Looking for an automated web vulnerability scanner? Arachni is without doubt the most awesome web application security framework and I highly suggest it to anyone (Let’s face it W3AF doen’t fit the start-and-take-a-nap profile and tools like websecurify are just bull!#*t). Why this isn’t included in backtrack kind of mystifies me. Anyway here is a quick guide to get it up and running. While this process is not really that difficult, it might be of use to someone…
I should say installing Ruby and Ruby Gems is beyond the scope of this tutorial, if you still need to do this I suggest getting the latest stable release from http://www.ruby-lang.org/ and then install gems http://docs.rubygems.org/. However if you are performing this install on backtrack this shouldn't be necessary.
(1) First things first, there are a ton of requirements and dependencies, so lets get those out of the way first (depending on your OS-build most will probably already be installed).
root@bt:~/Desktop# apt-get install curl git git-core gem mono-2.0-devel ant openjdk-6-jdk g++
openjdk-6-jre-headless build-essential openssl libreadline6 libreadline6-dev zlib1g zlib1g-dev libssl-dev
libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev
automake libtool bison libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev
(2) Ok lets install the latest RVM (Ruby Version Manager).
root@bt:~/Desktop# bash < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts
(3) Navigate to the directory where rvm is installed.
root@bt:~/Desktop# cd /usr/local/rvm/bin
(4) Verify which Ruby version is required for the latest release of Arachni (currently v1.9.2) - http://arachni.segfault.gr/latest.
(5) Use RVM to install this version.
root@bt:~/Desktop# ./rvm install 1.9.2
(6) Finally install the Arachni gem.
root@bt:~/Desktop# gem install arachni
Thats it!! You’re ready to enjoy the fruits of your labor. I suggest you click here for the Arachni user-guide so you can get started. You have a choice between (1) command line interface and a (2) web user GUI (which is very pretty hehe). You can see some screenshots below...