Arachni hoja de trucos
Overview
Arachni is a feature-rich, modular, high-performance Ruby framework aimed at helping penetration testers and administrators evaluate the security of modern aplicación webs. Developed with a focus on usability and modularity, Arachni provides comprehensive aplicación web security assessment capabilities through its advanced crawling engine, extensive vulnerabilidad detection modules, and flexible repuertoing system. The framework is designed to handle complex modern aplicación webs including those with heavy JavaScript uso, AJAX functionality, and dynamic content generation.
The framework distinguishes itself through its intelligent crawling capabilities and comprehensive vulnerabilidad detection. Arachni can effectively analyze single-page applications (SPAs), REST APIs, and traditional aplicación webs with equal proficiency. Its modular architecture allows for easy customization and extension, making it suitable for both automated security testing and manual pruebas de penetración workflows. The platform includes advanced features such as browser clustering for JavaScript-heavy applications, custom payload generation, and sophisticated false positive reduction mechanisms.
Arachni's strength lies in its ability to perform both black-box and gray-box security testing. The framework can operate in various modes, from quick security scans to comprehensive deep-dive assessments. It includes built-in suppuerto for autenticación, sesión management, and complex multi-step attack scenarios. The platform's repuertoing capabilities generate detailed technical repuertos suitable for developers, executive summaries for management, and compliance documentación for regulatory requirements.
The framework is particularly valuable for organizations requiring regular security assessments of aplicación webs. Its automation capabilities make it suitable for integration into CI/CD pipelines, while its comprehensive manual testing features suppuerto detailed pruebas de penetración engagements. Arachni's active development community ensures regular updates to address emerging aplicación web security threats and testing methodologies.
instalación
Docker instalación (Recommended)
# Pull official Arachni Docker image
docker pull arachni/arachni
# Run Arachni container with web interface
docker run -d -p 9292:9292 --name arachni-web arachni/arachni arachni_web
# Run Arachni container for comando-line uso
docker run -it --rm arachni/arachni arachni --help
# Run comprehensive scan with Docker
docker run -it --rm -v $(pwd)/repuertos:/repuertos arachni/arachni \
arachni http://ejemplo.com --repuerto-save-path=/repuertos/scan_repuerto.afr
# Access Arachni Web UI
# Navigate to http://localhost:9292
# Run with custom configuración
docker run -d -p 9292:9292 \
-v $(pwd)/config:/config \
-v $(pwd)/repuertos:/repuertos \
--name arachni-web arachni/arachni \
arachni_web --config=/config/arachni.conf
Docker Compose instalación
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
servicios:
arachni-web:
image: arachni/arachni
container_name: arachni-web
puertos:
- "9292: 9292"
volumes:
- arachni_repuertos: /repuertos
- arachni_config: /config
- arachni_logs: /logs
comando: arachni_web --host=0.0.0.0 --puerto=9292
environment:
- ARACHNI_WEB_host=0.0.0.0
- ARACHNI_WEB_puerto=9292
restart: unless-stopped
networks:
- arachni_network
arachni-dispatcher:
image: arachni/arachni
container_name: arachni-dispatcher
puertos:
- "7331: 7331"
volumes:
- arachni_repuertos: /repuertos
- arachni_config: /config
comando: arachni_rpcd --host=0.0.0.0 --puerto=7331
environment:
- ARACHNI_DISPATCHER_host=0.0.0.0
- ARACHNI_DISPATCHER_puerto=7331
restart: unless-stopped
networks:
- arachni_network
volumes:
arachni_repuertos:
arachni_config:
arachni_logs:
networks:
arachni_network:
driver: bridge
EOF
# Start Arachni servicios
docker-compose up -d
# View logs
docker-compose logs -f arachni-web
# Stop servicios
docker-compose down
# Stop and remove volumes
docker-compose down -v
Manual instalación on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install Ruby and dependencies
sudo apt install -y ruby ruby-dev build-essential libssl-dev \
libxml2-dev libxslt1-dev libcurl4-openssl-dev \
libsqlite3-dev zlib1g-dev
# Install RubyGems
sudo apt install -y rubygems
# Install Arachni
wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
# Add Arachni to PATH
echo 'expuerto PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
# Verify instalación
arachni --version
# Install additional gems (opciónal)
cd /opt/arachni
sudo gem install bundler
sudo bundle install
# Start Arachni Web UI
arachni_web --host=0.0.0.0 --puerto=9292
# Start Arachni RPC dispatcher
arachni_rpcd --host=0.0.0.0 --puerto=7331
