arachni 0.2.2.1

data/HACKING.md

@@ -0,0 +1,101 @@
+# Hacking the Framework
+
+This file contains some brief instructions on contributing to Arachni.
+
+## Code Style
+In order to maintain consistency and keep the code pretty you should
+adhere to the following guidelines:
+
+ - 4 spaces, no tabs.
+ - Maximum line length 75-80 columns, try not to exceed that limit.
+ - {} instead of "`do`" for blocks and keep the iterator var in it's own line.<br/>
+    Like so:
+        arr.each {
+            |item|
+        }
+
+In general, take a look at the existing code and try to follow that style.
+
+
+## Code No-Nos
+**1. Don't print to standard output.**<br/>
+The interface in use won't be able to see your output and route it
+accordingly.
+
+Arachni provides you with wrappers that you can use, take a look in {Arachni::UI::Output}.<br/>
+All UIs will provide these methods to handle your output, use them.
+
+
+**2. Don't use "sleep".**<br/>
+It is unlikely that you will need it, but if you do, use
+`select(nil, nil, nil, <time>)` instead to avoid multi-threading issues.
+
+
+**3. Avoid creating your own instance of Net::HTTP or other lib.**<br/>
+You are provided with a pre-configured wrapper ({Arachni::Module::Base#http}) of [Typhoeus](http://github.com/pauldix/typhoeus).
+
+Take a look in the tutorial module to see what you get: {Arachni::Modules::RFI}
+
+The base module will also give you some insights: {Arachni::Module::Base}
+
+If you absolutely have to bypass Arachni's facilities you must obey the
+run-time settings in {Arachni::Options}.
+
+
+## Creating New Modules
+Arachni provides you with examples for the usual types of modules.
+
+This is your main guide: {Arachni::Modules::RFI}
+
+This covers most of the usual tasks when writing a module.
+It lets Arachni do all the work.
+
+For something more elaborate look in:<br/>
+- {Arachni::Modules::ResponseSplitting}<br/>
+- {Arachni::Modules::SQLInjection}
+
+These modules do their own vulnerability checking and logging.
+
+One last note.
+You're probably going to be working with large arrays of strings,
+either regular expressions or strings to inject to the webapp,
+so it's better to keep them in an external file under:
+    modules/<modtype>/<modname>/
+
+Use "{Arachni::Module::Utilities#read_file}`( filename ){ |line| }`" to get the file line by line.<br/>
+You just pass the filename (no path), `read_file()` will take care of the rest.
+
+This will make the strings easier to update and keep your modules smaller.
+
+In general, before writing a module copy an existing one that's close
+to your needs and modify it.
+
+
+## Creating New Reports
+The only thing that you should keep in mind when creating a new report
+is to adhere to the structure shown in: {Arachni::Reports::AP}.<br/>
+Also look in: {Arachni::Report::Base}.
+
+If you want your users to be able to customize the report you can
+provide them with a set of options, as in {Arachni::Reports::HTML}'s `self.info()` return hash.
+
+Keep in minds though that Arachni does not do any checking for these options,
+you will have to take care of that yourself.
+
+However, do provide an appropriate default `outfile` value in `initialize()`.
+
+Other than that you can do whatever you want, you have all of Ruby's
+power to work with.
+
+
+## Creating New Plug-ins
+
+Unlike the two previous types of components plug-ins are demi-gods.
+Each plug-in is passed the instance of the running framework to do with it what it pleases.
+Via the framework they have access to all Arachni subsystems and can alter or extend Arachni's behavior on the fly.
+Plug-ins run in parallel to the framework and are executed right before the scan process starts.
+
+## Licensing
+All code must be contributed with a GPL v2 compatible license.<br/>
+Do place licensing information in your code files.
+

data/LICENSE.md

@@ -0,0 +1,341 @@
+# License
+
+            GNU GENERAL PUBLIC LICENSE
+               Version 2, June 1991
+    
+     Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+     Everyone is permitted to copy and distribute verbatim copies
+     of this license document, but changing it is not allowed.
