Arachni Cheat Blatt¶
Überblick¶
Arachni ist ein funktionsreicher, modularer, leistungsstarker Ruby-Rahmen zielt darauf ab, Penetrationsprüfer und Administratoren zu helfen, die Sicherheit moderner Webanwendungen zu bewerten. Arachni entwickelt mit einem Schwerpunkt auf Usability und Modularität bietet umfassende Sicherheitsbewertungsfunktionen für Webanwendungen durch seinen fortgeschrittenen Raupenmotor, umfangreiche Schwachstellenerkennungsmodule und ein flexibles Meldesystem. Das Framework ist konzipiert, um komplexe moderne Web-Anwendungen zu behandeln, einschließlich derjenigen mit schweren JavaScript-Nutzung, AJAX-Funktionalität und dynamische Content-Generation.
Der Rahmen zeichnet sich durch seine intelligenten Kriechfähigkeiten und eine umfassende Sicherheitserkennung aus. Arachni kann Single-page-Anwendungen (SPAs), REST-APIs und traditionelle Web-Anwendungen mit gleicher Effizienz effektiv analysieren. Seine modulare Architektur ermöglicht eine einfache Anpassung und Erweiterung, sodass es sowohl für automatisierte Sicherheitstests als auch für manuelle Penetrationstests geeignet ist. Die Plattform umfasst erweiterte Funktionen wie Browser-Clustering für JavaScript-heavy-Anwendungen, benutzerdefinierte Payload-Generierung und anspruchsvolle falsche positive Reduktionsmechanismen.
Arachnis Stärke liegt in seiner Fähigkeit, sowohl Black-Box- als auch Grey-Box-Sicherheitstests durchzuführen. Der Rahmen kann in verschiedenen Modi arbeiten, von schnellen Sicherheitsscans bis hin zu umfassenden tiefgreifenden Bewertungen. Es umfasst integrierte Unterstützung für Authentifizierung, Sitzungsmanagement und komplexe Multi-Step-Angriffsszenarien. Die Reporting-Funktionen der Plattform erzeugen detaillierte technische Berichte, die für Entwickler, Executive-Zusammenfassungen für Management und Compliance-Dokumentation für regulatorische Anforderungen geeignet sind.
Der Rahmen ist besonders wertvoll für Organisationen, die regelmäßige Sicherheitsbewertungen von Webanwendungen benötigen. Seine Automatisierungsfunktionen machen es zur Integration in CI/CD-Pipelines geeignet, während seine umfangreichen manuellen Testfunktionen detaillierte Penetrationstests unterstützen. Arachnis aktive Entwicklungsgemeinschaft sorgt für regelmäßige Updates, um aufstrebende Web Application Security Bedrohungen und Testmethoden zu lösen.
Installation¶
Docker Installation (empfohlen)¶
```bash
Pull official Arachni Docker image¶
docker pull arachni/arachni
Run Arachni container with web interface¶
docker run -d -p 9292:9292 --name arachni-web arachni/arachni arachni_web
Run Arachni container for command-line usage¶
docker run -it --rm arachni/arachni arachni --help
Run comprehensive scan with Docker¶
docker run -it --rm -v $(pwd)/reports:/reports arachni/arachni \ arachni http://example.com --report-save-path=/reports/scan_report.afr
Access Arachni Web UI¶
Navigate to http://localhost:9292¶
Run with custom configuration¶
docker run -d -p 9292:9292 \ -v $(pwd)/config:/config \ -v $(pwd)/reports:/reports \ --name arachni-web arachni/arachni \ arachni_web --config=/config/arachni.conf ```_
Docker komponiert Installation¶
```yaml
Create docker-compose.yml¶
cat << 'EOF' > docker-compose.yml version: '3.8'
services: arachni-web: image: arachni/arachni container_name: arachni-web ports: - "9292: 9292" volumes: - arachni_reports: /reports - arachni_config: /config - arachni_logs: /logs command: arachni_web --host=0.0.0.0 --port=9292 environment: - ARACHNI_WEB_HOST=0.0.0.0 - ARACHNI_WEB_PORT=9292 restart: unless-stopped networks: - arachni_network
arachni-dispatcher: image: arachni/arachni container_name: arachni-dispatcher ports: - "7331: 7331" volumes: - arachni_reports: /reports - arachni_config: /config command: arachni_rpcd --host=0.0.0.0 --port=7331 environment: - ARACHNI_DISPATCHER_HOST=0.0.0.0 - ARACHNI_DISPATCHER_PORT=7331 restart: unless-stopped networks: - arachni_network
volumes: arachni_reports: arachni_config: arachni_logs:
networks: arachni_network: driver: bridge EOF
Start Arachni services¶
docker-compose up -d
View logs¶
docker-compose logs -f arachni-web
Stop services¶
docker-compose down
Stop and remove volumes¶
docker-compose down -v ```_
Manuelle Installation auf Ubuntu/Debian¶
```bash
Update system¶
sudo apt update && sudo apt upgrade -y
Install Ruby and dependencies¶
sudo apt install -y ruby ruby-dev build-essential libssl-dev \ libxml2-dev libxslt1-dev libcurl4-openssl-dev \ libsqlite3-dev zlib1g-dev
Install RubyGems¶
sudo apt install -y rubygems
Install Arachni¶
wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
Add Arachni to PATH¶
echo 'export PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc source ~/.bashrc
Verify installation¶
arachni --version
Install additional gems (optional)¶
cd /opt/arachni sudo gem install bundler sudo bundle install
Start Arachni Web UI¶