instalación on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install Ruby and development tools
sudo yum groupinstall "Development Tools" -y
sudo yum install ruby ruby-devel rubygems \
openssl-devel libxml2-devel libxslt-devel \
libcurl-devel sqlite-devel zlib-devel -y
# Download and install Arachni
cd /tmp
wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
# Set permissions
sudo chown -R root:root /opt/arachni
sudo chmod +x /opt/arachni/bin/*
# Add to PATH
echo 'expuerto PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
# Create systemd servicio for Arachni Web
sudo tee /etc/systemd/system/arachni-web.servicio << 'EOF'
[Unit]
Descripción=Arachni Web Interface
After=network.objetivo
[servicio]
Type=simple
User=arachni
Group=arachni
WorkingDirectory=/opt/arachni
ExecStart=/opt/arachni/bin/arachni_web --host=0.0.0.0 --puerto=9292
Restart=always
[Install]
WantedBy=multi-user.objetivo
EOF
# Create arachni user
sudo useradd -r -s /bin/false arachni
sudo chown -R arachni:arachni /opt/arachni
# Start and enable servicio
sudo systemctl demonio-reload
sudo systemctl start arachni-web
sudo systemctl enable arachni-web
Source instalación
# Install Ruby version manager (rbenv)
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'expuerto PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc
# Install ruby-build
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
# Install Ruby 2.7.0 (required for Arachni)
rbenv install 2.7.0
rbenv global 2.7.0
# Clone Arachni repository
git clone https://github.com/Arachni/arachni.git
cd arachni
# Install dependencies
gem install bundler
bundle install
# Build Arachni
rake build
# Install Arachni
rake install
# Verify instalación
arachni --version
Basic uso
comando Line Interface
# Basic aplicación web scan
arachni http://ejemplo.com
# Scan with specific checks
arachni http://ejemplo.com --checks=xss,sqli,csrf
# Scan with custom scope
arachni http://ejemplo.com --scope-include-pattern="ejemplo\.com" \
--scope-exclude-pattern="logout|admin"
# Scan with autenticación
arachni http://ejemplo.com --plugin=autologin:url=http://ejemplo.com/login,parámetros="nombre de usuario=admin&contrase;ña=secret"
# Scan with custom headers
arachni http://ejemplo.com --http-request-headers="autorización: Bearer token123"
# Scan with proxy
arachni http://ejemplo.com --http-proxy=http://127.0.0.1:8080
# Scan with custom user agent
arachni http://ejemplo.com --http-user-agent="Custom Scanner 1.0"
# Scan with sesión cookies
arachni http://ejemplo.com --http-cookie-string="PHPSESSID=abc123; auth=token456"
# Scan with rate limiting
arachni http://ejemplo.com --http-request-delay=1000 --http-request-concurrency=5
# Scan with timeout settings
arachni http://ejemplo.com --http-request-timeout=30000 --http-response-max-size=1048576
Advanced Scanning opcións
# Comprehensive deep scan
arachni http://ejemplo.com \
--checks=* \
--plugins=* \
--scope-auto-redundant=5 \
--audit-links \
--audit-forms \
--audit-cookies \
--audit-headers \
--audit-jsons \
--audit-xmls
# Scan with browser clustering (for JavaScript-heavy apps)
arachni http://ejemplo.com \
--browser-cluster-pool-size=3 \
--browser-cluster-job-timeout=30 \
--browser-cluster-worker-time-to-live=100
# Scan with custom wordlists
arachni http://ejemplo.com \
--checks=path_traversal \
--plugin=path_extractor:wordlist=/path/to/custom_wordlist.txt
# Scan with form filling
arachni http://ejemplo.com \
--input-value-fill-mode=exhaustive \
--input-values-file=/path/to/input_values.txt
# Scan with custom payloads
arachni http://ejemplo.com \
--checks=xss \
--plugin=payload_generator:payloads=/path/to/xss_payloads.txt
# Scan with vulnerabilidad verification
arachni http://ejemplo.com \
--checks=sqli \
--plugin=verification:verify_sqli=true
# Scan with custom crawling depth
arachni http://ejemplo.com \
--scope-depth-limit=5 \
--scope-page-limit=1000 \
--scope-directory-depth-limit=3
# Scan with exclusions
arachni http://ejemplo.com \
--scope-exclude-path-patterns="logout,admin,delete" \
--scope-exclude-content-patterns="text/css,image/*"
autenticación and sesión Management
# Form-based autenticación
arachni http://ejemplo.com \
--plugin=autologin:url=http://ejemplo.com/login,parámetros="nombre de usuario=admin&contrase;ña=secret",check="Welcome"
# HTTP Basic autenticación
arachni http://ejemplo.com \
--http-autenticación-nombre de usuario=admin \
--http-autenticación-contraseña=secret
# Custom autenticación script
arachni http://ejemplo.com \
--plugin=script:script=/path/to/auth_script.rb
# sesión management with cookies
arachni http://ejemplo.com \
--http-cookie-jar=/path/to/cookies.txt \
--sesión-check-url=http://ejemplo.com/profile \
--sesión-check-pattern="Welcome"
# Multi-step autenticación
arachni http://ejemplo.com \
