arachni 0.2.2.1

data/lib/ui/web/server/views/dispatcher.erb

@@ -0,0 +1,85 @@
+
+        <div id="page-intro">
+            <h2>Dispatcher</h2>
+            <p>The dispatcher is the central magement system.
+                It spawns an XMLRPC server per scan and provides statistics for all running server instances.<br/>
+                This interface allows you to "Attach" to (see the output of), pause, resume and shutdown instances.
+            </p>
+
+            <% if !stats['running_jobs'].empty? %>
+                <form action="/dispatcher/shutdown" method="post">
+                    <%= csrf_tag %>
+                    <input type="submit" value="Shut all down" />
+                </form>
+            <% end %>
+
+
+        </div>
+        <%= erb :flash, {:layout => false} %>
+
+        <% if !stats['running_jobs'].empty? %>
+        <table>
+            <tr>
+                <th>PID</th>
+                <th>Port</th>
+                <th>Owner</th>
+                <th>State</th>
+                <th>Start time (Server-side)</th>
+                <th>Current time (Server-side)</th>
+                <th>Runtime</th>
+                <th>Memory consumption</th>
+                <th>Action</th>
+            </tr>
+        <% stats['running_jobs'].each do |job| %>
+            <tr>
+
+
+                <td><%=job['pid']%></td>
+                <td><%=job['port']%></td>
+                <td><%=job['owner']%></td>
+
+                <%if !job['paused'] %>
+                    <td>Running</td>
+                <% else %>
+                    <td>Paused</td>
+                <% end %>
+
+                <td><%=job['starttime'].to_time%></td>
+                <td><%=job['currtime'].to_time%></td>
+                <td><%=secs_to_hms( job['runtime'] )%></td>
+                <td><%=proc_mem( job['proc']['rss'] )%></td>
+
+                <td>
+                    <% if !( job['owner'] =~/WebUI helper/ ) %>
+
+                    <form action="/instance/<%=job['port']%>" method="get" target="_blank">
+                        <input type="submit" value="Attach" />
+                    </form>
+
+                    <%if !job['paused'] %>
+                    <form action="/dispatcher/<%=job['port']%>/pause" method="post">
+                        <%= csrf_tag %>
+                        <input type="submit" value="Pause" />
+                    </form>
+                    <%end%>
+
+                    <%if job['paused'] %>
+                    <form action="/dispatcher/<%=job['port']%>/resume" method="post">
+                        <%= csrf_tag %>
+                        <input type="submit" value="Resume" />
+                    </form>
+                    <% end %>
+
+                    <% end %>
+
+                    <form action="/dispatcher/<%=job['port']%>/shutdown" method="post" <% if !( job['owner'] =~/WebUI helper/ ) %> target="_blank" <%end%> >
+                        <%= csrf_tag %>
+                        <input type="submit" value="Shutdown" />
+                    </form>
+                </td>
+            </tr>
+        <% end %>
+        </table>
+        <% else %>
+        <span class="notice"> There are no running scans at the moment.</span>
+        <% end %>

data/lib/ui/web/server/views/dispatcher_error.erb

@@ -0,0 +1,14 @@
+
+        <form action="/dispatcher" method="post">
+
+            <%= csrf_tag %>
+            <input type="submit" value="Connect" />
+
+            <div id="page-intro">
+                <p> Couldn't connect to the dispatcher, if you have indeed started one please enter its URL bellow in the form of <em>http://server:port</em>.</p>
+                <h2>URL: <input name="url"/></h2>
+            </div>
+
+        </form>
+
+        <%= erb :flash, {:layout => false} %>

data/lib/ui/web/server/views/error.erb

@@ -0,0 +1 @@
+<h1 style="font-size:110%;font-family:Arial, sans-serif;"><%= error %></h1>

