Arachni Executor¶

Category: Web Application Scanners Script: arachni.py Integration: CLI Faraday Plugin: ArachniPlugin Website: https://www.arachni-scanner.com/

Description¶

Runs the Arachni web application security scanner CLI against a target URL, then converts the binary .afr result file to XML using arachni_reporter, and parses the XML output into Faraday.

Prerequisites¶

Arachni installed locally
Both arachni and arachni_reporter binaries available in the Arachni installation directory

Configuration¶

Environment Variables (Setup)¶

Variable	Required	Description
`ARACHNI_PATH`	Yes	Filesystem path to the Arachni installation directory (containing `arachni` and `arachni_reporter`)

Execution Arguments¶

Parameter	Type	Mandatory	Description
`NAME_URL`	url	Yes	Target URL to scan
`TIMEOUT`	string	No	Scan timeout in `HH:MM:SS` format

YAML Configuration Example¶

executors:
  arachni_scan:
    repo_executor: arachni.py
    max_size: 65536
    varenvs:
      ARACHNI_PATH: /opt/arachni
    params:
      NAME_URL:
        mandatory: true
        type: url
        base: string
      TIMEOUT:
        mandatory: false
        type: string
        base: string

How It Works¶

Runs ./arachni <url> [--timeout <HH:MM:SS>] --report-save-path <output.afr> from within the Arachni installation directory
Converts the .afr report to XML: ./arachni_reporter <output.afr> --reporter xml:outfile=<output.xml>
Parses the XML through ArachniPlugin and outputs Faraday JSON

Notes¶

Arachni development has been discontinued, but the scanner remains functional
The executor runs both binaries from ARACHNI_PATH, so the path must point to the directory containing arachni and arachni_reporter