RubyGems - arachni - Versions diffs - 0.2.2.1 - Mend

arachni 0.2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

data/ACKNOWLEDGMENTS.md +14 -0
data/AUTHORS.md +6 -0
data/CHANGELOG.md +162 -0
data/CONTRIBUTORS.md +10 -0
data/EXPLOITATION.md +429 -0
data/HACKING.md +101 -0
data/LICENSE.md +341 -0
data/README.md +350 -0
data/Rakefile +86 -0
data/bin/arachni +22 -0
data/bin/arachni_web +77 -0
data/bin/arachni_xmlrpc +21 -0
data/bin/arachni_xmlrpcd +82 -0
data/bin/arachni_xmlrpcd_monitor +74 -0
data/conf/README.webui.yaml.txt +44 -0
data/conf/webui.yaml +11 -0
data/external/metasploit/LICENSE +24 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
data/external/metasploit/plugins/arachni.rb +536 -0
data/getoptslong.rb +241 -0
data/lib/anemone.rb +2 -0
data/lib/anemone/cookie_store.rb +35 -0
data/lib/anemone/core.rb +371 -0
data/lib/anemone/exceptions.rb +5 -0
data/lib/anemone/http.rb +144 -0
data/lib/anemone/page.rb +337 -0
data/lib/anemone/page_store.rb +160 -0
data/lib/anemone/storage.rb +34 -0
data/lib/anemone/storage/base.rb +75 -0
data/lib/anemone/storage/exceptions.rb +15 -0
data/lib/anemone/storage/mongodb.rb +89 -0
data/lib/anemone/storage/pstore.rb +50 -0
data/lib/anemone/storage/redis.rb +90 -0
data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
data/lib/anemone/tentacle.rb +40 -0
data/lib/arachni.rb +16 -0
data/lib/audit_store.rb +346 -0
data/lib/component_manager.rb +293 -0
data/lib/component_options.rb +395 -0
data/lib/exceptions.rb +76 -0
data/lib/framework.rb +637 -0
data/lib/http.rb +809 -0
data/lib/issue.rb +302 -0
data/lib/module.rb +4 -0
data/lib/module/auditor.rb +455 -0
data/lib/module/base.rb +188 -0
data/lib/module/element_db.rb +158 -0
data/lib/module/key_filler.rb +87 -0
data/lib/module/manager.rb +87 -0
data/lib/module/output.rb +68 -0
data/lib/module/trainer.rb +240 -0
data/lib/module/utilities.rb +110 -0
data/lib/options.rb +547 -0
data/lib/parser.rb +2 -0
data/lib/parser/auditable.rb +522 -0
data/lib/parser/elements.rb +296 -0
data/lib/parser/page.rb +149 -0
data/lib/parser/parser.rb +717 -0
data/lib/plugin.rb +4 -0
data/lib/plugin/base.rb +110 -0
data/lib/plugin/manager.rb +162 -0
data/lib/report.rb +4 -0
data/lib/report/base.rb +119 -0
data/lib/report/manager.rb +92 -0
data/lib/rpc/xml/client/base.rb +71 -0
data/lib/rpc/xml/client/dispatcher.rb +49 -0
data/lib/rpc/xml/client/instance.rb +88 -0
data/lib/rpc/xml/server/base.rb +90 -0
data/lib/rpc/xml/server/dispatcher.rb +357 -0
data/lib/rpc/xml/server/framework.rb +206 -0
data/lib/rpc/xml/server/instance.rb +191 -0
data/lib/rpc/xml/server/module/manager.rb +46 -0
data/lib/rpc/xml/server/options.rb +124 -0
data/lib/rpc/xml/server/output.rb +299 -0
data/lib/rpc/xml/server/plugin/manager.rb +58 -0
data/lib/ruby.rb +5 -0
data/lib/ruby/object.rb +32 -0
data/lib/ruby/string.rb +74 -0
data/lib/ruby/xmlrpc/server.rb +27 -0
data/lib/spider.rb +200 -0
data/lib/typhoeus/request.rb +91 -0
data/lib/typhoeus/response.rb +34 -0
data/lib/ui/cli/cli.rb +744 -0
data/lib/ui/cli/output.rb +279 -0
data/lib/ui/web/log.rb +82 -0
data/lib/ui/web/output_stream.rb +94 -0
data/lib/ui/web/report_manager.rb +222 -0
data/lib/ui/web/server.rb +903 -0
data/lib/ui/web/server/db/placeholder +0 -0
data/lib/ui/web/server/public/banner.png +0 -0
data/lib/ui/web/server/public/bodybg-small.png +0 -0
data/lib/ui/web/server/public/bodybg.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
data/lib/ui/web/server/public/favicon.ico +0 -0
data/lib/ui/web/server/public/footer.jpg +0 -0
data/lib/ui/web/server/public/icons/error.png +0 -0
data/lib/ui/web/server/public/icons/info.png +0 -0
data/lib/ui/web/server/public/icons/ok.png +0 -0
data/lib/ui/web/server/public/icons/status.png +0 -0
data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
data/lib/ui/web/server/public/logo.png +0 -0
data/lib/ui/web/server/public/nav-left.jpg +0 -0
data/lib/ui/web/server/public/nav-right.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
data/lib/ui/web/server/public/reports/placeholder +1 -0
data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
data/lib/ui/web/server/public/spider.png +0 -0
data/lib/ui/web/server/public/style.css +604 -0
data/lib/ui/web/server/tmp/placeholder +0 -0
data/lib/ui/web/server/views/dispatcher.erb +85 -0
data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
data/lib/ui/web/server/views/error.erb +1 -0
data/lib/ui/web/server/views/flash.erb +18 -0
data/lib/ui/web/server/views/home.erb +14 -0
data/lib/ui/web/server/views/instance.erb +213 -0
data/lib/ui/web/server/views/layout.erb +95 -0
data/lib/ui/web/server/views/log.erb +40 -0
data/lib/ui/web/server/views/modules.erb +71 -0
data/lib/ui/web/server/views/options.erb +23 -0
