arachni 0.2.2.1 → 0.2.2.2

data/reports/plugin_formatters/stdout/profiler.rb

@@ -0,0 +1,90 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module Reports
+
+class Stdout
+    module PluginFormatters
+
+        #
+        # Stdout formatter for the results of the Profiler plugin
+        #
+        #
+        # @author: Tasos "Zapotek" Laskos
+        #                                      <tasos.laskos@gmail.com>
+        #                                      <zapotek@segfault.gr>
+        # @version: 0.1
+        #
+        class Profiler < Arachni::Plugin::Formatter
+
+            def initialize( plugin_data )
+                @results = plugin_data[:results]
+                @description = plugin_data[:description]
+            end
+
+            def run
+                print_status( 'Profiler' )
+                print_info( '~~~~~~~~~~~~~~' )
+
+                print_info( 'Description: ' + @description )
+                print_line
+
+                print_info( 'Inputs affecting output:' )
+                print_line
+
+                @results['inputs'].each {
+                    |item|
+
+                    output = item['element']['type'].capitalize
+                    output << " named '#{item['element']['name']}'" if item['element']['name']
+                    output << " using the '#{item['element']['altered']}' input" if item['element']['altered']
+                    output << " at '#{item['element']['owner']}' pointing to '#{item['element']['action']}'"
+                    output << " using '#{item['request']['method']}'."
+
+                    print_ok( output )
+                    print_info( 'It was submitted using the following parameters:' )
+                    item['element']['auditable'].each_pair {
+                        |k, v|
+                        print_info( "  * #{k}\t= #{v}" )
+                    }
+
+                    print_info
+                    print_info( "The taint landed in the following elements at '#{item['request']['url']}':" )
+                    item['landed'].each {
+                        |elem|
+
+                        output = elem['type'].capitalize
+                        output << " named '#{elem['name']}'" if elem['name']
+                        output << " using the '#{elem['altered']}' input" if elem['altered']
+                        output << " at '#{elem['owner']}' pointing to '#{elem['action']}'" if elem['action']
+
+                        print_info( "  * #{output}" )
+                        if elem['auditable']
+                            elem['auditable'].each_pair {
+                                |k, v|
+                                print_info( "    - #{k}\t= #{v}" )
+                            }
+                        end
+
+                    }
+
+                    print_line
+                }
+
+            end
+
+        end
+
+    end
+end
+
+end
+end

data/reports/plugin_formatters/xml/autologin.rb

@@ -0,0 +1,68 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
+
+module Reports
+
+class XML
+    module PluginFormatters
+
+        #
+        # XML formatter for the results of the AutoLogin plugin
+        #
+        # @author: Tasos "Zapotek" Laskos
+        #                                      <tasos.laskos@gmail.com>
+        #                                      <zapotek@segfault.gr>
+        # @version: 0.1
+        #
+        class AutoLogin < Arachni::Plugin::Formatter
+
+            include Buffer
+
+            def initialize( plugin_data )
+                @results     = plugin_data[:results]
+                @description = plugin_data[:description]
+            end
+
+            def run
+                start_tag( 'autologin' )
+                simple_tag( 'description', @description )
+
+                start_tag( 'results' )
+
+                simple_tag( 'message', @results[:msg] )
+                simple_tag( 'code', @results[:code].to_s )
+
+                start_tag( 'cookies' )
+                if( @results[:cookies] )
+                    @results[:cookies].each {
+                        |name, value|
+                        add_cookie( name, value )
+                    }
+                end
+                end_tag( 'cookies' )
+
+
+                end_tag( 'results' )
+                end_tag( 'autologin' )
+
+                return buffer( )
+            end
+
+        end
+
+    end
+end
+
+end
+end

