Arachni 치트 시트
Would you like me to continue with the next section (Overview)? I can provide a professional, accurate Korean translation that maintains the technical nuance and structure of the original text.```bash
Pull official Arachni Docker image
docker pull arachni/arachni
Run Arachni container with web interface
docker run -d -p 9292:9292 —name arachni-web arachni/arachni arachni_web
Run Arachni container for command-line usage
docker run -it —rm arachni/arachni arachni —help
Run comprehensive scan with Docker
docker run -it —rm -v $(pwd)/reports:/reports arachni/arachni
arachni http://example.com —report-save-path=/reports/scan_report.afr
Access Arachni Web UI
Navigate to http://localhost:9292
Run with custom configuration
docker run -d -p 9292:9292
-v $(pwd)/config:/config
-v $(pwd)/reports:/reports
—name arachni-web arachni/arachni
arachni_web —config=/config/arachni.conf
### Docker Compose Installation
```yaml
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
services:
arachni-web:
image: arachni/arachni
container_name: arachni-web
ports:
- "9292:9292"
volumes:
- arachni_reports:/reports
- arachni_config:/config
- arachni_logs:/logs
command: arachni_web --host=0.0.0.0 --port=9292
environment:
- ARACHNI_WEB_HOST=0.0.0.0
- ARACHNI_WEB_PORT=9292
restart: unless-stopped
networks:
- arachni_network
arachni-dispatcher:
image: arachni/arachni
container_name: arachni-dispatcher
ports:
- "7331:7331"
volumes:
- arachni_reports:/reports
- arachni_config:/config
command: arachni_rpcd --host=0.0.0.0 --port=7331
environment:
- ARACHNI_DISPATCHER_HOST=0.0.0.0
- ARACHNI_DISPATCHER_PORT=7331
restart: unless-stopped
networks:
- arachni_network
volumes:
arachni_reports:
arachni_config:
arachni_logs:
networks:
arachni_network:
driver: bridge
EOF
# Start Arachni services
docker-compose up -d
# View logs
docker-compose logs -f arachni-web
# Stop services
docker-compose down
# Stop and remove volumes
docker-compose down -vManual Installation on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install Ruby and dependencies
sudo apt install -y ruby ruby-dev build-essential libssl-dev \
libxml2-dev libxslt1-dev libcurl4-openssl-dev \
libsqlite3-dev zlib1g-dev
# Install RubyGems
sudo apt install -y rubygems
# Install Arachni
wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
# Add Arachni to PATH
echo 'export PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
# Verify installation
arachni --version
# Install additional gems (optional)
cd /opt/arachni
sudo gem install bundler
sudo bundle install
# Start Arachni Web UI
arachni_web --host=0.0.0.0 --port=9292
# Start Arachni RPC dispatcher
arachni_rpcd --host=0.0.0.0 --port=7331Installation on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install Ruby and development tools
sudo yum groupinstall "Development Tools" -y
sudo yum install ruby ruby-devel rubygems \
openssl-devel libxml2-devel libxslt-devel \
libcurl-devel sqlite-devel zlib-devel -y
# Download and install Arachni
cd /tmp
wget https://github.com/Arachni/arachni/releases/download/v1.6.1.3/arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
tar -xzf arachni-1.6.1.3-0.6.1.1-linux-x86_64.tar.gz
sudo mv arachni-1.6.1.3-0.6.1.1 /opt/arachni
# Set permissions
sudo chown -R root:root /opt/arachni
sudo chmod +x /opt/arachni/bin/*
# Add to PATH
echo 'export PATH="/opt/arachni/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
# Create systemd service for Arachni Web
sudo tee /etc/systemd/system/arachni-web.service << 'EOF'
[Unit]
Description=Arachni Web Interface
After=network.target
[Service]
Type=simple
User=arachni
Group=arachni
WorkingDirectory=/opt/arachni
ExecStart=/opt/arachni/bin/arachni_web --host=0.0.0.0 --port=9292
Restart=always
[Install]
WantedBy=multi-user.target
EOF
# Create arachni user
sudo useradd -r -s /bin/false arachni
sudo chown -R arachni:arachni /opt/arachni
# Start and enable service
sudo systemctl daemon-reload
sudo systemctl start arachni-web
sudo systemctl enable arachni-webSource Installation
# Install Ruby version manager (rbenv)
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc
# Install ruby-build
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
# Install Ruby 2.7.0 (required for Arachni)
rbenv install 2.7.0
rbenv global 2.7.0
# Clone Arachni repository
git clone https://github.com/Arachni/arachni.git
cd arachni
# Install dependencies
gem install bundler
bundle install
# Build Arachni
rake build
# Install Arachni
rake install
# Verify installation
arachni --versionBasic Usage
Command Line Interface
# Basic web application scan
arachni http://example.com
# Scan with specific checks
arachni http://example.com --checks=xss,sqli,csrf
# Scan with custom scope
arachni http://example.com --scope-include-pattern="example\.com" \
