arachni 0.2.2.1 → 0.2.2.2

data/lib/module/auditor.rb

@@ -299,6 +299,20 @@ module Auditor
         }
     end
 
+    #
+    # ABSTRACT - OPTIONAL
+    #
+    # This is called right before an [Arachni::Parser::Element]
+    # is submitted/auditted and is used to determine whether to skip it or not.
+    #
+    # Implementation details are left up to the running module.
+    #
+    # @param    [Arachni::Parser::Element]  elem
+    #
+    def skip?( elem )
+        return false
+    end
+
 
     #
     # Audits elements using a 2 phase timing attack and logs results.

data/lib/module/base.rb

@@ -107,20 +107,6 @@ class Base
     def run( )
     end
 
-    #
-    # ABSTRACT - OPTIONAL
-    #
-    # This is called right before an [Arachni::Parser::Element]
-    # is submitted/auditted and is used to determine whether to skip it or not.
-    #
-    # Implementation details are left up to the running module.
-    #
-    # @param    [Arachni::Parser::Element]  elem
-    #
-    def skip?( elem )
-        return false
-    end
-
     #
     # ABSTRACT - OPTIONAL
     #

data/lib/nokogiri/xml/node.rb

@@ -0,0 +1,42 @@
+module Nokogiri
+  module XML
+    class Node
+
+      ###
+      # Serialize Node using +options+.  Save options can also be set using a
+      # block. See SaveOptions.
+      #
+      # These two statements are equivalent:
+      #
+      #  node.serialize(:encoding => 'UTF-8', :save_with => FORMAT | AS_XML)
+      #
+      # or
+      #
+      #   node.serialize(:encoding => 'UTF-8') do |config|
+      #     config.format.as_xml
+      #   end
+      #
+      def serialize *args, &block
+        options = args.first.is_a?(Hash) ? args.shift : {
+          :encoding   => args[0],
+          :save_with  => args[1] || SaveOptions::FORMAT
+        }
+
+        encoding = options[:encoding] || document.encoding
+
+        outstring = ""
+        if encoding && outstring.respond_to?(:force_encoding)
+          begin
+            outstring.force_encoding(Encoding.find(encoding))
+          rescue
+            outstring.force_encoding(Encoding.find('UTF-8'))
+          end
+        end
+        io = StringIO.new(outstring)
+        write_to io, options, &block
+        io.string
+      end
+
+    end
+  end
+end

data/lib/ui/cli/cli.rb

@@ -554,7 +554,7 @@ class CLI
                                       <zapotek@segfault.gr>
                (With the support of the community and the Arachni Team.)
 
-       Website:       http://github.com/Zapotek/arachni
+       Website:       http://arachni.segfault.gr - http://github.com/Zapotek/arachni
        Documentation: http://github.com/Zapotek/arachni/wiki'
         print_line
         print_line

data/lib/ui/web/log.rb

@@ -20,13 +20,17 @@ module Web
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @version: 0.1.1
 #
 class Log
 
     class Entry
         include DataMapper::Resource
 
+       def self.default_repository_name
+         :log
+       end
+
         property :id,           Serial
         property :action,       String
         property :object,       String
@@ -42,14 +46,15 @@ class Log
         @opts     = opts
         @settings = settings
 
-        DataMapper::setup( :default, "sqlite3://#{@settings.db}/log.db" )
-        DataMapper.finalize
-
-        Entry.auto_upgrade!
+        DataMapper::setup( :log, "sqlite3://#{@settings.db}/log.db" )
+        DataMapper.repository( :log ) {
+            DataMapper.finalize
+            Entry.auto_upgrade!
+        }
     end
 
     def entry
-        Entry
+        DataMapper.repository( :log ) { Entry }
     end
 
     def method_missing( sym, *args, &block )
@@ -65,14 +70,16 @@ class Log
             host = env['REMOTE_HOST']
         end
 
-        Entry.create(
-            :action => action,
-            :owner  => owner,
-            :object => object,
-            :client_addr => addr,
-            :client_host => host,
-            :datestamp   => Time.now
-        )
+        DataMapper.repository( :log ) {
+            Entry.create(
+                :action => action,
+                :owner  => owner,
+                :object => object,
+                :client_addr => addr,
+                :client_host => host,
+                :datestamp   => Time.now.asctime
+            )
+        }
     end
 
 end

data/lib/ui/web/report_manager.rb

@@ -8,6 +8,8 @@
 
 =end
 
+require 'datamapper'
+
 module Arachni
 module UI
 module Web
@@ -20,18 +22,58 @@ module Web
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @version: 0.1.1
 #
 class ReportManager
 
