfer und Administratoren zu helfen, die Sicherheit moderner Webanwendungen zu bewerten. Arachni entwickelt mit einem Schwerpunkt auf Usability und Modularität bietet umfassende Sicherheitsbewertungsfunktionen für Webanwendungen durch seinen fortgeschrittenen Raupenmotor, umfangreiche Schwachstellenerkennungsmodule und ein flexibles Meldesystem. Das Framework ist konzipiert, um komplexe moderne Web-Anwendungen zu behandeln, einschließlich derjenigen mit schweren JavaScript-Nutzung, AJAX-Funktionalität und dynamische Content-Generation.
Der Rahmen zeichnet sich durch seine intelligenten Kriechfähigkeiten und eine umfassende Sicherheitserkennung aus. Arachni kann Single-page-Anwendungen (SPAs), REST-APIs und traditionelle Web-Anwendungen mit gleicher Effizienz effektiv analysieren. Seine modulare Architektur ermöglicht eine einfache Anpassung und Erweiterung, sodass es sowohl für automatisierte Sicherheitstests als auch für manuelle Penetrationstests geeignet ist. Die Plattform umfasst erweiterte Funktionen wie Browser-Clustering für JavaScript-heavy-Anwendungen, benutzerdefinierte Payload-Generierung und anspruchsvolle falsche positive Reduktionsmechanismen.
Arachnis Stärke liegt in seiner Fähigkeit, sowohl Black-Box- als auch Grey-Box-Sicherheitstests durchzuführen. Der Rahmen kann in verschiedenen Modi arbeiten, von schnellen Sicherheitsscans bis hin zu umfassenden tiefgreifenden Bewertungen. Es umfasst integrierte Unterstützung für Authentifizierung, Sitzungsmanagement und komplexe Multi-Step-Angriffsszenarien. Die Reporting-Funktionen der Plattform erzeugen detaillierte technische Berichte, die für Entwickler, Executive-Zusammenfassungen für Management und Compliance-Dokumentation für regulatorische Anforderungen geeignet sind.
Der Rahmen ist besonders wertvoll für Organisationen, die regelmäßige Sicherheitsbewertungen von Webanwendungen benötigen. Seine Automatisierungsfunktionen machen es zur Integration in CI/CD-Pipelines geeignet, während seine umfangreichen manuellen Testfunktionen detaillierte Penetrationstests unterstützen. Arachnis aktive Entwicklungsgemeinschaft sorgt für regelmäßige Updates, um aufstrebende Web Application Security Bedrohungen und Testmethoden zu lösen.
Installation
Docker Installation (empfohlen)
```bash
Pull official Arachni Docker image
docker pull arachni/arachni
Run Arachni container with web interface
docker run -d -p 9292:9292 --name arachni-web arachni/arachni arachni_web
Run Arachni container for command-line usage
docker run -it --rm arachni/arachni arachni --help
Run comprehensive scan with Docker
docker run -it --rm -v $(pwd)/reports:/reports arachni/arachni \ arachni http://example.com --report-save-path=/reports/scan_report.afr
Access Arachni Web UI
Navigate to http://localhost:9292
Run with custom configuration
docker run -d -p 9292:9292 \ -v $(pwd)/config:/config \ -v $(pwd)/reports:/reports \ --name arachni-web arachni/arachni \ arachni_web --config=/config/arachni.conf ```_
Docker komponiert Installation
```yaml
Create docker-compose.yml
cat << 'EOF' > docker-compose.yml version: '3.8'
services: arachni-web: image: arachni/arachni container_name: arachni-web ports: - "9292: 9292" volumes: - arachni_reports: /reports - arachni_config: /config - arachni_logs: /logs command: arachni_web --host=0.0.0.0 --port=9292 environment: - ARACHNI_WEB_HOST=0.0.0.0 - ARACHNI_WEB_PORT=9292 restart: unless-stopped networks: - arachni_network
arachni-dispatcher: image: arachni/arachni container_name: arachni-dispatcher ports: - "7331: 7331" volumes: - arachni_reports: /reports - arachni_config: /config command: arachni_rpcd --host=0.0.0.0 --port=7331 environment: - ARACHNI_DISPATCHER_HOST=0.0.0.0 - ARACHNI_DISPATCHER_PORT=7331 restart: unless-stopped networks: - arachni_network
volumes: arachni_reports: arachni_config: arachni_logs:
networks: arachni_network: driver: bridge EOF
Start Arachni services
docker-compose up -d
View logs
docker-compose logs -f arachni-web
Stop services
docker-compose down
Stop and remove volumes
docker-compose down -v ```_
Manuelle Installation auf Ubuntu/Debian
```bash
Update system
sudo apt update && sudo apt upgrade -y
Install Ruby and dependencies
sudo apt install -y ruby ruby-dev build-essential libssl-dev \ libxml2-dev libxslt1-dev libcurl4-openssl-dev \ libsqlite3-dev zlib1g-dev
Install RubyGems
sudo apt install -y rubygems
Install Arachni
wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
Add Arachni to PATH
echo 'export PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc source ~/.bashrc
Verify installation
arachni --version
Install additional gems (optional)
cd /opt/arachni sudo gem install bundler sudo bundle install
Start Arachni Web UI
arachni_web --host=0.0.0.0 --port=9292
Start Arachni RPC dispatcher