--plugin=multi_step_auth:steps="step1.rb,step2.rb,step3.rb"
# OAuth autenticación
arachni http://ejemplo.com \
--plugin=oauth:client_id=your_client_id,client_secret=your_secret,redirect_uri=http://localhost/callback
vulnerabilidad Detection
inyección SQL Testing
# Basic inyección SQL scan
arachni http://ejemplo.com --checks=sqli
# Advanced inyección SQL with custom payloads
arachni http://ejemplo.com \
--checks=sqli \
--plugin=payload_generator:payloads=/path/to/sqli_payloads.txt \
--audit-parámetro-names \
--audit-parámetro-values
# Blind inyección SQL testing
arachni http://ejemplo.com \
--checks=sqli_blind_rdiff,sqli_blind_timing \
--plugin=timing_attack:delay=5
# Database-specific inyección SQL
arachni http://ejemplo.com \
--checks=sqli \
--plugin=database_detection:databases="mysql,postgresql,mssql,oracle"
# inyección SQL with verification
arachni http://ejemplo.com \
--checks=sqli \
--plugin=verification:verify_sqli=true,extract_data=true
cross-site scripting (XSS) (XSS) Testing
# Basic XSS scan
arachni http://ejemplo.com --checks=xss
# Comprehensive XSS testing
arachni http://ejemplo.com \
--checks=xss,xss_dom,xss_event,xss_script_context,xss_tag \
--audit-links \
--audit-forms \
--audit-cookies \
--audit-headers
# Custom XSS payloads
arachni http://ejemplo.com \
--checks=xss \
--plugin=payload_generator:payloads=/path/to/xss_payloads.txt
# DOM-based XSS testing
arachni http://ejemplo.com \
--checks=xss_dom \
--browser-cluster-pool-size=2 \
--browser-cluster-job-timeout=30
# XSS with context analysis
arachni http://ejemplo.com \
--checks=xss \
--plugin=context_analysis:analyze_responses=true
Cross-Site Request Forgery (CSRF) Testing
# Basic CSRF scan
arachni http://ejemplo.com --checks=csrf
# CSRF with autenticación
arachni http://ejemplo.com \
--checks=csrf \
--plugin=autologin:url=http://ejemplo.com/login,parámetros="nombre de usuario=admin&contrase;ña=secret"
# CSRF token analysis
arachni http://ejemplo.com \
--checks=csrf \
--plugin=csrf_token_analysis:analyze_tokens=true
# CSRF with custom forms
arachni http://ejemplo.com \
--checks=csrf \
--audit-forms \
--input-value-fill-mode=exhaustive
File Inclusion Testing
# Local File Inclusion (LFI)
arachni http://ejemplo.com --checks=lfi
# Remote File Inclusion (RFI)
arachni http://ejemplo.com --checks=rfi
# Path traversal
arachni http://ejemplo.com --checks=path_traversal
# File inclusion with custom payloads
arachni http://ejemplo.com \
--checks=lfi,rfi,path_traversal \
--plugin=payload_generator:payloads=/path/to/file_inclusion_payloads.txt
# OS-specific file inclusion
arachni http://ejemplo.com \
--checks=lfi \
--plugin=os_detection:detect_os=true
inyección de comandos Testing
# Basic inyección de comandos
arachni http://ejemplo.com --checks=code_injection
# OS inyección de comandos
arachni http://ejemplo.com --checks=os_cmd_injection
# inyección de comandos with timing attacks
arachni http://ejemplo.com \
--checks=os_cmd_injection_timing \
--plugin=timing_attack:delay=5
# Custom inyección de comandos payloads
arachni http://ejemplo.com \
--checks=code_injection,os_cmd_injection \
--plugin=payload_generator:payloads=/path/to/comando_injection_payloads.txt
Advanced Features
Browser Clustering for JavaScript Applications
# Enable browser clustering
arachni http://ejemplo.com \
--browser-cluster-pool-size=3 \
--browser-cluster-job-timeout=30 \
--browser-cluster-worker-time-to-live=100 \
--browser-cluster-ignore-images \
--browser-cluster-screen-width=1920 \
--browser-cluster-screen-height=1080
# JavaScript event triggering
arachni http://ejemplo.com \
--browser-cluster-pool-size=2 \
--checks=xss_dom \
--plugin=dom_event_trigger:events="click,mouseover,focus,blur"
# AJAX request analysis
arachni http://ejemplo.com \
--browser-cluster-pool-size=2 \
--plugin=ajax_analyzer:analyze_requests=true,timeout=10
# Single Page Application (SPA) scanning
arachni http://ejemplo.com \
--browser-cluster-pool-size=3 \
--scope-auto-redundant=10 \
--plugin=spa_crawler:wait_time=5,max_depth=10
Custom Plugin Development
#!/usr/bin/env ruby
# Custom Arachni plugin ejemplo
class Arachni::Plugins::CustomSecurityCheck ``< Arachni::Plugin::Base
def self.info
\\\{
name: 'Custom Security Check',
Descripción: 'Custom security vulnerabilidad detection plugin',
author: 'Security Researcher',
version: '1.0.0',
opcións: [
opcións::String.new(:custom_payload,
Descripción: 'Custom payload for testing',
default: 'test_payload'
),
opcións::Bool.new(:verify_results,
Descripción: 'Verify vulnerabilidad results',
default: true
)
]
\\\}
end
def prepare
@custom_payload = opcións[:custom_payload]
@verify_results = opcións[:verify_results]
@vulnerabilities = []
end
def run
print_status "Starting custom security check..."
