arachni 0.2.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/ACKNOWLEDGMENTS.md +14 -0
- data/AUTHORS.md +6 -0
- data/CHANGELOG.md +162 -0
- data/CONTRIBUTORS.md +10 -0
- data/EXPLOITATION.md +429 -0
- data/HACKING.md +101 -0
- data/LICENSE.md +341 -0
- data/README.md +350 -0
- data/Rakefile +86 -0
- data/bin/arachni +22 -0
- data/bin/arachni_web +77 -0
- data/bin/arachni_xmlrpc +21 -0
- data/bin/arachni_xmlrpcd +82 -0
- data/bin/arachni_xmlrpcd_monitor +74 -0
- data/conf/README.webui.yaml.txt +44 -0
- data/conf/webui.yaml +11 -0
- data/external/metasploit/LICENSE +24 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_exec.rb +142 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_path_traversal.rb +113 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_php_eval.rb +150 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_php_include.rb +141 -0
- data/external/metasploit/modules/exploits/unix/webapp/arachni_sqlmap.rb +92 -0
- data/external/metasploit/plugins/arachni.rb +536 -0
- data/getoptslong.rb +241 -0
- data/lib/anemone.rb +2 -0
- data/lib/anemone/cookie_store.rb +35 -0
- data/lib/anemone/core.rb +371 -0
- data/lib/anemone/exceptions.rb +5 -0
- data/lib/anemone/http.rb +144 -0
- data/lib/anemone/page.rb +337 -0
- data/lib/anemone/page_store.rb +160 -0
- data/lib/anemone/storage.rb +34 -0
- data/lib/anemone/storage/base.rb +75 -0
- data/lib/anemone/storage/exceptions.rb +15 -0
- data/lib/anemone/storage/mongodb.rb +89 -0
- data/lib/anemone/storage/pstore.rb +50 -0
- data/lib/anemone/storage/redis.rb +90 -0
- data/lib/anemone/storage/tokyo_cabinet.rb +57 -0
- data/lib/anemone/tentacle.rb +40 -0
- data/lib/arachni.rb +16 -0
- data/lib/audit_store.rb +346 -0
- data/lib/component_manager.rb +293 -0
- data/lib/component_options.rb +395 -0
- data/lib/exceptions.rb +76 -0
- data/lib/framework.rb +637 -0
- data/lib/http.rb +809 -0
- data/lib/issue.rb +302 -0
- data/lib/module.rb +4 -0
- data/lib/module/auditor.rb +455 -0
- data/lib/module/base.rb +188 -0
- data/lib/module/element_db.rb +158 -0
- data/lib/module/key_filler.rb +87 -0
- data/lib/module/manager.rb +87 -0
- data/lib/module/output.rb +68 -0
- data/lib/module/trainer.rb +240 -0
- data/lib/module/utilities.rb +110 -0
- data/lib/options.rb +547 -0
- data/lib/parser.rb +2 -0
- data/lib/parser/auditable.rb +522 -0
- data/lib/parser/elements.rb +296 -0
- data/lib/parser/page.rb +149 -0
- data/lib/parser/parser.rb +717 -0
- data/lib/plugin.rb +4 -0
- data/lib/plugin/base.rb +110 -0
- data/lib/plugin/manager.rb +162 -0
- data/lib/report.rb +4 -0
- data/lib/report/base.rb +119 -0
- data/lib/report/manager.rb +92 -0
- data/lib/rpc/xml/client/base.rb +71 -0
- data/lib/rpc/xml/client/dispatcher.rb +49 -0
- data/lib/rpc/xml/client/instance.rb +88 -0
- data/lib/rpc/xml/server/base.rb +90 -0
- data/lib/rpc/xml/server/dispatcher.rb +357 -0
- data/lib/rpc/xml/server/framework.rb +206 -0
- data/lib/rpc/xml/server/instance.rb +191 -0
- data/lib/rpc/xml/server/module/manager.rb +46 -0
- data/lib/rpc/xml/server/options.rb +124 -0
- data/lib/rpc/xml/server/output.rb +299 -0
- data/lib/rpc/xml/server/plugin/manager.rb +58 -0
- data/lib/ruby.rb +5 -0
- data/lib/ruby/object.rb +32 -0
- data/lib/ruby/string.rb +74 -0
- data/lib/ruby/xmlrpc/server.rb +27 -0
- data/lib/spider.rb +200 -0
- data/lib/typhoeus/request.rb +91 -0
- data/lib/typhoeus/response.rb +34 -0
- data/lib/ui/cli/cli.rb +744 -0
- data/lib/ui/cli/output.rb +279 -0
- data/lib/ui/web/log.rb +82 -0
- data/lib/ui/web/output_stream.rb +94 -0
- data/lib/ui/web/report_manager.rb +222 -0
- data/lib/ui/web/server.rb +903 -0
- data/lib/ui/web/server/db/placeholder +0 -0
- data/lib/ui/web/server/public/banner.png +0 -0
- data/lib/ui/web/server/public/bodybg-small.png +0 -0
- data/lib/ui/web/server/public/bodybg.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
- data/lib/ui/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +573 -0
- data/lib/ui/web/server/public/favicon.ico +0 -0
- data/lib/ui/web/server/public/footer.jpg +0 -0
- data/lib/ui/web/server/public/icons/error.png +0 -0
- data/lib/ui/web/server/public/icons/info.png +0 -0
- data/lib/ui/web/server/public/icons/ok.png +0 -0
- data/lib/ui/web/server/public/icons/status.png +0 -0
- data/lib/ui/web/server/public/js/jquery-1.4.4.min.js +167 -0
- data/lib/ui/web/server/public/js/jquery-ui-1.8.9.custom.min.js +781 -0
- data/lib/ui/web/server/public/logo.png +0 -0
- data/lib/ui/web/server/public/nav-left.jpg +0 -0
- data/lib/ui/web/server/public/nav-right.jpg +0 -0
- data/lib/ui/web/server/public/nav-selected-left.jpg +0 -0
- data/lib/ui/web/server/public/nav-selected-right.jpg +0 -0
- data/lib/ui/web/server/public/reports/placeholder +1 -0
- data/lib/ui/web/server/public/sidebar-bottom.jpg +0 -0
- data/lib/ui/web/server/public/sidebar-h4.jpg +0 -0
- data/lib/ui/web/server/public/sidebar-top.jpg +0 -0
- data/lib/ui/web/server/public/spider.png +0 -0
- data/lib/ui/web/server/public/style.css +604 -0
- data/lib/ui/web/server/tmp/placeholder +0 -0
- data/lib/ui/web/server/views/dispatcher.erb +85 -0
- data/lib/ui/web/server/views/dispatcher_error.erb +14 -0
- data/lib/ui/web/server/views/error.erb +1 -0
- data/lib/ui/web/server/views/flash.erb +18 -0
- data/lib/ui/web/server/views/home.erb +14 -0
- data/lib/ui/web/server/views/instance.erb +213 -0
- data/lib/ui/web/server/views/layout.erb +95 -0
- data/lib/ui/web/server/views/log.erb +40 -0
- data/lib/ui/web/server/views/modules.erb +71 -0
- data/lib/ui/web/server/views/options.erb +23 -0
- data/lib/ui/web/server/views/output_results.erb +51 -0
- data/lib/ui/web/server/views/plugins.erb +42 -0
- data/lib/ui/web/server/views/report_formats.erb +30 -0
- data/lib/ui/web/server/views/reports.erb +55 -0
- data/lib/ui/web/server/views/settings.erb +120 -0
