RubyGems - arachni - Versions diffs - 0.2.2.1 - Mend

arachni 0.2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

data/ACKNOWLEDGMENTS.md +14 -0
data/AUTHORS.md +6 -0
data/CHANGELOG.md +162 -0
data/CONTRIBUTORS.md +10 -0
data/EXPLOITATION.md +429 -0
data/HACKING.md +101 -0
data/LICENSE.md +341 -0
data/README.md +350 -0
data/Rakefile +86 -0
data/bin/arachni +22 -0
data/bin/arachni_web +77 -0
data/bin/arachni_xmlrpc +21 -0
data/bin/arachni_xmlrpcd +82 -0
data/bin/arachni_xmlrpcd_monitor +74 -0
data/conf/README.webui.yaml.txt +44 -0
data/conf/webui.yaml +11 -0
data/external/metasploit/LICENSE +24 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
data/external/metasploit/plugins/arachni.rb +536 -0
data/getoptslong.rb +241 -0
data/lib/anemone.rb +2 -0
data/lib/anemone/cookie_store.rb +35 -0
data/lib/anemone/core.rb +371 -0
data/lib/anemone/exceptions.rb +5 -0
data/lib/anemone/http.rb +144 -0
data/lib/anemone/page.rb +337 -0
data/lib/anemone/page_store.rb +160 -0
data/lib/anemone/storage.rb +34 -0
data/lib/anemone/storage/base.rb +75 -0
data/lib/anemone/storage/exceptions.rb +15 -0
data/lib/anemone/storage/mongodb.rb +89 -0
data/lib/anemone/storage/pstore.rb +50 -0
data/lib/anemone/storage/redis.rb +90 -0
data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
data/lib/anemone/tentacle.rb +40 -0
data/lib/arachni.rb +16 -0
data/lib/audit_store.rb +346 -0
data/lib/component_manager.rb +293 -0
data/lib/component_options.rb +395 -0
data/lib/exceptions.rb +76 -0
data/lib/framework.rb +637 -0
data/lib/http.rb +809 -0
data/lib/issue.rb +302 -0
data/lib/module.rb +4 -0
data/lib/module/auditor.rb +455 -0
data/lib/module/base.rb +188 -0
data/lib/module/element_db.rb +158 -0
data/lib/module/key_filler.rb +87 -0
data/lib/module/manager.rb +87 -0
data/lib/module/output.rb +68 -0
data/lib/module/trainer.rb +240 -0
data/lib/module/utilities.rb +110 -0
data/lib/options.rb +547 -0
data/lib/parser.rb +2 -0
data/lib/parser/auditable.rb +522 -0
data/lib/parser/elements.rb +296 -0
data/lib/parser/page.rb +149 -0
data/lib/parser/parser.rb +717 -0
data/lib/plugin.rb +4 -0
data/lib/plugin/base.rb +110 -0
data/lib/plugin/manager.rb +162 -0
data/lib/report.rb +4 -0
data/lib/report/base.rb +119 -0
data/lib/report/manager.rb +92 -0
data/lib/rpc/xml/client/base.rb +71 -0
data/lib/rpc/xml/client/dispatcher.rb +49 -0
data/lib/rpc/xml/client/instance.rb +88 -0
data/lib/rpc/xml/server/base.rb +90 -0
data/lib/rpc/xml/server/dispatcher.rb +357 -0
data/lib/rpc/xml/server/framework.rb +206 -0
data/lib/rpc/xml/server/instance.rb +191 -0
data/lib/rpc/xml/server/module/manager.rb +46 -0
data/lib/rpc/xml/server/options.rb +124 -0
data/lib/rpc/xml/server/output.rb +299 -0
data/lib/rpc/xml/server/plugin/manager.rb +58 -0
data/lib/ruby.rb +5 -0
data/lib/ruby/object.rb +32 -0
data/lib/ruby/string.rb +74 -0
data/lib/ruby/xmlrpc/server.rb +27 -0
data/lib/spider.rb +200 -0
data/lib/typhoeus/request.rb +91 -0
data/lib/typhoeus/response.rb +34 -0
data/lib/ui/cli/cli.rb +744 -0
data/lib/ui/cli/output.rb +279 -0
data/lib/ui/web/log.rb +82 -0
data/lib/ui/web/output_stream.rb +94 -0
data/lib/ui/web/report_manager.rb +222 -0
