RubyGems - arachni - Versions diffs - 0.2.2.1 - Mend

arachni 0.2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

data/ACKNOWLEDGMENTS.md +14 -0
data/AUTHORS.md +6 -0
data/CHANGELOG.md +162 -0
data/CONTRIBUTORS.md +10 -0
data/EXPLOITATION.md +429 -0
data/HACKING.md +101 -0
data/LICENSE.md +341 -0
data/README.md +350 -0
data/Rakefile +86 -0
data/bin/arachni +22 -0
data/bin/arachni_web +77 -0
data/bin/arachni_xmlrpc +21 -0
data/bin/arachni_xmlrpcd +82 -0
data/bin/arachni_xmlrpcd_monitor +74 -0
data/conf/README.webui.yaml.txt +44 -0
data/conf/webui.yaml +11 -0
data/external/metasploit/LICENSE +24 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
data/external/metasploit/plugins/arachni.rb +536 -0
data/getoptslong.rb +241 -0
data/lib/anemone.rb +2 -0
data/lib/anemone/cookie_store.rb +35 -0
data/lib/anemone/core.rb +371 -0
data/lib/anemone/exceptions.rb +5 -0
data/lib/anemone/http.rb +144 -0
data/lib/anemone/page.rb +337 -0
data/lib/anemone/page_store.rb +160 -0
data/lib/anemone/storage.rb +34 -0
data/lib/anemone/storage/base.rb +75 -0
data/lib/anemone/storage/exceptions.rb +15 -0
data/lib/anemone/storage/mongodb.rb +89 -0
data/lib/anemone/storage/pstore.rb +50 -0
data/lib/anemone/storage/redis.rb +90 -0
data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
data/lib/anemone/tentacle.rb +40 -0
data/lib/arachni.rb +16 -0
data/lib/audit_store.rb +346 -0
data/lib/component_manager.rb +293 -0
data/lib/component_options.rb +395 -0
data/lib/exceptions.rb +76 -0
data/lib/framework.rb +637 -0
data/lib/http.rb +809 -0
data/lib/issue.rb +302 -0
data/lib/module.rb +4 -0
data/lib/module/auditor.rb +455 -0
data/lib/module/base.rb +188 -0
data/lib/module/element_db.rb +158 -0
data/lib/module/key_filler.rb +87 -0
data/lib/module/manager.rb +87 -0
data/lib/module/output.rb +68 -0
data/lib/module/trainer.rb +240 -0
data/lib/module/utilities.rb +110 -0
data/lib/options.rb +547 -0
data/lib/parser.rb +2 -0
data/lib/parser/auditable.rb +522 -0
data/lib/parser/elements.rb +296 -0
data/lib/parser/page.rb +149 -0
data/lib/parser/parser.rb +717 -0
data/lib/plugin.rb +4 -0
data/lib/plugin/base.rb +110 -0
data/lib/plugin/manager.rb +162 -0
data/lib/report.rb +4 -0
data/lib/report/base.rb +119 -0
data/lib/report/manager.rb +92 -0
data/lib/rpc/xml/client/base.rb +71 -0
data/lib/rpc/xml/client/dispatcher.rb +49 -0
data/lib/rpc/xml/client/instance.rb +88 -0
data/lib/rpc/xml/server/base.rb +90 -0
data/lib/rpc/xml/server/dispatcher.rb +357 -0
data/lib/rpc/xml/server/framework.rb +206 -0
data/lib/rpc/xml/server/instance.rb +191 -0
data/lib/rpc/xml/server/module/manager.rb +46 -0
data/lib/rpc/xml/server/options.rb +124 -0
data/lib/rpc/xml/server/output.rb +299 -0
data/lib/rpc/xml/server/plugin/manager.rb +58 -0
data/lib/ruby.rb +5 -0
data/lib/ruby/object.rb +32 -0
data/lib/ruby/string.rb +74 -0
data/lib/ruby/xmlrpc/server.rb +27 -0
data/lib/spider.rb +200 -0
data/lib/typhoeus/request.rb +91 -0
data/lib/typhoeus/response.rb +34 -0
data/lib/ui/cli/cli.rb +744 -0
data/lib/ui/cli/output.rb +279 -0
data/lib/ui/web/log.rb +82 -0
data/lib/ui/web/output_stream.rb +94 -0
data/lib/ui/web/report_manager.rb +222 -0
data/lib/ui/web/server.rb +903 -0
data/lib/ui/web/server/db/placeholder +0 -0
data/lib/ui/web/server/public/banner.png +0 -0
data/lib/ui/web/server/public/bodybg-small.png +0 -0
data/lib/ui/web/server/public/bodybg.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
data/lib/ui/web/server/public/favicon.ico +0 -0
data/lib/ui/web/server/public/footer.jpg +0 -0
data/lib/ui/web/server/public/icons/error.png +0 -0
data/lib/ui/web/server/public/icons/info.png +0 -0
data/lib/ui/web/server/public/icons/ok.png +0 -0
data/lib/ui/web/server/public/icons/status.png +0 -0
data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
data/lib/ui/web/server/public/logo.png +0 -0
data/lib/ui/web/server/public/nav-left.jpg +0 -0
data/lib/ui/web/server/public/nav-right.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
data/lib/ui/web/server/public/reports/placeholder +1 -0
data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
data/lib/ui/web/server/public/spider.png +0 -0
data/lib/ui/web/server/public/style.css +604 -0
data/lib/ui/web/server/tmp/placeholder +0 -0
data/lib/ui/web/server/views/dispatcher.erb +85 -0
data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
data/lib/ui/web/server/views/error.erb +1 -0
data/lib/ui/web/server/views/flash.erb +18 -0
data/lib/ui/web/server/views/home.erb +14 -0
data/lib/ui/web/server/views/instance.erb +213 -0
data/lib/ui/web/server/views/layout.erb +95 -0
data/lib/ui/web/server/views/log.erb +40 -0
data/lib/ui/web/server/views/modules.erb +71 -0
data/lib/ui/web/server/views/options.erb +23 -0