- data/lib/ui/web/server/views/welcome.erb +38 -0
- data/lib/ui/xmlrpc/dispatcher_monitor.rb +204 -0
- data/lib/ui/xmlrpc/xmlrpc.rb +843 -0
- data/logs/placeholder +0 -0
- data/metamodules/autothrottle.rb +74 -0
- data/metamodules/timeout_notice.rb +118 -0
- data/metamodules/uniformity.rb +98 -0
- data/modules/audit/code_injection.rb +136 -0
- data/modules/audit/code_injection_timing.rb +115 -0
- data/modules/audit/code_injection_timing/payloads.txt +4 -0
- data/modules/audit/csrf.rb +301 -0
- data/modules/audit/ldapi.rb +103 -0
- data/modules/audit/ldapi/errors.txt +26 -0
- data/modules/audit/os_cmd_injection.rb +103 -0
- data/modules/audit/os_cmd_injection/payloads.txt +2 -0
- data/modules/audit/os_cmd_injection_timing.rb +104 -0
- data/modules/audit/os_cmd_injection_timing/payloads.txt +3 -0
- data/modules/audit/path_traversal.rb +141 -0
- data/modules/audit/response_splitting.rb +105 -0
- data/modules/audit/rfi.rb +193 -0
- data/modules/audit/sqli.rb +120 -0
- data/modules/audit/sqli/regexp_ids.txt +90 -0
- data/modules/audit/sqli_blind_rdiff.rb +321 -0
- data/modules/audit/sqli_blind_timing.rb +103 -0
- data/modules/audit/sqli_blind_timing/payloads.txt +51 -0
- data/modules/audit/trainer.rb +89 -0
- data/modules/audit/unvalidated_redirect.rb +90 -0
- data/modules/audit/xpath.rb +104 -0
- data/modules/audit/xpath/errors.txt +26 -0
- data/modules/audit/xss.rb +99 -0
- data/modules/audit/xss_event.rb +134 -0
- data/modules/audit/xss_path.rb +125 -0
- data/modules/audit/xss_script_tag.rb +112 -0
- data/modules/audit/xss_tag.rb +112 -0
- data/modules/audit/xss_uri.rb +125 -0
- data/modules/recon/allowed_methods.rb +104 -0
- data/modules/recon/backdoors.rb +131 -0
- data/modules/recon/backdoors/filenames.txt +16 -0
- data/modules/recon/backup_files.rb +177 -0
- data/modules/recon/backup_files/extensions.txt +28 -0
- data/modules/recon/common_directories.rb +138 -0
- data/modules/recon/common_directories/directories.txt +265 -0
- data/modules/recon/common_files.rb +138 -0
- data/modules/recon/common_files/filenames.txt +17 -0
- data/modules/recon/directory_listing.rb +171 -0
- data/modules/recon/grep/captcha.rb +62 -0
- data/modules/recon/grep/credit_card.rb +85 -0
- data/modules/recon/grep/cvs_svn_users.rb +73 -0
- data/modules/recon/grep/emails.rb +59 -0
- data/modules/recon/grep/html_objects.rb +53 -0
- data/modules/recon/grep/private_ip.rb +54 -0
- data/modules/recon/grep/ssn.rb +53 -0
- data/modules/recon/htaccess_limit.rb +82 -0
- data/modules/recon/http_put.rb +95 -0
- data/modules/recon/interesting_responses.rb +118 -0
- data/modules/recon/unencrypted_password_forms.rb +119 -0
- data/modules/recon/webdav.rb +126 -0
- data/modules/recon/xst.rb +107 -0
- data/path_extractors/anchors.rb +35 -0
- data/path_extractors/forms.rb +35 -0
- data/path_extractors/frames.rb +38 -0
- data/path_extractors/generic.rb +39 -0
- data/path_extractors/links.rb +35 -0
- data/path_extractors/meta_refresh.rb +39 -0
- data/path_extractors/scripts.rb +37 -0
- data/path_extractors/sitemap.rb +31 -0
- data/plugins/autologin.rb +137 -0
- data/plugins/content_types.rb +90 -0
- data/plugins/cookie_collector.rb +99 -0
- data/plugins/form_dicattack.rb +185 -0
- data/plugins/healthmap.rb +94 -0
- data/plugins/http_dicattack.rb +133 -0
- data/plugins/metamodules.rb +118 -0
- data/plugins/proxy.rb +248 -0
- data/plugins/proxy/server.rb +66 -0
- data/plugins/waf_detector.rb +184 -0
- data/profiles/comprehensive.afp +74 -0
- data/profiles/full.afp +75 -0
- data/reports/afr.rb +59 -0
- data/reports/ap.rb +55 -0
- data/reports/html.rb +179 -0
- data/reports/html/default.erb +967 -0
- data/reports/metareport.rb +139 -0
- data/reports/metareport/arachni_metareport.rb +174 -0
- data/reports/plugin_formatters/html/content_types.rb +82 -0
- data/reports/plugin_formatters/html/cookie_collector.rb +66 -0
- data/reports/plugin_formatters/html/form_dicattack.rb +54 -0
- data/reports/plugin_formatters/html/healthmap.rb +76 -0
- data/reports/plugin_formatters/html/http_dicattack.rb +54 -0
- data/reports/plugin_formatters/html/metaformatters/timeout_notice.rb +65 -0
- data/reports/plugin_formatters/html/metaformatters/uniformity.rb +71 -0
- data/reports/plugin_formatters/html/metamodules.rb +93 -0
- data/reports/plugin_formatters/html/waf_detector.rb +54 -0
- data/reports/plugin_formatters/stdout/content_types.rb +73 -0
- data/reports/plugin_formatters/stdout/cookie_collector.rb +61 -0
- data/reports/plugin_formatters/stdout/form_dicattack.rb +52 -0
- data/reports/plugin_formatters/stdout/healthmap.rb +72 -0
- data/reports/plugin_formatters/stdout/http_dicattack.rb +53 -0
- data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +55 -0
- data/reports/plugin_formatters/stdout/metaformatters/uniformity.rb +68 -0
- data/reports/plugin_formatters/stdout/metamodules.rb +89 -0
- data/reports/plugin_formatters/stdout/waf_detector.rb +48 -0
- data/reports/plugin_formatters/xml/content_types.rb +91 -0
- data/reports/plugin_formatters/xml/cookie_collector.rb +70 -0
- data/reports/plugin_formatters/xml/form_dicattack.rb +57 -0
- data/reports/plugin_formatters/xml/healthmap.rb +82 -0
- data/reports/plugin_formatters/xml/http_dicattack.rb +57 -0
- data/reports/plugin_formatters/xml/metaformatters/timeout_notice.rb +67 -0
- data/reports/plugin_formatters/xml/metaformatters/uniformity.rb +82 -0
- data/reports/plugin_formatters/xml/metamodules.rb +91 -0
- data/reports/plugin_formatters/xml/waf_detector.rb +58 -0
- data/reports/stdout.rb +182 -0
- data/reports/txt.rb +77 -0
- data/reports/xml.rb +231 -0
- data/reports/xml/buffer.rb +98 -0
- metadata +516 -0
data/HACKING.md
ADDED
@@ -0,0 +1,101 @@
|
|
1
|
+
# Hacking the Framework
|
2
|
+
|
3
|
+
This file contains some brief instructions on contributing to Arachni.