arachni_web --host=0.0.0.0 --port=9292
Start Arachni RPC dispatcher¶
arachni_rpcd --host=0.0.0.0 --port=7331 ```_
Installation auf CentOS/RHEL¶
```bash
Install EPEL repository¶
sudo yum install epel-release -y
Install Ruby and development tools¶
sudo yum groupinstall "Development Tools" -y sudo yum install ruby ruby-devel rubygems \ openssl-devel libxml2-devel libxslt-devel \ libcurl-devel sqlite-devel zlib-devel -y
Download and install Arachni¶
cd /tmp wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
Set permissions¶
sudo chown -R root:root /opt/arachni sudo chmod +x /opt/arachni/bin/*
Add to PATH¶
echo 'export PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc source ~/.bashrc
Create systemd service for Arachni Web¶
sudo tee /etc/systemd/system/arachni-web.service << 'EOF' [Unit] Description=Arachni Web Interface After=network.target
[Service] Type=simple User=arachni Group=arachni WorkingDirectory=/opt/arachni ExecStart=/opt/arachni/bin/arachni_web --host=0.0.0.0 --port=9292 Restart=always
[Install] WantedBy=multi-user.target EOF
Create arachni user¶
sudo useradd -r -s /bin/false arachni sudo chown -R arachni:arachni /opt/arachni
Start and enable service¶
sudo systemctl daemon-reload sudo systemctl start arachni-web sudo systemctl enable arachni-web ```_
Quelle Installation¶
```bash
Install Ruby version manager (rbenv)¶
git clone https://github.com/rbenv/rbenv.git ~/.rbenv echo 'export PATH="\(HOME/.rbenv/bin:\)PATH"' >> ~/.bashrc echo 'eval "$(rbenv init -)"' >> ~/.bashrc source ~/.bashrc
Install ruby-build¶
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
Install Ruby 2.7.0 (required for Arachni)¶
rbenv install 2.7.0 rbenv global 2.7.0
Clone Arachni repository¶
git clone https://github.com/Arachni/arachni.git cd arachni
Install dependencies¶
gem install bundler bundle install
Build Arachni¶
rake build
Install Arachni¶
rake install
Verify installation¶
arachni --version ```_
Basisnutzung¶
Kommandozeilenschnittstelle¶
```bash
Basic web application scan¶
arachni http://example.com
Scan with specific checks¶
arachni http://example.com --checks=xss,sqli,csrf
Scan with custom scope¶
arachni http://example.com --scope-include-pattern="example.com" \ --scope-exclude-pattern="logout|admin"
Scan with authentication¶
arachni http://example.com --plugin=autologin:url=http://example.com/login,parameters="username=admin&password;=secret"
Scan with custom headers¶
arachni http://example.com --http-request-headers="Authorization: Bearer token123"
Scan with proxy¶
arachni http://example.com --http-proxy=http://127.0.0.1:8080
Scan with custom user agent¶
arachni http://example.com --http-user-agent="Custom Scanner 1.0"
Scan with session cookies¶
arachni http://example.com --http-cookie-string="PHPSESSID=abc123; auth=token456"
Scan with rate limiting¶
arachni http://example.com --http-request-delay=1000 --http-request-concurrency=5
Scan with timeout settings¶
arachni http://example.com --http-request-timeout=30000 --http-response-max-size=1048576 ```_
Erweiterte Scanoptionen¶
```bash
Comprehensive deep scan¶
arachni http://example.com \ --checks=* \ --plugins=* \ --scope-auto-redundant=5 \ --audit-links \ --audit-forms \ --audit-cookies \ --audit-headers \ --audit-jsons \ --audit-xmls
Scan with browser clustering (for JavaScript-heavy apps)¶
arachni http://example.com \ --browser-cluster-pool-size=3 \ --browser-cluster-job-timeout=30 \ --browser-cluster-worker-time-to-live=100
Scan with custom wordlists¶
arachni http://example.com \ --checks=path_traversal \ --plugin=path_extractor:wordlist=/path/to/custom_wordlist.txt
Scan with form filling¶
arachni http://example.com \ --input-value-fill-mode=exhaustive \ --input-values-file=/path/to/input_values.txt
Scan with custom payloads¶
arachni http://example.com \ --checks=xss \ --plugin=payload_generator:payloads=/path/to/xss_payloads.txt
Scan with vulnerability verification¶
arachni http://example.com \ --checks=sqli \ --plugin=verification:verify_sqli=true
Scan with custom crawling depth¶
arachni http://example.com \ --scope-depth-limit=5 \ --scope-page-limit=1000 \ --scope-directory-depth-limit=3
Scan with exclusions¶
arachni http://example.com \ --scope-exclude-path-patterns="logout,admin,delete" \ --scope-exclude-content-patterns="text/css,image/*" ```_
Authentifizierung und Sitzungsmanagement¶
```bash
Form-based authentication¶
arachni http://example.com \ --plugin=autologin:url=http://example.com/login,parameters="username=admin&password;=secret",check="Welcome"
HTTP Basic authentication¶
arachni http://example.com \ --http-authentication-username=admin \ --http-authentication-password=secret
Custom authentication script¶
arachni http://example.com \ --plugin=script:script=/path/to/auth_script.rb
Session management with cookies¶
arachni http://example.com \ --http-cookie-jar=/path/to/cookies.txt \ --session-check-url=http://example.com/profile \ --session-check-pattern="Welcome"
