arachni 0.2.2.1

data/Rakefile

@@ -0,0 +1,86 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+desc "Generate docs"
+
+task :docs do
+
+    outdir = "../arachni-gh-pages"
+    sh "mkdir #{outdir}" if !File.directory?( outdir )
+
+    sh "inkscape gfx/logo.svg --export-png=#{outdir}/logo.png"
+    sh "inkscape gfx/icon.svg --export-png=#{outdir}/icon.png"
+    sh "inkscape gfx/icon.svg --export-png=#{outdir}/favicon.ico"
+    sh "inkscape gfx/banner.svg --export-png=#{outdir}/banner.png"
+
+    sh "yardoc --verbose --title \
+      \"Arachni - Web Application Security Scanner Framework\" \
+      external/* path_extractors/* plugins/* reports/* modules/* metamodules/* lib/* -o #{outdir} \
+      - EXPLOITATION.md HACKING.md CHANGELOG.md LICENSE.md AUTHORS.md \
+      CONTRIBUTORS.md ACKNOWLEDGMENTS.md"
+
+
+    sh "rm -rf .yard*"
+end
+
+
+#
+# Simple profiler using perftools[1].
+#
+# To install perftools for Ruby:
+#   gem install perftools.rb
+#
+# [1] https://github.com/tmm1/perftools.rb
+#
+desc "Profile Arachni"
+task :profile do
+    sh "CPUPROFILE_FREQUENCY=500 CPUPROFILE=/tmp/profile.dat " +
+        "RUBYOPT=\"-r`gem which perftools | tail -1`\" " +
+        " ./bin/arachni http://demo.testfire.net --link-count=5 && " +
+        "pprof.rb --gif /tmp/profile.dat > profile.gif"
+end
+
+#
+# Cleans reports and logs
+#
+desc "Cleaning report and log files."
+task :clean do
+
+    sh "rm *.afr || true"
+    sh "rm logs/XMLRPC* || true"
+    sh "rm lib/ui/web/server/db/log.db || true"
+    sh "rm lib/ui/web/server/db/welcomed || true"
+end
+
+
+#
+# Installing
+#
+desc "Build and install the arachni gem."
+task :install do
+
+    require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni'
+
+    sh "gem build arachni.gemspec"
+    sh "gem install arachni-#{Arachni::VERSION}.gem"
+end
+
+
+#
+# Publishing
+#
+desc "Push a new version to Gemcutter"
+task :publish do
+
+    require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni'
+
+    sh "gem build arachni.gemspec"
+    sh "gem push arachni-#{Arachni::VERSION}.gem"
+end

data/bin/arachni

@@ -0,0 +1,22 @@
+#!/usr/bin/env ruby
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require 'pp'
+require 'ap'
+
+cwd = File.expand_path( File.dirname( __FILE__ ) )
+$:.unshift( cwd )
+require cwd + '/../getoptslong.rb'
+
+require Arachni::Options.instance.dir['lib'] + 'ui/cli/cli'
+
+cli = Arachni::UI::CLI.new( Arachni::Options.instance )
+cli.run

data/bin/arachni_web

@@ -0,0 +1,77 @@
+#!/usr/bin/env ruby
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require 'getoptlong'
+require 'pp'
+require 'ap'
+
+cwd = File.expand_path( File.dirname( __FILE__ ) )
+$:.unshift( cwd )
+
+require cwd + '/../lib/options'
+options = Arachni::Options.instance
+
+options.dir            = Hash.new
+options.dir['root']    = File.expand_path( cwd + '/../' ) + '/'
+options.dir['modules'] = options.dir['root'] + 'modules/'
+options.dir['reports'] = options.dir['root'] + 'reports/'
+options.dir['plugins'] = options.dir['root'] + 'plugins/'
+options.dir['lib']     = options.dir['root'] + 'lib/'
+
+def print_help( root )
+        puts <<USAGE
+  Usage:  arachni_web \[options\]
+
+  Supported options:
+
+    -h
+    --help                      output this
+
+    --port                      specify port
+
+    --host                      specify host
+
+    For SSL options refer to "webui.yaml" and "README.webui.yaml.txt" under "#{root}conf/".
+
+USAGE
+end
+
+
+# Construct getops struct
+opts = GetoptLong.new(
+    [ '--help', '-h',             GetoptLong::NO_ARGUMENT ],
+    [ '--port',                   GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--host',                   GetoptLong::REQUIRED_ARGUMENT ],
+)
+
+begin
+    opts.each {
+        |opt, arg|
+
+        case opt
+
+            when '--help'
+                print_help( options.dir['root'] )
+                exit
+
+            when '--port'
+                # not really used for RPC this time but by create another attr
+                options.rpc_port = arg.to_i
+
+            when '--host'
+                # not really used for RPC this time but by create another attr
+                options.server = arg.to_s
+        end
+    }
+end
+
+# Sinatra will run automatically
+require options.dir['lib'] + 'ui/web/server'

