Skip to content

userIssa/arachne

BranchesTags

Repository files navigation

Arachne 🕷️ (Authorized Testing Only)

Python License Status Security

Arachne is a safe, bounded black‑box web security scanning toolkit designed to help security engineers discover and triage common security issues in web applications --- particularly modern SPA (Single Page Application) environments.

It focuses on discovery, safe probing, misconfiguration detection, access‑control signals, and optional reinforcement‑learning‑guided anomaly exploration.

⚠️ Arachne is intended only for authorized security testing on systems you own or have explicit permission to assess.

Features

Black‑Box Discovery

Automatically discovers likely API endpoints from:

  • SPA JavaScript bundles
  • Known API patterns
  • Optional OpenAPI specifications

Safe Endpoint Probing

Arachne probes discovered endpoints using low‑risk requests to learn:

  • Response behavior
  • HTTP status patterns
  • Security headers
  • CORS behavior

Misconfiguration Detection

Detects common security issues such as:

  • Missing Content‑Security‑Policy
  • Missing HSTS
  • Missing Referrer‑Policy
  • Permissive CORS configurations

Access Control Signal Detection

Performs safe ID mutation tests to identify potential:

  • IDOR patterns
  • Object exposure signals
  • Endpoint behavior differences

Error Surface Analysis

Detects error disclosure patterns like:

  • stack traces
  • internal path leaks
  • verbose framework errors

Reinforcement Learning Exploration (Optional)

Arachne can train a reinforcement learning agent to explore benign request mutations and discover unusual response behavior.

HTML Reporting

Outputs results in:

  • structured JSON
  • client‑style HTML report

Installation

1. Clone repository

git clone https://github.com/yourusername/arachne.git
cd arachne

2. Create a virtual environment

python3 -m venv .venv
source .venv/bin/activate

Upgrade pip:

pip install -U pip

3. Install Arachne

pip install -e .

For reinforcement learning features:

pip install -e ".[rl]"

Verify installation:

arachne --help

Quick Start Example

Target:

TARGET="http://127.0.0.1:3000"

1. Discover SPA endpoints

arachne seed-spa "$TARGET" --out spa_inventory.json

2. Probe endpoints safely

arachne probe-inventory "$TARGET"   --inventory spa_inventory.json   --out inventory_probe.json

3. Scan for misconfigurations

arachne scan-misconfig "$TARGET"   --inventory spa_inventory.json   --out misconfig.json

4. Access control signal scan

arachne scan-ac "$TARGET"   --inventory spa_inventory.json   --out ac_findings.json

Verify signals:

arachne verify-ac "$TARGET"   --findings ac_findings.json   --out ac_verify.json

5. Run triage pipeline

arachne triage "$TARGET"   --inventory spa_inventory.json   --out triage_results.json   --findings-out findings.json

Reinforcement Learning (Optional)

Train RL agent:

arachne train-rl-web "$TARGET"   --path /rest/products/search   --param q   --steps 12000   --model-out arachne_rl_dqn.zip   --i-own-this-target

Run RL scan:

arachne scan-rl "$TARGET"   --path /rest/products/search   --param q   --model arachne_rl_dqn.zip   --steps 100   --out rl_findings.json   --i-own-this-target

Generate Final Report

Merge all outputs:

arachne merge-report --out arachne_merged.json   spa_inventory.json   inventory_probe.json   misconfig.json   ac_findings.json   ac_verify.json   triage_results.json   findings.json   rl_findings.json

Generate HTML report:

arachne report-html arachne_merged.json

Output:

out/arachne_report.html

Console Mode (Metasploit‑style)

Launch interactive interface:

arachne console

Example workflow:

set target http://127.0.0.1:3000
use seed-spa
run

You can also run raw CLI commands:

raw seed-spa http://127.0.0.1:3000 --out spa_inventory.json

Output Files

Typical scan artifacts:

File Purpose

spa_inventory.json discovered endpoints inventory_probe.json probe results misconfig.json header and CORS issues ac_findings.json access control signals ac_verify.json verified signals findings.json triage findings rl_findings.json RL anomalies arachne_merged.json merged report out/arachne_report.html final HTML report

🔍 Detection Capabilities

Category Capability Module
Reconnaissance Server fingerprinting, headers, CORS recon
Endpoint Discovery SPA JS extraction, OpenAPI import seed-spa, import-openapi
Inventory Probing Safe endpoint probing probe-inventory
Misconfiguration Missing headers, CORS issues, cache exposure scan-misconfig
Access Control ID-based behavior analysis (IDOR signals) scan-ac, verify-ac
Error Handling Stack trace disclosure detection expand-error, profile-error
Triage Automated finding prioritization triage
Reporting JSON, Markdown, HTML reports report, report-html
RL-Based Testing Adaptive mutation scanning scan-rl, train-rl-web

Safety

Arachne is designed to:

  • avoid destructive payloads
  • operate with rate limiting
  • use safe HTTP methods
  • remain within authorized testing scope

Always follow responsible disclosure and legal testing boundaries.

License

This project is provided for educational and authorized security testing purposes.

About

Arachne — a black-box web security scanner for discovering API surfaces, detecting misconfigurations, and surfacing access-control signals in modern web applications.

Topics

python owasp cybersecurity penetration-testing web-security bugbounty security-automation security-tools api-security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages