arachni 0.2.2.1

data/lib/ui/cli/output.rb

@@ -0,0 +1,279 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+module UI
+
+#
+# CLI Output module
+#
+# Provides a command line output interface to the framework.<br/>
+# All UIs should provide an Arachni::UI::Output module with these methods.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+module Output
+
+    # verbosity flag
+    #
+    # if it's on verbose messages will be enabled
+    @@verbose = false
+
+    # debug flag
+    #
+    # if it's on debugging messages will be enabled
+    @@debug   = false
+
+    # only_positives flag
+    #
+    # if it's on status messages will be disabled
+    @@only_positives  = false
+
+    @@mute  = false
+
+    # Prints an error message
+    #
+    # It ignores all flags, error messages will be output under all
+    # circumstances.
+    #
+    # @param    [String]    error string
+    # @return    [void]
+    #
+    def print_error( str = '' )
+        print_color( '[-]', 31, str, $stderr )
+    end
+
+    # Prints a status message
+    #
+    # Obeys {@@only_positives}
+    #
+    # @see #only_positives?
+    # @see #only_positives!
+    #
+    # @param    [String]    status string
+    # @return    [void]
+    #
+    def print_status( str = '' )
+        if @@only_positives then return end
+        print_color( '[*]', 34, str )
+    end
+
+    # Prints an info message
+    #
+    # Obeys {@@only_positives}
+    #
+    # @see #only_positives?
+    # @see #only_positives!
+    #
+    # @param    [String]    info string
+    # @return    [void]
+    #
+    def print_info( str = '' )
+        if @@only_positives then return end
+        print_color( '[~]', 30, str )
+    end
+
+    # Prints a good message, something that went very very right,
+    # like the discovery of a vulnerability
+    #
+    # Disregards all flags.
+    #
+    # @param    [String]    ok string
+    # @return    [void]
+    #
+    def print_ok( str = '' )
+        print_color( '[+]', 32, str )
+    end
+
+    # Prints a debugging message
+    #
+    # Obeys {@@debug}
+    #
+    # @see #debug?
+    # @see #debug!
+    #
+    # @param    [String]    debugging string
+    # @return    [void]
+    #
+    def print_debug( str = '' )
+        if !@@debug then return end
+        print_color( '[!]', 36, str, $stderr )
+    end
+
+    # Pretty prints an object, used for debugging,
+    # needs some improvement but it'll do for now
+    #
+    # Obeys {@@debug}
+    #
+    # @see #debug?
+    # @see #debug!
+    #
+    # @param    [Object]
+    # @return    [void]
+    #
+    def print_debug_pp( obj = nil )
+        if !@@debug then return end
+        pp obj
+    end
+
+    # Prints the backtrace of an exception
+    #
+    # Obeys {@@debug}
+    #
+    # @see #debug?
+    # @see #debug!
+    #
+    # @param    [Exception]
+    # @return    [void]
+    #
+    def print_debug_backtrace( e = nil )
+        if !@@debug then return end
+        e.backtrace.each{ |line| print_debug( line ) }
+    end
+
+    def print_error_backtrace( e = nil )
+        e.backtrace.each{ |line| print_error( line ) }
+    end
+
+
+    # Prints a verbose message
+    #
+    # Obeys {@@verbose}
+    #
+    # @see #verbose?
+    # @see #verbose!
+    #
+    # @param    [String]    verbose string
+    # @return    [void]
+    #
+    def print_verbose( str = '' )
+        if !@@verbose then return end
+        print_color( '[v]', 37, str )
+    end
+
+    # Prints a line of message
+    #
+    # Obeys {@@only_positives}
+    #
+    # @see #only_positives?
+    # @see #only_positives!
+    #
+    # @param    [String]    string
+    # @return    [void]
+    #
+    def print_line( str = '' )
+        if @@only_positives then return end
+        return if muted?
+        puts str
+    end
+
+    # Sets the {@@verbose} flag to true
+    #
+    # @see #verbose?
+    #
+    # @return    [void]
+    #
+    def verbose!
+        @@verbose = true
+    end
+
+    # Returns the {@@verbose} flag
+    #
+    # @see #verbose!
+    #
+    # @return    [Bool]    @@verbose
+    #
+    def verbose?
+        @@verbose
+    end
+
+    # Sets the {@@debug} flag to true
+    #
+    # @see #debug?
+    #
+    # @return    [void]
+    #
+    def debug!
+        @@debug = true
+    end
+
+    # Returns the {@@debug} flag
+    #
+    # @see #debug!
+    #
+    # @return    [Bool]    @@debug
+    #
+    def debug?
+        @@debug
+    end
+
+    # Sets the {@@only_positives} flag to true
+    #
+    # @see #only_positives?
+    #
+    # @return    [void]
+    #
+    def only_positives!
+        @@only_positives = true
+    end
+
+    # Returns the {@@only_positives} flag
+    #
+    # @see #only_positives!
+    #
+    # @return    [Bool]    @@only_positives
+    #
+    def only_positives?
+        @@only_positives
+    end
+
+    def mute!
+        @@mute = true
+    end
+
+    def unmute!
+        @@mute = false
+    end
+
+
+    def muted?
+        @@mute
+    end
+
+    private
+
+    # Prints a message prefixed with a colored sign.
+    #
+    # Disregards all flags.
+    #
+    # @param    [String]    sign
+    # @param    [Integer]   shell color number
+    # @param    [String]    the string to output
+    #
+    # @return    [void]
+    #
+    def print_color( sign, color, string, out = $stdout )
+        return if muted?
+
+        if out.tty?
+            out.print "\033[1;#{color.to_s}m #{sign}\033[1;00m #{string}\n";
+        else
+            out.print "#{sign} #{string}\n";
+        end
+    end
+
+end
+
+end
+end