data/reports/plugin_formatters/xml/profiler.rb

@@ -0,0 +1,120 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+
+require Arachni::Options.instance.dir['reports'] + '/xml/buffer.rb'
+
+module Reports
+
+class XML
+    module PluginFormatters
+
+        #
+        # XML formatter for the results of the Profiler plugin
+        #
+        # @author: Tasos "Zapotek" Laskos
+        #                                      <tasos.laskos@gmail.com>
+        #                                      <zapotek@segfault.gr>
+        # @version: 0.1
+        #
+        class Profiler < Arachni::Plugin::Formatter
+
+            include Buffer
+
+            def initialize( plugin_data )
+                @results     = plugin_data[:results]
+                @description = plugin_data[:description]
+            end
+
+            def run
+                start_tag( 'profiler' )
+                simple_tag( 'description', @description )
+
+                start_tag( 'results' )
+
+                start_tag( 'inputs' )
+                @results['inputs'].each {
+                    |item|
+
+                    start_tag( 'input' )
+
+                    start_tag( 'element' )
+                    add_hash( item['element'] )
+                    add_params( item['element']['auditable'] ) if item['auditable']
+                    end_tag( 'element' )
+
+                    start_tag( 'response' )
+                    add_hash( item['response'] )
+                    add_headers( 'headers', item['response']['headers'] )
+                    end_tag( 'response' )
+
+                    start_tag( 'request' )
+                    add_hash( item['response'] )
+                    add_headers( 'headers', item['request']['headers'] )
+                    end_tag( 'request' )
+
+                    start_tag( 'landed' )
+                    item['landed'].each {
+                        |elem|
+                        start_tag( 'element' )
+                        add_hash( elem )
+                        add_params( elem['auditable'] ) if elem['auditable']
+                        end_tag( 'element' )
+                    }
+                    end_tag( 'landed' )
+
+
+                    end_tag( 'input' )
+                }
+                end_tag( 'inputs' )
+
+                start_tag( 'times' )
+                @results['times'].each {
+                    |elem|
+                    start_tag( 'response' )
+                    add_hash( elem )
+                    add_params( elem['params'] ) if elem['params']
+                    end_tag( 'response' )
+                }
+                end_tag( 'times' )
+
+
+                end_tag( 'results' )
+                end_tag( 'profiler' )
+
+                return buffer( )
+            end
+
+            def add_hash( hash )
+                hash.each_pair {
+                    |k, v|
+                    next if v.nil? || v.is_a?( Hash ) || v.is_a?( Array )
+                    simple_tag( k, v.to_s )
+                }
+            end
+
+            def add_params( params )
+
+                start_tag( 'params' )
+                params.each_pair {
+                    |name, value|
+                    __buffer( "<param name=\"#{name}\" value=\"#{CGI.escapeHTML( value.strip )}\" />" )
+                }
+                end_tag( 'params' )
+            end
+
+        end
+
+    end
+end
+
+end
+end

metadata

@@ -1,13 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: arachni
 version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 0
-  - 2
-  - 2
-  - 1
-  version: 0.2.2.1
+  prerelease: 
+  version: 0.2.2.2
 platform: ruby
 authors: 
 - Tasos Laskos
@@ -15,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-13 00:00:00 +00:00
+date: 2011-03-22 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -26,12 +21,7 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 2
-        - 0
-        - 1
-        version: 0.2.0.1
+        version: 0.2.0.2
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -42,10 +32,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 4
-        - 4
         version: 1.4.4
   type: :runtime
   version_requirements: *id002
@@ -57,10 +43,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 3
-        - 1
         version: 0.3.1
   type: :runtime
   version_requirements: *id003
@@ -72,10 +54,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 10
-        - 0
         version: 0.10.0
   type: :runtime
   version_requirements: *id004
@@ -87,10 +65,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 8
-        - 1
         version: 0.8.1
   type: :runtime
   version_requirements: *id005
@@ -102,10 +76,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 4
-        - 2
         version: 1.4.2
   type: :runtime
   version_requirements: *id006
@@ -115,13 +85,9 @@ dependencies:
   requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 9
-        - 2
-        version: 0.9.2
+        version: 1.2.1
   type: :runtime
   version_requirements: *id007
 - !ruby/object:Gem::Dependency 
@@ -130,12 +96,8 @@ dependencies:
   requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 0
-        - 2
         version: 1.0.2
   type: :runtime
   version_requirements: *id008
@@ -145,12 +107,8 @@ dependencies:
   requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 2
-        - 1
-        - 0
         version: 2.1.0
   type: :runtime
   version_requirements: *id009
@@ -160,12 +118,8 @@ dependencies:
   requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 1
-        - 1
         version: 0.1.1
   type: :runtime
   version_requirements: *id010
@@ -177,10 +131,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 4
-        - 6
         version: 1.4.6
   type: :runtime
   version_requirements: *id011
@@ -192,10 +142,6 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 0
-        - 2
         version: 1.0.2
   type: :runtime
   version_requirements: *id012
@@ -207,6 +153,7 @@ executables:
 - arachni_xmlrpcd
 - arachni_xmlrpc
 - arachni_web
+- arachni_web_autostart
 extensions: []
 