--scope-exclude-pattern="logout|admin"
# Scan with authentication
arachni http://example.com --plugin=autologin:url=http://example.com/login,parameters="username=admin&password=secret"
# Scan with custom headers
arachni http://example.com --http-request-headers="Authorization: Bearer token123"
# Scan with proxy
arachni http://example.com --http-proxy=http://127.0.0.1:8080
# Scan with custom user agent
arachni http://example.com --http-user-agent="Custom Scanner 1.0"
# Scan with session cookies
arachni http://example.com --http-cookie-string="PHPSESSID=abc123; auth=token456"
# Scan with rate limiting
arachni http://example.com --http-request-delay=1000 --http-request-concurrency=5
# Scan with timeout settings
arachni http://example.com --http-request-timeout=30000 --http-response-max-size=1048576Advanced Scanning Options
# Comprehensive deep scan
arachni http://example.com \
--checks=* \
--plugins=* \
--scope-auto-redundant=5 \
--audit-links \
--audit-forms \
--audit-cookies \
--audit-headers \
--audit-jsons \
--audit-xmls
# Scan with browser clustering (for JavaScript-heavy apps)
arachni http://example.com \
--browser-cluster-pool-size=3 \
--browser-cluster-job-timeout=30 \
--browser-cluster-worker-time-to-live=100
# Scan with custom wordlists
arachni http://example.com \
--checks=path_traversal \
--plugin=path_extractor:wordlist=/path/to/custom_wordlist.txt
# Scan with form filling
arachni http://example.com \
--input-value-fill-mode=exhaustive \
--input-values-file=/path/to/input_values.txt
# Scan with custom payloads
arachni http://example.com \
--checks=xss \
--plugin=payload_generator:payloads=/path/to/xss_payloads.txt
# Scan with vulnerability verification
arachni http://example.com \
--checks=sqli \
--plugin=verification:verify_sqli=true
# Scan with custom crawling depth
arachni http://example.com \
--scope-depth-limit=5 \
--scope-page-limit=1000 \
--scope-directory-depth-limit=3
# Scan with exclusions
arachni http://example.com \
--scope-exclude-path-patterns="logout,admin,delete" \
--scope-exclude-content-patterns="text/css,image/*"Authentication and Session Management
# Form-based authentication
arachni http://example.com \
--plugin=autologin:url=http://example.com/login,parameters="username=admin&password=secret",check="Welcome"
# HTTP Basic authentication
arachni http://example.com \
--http-authentication-username=admin \
--http-authentication-password=secret
# Custom authentication script
arachni http://example.com \
--plugin=script:script=/path/to/auth_script.rb
# Session management with cookies
arachni http://example.com \
--http-cookie-jar=/path/to/cookies.txt \
--session-check-url=http://example.com/profile \
--session-check-pattern="Welcome"
# Multi-step authentication
arachni http://example.com \
--plugin=multi_step_auth:steps="step1.rb,step2.rb,step3.rb"
# OAuth authentication
arachni http://example.com \
--plugin=oauth:client_id=your_client_id,client_secret=your_secret,redirect_uri=http://localhost/callbackVulnerability Detection
SQL Injection Testing
# Basic SQL injection scan
arachni http://example.com --checks=sqli
# Advanced SQL injection with custom payloads
arachni http://example.com \
--checks=sqli \
--plugin=payload_generator:payloads=/path/to/sqli_payloads.txt \
--audit-parameter-names \
--audit-parameter-values
# Blind SQL injection testing
arachni http://example.com \
--checks=sqli_blind_rdiff,sqli_blind_timing \
--plugin=timing_attack:delay=5
# Database-specific SQL injection
arachni http://example.com \
--checks=sqli \
--plugin=database_detection:databases="mysql,postgresql,mssql,oracle"
# SQL injection with verification
arachni http://example.com \
--checks=sqli \
--plugin=verification:verify_sqli=true,extract_data=trueCross-Site Scripting (XSS) Testing
# Basic XSS scan
arachni http://example.com --checks=xss
# Comprehensive XSS testing
arachni http://example.com \
--checks=xss,xss_dom,xss_event,xss_script_context,xss_tag \
--audit-links \
--audit-forms \
--audit-cookies \
--audit-headers
# Custom XSS payloads
arachni http://example.com \
--checks=xss \
--plugin=payload_generator:payloads=/path/to/xss_payloads.txt
# DOM-based XSS testing
arachni http://example.com \
--checks=xss_dom \
--browser-cluster-pool-size=2 \
--browser-cluster-job-timeout=30
# XSS with context analysis
arachni http://example.com \
--checks=xss \
--plugin=context_analysis:analyze_responses=trueCross-Site Request Forgery (CSRF) Testing
# Basic CSRF scan
arachni http://example.com --checks=csrf
# CSRF with authentication
arachni http://example.com \
--checks=csrf \
--plugin=autologin:url=http://example.com/login,parameters="username=admin&password=secret"
# CSRF token analysis
arachni http://example.com \
--checks=csrf \