data/lib/ui/web/server.rb +903 -0
data/lib/ui/web/server/db/placeholder +0 -0
data/lib/ui/web/server/public/banner.png +0 -0
data/lib/ui/web/server/public/bodybg-small.png +0 -0
data/lib/ui/web/server/public/bodybg.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
data/lib/ui/web/server/public/favicon.ico +0 -0
data/lib/ui/web/server/public/footer.jpg +0 -0
data/lib/ui/web/server/public/icons/error.png +0 -0
data/lib/ui/web/server/public/icons/info.png +0 -0
data/lib/ui/web/server/public/icons/ok.png +0 -0
data/lib/ui/web/server/public/icons/status.png +0 -0
data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
data/lib/ui/web/server/public/logo.png +0 -0
data/lib/ui/web/server/public/nav-left.jpg +0 -0
data/lib/ui/web/server/public/nav-right.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
data/lib/ui/web/server/public/reports/placeholder +1 -0
data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
data/lib/ui/web/server/public/spider.png +0 -0
data/lib/ui/web/server/public/style.css +604 -0
data/lib/ui/web/server/tmp/placeholder +0 -0
data/lib/ui/web/server/views/dispatcher.erb +85 -0
data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
data/lib/ui/web/server/views/error.erb +1 -0
data/lib/ui/web/server/views/flash.erb +18 -0
data/lib/ui/web/server/views/home.erb +14 -0
data/lib/ui/web/server/views/instance.erb +213 -0
data/lib/ui/web/server/views/layout.erb +95 -0
data/lib/ui/web/server/views/log.erb +40 -0
data/lib/ui/web/server/views/modules.erb +71 -0
data/lib/ui/web/server/views/options.erb +23 -0
data/lib/ui/web/server/views/output_results.erb +51 -0
data/lib/ui/web/server/views/plugins.erb +42 -0
data/lib/ui/web/server/views/report_formats.erb +30 -0
data/lib/ui/web/server/views/reports.erb +55 -0
data/lib/ui/web/server/views/settings.erb +120 -0
data/lib/ui/web/server/views/welcome.erb +38 -0
data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
data/logs/placeholder +0 -0
data/metamodules/autothrottle.rb +74 -0
data/metamodules/timeout_notice.rb +118 -0
data/metamodules/uniformity.rb +98 -0
data/modules/audit/code_injection.rb +136 -0
data/modules/audit/code_injection_timing.rb +115 -0
data/modules/audit/code_injection_timing/payloads.txt +4 -0
data/modules/audit/csrf.rb +301 -0
data/modules/audit/ldapi.rb +103 -0
data/modules/audit/ldapi/errors.txt +26 -0
data/modules/audit/os_cmd_injection.rb +103 -0
data/modules/audit/os_cmd_injection/payloads.txt +2 -0
data/modules/audit/os_cmd_injection_timing.rb +104 -0
data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
data/modules/audit/path_traversal.rb +141 -0
data/modules/audit/response_splitting.rb +105 -0
data/modules/audit/rfi.rb +193 -0
data/modules/audit/sqli.rb +120 -0
data/modules/audit/sqli/regexp_ids.txt +90 -0
data/modules/audit/sqli_blind_rdiff.rb +321 -0
data/modules/audit/sqli_blind_timing.rb +103 -0
data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
data/modules/audit/trainer.rb +89 -0
data/modules/audit/unvalidated_redirect.rb +90 -0
data/modules/audit/xpath.rb +104 -0
data/modules/audit/xpath/errors.txt +26 -0
data/modules/audit/xss.rb +99 -0