Multi-step authentication¶
arachni http://example.com \ --plugin=multi_step_auth:steps="step1.rb,step2.rb,step3.rb"
OAuth authentication¶
arachni http://example.com \ --plugin=oauth:client_id=your_client_id,client_secret=your_secret,redirect_uri=http://localhost/callback ```_
Schwachstellenerkennung¶
SQL Injection Testing¶
```bash
Basic SQL injection scan¶
arachni http://example.com --checks=sqli
Advanced SQL injection with custom payloads¶
arachni http://example.com \ --checks=sqli \ --plugin=payload_generator:payloads=/path/to/sqli_payloads.txt \ --audit-parameter-names \ --audit-parameter-values
Blind SQL injection testing¶
arachni http://example.com \ --checks=sqli_blind_rdiff,sqli_blind_timing \ --plugin=timing_attack:delay=5
Database-specific SQL injection¶
arachni http://example.com \ --checks=sqli \ --plugin=database_detection:databases="mysql,postgresql,mssql,oracle"
SQL injection with verification¶
arachni http://example.com \ --checks=sqli \ --plugin=verification:verify_sqli=true,extract_data=true ```_
Cross-Site Scripting (XSS) Testen¶
```bash
Basic XSS scan¶
arachni http://example.com --checks=xss
Comprehensive XSS testing¶
arachni http://example.com \ --checks=xss,xss_dom,xss_event,xss_script_context,xss_tag \ --audit-links \ --audit-forms \ --audit-cookies \ --audit-headers
Custom XSS payloads¶
arachni http://example.com \ --checks=xss \ --plugin=payload_generator:payloads=/path/to/xss_payloads.txt
DOM-based XSS testing¶
arachni http://example.com \ --checks=xss_dom \ --browser-cluster-pool-size=2 \ --browser-cluster-job-timeout=30
XSS with context analysis¶
arachni http://example.com \ --checks=xss \ --plugin=context_analysis:analyze_responses=true ```_
Cross-Site Request Forgery (CSRF) Testen¶
```bash
Basic CSRF scan¶
arachni http://example.com --checks=csrf
CSRF with authentication¶
arachni http://example.com \ --checks=csrf \ --plugin=autologin:url=http://example.com/login,parameters="username=admin&password;=secret"
CSRF token analysis¶
arachni http://example.com \ --checks=csrf \ --plugin=csrf_token_analysis:analyze_tokens=true
CSRF with custom forms¶
arachni http://example.com \ --checks=csrf \ --audit-forms \ --input-value-fill-mode=exhaustive ```_
File Inclusion Testing¶
```bash
Local File Inclusion (LFI)¶
arachni http://example.com --checks=lfi
Remote File Inclusion (RFI)¶
arachni http://example.com --checks=rfi
Path traversal¶
arachni http://example.com --checks=path_traversal
File inclusion with custom payloads¶
arachni http://example.com \ --checks=lfi,rfi,path_traversal \ --plugin=payload_generator:payloads=/path/to/file_inclusion_payloads.txt
OS-specific file inclusion¶
arachni http://example.com \ --checks=lfi \ --plugin=os_detection:detect_os=true ```_
Befehlsinjektionsprüfung¶
```bash
Basic command injection¶
arachni http://example.com --checks=code_injection
OS command injection¶
arachni http://example.com --checks=os_cmd_injection
Command injection with timing attacks¶
arachni http://example.com \ --checks=os_cmd_injection_timing \ --plugin=timing_attack:delay=5
Custom command injection payloads¶
arachni http://example.com \ --checks=code_injection,os_cmd_injection \ --plugin=payload_generator:payloads=/path/to/command_injection_payloads.txt ```_
Erweiterte Funktionen¶
Browser-Clustering für JavaScript-Anwendungen¶
```bash
Enable browser clustering¶
arachni http://example.com \ --browser-cluster-pool-size=3 \ --browser-cluster-job-timeout=30 \ --browser-cluster-worker-time-to-live=100 \ --browser-cluster-ignore-images \ --browser-cluster-screen-width=1920 \ --browser-cluster-screen-height=1080
JavaScript event triggering¶
arachni http://example.com \ --browser-cluster-pool-size=2 \ --checks=xss_dom \ --plugin=dom_event_trigger:events="click,mouseover,focus,blur"
AJAX request analysis¶
arachni http://example.com \ --browser-cluster-pool-size=2 \ --plugin=ajax_analyzer:analyze_requests=true,timeout=10
Single Page Application (SPA) scanning¶
arachni http://example.com \ --browser-cluster-pool-size=3 \ --scope-auto-redundant=10 \ --plugin=spa_crawler:wait_time=5,max_depth=10 ```_
Benutzerdefinierte Plugin Entwicklung¶
```ruby
!/usr/bin/env ruby¶
Custom Arachni plugin example¶
class Arachni::Plugins::CustomSecurityCheck ``< Arachni::Plugin::Base def self.info \{ name: 'Custom Security Check', description: 'Custom security vulnerability detection plugin', author: 'Security Researcher', version: '1.0.0', options: [ Options::String.new(:custom_payload, description: 'Custom payload for testing', default: 'test_payload' ), Options::Bool.new(:verify_results, description: 'Verify vulnerability results', default: true ) ] \} end
def prepare
@custom_payload = options[:custom_payload]
@verify_results = options[:verify_results]
@vulnerabilities = []
end
def run
print_status "Starting custom security check..."