data/lib/ui/web/server/views/flash.erb

@@ -0,0 +1,18 @@
+
+        <% [:err, :ok, :notice ].each do |name| %>
+
+        <% if flash.has?( name ) %>
+        <div class="flash">
+            <div class="<%= name %>">
+                <%= flash[name] %>
+            </div>
+        </div>
+        <% end %>
+
+        <% end %>
+
+        <script type="text/javascript">
+            if( $( '.flash' ) ){
+                setTimeout( "$( '.flash' ).fadeOut( 1600, \"linear\" );", 2500 );
+            }
+        </script>

data/lib/ui/web/server/views/home.erb

@@ -0,0 +1,14 @@
+
+        <form action="/scan" method="post">
+
+            <%= csrf_tag %>
+            <input type="submit" value="Launch Scan" />
+
+            <div id="page-intro">
+                <p> No need to configure anything, all you need to do is insert a URL and hit "Launch Scan"; Arachni will take care of the rest.</p>
+                <h2>URL: <input name="url" value="<%=session['opts']['settings']['url']%>" size="50" /></h2>
+            </div>
+
+        </form>
+
+        <%= erb :flash, {:layout => false} %>

data/lib/ui/web/server/views/instance.erb

@@ -0,0 +1,213 @@
+
+        <div id="page-intro">
+            <h2 id="page_header">Attached to instance on port <%=params['port']%></h2>
+            <p id="page_description">
+                This page allows you to see what's going on at the other end of the wire (i.e. get status messages directly from the remote scanner).
+                <br/>
+                <br/>
+            </p>
+
+            <div id="control_buttons">
+                <%if !shutdown %>
+
+                <%if !paused %>
+                    <form action="/instance/<%=params['port']%>/pause" method="post">
+                        <%= csrf_tag %>
+                        <input type="submit" value="Pause" />
+                    </form>
+                <%end%>
+
+                <%if paused %>
+                <form action="/instance/<%=params['port']%>/resume" method="post">
+                    <%= csrf_tag %>
+                    <input type="submit" value="Resume" />
+                </form>
+                <%end%>
+
+                <form action="/instance/<%=params['port']%>/shutdown" method="post" target="_blank">
+                    <%= csrf_tag %>
+                    <input type="submit" value="Shutdown" />
+                </form>
+
+                <% end %>
+            </div>
+        </div>
+
+        <%= erb :flash, {:layout => false} %>
+
+        <div id="scan_data">
+            <h3>Scan statisics</h3>
+            <div class="left">
+                <ul>
+                    <li>Pages audited: <span id="audited">0</span></li>
+                    <li>Pages crawled: <span id="crawled">0</span></li>
+                    <li>Progress: <span id="percentage">0</span>%</li>
+                </ul>
+            </div>
+            <div>
+                <ul>
+                    <li>Current max concurrency: <span id="max_concurrency">0</span> requests</li>
+                    <li>Average response time: <span id="average_res_time">0</span> ms</li>
+                    <li>Current page: <span id="current_page">0</span></li>
+                </ul>
+
+            </div>
+
+            <p><em>
+                (Due to the fact that Arachni discovers pages using 2 complementary systems (the Spider and the Trainer)
+                you may see some backwards progress or other weird progress behavior.)
+            </em></p>
+            <div id="progressbar"></div>
+
+            <div class="left">
+                <h3>Scanner output:</h3>
+                <div class="output" id="output"></div>
+            </div>
+
+            <div class="right">
+                <h3>Results thus far:</h3>
+                <div class="output" id="output_results"></div>
+            </div>
+
+            <div style="display: none" id="dialog-loading" title="Loading the scan report...">
+                <p>
+                    Please wait while the scan report is being loaded. <br/>
+                    This process maybe take a while depending on the size of the report.
+                </p>
+                <p>
+                    <em>
+                        If the loading process takes an unusually long time the zombie reaper
+                        may have beaten you to it.<br/>
+                        Use the "Reports" tab to view the report.
+                    </em>
+                </p>
+            </div>
+
+            <div style="display: none" id="dialog-shutdown" title="The scanner has been shutdown...">
+                <p>
+                    The report is waiting for you <a href="/reports">here</a>.
+                </p>
+            </div>
+
+            <script type="text/javascript">
+                //<![CDATA[
+
+                function inspect( id ){