--plugin=csrf_token_analysis:analyze_tokens=true
# CSRF with custom forms
arachni http://example.com \
--checks=csrf \
--audit-forms \
--input-value-fill-mode=exhaustiveFile Inclusion Testing
# Local File Inclusion (LFI)
arachni http://example.com --checks=lfi
# Remote File Inclusion (RFI)
arachni http://example.com --checks=rfi
# Path traversal
arachni http://example.com --checks=path_traversal
# File inclusion with custom payloads
arachni http://example.com \
--checks=lfi,rfi,path_traversal \
--plugin=payload_generator:payloads=/path/to/file_inclusion_payloads.txt
# OS-specific file inclusion
arachni http://example.com \
--checks=lfi \
--plugin=os_detection:detect_os=trueCommand Injection Testing
# Basic command injection
arachni http://example.com --checks=code_injection
# OS command injection
arachni http://example.com --checks=os_cmd_injection
# Command injection with timing attacks
arachni http://example.com \
--checks=os_cmd_injection_timing \
--plugin=timing_attack:delay=5
# Custom command injection payloads
arachni http://example.com \
--checks=code_injection,os_cmd_injection \
--plugin=payload_generator:payloads=/path/to/command_injection_payloads.txtAdvanced Features
Browser Clustering for JavaScript Applications
# Enable browser clustering
arachni http://example.com \
--browser-cluster-pool-size=3 \
--browser-cluster-job-timeout=30 \
--browser-cluster-worker-time-to-live=100 \
--browser-cluster-ignore-images \
--browser-cluster-screen-width=1920 \
--browser-cluster-screen-height=1080
# JavaScript event triggering
arachni http://example.com \
--browser-cluster-pool-size=2 \
--checks=xss_dom \
--plugin=dom_event_trigger:events="click,mouseover,focus,blur"
# AJAX request analysis
arachni http://example.com \
--browser-cluster-pool-size=2 \
--plugin=ajax_analyzer:analyze_requests=true,timeout=10
# Single Page Application (SPA) scanning
arachni http://example.com \
--browser-cluster-pool-size=3 \
--scope-auto-redundant=10 \
--plugin=spa_crawler:wait_time=5,max_depth=10Custom Plugin Development
#!/usr/bin/env ruby
# Custom Arachni plugin example
class Arachni::Plugins::CustomSecurityCheck ``< Arachni::Plugin::Base
def self.info
\\\{
name: 'Custom Security Check',
description: 'Custom security vulnerability detection plugin',
author: 'Security Researcher',
version: '1.0.0',
options: [
Options::String.new(:custom_payload,
description: 'Custom payload for testing',
default: 'test_payload'
),
Options::Bool.new(:verify_results,
description: 'Verify vulnerability results',
default: true
)
]
\\\}
end
def prepare
@custom_payload = options[:custom_payload]
@verify_results = options[:verify_results]
@vulnerabilities = []
end
def run
print_status "Starting custom security check..."
# Get all pages discovered during crawling
framework.sitemap.each do|url, page|
check_page(page)
end
# Register findings
@vulnerabilities.each do|vuln|
register_results(vuln)
end
print_status "Custom security check completed. Found #\\\{@vulnerabilities.size\\\} vulnerabilities."
end
def check_page(page)
# Custom vulnerability detection logic
forms = page.forms
forms.each do|form|
form.inputs.each do|input|
if input.type == :text||input.type == :textarea
test_input_for_vulnerability(page, form, input)
end
end
end
end
def test_input_for_vulnerability(page, form, input)
# Create test payload
test_form = form.dup
test_form[input.name] = @custom_payload
# Submit form with payload
response = framework.http.post(form.action, test_form.inputs)
# Check for vulnerability indicators
if response.body.include?(@custom_payload) &&
response.body.include?('error')||response.body.include?('exception')
vulnerability = \\\{
url: page.url,
form_action: form.action,
parameter: input.name,
payload: @custom_payload,
response_snippet: response.body[0..500],
severity: 'Medium',
confidence: 'High'
\\\}
# Verify vulnerability if enabled
if @verify_results
if verify_vulnerability(vulnerability)
@vulnerabilities << vulnerability
end
else
@vulnerabilities << vulnerability
end
end
end
def verify_vulnerability(vuln)
# Additional verification logic
verification_payload = "verify_#\\\{@custom_payload\\\}"
# Perform verification request
response = framework.http.post(vuln[:form_action],
\\\{ vuln[:parameter] =>`` verification_payload \\\\})
return response.body.include?(verification_payload)
end
def register_results(vuln)
# Register vulnerability with Arachni framework
log_issue(
url: vuln[:url],
name: 'Custom Security Vulnerability',
description: "Custom vulnerability detected in parameter '#\\\\{vuln[:parameter]\\\\}'",
tags: ['custom', 'injection'],
severity: vuln[:severity],
confidence: vuln[:confidence],
method: 'POST',
parameters: \\\\{ vuln[:parameter] => vuln[:payload] \\\\},
proof: vuln[:response_snippet]
)
end
def self.distributable?