+    
+              Preamble
+    
+      The licenses for most software are designed to take away your
+    freedom to share and change it.  By contrast, the GNU General Public
+    License is intended to guarantee your freedom to share and change free
+    software--to make sure the software is free for all its users.  This
+    General Public License applies to most of the Free Software
+    Foundation's software and to any other program whose authors commit to
+    using it.  (Some other Free Software Foundation software is covered by
+    the GNU Lesser General Public License instead.)  You can apply it to
+    your programs, too.
+    
+      When we speak of free software, we are referring to freedom, not
+    price.  Our General Public Licenses are designed to make sure that you
+    have the freedom to distribute copies of free software (and charge for
+    this service if you wish), that you receive source code or can get it
+    if you want it, that you can change the software or use pieces of it
+    in new free programs; and that you know you can do these things.
+    
+      To protect your rights, we need to make restrictions that forbid
+    anyone to deny you these rights or to ask you to surrender the rights.
+    These restrictions translate to certain responsibilities for you if you
+    distribute copies of the software, or if you modify it.
+    
+      For example, if you distribute copies of such a program, whether
+    gratis or for a fee, you must give the recipients all the rights that
+    you have.  You must make sure that they, too, receive or can get the
+    source code.  And you must show them these terms so they know their
+    rights.
+    
+      We protect your rights with two steps: (1) copyright the software, and
+    (2) offer you this license which gives you legal permission to copy,
+    distribute and/or modify the software.
+    
+      Also, for each author's protection and ours, we want to make certain
+    that everyone understands that there is no warranty for this free
+    software.  If the software is modified by someone else and passed on, we
+    want its recipients to know that what they have is not the original, so
+    that any problems introduced by others will not reflect on the original
+    authors' reputations.
+    
+      Finally, any free program is threatened constantly by software
+    patents.  We wish to avoid the danger that redistributors of a free
+    program will individually obtain patent licenses, in effect making the
+    program proprietary.  To prevent this, we have made it clear that any
+    patent must be licensed for everyone's free use or not licensed at all.
+    
+      The precise terms and conditions for copying, distribution and
+    modification follow.
+    
+            GNU GENERAL PUBLIC LICENSE
+       TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+    
+      0. This License applies to any program or other work which contains
+    a notice placed by the copyright holder saying it may be distributed
+    under the terms of this General Public License.  The "Program", below,
+    refers to any such program or work, and a "work based on the Program"
+    means either the Program or any derivative work under copyright law:
+    that is to say, a work containing the Program or a portion of it,
+    either verbatim or with modifications and/or translated into another
+    language.  (Hereinafter, translation is included without limitation in
+    the term "modification".)  Each licensee is addressed as "you".
+    
+    Activities other than copying, distribution and modification are not
+    covered by this License; they are outside its scope.  The act of
+    running the Program is not restricted, and the output from the Program
+    is covered only if its contents constitute a work based on the
+    Program (independent of having been made by running the Program).
+    Whether that is true depends on what the Program does.
+    
+      1. You may copy and distribute verbatim copies of the Program's
+    source code as you receive it, in any medium, provided that you
+    conspicuously and appropriately publish on each copy an appropriate
+    copyright notice and disclaimer of warranty; keep intact all the
+    notices that refer to this License and to the absence of any warranty;
+    and give any other recipients of the Program a copy of this License
+    along with the Program.
+    
+    You may charge a fee for the physical act of transferring a copy, and
+    you may at your option offer warranty protection in exchange for a fee.
+    
+      2. You may modify your copy or copies of the Program or any portion
+    of it, thus forming a work based on the Program, and copy and
+    distribute such modifications or work under the terms of Section 1
+    above, provided that you also meet all of these conditions:
+    
+        a) You must cause the modified files to carry prominent notices
+        stating that you changed the files and the date of any change.
+    
+        b) You must cause any work that you distribute or publish, that in
+        whole or in part contains or is derived from the Program or any
+        part thereof, to be licensed as a whole at no charge to all third
+        parties under the terms of this License.
