RubyGems - arachni - Versions diffs - 0.2.2.1 - Mend

arachni 0.2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

data/ACKNOWLEDGMENTS.md +14 -0
data/AUTHORS.md +6 -0
data/CHANGELOG.md +162 -0
data/CONTRIBUTORS.md +10 -0
data/EXPLOITATION.md +429 -0
data/HACKING.md +101 -0
data/LICENSE.md +341 -0
data/README.md +350 -0
data/Rakefile +86 -0
data/bin/arachni +22 -0
data/bin/arachni_web +77 -0
data/bin/arachni_xmlrpc +21 -0
data/bin/arachni_xmlrpcd +82 -0
data/bin/arachni_xmlrpcd_monitor +74 -0
data/conf/README.webui.yaml.txt +44 -0
data/conf/webui.yaml +11 -0
data/external/metasploit/LICENSE +24 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
data/external/metasploit/plugins/arachni.rb +536 -0
data/getoptslong.rb +241 -0
data/lib/anemone.rb +2 -0
data/lib/anemone/cookie_store.rb +35 -0
data/lib/anemone/core.rb +371 -0
data/lib/anemone/exceptions.rb +5 -0
data/lib/anemone/http.rb +144 -0
data/lib/anemone/page.rb +337 -0
data/lib/anemone/page_store.rb +160 -0
data/lib/anemone/storage.rb +34 -0
data/lib/anemone/storage/base.rb +75 -0
data/lib/anemone/storage/exceptions.rb +15 -0
data/lib/anemone/storage/mongodb.rb +89 -0
data/lib/anemone/storage/pstore.rb +50 -0
data/lib/anemone/storage/redis.rb +90 -0
data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
data/lib/anemone/tentacle.rb +40 -0
data/lib/arachni.rb +16 -0
data/lib/audit_store.rb +346 -0
data/lib/component_manager.rb +293 -0
data/lib/component_options.rb +395 -0
data/lib/exceptions.rb +76 -0
data/lib/framework.rb +637 -0
data/lib/http.rb +809 -0
data/lib/issue.rb +302 -0
data/lib/module.rb +4 -0
data/lib/module/auditor.rb +455 -0
data/lib/module/base.rb +188 -0
data/lib/module/element_db.rb +158 -0
data/lib/module/key_filler.rb +87 -0
data/lib/module/manager.rb +87 -0
data/lib/module/output.rb +68 -0
data/lib/module/trainer.rb +240 -0
data/lib/module/utilities.rb +110 -0
data/lib/options.rb +547 -0
data/lib/parser.rb +2 -0
data/lib/parser/auditable.rb +522 -0
data/lib/parser/elements.rb +296 -0
data/lib/parser/page.rb +149 -0
data/lib/parser/parser.rb +717 -0
data/lib/plugin.rb +4 -0
data/lib/plugin/base.rb +110 -0
data/lib/plugin/manager.rb +162 -0
data/lib/report.rb +4 -0
data/lib/report/base.rb +119 -0
data/lib/report/manager.rb +92 -0
data/lib/rpc/xml/client/base.rb +71 -0
data/lib/rpc/xml/client/dispatcher.rb +49 -0
data/lib/rpc/xml/client/instance.rb +88 -0
data/lib/rpc/xml/server/base.rb +90 -0
data/lib/rpc/xml/server/dispatcher.rb +357 -0
data/lib/rpc/xml/server/framework.rb +206 -0
data/lib/rpc/xml/server/instance.rb +191 -0
data/lib/rpc/xml/server/module/manager.rb +46 -0
data/lib/rpc/xml/server/options.rb +124 -0
data/lib/rpc/xml/server/output.rb +299 -0
data/lib/rpc/xml/server/plugin/manager.rb +58 -0
data/lib/ruby.rb +5 -0
data/lib/ruby/object.rb +32 -0
data/lib/ruby/string.rb +74 -0
data/lib/ruby/xmlrpc/server.rb +27 -0
data/lib/spider.rb +200 -0
data/lib/typhoeus/request.rb +91 -0
data/lib/typhoeus/response.rb +34 -0
data/lib/ui/cli/cli.rb +744 -0
data/lib/ui/cli/output.rb +279 -0
data/lib/ui/web/log.rb +82 -0
data/lib/ui/web/output_stream.rb +94 -0
data/lib/ui/web/report_manager.rb +222 -0
data/lib/ui/web/server.rb +903 -0
data/lib/ui/web/server/db/placeholder +0 -0
data/lib/ui/web/server/public/banner.png +0 -0
data/lib/ui/web/server/public/bodybg-small.png +0 -0
data/lib/ui/web/server/public/bodybg.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
data/lib/ui/web/server/public/favicon.ico +0 -0
data/lib/ui/web/server/public/footer.jpg +0 -0
data/lib/ui/web/server/public/icons/error.png +0 -0
data/lib/ui/web/server/public/icons/info.png +0 -0
data/lib/ui/web/server/public/icons/ok.png +0 -0
data/lib/ui/web/server/public/icons/status.png +0 -0
data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
data/lib/ui/web/server/public/logo.png +0 -0
data/lib/ui/web/server/public/nav-left.jpg +0 -0
data/lib/ui/web/server/public/nav-right.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
data/lib/ui/web/server/public/reports/placeholder +1 -0
data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
data/lib/ui/web/server/public/spider.png +0 -0
data/lib/ui/web/server/public/style.css +604 -0
data/lib/ui/web/server/tmp/placeholder +0 -0
data/lib/ui/web/server/views/dispatcher.erb +85 -0
data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
data/lib/ui/web/server/views/error.erb +1 -0
data/lib/ui/web/server/views/flash.erb +18 -0
data/lib/ui/web/server/views/home.erb +14 -0
data/lib/ui/web/server/views/instance.erb +213 -0
data/lib/ui/web/server/views/layout.erb +95 -0
data/lib/ui/web/server/views/log.erb +40 -0
data/lib/ui/web/server/views/modules.erb +71 -0
data/lib/ui/web/server/views/options.erb +23 -0
