arachni 0.2.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +18 -1
- data/README.md +50 -139
- data/bin/arachni_web +1 -0
- data/data/crypto/public.pem +9 -0
- data/getoptslong.rb +1 -0
- data/lib/arachni.rb +1 -1
- data/lib/crypto/rsa_aes_cbc.rb +98 -0
- data/lib/rpc/xml/client/base.rb +8 -3
- data/lib/rpc/xml/client/instance.rb +3 -3
- data/lib/rpc/xml/server/base.rb +27 -5
- data/lib/rpc/xml/server/dispatcher.rb +14 -6
- data/lib/rpc/xml/server/instance.rb +3 -3
- data/lib/ui/web/dispatcher_manager.rb +98 -0
- data/lib/ui/web/server/views/{dispatcher.erb → dispatchers.erb} +31 -16
- data/lib/ui/web/server/views/dispatchers_edit.erb +42 -0
- data/lib/ui/web/server/views/home.erb +12 -1
- data/lib/ui/web/server/views/instance.erb +7 -7
- data/lib/ui/web/server/views/layout.erb +2 -2
- data/lib/ui/web/server/views/welcome.erb +3 -4
- data/lib/ui/web/server.rb +194 -105
- data/lib/ui/xmlrpc/dispatcher_monitor.rb +1 -5
- data/lib/ui/xmlrpc/xmlrpc.rb +2 -6
- data/modules/audit/path_traversal.rb +13 -6
- data/reports/html/default.erb +82 -27
- data/reports/html.rb +32 -1
- data/reports/metareport.rb +1 -0
- data/reports/plugin_formatters/stdout/metaformatters/timeout_notice.rb +2 -0
- metadata +7 -4
- data/lib/ui/web/server/public/reports/demo.testfire.net:Sun Mar 20 02:48:10 2011.afr +0 -104829
@@ -1,23 +1,34 @@
|
|
1
1
|
|
2
2
|
<div id="page-intro">
|
3
|
-
<h2>
|
4
|
-
<p>The
|
5
|
-
It spawns an XMLRPC server per scan and provides statistics for all running server instances.<br/>
|
3
|
+
<h2>Dispatchers</h2>
|
4
|
+
<p>The dispatchers spawn an XMLRPC server per scan and provide statistics for all running server instances.<br/>
|
6
5
|
This interface allows you to "Attach" to (see the output of), pause, resume and shutdown instances.
|
7
6
|
</p>
|
8
7
|
|
9
|
-
|
10
|
-
<
|
11
|
-
|
12
|
-
|
13
|
-
</form>
|
14
|
-
<% end %>
|
8
|
+
<form action="/dispatchers/edit" method="get">
|
9
|
+
<input type="submit" value="Edit dispatchers" />
|
10
|
+
</form>
|
11
|
+
|
15
12
|
|
16
13
|
|
17
14
|
</div>
|
18
15
|
<%= erb :flash, {:layout => false} %>
|
19
16
|
|
20
|
-
<%
|
17
|
+
<% stats.each_pair do |d_url, dispatcher_stats| %>
|
18
|
+
<h2>
|
19
|
+
@<%=escape( d_url )%> - <%=dispatcher_stats['running_jobs'].size%> running scans,
|
20
|
+
<%=i=0;dispatcher_stats['running_jobs'].each{ |job| i+= proc_mem( job['proc']['rss'] ).to_i }; i.to_s%>MB RAM usage.
|
21
|
+
</h2>
|
22
|
+
|
23
|
+
<%if !dispatcher_stats['running_jobs'].empty? %>
|
24
|
+
<form action="/dispatchers/<%=sanitize_url( d_url.dup )%>/shutdown" method="post">
|
25
|
+
<%= csrf_tag %>
|
26
|
+
<input type="submit" value="Shutdown all" />
|
27
|
+
</form>
|
28
|
+
<%end%>
|
29
|
+
|
30
|
+
|
31
|
+
<% if !dispatcher_stats['running_jobs'].empty? %>
|
21
32
|
<table>
|
22
33
|
<tr>
|
23
34
|
<th>PID</th>
|
@@ -30,7 +41,7 @@
|
|
30
41
|
<th>Memory consumption</th>
|
31
42
|
<th>Action</th>
|
32
43
|
</tr>
|
33
|
-
<%
|
44
|
+
<% dispatcher_stats['running_jobs'].each do |job| %>
|
34
45
|
<tr>
|
35
46
|
|
36
47
|
|
@@ -47,24 +58,24 @@
|
|
47
58
|
<td><%=job['starttime'].to_time%></td>
|
48
59
|
<td><%=job['currtime'].to_time%></td>
|
49
60
|
<td><%=secs_to_hms( job['runtime'] )%></td>
|
50
|
-
<td><%=proc_mem( job['proc']['rss'] )
|
61
|
+
<td><%=proc_mem( job['proc']['rss'] )%> MB</td>
|
51
62
|
|
52
63
|
<td>
|
53
64
|
<% if !( job['owner'] =~/WebUI helper/ ) %>
|
54
65
|
|
55
|
-
<form action="/instance/<%=job['port']%>" method="get" target="_blank">
|
66
|
+
<form action="/instance/<%=port_to_url( job['port'], d_url, true )%>" method="get" target="_blank">
|
56
67
|
<input type="submit" value="Attach" />
|
57
68
|
</form>
|
58
69
|
|
59
70
|
<%if !job['paused'] %>
|
60
|
-
<form action="/
|
71
|
+
<form action="/dispatchers/<%=port_to_url( job['port'], d_url, true )%>/pause" method="post">
|
61
72
|
<%= csrf_tag %>
|
62
73
|
<input type="submit" value="Pause" />
|
63
74
|
</form>
|
64
75
|
<%end%>
|
65
76
|
|
66
77
|
<%if job['paused'] %>
|
67
|
-
<form action="/
|
78
|
+
<form action="/dispatchers/<%=port_to_url( job['port'], d_url, true )%>/resume" method="post">
|
68
79
|
<%= csrf_tag %>
|
69
80
|
<input type="submit" value="Resume" />
|
70
81
|
</form>
|
@@ -72,7 +83,7 @@
|
|
72
83
|
|
73
84
|
<% end %>
|
74
85
|
|
75
|
-
<form action="/
|
86
|
+
<form action="/dispatchers/<%=port_to_url( job['port'], d_url, true )%>/shutdown" method="post">
|
76
87
|
<%= csrf_tag %>
|
77
88
|
<input type="submit" value="Shutdown" />
|
78
89
|
</form>
|
@@ -83,3 +94,7 @@
|
|
83
94
|
<% else %>
|
84
95
|
<span class="notice"> There are no running scans at the moment.</span>
|
85
96
|
<% end %>
|
97
|
+
|
98
|
+
<br/><br/>
|
99
|
+
|
100
|
+
<% end %>
|
@@ -0,0 +1,42 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
<div id="page-intro">
|
4
|
+
<h2>Edit Dispatchers</h2>
|
5
|
+
<p>
|
6
|
+
This screen allows you to add and remove Dispatchers.