data/modules/audit/xss_event.rb +134 -0
data/modules/audit/xss_path.rb +125 -0
data/modules/audit/xss_script_tag.rb +112 -0
data/modules/audit/xss_tag.rb +112 -0
data/modules/audit/xss_uri.rb +125 -0
data/modules/recon/allowed_methods.rb +104 -0
data/modules/recon/backdoors.rb +131 -0
data/modules/recon/backdoors/filenames.txt +16 -0
data/modules/recon/backup_files.rb +177 -0
data/modules/recon/backup_files/extensions.txt +28 -0
data/modules/recon/common_directories.rb +138 -0
data/modules/recon/common_directories/directories.txt +265 -0
data/modules/recon/common_files.rb +138 -0
data/modules/recon/common_files/filenames.txt +17 -0
data/modules/recon/directory_listing.rb +171 -0
data/modules/recon/grep/captcha.rb +62 -0
data/modules/recon/grep/credit_card.rb +85 -0
data/modules/recon/grep/cvs_svn_users.rb +73 -0
data/modules/recon/grep/emails.rb +59 -0
data/modules/recon/grep/html_objects.rb +53 -0
data/modules/recon/grep/private_ip.rb +54 -0
data/modules/recon/grep/ssn.rb +53 -0
data/modules/recon/htaccess_limit.rb +82 -0
data/modules/recon/http_put.rb +95 -0
data/modules/recon/interesting_responses.rb +118 -0
data/modules/recon/unencrypted_password_forms.rb +119 -0
data/modules/recon/webdav.rb +126 -0
data/modules/recon/xst.rb +107 -0
data/path_extractors/anchors.rb +35 -0
data/path_extractors/forms.rb +35 -0
data/path_extractors/frames.rb +38 -0
data/path_extractors/generic.rb +39 -0
data/path_extractors/links.rb +35 -0
data/path_extractors/meta_refresh.rb +39 -0
data/path_extractors/scripts.rb +37 -0
data/path_extractors/sitemap.rb +31 -0
data/plugins/autologin.rb +137 -0
data/plugins/content_types.rb +90 -0
data/plugins/cookie_collector.rb +99 -0
data/plugins/form_dicattack.rb +185 -0
data/plugins/healthmap.rb +94 -0
data/plugins/http_dicattack.rb +133 -0
data/plugins/metamodules.rb +118 -0
data/plugins/proxy.rb +248 -0
data/plugins/proxy/server.rb +66 -0
data/plugins/waf_detector.rb +184 -0
data/profiles/comprehensive.afp +74 -0
data/profiles/full.afp +75 -0
data/reports/afr.rb +59 -0
data/reports/ap.rb +55 -0
data/reports/html.rb +179 -0
data/reports/html/default.erb +967 -0
data/reports/metareport.rb +139 -0
data/reports/metareport/arachni_metareport.rb +174 -0
data/reports/plugin_formatters/html/content_types.rb +82 -0
data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
data/reports/plugin_formatters/html/healthmap.rb +76 -0
data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
data/reports/plugin_formatters/html/metamodules.rb +93 -0
data/reports/plugin_formatters/html/waf_detector.rb +54 -0
data/reports/plugin_formatters/stdout/content_types.rb +73 -0
data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
data/reports/plugin_formatters/xml/content_types.rb +91 -0
data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/healthmap.rb +82 -0
data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
data/reports/plugin_formatters/xml/metamodules.rb +91 -0
data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
data/reports/stdout.rb +182 -0
data/reports/txt.rb +77 -0
data/reports/xml.rb +231 -0
data/reports/xml/buffer.rb +98 -0
metadata +516 -0

