arachni 0.2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/ACKNOWLEDGMENTS.md +14 -0
- data/AUTHORS.md +6 -0
- data/CHANGELOG.md +162 -0
- data/CONTRIBUTORS.md +10 -0
- data/EXPLOITATION.md +429 -0
- data/HACKING.md +101 -0
- data/LICENSE.md +341 -0
- data/README.md +350 -0
- data/Rakefile +86 -0
- data/bin/arachni +22 -0
- data/bin/arachni_web +77 -0
- data/bin/arachni_xmlrpc +21 -0
- data/bin/arachni_xmlrpcd +82 -0
- data/bin/arachni_xmlrpcd_monitor +74 -0
- data/conf/README.webui.yaml.txt +44 -0
- data/conf/webui.yaml +11 -0
- data/external/metasploit/LICENSE +24 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
- data/external/metasploit/plugins/arachni.rb +536 -0
- data/getoptslong.rb +241 -0
- data/lib/anemone.rb +2 -0
- data/lib/anemone/cookie_store.rb +35 -0
- data/lib/anemone/core.rb +371 -0
- data/lib/anemone/exceptions.rb +5 -0
- data/lib/anemone/http.rb +144 -0
- data/lib/anemone/page.rb +337 -0
- data/lib/anemone/page_store.rb +160 -0
- data/lib/anemone/storage.rb +34 -0
- data/lib/anemone/storage/base.rb +75 -0
- data/lib/anemone/storage/exceptions.rb +15 -0
- data/lib/anemone/storage/mongodb.rb +89 -0
- data/lib/anemone/storage/pstore.rb +50 -0
- data/lib/anemone/storage/redis.rb +90 -0
- data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
- data/lib/anemone/tentacle.rb +40 -0
- data/lib/arachni.rb +16 -0
- data/lib/audit_store.rb +346 -0
- data/lib/component_manager.rb +293 -0
- data/lib/component_options.rb +395 -0
- data/lib/exceptions.rb +76 -0
- data/lib/framework.rb +637 -0
- data/lib/http.rb +809 -0
- data/lib/issue.rb +302 -0
- data/lib/module.rb +4 -0
- data/lib/module/auditor.rb +455 -0
- data/lib/module/base.rb +188 -0
- data/lib/module/element_db.rb +158 -0
- data/lib/module/key_filler.rb +87 -0
- data/lib/module/manager.rb +87 -0
- data/lib/module/output.rb +68 -0
- data/lib/module/trainer.rb +240 -0
- data/lib/module/utilities.rb +110 -0
- data/lib/options.rb +547 -0
- data/lib/parser.rb +2 -0
- data/lib/parser/auditable.rb +522 -0
- data/lib/parser/elements.rb +296 -0
- data/lib/parser/page.rb +149 -0
- data/lib/parser/parser.rb +717 -0
- data/lib/plugin.rb +4 -0
- data/lib/plugin/base.rb +110 -0
- data/lib/plugin/manager.rb +162 -0
- data/lib/report.rb +4 -0
- data/lib/report/base.rb +119 -0
- data/lib/report/manager.rb +92 -0
- data/lib/rpc/xml/client/base.rb +71 -0
- data/lib/rpc/xml/client/dispatcher.rb +49 -0
- data/lib/rpc/xml/client/instance.rb +88 -0
- data/lib/rpc/xml/server/base.rb +90 -0
- data/lib/rpc/xml/server/dispatcher.rb +357 -0
- data/lib/rpc/xml/server/framework.rb +206 -0
- data/lib/rpc/xml/server/instance.rb +191 -0
- data/lib/rpc/xml/server/module/manager.rb +46 -0
- data/lib/rpc/xml/server/options.rb +124 -0
- data/lib/rpc/xml/server/output.rb +299 -0
- data/lib/rpc/xml/server/plugin/manager.rb +58 -0
- data/lib/ruby.rb +5 -0
- data/lib/ruby/object.rb +32 -0
- data/lib/ruby/string.rb +74 -0
- data/lib/ruby/xmlrpc/server.rb +27 -0
- data/lib/spider.rb +200 -0
- data/lib/typhoeus/request.rb +91 -0
- data/lib/typhoeus/response.rb +34 -0
- data/lib/ui/cli/cli.rb +744 -0
- data/lib/ui/cli/output.rb +279 -0
- data/lib/ui/web/log.rb +82 -0
- data/lib/ui/web/output_stream.rb +94 -0
- data/lib/ui/web/report_manager.rb +222 -0
- data/lib/ui/web/server.rb +903 -0
- data/lib/ui/web/server/db/placeholder +0 -0
- data/lib/ui/web/server/public/banner.png +0 -0
- data/lib/ui/web/server/public/bodybg-small.png +0 -0
- data/lib/ui/web/server/public/bodybg.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
- data/lib/ui/web/server/public/favicon.ico +0 -0
- data/lib/ui/web/server/public/footer.jpg +0 -0