data/lib/ui/web/server/views/output_results.erb +51 -0
data/lib/ui/web/server/views/plugins.erb +42 -0
data/lib/ui/web/server/views/report_formats.erb +30 -0
data/lib/ui/web/server/views/reports.erb +55 -0
data/lib/ui/web/server/views/settings.erb +120 -0
data/lib/ui/web/server/views/welcome.erb +38 -0
data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
data/logs/placeholder +0 -0
data/metamodules/autothrottle.rb +74 -0
data/metamodules/timeout_notice.rb +118 -0
data/metamodules/uniformity.rb +98 -0
data/modules/audit/code_injection.rb +136 -0
data/modules/audit/code_injection_timing.rb +115 -0
data/modules/audit/code_injection_timing/payloads.txt +4 -0
data/modules/audit/csrf.rb +301 -0
data/modules/audit/ldapi.rb +103 -0
data/modules/audit/ldapi/errors.txt +26 -0
data/modules/audit/os_cmd_injection.rb +103 -0
data/modules/audit/os_cmd_injection/payloads.txt +2 -0
data/modules/audit/os_cmd_injection_timing.rb +104 -0
data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
data/modules/audit/path_traversal.rb +141 -0
data/modules/audit/response_splitting.rb +105 -0
data/modules/audit/rfi.rb +193 -0
data/modules/audit/sqli.rb +120 -0
data/modules/audit/sqli/regexp_ids.txt +90 -0
data/modules/audit/sqli_blind_rdiff.rb +321 -0
data/modules/audit/sqli_blind_timing.rb +103 -0
data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
data/modules/audit/trainer.rb +89 -0
data/modules/audit/unvalidated_redirect.rb +90 -0
data/modules/audit/xpath.rb +104 -0
data/modules/audit/xpath/errors.txt +26 -0
data/modules/audit/xss.rb +99 -0
data/modules/audit/xss_event.rb +134 -0
data/modules/audit/xss_path.rb +125 -0
data/modules/audit/xss_script_tag.rb +112 -0
data/modules/audit/xss_tag.rb +112 -0
data/modules/audit/xss_uri.rb +125 -0
data/modules/recon/allowed_methods.rb +104 -0
data/modules/recon/backdoors.rb +131 -0
data/modules/recon/backdoors/filenames.txt +16 -0
data/modules/recon/backup_files.rb +177 -0
data/modules/recon/backup_files/extensions.txt +28 -0
data/modules/recon/common_directories.rb +138 -0
data/modules/recon/common_directories/directories.txt +265 -0
data/modules/recon/common_files.rb +138 -0
data/modules/recon/common_files/filenames.txt +17 -0
data/modules/recon/directory_listing.rb +171 -0
data/modules/recon/grep/captcha.rb +62 -0
data/modules/recon/grep/credit_card.rb +85 -0
data/modules/recon/grep/cvs_svn_users.rb +73 -0
data/modules/recon/grep/emails.rb +59 -0
data/modules/recon/grep/html_objects.rb +53 -0
data/modules/recon/grep/private_ip.rb +54 -0
data/modules/recon/grep/ssn.rb +53 -0
data/modules/recon/htaccess_limit.rb +82 -0
data/modules/recon/http_put.rb +95 -0
data/modules/recon/interesting_responses.rb +118 -0
data/modules/recon/unencrypted_password_forms.rb +119 -0
data/modules/recon/webdav.rb +126 -0
data/modules/recon/xst.rb +107 -0
data/path_extractors/anchors.rb +35 -0
data/path_extractors/forms.rb +35 -0
data/path_extractors/frames.rb +38 -0
data/path_extractors/generic.rb +39 -0
data/path_extractors/links.rb +35 -0
data/path_extractors/meta_refresh.rb +39 -0
data/path_extractors/scripts.rb +37 -0
data/path_extractors/sitemap.rb +31 -0
data/plugins/autologin.rb +137 -0
data/plugins/content_types.rb +90 -0
data/plugins/cookie_collector.rb +99 -0
data/plugins/form_dicattack.rb +185 -0
data/plugins/healthmap.rb +94 -0
data/plugins/http_dicattack.rb +133 -0
data/plugins/metamodules.rb +118 -0
data/plugins/proxy.rb +248 -0
data/plugins/proxy/server.rb +66 -0
data/plugins/waf_detector.rb +184 -0
data/profiles/comprehensive.afp +74 -0
data/profiles/full.afp +75 -0
data/reports/afr.rb +59 -0
data/reports/ap.rb +55 -0
data/reports/html.rb +179 -0
data/reports/html/default.erb +967 -0
data/reports/metareport.rb +139 -0
data/reports/metareport/arachni_metareport.rb +174 -0
data/reports/plugin_formatters/html/content_types.rb +82 -0
data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
data/reports/plugin_formatters/html/healthmap.rb +76 -0
data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
data/reports/plugin_formatters/html/metamodules.rb +93 -0
data/reports/plugin_formatters/html/waf_detector.rb +54 -0
data/reports/plugin_formatters/stdout/content_types.rb +73 -0
data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
data/reports/plugin_formatters/xml/content_types.rb +91 -0
data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/healthmap.rb +82 -0
data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
data/reports/plugin_formatters/xml/metamodules.rb +91 -0
data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
data/reports/stdout.rb +182 -0
data/reports/txt.rb +77 -0
data/reports/xml.rb +231 -0
data/reports/xml/buffer.rb +98 -0
metadata +516 -0