true
end
def clean_up
@vulnerabilities.clear
end
endCustom Check Development
#!/usr/bin/env ruby
# Custom Arachni check example
class Arachni::Checks::CustomVulnerabilityCheck < Arachni::Check::Base
def self.info
\\\\{
name: 'Custom Vulnerability Check',
description: 'Detects custom application vulnerabilities',
elements: [Element::Form, Element::Link, Element::Cookie],
author: 'Security Researcher',
version: '1.0.0',
targets: \\\\{ 'Generic' => 'all' \\\\},
references: \\\\{
'Custom Advisory' => 'https://example.com/advisory'
\\\\},
issue: \\\\{
name: 'Custom Application Vulnerability',
description: 'Application contains custom security vulnerability',
tags: ['custom', 'application', 'vulnerability'],
cwe: 79,
severity: Severity::MEDIUM,
remedy_guidance: 'Implement proper input validation and output encoding'
\\\\}
\\\\}
end
def run
# Define custom payloads
payloads = [
'custom_test_payload_1',
'custom_test_payload_2',
'<custom>test</custom>',
'custom"test\'payload'
]
payloads.each do|payload|
audit(payload) do|response, opts|
check_response(response, opts, payload)
end
end
end
def check_response(response, opts, payload)
# Check for vulnerability indicators in response
vulnerability_indicators = [
'custom_error_message',
'application_exception',
'debug_information',
payload
]
vulnerability_indicators.each do|indicator|
if response.body.include?(indicator)
# Log the vulnerability
log(
opts.merge(
proof: response.body,
vector: opts[:vector]
),
response
)
return
end
end
# Check response headers for indicators
response.headers.each do|header, value|
if value.include?(payload)||value.include?('custom_error')
log(
opts.merge(
proof: "Header: #\\\\{header\\\\} = #\\\\{value\\\\}",
vector: opts[:vector]
),
response
)
return
end
end
end
def self.payloads
@payloads||= [
'custom_payload_1',
'custom_payload_2',
'<script>custom_test()</script>',
'custom\'test"payload'
].freeze
end
endAutomation and Scripting
#!/bin/bash
# Arachni automation script
TARGET="$1"
OUTPUT_DIR="arachni_results_$(date +%Y%m%d_%H%M%S)"
REPORT_FORMAT="html"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target_url>"
exit 1
fi
echo "[*] Starting Arachni automated scan for $TARGET"
mkdir -p "$OUTPUT_DIR"
# Basic configuration
ARACHNI_OPTS="
--scope-include-pattern=$TARGET
--scope-exclude-pattern=logout|signout|exit
--http-request-timeout=30000
--http-request-delay=500
--http-request-concurrency=10
--scope-page-limit=1000
--scope-depth-limit=5
"
# Phase 1: Quick scan for immediate results
echo "[*] Phase 1: Quick vulnerability scan"
arachni $TARGET \
$ARACHNI_OPTS \
--checks=xss,sqli,csrf,lfi \
--report-save-path="$OUTPUT_DIR/quick_scan.afr" \
--timeout=1800
# Generate quick report
arachni_reporter "$OUTPUT_DIR/quick_scan.afr" \
--reporter=html:outfile="$OUTPUT_DIR/quick_report.html"
# Phase 2: Comprehensive scan
echo "[*] Phase 2: Comprehensive vulnerability scan"
arachni $TARGET \
$ARACHNI_OPTS \
--checks=* \
--plugins=* \
--audit-links \
--audit-forms \
--audit-cookies \
--audit-headers \
--browser-cluster-pool-size=2 \
--report-save-path="$OUTPUT_DIR/comprehensive_scan.afr" \
--timeout=7200
# Generate comprehensive reports
arachni_reporter "$OUTPUT_DIR/comprehensive_scan.afr" \
--reporter=html:outfile="$OUTPUT_DIR/comprehensive_report.html"
arachni_reporter "$OUTPUT_DIR/comprehensive_scan.afr" \
--reporter=json:outfile="$OUTPUT_DIR/comprehensive_report.json"
arachni_reporter "$OUTPUT_DIR/comprehensive_scan.afr" \
--reporter=xml:outfile="$OUTPUT_DIR/comprehensive_report.xml"
# Phase 3: Authenticated scan (if credentials provided)
if [ ! -z "$AUTH_URL" ] && [ ! -z "$AUTH_PARAMS" ]; then
echo "[*] Phase 3: Authenticated vulnerability scan"
arachni $TARGET \
$ARACHNI_OPTS \
--checks=* \
--plugin=autologin:url="$AUTH_URL",parameters="$AUTH_PARAMS" \
--report-save-path="$OUTPUT_DIR/authenticated_scan.afr" \
--timeout=7200
