arachni 0.2.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.md +18 -1
- data/README.md +50 -139
- data/bin/arachni_web +1 -0
- data/data/crypto/public.pem +9 -0
- data/getoptslong.rb +1 -0
- data/lib/arachni.rb +1 -1
- data/lib/crypto/rsa_aes_cbc.rb +98 -0
- data/lib/rpc/xml/client/base.rb +8 -3
- data/lib/rpc/xml/client/instance.rb +3 -3
- data/lib/rpc/xml/server/base.rb +27 -5
- data/lib/rpc/xml/server/dispatcher.rb +14 -6
- data/lib/rpc/xml/server/instance.rb +3 -3
- data/lib/ui/web/dispatcher_manager.rb +98 -0
- data/lib/ui/web/server/views/{dispatcher.erb → dispatchers.erb} +31 -16
- data/lib/ui/web/server/views/dispatchers_edit.erb +42 -0
- data/lib/ui/web/server/views/home.erb +12 -1
- data/lib/ui/web/server/views/instance.erb +7 -7
- data/lib/ui/web/server/views/layout.erb +2 -2
- data/lib/ui/web/server/views/welcome.erb +3 -4
- data/lib/ui/web/server.rb +194 -105
- data/lib/ui/xmlrpc/dispatcher_monitor.rb +1 -5
- data/lib/ui/xmlrpc/xmlrpc.rb +2 -6
- data/modules/audit/path_traversal.rb +13 -6
- data/reports/html/default.erb +82 -27
- data/reports/html.rb +32 -1
- data/reports/metareport.rb +1 -0
- data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +2 -0
- metadata +7 -4
- data/lib/ui/web/server/public/reports/demo.testfire.net:Sun Mar 20 02:48:10 2011.afr +0 -104829
@@ -1,23 +1,34 @@
|
|
1
1
|
|
2
2
|
<div id="page-intro">
|
3
|
-
<h2>
|
4
|
-
<p>The
|
5
|
-
It spawns an XMLRPC server per scan and provides statistics for all running server instances.<br/>
|
3
|
+
<h2>Dispatchers</h2>
|
4
|
+
<p>The dispatchers spawn an XMLRPC server per scan and provide statistics for all running server instances.<br/>
|
6
5
|
This interface allows you to "Attach" to (see the output of), pause, resume and shutdown instances.
|
7
6
|
</p>
|
8
7
|
|
9
|
-
|
10
|
-
<
|
11
|
-
|
12
|
-
|
13
|
-
</form>
|
14
|
-
<% end %>
|
8
|
+
<form action="/dispatchers/edit" method="get">
|
9
|
+
<input type="submit" value="Edit dispatchers" />
|
10
|
+
</form>
|
11
|
+
|
15
12
|
|
16
13
|
|
17
14
|
</div>
|
18
15
|
<%= erb :flash, {:layout => false} %>
|
19
16
|
|
20
|
-
<%
|
17
|
+
<% stats.each_pair do |d_url, dispatcher_stats| %>
|
18
|
+
<h2>
|
19
|
+
@<%=escape( d_url )%> - <%=dispatcher_stats['running_jobs'].size%> running scans,
|
20
|
+
<%=i=0;dispatcher_stats['running_jobs'].each{ |job| i+= proc_mem( job['proc']['rss'] ).to_i }; i.to_s%>MB RAM usage.