data/lib/ui/web/server/views/log.erb ADDED

@@ -0,0 +1,40 @@
+        <div id="page-intro">
+            <h2>Log</h2>
+            <p>
+                This page provides information about all actions (performed using and/or by this WebUI) that are worth knowing.
+                <br/>
+                To clear the log entries you will need to delete this file: <%=settings.db%>/log.db
+                <br/>
+            </p>
+        </div>
+        <%= erb :flash, {:layout => false} %>
+        <% if !entries.empty? %>
+        <table>
+            <tr>
+                <th>ID</th>
+                <th>Owner</th>
+                <th>Action</th>
+                <th>Object</th>
+                <th>Client IP address</th>
+                <th>Client hostname</th>
+                <th>Datestamp</th>
+            </tr>
+        <% entries.each do |entry| %>
+            <tr>
+                <td><%=entry.id%></td>
+                <td><%=entry.owner%></td>
+                <td><%=entry.action%></td>
+                <td><%=entry.object%></td>
+                <td><%=entry.client_addr%></td>
+                <td><%=entry.client_host%></td>
+                <td><%=entry.datestamp%></td>
+            </tr>
+        <% end %>
+        </table>
+        <% else %>
+        <span class="notice"> The log is empty.</span>
+        <% end %>

data/lib/ui/web/server/views/modules.erb ADDED

@@ -0,0 +1,71 @@
+        <form action="/modules" method="post">
+            <%= csrf_tag %>
+            <div id="page-intro">
+                <h2>Modules</h2>
+                <p>
+                    Module components assert and log entities of security interest about a web application.
+                <br/><br/>
+                </p>
+                <p>
+                    <input type="button" onclick="javascript:checkAll( 'audit' );checkAll( 'recon' );" value="Check all"/>
+                    <input type="button" onclick="javascript:uncheckAll( 'audit' );uncheckAll( 'recon' );" value="Uncheck all"/>
+                    <input type="submit" value="Save" />
+                </p>
+            </div>
+            <%= erb :flash, {:layout => false} %>
+            <div class="left">
+                <fieldset>
+                    <h3>Audit</h3>
+                    <p>Audit modules actively test the web application via inputs like link parameters, forms, cookies and headers in order to assert the existence of security Issues.</p>
+                    <p>
+                        <input type="button" onclick="javascript:checkAll( 'audit' );" value="Check all"/>
+                        <input type="button" onclick="javascript:uncheckAll( 'audit' );" value="Uncheck all"/>
+                    </p>
+                    <% modules.each do |mod|%>
+                    <% next if mod['path'] =~ /recon/ %>
+                        <h4>
+                            <input type="checkbox" class="audit" name="modules[<%=mod['mod_name']%>]"
+                                <% if session['opts']['modules'] && ( session['opts']['modules'][0] == '*' || session['opts']['modules'].include?( mod['mod_name'] ) ) %> checked="checked" <% end %> />
+                                <%=escape( mod['name'] )%>
+                        </h4>
+                        <pre class="notice"> <%=prep_description( escape( mod['description'] ) )%></pre>
+                        <p>
+                            <strong>Version:</strong> <%=mod['version']%><br/>
+                            <strong>Author:</strong> <%=escape( mod['author'])%>
+                        </p>
+                    <% end %>
+                </fieldset>
+            </div>
+            <div class="right">
+                <fieldset>
+                    <h3>Recon</h3>
+                    <p>Recon modules passively test the web application, mainly analyzing server configuration, responses and looking for directories and files.</p>
+                    <p>
+                        <input type="button" onclick="javascript:checkAll( 'recon' );" value="Check all"/>
+                        <input type="button" onclick="javascript:uncheckAll( 'recon' );" value="Uncheck all"/>
+                    </p>
+                    <% modules.each do |mod|%>
+                    <% next if mod['path'] =~ /audit/ %>
+                        <h4>
+                            <input type="checkbox" class="recon" name="modules[<%=mod['mod_name']%>]"
+                                <% if session['opts']['modules'] && ( session['opts']['modules'][0] == '*' || session['opts']['modules'].include?( mod['mod_name'] ) ) %> checked="checked" <% end %> />
+                                <%=escape( mod['name'] )%>
+                        </h4>
+                        <pre class="notice"> <%=prep_description( escape( mod['description'] ) )%></pre>
+                        <p>
+                            <strong>Version:</strong> <%=mod['version']%><br/>
+                            <strong>Author:</strong> <%=escape( mod['author'])%>
+                        </p>
+                    <% end %>
+                </fieldset>
+            </div>
+        </form>

data/lib/ui/web/server/views/options.erb ADDED

@@ -0,0 +1,23 @@
+        <% if !component['options'].empty?  && !plugin_has_required_file_option?( component['options'] )%> <h5>Options</h5>
+        <% component['options'].each do |opt| %>
+            <p class="options">
+                <%=escape(opt['desc'])%> <% if opt['required'] %> <strong>*</strong> <%end%>
+                <input name="options[<%=component['plug_name']%>][<%=opt['name']%>]"
+                <% if opt['type'] == 'path' %>
+                disabled="disabled" type="file" value="<%=opt['default']%>"
+                <% elsif opt['type'] == 'bool' %>
+                type="checkbox" <% if opt['default']%> checked="checked" <%end%>
+                <% else %>
+                 value="<%=opt['default']%>"
+                <%end%>
+                />
+            </p>
+        <%end%>
+        <%end%>