data/lib/ui/web/log.rb

@@ -0,0 +1,82 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require 'datamapper'
+
+module Arachni
+module UI
+module Web
+
+#
+# A simple logger using DataMapper
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Log
+
+    class Entry
+        include DataMapper::Resource
+
+        property :id,           Serial
+        property :action,       String
+        property :object,       String
+        property :client_addr,  String
+        property :client_host,  String
+        property :owner,        String
+        property :datestamp,     DateTime
+    end
+
+
+    def initialize( opts, settings )
+
+        @opts     = opts
+        @settings = settings
+
+        DataMapper::setup( :default, "sqlite3://#{@settings.db}/log.db" )
+        DataMapper.finalize
+
+        Entry.auto_upgrade!
+    end
+
+    def entry
+        Entry
+    end
+
+    def method_missing( sym, *args, &block )
+
+        owner, action = sym.to_s.split( '_', 2 )
+
+        if args && args[1]
+            object = args[1]
+        end
+
+        if env = args[0]
+            addr = env['REMOTE_ADDR']
+            host = env['REMOTE_HOST']
+        end
+
+        Entry.create(
+            :action => action,
+            :owner  => owner,
+            :object => object,
+            :client_addr => addr,
+            :client_host => host,
+            :datestamp   => Time.now
+        )
+    end
+
+end
+
+end
+end
+end

data/lib/ui/web/output_stream.rb

@@ -0,0 +1,94 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module UI
+module Web
+
+    #
+    # Lame hack to make XMLRPC output appear stream-ish to Sinatra
+    # in order to send it back to the browser.
+    #
+    class OutputStream
+
+        #
+        #
+        # @param    [Arachni::RPC::XML::Client::Instance]   instance
+        # @param    [Integer]   lines   number of lines to output between refreshes
+        #
+        def initialize( instance, lines, &block )
+
+            @lines    = lines
+            @instance = instance
+            @buffer  = []
+
+            @icon_whitelist = {}
+            [ 'status', 'ok', 'error', 'info' ].each {
+                |icon|
+                @icon_whitelist[icon] = "<img src='/icons/#{icon}.png' />"
+            }
+
+        end
+
+        #
+        # @param    [Array<Hash>]   output
+        #
+        def <<( output )
+            @buffer << output.reverse
+            @buffer.flatten!
+        end
+
+        def data
+            data = ''
+            each {
+                |line|
+                data << line
+            }
+
+            data
+        end
+
+        #
+        # Sinatra (or Rack, not sure) expects the output to respond to "each" so we oblige.
+        #
+        def each
+
+            self << @instance.service.output
+
+            @@last_output ||= ''
+            cnt = 0
+
+            if @buffer.empty?
+                yield @@last_output
+            else
+                @@last_output = ''
+            end
+
+            while( ( out = @buffer.pop ) && ( ( cnt += 1 ) < @lines ) )
+
+                type = out.keys[0]
+                msg  = out.values[0]
+
+                next if out.values[0].empty?
+
+                icon = @icon_whitelist[type] || ''
+                str = icon + CGI.escapeHTML( " #{out.values[0]}" ) + "<br/>"
+                @@last_output << str
+                yield str
+
+            end
+
+            self << @instance.service.output
+        end
+
+    end
+end
+end
+end