# Generate authenticated scan report
arachni_reporter "$OUTPUT_DIR/authenticated_scan.afr" \
--reporter=html:outfile="$OUTPUT_DIR/authenticated_report.html"
fi
# Generate summary
echo "[*] Generating scan summary"
cat << EOF > "$OUTPUT_DIR/scan_summary.txt"
Arachni Security Scan Summary
=============================
Target: $TARGET
Scan Date: $(date)
Output Directory: $OUTPUT_DIR
Reports Generated:
- Quick Scan: quick_report.html
- Comprehensive Scan: comprehensive_report.html
- JSON Report: comprehensive_report.json
- XML Report: comprehensive_report.xml
EOF
if [ ! -z "$AUTH_URL" ]; then
echo "- Authenticated Scan: authenticated_report.html" >> "$OUTPUT_DIR/scan_summary.txt"
fi
echo "[*] Scan completed. Results saved to $OUTPUT_DIR"
echo "[*] Open $OUTPUT_DIR/comprehensive_report.html to view results"Reporting and Output
Report Generation
# Generate HTML report
arachni_reporter scan_results.afr --reporter=html:outfile=report.html
# Generate JSON report
arachni_reporter scan_results.afr --reporter=json:outfile=report.json
# Generate XML report
arachni_reporter scan_results.afr --reporter=xml:outfile=report.xml
# Generate text report
arachni_reporter scan_results.afr --reporter=txt:outfile=report.txt
# Generate multiple reports
arachni_reporter scan_results.afr \
--reporter=html:outfile=report.html \
--reporter=json:outfile=report.json \
--reporter=xml:outfile=report.xml
# Custom report with specific sections
arachni_reporter scan_results.afr \
--reporter=html:outfile=custom_report.html,include_executive_summary=true,include_technical_details=true
# Report with custom template
arachni_reporter scan_results.afr \
--reporter=html:outfile=branded_report.html,template=/path/to/custom_template.erbReport Customization
#!/usr/bin/env ruby
# Custom Arachni report generator
require 'arachni'
require 'json'
class CustomArachniReporter
def initialize(afr_file)
@report = Arachni::Report.load(afr_file)
end
def generate_executive_summary
summary = \\\\{
scan_details: \\\\{
target: @report.options[:url],
start_time: @report.start_datetime,
finish_time: @report.finish_datetime,
duration: @report.delta_time,
pages_audited: @report.sitemap.size
\\\\},
vulnerability_summary: \\\\{
total: @report.issues.size,
high: @report.issues.select \\\\{|i|i.severity == :high \\\\}.size,
medium: @report.issues.select \\\\{|i|i.severity == :medium \\\\}.size,
low: @report.issues.select \\\\{|i|i.severity == :low \\\\}.size,
informational: @report.issues.select \\\\{|i|i.severity == :informational \\\\}.size
\\\\},
top_vulnerabilities: get_top_vulnerabilities(5)
\\\\}
summary
end
def generate_technical_details
technical_data = \\\\{
scan_configuration: \\\\{
checks_used: @report.options[:checks],
plugins_used: @report.options[:plugins],
scope_settings: \\\\{
include_patterns: @report.options[:scope][:include_path_patterns],
exclude_patterns: @report.options[:scope][:exclude_path_patterns]
\\\\}
\\\\},
vulnerabilities: @report.issues.map do|issue|
\\\\{
name: issue.name,
severity: issue.severity,
confidence: issue.confidence,
url: issue.url,
method: issue.method,
parameters: issue.affected_input_names,
description: issue.description,
proof: issue.proof,
remedy_guidance: issue.remedy_guidance,
references: issue.references,
cwe: issue.cwe,
tags: issue.tags
\\\\}
end,
sitemap: @report.sitemap.map do|url, page|
\\\\{
url: url,
response_code: page.code,
content_type: page.response.content_type,
forms: page.forms.size,
links: page.links.size,
cookies: page.cookies.size
\\\\}
end
\\\\}
technical_data
end
def generate_compliance_report(framework = 'OWASP')
compliance_data = \\\\{
framework: framework,
compliance_status: \\\\{\\\\},
recommendations: []
\\\\}
if framework == 'OWASP'
owasp_categories = \\\\{
'A01:2021 – Broken Access Control' => ['csrf', 'unvalidated_redirect'],
'A02:2021 – Cryptographic Failures' => ['insecure_cookie', 'http_only_cookie'],