# Get all pages discovered during crawling
| | framework.sitemap.each do | url, page | | | check_page(page) end
# Register findings
| | @vulnerabilities.each do | vuln | | | register_results(vuln) end
print_status "Custom security check completed. Found #\\\{@vulnerabilities.size\\\} vulnerabilities."
end
def check_page(page)
# Custom vulnerability detection logic
forms = page.forms
| | forms.each do | form | | | | | form.inputs.each do | input | | | | | if input.type == :text | | input.type == :textarea | | test_input_for_vulnerability(page, form, input) end end end end
def test_input_for_vulnerability(page, form, input)
# Create test payload
test_form = form.dup
test_form[input.name] = @custom_payload
# Submit form with payload
response = framework.http.post(form.action, test_form.inputs)
# Check for vulnerability indicators
if response.body.include?(@custom_payload) &&
| | response.body.include?('error') | | response.body.include?('exception') | |
vulnerability = \\\{
url: page.url,
form_action: form.action,
parameter: input.name,
payload: @custom_payload,
response_snippet: response.body[0..500],
severity: 'Medium',
confidence: 'High'
\\\}
# Verify vulnerability if enabled
if @verify_results
if verify_vulnerability(vulnerability)
@vulnerabilities << vulnerability
end
else
@vulnerabilities << vulnerability
end
end
end
def verify_vulnerability(vuln)
# Additional verification logic
verification_payload = "verify_#\\\{@custom_payload\\\}"
# Perform verification request
response = framework.http.post(vuln[:form_action],
\\\{ vuln[:parameter] =>`` verification_payload \\\\})
return response.body.include?(verification_payload)
end
def register_results(vuln)
# Register vulnerability with Arachni framework
log_issue(
url: vuln[:url],
name: 'Custom Security Vulnerability',
description: "Custom vulnerability detected in parameter '#\\\\{vuln[:parameter]\\\\}'",
tags: ['custom', 'injection'],
severity: vuln[:severity],
confidence: vuln[:confidence],
method: 'POST',
parameters: \\\\{ vuln[:parameter] => vuln[:payload] \\\\},
proof: vuln[:response_snippet]
)
end
def self.distributable?
true
end
def clean_up
@vulnerabilities.clear
end
end ```_
Zollkontrollen¶
```ruby
!/usr/bin/env ruby¶
Custom Arachni check example¶
class Arachni::Checks::CustomVulnerabilityCheck < Arachni::Check::Base def self.info \\{ name: 'Custom Vulnerability Check', description: 'Detects custom application vulnerabilities', elements: [Element::Form, Element::Link, Element::Cookie], author: 'Security Researcher', version: '1.0.0', targets: \\{ 'Generic' => 'all' \\}, references: \\{ 'Custom Advisory' => 'https://example.com/advisory' \\}, issue: \\{ name: 'Custom Application Vulnerability', description: 'Application contains custom security vulnerability', tags: ['custom', 'application', 'vulnerability'], cwe: 79, severity: Severity::MEDIUM, remedy_guidance: 'Implement proper input validation and output encoding' \\} \\} end
def run
# Define custom payloads
payloads = [
'custom_test_payload_1',
'custom_test_payload_2',
'<custom>test</custom>',
'custom"test\'payload'
]
| | payloads.each do | payload | | | | | audit(payload) do | response, opts | | | check_response(response, opts, payload) end end end
def check_response(response, opts, payload)
# Check for vulnerability indicators in response
vulnerability_indicators = [
'custom_error_message',
'application_exception',
'debug_information',
payload
]
| | vulnerability_indicators.each do | indicator | | | if response.body.include?(indicator) # Log the vulnerability log( opts.merge( proof: response.body, vector: opts[:vector] ), response ) return end end
# Check response headers for indicators
| | response.headers.each do | header, value | | | | | if value.include?(payload) | | value.include?('custom_error') | | log( opts.merge( proof: "Header: #\\{header\\} = #\\{value\\}", vector: opts[:vector] ), response ) return end end end
def self.payloads
| | @payloads | | = [ | | 'custom_payload_1', 'custom_payload_2', '', 'custom\'test"payload' ].freeze end end ```_
Automatisierung und Schrift¶
```bash
!/bin/bash¶
Arachni automation script¶
TARGET="\(1" OUTPUT_DIR="arachni_results_\)(date +%Y%m%d_%H%M%S)" REPORT_FORMAT="html"
if [ -z "$TARGET" ]; then
echo "Usage: $0
echo "[*] Starting Arachni automated scan for \(TARGET" mkdir -p "\)OUTPUT_DIR"
Basic configuration¶