|
4
|
+
|
5
|
+
## Code Style
|
6
|
+
In order to maintain consistency and keep the code pretty you should
|
7
|
+
adhere to the following guidelines:
|
8
|
+
|
9
|
+
- 4 spaces, no tabs.
|
10
|
+
- Maximum line length 75-80 columns, try not to exceed that limit.
|
11
|
+
- {} instead of "`do`" for blocks and keep the iterator var in it's own line.<br/>
|
12
|
+
Like so:
|
13
|
+
arr.each {
|
14
|
+
|item|
|
15
|
+
}
|
16
|
+
|
17
|
+
In general, take a look at the existing code and try to follow that style.
|
18
|
+
|
19
|
+
|
20
|
+
## Code No-Nos
|
21
|
+
**1. Don't print to standard output.**<br/>
|
22
|
+
The interface in use won't be able to see your output and route it
|
23
|
+
accordingly.
|
24
|
+
|
25
|
+
Arachni provides you with wrappers that you can use, take a look in {Arachni::UI::Output}.<br/>
|
26
|
+
All UIs will provide these methods to handle your output, use them.
|
27
|
+
|
28
|
+
|
29
|
+
**2. Don't use "sleep".**<br/>
|
30
|
+
It is unlikely that you will need it, but if you do, use
|
31
|
+
`select(nil, nil, nil, <time>)` instead to avoid multi-threading issues.
|
32
|
+
|
33
|
+
|
34
|
+
**3. Avoid creating your own instance of Net::HTTP or other lib.**<br/>
|
35
|
+
You are provided with a pre-configured wrapper ({Arachni::Module::Base#http}) of [Typhoeus](http://github.com/pauldix/typhoeus).
|
36
|
+
|
37
|
+
Take a look in the tutorial module to see what you get: {Arachni::Modules::RFI}
|
38
|
+
|
39
|
+
The base module will also give you some insights: {Arachni::Module::Base}
|
40
|
+
|
41
|
+
If you absolutely have to bypass Arachni's facilities you must obey the
|
42
|
+
run-time settings in {Arachni::Options}.
|
43
|
+
|
44
|
+
|
45
|
+
## Creating New Modules
|
46
|
+
Arachni provides you with examples for the usual types of modules.
|
47
|
+
|
48
|
+
This is your main guide: {Arachni::Modules::RFI}
|
49
|
+
|
50
|
+
This covers most of the usual tasks when writing a module.
|
51
|
+
It lets Arachni do all the work.
|
52
|
+
|
53
|
+
For something more elaborate look in:<br/>
|
54
|
+
- {Arachni::Modules::ResponseSplitting}<br/>
|
55
|
+
- {Arachni::Modules::SQLInjection}
|
56
|
+
|
57
|
+
These modules do their own vulnerability checking and logging.
|
58
|
+
|
59
|
+
One last note.
|
60
|
+
You're probably going to be working with large arrays of strings,
|
61
|
+
either regular expressions or strings to inject to the webapp,
|
62
|
+
so it's better to keep them in an external file under:
|
63
|
+
modules/<modtype>/<modname>/
|
64
|
+
|
65
|
+
Use "{Arachni::Module::Utilities#read_file}`( filename ){ |line| }`" to get the file line by line.<br/>
|
66
|
+
You just pass the filename (no path), `read_file()` will take care of the rest.
|
67
|
+
|
68
|
+
This will make the strings easier to update and keep your modules smaller.
|
69
|
+
|
70
|
+
In general, before writing a module copy an existing one that's close
|
71
|
+
to your needs and modify it.
|
72
|
+
|
73
|
+
|
74
|
+
## Creating New Reports
|
75
|
+
The only thing that you should keep in mind when creating a new report
|
76
|
+
is to adhere to the structure shown in: {Arachni::Reports::AP}.<br/>
|
77
|
+
Also look in: {Arachni::Report::Base}.
|
78
|
+
|
79
|
+
If you want your users to be able to customize the report you can
|
80
|
+
provide them with a set of options, as in {Arachni::Reports::HTML}'s `self.info()` return hash.
|
81
|
+
|
82
|
+
Keep in minds though that Arachni does not do any checking for these options,
|
83
|
+
you will have to take care of that yourself.
|
84
|
+
|
85
|
+
However, do provide an appropriate default `outfile` value in `initialize()`.
|
86
|
+
|
87
|
+
Other than that you can do whatever you want, you have all of Ruby's
|
88
|
+
power to work with.
|
89
|
+
|
90
|
+
|
91
|
+
## Creating New Plug-ins
|
92
|
+
|
93
|
+
Unlike the two previous types of components plug-ins are demi-gods.
|
94
|
+
Each plug-in is passed the instance of the running framework to do with it what it pleases.
|
95
|
+
Via the framework they have access to all Arachni subsystems and can alter or extend Arachni's behavior on the fly.
|
96
|
+
Plug-ins run in parallel to the framework and are executed right before the scan process starts.
|
97
|
+
|
98
|
+
## Licensing
|
99
|
+
All code must be contributed with a GPL v2 compatible license.<br/>
|
100
|
+
Do place licensing information in your code files.
|
101
|
+
|
data/LICENSE.md
ADDED
@@ -0,0 +1,341 @@
|
|
1
|
+
# License
|
2
|
+
|
3
|
+
GNU GENERAL PUBLIC LICENSE
|
4
|
+
Version 2, June 1991
|
5
|
+
|
6
|
+
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
|
7
|
+
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
8
|
+
Everyone is permitted to copy and distribute verbatim copies
|
9
|
+
of this license document, but changing it is not allowed.
|
10
|
+
|
11
|
+
Preamble
|
12
|
+
|
13
|
+
The licenses for most software are designed to take away your
|
14
|
+
freedom to share and change it. By contrast, the GNU General Public
|
15
|
+
License is intended to guarantee your freedom to share and change free
|
16
|
+
software--to make sure the software is free for all its users. This
|
17
|
+
General Public License applies to most of the Free Software
|
18
|
+
Foundation's software and to any other program whose authors commit to
|
19
|
+
using it. (Some other Free Software Foundation software is covered by
|
20
|
+
the GNU Lesser General Public License instead.) You can apply it to
|
21
|
+
your programs, too.
|
22
|
+
|
23
|
+
When we speak of free software, we are referring to freedom, not
|
24
|
+
price. Our General Public Licenses are designed to make sure that you
|
25
|
+
have the freedom to distribute copies of free software (and charge for
|
26
|
+
this service if you wish), that you receive source code or can get it
|
27
|
+
if you want it, that you can change the software or use pieces of it
|
28
|
+
in new free programs; and that you know you can do these things.
|
29
|
+
|
30
|
+
To protect your rights, we need to make restrictions that forbid
|
31
|
+
anyone to deny you these rights or to ask you to surrender the rights.
|
32
|
+
These restrictions translate to certain responsibilities for you if you
|
33
|
+
distribute copies of the software, or if you modify it.
|
34
|
+
|
35
|
+
For example, if you distribute copies of such a program, whether
|
36
|
+
gratis or for a fee, you must give the recipients all the rights that
|
37
|
+
you have. You must make sure that they, too, receive or can get the
|
38
|
+
source code. And you must show them these terms so they know their
|
39
|
+
rights.