|
21
|
+
</h2>
|
22
|
+
|
23
|
+
<%if !dispatcher_stats['running_jobs'].empty? %>
|
24
|
+
<form action="/dispatchers/<%=sanitize_url( d_url.dup )%>/shutdown" method="post">
|
25
|
+
<%= csrf_tag %>
|
26
|
+
<input type="submit" value="Shutdown all" />
|
27
|
+
</form>
|
28
|
+
<%end%>
|
29
|
+
|
30
|
+
|
31
|
+
<% if !dispatcher_stats['running_jobs'].empty? %>
|
21
32
|
<table>
|
22
33
|
<tr>
|
23
34
|
<th>PID</th>
|
@@ -30,7 +41,7 @@
|
|
30
41
|
<th>Memory consumption</th>
|
31
42
|
<th>Action</th>
|
32
43
|
</tr>
|
33
|
-
<%
|
44
|
+
<% dispatcher_stats['running_jobs'].each do |job| %>
|
34
45
|
<tr>
|
35
46
|
|
36
47
|
|
@@ -47,24 +58,24 @@
|
|
47
58
|
<td><%=job['starttime'].to_time%></td>
|
48
59
|
<td><%=job['currtime'].to_time%></td>
|
49
60
|
<td><%=secs_to_hms( job['runtime'] )%></td>
|
50
|
-
<td><%=proc_mem( job['proc']['rss'] )
|
61
|
+
<td><%=proc_mem( job['proc']['rss'] )%> MB</td>
|
51
62
|
|
52
63
|
<td>
|
53
64
|
<% if !( job['owner'] =~/WebUI helper/ ) %>
|
54
65
|
|
55
|
-
<form action="/instance/<%=job['port']%>" method="get" target="_blank">
|
66
|
+
<form action="/instance/<%=port_to_url( job['port'], d_url, true )%>" method="get" target="_blank">
|
56
67
|
<input type="submit" value="Attach" />
|
57
68
|
</form>
|
58
69
|
|
59
70
|
<%if !job['paused'] %>
|
60
|
-
<form action="/
|
71
|
+
<form action="/dispatchers/<%=port_to_url( job['port'], d_url, true )%>/pause" method="post">
|
61
72
|
<%= csrf_tag %>
|
62
73
|
<input type="submit" value="Pause" />
|
63
74
|
</form>
|
64
75
|
<%end%>
|
65
76
|
|
66
77
|
<%if job['paused'] %>
|
67
|
-
<form action="/
|
78
|
+
<form action="/dispatchers/<%=port_to_url( job['port'], d_url, true )%>/resume" method="post">
|
68
79
|
<%= csrf_tag %>
|
69
80
|
<input type="submit" value="Resume" />
|
70
81
|
</form>
|
@@ -72,7 +83,7 @@
|
|
72
83
|
|
73
84
|
<% end %>
|
74
85
|
|
75
|
-
<form action="/
|
86
|
+
<form action="/dispatchers/<%=port_to_url( job['port'], d_url, true )%>/shutdown" method="post">
|
76
87
|
<%= csrf_tag %>
|
77
88
|
<input type="submit" value="Shutdown" />
|
78
89
|
</form>
|
@@ -83,3 +94,7 @@
|
|
83
94
|
<% else %>
|
84
95
|
<span class="notice"> There are no running scans at the moment.</span>
|
85
96
|
<% end %>
|
97
|
+
|
98
|
+
<br/><br/>
|
99
|
+
|
100
|
+
<% end %>
|
@@ -0,0 +1,42 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
<div id="page-intro">
|
4
|
+
<h2>Edit Dispatchers</h2>
|
5
|
+
<p>
|
6
|
+
This screen allows you to add and remove Dispatchers.