ARACHNI_OPTS=" --scope-include-pattern=$TARGET | | --scope-exclude-pattern=logout | signout | exit | | --http-request-timeout=30000 --http-request-delay=500 --http-request-concurrency=10 --scope-page-limit=1000 --scope-depth-limit=5 "
Phase 1: Quick scan for immediate results¶
echo "[*] Phase 1: Quick vulnerability scan" arachni $TARGET \ \(ARACHNI_OPTS \ --checks=xss,sqli,csrf,lfi \ --report-save-path="\)OUTPUT_DIR/quick_scan.afr" \ --timeout=1800
Generate quick report¶
arachni_reporter "\(OUTPUT_DIR/quick_scan.afr" \ --reporter=html:outfile="\)OUTPUT_DIR/quick_report.html"
Phase 2: Comprehensive scan¶
echo "[*] Phase 2: Comprehensive vulnerability scan" arachni $TARGET \ \(ARACHNI_OPTS \ --checks=* \ --plugins=* \ --audit-links \ --audit-forms \ --audit-cookies \ --audit-headers \ --browser-cluster-pool-size=2 \ --report-save-path="\)OUTPUT_DIR/comprehensive_scan.afr" \ --timeout=7200
Generate comprehensive reports¶
arachni_reporter "\(OUTPUT_DIR/comprehensive_scan.afr" \ --reporter=html:outfile="\)OUTPUT_DIR/comprehensive_report.html"
arachni_reporter "\(OUTPUT_DIR/comprehensive_scan.afr" \ --reporter=json:outfile="\)OUTPUT_DIR/comprehensive_report.json"
arachni_reporter "\(OUTPUT_DIR/comprehensive_scan.afr" \ --reporter=xml:outfile="\)OUTPUT_DIR/comprehensive_report.xml"
Phase 3: Authenticated scan (if credentials provided)¶
if [ ! -z "\(AUTH_URL" ] && [ ! -z "\)AUTH_PARAMS" ]; then echo "[*] Phase 3: Authenticated vulnerability scan" arachni \(TARGET \ \(ARACHNI_OPTS \ --checks=* \ --plugin=autologin:url="\)AUTH_URL",parameters="\)AUTH_PARAMS" \ --report-save-path="$OUTPUT_DIR/authenticated_scan.afr" \ --timeout=7200
# Generate authenticated scan report
arachni_reporter "$OUTPUT_DIR/authenticated_scan.afr" \
--reporter=html:outfile="$OUTPUT_DIR/authenticated_report.html"
fi
Generate summary¶
echo "[*] Generating scan summary" cat << EOF > "$OUTPUT_DIR/scan_summary.txt" Arachni Security Scan Summary ============================= Target: $TARGET Scan Date: $(date) Output Directory: $OUTPUT_DIR
Reports Generated: - Quick Scan: quick_report.html - Comprehensive Scan: comprehensive_report.html - JSON Report: comprehensive_report.json - XML Report: comprehensive_report.xml EOF
if [ ! -z "\(AUTH_URL" ]; then echo "- Authenticated Scan: authenticated_report.html" >> "\)OUTPUT_DIR/scan_summary.txt" fi
echo "[] Scan completed. Results saved to $OUTPUT_DIR" echo "[] Open $OUTPUT_DIR/comprehensive_report.html to view results" ```_
Reporting und Output¶
Bericht Generation¶
```bash
Generate HTML report¶
arachni_reporter scan_results.afr --reporter=html:outfile=report.html
Generate JSON report¶
arachni_reporter scan_results.afr --reporter=json:outfile=report.json
Generate XML report¶
arachni_reporter scan_results.afr --reporter=xml:outfile=report.xml
Generate text report¶
arachni_reporter scan_results.afr --reporter=txt:outfile=report.txt
Generate multiple reports¶
arachni_reporter scan_results.afr \ --reporter=html:outfile=report.html \ --reporter=json:outfile=report.json \ --reporter=xml:outfile=report.xml
Custom report with specific sections¶
arachni_reporter scan_results.afr \ --reporter=html:outfile=custom_report.html,include_executive_summary=true,include_technical_details=true
Report with custom template¶
arachni_reporter scan_results.afr \ --reporter=html:outfile=branded_report.html,template=/path/to/custom_template.erb ```_
Bericht Anpassung¶
```ruby
!/usr/bin/env ruby¶
Custom Arachni report generator¶
require 'arachni' require 'json'
class CustomArachniReporter def initialize(afr_file) @report = Arachni::Report.load(afr_file) end
def generate_executive_summary
summary = \\\\{
scan_details: \\\\{
target: @report.options[:url],
start_time: @report.start_datetime,
finish_time: @report.finish_datetime,
duration: @report.delta_time,
pages_audited: @report.sitemap.size
\\\\},
vulnerability_summary: \\\\{
total: @report.issues.size,
| | high: @report.issues.select \\{ | i | i.severity == :high \\}.size, | | | | medium: @report.issues.select \\{ | i | i.severity == :medium \\}.size, | | | | low: @report.issues.select \\{ | i | i.severity == :low \\}.size, | | | | informational: @report.issues.select \\{ | i | i.severity == :informational \\}.size | | \\}, top_vulnerabilities: get_top_vulnerabilities(5) \\}
summary
end
def generate_technical_details
technical_data = \\\\{
scan_configuration: \\\\{
checks_used: @report.options[:checks],
plugins_used: @report.options[:plugins],
scope_settings: \\\\{