data/lib/ui/web/server/views/output_results.erb +51 -0
data/lib/ui/web/server/views/plugins.erb +42 -0
data/lib/ui/web/server/views/report_formats.erb +30 -0
data/lib/ui/web/server/views/reports.erb +55 -0
data/lib/ui/web/server/views/settings.erb +120 -0
data/lib/ui/web/server/views/welcome.erb +38 -0
data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
data/logs/placeholder +0 -0
data/metamodules/autothrottle.rb +74 -0
data/metamodules/timeout_notice.rb +118 -0
data/metamodules/uniformity.rb +98 -0
data/modules/audit/code_injection.rb +136 -0
data/modules/audit/code_injection_timing.rb +115 -0
data/modules/audit/code_injection_timing/payloads.txt +4 -0
data/modules/audit/csrf.rb +301 -0
data/modules/audit/ldapi.rb +103 -0
data/modules/audit/ldapi/errors.txt +26 -0
data/modules/audit/os_cmd_injection.rb +103 -0
data/modules/audit/os_cmd_injection/payloads.txt +2 -0
data/modules/audit/os_cmd_injection_timing.rb +104 -0
data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
data/modules/audit/path_traversal.rb +141 -0
data/modules/audit/response_splitting.rb +105 -0
data/modules/audit/rfi.rb +193 -0
data/modules/audit/sqli.rb +120 -0
data/modules/audit/sqli/regexp_ids.txt +90 -0
data/modules/audit/sqli_blind_rdiff.rb +321 -0
data/modules/audit/sqli_blind_timing.rb +103 -0
data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
data/modules/audit/trainer.rb +89 -0
data/modules/audit/unvalidated_redirect.rb +90 -0
data/modules/audit/xpath.rb +104 -0
data/modules/audit/xpath/errors.txt +26 -0
data/modules/audit/xss.rb +99 -0
data/modules/audit/xss_event.rb +134 -0
data/modules/audit/xss_path.rb +125 -0
data/modules/audit/xss_script_tag.rb +112 -0
data/modules/audit/xss_tag.rb +112 -0
data/modules/audit/xss_uri.rb +125 -0
data/modules/recon/allowed_methods.rb +104 -0
data/modules/recon/backdoors.rb +131 -0
data/modules/recon/backdoors/filenames.txt +16 -0
data/modules/recon/backup_files.rb +177 -0
data/modules/recon/backup_files/extensions.txt +28 -0
data/modules/recon/common_directories.rb +138 -0
data/modules/recon/common_directories/directories.txt +265 -0
data/modules/recon/common_files.rb +138 -0
data/modules/recon/common_files/filenames.txt +17 -0
data/modules/recon/directory_listing.rb +171 -0
data/modules/recon/grep/captcha.rb +62 -0
data/modules/recon/grep/credit_card.rb +85 -0
data/modules/recon/grep/cvs_svn_users.rb +73 -0
data/modules/recon/grep/emails.rb +59 -0
data/modules/recon/grep/html_objects.rb +53 -0
data/modules/recon/grep/private_ip.rb +54 -0
data/modules/recon/grep/ssn.rb +53 -0
data/modules/recon/htaccess_limit.rb +82 -0
data/modules/recon/http_put.rb +95 -0
data/modules/recon/interesting_responses.rb +118 -0
data/modules/recon/unencrypted_password_forms.rb +119 -0
data/modules/recon/webdav.rb +126 -0
data/modules/recon/xst.rb +107 -0
data/path_extractors/anchors.rb +35 -0
data/path_extractors/forms.rb +35 -0
data/path_extractors/frames.rb +38 -0
data/path_extractors/generic.rb +39 -0
data/path_extractors/links.rb +35 -0
data/path_extractors/meta_refresh.rb +39 -0
data/path_extractors/scripts.rb +37 -0
data/path_extractors/sitemap.rb +31 -0
data/plugins/autologin.rb +137 -0
data/plugins/content_types.rb +90 -0
data/plugins/cookie_collector.rb +99 -0
data/plugins/form_dicattack.rb +185 -0
data/plugins/healthmap.rb +94 -0
data/plugins/http_dicattack.rb +133 -0
data/plugins/metamodules.rb +118 -0
data/plugins/proxy.rb +248 -0
data/plugins/proxy/server.rb +66 -0
data/plugins/waf_detector.rb +184 -0
data/profiles/comprehensive.afp +74 -0
data/profiles/full.afp +75 -0
data/reports/afr.rb +59 -0
data/reports/ap.rb +55 -0
data/reports/html.rb +179 -0
data/reports/html/default.erb +967 -0
data/reports/metareport.rb +139 -0
data/reports/metareport/arachni_metareport.rb +174 -0
data/reports/plugin_formatters/html/content_types.rb +82 -0
data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
data/reports/plugin_formatters/html/healthmap.rb +76 -0
data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
data/reports/plugin_formatters/html/metamodules.rb +93 -0
data/reports/plugin_formatters/html/waf_detector.rb +54 -0
data/reports/plugin_formatters/stdout/content_types.rb +73 -0
data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
data/reports/plugin_formatters/xml/content_types.rb +91 -0
data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/healthmap.rb +82 -0
data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
data/reports/plugin_formatters/xml/metamodules.rb +91 -0
data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
data/reports/stdout.rb +182 -0
data/reports/txt.rb +77 -0
data/reports/xml.rb +231 -0
data/reports/xml/buffer.rb +98 -0