# Get all pages discovered during crawling
| framework.sitemap.each do | url, page | |
check_page(page)
end
# Register findings
| @vulnerabilities.each do | vuln | |
register_results(vuln)
end
print_status "Custom security check completed. Found #\\\{@vulnerabilities.size\\\} vulnerabilities."
end
def check_page(page)
# Custom vulnerabilidad detection logic
forms = page.forms
| forms.each do | form | |
| form.inputs.each do | input | |
| if input.type == :text | | input.type == :textarea |
test_input_for_vulnerabilidad(page, form, input)
end
end
end
end
def test_input_for_vulnerabilidad(page, form, input)
# Create test payload
test_form = form.dup
test_form[input.name] = @custom_payload
# Submit form with payload
response = framework.http.post(form.action, test_form.inputs)
# Check for vulnerabilidad indicators
if response.body.include?(@custom_payload) &&
| response.body.include?('error') | | response.body.include?('exception') |
vulnerabilidad = \\\{
url: page.url,
form_action: form.action,
parámetro: input.name,
payload: @custom_payload,
response_snippet: response.body[0..500],
severity: 'Medium',
confidence: 'High'
\\\}
# Verify vulnerabilidad if enabled
if @verify_results
if verify_vulnerabilidad(vulnerabilidad)
@vulnerabilities << vulnerabilidad
end
else
@vulnerabilities << vulnerabilidad
end
end
end
def verify_vulnerabilidad(vuln)
# Additional verification logic
verification_payload = "verify_#\\\{@custom_payload\\\}"
# Perform verification request
response = framework.http.post(vuln[:form_action],
\\\{ vuln[:parámetro] =>`` verification_payload \\\\})
return response.body.include?(verification_payload)
end
def register_results(vuln)
# Register vulnerabilidad with Arachni framework
log_issue(
url: vuln[:url],
name: 'Custom Security vulnerabilidad',
Descripción: "Custom vulnerabilidad detected in parámetro '#\\\\{vuln[:parámetro]\\\\}'",
tags: ['custom', 'injection'],
severity: vuln[:severity],
confidence: vuln[:confidence],
method: 'POST',
parámetros: \\\\{ vuln[:parámetro] => vuln[:payload] \\\\},
proof: vuln[:response_snippet]
)
end
def self.distributable?
true
end
def clean_up
@vulnerabilities.clear
end
end
Custom Check Development
#!/usr/bin/env ruby
# Custom Arachni check ejemplo
class Arachni::Checks::CustomvulnerabilidadCheck < Arachni::Check::Base
def self.info
\\\\{
name: 'Custom vulnerabilidad Check',
Descripción: 'Detects custom application vulnerabilities',
elements: [Element::Form, Element::Link, Element::Cookie],
author: 'Security Researcher',
version: '1.0.0',
objetivos: \\\\{ 'Generic' => 'all' \\\\},
referencias: \\\\{
'Custom Advisory' => 'https://ejemplo.com/advisory'
\\\\},
issue: \\\\{
name: 'Custom Application vulnerabilidad',
Descripción: 'Application contains custom security vulnerabilidad',
tags: ['custom', 'application', 'vulnerabilidad'],
cwe: 79,
severity: Severity::MEDIUM,
remedy_guidance: 'Implement proper input validation and output encoding'
\\\\}
\\\\}
end
def run
# Define custom payloads
payloads = [
'custom_test_payload_1',
'custom_test_payload_2',
'<custom>test</custom>',
'custom"test\'payload'
]
| payloads.each do | payload | |
| audit(payload) do | response, opts | |
check_response(response, opts, payload)
end
end
end
def check_response(response, opts, payload)
# Check for vulnerabilidad indicators in response
vulnerabilidad_indicators = [
'custom_error_message',
'application_exception',
'debug_information',
payload
]
| vulnerabilidad_indicators.each do | indicator | |
if response.body.include?(indicator)
# Log the vulnerabilidad
log(
opts.merge(
proof: response.body,
vector: opts[:vector]
),
response
)
return
end
end
# Check response headers for indicators
| response.headers.each do | header, value | |
| if value.include?(payload) | | value.include?('custom_error') |
log(
opts.merge(
proof: "Header: #\\\\{header\\\\} = #\\\\{value\\\\}",
vector: opts[:vector]
),
response
)
return
end
end
end
def self.payloads
| @payloads | | = [ |
'custom_payload_1',
'custom_payload_2',
'<script>custom_test()</script>',
'custom\'test"payload'
].freeze
end
end
Automation and Scripting