data/lib/ui/web/server/views/output_results.erb ADDED

@@ -0,0 +1,51 @@
+        <% if issues.size > 0 %>
+            <h4>Total: <%=issues.size%></h4>
+            <% issues.each_with_index do |issue, i|%>
+            <p>
+                <h5>[<%=i+1%>] <%= issue.name %> ( Severity: <%= issue.severity %> )</h5>
+                     In <%= issue.elem %>
+                     <% if issue.var%>
+                     input <em><%= issue.var %></em>
+                     <%end%>
+                     <% if issue.method %>
+                     using <%= issue.method %>
+                     <%end%>
+                     at <a href="<%= issue.url %>"><%= issue.url %></a>.
+                     <br/>
+                 <% if (issue.variations[0]['response'] && !issue.variations[0]['response'].empty?) && issue.variations[0]['regexp_match'] %>
+                 <div style="display: none" id="inspection-dialog_<%=i%>" title="Relevant content is shown in red.">
+                     <% match = CGI.escapeHTML( issue.variations[0]['regexp_match'] )%>
+                     <pre> <%=CGI.escapeHTML( issue.variations[0]['response'] ).gsub( match, '<strong style="color: red">' + match + '</strong>' ) %> </pre>
+                 </div>
+                 <form style="display:inline" action="#">
+                     <input onclick="javascript:inspect( '#inspection-dialog_<%=i%>')" type="button" value="Inspect" />
+                 </form>
+                 <%end%>
+                 <% if issue.method && (issue.elem.downcase == 'form' || issue.elem.downcase == 'link' ) &&
+                       ( issue.method.downcase == 'get' || issue.method.downcase == 'post' ) %>
+                    <form style="display:inline" action="<%=issue.url%>" target="_blank" method="<%=issue.method.downcase%>">
+                        <% if issue.variations[0]['opts'][:combo]%>
+                            <%issue.variations[0]['opts'][:combo].each_pair do |name, value|%>
+                                <input type="hidden" name="<%=escape(name)%>" value="<%=escape( value )%>" />
+                            <%end%>
+                        <%end%>
+                        <input type="submit" value="Replay" />
+                    </form>
+                 <%end%>
+            </p>
+            <%end%>
+        <%else%>
+            <h4> Nothing yet, once something is found you'll be the first to know...</h4>
+        <%end%>

data/lib/ui/web/server/views/plugins.erb ADDED

@@ -0,0 +1,42 @@
+        <form action="/plugins" method="post">
+            <%= csrf_tag %>
+            <div id="page-intro">
+                <h2>Plugins</h2>
+                <p>
+                    Plugin components extend the functionality of the framework in abstract ways.
+                <br/>
+                <br/>
+                </p>
+                <p>
+                    <input type="button" onclick="javascript:checkAll( 'plugin' );" value="Check all"/>
+                    <input type="button" onclick="javascript:uncheckAll( 'plugin' );" value="Uncheck all"/>
+                    <input type="submit" value="Save" />
+                </p>
+            </div>
+            <%= erb :flash, {:layout => false} %>
+            <% plugins.each do |plugin|%>
+                <fieldset>
+                    <legend>
+                        <input <%if plugin_has_required_file_option?( plugin['options'] )%> disabled="disabled" <%end%> type="checkbox" class="plugin" name="plugins[<%=plugin['plug_name']%>]"
+                        <% if session['opts']['plugins'] && session['opts']['plugins'].include?( plugin['plug_name'] ) %> checked="checked" <% end %> />
+                        <%=plugin['name']%>
+                        <%if plugin_has_required_file_option?( plugin['options'] )%>
+                        <em> (This plugin requires an option type which is not yet supported by the WebUI)</em>
+                        <%end%>
+                    </legend>
+                <h5>Description</h5>
+                <pre class="notice"> <%=prep_description( escape( plugin['description'] ) )%></pre>
+                <%= erb :options, { :layout => false }, :component => plugin%>
+                <p>
+                    <strong>Version:</strong> <%=plugin['version']%><br/>
+                    <strong>Author:</strong> <%=escape( plugin['author'])%>
+                </p>
+                </fieldset>
+            <% end %>
+        </form>

data/lib/ui/web/server/views/report_formats.erb ADDED

@@ -0,0 +1,30 @@
+            <%= erb :flash, {:layout => false} %>
+            <%= csrf_tag %>
+            <div id="page-intro">
+                <h2>Report formats</h2>
+                <p>
+                    This page lists all available report formats.
+                <br/>
+                <br/>
+                </p>
+                <form action="/reports" method="get">
+                    <input type="submit" value="Back to reports" />
+                </form>
+            </div>
+            <% reports.each do |report|%>
+                <fieldset>
+                <h3><%=escape( report['name'] )%></h3>
+                <h4>Description</h4>
+                <div class="notice"> <%=escape( report['description'] )%></div>
+                <p>
+                    <strong>Version:</strong> <%=report['version']%><br/>
+                    <strong>Author:</strong> <%=escape( report['author'])%>
+                </p>
+                </fieldset>
+            <% end %>

