arachni 0.2.2.1

data/reports/plugin_formatters/xml/metaformatters/uniformity.rb

@@ -0,0 +1,82 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
+
+module Reports
+
+class XML
+module PluginFormatters
+
+class MetaModules
+module MetaFormatters
+
+    #
+    # XML formatter for the results of the Uniformity metamodule
+    #
+    # @author: Tasos "Zapotek" Laskos
+    #                                      <tasos.laskos@gmail.com>
+    #                                      <zapotek@segfault.gr>
+    # @version: 0.1
+    #
+    class Uniformity < Arachni::Plugin::Formatter
+
+        include Arachni::Reports::Buffer
+
+        def initialize( metadata )
+            @results     = metadata[:results]
+            @description = metadata[:description]
+        end
+
+        def run
+            start_tag( 'uniformity' )
+            simple_tag( 'description', @description )
+            start_tag( 'results' )
+
+            uniformals = @results['uniformals']
+            pages      = @results['pages']
+
+            uniformals.each_pair {
+                |id, uniformal|
+
+                start_uniformals( id )
+
+                uniformal['hashes'].each_with_index {
+                    |hash, i|
+                    add_uniformal( i, uniformal )
+                }
+
+                end_tag( 'uniformals' )
+            }
+
+            end_tag( 'results' )
+            end_tag( 'uniformity' )
+        end
+
+        def add_uniformal( idx, uniformal )
+            __buffer( "<issue index=\"#{uniformal['indices'][idx]}\" hash=\"#{uniformal['hashes'][idx]}\" />" )
+        end
+
+        def start_uniformals( id )
+            __buffer( "<uniformals id=\"#{id}\">" )
+        end
+
+
+    end
+
+end
+
+end
+end
+end
+end
+end

data/reports/plugin_formatters/xml/metamodules.rb

@@ -0,0 +1,91 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
+
+module Reports
+
+class XML
+    module PluginFormatters
+
+        #
+        # XML formatter for the results of the MetaModules plugin
+        #
+        # @author: Tasos "Zapotek" Laskos
+        #                                      <tasos.laskos@gmail.com>
+        #                                      <zapotek@segfault.gr>
+        # @version: 0.1
+        #
+        class MetaModules
+
+            include Arachni::Reports::Buffer
+
+            def initialize( plugin_data )
+                @results     = plugin_data[:results]
+                @description = plugin_data[:description]
+            end
+
+            def run
+                start_tag( 'metamodules' )
+                simple_tag( 'description', @description )
+                start_tag( 'results' )
+
+                format_meta_results( @results ).values.each { |xml| append( xml ) }
+
+                end_tag( 'results' )
+                end_tag( 'metamodules' )
+            end
+
+            #
+            # Runs plugin formatters for the running report and returns a hash
+            # with the prepared/formatted results.
+            #
+            # @param    [AuditStore#plugins]      plugins   plugin data/results
+            #
+            def format_meta_results( plugins )
+
+                ancestor = self.class.ancestors[0]
+
+                # add the PluginFormatters module to the report
+                eval( "module  MetaFormatters end" )
+
+                # prepare the directory of the formatters for the running report
+                lib = File.dirname( __FILE__ ) + '/metaformatters/'
+
+                @@formatters ||= {}
+                # initialize a new component manager to handle the plugin formatters
+                @@formatters[ancestor] ||= ::Arachni::Report::FormatterManager.new( lib, ancestor.const_get( 'MetaFormatters' ) )
+
+                # load all the formatters
+                @@formatters[ancestor].load( ['*'] ) if @@formatters[ancestor].empty?
+
+                # run the formatters and gather the formatted data they return
+                formatted = {}
+                @@formatters[ancestor].each_pair {
+                    |name, formatter|
+                    plugin_results = plugins[name]
+                    next if !plugin_results || plugin_results[:results].empty?
+
+                    formatted[name] = formatter.new( plugin_results.deep_clone ).run
+                }
+
+                return formatted
+            end
+
+
+        end
+
+    end
+end
+
+end
+end