- data/lib/ui/web/server/public/icons/error.png +0 -0
- data/lib/ui/web/server/public/icons/info.png +0 -0
- data/lib/ui/web/server/public/icons/ok.png +0 -0
- data/lib/ui/web/server/public/icons/status.png +0 -0
- data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
- data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
- data/lib/ui/web/server/public/logo.png +0 -0
- data/lib/ui/web/server/public/nav-left.jpg +0 -0
- data/lib/ui/web/server/public/nav-right.jpg +0 -0
- data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
- data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
- data/lib/ui/web/server/public/reports/placeholder +1 -0
- data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
- data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
- data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
- data/lib/ui/web/server/public/spider.png +0 -0
- data/lib/ui/web/server/public/style.css +604 -0
- data/lib/ui/web/server/tmp/placeholder +0 -0
- data/lib/ui/web/server/views/dispatcher.erb +85 -0
- data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
- data/lib/ui/web/server/views/error.erb +1 -0
- data/lib/ui/web/server/views/flash.erb +18 -0
- data/lib/ui/web/server/views/home.erb +14 -0
- data/lib/ui/web/server/views/instance.erb +213 -0
- data/lib/ui/web/server/views/layout.erb +95 -0
- data/lib/ui/web/server/views/log.erb +40 -0
- data/lib/ui/web/server/views/modules.erb +71 -0
- data/lib/ui/web/server/views/options.erb +23 -0
- data/lib/ui/web/server/views/output_results.erb +51 -0
- data/lib/ui/web/server/views/plugins.erb +42 -0
- data/lib/ui/web/server/views/report_formats.erb +30 -0
- data/lib/ui/web/server/views/reports.erb +55 -0
- data/lib/ui/web/server/views/settings.erb +120 -0
- data/lib/ui/web/server/views/welcome.erb +38 -0
- data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
- data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
- data/logs/placeholder +0 -0
- data/metamodules/autothrottle.rb +74 -0
- data/metamodules/timeout_notice.rb +118 -0
- data/metamodules/uniformity.rb +98 -0
- data/modules/audit/code_injection.rb +136 -0
- data/modules/audit/code_injection_timing.rb +115 -0
- data/modules/audit/code_injection_timing/payloads.txt +4 -0
- data/modules/audit/csrf.rb +301 -0
- data/modules/audit/ldapi.rb +103 -0
- data/modules/audit/ldapi/errors.txt +26 -0
- data/modules/audit/os_cmd_injection.rb +103 -0
- data/modules/audit/os_cmd_injection/payloads.txt +2 -0
- data/modules/audit/os_cmd_injection_timing.rb +104 -0
- data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
- data/modules/audit/path_traversal.rb +141 -0
- data/modules/audit/response_splitting.rb +105 -0
- data/modules/audit/rfi.rb +193 -0
- data/modules/audit/sqli.rb +120 -0
- data/modules/audit/sqli/regexp_ids.txt +90 -0
- data/modules/audit/sqli_blind_rdiff.rb +321 -0
- data/modules/audit/sqli_blind_timing.rb +103 -0
- data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
- data/modules/audit/trainer.rb +89 -0
- data/modules/audit/unvalidated_redirect.rb +90 -0
- data/modules/audit/xpath.rb +104 -0
- data/modules/audit/xpath/errors.txt +26 -0
- data/modules/audit/xss.rb +99 -0
- data/modules/audit/xss_event.rb +134 -0
- data/modules/audit/xss_path.rb +125 -0
- data/modules/audit/xss_script_tag.rb +112 -0
- data/modules/audit/xss_tag.rb +112 -0
- data/modules/audit/xss_uri.rb +125 -0
- data/modules/recon/allowed_methods.rb +104 -0
- data/modules/recon/backdoors.rb +131 -0
- data/modules/recon/backdoors/filenames.txt +16 -0
- data/modules/recon/backup_files.rb +177 -0