|
7
|
+
</p>
|
8
|
+
</div>
|
9
|
+
|
10
|
+
<%= erb :flash, {:layout => false} %>
|
11
|
+
|
12
|
+
<% if !dispatchers.all.empty? %>
|
13
|
+
<table>
|
14
|
+
<tr>
|
15
|
+
<th>Location</th>
|
16
|
+
<th>Alive?</th>
|
17
|
+
<th>Action</th>
|
18
|
+
</tr>
|
19
|
+
<% dispatchers.all.each do |dispatcher| %>
|
20
|
+
<tr>
|
21
|
+
<td><%=dispatcher['url']%></td>
|
22
|
+
<td><%=dispatchers.alive?( dispatcher['url'] ).to_s.capitalize%></td>
|
23
|
+
<td>
|
24
|
+
<form action="/dispatchers/<%=dispatcher['id']%>/delete" method="post">
|
25
|
+
<%= csrf_tag %>
|
26
|
+
<input type="submit" value="Delete" />
|
27
|
+
</form>
|
28
|
+
</td>
|
29
|
+
</tr>
|
30
|
+
<%end%>
|
31
|
+
</table>
|
32
|
+
<%else%>
|
33
|
+
<span class="notice"> There are no available Dispatchers at the moment. Add one if you want to start a scan.</span>
|
34
|
+
<br/><br/>
|
35
|
+
<%end%>
|
36
|
+
|
37
|
+
<form action="/dispatchers/add" method="post">
|
38
|
+
<%= csrf_tag %>
|
39
|
+
<label>URL:</label>
|
40
|
+
<input name="url" value="https://localhost:7331" />
|
41
|
+
<input type="submit" value="Add" />
|
42
|
+
</form>
|
@@ -2,10 +2,21 @@
|
|
2
2
|
<form action="/scan" method="post">
|
3
3
|
|
4
4
|
<%= csrf_tag %>
|
5
|
+
|
5
6
|
<input type="submit" value="Launch Scan" />
|
6
7
|
|
7
8
|
<div id="page-intro">
|
8
|
-
|
9
|
+
Select a Dispatcher:
|
10
|
+
<select name="dispatcher">
|
11
|
+
<% dispatcher_stats.each_pair do |d_url, stats| %>
|
12
|
+
<% next if !dispatchers.alive?( d_url ) %>
|
13
|
+
<option value="<%=d_url%>">
|
14
|
+
@<%=escape( d_url )%> - <%=stats['running_jobs'].size%> running scans,
|
15
|
+
<%=i=0;stats['running_jobs'].each{ |job| i+= proc_mem( job['proc']['rss'] ).to_i }; i.to_s%>MB RAM usage.
|
16
|
+
</option>
|
17
|
+
<%end%>
|
18
|
+
</select>
|
19
|
+
|
9
20
|
<h2>URL: <input name="url" value="<%=session['opts']['settings']['url']%>" size="50" /></h2>
|
10
21
|
</div>
|
11
22
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
|
2
2
|
<div id="page-intro">
|
3
|
-
<h2 id="page_header">Attached to instance
|
3
|
+
<h2 id="page_header">Attached to instance @<%=sanitize_url( params['url'] )%></h2>
|
4
4
|
<p id="page_description">
|
5
5
|
This page allows you to see what's going on at the other end of the wire (i.e. get status messages directly from the remote scanner).
|
6
6
|
<br/>
|
@@ -11,20 +11,20 @@
|
|
11
11
|
<%if !shutdown %>
|
12
12
|
|
13
13
|
<%if !paused %>
|
14
|
-
<form action="/instance/<%=params['
|
14
|
+
<form action="/instance/<%=sanitize_url( params['url'] )%>/pause" method="post">
|
15
15
|
<%= csrf_tag %>
|
16
16
|
<input type="submit" value="Pause" />
|
17
17
|
</form>
|
18
18
|
<%end%>
|
19
19
|
|
20
20
|
<%if paused %>
|
21
|
-
<form action="/instance/<%=params['
|
21
|
+
<form action="/instance/<%=sanitize_url( params['url'] )%>/resume" method="post">
|
22
22
|
<%= csrf_tag %>
|
23
23
|
<input type="submit" value="Resume" />
|
24
24
|
</form>
|
25
25
|
<%end%>
|
26
26
|
|
27
|
-
<form action="/instance/<%=params['
|
27
|
+
<form action="/instance/<%=sanitize_url( params['url'] )%>/shutdown" method="post">
|
28
28
|
<%= csrf_tag %>
|
29
29
|
<input type="submit" value="Shutdown" />
|
30
30
|
</form>
|
@@ -130,7 +130,7 @@
|
|
130
130
|
}
|
131
131
|
|
132
132
|
function updateProgressBar(){
|
133
|
-
var stats_url = "/instance/<%= params['
|
133
|
+
var stats_url = "/instance/<%= escape( params['url'].to_s ) %>/stats.json";
|
134
134
|
$.getJSON( stats_url, function(data) {
|
135
135