data/lib/ui/web/server/views/reports.erb ADDED

@@ -0,0 +1,55 @@
+        <div id="page-intro">
+            <h2>Reports</h2>
+            <p>This page allows you to review the results of the scans you have performed and export them in various formats.
+            <br/><br/>
+            </p>
+            <% if report_count > 0 %>
+                <form action="/reports/formats" method="get">
+                    <input type="submit" value="View formats" />
+                </form>
+                <form action="/reports/delete" method="post">
+                    <%= csrf_tag %>
+                    <input type="submit" value="Delete all" />
+                </form>
+            <% end %>
+        </div>
+        <%= erb :flash, {:layout => false} %>
+        <% if !reports.empty? %>
+        <table>
+            <tr>
+                <th>Host</th>
+                <th>Audit date</th>
+                <th>Report formats</th>
+            </tr>
+        <% reports.each do |report| %>
+            <tr>
+                <td><%=report['host']%></td>
+                <td><%=report['date']%></td>
+                <td>
+                    <ul class="reports">
+                    <% available.each do |avail| %>
+                    <li><a href="/report/<%=CGI.escape(report['name'])%>.<%=avail['rep_name']%>"><%=escape(avail['name'])%></a></li>
+                    <%end%>
+                    </ul>
+                </td>
+                <td>
+                    <form action="/report/<%=CGI.escape(report['name'])%>/delete" method="post">
+                        <%= csrf_tag %>
+                        <input type="submit" value="Delete" />
+                    </form>
+                </td>
+            </tr>
+        <% end %>
+        </table>
+        <% else %>
+        <span class="notice"> There are no available reports at the moment.</span>
+        <% end %>