include_patterns: @report.options[:scope][:include_path_patterns],
exclude_patterns: @report.options[:scope][:exclude_path_patterns]
\\\\}
\\\\},
| | vulnerabilities: @report.issues.map do | issue | | | \\{ name: issue.name, severity: issue.severity, confidence: issue.confidence, url: issue.url, method: issue.method, parameters: issue.affected_input_names, description: issue.description, proof: issue.proof, remedy_guidance: issue.remedy_guidance, references: issue.references, cwe: issue.cwe, tags: issue.tags \\} end, | | sitemap: @report.sitemap.map do | url, page | | | \\{ url: url, response_code: page.code, content_type: page.response.content_type, forms: page.forms.size, links: page.links.size, cookies: page.cookies.size \\} end \\}
technical_data
end
def generate_compliance_report(framework = 'OWASP')
compliance_data = \\\\{
framework: framework,
compliance_status: \\\\{\\\\},
recommendations: []
\\\\}
if framework == 'OWASP'
owasp_categories = \\\\{
'A01:2021 - Broken Access Control' => ['csrf', 'unvalidated_redirect'],
'A02:2021 - Cryptographic Failures' => ['insecure_cookie', 'http_only_cookie'],
'A03:2021 - Injection' => ['sqli', 'xss', 'code_injection', 'os_cmd_injection'],
'A04:2021 - Insecure Design' => ['business_logic'],
'A05:2021 - Security Misconfiguration' => ['directory_listing', 'backup_files'],
'A06:2021 - Vulnerable Components' => ['outdated_software'],
'A07:2021 - Authentication Failures' => ['weak_password', 'session_fixation'],
'A08:2021 - Software Integrity Failures' => ['code_injection'],
'A09:2021 - Logging Failures' => ['information_disclosure'],
'A10:2021 - Server-Side Request Forgery' => ['ssrf']
\\\\}
| | owasp_categories.each do | category, check_names | | | | | found_issues = @report.issues.select do | issue | | | | | check_names.any? \\{ | check | issue.check[:shortname].include?(check) \\} | | end
compliance_data[:compliance_status][category] = \\\\{
status: found_issues.empty? ? 'PASS' : 'FAIL',
issues_found: found_issues.size,
severity_breakdown: \\\\{
| | high: found_issues.select \\{ | i | i.severity == :high \\}.size, | | | | medium: found_issues.select \\{ | i | i.severity == :medium \\}.size, | | | | low: found_issues.select \\{ | i | i.severity == :low \\}.size | | \\} \\} end end
compliance_data
end
def export_to_json(filename)
report_data = \\\\{
executive_summary: generate_executive_summary,
technical_details: generate_technical_details,
compliance_report: generate_compliance_report('OWASP')
\\\\}
File.write(filename, JSON.pretty_generate(report_data))
end
def export_to_csv(filename)
require 'csv'
| | CSV.open(filename, 'w') do | csv | | | csv ``<< ['Vulnerability', 'Severity', 'Confidence', 'URL', 'Method', 'Parameters', 'CWE']
| | @report.issues.each do | issue | | | csv << [ issue.name, issue.severity, issue.confidence, issue.url, issue.method, issue.affected_input_names.join(', '), issue.cwe ] end end end
private
def get_top_vulnerabilities(count)
severity_order = \\\{ high: 4, medium: 3, low: 2, informational: 1 \\\}
@report.issues
| | .sort_by \{ | issue | -severity_order[issue.severity] \} | | .first(count) | | .map do | issue | | | \{ name: issue.name, severity: issue.severity, url: issue.url, description: issue.description[0..200] + '...' \} end end end
Usage example¶
if FILE == $0 reporter = CustomArachniReporter.new(ARGV[0]) reporter.export_to_json('custom_report.json') reporter.export_to_csv('vulnerabilities.csv')
puts "Custom reports generated:"
puts "- custom_report.json"
puts "- vulnerabilities.csv"
end ```_
Integration von CI/CD¶
Jenkins Integration¶
```groovy // Jenkins pipeline for Arachni security scanning pipeline \{ agent any
parameters \\\{
string(name: 'TARGET_URL', defaultValue: 'http://example.com', description: 'Target URL to scan')
choice(name: 'SCAN_TYPE', choices: ['quick', 'comprehensive'], description: 'Type of scan to perform')
booleanParam(name: 'AUTHENTICATED_SCAN', defaultValue: false, description: 'Perform authenticated scan')
\\\}
environment \\\{
ARACHNI_DOCKER_IMAGE = 'arachni/arachni:latest'
REPORTS_DIR = 'arachni_reports'
\\\}
stages \\\{
stage('Prepare Environment') \\\{
steps \\\{
script \\\{
sh "mkdir -p $\\\{REPORTS_DIR\\\}"
sh "docker pull $\\\{ARACHNI_DOCKER_IMAGE\\\}"
\\\}
\\\}
\\\}
stage('Security Scan') \\\{
steps \\\{
script \\\{
def scanCommand = "docker run --rm -v \$(pwd)/$\\\{REPORTS_DIR\\\}:/reports $\\\{ARACHNI_DOCKER_IMAGE\\\} arachni"
