arachni 0.2.2.1

data/path_extractors/anchors.rb

@@ -0,0 +1,35 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extracts paths from anchor elements.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Anchors < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        doc.search( "//a[@href]" ).map { |a| a['href'] }
+    end
+
+end
+end

data/path_extractors/forms.rb

@@ -0,0 +1,35 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extracts paths from "form" HTML elements.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Forms < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        doc.search( "//form[@action]" ).map { |a| a['action'] }
+    end
+
+end
+end

data/path_extractors/frames.rb

@@ -0,0 +1,38 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extracts paths from frames.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Frames < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        doc.css( 'frame', 'iframe' ).map {
+            |a|
+            a.attributes['src'].content rescue next
+        }
+    end
+
+end
+end

data/path_extractors/generic.rb

@@ -0,0 +1,39 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extract URLs from arbitrary text.
+#
+# You might think that this renders the rest path extractors redundant
+# but the others can extract paths from HTML attributes, this one can only extract
+# full URLs.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Generic < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        URI.extract( doc.to_s )
+    end
+
+end
+end

data/path_extractors/links.rb

@@ -0,0 +1,35 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extracts paths from "link" HTML elements.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Links < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        doc.search( "//link[@href]" ).map { |a| a['href'] }
+    end
+
+end
+end

data/path_extractors/meta_refresh.rb

@@ -0,0 +1,39 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extracts meta refresh URLs.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class MetaRefresh < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        begin
+            doc.search( "//meta[@http-equiv='refresh']" ).
+                map { |url| url['content'].split( ';' )[1].split( '=' )[1] }
+        rescue
+        end
+    end
+
+end
+end

data/path_extractors/scripts.rb

@@ -0,0 +1,37 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# Extracts paths from "script" HTML elements.<br/>
+# Both from "src" and the text inside the scripts.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Scripts < Paths
+
+    #
+    # Returns an array of paths as plain strings
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        doc.search( "//script[@src]" ).map { |a| a['src'] } |
+        doc.search( "//script" ).map { |script| URI.extract( script.to_s ) }
+    end
+
+end
+end

data/path_extractors/sitemap.rb

@@ -0,0 +1,31 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Anemone::Extractors
+
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class Sitemap < Paths
+
+    #
+    # @param    [Nokogiri]  Nokogiri document
+    #
+    # @return   [Array<String>]  paths
+    #
+    def run( doc )
+        [ '/sitemap.xml', '/sitemap.xml.gz' ]
+    end
+
+end
+end

data/plugins/autologin.rb

@@ -0,0 +1,137 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Plugins
+
+#
+# Automated login plugin.
+#
+# It looks for the login form in the user provided URL,
+# merges its input field with the user supplied parameters and sets the cookies
+# of the response as framework-wide cookies to be used by the spider later on.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class AutoLogin < Arachni::Plugin::Base
+
+    attr_accessor :http
+
+    #
+    # @param    [Arachni::Framework]    framework
+    # @param    [Hash]        options    options passed to the plugin
+    #
+    def initialize( framework, options )
+        @framework = framework
+        @options   = options
+
+        @framework.pause!
+        print_info( "System paused." )
+    end
+
+    def prepare
+        @params = parse_params
+
+        # we need to declared this in order to pass ourselves
+        # as the auditor to the form later in order to submit it.
+        @http = @framework.http
+    end
+
+    def run( )
+
+        # grab the page containing the login form
+        res  = @framework.http.get( @options['url'], :async => false ).response
+
+        parser = Arachni::Parser.new( @framework.opts, res )
+        # parse the response as a Page object
+        page = parser.run
+
+        # find the login form
+        login_form = nil
+        page.forms.each {
+            |form|
+            login_form = form if login_form?( form )
+        }
+
+        if !login_form
+            print_error( 'Could not find a form suiting the provided params at: ' +
+            @options['url'] )
+            return
+        end
+
+        name = login_form.raw['attrs']['name'] ? login_form.raw['attrs']['name'] : '<n/a>'
+        print_status( "Found log-in form with name: "  + name )
+
+        # merge the input fields of the form with the user supplied parameters
+        login_form.auditable.merge!( @params )
+
+        # register us as the auditor
+        login_form.auditor( self )
+        res = login_form.submit( :async => false ).response
+
+        if !res
+            print_error( 'Form submitted but no response was returned.' )
+            return
+        else
+            print_ok( 'Form submitted successfully.' )
+        end
+
+    end
+
+    def clean_up
+        @framework.resume!
+    end
+
+    def login_form?( form )
+        avail    = form.auditable.keys
+        provided = @params.keys
+
+        provided.each {
+            |name|
+            return false if !avail.include?( name )
+        }
+
+        return true
+    end
+
+    def parse_params
+        params = {}
+        @options['params'].split( '&' ).each {
+            |param|
+            k, v = param.split( '=', 2 )
+            params[k] = v
+        }
+        return params
+    end
+
+
+    def self.info
+        {
+            :name           => 'AutoLogin',
+            :description    => %q{It looks for the login form in the user provided URL,
+                merges its input fields with the user supplied parameters and sets the cookies
+                of the response and request as framework-wide cookies to be used by the spider later on.
+            },
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :options        => [
+                Arachni::OptUrl.new( 'url', [ true, 'The URL that contains the login form.' ] ),
+                Arachni::OptString.new( 'params', [ true, 'Form parameters to submit. ( username=user&password=pass )' ] )
+            ]
+        }
+    end
+
+end
+
+end
+end

data/plugins/content_types.rb

@@ -0,0 +1,90 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Plugins
+
+#
+# Logs content-types of all server responses.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+class ContentTypes < Arachni::Plugin::Base
+
+    #
+    # @param    [Arachni::Framework]    framework
+    # @param    [Hash]        options    options passed to the plugin
+    #
+    def initialize( framework, options )
+        @framework = framework
+        @options   = options
+    end
+
+    def prepare
+        @results = {}
+        @exclude = Regexp.new( @options['exclude'] )
+
+        @logged = Set.new
+    end
+
+    def run( )
+        @framework.http.on_complete {
+            |res|
+
+            next if @logged.include?( res.request.method.to_s.upcase + res.effective_url )
+            next if !(type = res.headers_hash['Content-type'] ) || type.empty?
+
+            if( !@options['exclude'].empty? && !type.match( @exclude ) ) ||
+                @options['exclude'].empty?
+                @results[type] ||= []
+                @results[type] << {
+                    :url    => res.effective_url,
+                    :method => res.request.method.to_s.upcase,
+                    :params => res.request.params
+                }
+
+                @logged << res.request.method.to_s.upcase + res.effective_url
+            end
+        }
+    end
+
+    def clean_up
+        # we need to wait until the framework has finished running
+        # before logging the results
+        while( @framework.running? )
+            ::IO.select( nil, nil, nil, 1 )
+        end
+
+        register_results( @results )
+    end
+
+    def self.info
+        {
+            :name           => 'Content-types',
+            :description    => %q{Logs content-types of server responses.
+                It can help you categorize and identify publicly available file-types
+                which in turn can help you identify accidentally leaked files.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.1',
+            :options        => [
+                Arachni::OptString.new( 'exclude', [ false,
+                    'Exclude content-types that match this regular expression.', 'text' ]
+                )
+            ]
+        }
+    end
+
+end
+
+end
+end