data/lib/ui/web/server/views/output_results.erb +51 -0
data/lib/ui/web/server/views/plugins.erb +42 -0
data/lib/ui/web/server/views/report_formats.erb +30 -0
data/lib/ui/web/server/views/reports.erb +55 -0
data/lib/ui/web/server/views/settings.erb +120 -0
data/lib/ui/web/server/views/welcome.erb +38 -0
data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
data/logs/placeholder +0 -0
data/metamodules/autothrottle.rb +74 -0
data/metamodules/timeout_notice.rb +118 -0
data/metamodules/uniformity.rb +98 -0
data/modules/audit/code_injection.rb +136 -0
data/modules/audit/code_injection_timing.rb +115 -0
data/modules/audit/code_injection_timing/payloads.txt +4 -0
data/modules/audit/csrf.rb +301 -0
data/modules/audit/ldapi.rb +103 -0
data/modules/audit/ldapi/errors.txt +26 -0
data/modules/audit/os_cmd_injection.rb +103 -0
data/modules/audit/os_cmd_injection/payloads.txt +2 -0
data/modules/audit/os_cmd_injection_timing.rb +104 -0
data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
data/modules/audit/path_traversal.rb +141 -0
data/modules/audit/response_splitting.rb +105 -0
data/modules/audit/rfi.rb +193 -0
data/modules/audit/sqli.rb +120 -0
data/modules/audit/sqli/regexp_ids.txt +90 -0
data/modules/audit/sqli_blind_rdiff.rb +321 -0
data/modules/audit/sqli_blind_timing.rb +103 -0
data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
data/modules/audit/trainer.rb +89 -0
data/modules/audit/unvalidated_redirect.rb +90 -0
data/modules/audit/xpath.rb +104 -0
data/modules/audit/xpath/errors.txt +26 -0
data/modules/audit/xss.rb +99 -0
data/modules/audit/xss_event.rb +134 -0
data/modules/audit/xss_path.rb +125 -0
data/modules/audit/xss_script_tag.rb +112 -0
data/modules/audit/xss_tag.rb +112 -0
data/modules/audit/xss_uri.rb +125 -0
data/modules/recon/allowed_methods.rb +104 -0
data/modules/recon/backdoors.rb +131 -0
data/modules/recon/backdoors/filenames.txt +16 -0
data/modules/recon/backup_files.rb +177 -0
data/modules/recon/backup_files/extensions.txt +28 -0
data/modules/recon/common_directories.rb +138 -0
data/modules/recon/common_directories/directories.txt +265 -0
data/modules/recon/common_files.rb +138 -0
data/modules/recon/common_files/filenames.txt +17 -0
data/modules/recon/directory_listing.rb +171 -0
data/modules/recon/grep/captcha.rb +62 -0
data/modules/recon/grep/credit_card.rb +85 -0
data/modules/recon/grep/cvs_svn_users.rb +73 -0
data/modules/recon/grep/emails.rb +59 -0
data/modules/recon/grep/html_objects.rb +53 -0
data/modules/recon/grep/private_ip.rb +54 -0
data/modules/recon/grep/ssn.rb +53 -0
data/modules/recon/htaccess_limit.rb +82 -0
data/modules/recon/http_put.rb +95 -0
data/modules/recon/interesting_responses.rb +118 -0
data/modules/recon/unencrypted_password_forms.rb +119 -0
data/modules/recon/webdav.rb +126 -0
data/modules/recon/xst.rb +107 -0
data/path_extractors/anchors.rb +35 -0
data/path_extractors/forms.rb +35 -0
data/path_extractors/frames.rb +38 -0
data/path_extractors/generic.rb +39 -0
data/path_extractors/links.rb +35 -0
data/path_extractors/meta_refresh.rb +39 -0
data/path_extractors/scripts.rb +37 -0
data/path_extractors/sitemap.rb +31 -0
data/plugins/autologin.rb +137 -0
data/plugins/content_types.rb +90 -0
data/plugins/cookie_collector.rb +99 -0
data/plugins/form_dicattack.rb +185 -0
data/plugins/healthmap.rb +94 -0
data/plugins/http_dicattack.rb +133 -0
data/plugins/metamodules.rb +118 -0
data/plugins/proxy.rb +248 -0
data/plugins/proxy/server.rb +66 -0
data/plugins/waf_detector.rb +184 -0
data/profiles/comprehensive.afp +74 -0
data/profiles/full.afp +75 -0
data/reports/afr.rb +59 -0
data/reports/ap.rb +55 -0
data/reports/html.rb +179 -0
data/reports/html/default.erb +967 -0
data/reports/metareport.rb +139 -0
data/reports/metareport/arachni_metareport.rb +174 -0
data/reports/plugin_formatters/html/content_types.rb +82 -0
data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
data/reports/plugin_formatters/html/healthmap.rb +76 -0
data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
data/reports/plugin_formatters/html/metamodules.rb +93 -0
data/reports/plugin_formatters/html/waf_detector.rb +54 -0
data/reports/plugin_formatters/stdout/content_types.rb +73 -0
data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
data/reports/plugin_formatters/xml/content_types.rb +91 -0
data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/healthmap.rb +82 -0
data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
data/reports/plugin_formatters/xml/metamodules.rb +91 -0
data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
data/reports/stdout.rb +182 -0
data/reports/txt.rb +77 -0
data/reports/xml.rb +231 -0
data/reports/xml/buffer.rb +98 -0
metadata +516 -0

