• 安全工具-Arachni


    Arachni是一个多功能、模块化、高性能的Ruby框架,旨在帮助渗透测试人员和管理员评估web应用程序的安全性。同时Arachni开源免费,可安装在windows、linux以及mac系统上,并且可导出评估报告。

    一、Arachni下载与启动,以LInux环境为例

    下载地址:http://www.arachni-scanner.com/download/

    解压文件arachni-1.5.1-0.5.12-darwin-x86_64.tar.gz,然后进入arachni-1.5.1-0.5.12目录下的bin文件夹,运行./arachni_web,随后浏览器访问http://localhost:9292

    二、Arachni配置扫描

    Arachni目录里有关于该工具的简单使用说明,也可以找到安装后的初始用户名和密码

    tdcqma:arachni-1.5.1-0.5.12 $ ls
    LICENSE		TROUBLESHOOTING	bin
    README		VERSION		system
    tdcqma:arachni-1.5.1-0.5.12 $ cat README 
       Arachni - Web Application Security Scanner Framework
    
    Homepage           - http://arachni-scanner.com
    Blog               - http://arachni-scanner.com/blog
    Documentation      - https://github.com/Arachni/arachni/wiki
    Support            - http://support.arachni-scanner.com
    GitHub page        - http://github.com/Arachni/arachni
    Code Documentation - http://rubydoc.info/github/Arachni/arachni
    Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
    Twitter            - http://twitter.com/ArachniScanner
    Copyright          - 2010-2017 Sarosys LLC
    License            - Arachni Public Source License v1.0 -- see LICENSE file)
    --------------------------------------------------------------------------------
    
    To use Arachni run the executables under "bin/".
    
    To launch the Web interface:
        bin/arachni_web
    
    Default account details:
    
        Administrator:
            E-mail address: admin@admin.admin
            Password:       administrator
    
        User:
            E-mail address: user@user.user
            Password:       regular_user
    
    For a quick scan: via the command-line interface:
        bin/arachni http://test.com
    
    To see the available CLI options:
        bin/arachni -h
    
    For detailed documentation see:
        http://arachni-scanner.com/wiki/User-guide
    
    Upgrading/migrating
    --------------
    
    To migrate your existing data into this new package please see:
    
        https://github.com/Arachni/arachni-ui-web/wiki/upgrading
    
    Troubleshooting
    --------------
    See the included TROUBLESHOOTING file.
    
    Disclaimer
    --------------
    Arachni is free software and you are allowed to use it as you see fit.
    However, I can't be held responsible for your actions or for any damage
    caused by the use of this software.
    
    Copying
    --------------
    For the Arachni license please see the LICENSE file.
    
    The bundled PhantomJS (http://phantomjs.org/) executable is distributed
    under the BSD license:
        https://github.com/ariya/phantomjs/blob/master/LICENSE.BSD
    tdcqma:arachni-1.5.1-0.5.12 $ 
    

     浏览器访问http://localhost:9292,进入登录页面

    登录后点击右上角的Administrator-》Edit account进行修改默认密码

     

    新建扫描,Scans-》+New并配置扫描选项,安全策略包括XSS、SQL注入等,默认情况下选Default即可。

    扫描结果分析,检出弱点总数及漏洞分类一览

    点击awaiting review进入漏洞详细说明界面

    报告导出,以HTML格式为例

     查看报告,包括总结图表及漏洞详细说明

  • 相关阅读:
    Python3 字符串格式化
    TypeError: Object of type 'int32' is not JSON serializable
    论文学习——《Learning to Compose with Professional Photographs on the Web》 (ACM MM 2017)
    python中PIL.Image,OpenCV,Numpy图像格式相互转换
    python 在列表,元组,字典变量前加*号
    python指定概率随机取值 理解np.random.seed()
    论文学习——《Good View Hunting: Learning Photo Composition from Dense View Pairs》
    目标检测知识杂点
    VGG16学习笔记
    python png与jpg的相互转换
  • 原文地址:https://www.cnblogs.com/tdcqma/p/7517313.html
Copyright © 2020-2023  润新知