data/reports/plugin_formatters/xml/waf_detector.rb

@@ -0,0 +1,58 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
+
+module Reports
+
+class XML
+    module PluginFormatters
+
+        #
+        # XML formatter for the results of the WAF Detector plugin
+        #
+        # @author: Tasos "Zapotek" Laskos
+        #                                      <tasos.laskos@gmail.com>
+        #                                      <zapotek@segfault.gr>
+        # @version: 0.1
+        #
+        class WAFDetector < Arachni::Plugin::Formatter
+
+            include Buffer
+
+            def initialize( plugin_data )
+                @results     = plugin_data[:results]
+                @description = plugin_data[:description]
+            end
+
+            def run
+                start_tag( 'waf_detector' )
+                simple_tag( 'description', @description )
+
+                start_tag( 'results' )
+
+                simple_tag( 'message', @results[:msg] )
+                simple_tag( 'code', @results[:code].to_s )
+
+                end_tag( 'results' )
+                end_tag( 'waf_detector' )
+
+                return buffer( )
+            end
+
+        end
+
+    end
+end
+
+end
+end

data/reports/stdout.rb

@@ -0,0 +1,182 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Reports
+
+#
+# Default report.
+#
+# Outputs the issues to stdout, used with the CLI UI.<br/>
+# All UIs must have a default report.
+#
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.2.1
+#
+class Stdout < Arachni::Report::Base
+
+    #
+    # @param [AuditStore]  audit_store
+    # @param [Hash]   options    options passed to the report
+    #
+    def initialize( audit_store, options )
+        @audit_store = audit_store
+    end
+
+    def run( )
+
+        print_line( "\n" )
+        print_line( "=" * 80 )
+        print_line( "\n" )
+        print_ok( 'Web Application Security Report - Arachni Framework' )
+        print_line
+        print_info( 'Report generated on: ' + Time.now.to_s )
+        print_info( 'Report false positives: ' + REPORT_FP )
+        print_line
+        print_ok( 'System settings:' )
+        print_info( '---------------' )
+        print_info( 'Version:  ' + @audit_store.version )
+        print_info( 'Revision: '+ @audit_store.revision )
+        print_info( 'Audit started on:  ' + @audit_store.start_datetime )
+        print_info( 'Audit finished on: ' + @audit_store.finish_datetime )
+        print_info( 'Runtime: ' + @audit_store.delta_time )
+        print_line
+        print_info( 'URL: ' + @audit_store.options['url'] )
+        print_info( 'User agent: ' + @audit_store.options['user_agent'] )
+        print_line
+        print_status( 'Audited elements: ' )
+        print_info( '* Links' ) if @audit_store.options['audit_links']
+        print_info( '* Forms' ) if @audit_store.options['audit_forms']
+        print_info( '* Cookies' ) if @audit_store.options['audit_cookies']
+        print_info( '* Headers' ) if @audit_store.options['audit_headers']
+        print_line
+        print_status( 'Modules: ' + @audit_store.options['mods'].join( ', ' ) )
+        print_line
+        print_status( 'Filters: ' )
+
+        if @audit_store.options['exclude']
+            print_info( "  Exclude:" )
+            @audit_store.options['exclude'].each {
+                |ex|
+                print_info( '    ' + ex )
+            }
+        end
+
+        if @audit_store.options['include']
+            print_info( "  Include:" )
+            @audit_store.options['include'].each {
+                |inc|
+                print_info( "    " + inc )
+            }
+        end
+
+        if @audit_store.options['redundant']
+            print_info( "  Redundant:" )
+            @audit_store.options['redundant'].each {
+                |red|
+                print_info( "    " + red['regexp'] + ':' + red['count'].to_s )
+            }
+        end
+
+        print_line
+        print_status( 'Cookies: ' )
+        if( @audit_store.options['cookies'] )
+            @audit_store.options['cookies'].each {
+                |cookie|
+                print_info( "  #{cookie[0]} = #{cookie[1]}" )
+            }
+        end
+
+        print_line
+        print_info( '===========================' )
+        print_line
+        print_ok( @audit_store.issues.size.to_s + " issues were detected." )
+        print_line
+
+        @audit_store.issues.each_with_index {
+            |issue, i|
+
+            print_ok( "[#{i+1}] " + issue.name )
+            print_info( '~~~~~~~~~~~~~~~~~~~~' )
+
+            print_info( 'ID Hash:  ' + issue._hash )
+            print_info( 'Severity: ' + issue.severity ) if issue.severity
+            print_info( 'URL:      ' + issue.url )
+            print_info( 'Element:  ' + issue.elem )
+            print_info( 'Method:   ' + issue.method ) if issue.method
+            print_info( 'Tags:     ' + issue.tags.join( ', ' ) ) if issue.tags.is_a?( Array )
+            print_info( 'Variable: ' + issue.var ) if issue.var
+            print_info( 'Description: ' )
+            print_info( issue.description )
+
+            if issue.cwe && !issue.cwe.empty?
+                print_line
+                print_info( "CWE: http://cwe.mitre.org/data/definitions/#{issue.cwe}.html" )
+            end
+
+            print_line
+            print_info( 'Requires manual verification?: ' + issue.verification.to_s )
+            print_line
+
+            if( issue.references )
+                print_info( 'References:' )
+                issue.references.each{
+                    |ref|
+                    print_info( '  ' + ref[0] + ' - ' + ref[1] )
+                }
+            end
+
+            print_info_variations( issue )
+
+            print_line
+        }
+
+        print_line
+        print_ok( 'Plugin data:' )
+        print_info( '---------------' )
+        print_line
+
+        # let the plugin formatters to their thing and print their results
+        format_plugin_results( @audit_store.plugins )
+    end
+
+    def self.info
+        {
+            :name           => 'Stdout',
+            :description    => %q{Prints the results to standard output.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.2.1',
+        }
+    end
+
+    def print_info_variations( issue )
+        print_line
+        print_status( 'Variations' )
+        print_info( '----------' )
+        issue.variations.each_with_index {
+            |var, i|
+            print_info( "Variation #{i+1}:" )
+            print_info( 'URL: ' + var['url'] )
+            print_info( 'ID:  ' + var['id'].to_s ) if var['id']
+            print_info( 'Injected value:     ' + var['injected'].to_s ) if var['injected']
+            print_info( 'Regular expression: ' + var['regexp'].to_s ) if var['regexp']
+            print_info( 'Matched string:     ' + var['regexp_match'].to_s ) if var['regexp_match']
+
+            print_line
+        }
+    end
+
+end
+
+end
+end