#!/bin/bash
# Arachni automation script
objetivo="$1"
OUTPUT_DIR="arachni_results_$(date +%Y%m%d_%H%M%S)"
REpuerto_FORMAT="html"
if [ -z "$objetivo" ]; then
echo "uso: $0 <objetivo_url>"
exit 1
fi
echo "[*] Starting Arachni automated scan for $objetivo"
mkdir -p "$OUTPUT_DIR"
# Basic configuración
ARACHNI_OPTS="
--scope-include-pattern=$objetivo
| --scope-exclude-pattern=logout | signout | exit |
--http-request-timeout=30000
--http-request-delay=500
--http-request-concurrency=10
--scope-page-limit=1000
--scope-depth-limit=5
"
# Phase 1: Quick scan for immediate results
echo "[*] Phase 1: Quick vulnerabilidad scan"
arachni $objetivo \
$ARACHNI_OPTS \
--checks=xss,sqli,csrf,lfi \
--repuerto-save-path="$OUTPUT_DIR/quick_scan.afr" \
--timeout=1800
# Generate quick repuerto
arachni_repuertoer "$OUTPUT_DIR/quick_scan.afr" \
--repuertoer=html:outfile="$OUTPUT_DIR/quick_repuerto.html"
# Phase 2: Comprehensive scan
echo "[*] Phase 2: Comprehensive vulnerabilidad scan"
arachni $objetivo \
$ARACHNI_OPTS \
--checks=* \
--plugins=* \
--audit-links \
--audit-forms \
--audit-cookies \
--audit-headers \
--browser-cluster-pool-size=2 \
--repuerto-save-path="$OUTPUT_DIR/comprehensive_scan.afr" \
--timeout=7200
# Generate comprehensive repuertos
arachni_repuertoer "$OUTPUT_DIR/comprehensive_scan.afr" \
--repuertoer=html:outfile="$OUTPUT_DIR/comprehensive_repuerto.html"
arachni_repuertoer "$OUTPUT_DIR/comprehensive_scan.afr" \
--repuertoer=json:outfile="$OUTPUT_DIR/comprehensive_repuerto.json"
arachni_repuertoer "$OUTPUT_DIR/comprehensive_scan.afr" \
--repuertoer=xml:outfile="$OUTPUT_DIR/comprehensive_repuerto.xml"
# Phase 3: Authenticated scan (if credenciales provided)
if [ ! -z "$AUTH_URL" ] && [ ! -z "$AUTH_PARAMS" ]; then
echo "[*] Phase 3: Authenticated vulnerabilidad scan"
arachni $objetivo \
$ARACHNI_OPTS \
--checks=* \
--plugin=autologin:url="$AUTH_URL",parámetros="$AUTH_PARAMS" \
--repuerto-save-path="$OUTPUT_DIR/authenticated_scan.afr" \
--timeout=7200
# Generate authenticated scan repuerto
arachni_repuertoer "$OUTPUT_DIR/authenticated_scan.afr" \
--repuertoer=html:outfile="$OUTPUT_DIR/authenticated_repuerto.html"
fi
# Generate summary
echo "[*] Generating scan summary"
cat << EOF > "$OUTPUT_DIR/scan_summary.txt"
Arachni Security Scan Summary
=============================
objetivo: $objetivo
Scan Date: $(date)
Output Directory: $OUTPUT_DIR
Repuertos Generated:
- Quick Scan: quick_repuerto.html
- Comprehensive Scan: comprehensive_repuerto.html
- JSON Repuerto: comprehensive_repuerto.json
- XML Repuerto: comprehensive_repuerto.xml
EOF
if [ ! -z "$AUTH_URL" ]; then
echo "- Authenticated Scan: authenticated_repuerto.html" >> "$OUTPUT_DIR/scan_summary.txt"
fi
echo "[*] Scan completed. Results saved to $OUTPUT_DIR"
echo "[*] Open $OUTPUT_DIR/comprehensive_repuerto.html to view results"
Repuertoing and Output
Repuerto Generation
# Generate HTML repuerto
arachni_repuertoer scan_results.afr --repuertoer=html:outfile=repuerto.html
# Generate JSON repuerto
arachni_repuertoer scan_results.afr --repuertoer=json:outfile=repuerto.json
# Generate XML repuerto
arachni_repuertoer scan_results.afr --repuertoer=xml:outfile=repuerto.xml
# Generate text repuerto
arachni_repuertoer scan_results.afr --repuertoer=txt:outfile=repuerto.txt
# Generate multiple repuertos
arachni_repuertoer scan_results.afr \
--repuertoer=html:outfile=repuerto.html \
--repuertoer=json:outfile=repuerto.json \
--repuertoer=xml:outfile=repuerto.xml
# Custom repuerto with specific sections
arachni_repuertoer scan_results.afr \
--repuertoer=html:outfile=custom_repuerto.html,include_executive_summary=true,include_technical_details=true
# Repuerto with custom template
arachni_repuertoer scan_results.afr \
--repuertoer=html:outfile=branded_repuerto.html,template=/path/to/custom_template.erb
Repuerto Customization
#!/usr/bin/env ruby
# Custom Arachni repuerto generator
require 'arachni'
require 'json'
class CustomArachniRepuertoer
def initialize(afr_file)
@repuerto = Arachni::Repuerto.load(afr_file)
end
def generate_executive_summary
summary = \\\\{
scan_details: \\\\{
objetivo: @repuerto.opcións[:url],