     FOLDERNAME = "reports"
     EXTENSION  = '.afr'
 
-   def initialize( opts, settings )
+    class Report
+        include DataMapper::Resource
+
+        property :id,           Serial
+        property :host,         String
+        property :issue_count,  Integer
+        property :filename,     String
+        property :datestamp,    DateTime
+    end
+
+
+    def initialize( opts, settings )
         @opts     = opts
         @settings = settings
         populate_available
-   end
+
+        DataMapper::setup( :default, "sqlite3://#{@settings.db}/default.db" )
+        DataMapper.finalize
+
+        Report.auto_upgrade!
+
+        migrate_files
+    end
+
+    #
+    # Migrates AFR reports from the savedir folder into the DB
+    # so that users will be able to manage them via the WebUI
+    #
+    def migrate_files
+        Dir.glob( "#{savedir}*" + EXTENSION ).each {
+            |file|
+            next if Report.first( :filename => File.basename( file, EXTENSION ) )
+
+            begin
+                data = File.read( file )
+                Report.create(
+                    :issue_count => get_issue_count( data ),
+                    :host        => get_host( data ),
+                    :filename    => File.basename( file, EXTENSION ),
+                    :datestamp   => get_finish_datetime( data )
+                )
+            rescue
+            end
+        }
+    end
 
     #
     # @return    [String]    save directory
@@ -87,19 +129,29 @@ class ReportManager
     #
     # @return    [Array]
     #
-    def all
-        Dir.glob( savedir + "*#{EXTENSION}" )
+    def all( *args )
+        Report.all( *args )
     end
 
     def delete_all
         all.each {
             |report|
-            delete( report )
+            delete( report.id )
         }
+        all.destroy
     end
 
-    def delete( report )
-        FileUtils.rm( savedir + File.basename( report, '.afr' ) + '.afr' )
+    def delete( id )
+        report = Report.get( id )
+        begin
+            FileUtils.rm( savedir + Report.get( id ).filename + EXTENSION )
+        rescue
+        end
+
+        begin
+            report.destroy
+        rescue
+        end
     end
 
     #
@@ -112,23 +164,39 @@ class ReportManager
     # @return   [String]        host:audit_date
     #
     def get_filename( report )
-        rep = YAML::load( report )
+        rep = unserialize( report )
         filename = "#{URI(rep.options['url']).host}:#{rep.start_datetime}"
     end
 
+    def get_issue_count( report )
+        unserialize( report ).issues.size
+    end
+
+    def get_host( report )
+        return URI(unserialize( report ).options['url']).host
+    end
+
+    def get_finish_datetime( report )
+        return unserialize( report ).finish_datetime
+    end
+
     #
     # Returns a stored report as a <type> file. Basically a convertion/export method.
     #
-    # @param    [String]    type            html, txt, xml, etc
-    # @param    [String]    report_file     path to the report
+    # @param    [String]    type      html, txt, xml, etc
+    # @param    [Integer]   id        report id
     #
     # @return   [String]    the converted report
     #
-    def get( type, report_file )
+    def get( type, id )
         return if !valid_class?( type )
 
-        location = savedir + report_file + EXTENSION
-        convert( type, File.read( location ) )
+        begin
+            location = savedir + Report.get( id ).filename + EXTENSION
+            convert( type, File.read( location ) )
+        rescue
+            return nil
+        end
     end
 
     #
@@ -151,11 +219,28 @@ class ReportManager
 
     private
 
+    def unserialize( data )
+         begin
+            Marshal.load( data )
+         rescue
+             YAML.load( data )
+         end
+    end
+
     def save_to_file( data, file )
+        return file if File.exists?( file )
+
         f = File.new( file, 'w' )
         f.write( data )
         f.close
 
+        Report.create(
+            :issue_count => get_issue_count( data ),
+            :host        => get_host( data ),
+            :filename    => File.basename( f.path, EXTENSION ),
+            :datestamp   => Time.now.asctime
+        )
+
         return f.path
     end
 
@@ -168,7 +253,7 @@ class ReportManager
         }
         opts['outfile'] = get_tmp_outfile_name( type, report )
 
-        classes[type].new( YAML::load( report ), opts ).run
+        classes[type].new( unserialize( report ), opts ).run
 
         content = File.read( opts['outfile'] )
         FileUtils.rm( opts['outfile'] )

data/lib/ui/web/server.rb

@@ -41,14 +41,14 @@ require Arachni::Options.instance.dir['lib'] + 'ui/web/output_stream'
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1-pre
+# @version: 0.1.1-pre
 #
 # @see Arachni::RPC::XML::Client::Instance
 # @see Arachni::RPC::XML::Client::Dispatcher
 #
 module Web
 
