arachni 0.2.2.1 → 0.2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. data/CHANGELOG.md +30 -0
  2. data/CONTRIBUTORS.md +1 -0
  3. data/README.md +28 -8
  4. data/Rakefile +1 -0
  5. data/bin/arachni_web_autostart +46 -0
  6. data/lib/anemone/page.rb +1 -0
  7. data/lib/arachni.rb +1 -1
  8. data/lib/framework.rb +8 -3
  9. data/lib/http.rb +9 -39
  10. data/lib/mixins/observable.rb +87 -0
  11. data/lib/module/auditor.rb +14 -0
  12. data/lib/module/base.rb +0 -14
  13. data/lib/nokogiri/xml/node.rb +42 -0
  14. data/lib/ui/cli/cli.rb +1 -1
  15. data/lib/ui/web/log.rb +21 -14
  16. data/lib/ui/web/report_manager.rb +100 -15
  17. data/lib/ui/web/server.rb +24 -33
  18. data/lib/ui/web/server/public/reports/demo.testfire.net:Sun Mar 20 02:48:10 2011.afr +104829 -0
  19. data/lib/ui/web/server/views/layout.erb +1 -1
  20. data/lib/ui/web/server/views/options.erb +10 -2
  21. data/lib/ui/web/server/views/plugins.erb +1 -1
  22. data/lib/ui/web/server/views/reports.erb +8 -4
  23. data/lib/ui/xmlrpc/xmlrpc.rb +1 -1
  24. data/metamodules/autothrottle.rb +2 -2
  25. data/metamodules/timeout_notice.rb +1 -1
  26. data/modules/audit/sqli_blind_rdiff.rb +1 -1
  27. data/modules/recon/common_files/filenames.txt +2 -0
  28. data/modules/recon/directory_listing.rb +1 -0
  29. data/modules/recon/interesting_responses.rb +3 -3
  30. data/path_extractors/generic.rb +5 -1
  31. data/plugins/autologin.rb +15 -4
  32. data/plugins/content_types.rb +2 -2
  33. data/plugins/cookie_collector.rb +9 -16
  34. data/plugins/profiler.rb +237 -0
  35. data/reports/html.rb +21 -6
  36. data/reports/html/default.erb +4 -2
  37. data/reports/plugin_formatters/html/autologin.rb +63 -0
  38. data/reports/plugin_formatters/html/profiler.rb +71 -0
  39. data/reports/plugin_formatters/html/profiler/template.erb +177 -0
  40. data/reports/plugin_formatters/stdout/autologin.rb +55 -0
  41. data/reports/plugin_formatters/stdout/profiler.rb +90 -0
  42. data/reports/plugin_formatters/xml/autologin.rb +68 -0
  43. data/reports/plugin_formatters/xml/profiler.rb +120 -0
  44. metadata +23 -68
data/reports/plugin_formatters/stdout/profiler.rb ADDED
@@ -0,0 +1,90 @@
1
+ =begin
2
+ Arachni
3
+ Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
4
+
5
+ This is free software; you can copy and distribute and modify
6
+ this program under the term of the GPL v2.0 License
7
+ (See LICENSE file for details)
8
+
9
+ =end
10
+
11
+ module Arachni
12
+ module Reports
13
+
14
+ class Stdout
15
+ module PluginFormatters
16
+
17
+ #
18
+ # Stdout formatter for the results of the Profiler plugin
19
+ #
20
+ #
21
+ # @author: Tasos "Zapotek" Laskos
22
+ # <tasos.laskos@gmail.com>
23
+ # <zapotek@segfault.gr>
24
+ # @version: 0.1
25
+ #
26
+ class Profiler < Arachni::Plugin::Formatter
27
+
28
+ def initialize( plugin_data )
29
+ @results = plugin_data[:results]
30
+ @description = plugin_data[:description]
31
+ end
32
+
33
+ def run
34
+ print_status( 'Profiler' )
35
+ print_info( '~~~~~~~~~~~~~~' )
36
+
37
+ print_info( 'Description: ' + @description )
38
+ print_line
39
+
40
+ print_info( 'Inputs affecting output:' )
41
+ print_line
42
+
43
+ @results['inputs'].each {
44
+ |item|
45
+
46
+ output = item['element']['type'].capitalize
47
+ output << " named '#{item['element']['name']}'" if item['element']['name']
48
+ output << " using the '#{item['element']['altered']}' input" if item['element']['altered']
49
+ output << " at '#{item['element']['owner']}' pointing to '#{item['element']['action']}'"
50
+ output << " using '#{item['request']['method']}'."