arachni_rpcd --host=0.0.0.0 --port=7331 ```_
Installation auf CentOS/RHEL
```bash
Install EPEL repository
sudo yum install epel-release -y
Install Ruby and development tools
sudo yum groupinstall "Development Tools" -y sudo yum install ruby ruby-devel rubygems \ openssl-devel libxml2-devel libxslt-devel \ libcurl-devel sqlite-devel zlib-devel -y
Download and install Arachni
cd /tmp wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
Set permissions
sudo chown -R root:root /opt/arachni sudo chmod +x /opt/arachni/bin/*
Add to PATH
echo 'export PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc source ~/.bashrc
Create systemd service for Arachni Web
sudo tee /etc/systemd/system/arachni-web.service << 'EOF' [Unit] Description=Arachni Web Interface After=network.target
[Service] Type=simple User=arachni Group=arachni WorkingDirectory=/opt/arachni ExecStart=/opt/arachni/bin/arachni_web --host=0.0.0.0 --port=9292 Restart=always
[Install] WantedBy=multi-user.target EOF
Create arachni user
sudo useradd -r -s /bin/false arachni sudo chown -R arachni:arachni /opt/arachni
Start and enable service
sudo systemctl daemon-reload sudo systemctl start arachni-web sudo systemctl enable arachni-web ```_
Quelle Installation
```bash
Install Ruby version manager (rbenv)
git clone https://github.com/rbenv/rbenv.git ~/.rbenv echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc echo 'eval "$(rbenv init -)"' >> ~/.bashrc source ~/.bashrc
Install ruby-build
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
Install Ruby 2.7.0 (required for Arachni)
rbenv install 2.7.0 rbenv global 2.7.0
Clone Arachni repository
git clone https://github.com/Arachni/arachni.git cd arachni
Install dependencies
gem install bundler bundle install
Build Arachni
rake build
Install Arachni
rake install
Verify installation
arachni --version ```_
Basisnutzung
Kommandozeilenschnittstelle
```bash
Basic web application scan
arachni http://example.com
Scan with specific checks
arachni http://example.com --checks=xss,sqli,csrf
Scan with custom scope
arachni http://example.com --scope-include-pattern="example.com" \ --scope-exclude-pattern="logout|admin"
Scan with authentication
arachni http://example.com --plugin=autologin:url=http://example.com/login,parameters="username=admin&password;=secret"
Scan with custom headers
arachni http://example.com --http-request-headers="Authorization: Bearer token123"
Scan with proxy
arachni http://example.com --http-proxy=http://127.0.0.1:8080
Scan with custom user agent
arachni http://example.com --http-user-agent="Custom Scanner 1.0"
Scan with session cookies
arachni http://example.com --http-cookie-string="PHPSESSID=abc123; auth=token456"
Scan with rate limiting
arachni http://example.com --http-request-delay=1000 --http-request-concurrency=5
Scan with timeout settings
arachni http://example.com --http-request-timeout=30000 --http-response-max-size=1048576 ```_
Erweiterte Scanoptionen
```bash
Comprehensive deep scan
arachni http://example.com \ --checks= \ --plugins= \ --scope-auto-redundant=5 \ --audit-links \ --audit-forms \ --audit-cookies \ --audit-headers \ --audit-jsons \ --audit-xmls
Scan with browser clustering (for JavaScript-heavy apps)
arachni http://example.com \ --browser-cluster-pool-size=3 \ --browser-cluster-job-timeout=30 \ --browser-cluster-worker-time-to-live=100
Scan with custom wordlists
arachni http://example.com \ --checks=path_traversal \ --plugin=path_extractor:wordlist=/path/to/custom_wordlist.txt
Scan with form filling
arachni http://example.com \ --input-value-fill-mode=exhaustive \ --input-values-file=/path/to/input_values.txt
Scan with custom payloads
arachni http://example.com \ --checks=xss \ --plugin=payload_generator:payloads=/path/to/xss_payloads.txt
Scan with vulnerability verification
arachni http://example.com \ --checks=sqli \ --plugin=verification:verify_sqli=true
Scan with custom crawling depth
arachni http://example.com \ --scope-depth-limit=5 \ --scope-page-limit=1000 \ --scope-directory-depth-limit=3
Scan with exclusions
arachni http://example.com \ --scope-exclude-path-patterns="logout,admin,delete" \ --scope-exclude-content-patterns="text/css,image/*" ```_
Authentifizierung und Sitzungsmanagement
```bash
Form-based authentication
arachni http://example.com \ --plugin=autologin:url=http://example.com/login,parameters="username=admin&password;=secret",check="Welcome"
HTTP Basic authentication
arachni http://example.com \ --http-authentication-username=admin \ --http-authentication-password=secret
Custom authentication script
arachni http://example.com \ --plugin=script:script=/path/to/auth_script.rb
Session management with cookies
arachni http://example.com \ --http-cookie-jar=/path/to/cookies.txt \ --session-check-url=http://example.com/profile \ --session-check-pattern="Welcome"