+    
+        c) If the modified program normally reads commands interactively
+        when run, you must cause it, when started running for such
+        interactive use in the most ordinary way, to print or display an
+        announcement including an appropriate copyright notice and a
+        notice that there is no warranty (or else, saying that you provide
+        a warranty) and that users may redistribute the program under
+        these conditions, and telling the user how to view a copy of this
+        License.  (Exception: if the Program itself is interactive but
+        does not normally print such an announcement, your work based on
+        the Program is not required to print an announcement.)
+    
+    These requirements apply to the modified work as a whole.  If
+    identifiable sections of that work are not derived from the Program,
+    and can be reasonably considered independent and separate works in
+    themselves, then this License, and its terms, do not apply to those
+    sections when you distribute them as separate works.  But when you
+    distribute the same sections as part of a whole which is a work based
+    on the Program, the distribution of the whole must be on the terms of
+    this License, whose permissions for other licensees extend to the
+    entire whole, and thus to each and every part regardless of who wrote it.
+    
+    Thus, it is not the intent of this section to claim rights or contest
+    your rights to work written entirely by you; rather, the intent is to
+    exercise the right to control the distribution of derivative or
+    collective works based on the Program.
+    
+    In addition, mere aggregation of another work not based on the Program
+    with the Program (or with a work based on the Program) on a volume of
+    a storage or distribution medium does not bring the other work under
+    the scope of this License.
+    
+      3. You may copy and distribute the Program (or a work based on it,
+    under Section 2) in object code or executable form under the terms of
+    Sections 1 and 2 above provided that you also do one of the following:
+    
+        a) Accompany it with the complete corresponding machine-readable
+        source code, which must be distributed under the terms of Sections
+        1 and 2 above on a medium customarily used for software interchange; or,
+    
+        b) Accompany it with a written offer, valid for at least three
+        years, to give any third party, for a charge no more than your
+        cost of physically performing source distribution, a complete
+        machine-readable copy of the corresponding source code, to be
+        distributed under the terms of Sections 1 and 2 above on a medium
+        customarily used for software interchange; or,
+    
+        c) Accompany it with the information you received as to the offer
+        to distribute corresponding source code.  (This alternative is
+        allowed only for noncommercial distribution and only if you
+        received the program in object code or executable form with such
+        an offer, in accord with Subsection b above.)
+    
+    The source code for a work means the preferred form of the work for
+    making modifications to it.  For an executable work, complete source
+    code means all the source code for all modules it contains, plus any
+    associated interface definition files, plus the scripts used to
+    control compilation and installation of the executable.  However, as a
+    special exception, the source code distributed need not include
+    anything that is normally distributed (in either source or binary
+    form) with the major components (compiler, kernel, and so on) of the
+    operating system on which the executable runs, unless that component
+    itself accompanies the executable.
+    
+    If distribution of executable or object code is made by offering
+    access to copy from a designated place, then offering equivalent
+    access to copy the source code from the same place counts as
+    distribution of the source code, even though third parties are not
+    compelled to copy the source along with the object code.
+    
+      4. You may not copy, modify, sublicense, or distribute the Program
+    except as expressly provided under this License.  Any attempt
+    otherwise to copy, modify, sublicense or distribute the Program is
+    void, and will automatically terminate your rights under this License.
+    However, parties who have received copies, or rights, from you under
+    this License will not have their licenses terminated so long as such
+    parties remain in full compliance.
+    
+      5. You are not required to accept this License, since you have not
+    signed it.  However, nothing else grants you permission to modify or
+    distribute the Program or its derivative works.  These actions are
+    prohibited by law if you do not accept this License.  Therefore, by
+    modifying or distributing the Program (or any work based on the
+    Program), you indicate your acceptance of this License to do so, and
+    all its terms and conditions for copying, distributing or modifying
+    the Program or works based on it.
+    
+      6. Each time you redistribute the Program (or any work based on the
+    Program), the recipient automatically receives a license from the
+    original licensor to copy, distribute or modify the Program subject to
+    these terms and conditions.  You may not impose any further
+    restrictions on the recipients' exercise of the rights granted herein.
+    You are not responsible for enforcing compliance by third parties to
+    this License.
