Thiago Teixeira
EN | PT

Arachni

Arachni Project (unmaintained)

Legacy modular web application vulnerability scanner — no longer maintained, but still referenced by CySA+.

Vulnerability Management Free & Open Source Platform / Suite Learning Cross-platform
Homepage Docs

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain
1 Reconnaissance
2 Weaponization
3 Delivery
4 Exploitation
5 Installation
6 Command & Control
7 Actions on Objectives
Defender — IR Lifecycle
8 Detection / Monitoring
9 Containment & Eradication
10 Post-incident Forensics

Description

Arachni is an open-source, modular web application vulnerability scanner written in Ruby. The project is no longer actively maintained — the last stable release (v1.6.1.3) shipped in March 2020 and the original author announced he was stepping away shortly afterwards. It is included here because it still appears in older CySA+ study material and legacy assessment reports; for new work, prefer OWASP ZAP or Burp Suite.

Historical differentiators worth recognising on the exam:

  • Browser cluster for crawling JavaScript-heavy sites.
  • REST API for headless usage.
  • Plugin ecosystem (auth, login sequences, custom checks).
  • Distributed scanning with multiple cooperating instances.

Use cases

  • Recognising Arachni references in legacy reports / older exam questions
  • Re-running historical scans for trend comparison
  • Self-study of DAST internals (the Ruby codebase is well documented)