Multi-step authentication
arachni http://example.com \ --plugin=multi_step_auth:steps="step1.rb,step2.rb,step3.rb"
OAuth authentication
arachni http://example.com \ --plugin=oauth:client_id=your_client_id,client_secret=your_secret,redirect_uri=http://localhost/callback ```_
Schwachstellenerkennung
SQL Injection Testing
```bash
Basic SQL injection scan
arachni http://example.com --checks=sqli
Advanced SQL injection with custom payloads
arachni http://example.com \ --checks=sqli \ --plugin=payload_generator:payloads=/path/to/sqli_payloads.txt \ --audit-parameter-names \ --audit-parameter-values
Blind SQL injection testing
arachni http://example.com \ --checks=sqli_blind_rdiff,sqli_blind_timing \ --plugin=timing_attack:delay=5
Database-specific SQL injection
arachni http://example.com \ --checks=sqli \ --plugin=database_detection:databases="mysql,postgresql,mssql,oracle"
SQL injection with verification
arachni http://example.com \ --checks=sqli \ --plugin=verification:verify_sqli=true,extract_data=true ```_
Cross-Site Scripting (XSS) Testen
```bash
Basic XSS scan
arachni http://example.com --checks=xss
Comprehensive XSS testing
arachni http://example.com \ --checks=xss,xss_dom,xss_event,xss_script_context,xss_tag \ --audit-links \ --audit-forms \ --audit-cookies \ --audit-headers
Custom XSS payloads
arachni http://example.com \ --checks=xss \ --plugin=payload_generator:payloads=/path/to/xss_payloads.txt
DOM-based XSS testing
arachni http://example.com \ --checks=xss_dom \ --browser-cluster-pool-size=2 \ --browser-cluster-job-timeout=30
XSS with context analysis
arachni http://example.com \ --checks=xss \ --plugin=context_analysis:analyze_responses=true ```_
Cross-Site Request Forgery (CSRF) Testen
```bash
Basic CSRF scan
arachni http://example.com --checks=csrf
CSRF with authentication
arachni http://example.com \ --checks=csrf \ --plugin=autologin:url=http://example.com/login,parameters="username=admin&password;=secret"
CSRF token analysis
arachni http://example.com \ --checks=csrf \ --plugin=csrf_token_analysis:analyze_tokens=true
CSRF with custom forms
arachni http://example.com \ --checks=csrf \ --audit-forms \ --input-value-fill-mode=exhaustive ```_
File Inclusion Testing
```bash
Local File Inclusion (LFI)
arachni http://example.com --checks=lfi
Remote File Inclusion (RFI)
arachni http://example.com --checks=rfi
Path traversal
arachni http://example.com --checks=path_traversal
File inclusion with custom payloads
arachni http://example.com \ --checks=lfi,rfi,path_traversal \ --plugin=payload_generator:payloads=/path/to/file_inclusion_payloads.txt
OS-specific file inclusion
arachni http://example.com \ --checks=lfi \ --plugin=os_detection:detect_os=true ```_
Befehlsinjektionsprüfung
```bash
Basic command injection
arachni http://example.com --checks=code_injection
OS command injection
arachni http://example.com --checks=os_cmd_injection
Command injection with timing attacks
arachni http://example.com \ --checks=os_cmd_injection_timing \ --plugin=timing_attack:delay=5
Custom command injection payloads
arachni http://example.com \ --checks=code_injection,os_cmd_injection \ --plugin=payload_generator:payloads=/path/to/command_injection_payloads.txt ```_
Erweiterte Funktionen
Browser-Clustering für JavaScript-Anwendungen
```bash
Enable browser clustering
arachni http://example.com \ --browser-cluster-pool-size=3 \ --browser-cluster-job-timeout=30 \ --browser-cluster-worker-time-to-live=100 \ --browser-cluster-ignore-images \ --browser-cluster-screen-width=1920 \ --browser-cluster-screen-height=1080
JavaScript event triggering
arachni http://example.com \ --browser-cluster-pool-size=2 \ --checks=xss_dom \ --plugin=dom_event_trigger:events="click,mouseover,focus,blur"
AJAX request analysis
arachni http://example.com \ --browser-cluster-pool-size=2 \ --plugin=ajax_analyzer:analyze_requests=true,timeout=10
Single Page Application (SPA) scanning
arachni http://example.com \ --browser-cluster-pool-size=3 \ --scope-auto-redundant=10 \ --plugin=spa_crawler:wait_time=5,max_depth=10 ```_
Benutzerdefinierte Plugin Entwicklung
```ruby
!/usr/bin/env ruby
Custom Arachni plugin example
class Arachni::Plugins::CustomSecurityCheck ``< Arachni::Plugin::Base def self.info \{ name: 'Custom Security Check', description: 'Custom security vulnerability detection plugin', author: 'Security Researcher', version: '1.0.0', options: [ Options::String.new(:custom_payload, description: 'Custom payload for testing', default: 'test_payload' ), Options::Bool.new(:verify_results, description: 'Verify vulnerability results', default: true ) ] \} end
def prepare
@custom_payload = options[:custom_payload]
@verify_results = options[:verify_results]
@vulnerabilities = []
end
def run
print_status "Starting custom security check..."