metadata +516 -0

data/lib/ui/web/report_manager.rb ADDED

@@ -0,0 +1,222 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+module Arachni
+module UI
+module Web
+#
+#
+# Provides nice little wrapper for the Arachni::Report::Manager while also handling<br/>
+# conversions, storing etc.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class ReportManager
+    FOLDERNAME = "reports"
+    EXTENSION  = '.afr'
+   def initialize( opts, settings )
+        @opts     = opts
+        @settings = settings
+        populate_available
+   end
+    #
+    # @return    [String]    save directory
+    #
+    def savedir
+        @settings.public + "/#{FOLDERNAME}/"
+    end
+    #
+    # @return    [String]    tmp directory for storage while converting
+    #
+    def tmpdir
+        @settings.tmp + '/'
+    end
+    #
+    # Saves the report to a file
+    #
+    # @param    [String]        report  YAML serialized audistore object as returned by the Arachni XMLRPC server.
+    #                                       Basically an 'afr' report as a string.
+    #
+    # @return   [String]        the path to the saved report
+    #
+    def save( report )
+        @settings.log.report_saved( {}, get_filename( report ) )
+        return save_to_file( report, report_to_path( report ) )
+    end
+    #
+    # Gets the path to a given report based on the contents of the report
+    #
+    # @param    [String]        report  YAML serialized audistore object as returned by the Arachni XMLRPC server.
+    #                                       Basically an 'afr' report as a string.
+    # @return   [String]
+    #
+    def report_to_path( report )
+        savedir + File.basename( get_filename( report ) + EXTENSION )
+    end
+    #
+    # Checks whether the provided type is a usable report
+    #
+    # @param    [String]    type    usually html,txt,xml etc
+    #
+    # @return   [Bool]
+    #
+    def valid_class?( type )
+        classes[type] || false
+    end
+    #
+    # Returns the paths of all saved report files as an array
+    #
+    # @return    [Array]
+    #
+    def all
+        Dir.glob( savedir + "*#{EXTENSION}" )
+    end
+    def delete_all
+        all.each {
+            |report|
+            delete( report )
+        }
+    end
+    def delete( report )
+        FileUtils.rm( savedir + File.basename( report, '.afr' ) + '.afr' )
+    end
+    #
+    # Generates a filename based on the contents of the report in the form of
+    # host:audit_date
+    #
+    # @param    [String]        report  YAML serialized audistore object as returned by the Arachni XMLRPC server.
+    #                                       Basically an 'afr' report as a string.
+    #
+    # @return   [String]        host:audit_date
+    #
+    def get_filename( report )
+        rep = YAML::load( report )
+        filename = "#{URI(rep.options['url']).host}:#{rep.start_datetime}"
+    end
+    #
+    # Returns a stored report as a <type> file. Basically a convertion/export method.
+    #
+    # @param    [String]    type            html, txt, xml, etc
+    # @param    [String]    report_file     path to the report
+    #
+    # @return   [String]    the converted report
+    #
+    def get( type, report_file )
+        return if !valid_class?( type )
+        location = savedir + report_file + EXTENSION
+        convert( type, File.read( location ) )
+    end
+    #
+    # Returns all available report types
+    #
+    # @return   [Array]
+    #
+    def available
+        return @@available
+    end
+    #
+    # Returns all available report classes
+    #
+    # @return   [Array]
+    #
+    def classes
+        @@available_rep_classes
+    end
+    private
+    def save_to_file( data, file )
+        f = File.new( file, 'w' )
+        f.write( data )
+        f.close
+        return f.path
+    end
+    def convert( type, report )
+        opts = {}
+        classes[type].info[:options].each {
+            |opt|
+            opts[opt.name] = opt.default if opt.default
+        }
+        opts['outfile'] = get_tmp_outfile_name( type, report )
+        classes[type].new( YAML::load( report ), opts ).run
+        content = File.read( opts['outfile'] )
+        FileUtils.rm( opts['outfile'] )
+        return content
+    end
+    def get_tmp_outfile_name( type, report )
+        tmpdir + get_filename( report ) + '.' + type
+    end
+    def has_outfile?( options )
+        options.each {
+            |opt|
+            return true if opt.name == 'outfile'
+        }
+        return false
+    end
+    def populate_available
+        @@available ||= []
+        return @@available if !@@available.empty?