def scanOptions = "--report-save-path=/reports/scan_results.afr"
if (params.SCAN_TYPE == 'quick') \\\{
scanOptions += " --checks=xss,sqli,csrf --timeout=1800"
\\\} else \\\{
scanOptions += " --checks=* --plugins=* --timeout=7200"
\\\}
if (params.AUTHENTICATED_SCAN) \\\{
scanOptions += " --plugin=autologin:url=$\\\{params.TARGET_URL\\\}/login,parameters=\"username=\$\\\{AUTH_USERNAME\\\}&password;=\$\\\{AUTH_PASSWORD\\\}\""
\\\}
sh "$\\\{scanCommand\\\} $\\\{params.TARGET_URL\\\} $\\\{scanOptions\\\}"
\\\}
\\\}
\\\}
stage('Generate Reports') \\\{
steps \\\{
script \\\{
sh """
docker run --rm -v \$(pwd)/$\\\{REPORTS_DIR\\\}:/reports $\\\{ARACHNI_DOCKER_IMAGE\\\} \
arachni_reporter /reports/scan_results.afr \
--reporter=html:outfile=/reports/security_report.html \
--reporter=json:outfile=/reports/security_report.json \
--reporter=xml:outfile=/reports/security_report.xml
"""
\\\}
\\\}
\\\}
stage('Process Results') \\\{
steps \\\{
script \\\{
// Parse JSON report for vulnerability counts
def reportJson = readJSON file: "$\\\{REPORTS_DIR\\\}/security_report.json"
def highVulns = reportJson.issues.findAll \\\{ it.severity == 'high' \\\}.size()
def mediumVulns = reportJson.issues.findAll \\\{ it.severity == 'medium' \\\}.size()
echo "Security Scan Results:"
echo "High Severity: $\\\{highVulns\\\}"
echo "Medium Severity: $\\\{mediumVulns\\\}"
// Fail build if high severity vulnerabilities found
if (highVulns >`` 0) \\\\{
currentBuild.result = 'UNSTABLE'
error("High severity vulnerabilities found: $\\\\{highVulns\\\\}")
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Archive reports
archiveArtifacts artifacts: "$\\\\{REPORTS_DIR\\\\}/*", fingerprint: true
// Publish HTML report
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: REPORTS_DIR,
reportFiles: 'security_report.html',
reportName: 'Arachni Security Report'
])
\\\\}
failure \\\\{
// Send notification on failure
emailext (
subject: "Security Scan Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Security scan failed for $\\\\{params.TARGET_URL\\\\}. Check the build logs for details.",
to: "$\\\\{env.CHANGE_AUTHOR_EMAIL\\\\}"
)
\\\\}
\\\\}
\\} ```_
GitHub Aktionen Integration¶
```yaml
.github/workflows/security-scan.yml¶
name: Arachni Security Scan
on: push: branches: [ main, develop ] pull_request: branches: [ main ] schedule: - cron: '0 2 * * 1' # Weekly scan on Mondays at 2 AM
env: TARGET_URL: $\\{\\{ secrets.TARGET_URL \\}\\} ARACHNI_VERSION: latest
jobs: security-scan: runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Create reports directory
run: mkdir -p arachni_reports
- name: Run Arachni Security Scan
run: |
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_reports: /reports \
arachni/arachni: $\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni $\\\\{\\\\{ env.TARGET_URL \\\\}\\\\} \
--checks=xss,sqli,csrf,lfi,rfi \
--scope-include-pattern="$\\\\{\\\\{ env.TARGET_URL \\\\}\\\\}" \
--scope-exclude-pattern="logout|signout" \
--http-request-timeout=30000 \
--timeout=3600 \
--report-save-path=/reports/scan_results.afr
- name: Generate Reports
run: |
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_reports: /reports \
arachni/arachni: $\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni_reporter /reports/scan_results.afr \
--reporter=html: outfile=/reports/security_report.html \
--reporter=json: outfile=/reports/security_report.json
- name: Process Scan Results
id: process_results
run: |
if [ -f arachni_reports/security_report.json ]; then
| | HIGH_VULNS=\((jq '[.issues[] | select(.severity == "high")] | length' arachni_reports/security_report.json) | | | | MEDIUM_VULNS=\)(jq '[.issues[] | select(.severity == "medium")] | length' arachni_reports/security_report.json) | | TOTAL_VULNS=$(jq '.issues|length' arachni_reports/security_report.json)
echo "high_vulns=$HIGH_VULNS" >> $GITHUB_OUTPUT
echo "medium_vulns=$MEDIUM_VULNS" >> $GITHUB_OUTPUT
echo "total_vulns=$TOTAL_VULNS" >> $GITHUB_OUTPUT
echo "Security Scan Results: "
echo "Total Vulnerabilities: $TOTAL_VULNS"
echo "High Severity: $HIGH_VULNS"
echo "Medium Severity: $MEDIUM_VULNS"
fi
- name: Upload Reports
uses: actions/upload-artifact@v3
with:
name: arachni-security-reports
path: arachni_reports/
retention-days: 30
- name: Comment PR with Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const highVulns = '$\\\\{\\\\{ steps.process_results.outputs.high_vulns \\\\}\\\\}';