|
40
|
+
|
41
|
+
We protect your rights with two steps: (1) copyright the software, and
|
42
|
+
(2) offer you this license which gives you legal permission to copy,
|
43
|
+
distribute and/or modify the software.
|
44
|
+
|
45
|
+
Also, for each author's protection and ours, we want to make certain
|
46
|
+
that everyone understands that there is no warranty for this free
|
47
|
+
software. If the software is modified by someone else and passed on, we
|
48
|
+
want its recipients to know that what they have is not the original, so
|
49
|
+
that any problems introduced by others will not reflect on the original
|
50
|
+
authors' reputations.
|
51
|
+
|
52
|
+
Finally, any free program is threatened constantly by software
|
53
|
+
patents. We wish to avoid the danger that redistributors of a free
|
54
|
+
program will individually obtain patent licenses, in effect making the
|
55
|
+
program proprietary. To prevent this, we have made it clear that any
|
56
|
+
patent must be licensed for everyone's free use or not licensed at all.
|
57
|
+
|
58
|
+
The precise terms and conditions for copying, distribution and
|
59
|
+
modification follow.
|
60
|
+
|
61
|
+
GNU GENERAL PUBLIC LICENSE
|
62
|
+
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
63
|
+
|
64
|
+
0. This License applies to any program or other work which contains
|
65
|
+
a notice placed by the copyright holder saying it may be distributed
|
66
|
+
under the terms of this General Public License. The "Program", below,
|
67
|
+
refers to any such program or work, and a "work based on the Program"
|
68
|
+
means either the Program or any derivative work under copyright law:
|
69
|
+
that is to say, a work containing the Program or a portion of it,
|
70
|
+
either verbatim or with modifications and/or translated into another
|
71
|
+
language. (Hereinafter, translation is included without limitation in
|
72
|
+
the term "modification".) Each licensee is addressed as "you".
|
73
|
+
|
74
|
+
Activities other than copying, distribution and modification are not
|
75
|
+
covered by this License; they are outside its scope. The act of
|
76
|
+
running the Program is not restricted, and the output from the Program
|
77
|
+
is covered only if its contents constitute a work based on the
|
78
|
+
Program (independent of having been made by running the Program).
|
79
|
+
Whether that is true depends on what the Program does.
|
80
|
+
|
81
|
+
1. You may copy and distribute verbatim copies of the Program's
|
82
|
+
source code as you receive it, in any medium, provided that you
|
83
|
+
conspicuously and appropriately publish on each copy an appropriate
|
84
|
+
copyright notice and disclaimer of warranty; keep intact all the
|
85
|
+
notices that refer to this License and to the absence of any warranty;
|
86
|
+
and give any other recipients of the Program a copy of this License
|
87
|
+
along with the Program.
|
88
|
+
|
89
|
+
You may charge a fee for the physical act of transferring a copy, and
|
90
|
+
you may at your option offer warranty protection in exchange for a fee.
|
91
|
+
|
92
|
+
2. You may modify your copy or copies of the Program or any portion
|
93
|
+
of it, thus forming a work based on the Program, and copy and
|
94
|
+
distribute such modifications or work under the terms of Section 1
|
95
|
+
above, provided that you also meet all of these conditions:
|
96
|
+
|
97
|
+
a) You must cause the modified files to carry prominent notices
|
98
|
+
stating that you changed the files and the date of any change.
|
99
|
+
|
100
|
+
b) You must cause any work that you distribute or publish, that in
|
101
|
+
whole or in part contains or is derived from the Program or any
|
102
|
+
part thereof, to be licensed as a whole at no charge to all third
|
103
|
+
parties under the terms of this License.
|
104
|
+
|
105
|
+
c) If the modified program normally reads commands interactively
|
106
|
+
when run, you must cause it, when started running for such
|
107
|
+
interactive use in the most ordinary way, to print or display an
|
108
|
+
announcement including an appropriate copyright notice and a
|
109
|
+
notice that there is no warranty (or else, saying that you provide
|
110
|
+
a warranty) and that users may redistribute the program under
|
111
|
+
these conditions, and telling the user how to view a copy of this
|
112
|
+
License. (Exception: if the Program itself is interactive but
|
113
|
+
does not normally print such an announcement, your work based on
|
114
|
+
the Program is not required to print an announcement.)
|
115
|
+
|
116
|
+
These requirements apply to the modified work as a whole. If
|
117
|
+
identifiable sections of that work are not derived from the Program,
|
118
|
+
and can be reasonably considered independent and separate works in
|
119
|
+
themselves, then this License, and its terms, do not apply to those
|
120
|
+
sections when you distribute them as separate works. But when you
|
121
|
+
distribute the same sections as part of a whole which is a work based
|
122
|
+
on the Program, the distribution of the whole must be on the terms of
|
123
|
+
this License, whose permissions for other licensees extend to the
|
124
|
+
entire whole, and thus to each and every part regardless of who wrote it.
|
125
|
+
|
126
|
+
Thus, it is not the intent of this section to claim rights or contest
|
127
|
+
your rights to work written entirely by you; rather, the intent is to
|
128
|
+
exercise the right to control the distribution of derivative or
|
129
|
+
collective works based on the Program.
|
130
|
+
|
131
|
+
In addition, mere aggregation of another work not based on the Program
|
132
|
+
with the Program (or with a work based on the Program) on a volume of
|
133
|
+
a storage or distribution medium does not bring the other work under
|
134
|
+
the scope of this License.
|
135
|
+
|
136
|
+
3. You may copy and distribute the Program (or a work based on it,
|
137
|
+
under Section 2) in object code or executable form under the terms of
|
138
|
+
Sections 1 and 2 above provided that you also do one of the following:
|
139
|
+
|
140
|
+
a) Accompany it with the complete corresponding machine-readable
|
141
|
+
source code, which must be distributed under the terms of Sections
|
142
|
+
1 and 2 above on a medium customarily used for software interchange; or,
|
143
|
+
|
144
|
+
b) Accompany it with a written offer, valid for at least three
|
145
|
+
years, to give any third party, for a charge no more than your
|
146
|
+
cost of physically performing source distribution, a complete
|
147
|
+
machine-readable copy of the corresponding source code, to be
|
148
|
+
distributed under the terms of Sections 1 and 2 above on a medium
|
149
|
+
customarily used for software interchange; or,
|
150
|
+
|
151
|
+
c) Accompany it with the information you received as to the offer
|
152
|
+
to distribute corresponding source code. (This alternative is
|
153
|
+
allowed only for noncommercial distribution and only if you
|
154
|
+
received the program in object code or executable form with such
|
155
|
+
an offer, in accord with Subsection b above.)
|
156
|
+
|
157
|
+
The source code for a work means the preferred form of the work for
|
158
|
+
making modifications to it. For an executable work, complete source
|
159
|
+
code means all the source code for all modules it contains, plus any
|
160
|
+
associated interface definition files, plus the scripts used to
|
161
|
+
control compilation and installation of the executable. However, as a
|
162
|
+
special exception, the source code distributed need not include
|
163
|
+
anything that is normally distributed (in either source or binary
|
164
|
+
form) with the major components (compiler, kernel, and so on) of the
|
165
|
+
operating system on which the executable runs, unless that component
|
166
|
+
itself accompanies the executable.