data/bin/arachni_xmlrpc

@@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require 'pp'
+require 'ap'
+
+cwd = File.expand_path( File.dirname( __FILE__ ) )
+$:.unshift( cwd )
+require cwd + '/../getoptslong.rb'
+require Arachni::Options.instance.dir['lib'] + 'ui/xmlrpc/xmlrpc'
+
+client = Arachni::UI::XMLRPC.new( Arachni::Options.instance )
+client.run

data/bin/arachni_xmlrpcd

@@ -0,0 +1,82 @@
+#!/usr/bin/env ruby
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require 'getoptlong'
+require 'pp'
+require 'ap'
+
+cwd = File.expand_path( File.dirname( __FILE__ ) )
+$:.unshift( cwd )
+
+require cwd + '/../lib/options'
+options = Arachni::Options.instance
+
+options.dir            = Hash.new
+options.dir['root']    = File.expand_path( cwd + '/../' ) + '/'
+options.dir['modules'] = options.dir['root'] + 'modules/'
+options.dir['reports'] = options.dir['root'] + 'reports/'
+options.dir['plugins'] = options.dir['root'] + 'plugins/'
+options.dir['lib']     = options.dir['root'] + 'lib/'
+
+# Construct getops struct
+opts = GetoptLong.new(
+    [ '--help',             '-h', GetoptLong::NO_ARGUMENT ],
+    [ '--port',                   GetoptLong::OPTIONAL_ARGUMENT ],
+    [ '--debug',                  GetoptLong::NO_ARGUMENT ],
+    [ '--reroute-to-logfile',     GetoptLong::NO_ARGUMENT ],
+    [ '--pool-size',              GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--ssl',                    GetoptLong::NO_ARGUMENT ],
+    [ '--ssl-pkey',               GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--ssl-cert',               GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--ssl-ca',                 GetoptLong::REQUIRED_ARGUMENT ],
+)
+
+begin
+    opts.each {
+        |opt, arg|
+
+        case opt
+
+            when '--help'
+                options.help = true
+
+            when '--debug'
+                options.debug = true
+
+            when '--reroute-to-logfile'
+                options.reroute_to_logfile = true
+
+            when '--port'
+                options.rpc_port = arg.to_i
+
+            when '--pool-size'
+                options.pool_size = arg.to_i
+
+            when '--ssl'
+                options.ssl = true
+
+            when '--ssl-pkey'
+                options.ssl_pkey = arg.to_s
+
+            when '--ssl-cert'
+                options.ssl_cert = arg.to_s
+
+            when '--ssl-ca'
+                options.ssl_ca = arg.to_s
+
+        end
+    }
+end
+
+require options.dir['lib'] + 'rpc/xml/server/dispatcher'
+
+dispatcher = Arachni::RPC::XML::Server::Dispatcher.new( Arachni::Options.instance )
+dispatcher.run