data/modules/recon/common_files.rb ADDED

@@ -0,0 +1,138 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+module Arachni
+module Modules
+#
+# Looks for sensitive common files on the server.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1.3
+#
+#
+class CommonFiles < Arachni::Module::Base
+    include Arachni::Module::Utilities
+    def initialize( page )
+        super( page )
+    end
+    def prepare
+        # to keep track of the requests and not repeat them
+        @@__audited ||= Set.new
+        # our results array
+        @results = []
+        @@__filenames ||=[]
+        return if !@@__filenames.empty?
+        read_file( 'filenames.txt' ) {
+            |file|
+            @@__filenames << file
+        }
+    end
+    def run( )
+        path = get_path( @page.url )
+        return if @@__audited.include?( path )
+        print_status( "Scanning..." )
+        @@__filenames.each {
+            |file|
+            #
+            # Test for the existance of the file
+            #
+            # We're not worrying about its contents, the Trainer will
+            # analyze it and if it's HTML it'll extract any new attack vectors.
+            #
+            url  = path + file
+            print_status( "Checking for #{url}" )
+            req  = @http.get( url, :train => true )
+            req.on_complete {
+                |res|
+                print_status( "Analyzing #{res.effective_url}" )
+                __log_results( res, file )
+            }
+        }
+        @@__audited << path
+    end
+    def self.info
+        {
+            :name           => 'CommonFiles',
+            :description    => %q{Tries to find common sensitive files on the server.},
+            :elements       => [ ],
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
+            :version        => '0.1.3',
+            :references     => {},
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{A common sensitive file exists on the server.},
+                :description => %q{},
+                :tags        => [ 'common', 'path', 'file' ],
+                :cwe         => '',
+                :severity    => Issue::Severity::LOW,
+                :cvssv2       => '',
+                :remedy_guidance    => '',
+                :remedy_code => '',
+            }
+        }
+    end
+    #
+    # Adds an issue to the @results array<br/>
+    # and outputs an "OK" message with the filename and its url.
+    #
+    # @param  [Net::HTTPResponse]  res   the HTTP response
+    # @param  [String]  filename   the discovered filename
+    #
+    def __log_results( res, filename )
+        return if( res.code != 200 || @http.custom_404?( res ) )
+        url = res.effective_url
+        # append the result to the results array
+        @results << Issue.new( {
+            :url          => url,
+            :injected     => filename,
+            :id           => filename,
+            :elem         => Issue::Element::PATH,
+            :response     => res.body,
+            :headers      => {
+                :request    => res.request.headers,
+                :response   => res.headers,
+            }
+        }.merge( self.class.info ) )
+        # register our results with the system
+        register_results( @results )
+        # inform the user that we have a match
+        print_ok( "Found #{filename} at " + url )
+    end
+end
+end
+end