'A03:2021 – Injection' => ['sqli', 'xss', 'code_injection', 'os_cmd_injection'],
'A04:2021 – Insecure Design' => ['business_logic'],
'A05:2021 – Security Misconfiguration' => ['directory_listing', 'backup_files'],
'A06:2021 – Vulnerable Components' => ['outdated_software'],
'A07:2021 – Authentication Failures' => ['weak_password', 'session_fixation'],
'A08:2021 – Software Integrity Failures' => ['code_injection'],
'A09:2021 – Logging Failures' => ['information_disclosure'],
'A10:2021 – Server-Side Request Forgery' => ['ssrf']
\\\\}
owasp_categories.each do|category, check_names|
found_issues = @report.issues.select do|issue|
check_names.any? \\\\{|check|issue.check[:shortname].include?(check) \\\\}
end
compliance_data[:compliance_status][category] = \\\\{
status: found_issues.empty? ? 'PASS' : 'FAIL',
issues_found: found_issues.size,
severity_breakdown: \\\\{
high: found_issues.select \\\\{|i|i.severity == :high \\\\}.size,
medium: found_issues.select \\\\{|i|i.severity == :medium \\\\}.size,
low: found_issues.select \\\\{|i|i.severity == :low \\\\}.size
\\\\}
\\\\}
end
end
compliance_data
end
def export_to_json(filename)
report_data = \\\\{
executive_summary: generate_executive_summary,
technical_details: generate_technical_details,
compliance_report: generate_compliance_report('OWASP')
\\\\}
File.write(filename, JSON.pretty_generate(report_data))
end
def export_to_csv(filename)
require 'csv'
CSV.open(filename, 'w') do|csv|
csv ``<< ['Vulnerability', 'Severity', 'Confidence', 'URL', 'Method', 'Parameters', 'CWE']
@report.issues.each do|issue|
csv << [
issue.name,
issue.severity,
issue.confidence,
issue.url,
issue.method,
issue.affected_input_names.join(', '),
issue.cwe
]
end
end
end
private
def get_top_vulnerabilities(count)
severity_order = \\\{ high: 4, medium: 3, low: 2, informational: 1 \\\}
@report.issues
.sort_by \\\{|issue|-severity_order[issue.severity] \\\}
.first(count)
.map do|issue|
\\\{
name: issue.name,
severity: issue.severity,
url: issue.url,
description: issue.description[0..200] + '...'
\\\}
end
end
end
# Usage example
if __FILE__ == $0
reporter = CustomArachniReporter.new(ARGV[0])
reporter.export_to_json('custom_report.json')
reporter.export_to_csv('vulnerabilities.csv')
puts "Custom reports generated:"
puts "- custom_report.json"
puts "- vulnerabilities.csv"
end
```## CI/CD와의 통합
### Jenkins 통합
```groovy
// Jenkins pipeline for Arachni security scanning
pipeline \\\{
agent any
parameters \\\{
string(name: 'TARGET_URL', defaultValue: 'http://example.com', description: 'Target URL to scan')
choice(name: 'SCAN_TYPE', choices: ['quick', 'comprehensive'], description: 'Type of scan to perform')
booleanParam(name: 'AUTHENTICATED_SCAN', defaultValue: false, description: 'Perform authenticated scan')
\\\}
environment \\\{
ARACHNI_DOCKER_IMAGE = 'arachni/arachni:latest'
REPORTS_DIR = 'arachni_reports'
\\\}
stages \\\{
stage('Prepare Environment') \\\{
steps \\\{
script \\\{
sh "mkdir -p $\\\{REPORTS_DIR\\\}"
sh "docker pull $\\\{ARACHNI_DOCKER_IMAGE\\\}"
\\\}
\\\}
\\\}
stage('Security Scan') \\\{
steps \\\{
script \\\{
def scanCommand = "docker run --rm -v \$(pwd)/$\\\{REPORTS_DIR\\\}:/reports $\\\{ARACHNI_DOCKER_IMAGE\\\} arachni"
def scanOptions = "--report-save-path=/reports/scan_results.afr"
if (params.SCAN_TYPE == 'quick') \\\{
scanOptions += " --checks=xss,sqli,csrf --timeout=1800"
\\\} else \\\{
scanOptions += " --checks=* --plugins=* --timeout=7200"
\\\}
if (params.AUTHENTICATED_SCAN) \\\{
scanOptions += " --plugin=autologin:url=$\\\{params.TARGET_URL\\\}/login,parameters=\"username=\$\\\{AUTH_USERNAME\\\}&password=\$\\\{AUTH_PASSWORD\\\}\""
\\\}
sh "$\\\{scanCommand\\\} $\\\{params.TARGET_URL\\\} $\\\{scanOptions\\\}"
\\\}
\\\}
\\\}
stage('Generate Reports') \\\{
steps \\\{
script \\\{
sh """
docker run --rm -v \$(pwd)/$\\\{REPORTS_DIR\\\}:/reports $\\\{ARACHNI_DOCKER_IMAGE\\\} \
arachni_reporter /reports/scan_results.afr \