data/lib/rpc/xml/client/base.rb ADDED

@@ -0,0 +1,71 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'xmlrpc/client'
+require 'openssl'
+module Arachni
+module RPC
+module XML
+module Client
+#
+# Basic self-configuring XMLRPC client supporting cert-based SSL client/server authentication
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Base
+    def initialize( opts, url )
+        @opts = opts
+        # start the XMLRPC client
+        @server = ::XMLRPC::Client.new2( url )
+        # there'll be a HELL of lot of output so things might get..laggy.
+        # a big timeout is required to avoid Timeout exceptions...
+        @server.timeout = 9999999
+        if @opts.ssl_ca || @opts.ssl_pkey || @opts.ssl_cert
+            pkey = ::OpenSSL::PKey::RSA.new( File.read( opts.ssl_pkey ) )         if @opts.ssl_pkey
+            cert = ::OpenSSL::X509::Certificate.new( File.read( opts.ssl_cert ) ) if @opts.ssl_cert
+            @server.instance_variable_get( :@http ).instance_variable_set( :@key, pkey )
+            @server.instance_variable_get( :@http ).instance_variable_set( :@cert, cert )
+            @server.instance_variable_get( :@http ).instance_variable_set( :@ca_file, @opts.ssl_ca )
+            @server.instance_variable_get( :@http ).instance_variable_set( :@verify_mode,
+                OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT )
+        else
+            @server.instance_variable_get( :@http ).instance_variable_set( :@verify_mode, OpenSSL::SSL::VERIFY_NONE )
+        end
+    end
+    #
+    # Used to make old school XMLRPC calls
+    #
+    def call( method, *args )
+        @server.call( method, *args )
+    end
+end
+end
+end
+end
+end