data/reports/txt.rb

@@ -0,0 +1,77 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+
+module Arachni
+
+module Reports
+
+#
+# Creates a plain text report of the audit.
+#
+# It redirects stdout to an outfile and runs the default (stdout.rb) report.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.2
+#
+class Text < Arachni::Report::Base
+
+    #
+    # @param [AuditStore]  audit_store
+    # @param [Hash]        options    options passed to the report
+    #
+    def initialize( audit_store, options )
+        @audit_store = audit_store
+        @outfile     = options['outfile']
+
+        require Options.instance.dir['reports'] + 'stdout'
+
+        # get an instance of the stdout report
+        @__stdout_rep = Arachni::Reports::Stdout.new( audit_store, options )
+    end
+
+    def run( )
+
+        print_line( )
+        print_status( 'Creating text report...' )
+
+        # redirect output streams to the outfile
+        stdout = $stdout.dup
+        stderr = $stderr.dup
+        $stderr = $stdout = File.new( @outfile, 'w' )
+
+        @__stdout_rep.run( )
+
+        $stdout.close
+        $stdout = stdout.dup
+        $stderr = stderr.dup
+
+        print_status( 'Saved in \'' + @outfile + '\'.' )
+    end
+
+    def self.info
+        {
+            :name           => 'Text report',
+            :description    => %q{Exports a report as a plain text file.},
+            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            :version        => '0.2',
+            :options        => [
+                Arachni::OptString.new( 'outfile', [ false, 'Where to save the report.',
+                    Time.now.to_s + '.txt' ] ),
+            ]
+        }
+    end
+
+end
+
+end
+end