# Get all pages discovered during crawling
| framework.sitemap.each do | url, page | | check_page(page) end
# Register findings
| @vulnerabilities.each do | vuln | | register_results(vuln) end
print_status "Custom security check completed. Found #\\\{@vulnerabilities.size\\\} vulnerabilities."
end
def check_page(page)
# Custom vulnerability detection logic
forms = page.forms
| forms.each do | form | | | form.inputs.each do | input | | | if input.type == :text | | input.type == :textarea | test_input_for_vulnerability(page, form, input) end end end end
def test_input_for_vulnerability(page, form, input)
# Create test payload
test_form = form.dup
test_form[input.name] = @custom_payload
# Submit form with payload
response = framework.http.post(form.action, test_form.inputs)
# Check for vulnerability indicators
if response.body.include?(@custom_payload) &&
| response.body.include?('error') | | response.body.include?('exception') |
vulnerability = \\\{
url: page.url,
form_action: form.action,
parameter: input.name,
payload: @custom_payload,
response_snippet: response.body[0..500],
severity: 'Medium',
confidence: 'High'
\\\}
# Verify vulnerability if enabled
if @verify_results
if verify_vulnerability(vulnerability)
@vulnerabilities << vulnerability
end
else
@vulnerabilities << vulnerability
end
end
end
def verify_vulnerability(vuln)
# Additional verification logic
verification_payload = "verify_#\\\{@custom_payload\\\}"
# Perform verification request
response = framework.http.post(vuln[:form_action],
\\\{ vuln[:parameter] =>`` verification_payload \\\\})
return response.body.include?(verification_payload)
end
def register_results(vuln)
# Register vulnerability with Arachni framework
log_issue(
url: vuln[:url],
name: 'Custom Security Vulnerability',
description: "Custom vulnerability detected in parameter '#\\\\{vuln[:parameter]\\\\}'",
tags: ['custom', 'injection'],
severity: vuln[:severity],
confidence: vuln[:confidence],
method: 'POST',
parameters: \\\\{ vuln[:parameter] => vuln[:payload] \\\\},
proof: vuln[:response_snippet]
)
end
def self.distributable?
true
end
def clean_up
@vulnerabilities.clear
end
end ```_
Zollkontrollen
```ruby
!/usr/bin/env ruby
Custom Arachni check example
class Arachni::Checks::CustomVulnerabilityCheck < Arachni::Check::Base def self.info \\{ name: 'Custom Vulnerability Check', description: 'Detects custom application vulnerabilities', elements: [Element::Form, Element::Link, Element::Cookie], author: 'Security Researcher', version: '1.0.0', targets: \\{ 'Generic' => 'all' \\}, references: \\{ 'Custom Advisory' => 'https://example.com/advisory' \\}, issue: \\{ name: 'Custom Application Vulnerability', description: 'Application contains custom security vulnerability', tags: ['custom', 'application', 'vulnerability'], cwe: 79, severity: Severity::MEDIUM, remedy_guidance: 'Implement proper input validation and output encoding' \\} \\} end
def run
# Define custom payloads
payloads = [
'custom_test_payload_1',
'custom_test_payload_2',
'<custom>test</custom>',
'custom"test\'payload'
]
| payloads.each do | payload | | | audit(payload) do | response, opts | | check_response(response, opts, payload) end end end
def check_response(response, opts, payload)
# Check for vulnerability indicators in response
vulnerability_indicators = [
'custom_error_message',
'application_exception',
'debug_information',
payload
]
| vulnerability_indicators.each do | indicator | | if response.body.include?(indicator) # Log the vulnerability log( opts.merge( proof: response.body, vector: opts[:vector] ), response ) return end end
# Check response headers for indicators
| response.headers.each do | header, value | | | if value.include?(payload) | | value.include?('custom_error') | log( opts.merge( proof: "Header: #\\{header\\} = #\\{value\\}", vector: opts[:vector] ), response ) return end end end
def self.payloads
| @payloads | | = [ | 'custom_payload_1', 'custom_payload_2', '', 'custom\'test"payload' ].freeze end end ```_
Automatisierung und Schrift
```bash
!/bin/bash
Arachni automation script
TARGET="$1" OUTPUT_DIR="arachni_results_$(date +%Y%m%d_%H%M%S)" REPORT_FORMAT="html"
if [ -z "$TARGET" ]; then
echo "Usage: $0
echo "[*] Starting Arachni automated scan for $TARGET" mkdir -p "$OUTPUT_DIR"
Basic configuration