data/lib/rpc/xml/client/dispatcher.rb ADDED

@@ -0,0 +1,49 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'xmlrpc/client'
+require 'openssl'
+module Arachni
+require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/base'
+module RPC
+module XML
+module Client
+#
+# XMLRPC Dispatcher client
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1.2
+#
+class Dispatcher < Base
+    def initialize( opts, url )
+        super( opts, url )
+    end
+    private
+    #
+    # Used to provide the illusion of locality for remote methods
+    #
+    def method_missing( sym, *args, &block )
+        call( "dispatcher.#{sym.to_s}", *args )
+    end
+end
+end
+end
+end
+end

data/lib/rpc/xml/client/instance.rb ADDED

@@ -0,0 +1,88 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'xmlrpc/client'
+require 'openssl'
+module Arachni
+require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/base'
+module RPC
+module XML
+module Client
+#
+# XMLRPC client for remote instances spawned by a remote dispatcher
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1.1
+#
+class Instance < Base
+    attr_reader :opts
+    attr_reader :framework
+    attr_reader :modules
+    attr_reader :plugins
+    attr_reader :service
+    #
+    # Maps the methods of remote objects to local ones
+    #
+    class Mapper
+        def initialize( server, remote )
+            @server = server
+            @remote = remote
+        end
+        private
+        #
+        # Used to provide the illusion of locality for remote methods
+        #
+        def method_missing( sym, *args, &block )
+            call = "#{@remote}.#{sym.to_s}"
+            @server.call( call, *args )
+        end
+    end
+    #
+    # Used to make remote option attributes look like setter methods
+    #
+    class OptsMapper < Mapper
+        def method_missing( sym, *args, &block )
+            return super( sym, *args, &block ) if sym == :set
+            call = "#{@remote}.#{sym.to_s}="
+            @server.call( call, *args )
+        end
+    end
+    def initialize( opts, url )
+        super( opts, url )
+        @opts      = OptsMapper.new( @server, 'opts' )
+        @framework = Mapper.new( @server, 'framework' )
+        @modules   = Mapper.new( @server, 'modules' )
+        @plugins   = Mapper.new( @server, 'plugins' )
+        @service   = Mapper.new( @server, 'service' )
+    end
+end
+end
+end
+end
+end

data/lib/rpc/xml/server/base.rb ADDED

@@ -0,0 +1,90 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'socket'
+require 'sys/proctable'
+module Arachni
+module RPC
+module XML
+module Server
+#
+# Dispatcher class
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Base
+    def initialize( opts )
+        pkey = ::OpenSSL::PKey::RSA.new( File.read( opts.ssl_pkey ) )         if opts.ssl_pkey
+        cert = ::OpenSSL::X509::Certificate.new( File.read( opts.ssl_cert ) ) if opts.ssl_cert
+        if opts.ssl_pkey || opts.ssl_cert || opts.ssl_ca
+            verification = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+        else
+            verification = ::OpenSSL::SSL::VERIFY_NONE
+        end
+        @server = ::WEBrick::HTTPServer.new(
+            :Port            => opts.rpc_port,
+            :SSLEnable       => opts.ssl  || false,
+            :SSLVerifyClient => verification,
+            :SSLCertName     => [ [ "CN", ::WEBrick::Utils::getservername ] ],
+            :SSLCertificate  => cert,
+            :SSLPrivateKey   => pkey,
+            :SSLCACertificateFile => opts.ssl_ca
+        )
+        print_status( 'Initing XMLRPC Server...' )
+        @service = ::XMLRPC::WEBrickServlet.new(  )
+        @service.add_introspection
+        @server.mount( "/RPC2", @service )
+    end
+    def add_handler( name, klass )
+        @service.add_handler( ::XMLRPC::iPIMethods( name ), klass )
+    end
+    def run
+        @server.start
+    end
+    def alive?
+        return true
+    end
+    alias :is_alive :alive?
+    def shutdown
+        @server.shutdown
+    end
+    private
+    def remove_nils( hash )
+        hash.each_pair {
+            |k, v|
+            hash[k] = '' if v.nil?
+            hash[k] = remove_nils( v ) if v.is_a? Hash
+        }
+        return hash
+    end
+end
+end
+end
+end
+end