- data/modules/recon/backup_files/extensions.txt +28 -0
- data/modules/recon/common_directories.rb +138 -0
- data/modules/recon/common_directories/directories.txt +265 -0
- data/modules/recon/common_files.rb +138 -0
- data/modules/recon/common_files/filenames.txt +17 -0
- data/modules/recon/directory_listing.rb +171 -0
- data/modules/recon/grep/captcha.rb +62 -0
- data/modules/recon/grep/credit_card.rb +85 -0
- data/modules/recon/grep/cvs_svn_users.rb +73 -0
- data/modules/recon/grep/emails.rb +59 -0
- data/modules/recon/grep/html_objects.rb +53 -0
- data/modules/recon/grep/private_ip.rb +54 -0
- data/modules/recon/grep/ssn.rb +53 -0
- data/modules/recon/htaccess_limit.rb +82 -0
- data/modules/recon/http_put.rb +95 -0
- data/modules/recon/interesting_responses.rb +118 -0
- data/modules/recon/unencrypted_password_forms.rb +119 -0
- data/modules/recon/webdav.rb +126 -0
- data/modules/recon/xst.rb +107 -0
- data/path_extractors/anchors.rb +35 -0
- data/path_extractors/forms.rb +35 -0
- data/path_extractors/frames.rb +38 -0
- data/path_extractors/generic.rb +39 -0
- data/path_extractors/links.rb +35 -0
- data/path_extractors/meta_refresh.rb +39 -0
- data/path_extractors/scripts.rb +37 -0
- data/path_extractors/sitemap.rb +31 -0
- data/plugins/autologin.rb +137 -0
- data/plugins/content_types.rb +90 -0
- data/plugins/cookie_collector.rb +99 -0
- data/plugins/form_dicattack.rb +185 -0
- data/plugins/healthmap.rb +94 -0
- data/plugins/http_dicattack.rb +133 -0
- data/plugins/metamodules.rb +118 -0
- data/plugins/proxy.rb +248 -0
- data/plugins/proxy/server.rb +66 -0
- data/plugins/waf_detector.rb +184 -0
- data/profiles/comprehensive.afp +74 -0
- data/profiles/full.afp +75 -0
- data/reports/afr.rb +59 -0
- data/reports/ap.rb +55 -0
- data/reports/html.rb +179 -0
- data/reports/html/default.erb +967 -0
- data/reports/metareport.rb +139 -0
- data/reports/metareport/arachni_metareport.rb +174 -0
- data/reports/plugin_formatters/html/content_types.rb +82 -0
- data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
- data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
- data/reports/plugin_formatters/html/healthmap.rb +76 -0
- data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
- data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
- data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
- data/reports/plugin_formatters/html/metamodules.rb +93 -0
- data/reports/plugin_formatters/html/waf_detector.rb +54 -0
- data/reports/plugin_formatters/stdout/content_types.rb +73 -0
- data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
- data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
- data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
- data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
- data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
- data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
- data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
- data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
- data/reports/plugin_formatters/xml/content_types.rb +91 -0
- data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
- data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
- data/reports/plugin_formatters/xml/healthmap.rb +82 -0
- data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
- data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
- data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
- data/reports/plugin_formatters/xml/metamodules.rb +91 -0
- data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
- data/reports/stdout.rb +182 -0
- data/reports/txt.rb +77 -0
- data/reports/xml.rb +231 -0