|
167
|
+
|
168
|
+
If distribution of executable or object code is made by offering
|
169
|
+
access to copy from a designated place, then offering equivalent
|
170
|
+
access to copy the source code from the same place counts as
|
171
|
+
distribution of the source code, even though third parties are not
|
172
|
+
compelled to copy the source along with the object code.
|
173
|
+
|
174
|
+
4. You may not copy, modify, sublicense, or distribute the Program
|
175
|
+
except as expressly provided under this License. Any attempt
|
176
|
+
otherwise to copy, modify, sublicense or distribute the Program is
|
177
|
+
void, and will automatically terminate your rights under this License.
|
178
|
+
However, parties who have received copies, or rights, from you under
|
179
|
+
this License will not have their licenses terminated so long as such
|
180
|
+
parties remain in full compliance.
|
181
|
+
|
182
|
+
5. You are not required to accept this License, since you have not
|
183
|
+
signed it. However, nothing else grants you permission to modify or
|
184
|
+
distribute the Program or its derivative works. These actions are
|
185
|
+
prohibited by law if you do not accept this License. Therefore, by
|
186
|
+
modifying or distributing the Program (or any work based on the
|
187
|
+
Program), you indicate your acceptance of this License to do so, and
|
188
|
+
all its terms and conditions for copying, distributing or modifying
|
189
|
+
the Program or works based on it.
|
190
|
+
|
191
|
+
6. Each time you redistribute the Program (or any work based on the
|
192
|
+
Program), the recipient automatically receives a license from the
|
193
|
+
original licensor to copy, distribute or modify the Program subject to
|
194
|
+
these terms and conditions. You may not impose any further
|
195
|
+
restrictions on the recipients' exercise of the rights granted herein.
|
196
|
+
You are not responsible for enforcing compliance by third parties to
|
197
|
+
this License.
|
198
|
+
|
199
|
+
7. If, as a consequence of a court judgment or allegation of patent
|
200
|
+
infringement or for any other reason (not limited to patent issues),
|
201
|
+
conditions are imposed on you (whether by court order, agreement or
|
202
|
+
otherwise) that contradict the conditions of this License, they do not
|
203
|
+
excuse you from the conditions of this License. If you cannot
|
204
|
+
distribute so as to satisfy simultaneously your obligations under this
|
205
|
+
License and any other pertinent obligations, then as a consequence you
|
206
|
+
may not distribute the Program at all. For example, if a patent
|
207
|
+
license would not permit royalty-free redistribution of the Program by
|
208
|
+
all those who receive copies directly or indirectly through you, then
|
209
|
+
the only way you could satisfy both it and this License would be to
|
210
|
+
refrain entirely from distribution of the Program.
|
211
|
+
|
212
|
+
If any portion of this section is held invalid or unenforceable under
|
213
|
+
any particular circumstance, the balance of the section is intended to
|
214
|
+
apply and the section as a whole is intended to apply in other
|
215
|
+
circumstances.
|
216
|
+
|
217
|
+
It is not the purpose of this section to induce you to infringe any
|
218
|
+
patents or other property right claims or to contest validity of any
|
219
|
+
such claims; this section has the sole purpose of protecting the
|
220
|
+
integrity of the free software distribution system, which is
|
221
|
+
implemented by public license practices. Many people have made
|
222
|
+
generous contributions to the wide range of software distributed
|
223
|
+
through that system in reliance on consistent application of that
|
224
|
+
system; it is up to the author/donor to decide if he or she is willing
|
225
|
+
to distribute software through any other system and a licensee cannot
|
226
|
+
impose that choice.
|
227
|
+
|
228
|
+
This section is intended to make thoroughly clear what is believed to
|
229
|
+
be a consequence of the rest of this License.
|
230
|
+
|
231
|
+
8. If the distribution and/or use of the Program is restricted in
|
232
|
+
certain countries either by patents or by copyrighted interfaces, the
|
233
|
+
original copyright holder who places the Program under this License
|
234
|
+
may add an explicit geographical distribution limitation excluding
|
235
|
+
those countries, so that distribution is permitted only in or among
|
236
|
+
countries not thus excluded. In such case, this License incorporates
|
237
|
+
the limitation as if written in the body of this License.
|
238
|
+
|
239
|
+
9. The Free Software Foundation may publish revised and/or new versions
|
240
|
+
of the General Public License from time to time. Such new versions will
|
241
|
+
be similar in spirit to the present version, but may differ in detail to
|
242
|
+
address new problems or concerns.
|
243
|
+
|
244
|
+
Each version is given a distinguishing version number. If the Program
|
245
|
+
specifies a version number of this License which applies to it and "any
|
246
|
+
later version", you have the option of following the terms and conditions
|
247
|
+
either of that version or of any later version published by the Free
|
248
|
+
Software Foundation. If the Program does not specify a version number of
|
249
|
+
this License, you may choose any version ever published by the Free Software
|
250
|
+
Foundation.
|
251
|
+
|
252
|
+
10. If you wish to incorporate parts of the Program into other free
|
253
|
+
programs whose distribution conditions are different, write to the author
|
254
|
+
to ask for permission. For software which is copyrighted by the Free
|
255
|
+
Software Foundation, write to the Free Software Foundation; we sometimes
|
256
|
+
make exceptions for this. Our decision will be guided by the two goals
|
257
|
+
of preserving the free status of all derivatives of our free software and
|
258
|
+
of promoting the sharing and reuse of software generally.
|
259
|
+
|
260
|
+
NO WARRANTY
|
261
|
+
|
262
|
+
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
263
|
+
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
264
|
+
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
265
|
+
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
266
|
+
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
267
|
+
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
268
|
+
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
269
|
+
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
270
|
+
REPAIR OR CORRECTION.
|
271
|
+
|
272
|
+
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
273
|
+
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
274
|
+
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
275
|
+
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
276
|
+
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
277
|
+
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
278
|
+
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
279
|
+
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
280
|
+
POSSIBILITY OF SUCH DAMAGES.
|
281
|
+
|
282
|
+
END OF TERMS AND CONDITIONS
|
283
|
+
|
284
|
+
How to Apply These Terms to Your New Programs
|
285
|
+
|
286
|
+
If you develop a new program, and you want it to be of the greatest
|
287
|
+
possible use to the public, the best way to achieve this is to make it
|
288
|
+
free software which everyone can redistribute and change under these terms.
|
289
|
+
|
290
|
+
To do so, attach the following notices to the program. It is safest
|
291
|
+
to attach them to the start of each source file to most effectively
|
292
|
+
convey the exclusion of warranty; and each file should have at least
|
293
|
+
the "copyright" line and a pointer to where the full notice is found.
|
294
|
+
|
295
|
+
<one line to give the program's name and a brief idea of what it does.>
|
296
|
+
Copyright (C) <year> <name of author>
|
297
|
+
|
298
|
+
This program is free software; you can redistribute it and/or modify
|
299
|
+
it under the terms of the GNU General Public License as published by
|
300
|
+
the Free Software Foundation; either version 2 of the License, or
|
301
|
+
(at your option) any later version.
|
302
|
+
|
303
|
+
This program is distributed in the hope that it will be useful,
|
304
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
305
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
306
|
+
GNU General Public License for more details.
|
307
|
+
|
308
|
+
You should have received a copy of the GNU General Public License along
|
309
|
+
with this program; if not, write to the Free Software Foundation, Inc.,
|
310
|
+
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
311
|
+
|
312
|
+
Also add information on how to contact you by electronic and paper mail.