+    
+      7. If, as a consequence of a court judgment or allegation of patent
+    infringement or for any other reason (not limited to patent issues),
+    conditions are imposed on you (whether by court order, agreement or
+    otherwise) that contradict the conditions of this License, they do not
+    excuse you from the conditions of this License.  If you cannot
+    distribute so as to satisfy simultaneously your obligations under this
+    License and any other pertinent obligations, then as a consequence you
+    may not distribute the Program at all.  For example, if a patent
+    license would not permit royalty-free redistribution of the Program by
+    all those who receive copies directly or indirectly through you, then
+    the only way you could satisfy both it and this License would be to
+    refrain entirely from distribution of the Program.
+    
+    If any portion of this section is held invalid or unenforceable under
+    any particular circumstance, the balance of the section is intended to
+    apply and the section as a whole is intended to apply in other
+    circumstances.
+    
+    It is not the purpose of this section to induce you to infringe any
+    patents or other property right claims or to contest validity of any
+    such claims; this section has the sole purpose of protecting the
+    integrity of the free software distribution system, which is
+    implemented by public license practices.  Many people have made
+    generous contributions to the wide range of software distributed
+    through that system in reliance on consistent application of that
+    system; it is up to the author/donor to decide if he or she is willing
+    to distribute software through any other system and a licensee cannot
+    impose that choice.
+    
+    This section is intended to make thoroughly clear what is believed to
+    be a consequence of the rest of this License.
+    
+      8. If the distribution and/or use of the Program is restricted in
+    certain countries either by patents or by copyrighted interfaces, the
+    original copyright holder who places the Program under this License
+    may add an explicit geographical distribution limitation excluding
+    those countries, so that distribution is permitted only in or among
+    countries not thus excluded.  In such case, this License incorporates
+    the limitation as if written in the body of this License.
+    
+      9. The Free Software Foundation may publish revised and/or new versions
+    of the General Public License from time to time.  Such new versions will
+    be similar in spirit to the present version, but may differ in detail to
+    address new problems or concerns.
+    
+    Each version is given a distinguishing version number.  If the Program
+    specifies a version number of this License which applies to it and "any
+    later version", you have the option of following the terms and conditions
+    either of that version or of any later version published by the Free
+    Software Foundation.  If the Program does not specify a version number of
+    this License, you may choose any version ever published by the Free Software
+    Foundation.
+    
+      10. If you wish to incorporate parts of the Program into other free
+    programs whose distribution conditions are different, write to the author
+    to ask for permission.  For software which is copyrighted by the Free
+    Software Foundation, write to the Free Software Foundation; we sometimes
+    make exceptions for this.  Our decision will be guided by the two goals
+    of preserving the free status of all derivatives of our free software and
+    of promoting the sharing and reuse of software generally.
+    
+              NO WARRANTY
+    
+      11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+    FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+    OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+    PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+    OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+    TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+    PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+    REPAIR OR CORRECTION.
+    
+      12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+    WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+    REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+    INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+    OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+    TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+    YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+    PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGES.
+    
+             END OF TERMS AND CONDITIONS
+    
+          How to Apply These Terms to Your New Programs
+    
+      If you develop a new program, and you want it to be of the greatest
+    possible use to the public, the best way to achieve this is to make it
+    free software which everyone can redistribute and change under these terms.
+    
+      To do so, attach the following notices to the program.  It is safest
+    to attach them to the start of each source file to most effectively
+    convey the exclusion of warranty; and each file should have at least
+    the "copyright" line and a pointer to where the full notice is found.
+    
+        <one line to give the program's name and a brief idea of what it does.>
+        Copyright (C) <year>  <name of author>
+    
+        This program is free software; you can redistribute it and/or modify
+        it under the terms of the GNU General Public License as published by
+        the Free Software Foundation; either version 2 of the License, or
+        (at your option) any later version.
+    
+        This program is distributed in the hope that it will be useful,
+        but WITHOUT ANY WARRANTY; without even the implied warranty of
+        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+        GNU General Public License for more details.
+    
+        You should have received a copy of the GNU General Public License along
+        with this program; if not, write to the Free Software Foundation, Inc.,
+        51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+    
+    Also add information on how to contact you by electronic and paper mail.