data/modules/recon/common_files/filenames.txt ADDED

@@ -0,0 +1,17 @@
+robots.txt
+sitemap.xml
+sitemap.xml.gz
+phpinfo.php
+CVS/Repository
+CVS/Root
+CVS/Entries
+.git/HEAD
+_mmServerScripts/MMHTTPDB.php
+_mmServerScripts/MMHTTPDB.asp
+_mmDBScripts/MMHTTPDB.php
+_mmDBScripts/MMHTTPDB.asp
+config/database.yml
+install.php
+wp-admin/install.php
+wp-admin/setup-config.php
+config.php

data/modules/recon/directory_listing.rb ADDED

@@ -0,0 +1,171 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+module Arachni
+module Modules
+#
+# Tries to force directory listings.
+#
+# Can't take credit for this one, it's Michal's (lcamtuf's) method from Skipfish.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class DirectoryListing < Arachni::Module::Base
+    include Arachni::Module::Utilities
+    DIFF_THRESHOLD = 1000
+    def initialize( page )
+        super( page )
+    end
+    def prepare
+        foo = File.basename( __FILE__, '.rb' )
+        @dirs = [
+            "\\.#{foo}\\",
+            "\\.\\",
+            ".#{foo}/",
+            "./"
+       ]
+       @@__checked ||= Set.new
+    end
+    def run( )
+        path = get_path( @page.url )
+        return if !URI( path ).path || URI( path ).path.gsub( '/', '' ).empty?
+        # no redundant checks pl0x! kthxb.
+        return if @@__checked.include?( path )
+        @harvested = []
+        @dirs = [ @page.url ] | @dirs.map { |dir| path + dir } | [ path ]
+        @dirs.each_with_index {
+            |url, i|
+            @http.get( url ).on_complete {
+                |res|
+                if res
+                    @harvested[i] = res
+                    __check( path ) if __done_harvesting?
+                end
+            }
+        }
+    end
+    def __done_harvesting?
+        return false if @harvested.size != 6
+        @harvested.each {
+            |res|
+            return false if !res
+        }
+        return true
+    end
+    def __check( path )
+        @@__checked << path
+        # if we have a 403 Forbidden it means that we succesfully
+        # built a pah which would force a directory listing *but*
+        # the web server kicked our asses...so let's run away like
+        # little girls...
+        @harvested.each {
+            |res|
+            return if res.code == 403
+        }
+        if !File.basename( @harvested[0].effective_url, '?*' ).empty? &&
+            __same_page?( @harvested[0], @harvested[5] )
+            return
+        end
+        if !__same_page?( @harvested[1], @harvested[0] ) &&
+           !__same_page?( @harvested[1], @harvested[2] )
+            __log_results( @harvested[5] )
+        end
+        if !__same_page?( @harvested[3], @harvested[0] ) &&
+           !__same_page?( @harvested[3], @harvested[4] )
+            __log_results( @harvested[5] )
+        end
+    end
+    def __same_page?( res1, res2 )
+        # back out...
+        return false if res1.code != res2.code
+        return false if (res1.body.size - res2.body.size).abs > DIFF_THRESHOLD
+        return true
+    end
+    def self.info
+        {
+            :name           => 'Directory listing',
+            :description    => %q{Tries to force directory listings.},
+            :elements       => [ ],
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :references     => {},
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Directory listing is enabled.},
+                :description => %q{In most circumstances enabling directory listings is a bad practise
+                    as it allows an attacker to better grasp the web application's structure.},
+                :tags        => [ 'path', 'directory', 'listing', 'index' ],
+                :cwe         => '548',
+                :severity    => Issue::Severity::LOW,
+                :cvssv2       => '',
+                :remedy_guidance    => '',
+                :remedy_code => '',
+            }
+        }
+    end
+    def __log_results( res )
+        return if res.code != 200 || res.body.empty?
+        issue = Issue.new( {
+            :url          => res.effective_url,
+            :method       => res.request.method.to_s.upcase,
+            :elem         => Issue::Element::SERVER,
+            :response     => res.body,
+            :headers      => {
+                :request    => res.request.headers,
+                :response   => res.headers,
+            }
+        }.merge( self.class.info ) )
+        # register our results with the system
+        register_results( [issue] )
+        print_ok( 'Found: ' + res.effective_url )
+    end
+end
+end
+end