data/lib/rpc/xml/server/dispatcher.rb ADDED

@@ -0,0 +1,357 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'socket'
+require 'sys/proctable'
+module Arachni
+require Options.instance.dir['lib'] + 'rpc/xml/server/base'
+require Options.instance.dir['lib'] + 'rpc/xml/server/instance'
+require Options.instance.dir['lib'] + 'rpc/xml/server/output'
+module RPC
+module XML
+module Server
+#
+# Dispatcher class
+#
+# Dispatches XML-RPC servers on demand providing a centralised environment
+# for multiple XMLRPC clients and allows for extensive process monitoring.
+#
+# The process goes something like this:
+#   * a client issues a 'dispatch' call
+#   * the dispatcher starts a new XMLRPC server on a random port
+#   * the dispatcher returns the port of the XMLRPC server to the client
+#   * the client connects to the XMLRPC server listening on that port and does his business
+#
+# Once the client finishes using the XMLRPC server it *must* shut it down.<br/>
+# If it doesn't the system will be eaten away by idle instances of XMLRPC servers.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1.1
+#
+class Dispatcher < Base
+    include Arachni::Module::Utilities
+    include Arachni::UI::Output
+    include ::Sys
+    private :shutdown, :alive?
+    public  :shutdown, :alive?
+    def initialize( opts )
+        banner
+        @opts = opts
+        @opts.rpc_port  ||= 7331
+        @opts.pool_size ||= 5
+        if opts.help
+            print_help
+            exit 0
+        end
+        super( @opts )
+        prep_logging
+        print_status( 'Initing XMLRPC Server...' )
+        add_handler( "dispatcher", self )
+        # trap interupts and exit cleanly when required
+        trap( 'HUP' ) { shutdown }
+        trap( 'INT' ) { shutdown }
+        @jobs = []
+        @pool = Queue.new
+        print_status( 'Warming up the pool...' )
+        prep_pool
+        print_status( 'Done.' )
+        print_status( 'Initialization complete.' )
+    end
+    # Starts the dispatcher's server
+    def run
+        print_status( 'Starting the server...' )
+        super
+    end
+    def shutdown
+        print_status( 'Shutting down...' )
+        super
+        print_status( 'Done.' )
+    end
+    #
+    # Dispatches an XMLRPC server instance from the pool
+    #
+    # @param    [String]    owner   an owner assign to the dispatched XMLRPC server
+    #
+    # @return   [Hash]      includes port number, owner, clock info and proc info
+    #
+    def dispatch( owner = 'unknown' )
+        # just to make sure...
+        owner = owner.to_s
+        cjob  = @pool.pop
+        cjob['owner']     = owner
+        cjob['starttime'] = Time.now
+        print_status( "Server dispatched -- PID: #{cjob['pid']} - " +
+            "Port: #{cjob['port']} - Owner: #{cjob['owner']}" )
+        prep_pool
+        @jobs << cjob
+        return job( cjob['pid'] )
+    end
+    #
+    # Returns proc info for a given pid
+    #
+    # @param    [Fixnum]      pid
+    #
+    # @return   [Hash]
+    #
+    def job( pid )
+        @jobs.each {
+            |i|
+            cjob = i.dup
+            if cjob['pid'] == pid
+                cjob['currtime'] = Time.now
+                cjob['age'] = cjob['currtime'] - cjob['birthdate']
+                cjob['runtime']  = cjob['currtime'] - cjob['starttime']
+                cjob['proc'] =  proc( cjob['pid'] )
+                return remove_nils( cjob )
+            end
+        }
+    end
+    #
+    # Returns proc info for all jobs
+    #
+    # @return   [Array<Hash>]
+    #
+    def jobs
+        jobs = []
+        @jobs.each {
+            |cjob|
+            proc_info = job( cjob['pid'] )
+            jobs << proc_info if proc_info
+        }
+        return jobs
+    end
+    #
+    # Returns server stats regarding the jobs and pool
+    #
+    # @return   [Hash]
+    #
+    def stats
+        cjobs    = jobs( )
+        running  = cjobs.reject{ |job| job['proc'].empty? }
+        finished = cjobs - running
+        return {
+            'running_jobs'    => running,
+            'finished_jobs'   => finished,
+            'init_pool_size'  => @opts.pool_size,
+            'curr_pool_size'  => @pool.size
+        }
+    end
+    #
+    # Outputs the Arachni banner.<br/>
+    # Displays version number, revision number, author details etc.
+    #
+    def banner
+        puts 'Arachni - Web Application Security Scanner Framework