|
313
|
+
|
314
|
+
If the program is interactive, make it output a short notice like this
|
315
|
+
when it starts in an interactive mode:
|
316
|
+
|
317
|
+
Gnomovision version 69, Copyright (C) year name of author
|
318
|
+
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
319
|
+
This is free software, and you are welcome to redistribute it
|
320
|
+
under certain conditions; type `show c' for details.
|
321
|
+
|
322
|
+
The hypothetical commands `show w' and `show c' should show the appropriate
|
323
|
+
parts of the General Public License. Of course, the commands you use may
|
324
|
+
be called something other than `show w' and `show c'; they could even be
|
325
|
+
mouse-clicks or menu items--whatever suits your program.
|
326
|
+
|
327
|
+
You should also get your employer (if you work as a programmer) or your
|
328
|
+
school, if any, to sign a "copyright disclaimer" for the program, if
|
329
|
+
necessary. Here is a sample; alter the names:
|
330
|
+
|
331
|
+
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
332
|
+
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
333
|
+
|
334
|
+
<signature of Ty Coon>, 1 April 1989
|
335
|
+
Ty Coon, President of Vice
|
336
|
+
|
337
|
+
This General Public License does not permit incorporating your program into
|
338
|
+
proprietary programs. If your program is a subroutine library, you may
|
339
|
+
consider it more useful to permit linking proprietary applications with the
|
340
|
+
library. If this is what you want to do, use the GNU Lesser General
|
341
|
+
Public License instead of this License.
|
data/README.md
ADDED
@@ -0,0 +1,350 @@
|
|
1
|
+
# Arachni - Web Application Security Scanner Framework
|
2
|
+
**Version**: 0.2.2.1<br/>
|
3
|
+
**Homepage**: [http://github.com/zapotek/arachni](http://github.com/zapotek/arachni)<br/>
|
4
|
+
**News**: [http://trainofthought.segfault.gr/category/projects/arachni/](http://trainofthought.segfault.gr/category/projects/arachni/)<br/>
|
5
|
+
**Documentation**: [http://github.com/Zapotek/arachni/wiki](http://github.com/Zapotek/arachni/wiki)<br/>
|
6
|
+
**Code Documentation**: [http://zapotek.github.com/arachni/](http://zapotek.github.com/arachni/)<br/>
|
7
|
+
**Google Group**: [http://groups.google.com/group/arachni](http://groups.google.com/group/arachni)<br/>
|
8
|
+
**Author**: [Tasos](mailto:tasos.laskos@gmail.com) "[Zapotek](mailto:zapotek@segfault.gr)" [Laskos](mailto:tasos.laskos@gmail.com)<br/>
|
9
|
+
**Twitter**: [http://twitter.com/Zap0tek](http://twitter.com/Zap0tek)<br/>
|
10
|
+
**Copyright**: 2010-2011<br/>
|
11
|
+
**License**: [GNU General Public License v2](file.LICENSE.html)
|
12
|
+
|
13
|
+
![Arachni logo](http://zapotek.github.com/arachni/logo.png)
|
14
|
+
|
15
|
+
Kindly sponsored by: [![NopSec](http://zapotek.github.com/arachni/nopsec_logo.png)](http://www.nopsec.com)
|
16
|
+
|
17
|
+
Help by donating:
|
18
|
+
[![Click here to lend your support to: Arachni - Web Application Security Scanner Framework and make a donation at www.pledgie.com!](http://pledgie.com/campaigns/14482.png)](http://www.pledgie.com/campaigns/14482)
|
19
|
+
|
20
|
+
## Synopsis
|
21
|
+
|
22
|
+
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping
|
23
|
+
penetration testers and administrators evaluate the security of web applications.
|
24
|
+
|
25
|
+
Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.<br/>
|
26
|
+
Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling<br/>
|
27
|
+
through the paths of a web application's cyclomatic complexity.<br/>
|
28
|
+
This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
|
29
|
+
|
30
|
+
Finally, Arachni yields great performance due to its asynchronous HTTP model (courtesy of [Typhoeus](https://github.com/pauldix/typhoeus)).<br/>
|
31
|
+
Thus, you'll only be limited by the responsiveness of the server under audit and your available bandwidth.
|
32
|
+
|
33
|
+
**Note**: _Despite the fact that Arachni is mostly targeted towards web application security, it can easily be used for general purpose scraping, data-mining, etc with the addition of custom modules._
|
34
|
+
|
35
|
+
|
36
|
+
### Arachni offers:
|
37
|
+
|
38
|
+
#### A stable, efficient, high-performance framework
|
39
|
+
|
40
|
+
Module, report and plugin writers are allowed to easily and quickly create and deploy their components
|
41
|
+
with the minimum amount of restrictions imposed upon them, while provided with the necessary infrastructure to accomplish their goals.<br/>
|
42
|
+
Furthermore, they are encouraged to take full advantage of the Ruby language under a unified framework that will increase their productivity
|
43
|
+
without stifling them or complicating their tasks.<br/>
|
44
|
+
|
45
|
+
#### Simplicity
|
46
|
+
Although some parts of the Framework are fairly complex you will never have to deal them directly.<br/>
|
47
|
+
From a user's or a component developer's point of view everything appears simple and straight-forward all the while providing power, performance and flexibility.
|
48
|
+
|
49
|
+
## Feature List
|
50
|
+
|
51
|
+
### General
|
52
|
+
|
53
|
+
- Cookie-jar support
|
54
|
+
- SSL support.
|
55
|
+
- User Agent spoofing.
|
56
|
+
- Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
|
57
|
+
- Proxy authentication.
|
58
|
+
- Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and others)
|
59
|
+
- Highlighted command line output.
|
60
|
+
- UI abstraction:
|
61
|
+
- Command line UI
|
62
|
+
- Web UI (Utilizing the Client - Dispatch-server XMLRPC architecture)
|
63
|
+
- XMLRPC Client/Dispatch server
|
64
|
+
- Centralised deployment
|
65
|
+
- Multiple clients
|
66
|
+
- Parallel scans
|
67
|
+
- SSL encryption
|
68
|
+
- SSL cert based client authentication
|
69
|
+
- Remote monitoring
|
70
|
+
- Pause/resume functionality.
|
71
|
+
- High performance asynchronous HTTP requests.
|
72
|
+
|
73
|
+
### Website Crawler
|
74
|
+
|
75
|
+
The crawler is provided by a modified version of [Anemone](http://anemone.rubyforge.org/).
|
76
|
+
|
77
|
+
- Filters for redundant pages like galleries, catalogs, etc based on regular expressions and counters.
|
78
|
+
- URL exclusion filter based on regular expressions.
|
79
|
+
- URL inclusion filter based on regular expressions.
|
80
|
+
- Can optionally follow subdomains.
|
81
|
+
- Adjustable depth limit.
|
82
|
+
- Adjustable link count limit.
|
83
|
+
- Adjustable redirect limit.
|
84
|
+
- Modular path extraction via "Path Extractor" components.
|
85
|
+
|
86
|
+
### HTML Parser
|
87
|
+
|
88
|
+
Can extract and analyze:
|
89
|
+
|
90
|
+
- Forms
|
91
|
+
- Links
|
92
|
+
- Cookies
|
93
|
+
|
94
|
+
The analyzer can graciously handle badly written HTML code due to a combination of regular expression analysis and the [Nokogiri](http://nokogiri.org/) HTML parser.