+        @@available_rep_classes ||= {}
+        report_mgr = ::Arachni::Report::Manager.new( @opts )
+        report_mgr.available.each {
+            |avail|
+            next if !report_mgr[avail].info[:options]
+            if has_outfile?( report_mgr[avail].info[:options] )
+                @@available << {
+                    'name'        => report_mgr[avail].info[:name],
+                    'rep_name'    => avail,
+                    'description' => report_mgr[avail].info[:description],
+                    'version'     => report_mgr[avail].info[:version],
+                    'author'      => report_mgr[avail].info[:author]
+                }
+                @@available_rep_classes[avail] = report_mgr[avail]
+            end
+        }
+        return @@available
+    end
+end
+end
+end
+end

data/lib/ui/web/server.rb ADDED

@@ -0,0 +1,903 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'webrick'
+require 'webrick/https'
+require 'openssl'
+require 'sinatra/base'
+require "rack/csrf"
+require 'rack-flash'
+require 'json'
+require 'erb'
+require 'yaml'
+require 'cgi'
+require 'fileutils'
+require 'ap'
+module Arachni
+module UI
+require Arachni::Options.instance.dir['lib'] + 'ui/cli/output'
+require Arachni::Options.instance.dir['lib'] + 'framework'
+require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/dispatcher'
+require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/instance'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/report_manager'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/log'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/output_stream'
+#
+#
+# Provides a web user interface for the Arachni Framework using Sinatra.<br/>
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1-pre
+#
+# @see Arachni::RPC::XML::Client::Instance
+# @see Arachni::RPC::XML::Client::Dispatcher
+#
+module Web
+    VERSION = '0.1-pre'
+class Server < Sinatra::Base
+    configure do
+        use Rack::Flash
+        use Rack::Session::Cookie
+        use Rack::Csrf, :raise => true
+        @@conf = YAML::load_file( Arachni::Options.instance.dir['root'] + 'conf/webui.yaml' )
+        Arachni::Options.instance.ssl      = @@conf['ssl']['client']['enable']
+        Arachni::Options.instance.ssl_pkey = @@conf['ssl']['client']['key']
+        Arachni::Options.instance.ssl_cert = @@conf['ssl']['client']['cert']
+        Arachni::Options.instance.ssl_ca   = @@conf['ssl']['client']['ca']
+    end
+    helpers do
+        def report_count
+            settings.reports.all.size
+        end
+        def plugin_has_required_file_option?( options )
+            options.each {
+                |opt|
+                return true if opt['type'] == 'path' && opt['required']
+            }
+            return false
+        end
+        def format_redundants( rules )
+            return if !rules || !rules.is_a?( Array ) || rules.empty?
+            str = ''
+            rules.each {
+                |rule|
+                next if !rule['regexp'] || !rule['count']
+                str += rule['regexp'] + ':' + rule['count'] + "\r\n"
+            }
+            return str
+        end
+        def prep_description( str )
+            placeholder =  '--' + rand( 1000 ).to_s + '--'
+            cstr = str.gsub( /^\s*$/xm, placeholder )
+            cstr.gsub!( /^\s*/xm, '' )
+            cstr.gsub!( placeholder, "\n" )
+            cstr.chomp
+        end
+        def escape( str )
+            CGI.escapeHTML( str )
+        end
+        def unescape( str )
+            CGI.unescapeHTML( str )
+        end
+        def selected_tab?( tab )
+            splits = env['PATH_INFO'].split( '/' )
+            ( splits.empty? && tab == '/' ) || splits[1] == tab
+        end
+        def csrf_token
+            Rack::Csrf.csrf_token( env )
+        end
+        def csrf_tag
+            Rack::Csrf.csrf_tag( env )
+        end
+        def modules
+            @@modules
+        end
+        def plugins
+            @@plugins
+        end
+        def proc_mem( rss )
+            # we assume a page size of 4096
+            (rss.to_i * 4096 / 1024 / 1024).to_s + 'MB'
+        end
+        def secs_to_hms( secs )
+            secs = secs.to_i
+            return [secs/3600, secs/60 % 60, secs % 60].map {
+                |t|
+                t.to_s.rjust( 2, '0' )
+            }.join(':')
+        end
+    end
+    dir = File.dirname( File.expand_path( __FILE__ ) )
+    set :views,  "#{dir}/server/views"
+    set :public, "#{dir}/server/public"
+    set :tmp,    "#{dir}/server/tmp"
+    set :db,     "#{dir}/server/db"
+    set :static, true
+    set :environment, :development
+    #
+    # This will be used for the "owner" field of the helper instance
+    #
+    HELPER_OWNER =  "WebUI helper"
+    set :log,     Log.new( Arachni::Options.instance, settings )
+    set :reports, ReportManager.new( Arachni::Options.instance, settings )
+    enable :sessions
+    configure do
+        # shit's on!