+    
+    If the program is interactive, make it output a short notice like this
+    when it starts in an interactive mode:
+    
+        Gnomovision version 69, Copyright (C) year name of author
+        Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+        This is free software, and you are welcome to redistribute it
+        under certain conditions; type `show c' for details.
+    
+    The hypothetical commands `show w' and `show c' should show the appropriate
+    parts of the General Public License.  Of course, the commands you use may
+    be called something other than `show w' and `show c'; they could even be
+    mouse-clicks or menu items--whatever suits your program.
+    
+    You should also get your employer (if you work as a programmer) or your
+    school, if any, to sign a "copyright disclaimer" for the program, if
+    necessary.  Here is a sample; alter the names:
+    
+      Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+      `Gnomovision' (which makes passes at compilers) written by James Hacker.
+    
+      <signature of Ty Coon>, 1 April 1989
+      Ty Coon, President of Vice
+    
+    This General Public License does not permit incorporating your program into
+    proprietary programs.  If your program is a subroutine library, you may
+    consider it more useful to permit linking proprietary applications with the
+    library.  If this is what you want to do, use the GNU Lesser General
+    Public License instead of this License.

data/README.md

@@ -0,0 +1,350 @@
+# Arachni - Web Application Security Scanner Framework
+**Version**:     0.2.2.1<br/>
+**Homepage**:     [http://github.com/zapotek/arachni](http://github.com/zapotek/arachni)<br/>
+**News**:     [http://trainofthought.segfault.gr/category/projects/arachni/](http://trainofthought.segfault.gr/category/projects/arachni/)<br/>
+**Documentation**:     [http://github.com/Zapotek/arachni/wiki](http://github.com/Zapotek/arachni/wiki)<br/>
+**Code Documentation**:     [http://zapotek.github.com/arachni/](http://zapotek.github.com/arachni/)<br/>
+**Google Group**: [http://groups.google.com/group/arachni](http://groups.google.com/group/arachni)<br/>
+**Author**:       [Tasos](mailto:tasos.laskos@gmail.com) "[Zapotek](mailto:zapotek@segfault.gr)" [Laskos](mailto:tasos.laskos@gmail.com)<br/>
+**Twitter**:      [http://twitter.com/Zap0tek](http://twitter.com/Zap0tek)<br/>
+**Copyright**:    2010-2011<br/>
+**License**:      [GNU General Public License v2](file.LICENSE.html)
+
+![Arachni logo](http://zapotek.github.com/arachni/logo.png)
+
+Kindly sponsored by: [![NopSec](http://zapotek.github.com/arachni/nopsec_logo.png)](http://www.nopsec.com)
+
+Help by donating:
+[![Click here to lend your support to: Arachni - Web Application Security Scanner Framework and make a donation at www.pledgie.com!](http://pledgie.com/campaigns/14482.png)](http://www.pledgie.com/campaigns/14482)
+
+## Synopsis
+
+Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping
+penetration testers and administrators evaluate the security of web applications.
+
+Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.<br/>
+Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling<br/>
+through the paths of a web application's cyclomatic complexity.<br/>
+This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
+
+Finally, Arachni yields great performance due to its asynchronous HTTP  model (courtesy of [Typhoeus](https://github.com/pauldix/typhoeus)).<br/>
+Thus, you'll only be limited by the responsiveness of the server under audit and your available bandwidth.
+
+**Note**: _Despite the fact that Arachni is mostly targeted towards web application security, it can easily be used for general purpose scraping, data-mining, etc with the addition of custom modules._
+
+
+### Arachni offers:
+
+#### A stable, efficient, high-performance framework
+
+Module, report and plugin writers are allowed to easily and quickly create and deploy their components
+with the minimum amount of restrictions imposed upon them, while provided with the necessary infrastructure to accomplish their goals.<br/>
+Furthermore, they are encouraged to take full advantage of the Ruby language under a unified framework that will increase their productivity
+without stifling them or complicating their tasks.<br/>
+
+#### Simplicity
+Although some parts of the Framework are fairly complex you will never have to deal them directly.<br/>
+From a user's or a component developer's point of view everything appears simple and straight-forward all the while providing power, performance and flexibility.