const mediumVulns = '$\\\\{\\\\{ steps.process_results.outputs.medium_vulns \\\\}\\\\}';
const totalVulns = '$\\\\{\\\\{ steps.process_results.outputs.total_vulns \\\\}\\\\}';
const comment = `## 🔒 Arachni Security Scan Results
| | | Severity | Count | | | | --- | --- | | | | High | $\{highVulns\} | | | | | | Medium | \(\\{mediumVulns\\} | | | | | | **Total** | **\)\{totalVulns\}** | | |
$\\{highVulns > 0 ? '⚠️ **High severity vulnerabilities found!**' : '✅ No high severity vulnerabilities found.'\\}
📊 [View detailed report](https: //github.com/$\\{\\{ github.repository \\}\\}/actions/runs/$\\{\\{ github.run_id \\}\\})`;
github.rest.issues.createComment(\\\\{
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
\\\\});
- name: Fail on High Severity Vulnerabilities
if: steps.process_results.outputs.high_vulns > 0
run: |
echo "❌ Build failed due to high severity vulnerabilities"
exit 1
```_
Fehlerbehebung¶
Gemeinsame Themen und Lösungen¶
```bash
Issue: Memory errors during large scans¶
Solution: Increase memory limits and use browser clustering¶
arachni http://example.com \ --http-request-concurrency=5 \ --browser-cluster-pool-size=2 \ --scope-page-limit=500 \ --timeout=7200
Issue: Timeouts on slow applications¶
Solution: Increase timeout values¶
arachni http://example.com \ --http-request-timeout=60000 \ --http-request-delay=2000 \ --timeout=14400
Issue: False positives in results¶
Solution: Use verification plugins and custom filters¶
arachni http://example.com \ --checks=xss,sqli \ --plugin=verification:verify_xss=true,verify_sqli=true
Issue: Incomplete crawling of JavaScript applications¶
Solution: Enable browser clustering and increase wait times¶
arachni http://example.com \ --browser-cluster-pool-size=3 \ --browser-cluster-job-timeout=60 \ --scope-auto-redundant=10
Issue: Authentication session expires during scan¶
Solution: Use session management plugins¶
arachni http://example.com \ --plugin=autologin:url=http://example.com/login,parameters="user=admin&pass;=secret" \ --session-check-url=http://example.com/profile \ --session-check-pattern="Welcome"
Issue: Scan getting blocked by WAF/rate limiting¶
Solution: Implement delays and use proxy rotation¶
arachni http://example.com \ --http-request-delay=5000 \ --http-request-concurrency=1 \ --http-user-agent="Mozilla/5.0 (compatible; Scanner)"
Issue: Large report files¶
Solution: Use specific checks and limit scope¶
arachni http://example.com \ --checks=xss,sqli,csrf \ --scope-page-limit=100 \ --scope-depth-limit=3
Issue: SSL/TLS certificate errors¶
Solution: Disable certificate verification¶
arachni https://example.com \ --http-ssl-verify-peer=false \ --http-ssl-verify-host=false ```_
Leistungsoptimierung¶
```bash
Optimize for speed¶
arachni http://example.com \ --http-request-concurrency=20 \ --http-request-delay=100 \ --scope-page-limit=200 \ --checks=xss,sqli \ --timeout=1800
Optimize for thoroughness¶
arachni http://example.com \ --http-request-concurrency=5 \ --http-request-delay=1000 \ --scope-page-limit=2000 \ --scope-depth-limit=10 \ --checks=* \ --plugins=* \ --timeout=14400
Optimize for JavaScript-heavy applications¶
arachni http://example.com \ --browser-cluster-pool-size=4 \ --browser-cluster-job-timeout=30 \ --browser-cluster-worker-time-to-live=200 \ --scope-auto-redundant=15 \ --timeout=10800
Memory optimization for large scans¶
export RUBY_GC_HEAP_INIT_SLOTS=1000000 export RUBY_GC_HEAP_FREE_SLOTS=500000 export RUBY_GC_HEAP_GROWTH_FACTOR=1.1 export RUBY_GC_HEAP_GROWTH_MAX_SLOTS=1000000
arachni http://example.com \ --http-request-concurrency=10 \ --scope-page-limit=1000 \ --timeout=7200 ```_
--
** Sicherheitshinweis**: Arachni ist ein leistungsstarker Web Application Security Scanner, der nur für autorisierte Sicherheitstests verwendet werden sollte. Stellen Sie immer sicher, dass Sie eine ausdrückliche schriftliche Genehmigung vor dem Scannen von Web-Anwendungen oder Systemen haben. Das Werkzeug kann einen erheblichen Traffic erzeugen und die Anwendungsleistung beeinflussen. Verwenden Sie dieses Tool verantwortungsvoll und entsprechend den geltenden Gesetzen, Vorschriften und ethischen Richtlinien. Immer im Rahmen autorisierter Penetrationstests arbeiten und verantwortungsvolle Offenlegungspraktiken für entdeckte Schwachstellen verfolgen.
📚 Zusätzliche Ressourcen: - [Arachni Offizielle Website](LINK_4 -%20Arachni%20GitHub%20Repository - Arachni Dokumentation - [OWASP Web Security Testing Guide](LINK_4