start_time: @repuerto.start_datetime,
finish_time: @repuerto.finish_datetime,
duration: @repuerto.delta_time,
pages_audited: @repuerto.sitemap.size
\\\\},
vulnerabilidad_summary: \\\\{
total: @repuerto.issues.size,
| high: @repuerto.issues.select \\\\{ | i | i.severity == :high \\\\}.size, |
| medium: @repuerto.issues.select \\\\{ | i | i.severity == :medium \\\\}.size, |
| low: @repuerto.issues.select \\\\{ | i | i.severity == :low \\\\}.size, |
| informational: @repuerto.issues.select \\\\{ | i | i.severity == :informational \\\\}.size |
\\\\},
top_vulnerabilities: get_top_vulnerabilities(5)
\\\\}
summary
end
def generate_technical_details
technical_data = \\\\{
scan_configuración: \\\\{
checks_used: @repuerto.opcións[:checks],
plugins_used: @repuerto.opcións[:plugins],
scope_settings: \\\\{
include_patterns: @repuerto.opcións[:scope][:include_path_patterns],
exclude_patterns: @repuerto.opcións[:scope][:exclude_path_patterns]
\\\\}
\\\\},
| vulnerabilities: @repuerto.issues.map do | issue | |
\\\\{
name: issue.name,
severity: issue.severity,
confidence: issue.confidence,
url: issue.url,
method: issue.method,
parámetros: issue.affected_input_names,
Descripción: issue.Descripción,
proof: issue.proof,
remedy_guidance: issue.remedy_guidance,
referencias: issue.referencias,
cwe: issue.cwe,
tags: issue.tags
\\\\}
end,
| sitemap: @repuerto.sitemap.map do | url, page | |
\\\\{
url: url,
response_code: page.code,
content_type: page.response.content_type,
forms: page.forms.size,
links: page.links.size,
cookies: page.cookies.size
\\\\}
end
\\\\}
technical_data
end
def generate_compliance_repuerto(framework = 'OWASP')
compliance_data = \\\\{
framework: framework,
compliance_status: \\\\{\\\\},
recommendations: []
\\\\}
if framework == 'OWASP'
owasp_categories = \\\\{
'A01:2021 - Broken Control de Acceso' => ['csrf', 'unvalidated_redirect'],
'A02:2021 - Cryptographic Failures' => ['insecure_cookie', 'http_only_cookie'],
'A03:2021 - Injection' => ['sqli', 'xss', 'code_injection', 'os_cmd_injection'],
'A04:2021 - Insecure Design' => ['business_logic'],
'A05:2021 - Security Misconfiguración' => ['directory_listing', 'backup_files'],
'A06:2021 - Vulnerable Components' => ['outdated_software'],
'A07:2021 - autenticación Failures' => ['weak_contraseña', 'sesión_fixation'],
'A08:2021 - Software Integrity Failures' => ['code_injection'],
'A09:2021 - Logging Failures' => ['information_disclosure'],
'A10:2021 - Server-Side Request Forgery' => ['ssrf']
\\\\}
| owasp_categories.each do | category, check_names | |
| found_issues = @repuerto.issues.select do | issue | |
| check_names.any? \\\\{ | check | issue.check[:shortname].include?(check) \\\\} |
end
compliance_data[:compliance_status][category] = \\\\{
status: found_issues.empty? ? 'PASS' : 'FAIL',
issues_found: found_issues.size,
severity_breakdown: \\\\{
| high: found_issues.select \\\\{ | i | i.severity == :high \\\\}.size, |
| medium: found_issues.select \\\\{ | i | i.severity == :medium \\\\}.size, |
| low: found_issues.select \\\\{ | i | i.severity == :low \\\\}.size |
\\\\}
\\\\}
end
end
compliance_data
end
def expuerto_to_json(filename)
repuerto_data = \\\\{
executive_summary: generate_executive_summary,
technical_details: generate_technical_details,
compliance_repuerto: generate_compliance_repuerto('OWASP')
\\\\}
File.write(filename, JSON.pretty_generate(repuerto_data))
end
def expuerto_to_csv(filename)
require 'csv'
| CSV.open(filename, 'w') do | csv | |
csv ``<< ['vulnerabilidad', 'Severity', 'Confidence', 'URL', 'Method', 'parámetros', 'CWE']
| @repuerto.issues.each do | issue | |
csv << [
issue.name,
issue.severity,
issue.confidence,
issue.url,
issue.method,
issue.affected_input_names.join(', '),
issue.cwe
]
end
end
end
private
def get_top_vulnerabilities(count)
severity_order = \\\{ high: 4, medium: 3, low: 2, informational: 1 \\\}
@repuerto.issues
| .sort_by \\\{ | issue | -severity_order[issue.severity] \\\} |
.first(count)
| .map do | issue | |
\\\{
name: issue.name,
severity: issue.severity,
url: issue.url,
Descripción: issue.Descripción[0..200] + '...'