+
+## Feature List
+
+### General
+
+ - Cookie-jar support
+ - SSL support.
+ - User Agent spoofing.
+ - Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
+ - Proxy authentication.
+ - Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and others)
+ - Highlighted command line output.
+ - UI abstraction:
+    - Command line UI
+    - Web UI (Utilizing the Client - Dispatch-server XMLRPC architecture)
+    - XMLRPC Client/Dispatch server
+       - Centralised deployment
+       - Multiple clients
+       - Parallel scans
+       - SSL encryption
+       - SSL cert based client authentication
+       - Remote monitoring
+ - Pause/resume functionality.
+ - High performance asynchronous HTTP requests.
+
+### Website Crawler
+
+The crawler is provided by a modified version of [Anemone](http://anemone.rubyforge.org/).
+
+ - Filters for redundant pages like galleries, catalogs, etc based on regular expressions and counters.
+ - URL exclusion filter based on regular expressions.
+ - URL inclusion filter based on regular expressions.
+ - Can optionally follow subdomains.
+ - Adjustable depth limit.
+ - Adjustable link count limit.
+ - Adjustable redirect limit.
+ - Modular path extraction via "Path Extractor" components.
+
+### HTML Parser
+
+Can extract and analyze:
+
+ - Forms
+ - Links
+ - Cookies
+
+The analyzer can graciously handle badly written HTML code due to a combination of regular expression analysis and the [Nokogiri](http://nokogiri.org/) HTML parser.
+
+###  Module Management
+
+ - Very simple and easy to use module API providing access to multiple levels of complexity.
+ - Helper audit methods:
+    - For forms, links and cookies auditing.
+    - A wide range of injection strings/input combinations.
+    - Writing RFI, SQL injection, XSS etc modules is a matter of minutes if not seconds.
+ - Currently available modules:
+    - Audit:
+        - SQL injection
+        - Blind SQL injection using rDiff analysis
+        - Blind SQL injection using timing attacks
+        - CSRF detection
+        - Code injection (PHP, Ruby, Python, JSP, ASP.NET)
+        - Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
+        - LDAP injection
+        - Path traversal
+        - Response splitting
+        - OS command injection (*nix, Windows)
+        - Blind OS command injection using timing attacks (*nix, Windows)
+        - Remote file inclusion
+        - Unvalidated redirects
+        - XPath injection
+        - Path XSS
+        - URI XSS
+        - XSS
+        - XSS in event attributes of HTML elements
+        - XSS in HTML tags
+        - XSS in HTML 'script' tags
+    - Recon:
+        - Allowed HTTP methods
+        - Back-up files
+        - Common directories
+        - Common files
+        - HTTP PUT
+        - Insufficient Transport Layer Protection for password forms
+        - WebDAV detection
+        - HTTP TRACE detection
+        - Credit Card number disclosure
+        - CVS/SVN user disclosure
+        - Private IP address disclosure
+        - Common backdoors
+        - .htaccess LIMIT misconfiguration
+        - Interesting responses
+        - HTML object grepper
+        - E-mail address disclosure
+        - US Social Security Number disclosure
+        - Forceful directory listing
+
+### Report Management
+
+ - Modular design.
+ - Currently available reports:
+    - Standard output
+    - HTML (Cheers to [Christos Chiotis](mailto:chris@survivetheinternet.com) for designing the new HTML report template.)
+    - XML
+    - TXT
+    - YAML serialization
+    - Metareport (providing Metasploit integration to allow for [automated and assisted exploitation](http://zapotek.github.com/arachni/file.EXPLOITATION.html))
+
+### Plug-in Management
+
+ - Modular design
+ - Plug-ins are framework demi-gods, they have direct access to the framework instance.
+ - Can be used to add any functionality to Arachni.