+                    $( id ).dialog({
+                        height: 500,
+                        width: 1000,
+                        modal: true
+                    });
+                }
+
+                function setProgressBar( progress ) {
+                    $( "#progressbar" ).progressbar({
+                        value: progress
+                    });
+                }
+
+                function showReport( html ){
+                    document.getElementById( 'control_buttons' ).innerHTML = ""
+                    document.getElementById( 'page_header' ).innerHTML = "Report"
+                    document.getElementById( 'page_description' ).innerHTML =
+                        "The scan has completed succesfully, you can review the results using this report.<br/>" +
+                        "This report has been saved and you can view or export it in various format via the Reports tab."
+
+                    document.getElementById( 'scan_data' ).innerHTML = "<iframe class='report' src=" + html + "></iframe>"
+                }
+
+                function setStats( stats ){
+                    if( stats == undefined ){ return }
+
+                    document.getElementById( 'audited' ).innerHTML = stats.auditmap_size;
+                    document.getElementById( 'crawled' ).innerHTML = stats.sitemap_size;
+                    document.getElementById( 'current_page' ).innerHTML = stats.current_page;
+                    document.getElementById( 'average_res_time' ).innerHTML = stats.average_res_time;
+                    document.getElementById( 'max_concurrency' ).innerHTML = stats.max_concurrency;
+
+                    percentage = (stats.auditmap_size / stats.sitemap_size) * 100
+                    document.getElementById( 'percentage' ).innerHTML = parseInt( percentage );
+                }
+
+                function updateProgressBar(){
+                    var stats_url = "/instance/<%= params['port'].to_i.to_s %>/stats.json";
+                    $.getJSON( stats_url, function(data) {
+                        if( data.stats == undefined ){ return }
+                        setStats( data.stats );
+                        percentage = (data.stats.auditmap_size / data.stats.sitemap_size) * 100
+                        setProgressBar( percentage );
+                    });
+                }
+
+                function updateOutput() {
+                    if( !document.getElementById( 'output' ) ) return;
+
+                    var output_url = "/instance/<%= params['port'].to_i.to_s %>/output.json";
+                    $.getJSON( output_url, function(data) {
+
+                        if( data.status == 'finished' ){
+                            showShutdownDialog( );
+                        } else {
+                            if( data.report == undefined ) {
+                                document.getElementById( 'output' ).innerHTML = data.data;
+                            } else {
+                                showReportLoadingDialog();
+                                showReport( data.report );
+                                $( "#dialog-loading" ).dialog('close')
+                            }
+                        }
+
+                    });
+                }
+
+                function updateResults() {
+                    if( !document.getElementById( 'output_results' ) ) return;
+
+                    var output_results_url = "/instance/<%= params['port'].to_i.to_s %>/output_results.json";
+                    $.getJSON( output_results_url, function(data) {
+                        document.getElementById( 'output_results' ).innerHTML = data.data;
+                    });
+                }
+
+                function showReportLoadingDialog( ) {
+                    $( "#dialog-loading" ).dialog({
+                        height: 200,
+                        width: 720,
+                        modal: true
+                    });
+                }
+
+                function showShutdownDialog( ) {
+                    $( "#dialog-shutdown" ).dialog({
+                        height: 100,
+                        modal: true
+                    });
+                }
+
+
+                $( document ).ready(function() {
+
+                    setProgressBar( 0 );
+
+                    updateProgressBar();
+                    setInterval( function() {
+                        updateProgressBar();
+                    }, 3000 );
+
+                    updateOutput( );
+                    setInterval( function() {
+                          updateOutput( );
+                    }, 1500 );
+
+
+                    updateResults( )
+                    setInterval( function() {
+                          updateResults( );
+                    }, 5000 );
+
+                })
+
+             //]]>
+            </script>
+
+        </div>

