Hey guys,
In this blog, we are going to see how to run Arachni, a web application vulnerability scanner, on a linux system.
Arachni:
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review.
Ok, Lets get started.
First download the Linux package from the site,
www.arachni-scanner.com/download
Download the package according to your Architecture.
If you donot know your architecture and you are on a Linux system use the command
uname -aThen open a terminal and navigate to where you have downloaded it. And you can now extract the contents using the command
tar -zvxf arachni-1.5.1-0.5.12-linux-x86_64.tar.gz
After this you would have a directory in the name of Arachni-version.no, thats where everything is, lets move on and check into it.
ls
cd arachni-1.5.1-0.5.12
It has a bin directory where it would have all the binaries. Lets move to that directory and see how we can launch the scanner.
cd bin
ls
There seems to be a variety of ways to launch the tool, we see that there is a a Web version of it, for ease of use lets run it.
./arachni_web
This starts a server and we can browse to it using the browser, you can use any browser. If you have port forwarding set up, you can use it remotely too.
It asks for credentials, that we don’t have. It also mentions to see the wiki for default credentials.
https://www.github.com/Arachni/arachni-ui-web/wiki#default-credentials
You find the default credentials there.
using the Administrator credentials, we can login.
email : admin@admin.admin
password : administrator
From there you could start scanning from the Scans navigation button.
I recommend to change the credentials as soon as you login.
Thanks for reading.
Hope you learned something. Happy Scanning.
If you have any problems, please watch this video