|
95
|
+
|
96
|
+
### Module Management
|
97
|
+
|
98
|
+
- Very simple and easy to use module API providing access to multiple levels of complexity.
|
99
|
+
- Helper audit methods:
|
100
|
+
- For forms, links and cookies auditing.
|
101
|
+
- A wide range of injection strings/input combinations.
|
102
|
+
- Writing RFI, SQL injection, XSS etc modules is a matter of minutes if not seconds.
|
103
|
+
- Currently available modules:
|
104
|
+
- Audit:
|
105
|
+
- SQL injection
|
106
|
+
- Blind SQL injection using rDiff analysis
|
107
|
+
- Blind SQL injection using timing attacks
|
108
|
+
- CSRF detection
|
109
|
+
- Code injection (PHP, Ruby, Python, JSP, ASP.NET)
|
110
|
+
- Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
|
111
|
+
- LDAP injection
|
112
|
+
- Path traversal
|
113
|
+
- Response splitting
|
114
|
+
- OS command injection (*nix, Windows)
|
115
|
+
- Blind OS command injection using timing attacks (*nix, Windows)
|
116
|
+
- Remote file inclusion
|
117
|
+
- Unvalidated redirects
|
118
|
+
- XPath injection
|
119
|
+
- Path XSS
|
120
|
+
- URI XSS
|
121
|
+
- XSS
|
122
|
+
- XSS in event attributes of HTML elements
|
123
|
+
- XSS in HTML tags
|
124
|
+
- XSS in HTML 'script' tags
|
125
|
+
- Recon:
|
126
|
+
- Allowed HTTP methods
|
127
|
+
- Back-up files
|
128
|
+
- Common directories
|
129
|
+
- Common files
|
130
|
+
- HTTP PUT
|
131
|
+
- Insufficient Transport Layer Protection for password forms
|
132
|
+
- WebDAV detection
|
133
|
+
- HTTP TRACE detection
|
134
|
+
- Credit Card number disclosure
|
135
|
+
- CVS/SVN user disclosure
|
136
|
+
- Private IP address disclosure
|
137
|
+
- Common backdoors
|
138
|
+
- .htaccess LIMIT misconfiguration
|
139
|
+
- Interesting responses
|
140
|
+
- HTML object grepper
|
141
|
+
- E-mail address disclosure
|
142
|
+
- US Social Security Number disclosure
|
143
|
+
- Forceful directory listing
|
144
|
+
|
145
|
+
### Report Management
|
146
|
+
|
147
|
+
- Modular design.
|
148
|
+
- Currently available reports:
|
149
|
+
- Standard output
|
150
|
+
- HTML (Cheers to [Christos Chiotis](mailto:chris@survivetheinternet.com) for designing the new HTML report template.)
|
151
|
+
- XML
|
152
|
+
- TXT
|
153
|
+
- YAML serialization
|
154
|
+
- Metareport (providing Metasploit integration to allow for [automated and assisted exploitation](http://zapotek.github.com/arachni/file.EXPLOITATION.html))
|
155
|
+
|
156
|
+
### Plug-in Management
|
157
|
+
|
158
|
+
- Modular design
|
159
|
+
- Plug-ins are framework demi-gods, they have direct access to the framework instance.
|
160
|
+
- Can be used to add any functionality to Arachni.
|
161
|
+
- Currently available plugins:
|
162
|
+
- Passive Proxy
|
163
|
+
- Form based AutoLogin
|
164
|
+
- Dictionary attacker for HTTP Auth
|
165
|
+
- Dictionary attacker for form based authentication
|
166
|
+
- Cookie collector
|
167
|
+
- Healthmap -- Generates sitemap showing the health of each crawled/audited URL
|
168
|
+
- Content-types -- Logs content-types of server responses aiding in the identification of interesting (possibly leaked) files
|
169
|
+
- WAF (Web Application Firewall) Detector
|
170
|
+
- MetaModules -- Loads and runs high-level meta-analysis modules pre/mid/post-scan
|
171
|
+
- AutoThrottle -- Dynamically adjusts HTTP throughput during the scan for maximum bandwidth utilization
|
172
|
+
- TimeoutNotice -- Provides a notice for issues uncovered by timing attacks when the affected audited pages returned unusually high response times to begin with.</br>
|
173
|
+
It also points out the danger of DoS attacks against pages that perform heavy-duty processing.
|
174
|
+
- Uniformity -- Reports inputs that are uniformly vulnerable across a number of pages hinting to the lack of a central point of input sanitization.
|
175
|
+
|
176
|
+
### Trainer subsystem
|
177
|
+
|
178
|
+
The Trainer is what enables Arachni to learn from the scan it performs and incorporate that knowledge, on the fly, for the duration of the audit.
|
179
|
+
|
180
|
+
Modules have the ability to individually force the Framework to learn from the HTTP responses they are going to induce.<br/>
|
181
|
+
However, this is usually not required since Arachni is aware of which requests are more likely to uncover new elements or attack vectors and will adapt itself accordingly.
|
182
|
+
|
183
|
+
Still, this can be an invaluable asset to Fuzzer modules.
|
184
|
+
|
185
|
+
## Usage
|
186
|
+
|
187
|
+
### WebUI
|
188
|
+
|
189
|
+
The Web User Interface is basically a Sinatra app which acts as an Arachni XMLRPC client and connects to a running XMLRPC Dispatch server.
|
190
|
+
|
191
|
+
Thus, you first need to start a Dispatcher like so:
|
192
|
+
$ arachni_xmlrpcd &
|
193
|
+
|
194
|
+
Then start the WebUI by running:
|
195
|
+
$ arachni_web
|
196
|
+
|
197
|
+
_If you get any permission errors then you probably installed the Gem using 'sudo', so use 'sudo' to start the servers too._
|
198
|
+
|
199
|
+
And finally open up a browser window and visit: http://localhost:4567/
|
200
|
+
|
201
|
+
#### Options
|
202
|
+
|
203
|
+
You can see all available options using:
|
204
|
+
$ arachni_web -h
|
205
|
+
|
206
|
+
#### Shutdown
|
207
|
+
You can kill the WebUI by sending _Ctrl+C_ to the console from which you started it.
|
208
|
+
|
209
|
+
However, in order to kill the Dispatcher (and all the processes in its pool) you will need to _killall -9 arachni_xmlrpcd_ (or _killall -9 ruby_ depending on your setup) or hunt them down manually.
|
210
|
+
This inconvenience is by design; it guarantees that Arachni instances will be available (and usable) instantly and that running scans will continue unaffected even if the dispatcher has (for some reason) died.
|
211
|
+
|
212
|
+
#### Parallel scans
|
213
|
+
As you might have guessed by the use of the word _pool_ in the previous paragraph, the WebUI allows you to run as many scans as you wish at the same time.
|
214
|
+
Of course, the amount of parallel scans you'll be able to perform will be limited by your available resources (Network bandwidth/RAM/CPU).
|
215
|
+
|
216
|
+
Should you shutdown the WebUI while a scan is running you'll be able to re-attach to the running process and view its progress or (if the scan has already finished) grab the report the next time you visit the WebUI.
|
217
|
+
In most cases, you won't even need to re-attach to a process in order to get the report of the finished scan, the WebUI's zombie reaper will grab and save the report for you.