+        settings.log.webui_started
+    end
+    def exception_jail( &block )
+        # begin
+            block.call
+        # rescue Errno::ECONNREFUSED => e
+        #     erb :error, { :layout => true }, :error => 'Remote server has been shut down.'
+        # end
+    end
+    def show( page, layout = true )
+        if page == :dispatcher
+            ensure_dispatcher
+            erb :dispatcher, { :layout => true }, :stats => dispatcher_stats
+        else
+            erb page.to_sym, { :layout => layout }
+        end
+    end
+    def welcomed?
+        File.exist?( settings.db + '/welcomed' )
+    end
+    def welcomed!
+        File.new( settings.db + '/welcomed', 'w' ).close
+    end
+    def ensure_welcomed
+        return if welcomed?
+        welcomed!
+        redirect '/welcome'
+    end
+    #
+    # Provides an easy way to connect to an instance by port
+    #
+    # @param    [Integer]   port
+    #
+    def connect_to_instance( port )
+        prep_session
+        begin
+            return Arachni::RPC::XML::Client::Instance.new( options, port_to_url( port ) )
+        rescue Exception
+            raise "Instance on port #{port} has shutdown."
+        end
+    end
+    #
+    # Converts a port to a URL instance.
+    #
+    # @param    [Integer]   port
+    #
+    def port_to_url( port )
+        uri = URI( session[:dispatcher_url] )
+        uri.port = port.to_i
+        uri.to_s
+    end
+    #
+    # Provides easy access to the dispatcher and handles failure
+    #
+    def dispatcher
+        begin
+            @dispatcher ||= Arachni::RPC::XML::Client::Dispatcher.new( options, session[:dispatcher_url] )
+        rescue Exception => e
+            redirect '/dispatcher_error'
+        end
+    end
+    #
+    # Provides statistics about running jobs etc using the dispatcher
+    #
+    def dispatcher_stats
+        stats = dispatcher.stats
+        stats['running_jobs'].each {
+            |job|
+            begin
+                job['paused'] = connect_to_instance( job['port'] ).framework.paused?
+            rescue
+            end
+        }
+        return stats
+    end
+    def options
+        Arachni::Options.instance
+    end
+    #
+    # Similar to String.to_i but it returns the original object if String is not a number
+    #
+    def to_i( str )
+        return str if !str.is_a?( String )
+        if str.match( /\d+/ ).to_s.size == str.size
+            return str.to_i
+        else
+            return str
+        end
+    end
+    #
+    # Prepares form params to be used as options for XMLRPC transmission
+    #
+    # @param    [Hash]  params
+    #
+    # @return   [Hash]  normalized hash
+    #
+    def prep_opts( params )
+        need_to_split = [
+            'exclude_cookies',
+            'exclude',
+            'include'
+        ]
+        cparams = {}
+        params.each_pair {
+            |name, value|
+            next if [ '_csrf', 'modules', 'plugins' ].include?( name ) || ( value.is_a?( String ) && value.empty?)
+            value = true if value == 'on'
+            if name == 'cookiejar'
+               cparams['cookies'] = Arachni::HTTP.parse_cookiejar( value[:tempfile] )
+            elsif need_to_split.include?( name ) && value.is_a?( String )
+                cparams[name] = value.split( "\r\n" )
+            elsif name == 'redundant'
+                cparams[name] = []
+                value.split( "\r\n" ).each {
+                    |rule|
+                    regexp, counter = rule.split( ':', 2 )
+                    cparams[name] << {
+                        'regexp'  => regexp,
+                        'count'   => counter
+                    }
+                }
+            else
+                cparams[name] = to_i( value )
+            end
+        }
+        if !cparams['audit_links'] && !cparams['audit_forms'] &&
+              !cparams['audit_cookies'] && !cparams['audit_headers']
+            cparams['audit_links']   = true
+            cparams['audit_forms']   = true
+            cparams['audit_cookies'] = true
+        end
+        return cparams
+    end
+    def escape_hash( hash )
+        hash.each_pair {
+            |k, v|
+            hash[k] = escape( hash[k] ) if hash[k].is_a?( String )
+            hash[k] = escape_hash( v ) if v.is_a? Hash
+        }
+        return hash
+    end
+    def unescape_hash( hash )
+        hash.each_pair {
+            |k, v|
+            hash[k] = unescape( hash[k] ) if hash[k].is_a?( String )
+            hash[k] = unescape_hash( v ) if v.is_a? Hash
+        }
+        return hash
+    end
+    def prep_modules( params )
+        return ['-'] if !params['modules']
+        mods = params['modules'].keys
+        return ['*'] if mods.empty?
