Arachni is a fire-and-forget or point-and-shoot web application vulnerability scanner. This procedure explains how to get the current experimental branch of Arachni up and running under Cygwin. Check back often, I try to get this post updated when new versions arrive. Bugs are usually fixed quite rapidly, so hopefully one day we will have a one-line installation procedure.
A few earlier blog-posts of mine describe how to get the current release version of Arachni (v.0.3) running on Windows using MinGW and Cygwin. Both installations still have their problems unfortunately.
Some of the problems are already fixed in the experimental branch, so here is the procedure to install that version and help debugging (but in reality, it appears to be working fine!).
Notice
If you get weird errors (“fork: child xxx - died waiting”) during the compilation of any of the tools in the next steps, please do this:
In your Cygwin shell:
$ find /usr/ -iname '*.so' > /tmp/local.so.lst$ /bin/rebaseall
$ /bin/rebaseall -T /tmp/local.so.lst
Exit ash.
Step 1
Install or upgrade Cygwin by running setup.exe. Apart from the standard packages, include the following:
- Database: libsqlite3-devel, libsql3_0
- Devel: doxygen, libffi4, gcc4, gcc4-core, gcc4-g++, git, libxml2-devel, make, openssl-devel, pkg-config
- Editors: nano
- Libs: libxslt, libxslt-devel, libopenssl098, tcltk, libxml2, libmpfr4
- Net: libcurl-devel, libcurl4
Accept the installation of packages that are required to satisfy dependencies. Note that some of your other tools might not work with these libraries or upgrades. In any case, an upgrade of Cygwin usually results in recompiling any tools that you compiled earlier.
Step 2
First we need to install libffi. Execute the following commands in your Cygwin shell:
$ cd
$ git clone git://github.com/atgreen/libffi.git
$ cd libffi
$ ./configure --prefix=/usr
$ make
$ make install-libLTLIBRARIES
$ cd
$ tar -xvf yaml-0.1.4.tar.gz
$ cd yaml-0.1.4
$ ./configure --prefix=/usr
$ make
$ make install
Step 3
Execute the following commands in the Cygwin shell:
$ cd
$ tar -xvf ruby-1.9.3-p0.tar.gz
$ cd ruby-1.9.3-p0
$ ./configure --prefix=/usr
$ make
$ make install
Step 4
$ gem update --system
$ gem install rake-compiler
$ cd
$ git clone git://github.com/djberg96/sys-proctable.git
$ cd sys-proctable
$ rake install
$ gem build sys-proctable.gemspec
$ gem install sys-proctable-0.9.1-x86-cygwin.gem
Step 5
Finally we can install Arachni (and the source) by executing the following commands in Cygwin:
$ cd
$ git clone git://github.com/eventmachine/eventmachine.git
$ cd eventmachine
$ gem build eventmachine.gemspec
$ gem install eventmachine-1.0.0.beta.4.gem
$ cd
$ git clone git://github.com/Arachni/arachni-rpc.git
$ cd arachni-rpc
$ gem build arachni-rpc.gemspec
$ gem install arachni-rpc-0.1.gem
$ cd
$ git clone git://github.com/Arachni/arachni-rpc-em.git
$ cd arachni-rpc-em
$ gem build arachni-rpc-em.gemspec
$ gem install arachni-rpc-em-0.1.gem
$ cd
$ git clone git://github.com/Zapotek/arachni.git
$ cd arachni
$ git checkout experimental
$ rake install
Pfioew! This should do it. You can now start working with Arachni!
Note that arachni_web_autostart does not work in Cygwin, you have to start Arachni as follows:
$ arachni_rpcd &
$ arachni_web
History
2011/12/14 minor fixes, update Ruby, added Cygwin requirement pkg-config
2011/11/20 updated to include arachni-rpc-em
2011/11/15 fixed some typos
2011/10/31 filename problems already fixed in current experimental branch
2011/10/30 New procedure based on experiences with MinGW
Awesome instructions. On x86 / 2003 VM worked like a champ. Had too many difficulities under Vista/Win7 under .3 ... Great work in capturing all the steps -
ReplyDeleteOn step 5, have listed as gem build arachni-rpc.gemspec but could not find it, ran as gem build arachni-rpc-em.gemspec
Thanks! Fixed the typo.
ReplyDelete