data/bin/arachni_xmlrpcd_monitor

@@ -0,0 +1,74 @@
+#!/usr/bin/env ruby
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+require 'getoptlong'
+require 'pp'
+require 'ap'
+
+cwd = File.expand_path( File.dirname( __FILE__ ) )
+$:.unshift( cwd )
+
+require cwd + '/../lib/options'
+options = Arachni::Options.instance
+
+options.dir            = Hash.new
+options.dir['root']    = File.expand_path( cwd + '/../' ) + '/'
+options.dir['modules'] = options.dir['root'] + 'modules/'
+options.dir['reports'] = options.dir['root'] + 'reports/'
+options.dir['plugins'] = options.dir['root'] + 'plugins/'
+options.dir['lib']     = options.dir['root'] + 'lib/'
+
+# Construct getops struct
+opts = GetoptLong.new(
+    [ '--help',             '-h', GetoptLong::NO_ARGUMENT ],
+    [ '--port',                   GetoptLong::OPTIONAL_ARGUMENT ],
+    [ '--debug',                  GetoptLong::NO_ARGUMENT ],
+    [ '--reroute-to-logfile',     GetoptLong::NO_ARGUMENT ],
+    [ '--ssl',                    GetoptLong::NO_ARGUMENT ],
+    [ '--ssl-pkey',               GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--ssl-cert',               GetoptLong::REQUIRED_ARGUMENT ],
+    [ '--ssl-ca',                 GetoptLong::REQUIRED_ARGUMENT ],
+)
+
+begin
+    opts.each {
+        |opt, arg|
+
+        case opt
+
+            when '--help'
+                options.help = true
+
+            when '--debug'
+                options.debug = true
+
+            when '--ssl'
+                options.ssl = true
+
+            when '--ssl-pkey'
+                options.ssl_pkey = arg.to_s
+
+            when '--ssl-cert'
+                options.ssl_cert = arg.to_s
+
+            when '--ssl-ca'
+                options.ssl_ca = arg.to_s
+
+        end
+    }
+end
+
+options.url = ARGV.shift
+
+require options.dir['lib'] + 'ui/xmlrpc/dispatcher_monitor'
+
+dispatcher = Arachni::UI::DispatcherMonitor.new( Arachni::Options.instance )
+dispatcher.run

data/conf/README.webui.yaml.txt

@@ -0,0 +1,44 @@
+The webui.yaml file holds configuration options for the Arachni WebUI *only*.
+It currently contains only SSL options in the form of:
+-------------------
+ssl:
+    server:
+        enable:
+        key:
+        cert:
+        ca:
+    client:
+        enable:
+        key:
+        cert:
+        ca:
+-------------------
+
+Options under "server" refer to the WebUI HTTP server.
+Options under "client" refer to the XMLRPC clients controlled by the WebUI
+and used to communicate with the Dispatcher and the servers in its pool.
+
+key: private key
+cert: certificate
+ca: CA certificate
+
+All the options must be paths to ".pem" files and the keys should *NOT* be encrypted.
+If you use encrypted keys you will cripple the system.
+
+You can use the same "server" certificates and key when you start up the Dispatcher and the same
+"client" certificates and key to authenticate your web browser to the WebUI server.
+
+In essence, all Arachni servers can share the same credentials and the same goes for all clients.
+This does not represent best practice key management though, which is the reason for the in-existence of
+a global configuration file.
+
+You may want to create different keys and certificates (signed by the same CA) for each component but you are not forced to.
+
+You can set the "enable" options to "true" and leave the rest empty to use encryption without authentication.
+In this case all Arachni servers will generate their own certificate/key pairs and peer verification will be disabled.
+
+In order for client SSL to work the Dispatcher will need to be setup accordingly.
+Run "arachni_xmlrpcd -h" to see the Dispatcher's relevant SSL options.
+
+
+Finally, please pay close attention and do not alter the indentation and formatting of the configuration file.

data/conf/webui.yaml

@@ -0,0 +1,11 @@
+ssl:
+    server:
+        enable:
+        key:
+        cert:
+        ca:
+    client:
+        enable:
+        key:
+        cert:
+        ca:

data/external/metasploit/LICENSE

@@ -0,0 +1,24 @@
+The following BSD license applies to all files under this and all subsequent directories in compliance with Metasploit's license requirements:
+
+    Copyright (C) 2010, Tasos "Zapotek" Laskos
+
+    Redistribution and use in source and binary forms, with or without modification,
+    are permitted provided that the following conditions are met:
+
+        * Redistributions of source code must retain the above copyright notice,
+          this list of conditions and the following disclaimer.
+
+        * Redistributions in binary form must reproduce the above copyright notice,
+          this list of conditions and the following disclaimer in the documentation
+          and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+    DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+    ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+    ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.