A web user interface and collaboration platform for the Arachni open source web application security scanner framework.

• Administrators can manage all:
  • Users
  • Scan configuration Profiles
    • Can set Global Profiles which are available to everyone.
    • Can set the system-wide default Profile.
  • Scans
  • Scan Issues
  • Scan Groups
  • Dispatchers
    • Can set Global Dispatchers which are available to everyone.
    • Can set the system-wide default Dispatcher.
  • Settings
    • Scan
      • Allowed types.
      • Target whitelist using regular expressions.
      • Target blacklist using regular expressions.
      • Global scan limit -- Amount of active scans at any given time.
      • Per user limit -- Amount of active scans at any given time per user.
    • Profile
      • Allowed modules.
• Users can:
  • Manage, create and share Dispatchers with each other.
  • Manage, create and share Scan configuration Profiles with each other.
  • Start Scans using one of the available Profiles (and optionally Dispatchers).
  • Organize Scans into Scan Groups for easier management and share their Groups with each other.
  • Manage, comment, share and export reports of their Scans.
  • Discuss and Review Issues:
    • Mark them as false positives
    • Mark them as fixed
    • Mark them as requiring manual verification
      • Add verification steps
      • Mark them as verified
  • Receive Notifications for:
    • Shared Profiles -- Created, updated, shared, deleted.
    • Shared Scans -- Started, paused, resumed, aborted, commented.
    • Issues of shared Scans -- Reviewed, verified, commented.
  • Review their Activity.
  • Export reports, review and comment on Scans which have been shared with them by other users.
• Available Scan types:
  • Direct -- From the WebUI machine to the webapp, no need to setup anything else.
  • Remote -- Using a Dispatcher.
    • Scan is performed from the machine of the Dispatcher to the webapp.
    • Scan assignments can be load balanced when there are multiple Dispatchers available.
  • Grid -- Using multiple Dispatchers.
    • Scan is performed using multiple machines for a super-fast crawl and audit.
    • Scan assignments can be load balanced.
  • Repeat/Revision
    • Repeats a finished scan to identify fixed or new issues.
    • Can use sitemaps of previous revisions to:
      • Avoid crawling
      • Extend a new crawl
  • Overview -- Combines the results of multiple revisions for easy review/management.
• Scan reports can be exported in multiple formats (HTML, XML, YAML and more).
• Simple, clean, responsive design suitable for desktops, tablets and mobile phones.

Submit bugs using GitHub Issues and get support via the Support Portal.

If you make improvements to this application, please share with others.

Before starting any work, please read the instructions for working with the source code.

• Fork the project.
• Start a feature branch based on the experimental branch (git checkout -b <feature-name> experimental).
• Add specs for your code.
• Run the spec suite to make sure you didn't break anything (rake spec).
• Commit and push your changes.
• Issue a pull request and wait for your code to be reviewed.

Arachni WebUI is licensed under the Apache License Version 2.0.
See the LICENSE file for more information.

This is free software and you are allowed to use it as you see fit. However, neither the development team nor any of our contributors can held responsible for your actions or for any damage caused by the use of this software.