Arachni the Security scanning tool for Web


Arachni is a fully featured web security scanning tool, it is based on ruby framework.It is an open source, modular and high performance tool. It comes with both command line interface as well as web based gui interface, it is highly versatile tool for security scanning purpose. It supports almost all of the popular web application such as HTML5, Java Script and AJAX etc, Additionally it is enables with multi user-multi platform collaboration.It allows you to generate reports in desird format (.txt, XML, HTML).


A Linux  bases OS,  minimum 4 GB RAM, Llatest browser (mozilla, google chrome etc), LAN Connection, Minimum 1 GB Storage, by default is uses sqLite3, but PostgreSQL with gui is recommended for some heavy scanning scenario.


We are using Ubuntu 15.04 64x Desktop OS, for installation purpose.

It is recommended to be root while performing the installation.

#sudo su


Download Latest version of Archni from following link-

Arachni Download Link


Go the download link and unzip the package.

cd /home/unixmen/Download
gunzip arachni-x.x.x.x


uncompress the tar package.

#tar -xvf arachni.x.x.x.tar


#cd arachni-x.x.x
#cd bin && ls


In bin drectory two type of tools will be available i.e.  arachni_console and arachi_web.



we would prefer to go with arachni_web.  Simply type in console



Now, Web interface is active. Go to browser  and  type:

default username : admin@admin.admin

default password: administrator

gui_arachniWhen you will login a panel with welcome message will appear.


Go to administrator button on upper right hand corner-> click settings->Click to profile

In profile section lots of security check parameters are available, you can select some of them as per your need. By default they all are selected.


Go to ;scan’ tab, in this tab you can decide how many url can be scanned on  a given time period, and may maximum users are allowed to perform web scanning at a give time period.

scan_optionYou can modify profile of this web scan tool, i would recommend to set is as default.

profileOk, Now go the  the scan section finally, you have to write complete url  in scan section e.g., let us have a try:

type the absolute url path and click the go blue button.



The Arachni web scanner will start auditing heath status of any given url and will generate a report when the scan is over.


The detailed auditing  report of  will be generated when scanning is over.

scan complete

Sometime System may take a long time in report generation. When scanning is over you can audit all of your reports.

Feel free to ask any thing related to the topic.