|
218
|
+
|
219
|
+
#### General
|
220
|
+
In cases where the Dispatcher is started with its default settings on localhost (like the above example) the WebUI will connect to it automatically.
|
221
|
+
|
222
|
+
However, if you see an error message informing you that the WebUI could not find a dispatcher to connect to then you probably visited the WebUI before it had a chance to connect to the Dispatcher, you can just click on the "Dispatcher" tab to force it to try again; if the error does not re-appear then it connected successfully.
|
223
|
+
|
224
|
+
If you get a scary "Broken pipe" exception a simple refresh will solve the problem.
|
225
|
+
|
226
|
+
#### Remote deployment
|
227
|
+
As noted above, the WebUI is, in essence, a user-friendly Arachni XMLRPC client, this means that you can start a Dispatcher on a remote host and manage it via the WebUI.
|
228
|
+
Simple as that really.
|
229
|
+
|
230
|
+
#### Encryption & Authentication
|
231
|
+
WebUI-client (browser) and XMLRPC Client-Dispatch server authentication takes place using SSL certificate/key pairs.
|
232
|
+
|
233
|
+
These are the 3 basic models:
|
234
|
+
|
235
|
+
- No encryption & no authentication -- Default behavior
|
236
|
+
- Encryption & no authentication -- Just enable SSL in the WebUI configuration file (_conf/webui.yaml_) and the Dispatcher and all components will generate their own certificate/key pairs and disable peer verification.
|
237
|
+
- Encryption & authentication -- Enable SSL and use your own cert/key pairs to authenticate clients to the WebUI and vice verse, and authenticate the XMLRPC clients controlled by the WebUI to the Dispatcher and vice versa.
|
238
|
+
|
239
|
+
However, you can go even further and create combinations specific to each component.
|
240
|
+
|
241
|
+
*Beware:* This interface is brand new so if you encounter any issues please do report them.
|
242
|
+
|
243
|
+
### Command line interface
|
244
|
+
|
245
|
+
The command-line interface is the oldest, most tested and thus more reliable.
|
246
|
+
|
247
|
+
#### Help
|
248
|
+
In order to see everything Arachni has to offer execute:
|
249
|
+
$ arachni -h
|
250
|
+
|
251
|
+
Or visit the Wiki.
|
252
|
+
|
253
|
+
#### Examples
|
254
|
+
You can simply run Arachni like so:
|
255
|
+
|
256
|
+
$ arachni http://test.com
|
257
|
+
|
258
|
+
which will load all modules and audit all forms, links and cookies.
|
259
|
+
|
260
|
+
In the following example all modules will be run against <i>http://test.com</i>, auditing links/forms/cookies and following subdomains --with verbose output enabled.<br/>
|
261
|
+
The results of the audit will be saved in the the file <i>test.com.afr</i>.
|
262
|
+
|
263
|
+
$ arachni -fv http://test.com --report=afr:outfile=test.com.afr
|
264
|
+
|
265
|
+
The Arachni Framework Report (.afr) file can later be loaded by Arachni to create a report, like so:
|
266
|
+
|
267
|
+
$ arachni --repload=test.com.afr --report=html:outfile=my_report.html
|
268
|
+
|
269
|
+
or any other report type as shown by:
|
270
|
+
|
271
|
+
$ arachni --lsrep
|
272
|
+
|
273
|
+
#### You can make module loading easier by using wildcards (*) and exclusions (-).
|
274
|
+
|
275
|
+
To load all _xss_ modules using a wildcard:
|
276
|
+
$ arachni http://example.net --mods=xss_*
|
277
|
+
|
278
|
+
To load all _audit_ modules using a wildcard:
|
279
|
+
$ arachni http://example.net --mods=audit*
|
280
|
+
|
281
|
+
To exclude only the _csrf_ module:
|
282
|
+
$ arachni http://example.net --mods=*,-csrf
|
283
|
+
|
284
|
+
Or you can mix and match; to run everything but the _xss_ modules:
|
285
|
+
$ arachni http://example.net --mods=*,-xss_*
|
286
|
+
|
287
|
+
For a full explanation of all available options you can consult the [User Guide](http://github.com/Zapotek/arachni/wiki/User-guide).
|
288
|
+
|
289
|
+
#### Performing a comprehensive scan quickly
|
290
|
+
|
291
|
+
Arachni comes with a preconfigured profile (_profiles/comprehensive.afp_) for a comprehensive audit.
|
292
|
+
This profile loads all modules, audits links/forms/cookies and loads the HealthMap and Content-Types plugins.
|
293
|
+
|
294
|
+
You can use it like so:
|
295
|
+
$ arachni --load-profile=profiles/comprehensive.afp http://example.net
|
296
|
+
|
297
|
+
#### Performing a full scan quickly
|
298
|
+
|
299
|
+
The _full_ profile adds header auditing to the _comprehensive_ profile.
|
300
|
+
|
301
|
+
_NOTICE: Auditing headers can increase scan time by an order of magnitude (depending on the website) and may be considered over-the-top in most scenarios._
|
302
|
+
|
303
|
+
You can use it like so:
|
304
|
+
$ arachni --load-profile=profiles/full.afp http://example.net
|
305
|
+
|
306
|
+
|
307
|
+
_If you installed the Gem then you'll have to look for the "profiles" directory in your gems path._
|
308
|
+
|
309
|
+
## Installation
|
310
|
+
|
311
|
+
To install the Gem or work with the source code you'll also need the following system libraries:
|
312
|
+
$ sudo apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev
|
313
|
+
|
314
|
+
You will also need to have Ruby 1.9.2 installed *including* the dev package/headers.<br/>
|
315
|
+
The prefered ways to accomplish this is by either using [RVM](http://rvm.beginrescueend.com/) or by downloading and compiling the source code for [Ruby 1.9.2](http://www.ruby-lang.org/en/downloads/) manually.
|
316
|
+
|
317
|
+
### Gem
|
318
|
+
|
319
|
+
To install Arachni:
|
320
|
+
$ gem install arachni
|
321
|
+
|
322
|
+
### Source
|
323
|
+
|
324
|
+
If you want to clone the repository and work with the source code then you'll need to run the following to install all gem dependencies and Arachni:
|
325
|
+
$ rake install
|
326
|
+
|
327
|
+
|
328
|
+
## Supported platforms
|
329
|
+
|
330
|
+
Arachni should work on all *nix and POSIX compliant platforms with Ruby
|
331
|
+
and the aforementioned requirements.
|
332
|
+
|
333
|
+
Windows users should run Arachni in Cygwin.
|
334
|
+
|
335
|
+
## Bug reports/Feature requests
|
336
|
+
Please send your feedback using Github's issue system at
|
337
|
+
[http://github.com/zapotek/arachni/issues](http://github.com/zapotek/arachni/issues).
|
338
|
+
|
339
|
+
|
340
|
+
## License
|
341
|
+
Arachni is licensed under the GNU General Public License v2.<br/>
|
342
|
+
See the [LICENSE](file.LICENSE.html) file for more information.
|
343
|
+
|
344
|
+
|
345
|
+
## Disclaimer
|
346
|
+
Arachni is free software and you are allowed to use it as you see fit.<br/>
|
347
|
+
However, I can't be held responsible for your actions or for any damage
|
348
|
+
caused by the use of this software.
|
349
|
+
|
350
|
+
![Arachni banner](http://zapotek.github.com/arachni/banner.png)
|