 extra_rdoc_files: 
@@ -229,6 +176,7 @@ files:
 - CONTRIBUTORS.md
 - EXPLOITATION.md
 - HACKING.md
+- lib/nokogiri/xml/node.rb
 - lib/module.rb
 - lib/module/trainer.rb
 - lib/module/output.rb
@@ -238,6 +186,7 @@ files:
 - lib/module/element_db.rb
 - lib/module/base.rb
 - lib/module/manager.rb
+- lib/mixins/observable.rb
 - lib/parser.rb
 - lib/component_options.rb
 - lib/anemone/storage.rb
@@ -315,6 +264,7 @@ files:
 - lib/ui/web/server/public/spider.png
 - lib/ui/web/server/public/banner.png
 - lib/ui/web/server/public/bodybg-small.png
+- lib/ui/web/server/public/reports/demo.testfire.net:Sun Mar 20 02:48:10 2011.afr
 - lib/ui/web/server/public/reports/placeholder
 - lib/ui/web/server/public/icons/status.png
 - lib/ui/web/server/public/icons/info.png
@@ -432,6 +382,7 @@ files:
 - plugins/cookie_collector.rb
 - plugins/http_dicattack.rb
 - plugins/content_types.rb
+- plugins/profiler.rb
 - plugins/waf_detector.rb
 - plugins/form_dicattack.rb
 - plugins/autologin.rb
@@ -444,28 +395,35 @@ files:
 - reports/plugin_formatters/stdout/cookie_collector.rb
 - reports/plugin_formatters/stdout/http_dicattack.rb
 - reports/plugin_formatters/stdout/content_types.rb
+- reports/plugin_formatters/stdout/profiler.rb
 - reports/plugin_formatters/stdout/waf_detector.rb
 - reports/plugin_formatters/stdout/form_dicattack.rb
 - reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb
 - reports/plugin_formatters/stdout/metaformatters/uniformity.rb
+- reports/plugin_formatters/stdout/autologin.rb
 - reports/plugin_formatters/xml/metamodules.rb
 - reports/plugin_formatters/xml/healthmap.rb
 - reports/plugin_formatters/xml/cookie_collector.rb
 - reports/plugin_formatters/xml/http_dicattack.rb
 - reports/plugin_formatters/xml/content_types.rb
+- reports/plugin_formatters/xml/profiler.rb
 - reports/plugin_formatters/xml/waf_detector.rb
 - reports/plugin_formatters/xml/form_dicattack.rb
 - reports/plugin_formatters/xml/metaformatters/timeout_notice.rb
 - reports/plugin_formatters/xml/metaformatters/uniformity.rb
+- reports/plugin_formatters/xml/autologin.rb
 - reports/plugin_formatters/html/metamodules.rb
 - reports/plugin_formatters/html/healthmap.rb
 - reports/plugin_formatters/html/cookie_collector.rb
+- reports/plugin_formatters/html/profiler/template.erb
 - reports/plugin_formatters/html/http_dicattack.rb
 - reports/plugin_formatters/html/content_types.rb
+- reports/plugin_formatters/html/profiler.rb
 - reports/plugin_formatters/html/waf_detector.rb
 - reports/plugin_formatters/html/form_dicattack.rb
 - reports/plugin_formatters/html/metaformatters/timeout_notice.rb
 - reports/plugin_formatters/html/metaformatters/uniformity.rb
+- reports/plugin_formatters/html/autologin.rb
 - reports/metareport/arachni_metareport.rb
 - reports/txt.rb
 - reports/xml/buffer.rb
@@ -480,6 +438,7 @@ files:
 - bin/arachni_xmlrpcd
 - bin/arachni_xmlrpc
 - bin/arachni_web
+- bin/arachni_web_autostart
 has_rdoc: true
 homepage: https://github.com/Zapotek/arachni
 licenses: []
@@ -494,21 +453,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 0
       version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.6.2
 signing_key: 
 specification_version: 3
 summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.