+        return mods
+    end
+    def prep_plugins( params )
+        plugins  = {}
+        return plugins if !params['plugins']
+        params['plugins'].keys.each {
+            |name|
+            plugins[name] = params['options'][name] || {}
+        }
+        return plugins
+    end
+    def helper_instance
+        begin
+            @@arachni ||= nil
+            if !@@arachni
+                instance = dispatcher.dispatch( HELPER_OWNER )
+                @@arachni = connect_to_instance( instance['port'] )
+            end
+            return @@arachni
+        rescue
+            redirect '/dispatcher/error'
+        end
+    end
+    def component_cache_filled?
+        begin
+            return @@modules.size + @@plugins.size
+        rescue
+            return false
+        end
+    end
+    def fill_component_cache
+        if !component_cache_filled?
+            do_shutdown = true
+        else
+            do_shutdown = false
+        end
+        @@modules ||= helper_instance.framework.lsmod.dup
+        @@plugins ||= helper_instance.framework.lsplug.dup
+        # shutdown the helper instance, we got what we wanted
+        helper_instance.service.shutdown! if do_shutdown
+    end
+    #
+    # Makes sure that all systems are go and populates the session with default values
+    #
+    def prep_session
+        session[:dispatcher_url] ||= 'http://localhost:7331'
+        ensure_dispatcher
+        session['opts'] ||= {}
+        session['opts']['settings'] ||= {
+            'audit_links'    => true,
+            'audit_forms'    => true,
+            'audit_cookies'  => true,
+            'http_req_limit' => 20,
+            'user_agent'     => 'Arachni/' + Arachni::VERSION
+        }
+        session['opts']['modules'] ||= [ '*' ]
+        session['opts']['plugins'] ||= YAML::dump( {
+            'content_types' => {},
+            'healthmap'     => {},
+            'metamodules'   => {}
+        } )
+        #
+        # Garbage collector, zombie killer. Reaps idle processes every 5 seconds.
+        #
+        @@reaper ||= Thread.new {
+            while( true )
+                shutdown_zombies
+                ::IO::select( nil, nil, nil, 5 )
+            end
+        }
+    end
+    #
+    # Makes sure that we have a dispatcher, if not it redirects the user to
+    # an appropriate error page.
+    #
+    # @return   [Bool]  true if alive, redirect if not
+    #
+    def ensure_dispatcher
+        begin
+            dispatcher.alive?
+        rescue Exception => e
+            redirect '/dispatcher/error'
+        end
+    end
+    #
+    # Saves the report, shuts down the instance and returns the content as HTML
+    # to be sent back to the user's browser.
+    #
+    # @param    [Arachni::RPC::XML::Client::Instance]   arachni
+    #
+    def save_shutdown_and_show( arachni )
+        report = save_and_shutdown( arachni )
+        settings.reports.get( 'html', File.basename( report, '.afr' ) )
+    end
+    #
+    # Saves the report and shuts down the instance
+    #
+    # @param    [Arachni::RPC::XML::Client::Instance]   arachni
+    #
+    def save_and_shutdown( arachni )
+        arachni.framework.clean_up!
+        report_path = settings.reports.save( arachni.framework.auditstore )
+        arachni.service.shutdown!
+        return report_path
+    end
+    #
+    # Kills all running instances
+    #
+    def shutdown_all
+        settings.log.dispatcher_global_shutdown( env )
+        dispatcher.stats['running_jobs'].each {
+            |job|
+            begin
+                save_and_shutdown( connect_to_instance( job['port'] ) )
+            rescue
+                begin
+                    connect_to_instance( job['port'] ).service.shutdown!
+                rescue
+                    settings.log.instance_fucker_wont_die( env, port_to_url( job['port'] ) )
+                    next
+                end
+            end
+            settings.log.instance_shutdown( env, port_to_url( job['port'] ) )
+        }
+    end
+    #
+    # Kills all idle instances
+    #
+    # @return    [Integer]  the number of reaped instances
+    #
+    def shutdown_zombies
+        i = 0
+        dispatcher.stats['running_jobs'].each {
+            |job|
+            begin
+                arachni = connect_to_instance( job['port'] )
+                begin
+                    if !arachni.framework.busy? && !job['owner'] != HELPER_OWNER
+                        save_and_shutdown( arachni )
+                        settings.log.webui_zombie_cleanup( env, port_to_url( job['port'] ) )
+                        i+=1
+                    end
+                rescue
+                end
+            rescue
+            end
+        }
+        return i
+    end
+    get "/" do
+        prep_session
+        ensure_welcomed
+        show :home
+    end
+    get "/welcome" do
+        erb :welcome, { :layout => true }
+    end
+    get "/dispatcher" do
+        show :dispatcher
+    end
+    #
+    # sets the dispatcher URL
+    #
+    post "/dispatcher" do
+        if !params['url'] || params['url'].empty?
+            flash[:err] = "URL cannot be empty."
+            show :dispatcher_error
+        else
+            session[:dispatcher_url] = params['url']
+            settings.log.dispatcher_selected( env, params['url'] )
+            begin
+                dispatcher.jobs
+                settings.log.dispatcher_verified( env, params['url'] )
+                redirect '/'
+            rescue
+                settings.log.dispatcher_error( env, params['url'] )
+                flash[:err] = "Couldn't find a dispatcher at \"#{escape( params['url'] )}\"."