- data/reports/xml/buffer.rb +98 -0
- metadata +516 -0
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
module Reports
|
|
13
|
+
|
|
14
|
+
class Stdout
|
|
15
|
+
module PluginFormatters
|
|
16
|
+
|
|
17
|
+
#
|
|
18
|
+
# Stdout formatter for the results of the WAFDetector plugin
|
|
19
|
+
#
|
|
20
|
+
#
|
|
21
|
+
# @author: Tasos "Zapotek" Laskos
|
|
22
|
+
# <tasos.laskos@gmail.com>
|
|
23
|
+
# <zapotek@segfault.gr>
|
|
24
|
+
# @version: 0.1
|
|
25
|
+
#
|
|
26
|
+
class WAFDetector < Arachni::Plugin::Formatter
|
|
27
|
+
|
|
28
|
+
def initialize( plugin_data )
|
|
29
|
+
@results = plugin_data[:results]
|
|
30
|
+
@description = plugin_data[:description]
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def run
|
|
34
|
+
print_status( 'WAF Detector' )
|
|
35
|
+
print_info( '~~~~~~~~~~~~~~' )
|
|
36
|
+
|
|
37
|
+
print_info( 'Description: ' + @description )
|
|
38
|
+
print_line
|
|
39
|
+
print_ok( @results[:msg] )
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
|
|
13
|
+
require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
|
|
14
|
+
|
|
15
|
+
module Reports
|
|
16
|
+
|
|
17
|
+
class XML
|
|
18
|
+
module PluginFormatters
|
|
19
|
+
|
|
20
|
+
#
|
|
21
|
+
# XML formatter for the results of the ContentTypes plugin
|
|
22
|
+
#
|
|
23
|
+
# @author: Tasos "Zapotek" Laskos
|
|
24
|
+
# <tasos.laskos@gmail.com>
|
|
25
|
+
# <zapotek@segfault.gr>
|
|
26
|
+
# @version: 0.1
|
|
27
|
+
#
|
|
28
|
+
class ContentTypes < Arachni::Plugin::Formatter
|
|
29
|
+
|
|
30
|
+
include Buffer
|
|
31
|
+
|
|
32
|
+
def initialize( plugin_data )
|
|
33
|
+
@results = plugin_data[:results]
|
|
34
|
+
@description = plugin_data[:description]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def run
|
|
38
|
+
start_tag( 'content_types' )
|
|
39
|
+
simple_tag( 'description', @description )
|
|
40
|
+
|
|
41
|
+
start_tag( 'results' )
|
|
42
|
+
@results.each_pair {
|
|
43
|
+
|type, responses|
|
|
44
|
+
|
|
45
|
+
start_content_type( type )
|
|
46
|
+
|
|
47
|
+
responses.each {
|
|
48
|
+
|res|
|
|
49
|
+
|
|
50
|
+
start_tag( 'response' )
|
|
51
|
+
|
|
52
|
+
simple_tag( 'url', res[:url] )
|
|
53
|
+
simple_tag( 'method', res[:method] )
|
|
54
|
+
|
|
55
|
+
if res[:params] && res[:method].downcase == 'post'
|
|
56
|
+
start_tag( 'params' )
|
|
57
|
+
res[:params].each_pair {
|
|
58
|
+
|name, value|
|
|
59
|
+
add_param( name, value )
|
|
60
|
+
}
|
|
61
|
+
end_tag( 'params' )
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
end_tag( 'response' )
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
end_content_type
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
end_tag( 'results' )
|
|
71
|
+
end_tag( 'content_types' )
|
|
72
|
+
|
|
73
|
+
return buffer( )
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def start_content_type( type )
|
|
77
|
+
__buffer( "<content_type name=\"#{type}\">" )
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def end_content_type
|
|
81
|
+
__buffer( "</content_type>" )
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
end
|
|
91
|
+
end
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
|
|
13
|
+
require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
|
|
14
|
+
|
|
15
|
+
module Reports
|
|
16
|
+
|
|
17
|
+
class XML
|
|
18
|
+
module PluginFormatters
|
|
19
|
+
|
|
20
|
+
#
|
|
21
|
+
# XML formatter for the results of the CookieCollector plugin
|
|
22
|
+
#
|
|
23
|
+
# @author: Tasos "Zapotek" Laskos
|
|
24
|
+
# <tasos.laskos@gmail.com>
|
|
25
|
+
# <zapotek@segfault.gr>
|
|
26
|
+
# @version: 0.1
|
|
27
|
+
#
|
|
28
|
+