data/modules/recon/grep/captcha.rb ADDED

@@ -0,0 +1,62 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+module Arachni
+module Modules
+#
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class CAPTCHA < Arachni::Module::Base
+    def initialize( page )
+        @page = page
+    end
+    def run( )
+        begin
+            # since we only care about forms parse the HTML and match forms only
+            Nokogiri::HTML( @page.body ).xpath( "//form" ).each {
+                |form|
+                # pretty dumb way to do this but it's a pretty dumb issue anyways...
+                match_and_log( /captcha/i, form.to_s )
+            }
+        rescue
+        end
+    end
+    def self.info
+        {
+            :name           => 'CAPTCHA',
+            :description    => %q{Greps pages for forms with CAPTCHAs.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Found a CAPTCHA protected form.},
+                :description => %q{Arachni can't audit CAPTCHA protected forms, consider auditing manually.},
+                :cwe         => '',
+                :severity    => Issue::Severity::INFORMATIONAL,
+                :cvssv2      => '',
+                :remedy_guidance    => %q{},
+                :remedy_code => '',
+            }
+        }
+    end
+end
+end
+end

data/modules/recon/grep/credit_card.rb ADDED

@@ -0,0 +1,85 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+module Arachni
+module Modules
+#
+# Credit Card Number recon module.
+#
+# Scans every page for credit card numbers.
+#
+# @author: morpheuslaw <msidagni@nopsec.com>
+# @version: 0.1
+#
+class CreditCards < Arachni::Module::Base
+    def initialize( page )
+        @page = page
+    end
+    def run( )
+        ccNumber = /\b(((4\d{3})|(5[1-5]\d{2})|(6011))-?\d{4}-?\d{4}-?\d{4}|3[4,7][\d\s-]{15})\b/
+        # match CC number candidates and verify matches before logging
+        match_and_log( ccNumber ){
+            |match|
+            __luhn_check( match )
+        }
+    end
+    #
+    # Checks for a valid credit card number
+    #
+    def __luhn_check( cc_number )
+      cc_number   = cc_number.gsub( /D/, '' )
+      cc_length   = cc_number.length
+      parity      = cc_length % 2
+      sum = 0
+      for i in 0..cc_length
+         digit = cc_number[i].to_i - 48
+         if i % 2 == parity
+           digit = digit * 2
+         end
+         if digit > 9
+           digit = digit - 9
+         end
+         sum = sum + digit
+      end
+      return (sum % 10) == 0
+    end
+    def self.info
+        {
+            :name           => 'Credit card number disclosure',
+            :description    => %q{Scans pages for credit card numbers.},
+            :author         => 'morpheuslaw <msidagni@nopsec.com>',
+            :version        => '0.1',
+            :targets        => { 'Generic' => 'all' },
+            :issue   => {
+                :name        => %q{Credit card number disclosure.},
+                :description => %q{A credit card number is disclosed in the body of the page.},
+                :cwe         => '200',
+                :severity    => Issue::Severity::MEDIUM,
+                :cvssv2      => '0',
+                :remedy_guidance    => %q{Remove credit card numbers from the body of the HTML pages.},
+                :remedy_code => '',
+            }
+        }
+    end
+end
+end
+end