51
+
52
+ print_ok( output )
53
+ print_info( 'It was submitted using the following parameters:' )
54
+ item['element']['auditable'].each_pair {
55
+ |k, v|
56
+ print_info( " * #{k}\t= #{v}" )
57
+ }
58
+
59
+ print_info
60
+ print_info( "The taint landed in the following elements at '#{item['request']['url']}':" )
61
+ item['landed'].each {
62
+ |elem|
63
+
64
+ output = elem['type'].capitalize
65
+ output << " named '#{elem['name']}'" if elem['name']
66
+ output << " using the '#{elem['altered']}' input" if elem['altered']
67
+ output << " at '#{elem['owner']}' pointing to '#{elem['action']}'" if elem['action']
68
+
69
+ print_info( " * #{output}" )
70
+ if elem['auditable']
71
+ elem['auditable'].each_pair {
72
+ |k, v|
73
+ print_info( " - #{k}\t= #{v}" )
74
+ }
75
+ end
76
+
77
+ }
78
+
79
+ print_line
80
+ }
81
+
82
+ end
83
+
84
+ end
85
+
86
+ end
87
+ end
88
+
89
+ end
90
+ end
data/reports/plugin_formatters/xml/autologin.rb ADDED
@@ -0,0 +1,68 @@
1
+ =begin
2
+ Arachni
3
+ Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
4
+
5
+ This is free software; you can copy and distribute and modify
6
+ this program under the term of the GPL v2.0 License
7
+ (See LICENSE file for details)
8
+
9
+ =end
10
+
11
+ module Arachni
12
+
13
+ require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
14
+
15
+ module Reports
16
+
17
+ class XML
18
+ module PluginFormatters
19
+
20
+ #
21
+ # XML formatter for the results of the AutoLogin plugin
22
+ #
23
+ # @author: Tasos "Zapotek" Laskos
24
+ # <tasos.laskos@gmail.com>
25
+ # <zapotek@segfault.gr>
26
+ # @version: 0.1
27
+ #
28
+ class AutoLogin < Arachni::Plugin::Formatter
29
+
30
+ include Buffer
31
+
32
+ def initialize( plugin_data )
33
+ @results = plugin_data[:results]
34
+ @description = plugin_data[:description]
35
+ end
36
+
37
+ def run
38
+ start_tag( 'autologin' )
39
+ simple_tag( 'description', @description )
40
+
41
+ start_tag( 'results' )
42
+
43
+ simple_tag( 'message', @results[:msg] )
44
+ simple_tag( 'code', @results[:code].to_s )
45
+
46
+ start_tag( 'cookies' )
47
+ if( @results[:cookies] )
48
+ @results[:cookies].each {
49
+ |name, value|
50
+ add_cookie( name, value )
51
+ }
52
+ end
53
+ end_tag( 'cookies' )
54
+
55
+
56
+ end_tag( 'results' )
57
+ end_tag( 'autologin' )
58
+
59
+ return buffer( )
60
+ end
61
+
62
+ end
63
+
64
+ end
65
+ end
66
+
67
+ end
68
+ end
data/reports/plugin_formatters/xml/profiler.rb ADDED
@@ -0,0 +1,120 @@
1
+ =begin
2
+ Arachni
3
+ Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
4
+
5
+ This is free software; you can copy and distribute and modify
6
+ this program under the term of the GPL v2.0 License
7
+ (See LICENSE file for details)
8
+
9
+ =end
10
+
11
+ module Arachni
12
+
13
+ require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
14
+
15
+ module Reports
16
+
17
+ class XML
18
+ module PluginFormatters
19
+
20
+ #
21
+ # XML formatter for the results of the Profiler plugin
22
+ #
23
+ # @author: Tasos "Zapotek" Laskos
24
+ # <tasos.laskos@gmail.com>
25
+ # <zapotek@segfault.gr>
26
+ # @version: 0.1
27
+ #
28
+ class Profiler < Arachni::Plugin::Formatter
29
+
30
+ include Buffer
31
+
32
+ def initialize( plugin_data )
33
+ @results = plugin_data[:results]
34
+ @description = plugin_data[:description]
35
+ end
36
+
37
+ def run
38
+ start_tag( 'profiler' )
39
+ simple_tag( 'description', @description )