class CookieCollector < Arachni::Plugin::Formatter
|
|
29
|
+
|
|
30
|
+
include Buffer
|
|
31
|
+
|
|
32
|
+
def initialize( plugin_data )
|
|
33
|
+
@results = plugin_data[:results]
|
|
34
|
+
@description = plugin_data[:description]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def run
|
|
38
|
+
start_tag( 'cookie_collector' )
|
|
39
|
+
simple_tag( 'description', @description )
|
|
40
|
+
|
|
41
|
+
start_tag( 'results' )
|
|
42
|
+
@results.each_with_index {
|
|
43
|
+
|result, i|
|
|
44
|
+
|
|
45
|
+
start_tag( 'response' )
|
|
46
|
+
simple_tag( 'time', result[:time].to_s )
|
|
47
|
+
simple_tag( 'url', result[:res]['effective_url'] )
|
|
48
|
+
|
|
49
|
+
start_tag( 'cookies' )
|
|
50
|
+
result[:cookies].each_pair{
|
|
51
|
+
|name, value|
|
|
52
|
+
add_cookie( name, value )
|
|
53
|
+
}
|
|
54
|
+
end_tag( 'cookies' )
|
|
55
|
+
end_tag( 'response' )
|
|
56
|
+
}
|
|
57
|
+
end_tag( 'results' )
|
|
58
|
+
|
|
59
|
+
end_tag( 'cookie_collector' )
|
|
60
|
+
|
|
61
|
+
return buffer( )
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
end
|
|
70
|
+
end
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
|
|
13
|
+
require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
|
|
14
|
+
|
|
15
|
+
module Reports
|
|
16
|
+
|
|
17
|
+
class XML
|
|
18
|
+
module PluginFormatters
|
|
19
|
+
|
|
20
|
+
#
|
|
21
|
+
# XML formatter for the results of the FormDicattack plugin
|
|
22
|
+
#
|
|
23
|
+
# @author: Tasos "Zapotek" Laskos
|
|
24
|
+
# <tasos.laskos@gmail.com>
|
|
25
|
+
# <zapotek@segfault.gr>
|
|
26
|
+
# @version: 0.1
|
|
27
|
+
#
|
|
28
|
+
class FormDicattack < Arachni::Plugin::Formatter
|
|
29
|
+
|
|
30
|
+
include Buffer
|
|
31
|
+
|
|
32
|
+
def initialize( plugin_data )
|
|
33
|
+
@results = plugin_data[:results]
|
|
34
|
+
@description = plugin_data[:description]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def run
|
|
38
|
+
start_tag( 'form_dicattack' )
|
|
39
|
+
simple_tag( 'description', @description )
|
|
40
|
+
|
|
41
|
+
start_tag( 'results' )
|
|
42
|
+
|
|
43
|
+
add_credentials( @results[:username], @results[:password] )
|
|
44
|
+
|
|
45
|
+
end_tag( 'results' )
|
|
46
|
+
end_tag( 'form_dicattack' )
|
|
47
|
+
|
|
48
|
+
return buffer( )
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
|
|
13
|
+
require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
|
|
14
|
+
|
|
15
|
+
module Reports
|
|
16
|
+
|
|
17
|
+
class XML
|
|
18
|
+
module PluginFormatters
|
|
19
|
+
|
|
20
|
+
#
|
|
21
|
+
# XML formatter for the results of the HealthMap plugin
|
|
22
|
+
#
|
|
23
|
+
# @author: Tasos "Zapotek" Laskos
|
|
24
|
+
# <tasos.laskos@gmail.com>
|
|
25
|
+
# <zapotek@segfault.gr>
|
|
26
|
+
# @version: 0.1
|
|
27
|
+
#
|
|
28
|
+
class HealthMap < Arachni::Plugin::Formatter
|
|
29
|
+
|
|
30
|
+
include Buffer
|
|
31
|
+
|
|
32
|
+
def initialize( plugin_data )
|
|
33
|
+
@results = plugin_data[:results]
|
|
34
|
+
@description = plugin_data[:description]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def run
|
|
38
|
+
start_tag( 'healthmap' )
|
|
39
|
+
simple_tag( 'description', @description )
|
|
40
|
+
|
|
41
|
+
start_tag( 'results' )
|
|
42
|
+
start_tag( 'map' )
|
|
43
|
+
@results[:map].each {
|
|
44
|
+
|i|
|
|
45
|
+
|
|
46
|
+
state = i.keys[0]
|
|
47
|
+
url = i.values[0]
|
|
48
|
+
|
|
49
|
+
if state == :unsafe
|
|
50
|
+
add_url( 'unsafe', url )
|
|
51
|
+
else
|
|
52
|
+
add_url( 'safe', url )
|
|
53
|
+
end
|
|
54
|
+
}
|
|
55
|
+
end_tag( 'map' )
|
|
56
|
+
|
|
57
|
+
start_tag( 'stats' )
|
|
58
|
+
|
|
59
|
+
simple_tag( 'total', @results[:total].to_s )
|
|
60
|
+