+                show :dispatcher_error
+            end
+        end
+    end
+    #
+    # shuts down all instances
+    #
+    post "/dispatcher/shutdown" do
+        shutdown_all
+        redirect '/dispatcher'
+    end
+    get '/dispatcher/error' do
+        show :dispatcher_error
+    end
+    #
+    # starts a scan
+    #
+    post "/scan" do
+        valid = true
+        begin
+            URI.parse( params['url'] )
+        rescue
+            valid = false
+        end
+        if !params['url'] || params['url'].empty?
+            flash[:err] = "URL cannot be empty."
+            show :home
+        elsif !valid
+            flash[:err] = "Invalid URL."
+            show :home
+        else
+            instance = dispatcher.dispatch( params['url'] )
+            settings.log.instance_dispatched( env, port_to_url( instance['port'] ) )
+            settings.log.instance_owner_assigned( env, params['url'] )
+            arachni  = connect_to_instance( instance['port'] )
+            session['opts']['settings']['url'] = params['url']
+            unescape_hash( session['opts'] )
+            session['opts']['settings']['audit_links']   = true if session['opts']['settings']['audit_links']
+            session['opts']['settings']['audit_forms']   = true if session['opts']['settings']['audit_forms']
+            session['opts']['settings']['audit_cookies'] = true if session['opts']['settings']['audit_cookies']
+            session['opts']['settings']['audit_headers'] = true if session['opts']['settings']['audit_headers']
+            opts = prep_opts( session['opts']['settings'] )
+            arachni.opts.set( opts )
+            arachni.modules.load( session['opts']['modules'] )
+            arachni.plugins.load( YAML::load( session['opts']['plugins'] ) )
+            arachni.framework.run
+            settings.log.scan_started( env, params['url'] )
+            redirect '/instance/' + instance['port'].to_s
+        end
+    end
+    get "/modules" do
+        fill_component_cache
+        prep_session
+        show :modules, true
+    end
+    #
+    # sets modules
+    #
+    post "/modules" do
+        session['opts']['modules'] = prep_modules( escape_hash( params ) )
+        flash.now[:ok] = "Modules updated."
+        show :modules, true
+    end
+    get "/plugins" do
+        fill_component_cache
+        prep_session
+        erb :plugins, { :layout => true }
+    end
+    #
+    # sets plugins
+    #
+    post "/plugins" do
+        session['opts']['plugins'] = YAML::dump( prep_plugins( escape_hash( params ) ) )
+        flash.now[:ok] = "Plugins updated."
+        show :plugins, true
+    end
+    get "/settings" do
+        prep_session
+        erb :settings, { :layout => true }
+    end
+    #
+    # sets general framework settings
+    #
+    post "/settings" do
+        if session['opts']['settings']['url']
+            url = session['opts']['settings']['url'].dup
+        end
+         session['opts']['settings'] = prep_opts( escape_hash( params ) )
+        if session['opts']['settings']['url']
+            session['opts']['settings']['url'] = url
+        end
+        flash.now[:ok] = "Settings updated."
+        show :settings, true
+    end
+    get "/instance/:port" do
+        begin
+            arachni = connect_to_instance( params[:port] )
+            erb :instance, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false
+        rescue
+            flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+            erb :instance, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
+        end
+    end
+    get "/instance/:port/output.json" do
+        content_type :json
+        begin
+            arachni = connect_to_instance( params[:port] )
+            if arachni.framework.busy?
+                { 'data' => OutputStream.new( arachni, 38 ).data }.to_json
+            else
+                settings.log.instance_shutdown( env, port_to_url( params[:port] ) )
+                {
+                    'report' => '"data:text/html;base64, ' +
+                        Base64.encode64( save_shutdown_and_show( arachni ) ) + '"'
+                }.to_json
+            end
+        rescue Errno::ECONNREFUSED
+            { 'status' => 'finished', 'data' => "The server has been shut down." }.to_json
+        end
+    end
+    get "/instance/:port/output_results.json" do
+        content_type :json
+        begin
+            arachni = connect_to_instance( params[:port] )
+            if !arachni.framework.paused? && arachni.framework.busy?
+                out = erb( :output_results, { :layout => false }, :issues => YAML.load( arachni.framework.auditstore ).issues)
+                { 'data' => out }.to_json
+            end
+        rescue Errno::ECONNREFUSED
+            { 'data' => "The server has been shut down." }.to_json
+        end
+    end
+    get "/instance/:port/stats.json" do
+        content_type :json
+        begin
+            arachni = connect_to_instance( params[:port] )
+            stats = arachni.framework.stats
+            stats['current_page'] = escape( stats['current_page'] )
+            { 'refresh' => true, 'stats' => stats }.to_json
+        rescue Errno::ECONNREFUSED
+            { 'refresh' => false }.to_json
+        end
+    end
+    post "/*/:port/pause" do
+        arachni = connect_to_instance( params[:port] )
+        begin
+            arachni.framework.pause!