data/lib/ui/web/server/views/settings.erb ADDED

@@ -0,0 +1,120 @@
+    <script type="text/javascript">
+        $(function() {
+            $( "#slider" ).slider({
+                value: <%=session['opts']['settings']['http_req_limit']%>,
+                min: 1,
+                max: 200,
+                step: 1,
+                slide: function( event, ui ) {
+                    $( "#http_req_limit" ).val( ui.value );
+                }
+            });
+            $( "#http_req_limit" ).val( $( "#slider" ).slider( "value" ) );
+        });
+    </script>
+        <form action="/settings" method="post" enctype="multipart/form-data">
+                <%= csrf_tag %>
+                <div id="page-intro">
+                    <h2>Settings</h2>
+                    <p>General settings regarding the internals of the Arachni Framework.
+                        <br/>
+                        <br/>
+                     </p>
+                    <p>
+                        <input type="submit" class="reset" value="Save" />
+                    </p>
+                </div>
+            <%= erb :flash, {:layout => false} %>
+            <div class="left options">
+                <fieldset>
+                    <legend>Auditor</legend>
+                    <p>
+                        Audit links: <input type="checkbox" name="audit_links" <% if session['opts']['settings']['audit_links'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Audit forms: <input type="checkbox" name="audit_forms" <% if session['opts']['settings']['audit_forms'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Audit cookies: <input type="checkbox" name="audit_cookies" <% if session['opts']['settings']['audit_cookies'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Audit headers: <input type="checkbox" name="audit_headers" <% if session['opts']['settings']['audit_headers'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Cookies to exclude: <textarea rows="2" cols="20" name="exclude_cookies"><%=session['opts']['settings']['exclude_cookies']%></textarea>
+                        <br/>(Newline separated)
+                    </p>
+                </fieldset>
+                <fieldset>
+                    <legend>HTTP options</legend>
+                    <p>
+                        Cocurrent HTTP request limit: <label for="http_req_limit"></label>
+                                                      <input id="http_req_limit" name="http_req_limit"/>
+                        <div id="slider"></div>
+                        <br/>
+                    </p>
+                    <p>
+                        HTTP harvest last: <input type="checkbox" name="http_harvest_last" <% if session['opts']['settings']['http_harvest_last'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Cookie jar: <input type="file" name="cookiejar" size="25" />
+                    </p>
+                    <p>
+                        User agent: <input name="user_agent" value="<%=session['opts']['settings']['user_agent']%>"/>
+                    </p>
+                    <p>
+                        Authorized by: <input name="authed_by" value="<%=session['opts']['settings']['authed_by']%>"/>
+                    </p>
+                </fieldset>
+            </div>
+            <div class="right options">
+                <fieldset>
+                    <legend>Crawler options</legend>
+                    <p>
+                        Exclude rules: <textarea rows="2" cols="20" name="exclude"><% if session['opts']['settings']['exclude']%><%=session['opts']['settings']['exclude'].join( "\r\n" )%><%end%></textarea>
+                        <br/>(Newline separated)
+                    </p>
+                    <p>
+                    Include rules: <textarea rows="2" cols="20" name="include"><% if session['opts']['settings']['include']%><%=session['opts']['settings']['include'].join( "\r\n" )%><%end%></textarea>
+                        <br/>(Newline separated)
+                    </p>
+                    <p>
+                        Redundant rules: <textarea rows="2" cols="20" name="redundant"><%=format_redundants( session['opts']['settings']['redundant'] )%></textarea>
+                    <br/>(Newline separated)
+                    <br/>(<em>regexp:counter</em>)
+                    </p>
+                    <p>
+                        Depth: <input name="depth_limit" value="<%=session['opts']['settings']['depth_limit']%>"/>
+                        <br/>(Default: infinite)
+                    </p>
+                    <p>
+                        Link count limit: <input name="link_count_limit" value="<%=session['opts']['settings']['link_count_limit']%>"/>
+                        <br/>(Default: infinite)
+                    </p>
+                    <p>
+                        Redirect limit: <input name="redirect_limit" value="<%=session['opts']['settings']['redirect_limit']%>"/>
+                        <br/>(Default: infinite)
+                    </p>
+                    <p>
+                        Follow subdomain: <input type="checkbox" name="follow_subdomains" <% if session['opts']['settings']['follow_subdomains'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Obey robot.txt file: <input type="checkbox" name="obey_robots_txt" <% if session['opts']['settings']['obey_robots_txt'] == true %> checked="checked" <% end %> />
+                    </p>
+                    <p>
+                        Spider first: <input type="checkbox" name="spider_first" <% if session['opts']['settings']['spider_first'] == true %> checked="checked" <% end %> />
+                    </p>
+                </fieldset>
+            </div>
+        </form>

data/lib/ui/web/server/views/welcome.erb ADDED

@@ -0,0 +1,38 @@
+            <div id="page-intro">
+                <h2>Welcome to the Arachni WebUI v<%=Arachni::UI::Web::VERSION%>.</h2>
+                <p>Pardon the splash-screen, it's an one-time thing, but you really <strong>should</strong> read this stuff.</p>
+            </div>
+            <h2>General</h2>
+            <p>
+                This is the first version of this UI, scratch that, it's not even a real version..hence the "pre".<br/>
+                In the software world this means that the WebUI may empty your fridge, drink all your coffee, eat your puppy, slash your tires and/or burn down your house.<br/>
+                Nevertheless, I'd appreciate it if you gave it a shot and <a href="https://github.com/Zapotek/arachni/issues">let me know</a> if you find anything wrong with it.
+            </p>
+            <h2>What it is</h2>
+            <p>
+                It is a way to:
+                <ul>
+                    <li>make working with Arachni easier</li>
+                    <li>make report management easier</li>
+                    <li>run and manage multiple scans at the same time <em>(each scan will try its best for maximum bandwidth utilization so it'll be like lions fighting in a cage -- make sure you have sufficient resources)</em></li>
+                </ul>
+            </p>
+            <h2>What it isn't (yet)</h2>
+            <p>
+                It isn't:
+                <ul>
+                    <li>stable</li>
+                    <li>a way to make Arachni's goodies available to multiple users <em>(you could but it wouldn't be safe)</em></li>
+                    <li>a way to work with and manage multiple Dispatchers <em>(you can clear your session cookies to force the WebUI to ask you for a new Dispatcher to connect to but there are no guarantees)</em></li>
+                </ul>
+            </p>
+            <h2>What now</h2>
+            <p>
+                Now you can enjoy this system, everything is fairly user friendly and intuitive so you shouldn't have a problem.<br/>
+                This page won't bother you again, go ahead and take a look around.
+            </p>