40
+
41
+ start_tag( 'results' )
42
+
43
+ start_tag( 'inputs' )
44
+ @results['inputs'].each {
45
+ |item|
46
+
47
+ start_tag( 'input' )
48
+
49
+ start_tag( 'element' )
50
+ add_hash( item['element'] )
51
+ add_params( item['element']['auditable'] ) if item['auditable']
52
+ end_tag( 'element' )
53
+
54
+ start_tag( 'response' )
55
+ add_hash( item['response'] )
56
+ add_headers( 'headers', item['response']['headers'] )
57
+ end_tag( 'response' )
58
+
59
+ start_tag( 'request' )
60
+ add_hash( item['response'] )
61
+ add_headers( 'headers', item['request']['headers'] )
62
+ end_tag( 'request' )
63
+
64
+ start_tag( 'landed' )
65
+ item['landed'].each {
66
+ |elem|
67
+ start_tag( 'element' )
68
+ add_hash( elem )
69
+ add_params( elem['auditable'] ) if elem['auditable']
70
+ end_tag( 'element' )
71
+ }
72
+ end_tag( 'landed' )
73
+
74
+
75
+ end_tag( 'input' )
76
+ }
77
+ end_tag( 'inputs' )
78
+
79
+ start_tag( 'times' )
80
+ @results['times'].each {
81
+ |elem|
82
+ start_tag( 'response' )
83
+ add_hash( elem )
84
+ add_params( elem['params'] ) if elem['params']
85
+ end_tag( 'response' )
86
+ }
87
+ end_tag( 'times' )
88
+
89
+
90
+ end_tag( 'results' )
91
+ end_tag( 'profiler' )
92
+
93
+ return buffer( )
94
+ end
95
+
96
+ def add_hash( hash )
97
+ hash.each_pair {
98
+ |k, v|
99
+ next if v.nil? || v.is_a?( Hash ) || v.is_a?( Array )
100
+ simple_tag( k, v.to_s )
101
+ }
102
+ end
103
+
104
+ def add_params( params )
105
+
106
+ start_tag( 'params' )
107
+ params.each_pair {
108
+ |name, value|
109
+ __buffer( "<param name=\"#{name}\" value=\"#{CGI.escapeHTML( value.strip )}\" />" )
110
+ }
111
+ end_tag( 'params' )
112
+ end
113
+
114
+ end
115
+
116
+ end
117
+ end
118
+
119
+ end
120
+ end
metadata CHANGED
@@ -1,13 +1,8 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: arachni
3
3
  version: !ruby/object:Gem::Version
4
- prerelease: false
5
- segments:
6
- - 0
7
- - 2
8
- - 2
9
- - 1
10
- version: 0.2.2.1
4
+ prerelease:
5
+ version: 0.2.2.2
11
6
  platform: ruby
12
7
  authors:
13
8
  - Tasos Laskos
@@ -15,7 +10,7 @@ autorequire:
15
10
  bindir: bin
16
11
  cert_chain: []
17
12
 
18
- date: 2011-02-13 00:00:00 +00:00
13
+ date: 2011-03-22 00:00:00 +00:00
19
14
  default_executable:
20
15
  dependencies:
21
16
  - !ruby/object:Gem::Dependency
@@ -26,12 +21,7 @@ dependencies:
26
21
  requirements:
27
22
  - - ~>
28
23
  - !ruby/object:Gem::Version
29
- segments:
30
- - 0
31
- - 2
32
- - 0
33
- - 1
34
- version: 0.2.0.1
24
+ version: 0.2.0.2
35
25
  type: :runtime
36
26
  version_requirements: *id001
37
27
  - !ruby/object:Gem::Dependency
@@ -42,10 +32,6 @@ dependencies:
42
32
  requirements:
43
33
  - - ~>
44
34
  - !ruby/object:Gem::Version
45
- segments:
46
- - 1
47
- - 4
48
- - 4
49
35
  version: 1.4.4
50
36
  type: :runtime
51
37
  version_requirements: *id002
@@ -57,10 +43,6 @@ dependencies:
57
43
  requirements:
58
44
  - - ~>
59
45
  - !ruby/object:Gem::Version
60
- segments:
61
- - 0
62
- - 3
63
- - 1
64
46
  version: 0.3.1
65
47
  type: :runtime
66
48
  version_requirements: *id003
@@ -72,10 +54,6 @@ dependencies:
72
54
  requirements:
73
55
  - - ~>
74
56
  - !ruby/object:Gem::Version
75
- segments:
76
- - 0
77
- - 10
78
- - 0
79
57
  version: 0.10.0
80
58
  type: :runtime
81
59
  version_requirements: *id004
@@ -87,10 +65,6 @@ dependencies:
87
65
  requirements:
88
66
