archerysec v2.0.5 released: Open Source Vulnerability Assessment and Management

by do son · Published April 12, 2019 · Updated April 11, 2023

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web applications and networks. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for the implementation of their DevOps CI/CD environment.

Overview of the tool:

Perform Web and Network Vulnerability Scanning using opensource tools.
Correlates and Collaborate all raw scans data, shows them in a consolidated manner.
Perform authenticated web scanning.
Perform web application scanning using selenium.
Vulnerability Management.
Enable REST API’s for developers to perform scanning and Vulnerability Management.
JIRA Ticketing System.
Subdomain discovery and scanning.
Periodic scans.
Concurrent scans.
Useful for DevOps teams for Vulnerability Management.

Changelog v2.0.5

🚀 New scanners

Vuls & Nmap Vulners parsers, few fixes (#600)
Gitleak json report parsing (#599)

🚀 Features and enhancements

Adding Search builder to all DataTables (#603)
Enhanced Jira integration (#601)
Vuls & Nmap Vulners parsers, few fixes (#600)
Enhanced & modular parsers (#595)

🐛 Bug Fixes

#591 fixed arachni scan error (#592)
Fixed #325 burp scan not getting launched through UI (#587)

Requirement

OpenVAS

You can follow the instructions to install OpenVAS from Hacker Target

Note that, at this time, Archery generates a TCP connection towards the OpenVAS Manager (not the GSA): therefore, you need to update your OpenVAS Manager configuration to bind this port. Its default port (9390/tcp), but you can update this in your settings.