ARACHNI_OPTS=" --scope-include-pattern=$TARGET | --scope-exclude-pattern=logout | signout | exit | --http-request-timeout=30000 --http-request-delay=500 --http-request-concurrency=10 --scope-page-limit=1000 --scope-depth-limit=5 "
Phase 1: Quick scan for immediate results
echo "[*] Phase 1: Quick vulnerability scan" arachni $TARGET \ $ARACHNI_OPTS \ --checks=xss,sqli,csrf,lfi \ --report-save-path="$OUTPUT_DIR/quick_scan.afr" \ --timeout=1800
Generate quick report
arachni_reporter "$OUTPUT_DIR/quick_scan.afr" \ --reporter=html:outfile="$OUTPUT_DIR/quick_report.html"
Phase 2: Comprehensive scan
echo "[] Phase 2: Comprehensive vulnerability scan" arachni $TARGET \ $ARACHNI_OPTS \ --checks= \ --plugins=* \ --audit-links \ --audit-forms \ --audit-cookies \ --audit-headers \ --browser-cluster-pool-size=2 \ --report-save-path="$OUTPUT_DIR/comprehensive_scan.afr" \ --timeout=7200
Generate comprehensive reports
arachni_reporter "$OUTPUT_DIR/comprehensive_scan.afr" \ --reporter=html:outfile="$OUTPUT_DIR/comprehensive_report.html"
arachni_reporter "$OUTPUT_DIR/comprehensive_scan.afr" \ --reporter=json:outfile="$OUTPUT_DIR/comprehensive_report.json"
arachni_reporter "$OUTPUT_DIR/comprehensive_scan.afr" \ --reporter=xml:outfile="$OUTPUT_DIR/comprehensive_report.xml"
Phase 3: Authenticated scan (if credentials provided)
if [ ! -z "$AUTH_URL" ] && [ ! -z "$AUTH_PARAMS" ]; then echo "[] Phase 3: Authenticated vulnerability scan" arachni $TARGET \ $ARACHNI_OPTS \ --checks= \ --plugin=autologin:url="$AUTH_URL",parameters="$AUTH_PARAMS" \ --report-save-path="$OUTPUT_DIR/authenticated_scan.afr" \ --timeout=7200
# Generate authenticated scan report
arachni_reporter "$OUTPUT_DIR/authenticated_scan.afr" \
--reporter=html:outfile="$OUTPUT_DIR/authenticated_report.html"
fi
Generate summary
echo "[*] Generating scan summary" cat << EOF > "$OUTPUT_DIR/scan_summary.txt" Arachni Security Scan Summary ============================= Target: $TARGET Scan Date: $(date) Output Directory: $OUTPUT_DIR
Reports Generated: - Quick Scan: quick_report.html - Comprehensive Scan: comprehensive_report.html - JSON Report: comprehensive_report.json - XML Report: comprehensive_report.xml EOF
if [ ! -z "$AUTH_URL" ]; then echo "- Authenticated Scan: authenticated_report.html" >> "$OUTPUT_DIR/scan_summary.txt" fi
echo "[] Scan completed. Results saved to $OUTPUT_DIR" echo "[] Open $OUTPUT_DIR/comprehensive_report.html to view results" ```_
Reporting und Output
Bericht Generation
```bash
Generate HTML report
arachni_reporter scan_results.afr --reporter=html:outfile=report.html
Generate JSON report
arachni_reporter scan_results.afr --reporter=json:outfile=report.json
Generate XML report
arachni_reporter scan_results.afr --reporter=xml:outfile=report.xml
Generate text report
arachni_reporter scan_results.afr --reporter=txt:outfile=report.txt
Generate multiple reports
arachni_reporter scan_results.afr \ --reporter=html:outfile=report.html \ --reporter=json:outfile=report.json \ --reporter=xml:outfile=report.xml
Custom report with specific sections
arachni_reporter scan_results.afr \ --reporter=html:outfile=custom_report.html,include_executive_summary=true,include_technical_details=true
Report with custom template
arachni_reporter scan_results.afr \ --reporter=html:outfile=branded_report.html,template=/path/to/custom_template.erb ```_
Bericht Anpassung
```ruby
!/usr/bin/env ruby
Custom Arachni report generator
require 'arachni' require 'json'
class CustomArachniReporter def initialize(afr_file) @report = Arachni::Report.load(afr_file) end
def generate_executive_summary
summary = \\\\{
scan_details: \\\\{
target: @report.options[:url],
start_time: @report.start_datetime,
finish_time: @report.finish_datetime,
duration: @report.delta_time,
pages_audited: @report.sitemap.size
\\\\},
vulnerability_summary: \\\\{
total: @report.issues.size,
| high: @report.issues.select \\{ | i | i.severity == :high \\}.size, | | medium: @report.issues.select \\{ | i | i.severity == :medium \\}.size, | | low: @report.issues.select \\{ | i | i.severity == :low \\}.size, | | informational: @report.issues.select \\{ | i | i.severity == :informational \\}.size | \\}, top_vulnerabilities: get_top_vulnerabilities(5) \\}
summary
end
def generate_technical_details
technical_data = \\\\{
scan_configuration: \\\\{
checks_used: @report.options[:checks],
plugins_used: @report.options[:plugins],
scope_settings: \\\\{
include_patterns: @report.options[:scope][:include_path_patterns],