  - - ~>
89
67
  - !ruby/object:Gem::Version
90
- segments:
91
- - 0
92
- - 8
93
- - 1
94
68
  version: 0.8.1
95
69
  type: :runtime
96
70
  version_requirements: *id005
@@ -102,10 +76,6 @@ dependencies:
102
76
  requirements:
103
77
  - - ~>
104
78
  - !ruby/object:Gem::Version
105
- segments:
106
- - 1
107
- - 4
108
- - 2
109
79
  version: 1.4.2
110
80
  type: :runtime
111
81
  version_requirements: *id006
@@ -115,13 +85,9 @@ dependencies:
115
85
  requirement: &id007 !ruby/object:Gem::Requirement
116
86
  none: false
117
87
  requirements:
118
- - - ">="
88
+ - - ~>
119
89
  - !ruby/object:Gem::Version
120
- segments:
121
- - 0
122
- - 9
123
- - 2
124
- version: 0.9.2
90
+ version: 1.2.1
125
91
  type: :runtime
126
92
  version_requirements: *id007
127
93
  - !ruby/object:Gem::Dependency
@@ -130,12 +96,8 @@ dependencies:
130
96
  requirement: &id008 !ruby/object:Gem::Requirement
131
97
  none: false
132
98
  requirements:
133
- - - ">="
99
+ - - ~>
134
100
  - !ruby/object:Gem::Version
135
- segments:
136
- - 1
137
- - 0
138
- - 2
139
101
  version: 1.0.2
140
102
  type: :runtime
141
103
  version_requirements: *id008
@@ -145,12 +107,8 @@ dependencies:
145
107
  requirement: &id009 !ruby/object:Gem::Requirement
146
108
  none: false
147
109
  requirements:
148
- - - ">="
110
+ - - ~>
149
111
  - !ruby/object:Gem::Version
150
- segments:
151
- - 2
152
- - 1
153
- - 0
154
112
  version: 2.1.0
155
113
  type: :runtime
156
114
  version_requirements: *id009
@@ -160,12 +118,8 @@ dependencies:
160
118
  requirement: &id010 !ruby/object:Gem::Requirement
161
119
  none: false
162
120
  requirements:
163
- - - ">="
121
+ - - ~>
164
122
  - !ruby/object:Gem::Version
165
- segments:
166
- - 0
167
- - 1
168
- - 1
169
123
  version: 0.1.1
170
124
  type: :runtime
171
125
  version_requirements: *id010
@@ -177,10 +131,6 @@ dependencies:
177
131
  requirements:
178
132
  - - ~>
179
133
  - !ruby/object:Gem::Version
180
- segments:
181
- - 1
182
- - 4
183
- - 6
184
134
  version: 1.4.6
185
135
  type: :runtime
186
136
  version_requirements: *id011
@@ -192,10 +142,6 @@ dependencies:
192
142
  requirements:
193
143
  - - ~>
194
144
  - !ruby/object:Gem::Version
195
- segments:
196
- - 1
197
- - 0
198
- - 2
199
145
  version: 1.0.2
200
146
  type: :runtime
201
147
  version_requirements: *id012
@@ -207,6 +153,7 @@ executables:
207
153
  - arachni_xmlrpcd
208
154
  - arachni_xmlrpc
209
155
  - arachni_web
156
+ - arachni_web_autostart
210
157
  extensions: []
211
158
 
212
159
  extra_rdoc_files:
@@ -229,6 +176,7 @@ files:
229
176
  - CONTRIBUTORS.md
230
177
  - EXPLOITATION.md
231
178
  - HACKING.md
179
+ - lib/nokogiri/xml/node.rb
232
180
  - lib/module.rb
233
181
  - lib/module/trainer.rb
234
182
  - lib/module/output.rb
@@ -238,6 +186,7 @@ files:
238
186
  - lib/module/element_db.rb
239
187
  - lib/module/base.rb
240
188
  - lib/module/manager.rb
189
+ - lib/mixins/observable.rb
241
190
  - lib/parser.rb
242
191
  - lib/component_options.rb
243
192
  - lib/anemone/storage.rb
@@ -315,6 +264,7 @@ files:
315
264
  - lib/ui/web/server/public/spider.png
316
265
  - lib/ui/web/server/public/banner.png
317
266
  - lib/ui/web/server/public/bodybg-small.png
267
+ - lib/ui/web/server/public/reports/demo.testfire.net:Sun Mar 20 02:48:10 2011.afr
318
268
  - lib/ui/web/server/public/reports/placeholder
319
269
  - lib/ui/web/server/public/icons/status.png