--reporter=html:outfile=/reports/security_report.html \
--reporter=json:outfile=/reports/security_report.json \
--reporter=xml:outfile=/reports/security_report.xml
"""
\\\}
\\\}
\\\}
stage('Process Results') \\\{
steps \\\{
script \\\{
// Parse JSON report for vulnerability counts
def reportJson = readJSON file: "$\\\{REPORTS_DIR\\\}/security_report.json"
def highVulns = reportJson.issues.findAll \\\{ it.severity == 'high' \\\}.size()
def mediumVulns = reportJson.issues.findAll \\\{ it.severity == 'medium' \\\}.size()
echo "Security Scan Results:"
echo "High Severity: $\\\{highVulns\\\}"
echo "Medium Severity: $\\\{mediumVulns\\\}"
// Fail build if high severity vulnerabilities found
if (highVulns >`` 0) \\\\{
currentBuild.result = 'UNSTABLE'
error("High severity vulnerabilities found: $\\\\{highVulns\\\\}")
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
post \\\\{
always \\\\{
// Archive reports
archiveArtifacts artifacts: "$\\\\{REPORTS_DIR\\\\}/*", fingerprint: true
// Publish HTML report
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: REPORTS_DIR,
reportFiles: 'security_report.html',
reportName: 'Arachni Security Report'
])
\\\\}
failure \\\\{
// Send notification on failure
emailext (
subject: "Security Scan Failed: $\\\\{env.JOB_NAME\\\\} - $\\\\{env.BUILD_NUMBER\\\\}",
body: "Security scan failed for $\\\\{params.TARGET_URL\\\\}. Check the build logs for details.",
to: "$\\\\{env.CHANGE_AUTHOR_EMAIL\\\\}"
)
\\\\}
\\\\}
\\\\}
```### GitHub Actions 통합
```yaml
# .github/workflows/security-scan.yml
name: Arachni Security Scan
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 2 * * 1' # Weekly scan on Mondays at 2 AM
env:
TARGET_URL: $\\\\{\\\\{ secrets.TARGET_URL \\\\}\\\\}
ARACHNI_VERSION: latest
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Create reports directory
run: mkdir -p arachni_reports
- name: Run Arachni Security Scan
run:|
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_reports:/reports \
arachni/arachni:$\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni $\\\\{\\\\{ env.TARGET_URL \\\\}\\\\} \
--checks=xss,sqli,csrf,lfi,rfi \
--scope-include-pattern="$\\\\{\\\\{ env.TARGET_URL \\\\}\\\\}" \
--scope-exclude-pattern="logout|signout" \
--http-request-timeout=30000 \
--timeout=3600 \
--report-save-path=/reports/scan_results.afr
- name: Generate Reports
run:|
docker run --rm \
-v $\\\\{\\\\{ github.workspace \\\\}\\\\}/arachni_reports:/reports \
arachni/arachni:$\\\\{\\\\{ env.ARACHNI_VERSION \\\\}\\\\} \
arachni_reporter /reports/scan_results.afr \
--reporter=html:outfile=/reports/security_report.html \
--reporter=json:outfile=/reports/security_report.json
- name: Process Scan Results
id: process_results
run:|
if [ -f arachni_reports/security_report.json ]; then
HIGH_VULNS=$(jq '[.issues[]|select(.severity == "high")]|length' arachni_reports/security_report.json)
MEDIUM_VULNS=$(jq '[.issues[]|select(.severity == "medium")]|length' arachni_reports/security_report.json)
TOTAL_VULNS=$(jq '.issues|length' arachni_reports/security_report.json)
echo "high_vulns=$HIGH_VULNS" >> $GITHUB_OUTPUT
echo "medium_vulns=$MEDIUM_VULNS" >> $GITHUB_OUTPUT
echo "total_vulns=$TOTAL_VULNS" >> $GITHUB_OUTPUT
echo "Security Scan Results:"
echo "Total Vulnerabilities: $TOTAL_VULNS"
echo "High Severity: $HIGH_VULNS"
echo "Medium Severity: $MEDIUM_VULNS"
fi
- name: Upload Reports
uses: actions/upload-artifact@v3
with:
name: arachni-security-reports
path: arachni_reports/
retention-days: 30
- name: Comment PR with Results
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script:|
const highVulns = '$\\\\{\\\\{ steps.process_results.outputs.high_vulns \\\\}\\\\}';
const mediumVulns = '$\\\\{\\\\{ steps.process_results.outputs.medium_vulns \\\\}\\\\}';
const totalVulns = '$\\\\{\\\\{ steps.process_results.outputs.total_vulns \\\\}\\\\}';
const comment = `## 🔒 Arachni Security Scan Results