+ - Currently available plugins:
+    - Passive Proxy
+    - Form based AutoLogin
+    - Dictionary attacker for HTTP Auth
+    - Dictionary attacker for form based authentication
+    - Cookie collector
+    - Healthmap -- Generates sitemap showing the health of each crawled/audited URL
+    - Content-types -- Logs content-types of server responses aiding in the identification of interesting (possibly leaked) files
+    - WAF (Web Application Firewall) Detector
+    - MetaModules -- Loads and runs high-level meta-analysis modules pre/mid/post-scan
+       - AutoThrottle -- Dynamically adjusts HTTP throughput during the scan for maximum bandwidth utilization
+       - TimeoutNotice -- Provides a notice for issues uncovered by timing attacks when the affected audited pages returned unusually high response times to begin with.</br>
+            It also points out the danger of DoS attacks against pages that perform heavy-duty processing.
+       - Uniformity -- Reports inputs that are uniformly vulnerable across a number of pages hinting to the lack of a central point of input sanitization.
+
+### Trainer subsystem
+
+The Trainer is what enables Arachni to learn from the scan it performs and incorporate that knowledge, on the fly, for the duration of the audit.
+
+Modules have the ability to individually force the Framework to learn from the HTTP responses they are going to induce.<br/>
+However, this is usually not required since Arachni is aware of which requests are more likely to uncover new elements or attack vectors and will adapt itself accordingly.
+
+Still, this can be an invaluable asset to Fuzzer modules.
+
+## Usage
+
+### WebUI
+
+The Web User Interface is basically a Sinatra app which acts as an Arachni XMLRPC client and connects to a running XMLRPC Dispatch server.
+
+Thus, you first need to start a Dispatcher like so:
+    $ arachni_xmlrpcd &
+
+Then start the WebUI by running:
+    $ arachni_web
+
+_If you get any permission errors then you probably installed the Gem using 'sudo', so use 'sudo' to start the servers too._
+
+And finally open up a browser window and visit: http://localhost:4567/
+
+#### Options
+
+You can see all available options using:
+    $ arachni_web -h
+
+#### Shutdown
+You can kill the WebUI by sending _Ctrl+C_ to the console from which you started it.
+
+However, in order to kill the Dispatcher (and all the processes in its pool) you will need to _killall -9 arachni_xmlrpcd_ (or _killall -9 ruby_ depending on your setup) or hunt them down manually.
+This inconvenience is by design; it guarantees that Arachni instances will be available (and usable) instantly and that running scans will continue unaffected even if the dispatcher has (for some reason) died.
+
+#### Parallel scans
+As you might have guessed by the use of the word _pool_ in the previous paragraph, the WebUI allows you to run as many scans as you wish at the same time.
+Of course, the amount of parallel scans you'll be able to perform will be limited by your available resources (Network bandwidth/RAM/CPU).
+
+Should you shutdown the WebUI while a scan is running you'll be able to re-attach to the running process and view its progress or (if the scan has already finished) grab the report the next time you visit the WebUI.
+In most cases, you won't even need to re-attach to a process in order to get the report of the finished scan, the WebUI's zombie reaper will grab and save the report for you.
+
+#### General
+In cases where the Dispatcher is started with its default settings on localhost (like the above example) the WebUI will connect to it automatically.
+
+However, if you see an error message informing you that the WebUI could not find a dispatcher to connect to then you probably visited the WebUI before it had a chance to connect to the Dispatcher, you can just click on the "Dispatcher" tab to force it to try again; if the error does not re-appear then it connected successfully.
+
+If you get a scary "Broken pipe" exception a simple refresh will solve the problem.
+
+#### Remote deployment
+As noted above, the WebUI is, in essence, a user-friendly Arachni XMLRPC client, this means that you can start a Dispatcher on a remote host and manage it via the WebUI.
+Simple as that really.
+
+#### Encryption & Authentication
+WebUI-client (browser) and XMLRPC Client-Dispatch server authentication takes place using SSL certificate/key pairs.
+
+These are the 3 basic models:
+
+ - No encryption & no authentication -- Default behavior
+ - Encryption & no authentication    -- Just enable SSL in the WebUI configuration file (_conf/webui.yaml_) and the Dispatcher and all components will generate their own certificate/key pairs and disable peer verification.