+            settings.log.instance_paused( env, port_to_url( params[:port] ) )
+            flash.now[:notice] = "Instance on port #{params[:port]} will pause as soon as the current page is audited."
+            erb params[:splat][0].to_sym, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false, :stats => dispatcher_stats
+        rescue
+            flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+            erb params[:splat][0].to_sym, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
+        end
+    end
+    post "/*/:port/resume" do
+        arachni = connect_to_instance( params[:port] )
+        begin
+            arachni.framework.resume!
+            settings.log.instance_resumed( env, port_to_url( params[:port] ) )
+            flash.now[:notice] = "Instance on port #{params[:port]} resumes."
+            erb params[:splat][0].to_sym, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false, :stats => dispatcher_stats
+        rescue
+            flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+            erb params[:splat][0].to_sym, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
+        end
+    end
+    post "/*/:port/shutdown" do
+        arachni = connect_to_instance( params[:port] )
+        begin
+            arachni.framework.busy?
+            settings.log.instance_shutdown( env, port_to_url( params[:port] ) )
+            begin
+                save_shutdown_and_show( arachni )
+            rescue
+                flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+                show params[:splat][0].to_sym
+            ensure
+                arachni.service.shutdown!
+            end
+        rescue
+            flash.now[:notice] = "Instance on port #{params[:port]} has already been shutdown."
+            erb params[:splat][0].to_sym, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
+        end
+    end
+    get "/reports" do
+        reports = []
+        settings.reports.all.each {
+            |report|
+            name = File.basename( report, '.afr' )
+            host, date = name.split( ':', 2 )
+            reports << {
+                'host'  => host,
+                'date'  => date,
+                'name'  => name
+            }
+        }
+        erb :reports, { :layout => true }, :reports => reports,
+            :available => settings.reports.available
+    end
+    get '/reports/formats' do
+        erb :report_formats, { :layout => true }, :reports => settings.reports.available
+    end
+    post '/reports/delete' do
+        settings.reports.delete_all
+        settings.log.reports_deleted( env )
+        redirect '/reports'
+    end
+    post '/report/:name/delete' do
+        settings.reports.delete( params[:name] )
+        settings.log.report_deleted( env, params[:name] )
+        redirect '/reports'
+    end
+    get '/report/:name.:type' do
+        settings.log.report_converted( env, params[:name] + '.' + params[:type] )
+        content_type( params[:type], :default => 'application/octet-stream' )
+        settings.reports.get( params[:type], params[:name] )
+    end
+    get '/log' do
+        erb :log, { :layout => true }, :entries => settings.log.entry.all.reverse
+    end
+    # override run! using this patch: https://github.com/sinatra/sinatra/pull/132
+    def self.run!( options = {} )
+        set options
+        handler = detect_rack_handler
+        handler_name = handler.name.gsub( /.*::/, '' )
+        # handler specific options use the lower case handler name as hash key, if present
+        handler_opts = options[handler_name.downcase.to_sym] || {}
+        puts "== Sinatra/#{Sinatra::VERSION} has taken the stage " +
+            "on #{port} for #{environment} with backup from #{handler_name}" unless handler_name =~/cgi/i
+        handler.run self, handler_opts.merge( :Host => bind, :Port => port ) do |server|
+            [ :INT, :TERM ].each { |sig| trap( sig ) { quit!( server, handler_name ) } }
+            set :running, true
+        end
+    rescue Errno::EADDRINUSE => e
+        puts "== Someone is already performing on port #{port}!"
+    end
+    def self.prep_webrick
+        if @@conf['ssl']['server']['key']
+            pkey = ::OpenSSL::PKey::RSA.new( File.read( @@conf['ssl']['server']['key'] ) )
+        end
+        if @@conf['ssl']['server']['cert']
+            cert = ::OpenSSL::X509::Certificate.new( File.read( @@conf['ssl']['server']['cert'] ) )
+        end
+        if @@conf['ssl']['key'] || @@conf['ssl']['cert'] || @@conf['ssl']['ca']
+            verification = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+        else
+            verification = ::OpenSSL::SSL::VERIFY_NONE
+        end
+        return {
+            :SSLEnable       => @@conf['ssl']['server']['enable'] || false,
+            :SSLVerifyClient => verification,
+            :SSLCertName     => [ [ "CN", Arachni::Options.instance.server || ::WEBrick::Utils::getservername ] ],
+            :SSLCertificate  => cert,
+            :SSLPrivateKey   => pkey,
+            :SSLCACertificateFile => @@conf['ssl']['server']['ca']
+        }
+    end
+    run! :host    => Arachni::Options.instance.server   || ::WEBrick::Utils::getservername,
+         :port    => Arachni::Options.instance.rpc_port || 4567,
+         :server => %w[ webrick ],
+         :webrick => prep_webrick
+    at_exit do
+        settings.log.webui_shutdown
+        begin
+            # shutdown our helper instance
+            @@arachni ||= nil
+            @@arachni.service.shutdown! if @@arachni
+        rescue
+        end
+    end
+end
+end
+end
+end