Free, Simple, Distributed, Intelligent, Powerful, Friendly.

Arachni

1 Introduction:

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.

Recommended system requirements

Detailed recommendations check with the Arachni Website. In this reading, we will define the docker-compose.yml with which we can run with the default SQLite with volume mounting in production too.

Containerization

Environment variables

| ————- | ————- | ————- |

Run the docker container

docker run -d \
  -p 222:22 \
  -p 7331:7331 \
  -p 9292:9292 \
  --name arachni \
  arachni/arachni:latest

SSH

ssh -p 222 root@docker-machineIP with default password is "arachni"

Web endpoint can be access as:

http://${docker-machineIP}:9292

• Web-UI Admin’s username and password

username: admin@admin.admin

password: administrator

• Web-UI User’s username and password

username: user@user.user

password: regular_user

RESTful API endpoint will be

http://${docker-machineIP}:7331

Customize container with with Password and Params

1. RUN

docker run -d \
  -p 222:22 \
  -p 7331:7331 \
  -p 9292:9292 \
  --name arachni \
  -e SERVER_ROOT_PASSWORD="DockerArachniPWD" \
  -e ARACHNI_PARAMS="--authentication-username arachni --authentication-password Pass123 --only-positives"  \
  arachni:1.4

1. SSH

ssh -p 222 root@docker-machineIP with password is "DockerArachniPWD"

1. RESTful API customized username and password

username: arachni

password: Pass123

Archani with Database adopter as postgreSQL

RUN using docker run command

docker run -d \
  -e "DB_ADAPTER=postgresql" \
  -e "DB_HOST=sample_host" \
  -e "DB_NAME=sample_db_name" \
  -e "DB_USER=sample_db_user" \
  -e "DB_PASS=sample_db_pass" \
  -p 222:22 \
  -p 7331:7331 \
  -p 9292:9292 \
  --name arachni \
  arachni/arachni:latest

Run using Docker Compose

version: '3'
services:
  postgres:
    image: postgres:9.6
    container_name: postgres
    restart: always
    environment:
      POSTGRES_DB: arachni
      POSTGRES_USER: test_username
      POSTGRES_PASSWORD: test_username
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - ./cache/postgres/data/:/var/lib/postgresql/data/pgdata
    ports:
      - "5432:5432"
  arachni:
    image: arachni/arachni:latest
    conatiner_name: arachni
    environment:
      DB_ADAPTER: postgresql
      DB_HOST: postgres
      DB_NAME: arachni
      DB_USER: test_username
      DB_PASS: test_username
    ports:
      - "7331:7331"
      - "9292:9292"
      - "222:22"
    depends_on:
      - postgres

Web UI

As you run arachni successfully, service will be available on http://localhost:9292 or http://HOST_IP:9292

• Open the application in the browser and go to Scans menu and click on New

• In start scanning screen fill the form and click on go. Only website url would be more enough to scan through, else use the specified functionalities to reduce the load

• On Successful scan, you can check with the recent scans, go to scans menu and select recent scan

  In this step we have options to download the scanned report in different formats(html, json, marshal, XML, yaml, AFR)