arirang v2.03  - powerful webserver security scanner for network

----------------------------------------------------------------

what is the 'arirang' ?
arirang - korean word.
          it's a korea's tradition folk song

'a~ri~rang a~ri~rang a ra ri yo. arirang ~~~~~~~~~~    

from south korea.

----------------------------------------------------------------

arirang is powerful webserver security scanner for network.

it's free, fast and supported report, ssl scan, network scan, flexible rule scan, http socks5 proxy
and arirang script.

arirang different most cgi scanners.
arirang based on twwwscan. designed to network scanner.

arirang can help network administrators find security vulnerabilities, auditing and patch in their webservers.

i wrote these tools with honest intentions to audit my own webserver and network.
Please do not abuse this software.

this program was originally written under OpenBSD
tested on OpenBSD, FreeBSD, NetBSD, Linux

---------------------------------------------------------------

i tested arirang 2.03 on OpenBSD, FreeBSD, NetBSD, Linux

if you can run with arirang on other unix
such as mac osx, solaris, hp-ux, aix. please tell test result email to me.

*******************************************************************

To install arirang, you will need : 

Install Requirement
 * Ruby ( http://ruby-lang.org ) - 1.8.x or 1.9.x
 * Ruby Library and Ruby Include files
 * OpenSSL Library - libssl
 * OpenSSL Include files - /usr/include/openssl/


 # ruby extconf.rb
 # make
 # ./arirang

*******************************************************************
* changed 2.03 - 2011/10/03
now arirang script can support the Ruby 1.9x
added -d option with verbose mode
fixed Makefile that added -lresolv on Linux
fixed use-after-free bug in arirang script

* changed 2.02 - 2011/04/28
supported -T option socket connect timeout
supported -p option with multi-port scan  eg) -p 22,80,8080
added ariprint function in arirang script
added $ari_sport variable in arirang script
changed default processes count 30 to 60
changed default connect timeout seconds 2 to 3
changed printing style
fixed few bugs 

* changed 2.01 - 2011/03/25
now arisend function can send null bytes in arirang script
added ariclose function in arirang script
supported Caching only HTTP proxy (-X option) with arirang script
fixed long time bug - query string (\n\n to \r\n\r\n)

* changed 2.00 - 2010/10/03
completed rewritten arirang Ruby script 
- variable style to class style (class Arirang)
- one global variable ($ari_host) 
- three instant variables (@ari_port, @ari_recvsize, @ari_recvflag)
- two functions (baedal, asadal)
- two arirang functions (ariconnect, arisend) 
supported HTTP proxy (-X option)
supported SOCKS5 proxy (-X option)
added environment variables (PROXY_USER, PROXY_PASS, PROXY_TYPE)
added arirang Ruby script examples

* changed 1.95 - 2010/09/15
supported arirang Ruby script (-R option)
changed osfinger to malloc.
fixed few signal in old code.
fixed few bugs.
added script directory - some arirang ruby script examples

* changed 1.90 - 2010/09/06
supported SSL
supported CIDR of Domain Name
supported count of scan hosts
fixed connect timeout 
applied recv timeout of rule scan. 
fixed gcc warning.
fixed few signal in old code. 
fixed few printing style.

* changed 1.77 - 2010/08/31
integration source code bsd version with linux, other unix.
supported NOT keyword in scanrule. - see a rule.uxe or nottest.uxe
supported -t option socket receive timeout
supported -f option scan(process + automatic scan) and bug fix.
supported milliseconds on scantime.
fixed gcc warning.
fixed printing style.
fixed few bugs
added scanrule/nottest.uxe
added scanrule/account.uxe 

* changed 1.7 - 2010/08/26
supported allow check of webserver.
supported CIDR of IP Address.
supported HTML Report.
removed os detect. - changed -O to allow check
decrease TIMEOUT 10 to 5 - increase scan speed
added scanrule/request.uxe
fixed few bugs.
fixed some typo. 

*** took arirang 8 years to come back ***

* changed 1.6 - 2002/07/21
supported automatic wide ip range scan(fast xx times than 1.6beta version)
supported scan time
fixed broadcast bug
fixed osfinger check
a few bug fixed
supported check recent apache chunk bug scanrule/apache.uxe
moved arirang scan rule files into scanrule directory
fixed gcc -Wall compile option

* changed 1.6beta - 2001/08/10
supported recv msg flags (fixed .ida buffer overflow check)

* changed 1.5  - 2001/../..

--------------------------------------------------------------------------
Date: 2011/10/03 KST
pilot <pilot@monkey.org>
http://www.monkey.org/~pilot