320
270
  - lib/ui/web/server/public/icons/info.png
@@ -432,6 +382,7 @@ files:
432
382
  - plugins/cookie_collector.rb
433
383
  - plugins/http_dicattack.rb
434
384
  - plugins/content_types.rb
385
+ - plugins/profiler.rb
435
386
  - plugins/waf_detector.rb
436
387
  - plugins/form_dicattack.rb
437
388
  - plugins/autologin.rb
@@ -444,28 +395,35 @@ files:
444
395
  - reports/plugin_formatters/stdout/cookie_collector.rb
445
396
  - reports/plugin_formatters/stdout/http_dicattack.rb
446
397
  - reports/plugin_formatters/stdout/content_types.rb
398
+ - reports/plugin_formatters/stdout/profiler.rb
447
399
  - reports/plugin_formatters/stdout/waf_detector.rb
448
400
  - reports/plugin_formatters/stdout/form_dicattack.rb
449
401
  - reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb
450
402
  - reports/plugin_formatters/stdout/metaformatters/uniformity.rb
403
+ - reports/plugin_formatters/stdout/autologin.rb
451
404
  - reports/plugin_formatters/xml/metamodules.rb
452
405
  - reports/plugin_formatters/xml/healthmap.rb
453
406
  - reports/plugin_formatters/xml/cookie_collector.rb
454
407
  - reports/plugin_formatters/xml/http_dicattack.rb
455
408
  - reports/plugin_formatters/xml/content_types.rb
409
+ - reports/plugin_formatters/xml/profiler.rb
456
410
  - reports/plugin_formatters/xml/waf_detector.rb
457
411
  - reports/plugin_formatters/xml/form_dicattack.rb
458
412
  - reports/plugin_formatters/xml/metaformatters/timeout_notice.rb
459
413
  - reports/plugin_formatters/xml/metaformatters/uniformity.rb
414
+ - reports/plugin_formatters/xml/autologin.rb
460
415
  - reports/plugin_formatters/html/metamodules.rb
461
416
  - reports/plugin_formatters/html/healthmap.rb
462
417
  - reports/plugin_formatters/html/cookie_collector.rb
418
+ - reports/plugin_formatters/html/profiler/template.erb
463
419
  - reports/plugin_formatters/html/http_dicattack.rb
464
420
  - reports/plugin_formatters/html/content_types.rb
421
+ - reports/plugin_formatters/html/profiler.rb
465
422
  - reports/plugin_formatters/html/waf_detector.rb
466
423
  - reports/plugin_formatters/html/form_dicattack.rb
467
424
  - reports/plugin_formatters/html/metaformatters/timeout_notice.rb
468
425
  - reports/plugin_formatters/html/metaformatters/uniformity.rb
426
+ - reports/plugin_formatters/html/autologin.rb
469
427
  - reports/metareport/arachni_metareport.rb
470
428
  - reports/txt.rb
471
429
  - reports/xml/buffer.rb
@@ -480,6 +438,7 @@ files:
480
438
  - bin/arachni_xmlrpcd
481
439
  - bin/arachni_xmlrpc
482
440
  - bin/arachni_web
441
+ - bin/arachni_web_autostart
483
442
  has_rdoc: true
484
443
  homepage: https://github.com/Zapotek/arachni
485
444
  licenses: []
@@ -494,21 +453,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
494
453
  requirements:
495
454
  - - ">="
496
455
  - !ruby/object:Gem::Version
497
- segments:
498
- - 0
499
456
  version: "0"
500
457
  required_rubygems_version: !ruby/object:Gem::Requirement
501
458
  none: false
502
459
  requirements:
503
460
  - - ">="
504
461
  - !ruby/object:Gem::Version
505
- segments:
506
- - 0
507
462
  version: "0"
508
463
  requirements: []
509
464
 
510
465
  rubyforge_project:
511
- rubygems_version: 1.3.7
466
+ rubygems_version: 1.6.2
512
467
  signing_key:
513
468
  specification_version: 3
514
469
  summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.