data/lib/ui/web/server/views/layout.erb

@@ -0,0 +1,95 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" dir="ltr">
+  <head>
+    <title>Arachni - Web Application Security Scanner Framework</title>
+    <link rel="shortcut icon" href="/favicon.ico" />
+
+    <link type="text/css" href="/css/smoothness/jquery-ui-1.8.9.custom.css" rel="Stylesheet" />
+    <link rel="stylesheet" href="/style.css" type="text/css" />
+
+    <script type="text/javascript" src="/js/jquery-1.4.4.min.js"></script>
+    <script type="text/javascript" src="/js/jquery-ui-1.8.9.custom.min.js"></script>
+
+    <script type="text/javascript">
+        function checkAll( type ) {
+            $( "." + type ).attr( "checked", true )
+        }
+
+        function uncheckAll( type ) {
+            $( "." + type ).attr( "checked", false )
+        }
+    </script>
+
+    </head>
+    <body>
+    <div class="wrapper">
+        <div id="container">
+            <div class="spider">
+            <div id="header">
+                <h1><a href="/">Arachni v<%=Arachni::VERSION%></a></h1>
+                <h2>Web Application Security Scanner Framework</h2>
+                <h3>WebUI v<%=Arachni::UI::Web::VERSION%></h3>
+            </div>
+            <div id="nav">
+                <ul>
+                    <li <% if selected_tab?( '/' )%>class="selected" <%end%>> <a href="/">Start a scan</a></li>
+                    <li <% if selected_tab?( 'modules' )%>class="selected" <%end%>><a href="/modules">Modules</a></li>
+                    <li <% if selected_tab?( 'plugins' )%>class="selected" <%end%>><a href="/plugins">Plugins</a></li>
+                    <li <% if selected_tab?( 'settings' )%>class="selected" <%end%>><a href="/settings">Settings</a></li>
+                    <li <% if selected_tab?( 'reports' )%>class="selected" <%end%>><a href="/reports">Reports [<%=report_count%>]</a></li>
+                    <li <% if selected_tab?( 'dispatcher' )%>class="selected" <%end%>><a href="/dispatcher">Dispatcher</a></li>
+                    <li <% if selected_tab?( 'log' )%>class="selected" <%end%>><a href="/log">Log</a></li>
+                </ul>
+            </div>
+            </div>
+            <div id="body">
+                <div id="content">
+                <%= yield %>
+                </div>
+            </div>
+
+            <div class="clear"></div>
+        </div>
+    </div>
+    <div id="footer">
+        <div class="footer-content">
+
+            <div class="footer-box">
+                <h4><a href="https://github.com/Zapotek/arachni">About Arachni</a></h4>
+                <p>
+                    Arachni is a feature-full, modular, high-performance Ruby framework aimed towards <br/>
+                    helping penetration testers and administrators evaluate the security of web applications.
+                </p>
+            </div>
+
+            <div class="footer-box">
+                <h4>Help</h4>
+                <ul>
+                  <li><a href="http://github.com/Zapotek/arachni/wiki">Wiki</a></li>
+                  <li><a href="http://groups.google.com/group/arachni">Google Group</a></li>
+                  <li><a href="https://github.com/Zapotek/arachni/issues">Found a bug?</a></li>
+                  <li><a href="http://zapotek.github.com/arachni/">API documentation</a></li>
+
+                </ul>
+            </div>
+
+            <div class="footer-box">
+
+                <h4>Interesting links</h4>
+                <ul>
+                    <li><a href="http://trainofthought.segfault.gr/category/projects/arachni/">News straight from the developer's blog</a></li>
+                    <li><a href="http://twitter.com/Zap0tek">Developer's Twitter feed</a></li>
+                    <li><a href="https://github.com/Zapotek/arachni/tree/experimental">The bleeding edge, Arachni's experimental branch</a></li>
+                </ul>
+            </div>
+
+            <div class="footer-box end-footer-box">
+            </div>
+            <div class="clear"></div>
+        </div>
+        <div id="footer-links">
+            <p>&copy; <a href="mailto:tasos.laskos@gmail.com">Tasos "Zapotek" Laskos</a> 2011 <a href="http://www.spyka.net"></a></p>
+        </div>
+    </div>
+</body>
+</html>