|Severity|Count|
|----------|-------|
|High|$\\{highVulns\\}|
|Medium|$\\{mediumVulns\\}|
|**Total**|**$\\{totalVulns\\}**|
$\\{highVulns > 0 ? '⚠️ **High severity vulnerabilities found!**' : '✅ No high severity vulnerabilities found.'\\}
📊 [View detailed report](https://github.com/$\\{\\{ github.repository \\}\\}/actions/runs/$\\{\\{ github.run_id \\}\\})`;
github.rest.issues.createComment(\\\\{
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
\\\\});
- name: Fail on High Severity Vulnerabilities
if: steps.process_results.outputs.high_vulns > 0
run:|
echo "❌ Build failed due to high severity vulnerabilities"
exit 1
```## 문제 해결
### 일반적인 문제 및 해결 방법
```bash
# Issue: Memory errors during large scans
# Solution: Increase memory limits and use browser clustering
arachni http://example.com \
--http-request-concurrency=5 \
--browser-cluster-pool-size=2 \
--scope-page-limit=500 \
--timeout=7200
# Issue: Timeouts on slow applications
# Solution: Increase timeout values
arachni http://example.com \
--http-request-timeout=60000 \
--http-request-delay=2000 \
--timeout=14400
# Issue: False positives in results
# Solution: Use verification plugins and custom filters
arachni http://example.com \
--checks=xss,sqli \
--plugin=verification:verify_xss=true,verify_sqli=true
# Issue: Incomplete crawling of JavaScript applications
# Solution: Enable browser clustering and increase wait times
arachni http://example.com \
--browser-cluster-pool-size=3 \
--browser-cluster-job-timeout=60 \
--scope-auto-redundant=10
# Issue: Authentication session expires during scan
# Solution: Use session management plugins
arachni http://example.com \
--plugin=autologin:url=http://example.com/login,parameters="user=admin&pass=secret" \
--session-check-url=http://example.com/profile \
--session-check-pattern="Welcome"
# Issue: Scan getting blocked by WAF/rate limiting
# Solution: Implement delays and use proxy rotation
arachni http://example.com \
--http-request-delay=5000 \
--http-request-concurrency=1 \
--http-user-agent="Mozilla/5.0 (compatible; Scanner)"
# Issue: Large report files
# Solution: Use specific checks and limit scope
arachni http://example.com \
--checks=xss,sqli,csrf \
--scope-page-limit=100 \
--scope-depth-limit=3
# Issue: SSL/TLS certificate errors
# Solution: Disable certificate verification
arachni https://example.com \
--http-ssl-verify-peer=false \
--http-ssl-verify-host=false
```### 성능 최적화
```bash
# Optimize for speed
arachni http://example.com \
--http-request-concurrency=20 \
--http-request-delay=100 \
--scope-page-limit=200 \
--checks=xss,sqli \
--timeout=1800
# Optimize for thoroughness
arachni http://example.com \
--http-request-concurrency=5 \
--http-request-delay=1000 \
--scope-page-limit=2000 \
--scope-depth-limit=10 \
--checks=* \
--plugins=* \
--timeout=14400
# Optimize for JavaScript-heavy applications
arachni http://example.com \
--browser-cluster-pool-size=4 \
--browser-cluster-job-timeout=30 \
--browser-cluster-worker-time-to-live=200 \
--scope-auto-redundant=15 \
--timeout=10800
# Memory optimization for large scans
export RUBY_GC_HEAP_INIT_SLOTS=1000000
export RUBY_GC_HEAP_FREE_SLOTS=500000
export RUBY_GC_HEAP_GROWTH_FACTOR=1.1
export RUBY_GC_HEAP_GROWTH_MAX_SLOTS=1000000
arachni http://example.com \
--http-request-concurrency=10 \
--scope-page-limit=1000 \
--timeout=7200
```---
**⚠️ 보안 공지**: Arachni는 권한이 부여된 보안 테스트 활동에만 사용해야 하는 강력한 웹 애플리케이션 보안 스캐너입니다. 웹 애플리케이션이나 시스템을 스캔하기 전에 항상 명시적인 서면 허가를 받았는지 확인하세요. 이 도구는 상당한 트래픽을 생성할 수 있으며 애플리케이션 성능에 영향을 줄 수 있습니다. 이 도구를 책임감 있게 사용하고 해당 법률, 규정 및 윤리 지침을 준수하세요. 항상 승인된 침투 테스트 계약 범위 내에서 작업하고 발견된 취약점에 대해 책임 있는 공개 관행을 따르세요.
**📚 추가 리소스**:
- [Arachni 공식 웹사이트](https://www.arachni-scanner.com/)
- [Arachni GitHub 저장소](https://github.com/Arachni/arachni)
- [Arachni 문서](https://github.com/Arachni/arachni/wiki)
- [OWASP 웹 보안 테스트 가이드](https://owasp.org/www-project-web-security-testing-guide/)