-    VERSION = '0.1-pre'
+    VERSION = '0.1.1-pre'
 
 class Server < Sinatra::Base
 
@@ -457,7 +457,7 @@ class Server < Sinatra::Base
     #
     def save_shutdown_and_show( arachni )
         report = save_and_shutdown( arachni )
-        settings.reports.get( 'html', File.basename( report, '.afr' ) )
+        settings.reports.get( 'html', settings.reports.all.last.id )
     end
 
     #
@@ -466,7 +466,7 @@ class Server < Sinatra::Base
     # @param    [Arachni::RPC::XML::Client::Instance]   arachni
     #
     def save_and_shutdown( arachni )
-        arachni.framework.clean_up!
+        arachni.framework.clean_up!( true )
         report_path = settings.reports.save( arachni.framework.auditstore )
         arachni.service.shutdown!
         return report_path
@@ -641,7 +641,7 @@ class Server < Sinatra::Base
     get "/plugins" do
         fill_component_cache
         prep_session
-        erb :plugins, { :layout => true }
+        erb :plugins, { :layout => true }, :session_options => YAML::load( session['opts']['plugins'] )
     end
 
     #
@@ -650,7 +650,7 @@ class Server < Sinatra::Base
     post "/plugins" do
         session['opts']['plugins'] = YAML::dump( prep_plugins( escape_hash( params ) ) )
         flash.now[:ok] = "Plugins updated."
-        show :plugins, true
+        erb :plugins, { :layout => true }, :session_options => YAML::load( session['opts']['plugins'] )
     end
 
     get "/settings" do
@@ -697,12 +697,16 @@ class Server < Sinatra::Base
                 { 'data' => OutputStream.new( arachni, 38 ).data }.to_json
             else
                 settings.log.instance_shutdown( env, port_to_url( params[:port] ) )
-                {
-                    'report' => '"data:text/html;base64, ' +
-                        Base64.encode64( save_shutdown_and_show( arachni ) ) + '"'
-                }.to_json
+                save_and_shutdown( arachni )
+
+                # {
+                #     'report' => '"data:text/html;base64, ' +
+                #         Base64.encode64( save_shutdown_and_show( arachni ) ) + '"'
+                # }.to_json
+
+                { 'status' => 'finished', 'data' => "The server has been shut down." }.to_json
             end
-        rescue Errno::ECONNREFUSED
+        rescue
             { 'status' => 'finished', 'data' => "The server has been shut down." }.to_json
         end
     end
@@ -715,7 +719,7 @@ class Server < Sinatra::Base
                 out = erb( :output_results, { :layout => false }, :issues => YAML.load( arachni.framework.auditstore ).issues)
                 { 'data' => out }.to_json
             end
-        rescue Errno::ECONNREFUSED
+        rescue
             { 'data' => "The server has been shut down." }.to_json
         end
     end
@@ -727,7 +731,7 @@ class Server < Sinatra::Base
             stats = arachni.framework.stats
             stats['current_page'] = escape( stats['current_page'] )
             { 'refresh' => true, 'stats' => stats }.to_json
-        rescue Errno::ECONNREFUSED
+        rescue
             { 'refresh' => false }.to_json
         end
     end
@@ -786,20 +790,7 @@ class Server < Sinatra::Base
     end
 
     get "/reports" do
-
-        reports = []
-        settings.reports.all.each {
-            |report|
-            name = File.basename( report, '.afr' )
-            host, date = name.split( ':', 2 )
-            reports << {
-                'host'  => host,
-                'date'  => date,
-                'name'  => name
-            }
-        }
-
-        erb :reports, { :layout => true }, :reports => reports,
+        erb :reports, { :layout => true }, :reports => settings.reports.all( :order => :datestamp.desc ),
             :available => settings.reports.available
     end
 
@@ -814,17 +805,17 @@ class Server < Sinatra::Base
         redirect '/reports'
     end
 
-    post '/report/:name/delete' do
-        settings.reports.delete( params[:name] )
-        settings.log.report_deleted( env, params[:name] )
+    post '/report/:id/delete' do
+        settings.reports.delete( params[:id] )
+        settings.log.report_deleted( env, params[:id] )
 
         redirect '/reports'
     end
 
-    get '/report/:name.:type' do
-        settings.log.report_converted( env, params[:name] + '.' + params[:type] )
+    get '/report/:id.:type' do
+        settings.log.report_converted( env, params[:id] + '.' + params[:type] )
         content_type( params[:type], :default => 'application/octet-stream' )
-        settings.reports.get( params[:type], params[:name] )
+        settings.reports.get( params[:type], params[:id] )
     end
 
     get '/log' do