The project was initially started as an educational exercise though it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible security/vulnerability assessments..
More than that, Arachni is highly extend-able allowing for anyone to improve upon it by adding custom components and tailoring most aspects to meet most needs.
Arachni is a fully automated system which tries to enforce the fire and forget principle.
As soon as a scan is started it will not bother you for anything nor require further user interaction.
Upon completion, the scan results will be saved in a file which you can later convert to several different formats (HTML, Plain Text, XML, etc.).
In order to maximize bandwidth utilization and get the most bang for the buck (an unfortunate choice of words since Arachni is free) the system uses asynchronous HTTP requests.
Thus, you can rest assured that the scan will be as fast as possible and performance will only be limited by your or the audited server's physical resources.
Arachni uses various techniques to compensate for the widely heterogeneous environment of web applications.
This includes a combination of widely deployed techniques (taint-analysis, fuzzing, differential analysis, timing/delay attacks) along with novel technologies (rDiff analysis, modular meta-analysis) developed specifically for the framework.
This allows the system to make highly informed decisions using a variety of different inputs; a process which diminishes false positives and even uses them to provide human-like insights into the inner workings of web applications.
The Trainer is what enables Arachni to learn from the scan it performs and incorporate that knowledge, on the fly, for the duration of the audit.
Arachni is aware of which requests are more likely to uncover new elements or attack vectors and adapts itself accordingly.
Also, components have the ability to individually force the Framework to learn from the HTTP responses they are going to induce thus improving the chance of uncovering a hidden vector that would appear as a result of their probing.
One of the biggest advantages of Arachni is its highly modular nature.
The framework can be extended indefinitely by the addition of components like path extractors, modules, plug-ins, or even user interfaces.
Arachni is not only meant to serve as a security scanner but also as a platform for any sort of black box testing or data scraping; full fledged applications can be