exclude_patterns: @report.options[:scope][:exclude_path_patterns]
\\\\}
\\\\},
| vulnerabilities: @report.issues.map do | issue | | \\{ name: issue.name, severity: issue.severity, confidence: issue.confidence, url: issue.url, method: issue.method, parameters: issue.affected_input_names, description: issue.description, proof: issue.proof, remedy_guidance: issue.remedy_guidance, references: issue.references, cwe: issue.cwe, tags: issue.tags \\} end, | sitemap: @report.sitemap.map do | url, page | | \\{ url: url, response_code: page.code, content_type: page.response.content_type, forms: page.forms.size, links: page.links.size, cookies: page.cookies.size \\} end \\}
technical_data
end
def generate_compliance_report(framework = 'OWASP')
compliance_data = \\\\{
framework: framework,
compliance_status: \\\\{\\\\},
recommendations: []
\\\\}
if framework == 'OWASP'
owasp_categories = \\\\{
'A01:2021 - Broken Access Control' => ['csrf', 'unvalidated_redirect'],
'A02:2021 - Cryptographic Failures' => ['insecure_cookie', 'http_only_cookie'],
'A03:2021 - Injection' => ['sqli', 'xss', 'code_injection', 'os_cmd_injection'],
'A04:2021 - Insecure Design' => ['business_logic'],
'A05:2021 - Security Misconfiguration' => ['directory_listing', 'backup_files'],
'A06:2021 - Vulnerable Components' => ['outdated_software'],
'A07:2021 - Authentication Failures' => ['weak_password', 'session_fixation'],
'A08:2021 - Software Integrity Failures' => ['code_injection'],
'A09:2021 - Logging Failures' => ['information_disclosure'],
'A10:2021 - Server-Side Request Forgery' => ['ssrf']
\\\\}
| owasp_categories.each do | category, check_names | | | found_issues = @report.issues.select do | issue | | | check_names.any? \\{ | check | issue.check[:shortname].include?(check) \\} | end
compliance_data[:compliance_status][category] = \\\\{
status: found_issues.empty? ? 'PASS' : 'FAIL',
issues_found: found_issues.size,
severity_breakdown: \\\\{
| high: found_issues.select \\{ | i | i.severity == :high \\}.size, | | medium: found_issues.select \\{ | i | i.severity == :medium \\}.size, | | low: found_issues.select \\{ | i | i.severity == :low \\}.size | \\} \\} end end
compliance_data
end
def export_to_json(filename)
report_data = \\\\{
executive_summary: generate_executive_summary,
technical_details: generate_technical_details,
compliance_report: generate_compliance_report('OWASP')
\\\\}
File.write(filename, JSON.pretty_generate(report_data))
end
def export_to_csv(filename)
require 'csv'
| CSV.open(filename, 'w') do | csv | | csv ``<< ['Vulnerability', 'Severity', 'Confidence', 'URL', 'Method', 'Parameters', 'CWE']
| @report.issues.each do | issue | | csv << [ issue.name, issue.severity, issue.confidence, issue.url, issue.method, issue.affected_input_names.join(', '), issue.cwe ] end end end
private
def get_top_vulnerabilities(count)
severity_order = \\\{ high: 4, medium: 3, low: 2, informational: 1 \\\}
@report.issues
| .sort_by \{ | issue | -severity_order[issue.severity] \} | .first(count) | .map do | issue | | \{ name: issue.name, severity: issue.severity, url: issue.url, description: issue.description[0..200] + '...' \} end end end
Usage example
if FILE == $0 reporter = CustomArachniReporter.new(ARGV[0]) reporter.export_to_json('custom_report.json') reporter.export_to_csv('vulnerabilities.csv')
puts "Custom reports generated:"
puts "- custom_report.json"
puts "- vulnerabilities.csv"
end ```_
Integration von CI/CD
Jenkins Integration
```groovy // Jenkins pipeline for Arachni security scanning pipeline \{ agent any
parameters \\\{
string(name: 'TARGET_URL', defaultValue: 'http://example.com', description: 'Target URL to scan')
choice(name: 'SCAN_TYPE', choices: ['quick', 'comprehensive'], description: 'Type of scan to perform')
booleanParam(name: 'AUTHENTICATED_SCAN', defaultValue: false, description: 'Perform authenticated scan')
\\\}
environment \\\{
ARACHNI_DOCKER_IMAGE = 'arachni/arachni:latest'
REPORTS_DIR = 'arachni_reports'
\\\}
stages \\\{
stage('Prepare Environment') \\\{
steps \\\{
script \\\{
sh "mkdir -p $\\\{REPORTS_DIR\\\}"
sh "docker pull $\\\{ARACHNI_DOCKER_IMAGE\\\}"
\\\}
\\\}
\\\}
stage('Security Scan') \\\{
steps \\\{
script \\\{
def scanCommand = "docker run --rm -v \$(pwd)/$\\\{REPORTS_DIR\\\}:/reports $\\\{ARACHNI_DOCKER_IMAGE\\\} arachni"
def scanOptions = "--report-save-path=/reports/scan_results.afr"
if (params.SCAN_TYPE == 'quick') \\\{
scanOptions += " --checks=xss,sqli,csrf --timeout=1800"
\\\} else \\\{
scanOptions += " --checks=* --plugins=* --timeout=7200"
\\\}
if (params.AUTHENTICATED_SCAN) \\\{
scanOptions += " --plugin=autologin:url=$\\\{params.TARGET_URL\\\}/login,parameters=\"username=\$\\\{AUTH_USERNAME\\\}&password;=\$\\\{AUTH_PASSWORD\\\}\""
\\\}
sh "$\\\{scanCommand\\\} $\\\{params.TARGET_URL\\\} $\\\{scanOptions\\\}"
\\\}
\\\}
\\\}
stage('Generate Reports') \\\{
steps \\\{
script \\\{
sh """
docker run --rm -v \$(pwd)/$\\\{REPORTS_DIR\\\}:/reports $\\\{ARACHNI_DOCKER_IMAGE\\\} \
arachni_reporter /reports/scan_results.afr \
--reporter=html:outfile=/reports/security_report.html \
--reporter=json:outfile=/reports/security_report.json \
--reporter=xml:outfile=/reports/security_report.xml
"""
\\\}
\\\}
\\\}
stage('Process Results') \\\{
steps \\\{
script \\\{
// Parse JSON report for vulnerability counts
def reportJson = readJSON file: "$\\\{REPORTS_DIR\\\}/security_report.json"
def highVulns = reportJson.issues.findAll \\\{ it.severity == 'high' \\\}.size()
def mediumVulns = reportJson.issues.findAll \\\{ it.severity == 'medium' \\\}.size()
echo "Security Scan Results:"
echo "High Severity: $\\\{highVulns\\\}"
echo "Medium Severity: $\\\{mediumVulns\\\}"
// Fail build if high severity vulnerabilities found
if (highVulns >`` 0) \\\\{
currentBuild.result = 'UNSTABLE'
error("High severity vulnerabilities found: $\\\\{highVulns\\\\}")
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Archive reports
archiveArtifacts artifacts: "$\\\\{REPORTS_DIR\\\\}/*", fingerprint: true
// Publish HTML report
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: REPORTS_DIR,
reportFiles: 'security_report.html',
reportName: 'Arachni Security Report'
])
\\\\}
failure \\\\{
// Send notification on failure
emailext (
subject: "Security Scan Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Security scan failed for $\\\\{params.TARGET_URL\\\\}. Check the build logs for details.",
to: "$\\\\{env.CHANGE_AUTHOR_EMAIL\\\\}"
)
\\\\}
\\\\}
\\} ```_
GitHub Aktionen Integration
```yaml
.github/workflows/security-scan.yml
name: Arachni Security Scan
on: push: branches: [ main, develop ] pull_request: branches: [ main ] schedule: - cron: '0 2 * * 1' # Weekly scan on Mondays at 2 AM
env: TARGET_URL: $\\{\\{ secrets.TARGET_URL \\}\\} ARACHNI_VERSION: latest
jobs: security-scan: runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Create reports directory
run: mkdir -p arachni_reports
- name: Run Arachni Security Scan
run: |
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_reports: /reports \
arachni/arachni: $\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni $\\\\{\\\\{ env.TARGET_URL \\\\}\\\\} \
--checks=xss,sqli,csrf,lfi,rfi \
--scope-include-pattern="$\\\\{\\\\{ env.TARGET_URL \\\\}\\\\}" \
--scope-exclude-pattern="logout|signout" \
--http-request-timeout=30000 \
--timeout=3600 \
--report-save-path=/reports/scan_results.afr
- name: Generate Reports
run: |
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_reports: /reports \
arachni/arachni: $\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni_reporter /reports/scan_results.afr \
--reporter=html: outfile=/reports/security_report.html \
--reporter=json: outfile=/reports/security_report.json
- name: Process Scan Results
id: process_results
run: |
if [ -f arachni_reports/security_report.json ]; then
| HIGH_VULNS=$(jq '[.issues[] | select(.severity == "high")] | length' arachni_reports/security_report.json) | | MEDIUM_VULNS=$(jq '[.issues[] | select(.severity == "medium")] | length' arachni_reports/security_report.json) | TOTAL_VULNS=$(jq '.issues|length' arachni_reports/security_report.json)
echo "high_vulns=$HIGH_VULNS" >> $GITHUB_OUTPUT
echo "medium_vulns=$MEDIUM_VULNS" >> $GITHUB_OUTPUT
echo "total_vulns=$TOTAL_VULNS" >> $GITHUB_OUTPUT
echo "Security Scan Results: "
echo "Total Vulnerabilities: $TOTAL_VULNS"
echo "High Severity: $HIGH_VULNS"
echo "Medium Severity: $MEDIUM_VULNS"
fi
- name: Upload Reports
uses: actions/upload-artifact@v3
with:
name: arachni-security-reports
path: arachni_reports/
retention-days: 30
- name: Comment PR with Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const highVulns = '$\\\\{\\\\{ steps.process_results.outputs.high_vulns \\\\}\\\\}';
const mediumVulns = '$\\\\{\\\\{ steps.process_results.outputs.medium_vulns \\\\}\\\\}';
const totalVulns = '$\\\\{\\\\{ steps.process_results.outputs.total_vulns \\\\}\\\\}';
const comment = `## 🔒 Arachni Security Scan Results
| | Severity | Count | | | --- | --- | | | High | $\{highVulns\} | | | | Medium | $\{mediumVulns\} | | | | Total | $\{totalVulns\} | |
$\\{highVulns > 0 ? '⚠️ **High severity vulnerabilities found!**' : '✅ No high severity vulnerabilities found.'\\}
📊 [View detailed report](https: //github.com/$\\{\\{ github.repository \\}\\}/actions/runs/$\\{\\{ github.run_id \\}\\})`;
github.rest.issues.createComment(\\\\{
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
\\\\});
- name: Fail on High Severity Vulnerabilities
if: steps.process_results.outputs.high_vulns > 0
run: |
echo "❌ Build failed due to high severity vulnerabilities"
exit 1
```_
Fehlerbehebung
Gemeinsame Themen und Lösungen
```bash
Issue: Memory errors during large scans
Solution: Increase memory limits and use browser clustering
arachni http://example.com \ --http-request-concurrency=5 \ --browser-cluster-pool-size=2 \ --scope-page-limit=500 \ --timeout=7200
Issue: Timeouts on slow applications
Solution: Increase timeout values
arachni http://example.com \ --http-request-timeout=60000 \ --http-request-delay=2000 \ --timeout=14400
Issue: False positives in results
Solution: Use verification plugins and custom filters
arachni http://example.com \ --checks=xss,sqli \ --plugin=verification:verify_xss=true,verify_sqli=true
Issue: Incomplete crawling of JavaScript applications
Solution: Enable browser clustering and increase wait times
arachni http://example.com \ --browser-cluster-pool-size=3 \ --browser-cluster-job-timeout=60 \ --scope-auto-redundant=10
Issue: Authentication session expires during scan
Solution: Use session management plugins
arachni http://example.com \ --plugin=autologin:url=http://example.com/login,parameters="user=admin&pass;=secret" \ --session-check-url=http://example.com/profile \ --session-check-pattern="Welcome"
Issue: Scan getting blocked by WAF/rate limiting
Solution: Implement delays and use proxy rotation
arachni http://example.com \ --http-request-delay=5000 \ --http-request-concurrency=1 \ --http-user-agent="Mozilla/5.0 (compatible; Scanner)"
Issue: Large report files
Solution: Use specific checks and limit scope
arachni http://example.com \ --checks=xss,sqli,csrf \ --scope-page-limit=100 \ --scope-depth-limit=3
Issue: SSL/TLS certificate errors
Solution: Disable certificate verification
arachni https://example.com \ --http-ssl-verify-peer=false \ --http-ssl-verify-host=false ```_
Leistungsoptimierung
```bash
Optimize for speed
arachni http://example.com \ --http-request-concurrency=20 \ --http-request-delay=100 \ --scope-page-limit=200 \ --checks=xss,sqli \ --timeout=1800
Optimize for thoroughness
arachni http://example.com \ --http-request-concurrency=5 \ --http-request-delay=1000 \ --scope-page-limit=2000 \ --scope-depth-limit=10 \ --checks= \ --plugins= \ --timeout=14400
Optimize for JavaScript-heavy applications
arachni http://example.com \ --browser-cluster-pool-size=4 \ --browser-cluster-job-timeout=30 \ --browser-cluster-worker-time-to-live=200 \ --scope-auto-redundant=15 \ --timeout=10800
Memory optimization for large scans
export RUBY_GC_HEAP_INIT_SLOTS=1000000 export RUBY_GC_HEAP_FREE_SLOTS=500000 export RUBY_GC_HEAP_GROWTH_FACTOR=1.1 export RUBY_GC_HEAP_GROWTH_MAX_SLOTS=1000000
arachni http://example.com \ --http-request-concurrency=10 \ --scope-page-limit=1000 \ --timeout=7200 ```_
--
** Sicherheitshinweis**: Arachni ist ein leistungsstarker Web Application Security Scanner, der nur für autorisierte Sicherheitstests verwendet werden sollte. Stellen Sie immer sicher, dass Sie eine ausdrückliche schriftliche Genehmigung vor dem Scannen von Web-Anwendungen oder Systemen haben. Das Werkzeug kann einen erheblichen Traffic erzeugen und die Anwendungsleistung beeinflussen. Verwenden Sie dieses Tool verantwortungsvoll und entsprechend den geltenden Gesetzen, Vorschriften und ethischen Richtlinien. Immer im Rahmen autorisierter Penetrationstests arbeiten und verantwortungsvolle Offenlegungspraktiken für entdeckte Schwachstellen verfolgen.
📚 Zusätzliche Ressourcen: - [Arachni Offizielle Website](LINK_4 -%20Arachni%20GitHub%20Repository - Arachni Dokumentation - [OWASP Web Security Testing Guide](LINK_4