+       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+                                      <zapotek@segfault.gr>
+               (With the support of the community and the Arachni Team.)
+       Website:       http://github.com/Zapotek/arachni
+       Documentation: http://github.com/Zapotek/arachni/wiki'
+        puts
+        puts
+    end
+    def print_help
+        puts <<USAGE
+  Usage:  arachni_xmlrpcd \[options\]
+  Supported options:
+    -h
+    --help                      output this
+    --port                      specify port to listen to
+                                    (Default: #{@opts.rpc_port})
+    --reroute-to-logfile        reroute all output to a logfile under 'logs/'
+    --pool-size                 how many server workers/processes should be available
+                                  at any given moment (Default: #{@opts.pool_size})
+    --debug
+    SSL --------------------------
+    (All SSL options will be honored by the dispatched XMLRPC instances as well.)
+    (Do *not* use encrypted keys!)
+    --ssl                       use SSL?
+                                   (If you want encryption without authentication
+                                    you can skip rest of the SSL options.)
+    --ssl-pkey   <file>         location of the SSL private key (.pem)
+                                    (Used to verify the server to the clients.)
+    --ssl-cert   <file>         location of the SSL certificate (.pem)
+                                    (Used to verify the server to the clients.)
+    --ssl-ca     <file>         location of the CA certificate (.pem)
+                                    (Used to verify the clients to the server.)
+USAGE
+    end
+    private
+    #
+    # Initializes and updates the pool making sure that the number of
+    # available server processes stays constant for any given moment
+    #
+    def prep_pool
+        owner = 'dispatcher'
+        (@pool.size - @opts.pool_size).abs.times {
+            exception_jail{
+                # get an available port for the child
+                @opts.rpc_port = avail_port( )
+                pid = Kernel.fork {
+                    exception_jail {
+                        server = Arachni::RPC::XML::Server::Instance.new( @opts )
+                        trap( "INT", "IGNORE" )
+                        server.run
+                    }
+                    # restore logging
+                    reroute_to_file( @logfile )
+                    print_status( "Server shutdown   -- PID: #{Process.pid} - " +
+                        "Port: #{@opts.rpc_port}" )
+                }
+                print_status( "Server added to pool -- PID: #{pid} - " +
+                    "Port: #{@opts.rpc_port} - Owner: #{owner}" )
+                @pool << {
+                    'pid'   => pid,
+                    'port'  => @opts.rpc_port,
+                    'owner' => owner,
+                    'birthdate' => Time.now
+                }
+                # let the child go about his business
+                Process.detach( pid )
+            }
+        }
+    end
+    def prep_logging
+        # reroute all output to a logfile
+        @logfile ||= reroute_to_file( @opts.dir['root'] +
+            "logs/XMLRPC-Dispatcher - #{Process.pid}:#{@opts.rpc_port} - #{Time.now.asctime}.log" )
+    end
+    def proc( pid )
+        struct_to_h( ProcTable.ps( pid ) )
+    end
+    def struct_to_h( struct )
+        hash = {}
+        return hash if !struct
+        struct.each_pair {
+            |k, v|
+            v = v.to_s if v.is_a?( Bignum ) || v.is_a?( Fixnum )
+            hash[k.to_s] = v
+        }
+        return hash
+    end
+    #
+    # Returns a random available port
+    #
+    # @return   Fixnum  port number
+    #
+    def avail_port
+        port = rand_port
+        while !avail_port?( port )
+            port = rand_port
+        end
+        return port
+    end
+    #
+    # Returns a random port
+    #
+    def rand_port
+        range = (1025..65535).to_a
+        range[ rand( 65535 - 1025 ) ]
+    end
+    #
+    # Checks whether the port number is available
+    #
+    # @param    Fixnum  port
+    #
+    # @return   Bool
+    #
+    def avail_port?( port )
+        begin
+            socket = Socket.new( :INET, :STREAM, 0 )
+            socket.bind( Addrinfo.tcp( "127.0.0.1", port ) )
+            socket.close
+            return true
+        rescue
+            return false
+        end
+    end
+end
+end
+end
+end
+end