\\\}
end
end
end
# uso ejemplo
if __FILE__ == $0
repuertoer = CustomArachniRepuertoer.new(ARGV[0])
repuertoer.expuerto_to_json('custom_repuerto.json')
repuertoer.expuerto_to_csv('vulnerabilities.csv')
puts "Custom repuertos generated:"
puts "- custom_repuerto.json"
puts "- vulnerabilities.csv"
end
Integration with CI/CD
Jenkins Integration
// Jenkins pipeline for Arachni security scanning
pipeline \\\{
agent any
parámetros \\\{
string(name: 'objetivo_URL', defaultValue: 'http://ejemplo.com', Descripción: 'objetivo URL to scan')
choice(name: 'SCAN_TYPE', choices: ['quick', 'comprehensive'], Descripción: 'Type of scan to perform')
booleanParam(name: 'AUTHENTICATED_SCAN', defaultValue: false, Descripción: 'Perform authenticated scan')
\\\}
environment \\\{
ARACHNI_DOCKER_IMAGE = 'arachni/arachni:latest'
REpuertoS_DIR = 'arachni_repuertos'
\\\}
stages \\\{
stage('Prepare Environment') \\\{
steps \\\{
script \\\{
sh "mkdir -p $\\\{REpuertoS_DIR\\\}"
sh "docker pull $\\\{ARACHNI_DOCKER_IMAGE\\\}"
\\\}
\\\}
\\\}
stage('Security Scan') \\\{
steps \\\{
script \\\{
def scancomando = "docker run --rm -v \$(pwd)/$\\\{REpuertoS_DIR\\\}:/repuertos $\\\{ARACHNI_DOCKER_IMAGE\\\} arachni"
def scanopcións = "--repuerto-save-path=/repuertos/scan_results.afr"
if (params.SCAN_TYPE == 'quick') \\\{
scanopcións += " --checks=xss,sqli,csrf --timeout=1800"
\\\} else \\\{
scanopcións += " --checks=* --plugins=* --timeout=7200"
\\\}
if (params.AUTHENTICATED_SCAN) \\\{
scanopcións += " --plugin=autologin:url=$\\\{params.objetivo_URL\\\}/login,parámetros=\"nombre de usuario=\$\\\{AUTH_nombre de usuario\\\}&contrase;ña=\$\\\{AUTH_contraseña\\\}\""
\\\}
sh "$\\\{scancomando\\\} $\\\{params.objetivo_URL\\\} $\\\{scanopcións\\\}"
\\\}
\\\}
\\\}
stage('Generate Repuertos') \\\{
steps \\\{
script \\\{
sh """
docker run --rm -v \$(pwd)/$\\\{REpuertoS_DIR\\\}:/repuertos $\\\{ARACHNI_DOCKER_IMAGE\\\} \
arachni_repuertoer /repuertos/scan_results.afr \
--repuertoer=html:outfile=/repuertos/security_repuerto.html \
--repuertoer=json:outfile=/repuertos/security_repuerto.json \
--repuertoer=xml:outfile=/repuertos/security_repuerto.xml
"""
\\\}
\\\}
\\\}
stage('proceso Results') \\\{
steps \\\{
script \\\{
// Parse JSON repuerto for vulnerabilidad counts
def repuertoJson = readJSON file: "$\\\{REpuertoS_DIR\\\}/security_repuerto.json"
def highVulns = repuertoJson.issues.findAll \\\{ it.severity == 'high' \\\}.size()
def mediumVulns = repuertoJson.issues.findAll \\\{ it.severity == 'medium' \\\}.size()
echo "Security Scan Results:"
echo "High Severity: $\\\{highVulns\\\}"
echo "Medium Severity: $\\\{mediumVulns\\\}"
// Fail build if high severity vulnerabilities found
if (highVulns >`` 0) \\\\{
currentBuild.result = 'UNSTABLE'
error("High severity vulnerabilities found: $\\\\{highVulns\\\\}")
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Archive repuertos
archiveArtifacts artifacts: "$\\\\{REpuertoS_DIR\\\\}/*", huella digital: true
// Publish HTML repuerto
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
repuertoDir: REpuertoS_DIR,
repuertoFiles: 'security_repuerto.html',
repuertoName: 'Arachni Security Repuerto'
])
\\\\}
failure \\\\{
// Send notification on failure
emailext (
subject: "Security Scan Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Security scan failed for $\\\\{params.objetivo_URL\\\\}. Check the build logs for details.",
to: "$\\\\{env.CHANGE_AUTHOR_EMAIL\\\\}"
)
\\\\}
\\\\}
\\\\}
GitHub Actions Integration
# .github/workflows/security-scan.yml
name: Arachni Security Scan
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 2 * * 1' # Weekly scan on Mondays at 2 AM
env:
objetivo_URL: $\\\\{\\\\{ secrets.objetivo_URL \\\\}\\\\}
ARACHNI_VERSION: latest
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Create repuertos directory
run: mkdir -p arachni_repuertos
- name: Run Arachni Security Scan
run: |
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_repuertos: /repuertos \
arachni/arachni: $\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni $\\\\{\\\\{ env.objetivo_URL \\\\}\\\\} \
--checks=xss,sqli,csrf,lfi,rfi \
--scope-include-pattern="$\\\\{\\\\{ env.objetivo_URL \\\\}\\\\}" \
--scope-exclude-pattern="logout|signout" \
--http-request-timeout=30000 \
--timeout=3600 \
--repuerto-save-path=/repuertos/scan_results.afr
- name: Generate Repuertos
run: |
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_repuertos: /repuertos \
arachni/arachni: $\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni_repuertoer /repuertos/scan_results.afr \
--repuertoer=html: outfile=/repuertos/security_repuerto.html \
--repuertoer=json: outfile=/repuertos/security_repuerto.json
- name: proceso Scan Results
id: proceso_results
run: |
if [ -f arachni_repuertos/security_repuerto.json ]; then
| HIGH_VULNS=$(jq '[.issues[] | select(.severity == "high")] | length' arachni_repuertos/security_repuerto.json) |
| MEDIUM_VULNS=$(jq '[.issues[] | select(.severity == "medium")] | length' arachni_repuertos/security_repuerto.json) |