+ - Encryption & authentication       -- Enable SSL and use your own cert/key pairs to authenticate clients to the WebUI and vice verse, and authenticate the XMLRPC clients controlled by the WebUI to the Dispatcher and vice versa.
+
+However, you can go even further and create combinations specific to each component.
+
+*Beware:* This interface is brand new so if you encounter any issues please do report them.
+
+### Command line interface
+
+The command-line interface is the oldest, most tested and thus more reliable.
+
+#### Help
+In order to see everything Arachni has to offer execute:
+    $ arachni -h
+
+Or visit the Wiki.
+
+#### Examples
+You can simply run Arachni like so:
+
+    $ arachni http://test.com
+
+which will load all modules and audit all forms, links and cookies.
+
+In the following example all modules will be run against <i>http://test.com</i>, auditing links/forms/cookies and following subdomains --with verbose output enabled.<br/>
+The results of the audit will be saved in the the file <i>test.com.afr</i>.
+
+    $ arachni -fv http://test.com --report=afr:outfile=test.com.afr
+
+The Arachni Framework Report (.afr) file can later be loaded by Arachni to create a report, like so:
+
+    $ arachni --repload=test.com.afr --report=html:outfile=my_report.html
+
+or any other report type as shown by:
+
+    $ arachni --lsrep
+
+#### You can make module loading easier by using wildcards (*) and exclusions (-).
+
+To load all _xss_ modules using a wildcard:
+    $ arachni http://example.net --mods=xss_*
+
+To load all _audit_ modules using a wildcard:
+    $ arachni http://example.net --mods=audit*
+
+To exclude only the _csrf_ module:
+    $ arachni http://example.net --mods=*,-csrf
+
+Or you can mix and match; to run everything but the _xss_ modules:
+    $ arachni http://example.net --mods=*,-xss_*
+
+For a full explanation of all available options you can consult the [User Guide](http://github.com/Zapotek/arachni/wiki/User-guide).
+
+#### Performing a comprehensive scan quickly
+
+Arachni comes with a preconfigured profile (_profiles/comprehensive.afp_) for a comprehensive audit.
+This profile loads all modules, audits links/forms/cookies and loads the HealthMap and Content-Types plugins.
+
+You can use it like so:
+    $ arachni --load-profile=profiles/comprehensive.afp http://example.net
+
+#### Performing a full scan quickly
+
+The _full_ profile adds header auditing to the _comprehensive_ profile.
+
+_NOTICE: Auditing headers can increase scan time by an order of magnitude (depending on the website) and may be considered over-the-top in most scenarios._
+
+You can use it like so:
+    $ arachni --load-profile=profiles/full.afp http://example.net
+
+
+_If you installed the Gem then you'll have to look for the "profiles" directory in your gems path._
+
+## Installation
+
+To install the Gem or work with the source code you'll also need the following system libraries:
+    $ sudo apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev
+
+You will also need to have Ruby 1.9.2 installed *including* the dev package/headers.<br/>
+The prefered ways to accomplish this is by either using [RVM](http://rvm.beginrescueend.com/) or by downloading and compiling the source code for [Ruby 1.9.2](http://www.ruby-lang.org/en/downloads/) manually.
+
+### Gem
+
+To install Arachni:
+    $ gem install arachni
+
+### Source
+
+If you want to clone the repository and work with the source code then you'll need to run the following to install all gem dependencies and Arachni:
+    $ rake install
+
+
+## Supported platforms
+
+Arachni should work on all *nix and POSIX compliant platforms with Ruby
+and the aforementioned requirements.
+
+Windows users should run Arachni in Cygwin.
+
+## Bug reports/Feature requests
+Please send your feedback using Github's issue system at
+[http://github.com/zapotek/arachni/issues](http://github.com/zapotek/arachni/issues).
+
+
+## License
+Arachni is licensed under the GNU General Public License v2.<br/>
+See the [LICENSE](file.LICENSE.html) file for more information.
+
+
+## Disclaimer
+Arachni is free software and you are allowed to use it as you see fit.<br/>
+However, I can't be held responsible for your actions or for any damage
+caused by the use of this software.
+
+![Arachni banner](http://zapotek.github.com/arachni/banner.png)