Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review.
It is multi-platform, supporting all major operating systems (MS Windows, Mac OS X, and Linux) and distributed via portable packages which allow for instant deployment.
It is versatile enough to cover a lot of use cases, ranging from a simple command line scanner utility to a global high-performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration a cinch.
Arachni includes command-line and Web GUI version.
WEB USER INTERFACE
Vulnerability detection scores represent the ability of a scanner to detect different types and permutations of vulnerabilities, as well as the accuracy of those results when dealing with pitfalls that commonly cause false positives.
Vulnerability detection and accuracy scores can be found at: http://ift.tt/Olcykh
SQL injection: 100% (0% false positives)
Reflected XSS: 90.91% (0% false positives) — Misses cases which require support for the now obsolete VBScript language.
Local file inclusion: 100% (0% false positives)
Remote file inclusion: 100% (0% false positives)
Unvalidated redirect: 100% (0% false positives)
Backup files: 100% (0% false positives)
Linux x86 32bit (SHA512)
Linux x86 64bit (SHA512)
Mac OS X
Mac OS X x86 64bit (SHA512)
MS Windows x86 64bit (SHA512)