simple_tag( 'safe', @results[:safe].to_s )
|
|
61
|
+
simple_tag( 'unsafe', @results[:unsafe].to_s )
|
|
62
|
+
simple_tag( 'issue_percentage', @results[:issue_percentage].to_s )
|
|
63
|
+
|
|
64
|
+
end_tag( 'stats' )
|
|
65
|
+
end_tag( 'results' )
|
|
66
|
+
end_tag( 'healthmap' )
|
|
67
|
+
|
|
68
|
+
return buffer( )
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def add_url( type, url )
|
|
72
|
+
__buffer( "<entry state=\"#{type}\" url=\"#{url}\" />" )
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
end
|
|
82
|
+
end
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
|
|
13
|
+
require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
|
|
14
|
+
|
|
15
|
+
module Reports
|
|
16
|
+
|
|
17
|
+
class XML
|
|
18
|
+
module PluginFormatters
|
|
19
|
+
|
|
20
|
+
#
|
|
21
|
+
# XML formatter for the results of the HTTPDicattack plugin
|
|
22
|
+
#
|
|
23
|
+
# @author: Tasos "Zapotek" Laskos
|
|
24
|
+
# <tasos.laskos@gmail.com>
|
|
25
|
+
# <zapotek@segfault.gr>
|
|
26
|
+
# @version: 0.1
|
|
27
|
+
#
|
|
28
|
+
class HTTPDicattack < Arachni::Plugin::Formatter
|
|
29
|
+
|
|
30
|
+
include Buffer
|
|
31
|
+
|
|
32
|
+
def initialize( plugin_data )
|
|
33
|
+
@results = plugin_data[:results]
|
|
34
|
+
@description = plugin_data[:description]
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def run
|
|
38
|
+
start_tag( 'http_dicattack' )
|
|
39
|
+
simple_tag( 'description', @description )
|
|
40
|
+
|
|
41
|
+
start_tag( 'results' )
|
|
42
|
+
|
|
43
|
+
add_credentials( @results[:username], @results[:password] )
|
|
44
|
+
|
|
45
|
+
end_tag( 'results' )
|
|
46
|
+
end_tag( 'http_dicattack' )
|
|
47
|
+
|
|
48
|
+
return buffer( )
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Arachni
|
|
3
|
+
Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
|
4
|
+
|
|
5
|
+
This is free software; you can copy and distribute and modify
|
|
6
|
+
this program under the term of the GPL v2.0 License
|
|
7
|
+
(See LICENSE file for details)
|
|
8
|
+
|
|
9
|
+
=end
|
|
10
|
+
|
|
11
|
+
module Arachni
|
|
12
|
+
|
|
13
|
+
require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
|
|
14
|
+
|
|
15
|
+
module Reports
|
|
16
|
+
|
|
17
|
+
class XML
|
|
18
|
+
module PluginFormatters
|
|
19
|
+
|
|
20
|
+
class MetaModules
|
|
21
|
+
|
|
22
|
+
module MetaFormatters
|
|
23
|
+
|
|
24
|
+
#
|
|
25
|
+
# XML formatter for the results of the TimeoutNotice metamodule
|
|
26
|
+
#
|
|
27
|
+
# @author: Tasos "Zapotek" Laskos
|
|
28
|
+
# <tasos.laskos@gmail.com>
|
|
29
|
+
# <zapotek@segfault.gr>
|
|
30
|
+
# @version: 0.1
|
|
31
|
+
#
|
|
32
|
+
class TimeoutNotice < Arachni::Plugin::Formatter
|
|
33
|
+
|
|
34
|
+
include Arachni::Reports::Buffer
|
|
35
|
+
|
|
36
|
+
def initialize( metadata )
|
|
37
|
+
@results = metadata[:results]
|
|
38
|
+
@description = metadata[:description]
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def run
|
|
42
|
+
start_tag( 'timeout_notice' )
|
|
43
|
+
simple_tag( 'description', @description )
|
|
44
|
+
start_tag( 'results' )
|
|
45
|
+
|
|
46
|
+
@results.each { |issue| add_issue( issue ) }
|
|
47
|
+
|
|
48
|
+
end_tag( 'results' )
|
|
49
|
+
end_tag( 'timeout_notice' )
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def add_issue( issue )
|
|
53
|
+
__buffer( "<issue hash=\"#{issue['hash'].to_s}\" " +
|
|
54
|
+
" index=\"#{issue['index'].to_s}\" name=\"#{issue['name']}\"" +
|
|
55
|
+
" url=\"#{issue['url']}\" element=\"#{issue['elem']}\" " +
|
|
56
|
+
" variable=\"#{issue['var']}\" method=\"#{issue['method']}\" />" )
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|