|
if( data.stats == undefined ){ return }
|
136
136
|
setStats( data.stats );
|
@@ -142,7 +142,7 @@
|
|
142
142
|
function updateOutput() {
|
143
143
|
if( !document.getElementById( 'output' ) ) return;
|
144
144
|
|
145
|
-
var output_url = "/instance/<%= params['
|
145
|
+
var output_url = "/instance/<%= escape( params['url'].to_s ) %>/output.json";
|
146
146
|
$.getJSON( output_url, function(data) {
|
147
147
|
|
148
148
|
if( data.status == 'finished' ){
|
@@ -163,7 +163,7 @@
|
|
163
163
|
function updateResults() {
|
164
164
|
if( !document.getElementById( 'output_results' ) ) return;
|
165
165
|
|
166
|
-
var output_results_url = "/instance/<%= params['
|
166
|
+
var output_results_url = "/instance/<%= escape( params['url'].to_s ) %>/output_results.json";
|
167
167
|
$.getJSON( output_results_url, function(data) {
|
168
168
|
document.getElementById( 'output_results' ).innerHTML = data.data;
|
169
169
|
});
|
@@ -1,7 +1,7 @@
|
|
1
1
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
2
2
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" dir="ltr">
|
3
3
|
<head>
|
4
|
-
<title
|
4
|
+
<title><%=title%></title>
|
5
5
|
<link rel="shortcut icon" href="/favicon.ico" />
|
6
6
|
|
7
7
|
<link type="text/css" href="/css/smoothness/jquery-ui-1.8.9.custom.css" rel="Stylesheet" />
|
@@ -37,7 +37,7 @@
|
|
37
37
|
<li <% if selected_tab?( 'plugins' )%>class="selected" <%end%>><a href="/plugins">Plugins</a></li>
|
38
38
|
<li <% if selected_tab?( 'settings' )%>class="selected" <%end%>><a href="/settings">Settings</a></li>
|
39
39
|
<li <% if selected_tab?( 'reports' )%>class="selected" <%end%>><a href="/reports">Reports [<%=report_count%>]</a></li>
|
40
|
-
<li <% if selected_tab?( '
|
40
|
+
<li <% if selected_tab?( 'dispatchers' )%>class="selected" <%end%>><a href="/dispatchers">Dispatchers</a></li>
|
41
41
|
<li <% if selected_tab?( 'log' )%>class="selected" <%end%>><a href="/log">Log</a></li>
|
42
42
|
</ul>
|
43
43
|
</div>
|
@@ -6,8 +6,7 @@
|
|
6
6
|
|
7
7
|
<h2>General</h2>
|
8
8
|
<p>
|
9
|
-
|
10
|
-
In the software world this means that the WebUI may empty your fridge, drink all your coffee, eat your puppy, slash your tires and/or burn down your house.<br/>
|
9
|
+
The WebUI may empty your fridge, drink all your coffee, eat your puppy, slash your tires and/or burn down your house.<br/>
|
11
10
|
Nevertheless, I'd appreciate it if you gave it a shot and <a href="https://github.com/Zapotek/arachni/issues">let me know</a> if you find anything wrong with it.
|
12
11
|
</p>
|
13
12
|
|
@@ -18,6 +17,7 @@
|
|
18
17
|
<li>make working with Arachni easier</li>
|
19
18
|
<li>make report management easier</li>
|
20
19
|
<li>run and manage multiple scans at the same time <em>(each scan will try its best for maximum bandwidth utilization so it'll be like lions fighting in a cage -- make sure you have sufficient resources)</em></li>
|
20
|
+
<li>work with and manage multiple Dispatchers</li>
|
21
21
|
</ul>
|
22
22
|
</p>
|
23
23
|
|
@@ -25,9 +25,8 @@
|
|
25
25
|
<p>
|
26
26
|
It isn't:
|
27
27
|
<ul>
|
28
|
-
<li>stable</li>
|
28
|
+
<li>too stable</li>
|
29
29
|
<li>a way to make Arachni's goodies available to multiple users <em>(you could but it wouldn't be safe)</em></li>
|
30
|
-
<li>a way to work with and manage multiple Dispatchers <em>(you can clear your session cookies to force the WebUI to ask you for a new Dispatcher to connect to but there are no guarantees)</em></li>
|
31
30
|
</ul>
|
32
31
|
</p>
|
33
32
|
|