TOTAL_VULNS=$(jq '.issues|length' arachni_repuertos/security_repuerto.json)
echo "high_vulns=$HIGH_VULNS" >> $GITHUB_OUTPUT
echo "medium_vulns=$MEDIUM_VULNS" >> $GITHUB_OUTPUT
echo "total_vulns=$TOTAL_VULNS" >> $GITHUB_OUTPUT
echo "Security Scan Results: "
echo "Total Vulnerabilities: $TOTAL_VULNS"
echo "High Severity: $HIGH_VULNS"
echo "Medium Severity: $MEDIUM_VULNS"
fi
- name: Upload Repuertos
uses: actions/upload-artifact@v3
with:
name: arachni-security-repuertos
path: arachni_repuertos/
retention-days: 30
- name: Comment PR with Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const highVulns = '$\\\\{\\\\{ steps.proceso_results.outputs.high_vulns \\\\}\\\\}';
const mediumVulns = '$\\\\{\\\\{ steps.proceso_results.outputs.medium_vulns \\\\}\\\\}';
const totalVulns = '$\\\\{\\\\{ steps.proceso_results.outputs.total_vulns \\\\}\\\\}';
const comment = `## 🔒 Arachni Security Scan Results
| | Severity | Count | |
| --- | --- |
| | High | $\\{highVulns\\} | |
| | Medium | $\\{mediumVulns\\} | |
| | **Total** | **$\\{totalVulns\\}** | |
$\\{highVulns > 0 ? '⚠️ **High severity vulnerabilities found!**' : '✅ No high severity vulnerabilities found.'\\}
📊 [View detailed repuerto](https: //github.com/$\\{\\{ github.repository \\}\\}/actions/runs/$\\{\\{ github.run_id \\}\\})`;
github.rest.issues.createComment(\\\\{
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
\\\\});
- name: Fail on High Severity Vulnerabilities
if: steps.proceso_results.outputs.high_vulns > 0
run: |
echo "❌ Build failed due to high severity vulnerabilities"
exit 1
solución de problemas
Common Issues and Solutions
# Issue: Memory errors during large scans
# Solution: Increase memory limits and use browser clustering
arachni http://ejemplo.com \
--http-request-concurrency=5 \
--browser-cluster-pool-size=2 \
--scope-page-limit=500 \
--timeout=7200
# Issue: Timeouts on slow applications
# Solution: Increase timeout values
arachni http://ejemplo.com \
--http-request-timeout=60000 \
--http-request-delay=2000 \
--timeout=14400
# Issue: False positives in results
# Solution: Use verification plugins and custom filters
arachni http://ejemplo.com \
--checks=xss,sqli \
--plugin=verification:verify_xss=true,verify_sqli=true
# Issue: Incomplete crawling of JavaScript applications
# Solution: Enable browser clustering and increase wait times
arachni http://ejemplo.com \
--browser-cluster-pool-size=3 \
--browser-cluster-job-timeout=60 \
--scope-auto-redundant=10
# Issue: autenticación sesión expires during scan
# Solution: Use sesión management plugins
arachni http://ejemplo.com \
--plugin=autologin:url=http://ejemplo.com/login,parámetros="user=admin&pass;=secret" \
--sesión-check-url=http://ejemplo.com/profile \
--sesión-check-pattern="Welcome"
# Issue: Scan getting blocked by WAF/rate limiting
# Solution: Implement delays and use proxy rotation
arachni http://ejemplo.com \
--http-request-delay=5000 \
--http-request-concurrency=1 \
--http-user-agent="Mozilla/5.0 (compatible; Scanner)"
# Issue: Large repuerto files
# Solution: Use specific checks and limit scope
arachni http://ejemplo.com \
--checks=xss,sqli,csrf \
--scope-page-limit=100 \
--scope-depth-limit=3
# Issue: SSL/TLS certificado errors
# Solution: Disable certificado verification
arachni https://ejemplo.com \
--http-ssl-verify-peer=false \
--http-ssl-verify-host=false
Performance Optimization
# Optimize for speed
arachni http://ejemplo.com \
--http-request-concurrency=20 \
--http-request-delay=100 \
--scope-page-limit=200 \
--checks=xss,sqli \
--timeout=1800
# Optimize for thoroughness
arachni http://ejemplo.com \
--http-request-concurrency=5 \
--http-request-delay=1000 \
--scope-page-limit=2000 \
--scope-depth-limit=10 \
--checks=* \
--plugins=* \
--timeout=14400
# Optimize for JavaScript-heavy applications
arachni http://ejemplo.com \
--browser-cluster-pool-size=4 \
--browser-cluster-job-timeout=30 \
--browser-cluster-worker-time-to-live=200 \
--scope-auto-redundant=15 \
--timeout=10800
# Memory optimization for large scans
expuerto RUBY_GC_HEAP_INIT_SLOTS=1000000
expuerto RUBY_GC_HEAP_FREE_SLOTS=500000
expuerto RUBY_GC_HEAP_GROWTH_FACTOR=1.1
expuerto RUBY_GC_HEAP_GROWTH_MAX_SLOTS=1000000
arachni http://ejemplo.com \
--http-request-concurrency=10 \
--scope-page-limit=1000 \
--timeout=7200
⚠️ Security Notice: Arachni is a powerful aplicación web security scanner that should only be used for authorized security testing activities. Always ensure you have explicit written permission before scanning any aplicación webs or systems. The tool can generate significant traffic and may Impacto application performance. Use this tool responsibly and in accordance with applicable laws, regulations, and ethical guidelines. Always operate within the scope of authorized pruebas de penetración engagements and follow responsible disclosure practices for any vulnerabilities discovered.
📚 Additional Resources: - Arachni Official Website - Arachni GitHub Repository - Arachni documentación - OWASP Web Security Testing Guide