|
7
|
+
</p>
|
8
|
+
</div>
|
9
|
+
|
10
|
+
<%= erb :flash, {:layout => false} %>
|
11
|
+
|
12
|
+
<% if !dispatchers.all.empty? %>
|
13
|
+
<table>
|
14
|
+
<tr>
|
15
|
+
<th>Location</th>
|
16
|
+
<th>Alive?</th>
|
17
|
+
<th>Action</th>
|
18
|
+
</tr>
|
19
|
+
<% dispatchers.all.each do |dispatcher| %>
|
20
|
+
<tr>
|
21
|
+
<td><%=dispatcher['url']%></td>
|
22
|
+
<td><%=dispatchers.alive?( dispatcher['url'] ).to_s.capitalize%></td>
|
23
|
+
<td>
|
24
|
+
<form action="/dispatchers/<%=dispatcher['id']%>/delete" method="post">
|
25
|
+
<%= csrf_tag %>
|
26
|
+
<input type="submit" value="Delete" />
|
27
|
+
</form>
|
28
|
+
</td>
|
29
|
+
</tr>
|
30
|
+
<%end%>
|
31
|
+
</table>
|
32
|
+
<%else%>
|
33
|
+
<span class="notice"> There are no available Dispatchers at the moment. Add one if you want to start a scan.</span>
|
34
|
+
<br/><br/>
|
35
|
+
<%end%>
|
36
|
+
|
37
|
+
<form action="/dispatchers/add" method="post">
|
38
|
+
<%= csrf_tag %>
|
39
|
+
<label>URL:</label>
|
40
|
+
<input name="url" value="https://localhost:7331" />
|
41
|
+
<input type="submit" value="Add" />
|
42
|
+
</form>
|
@@ -2,10 +2,21 @@
|
|
2
2
|
<form action="/scan" method="post">
|
3
3
|
|
4
4
|
<%= csrf_tag %>
|
5
|
+
|
5
6
|
<input type="submit" value="Launch Scan" />
|
6
7
|
|
7
8
|
<div id="page-intro">
|
8
|
-
|
9
|
+
Select a Dispatcher:
|
10
|
+
<select name="dispatcher">
|
11
|
+
<% dispatcher_stats.each_pair do |d_url, stats| %>
|
12
|
+
<% next if !dispatchers.alive?( d_url ) %>
|
13
|
+
<option value="<%=d_url%>">
|
14
|
+
@<%=escape( d_url )%> - <%=stats['running_jobs'].size%> running scans,
|
15
|
+
<%=i=0;stats['running_jobs'].each{ |job| i+= proc_mem( job['proc']['rss'] ).to_i }; i.to_s%>MB RAM usage.
|
16
|
+
</option>
|
17
|
+
<%end%>
|
18
|
+
</select>
|
19
|
+
|
9
20
|
<h2>URL: <input name="url" value="<%=session['opts']['settings']['url']%>" size="50" /></h2>
|
10
21
|
</div>
|
11
22
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
|
2
2
|
<div id="page-intro">
|
3
|
-
<h2 id="page_header">Attached to instance
|
3
|
+
<h2 id="page_header">Attached to instance @<%=sanitize_url( params['url'] )%></h2>
|
4
4
|
<p id="page_description">
|
5
5
|
This page allows you to see what's going on at the other end of the wire (i.e. get status messages directly from the remote scanner).
|
6
6
|
<br/>
|
@@ -11,20 +11,20 @@
|
|
11
11
|
<%if !shutdown %>
|
12
12
|
|
13
13
|
<%if !paused %>
|
14
|
-
<form action="/instance/<%=params['
|
14
|
+
<form action="/instance/<%=sanitize_url( params['url'] )%>/pause" method="post">
|
15
15
|
<%= csrf_tag %>
|
16
16
|
<input type="submit" value="Pause" />
|
17
17
|
</form>
|
18
18
|
<%end%>
|
19
19
|
|
20
20
|
<%if paused %>
|
21
|
-
<form action="/instance/<%=params['
|
21
|
+
<form action="/instance/<%=sanitize_url( params['url'] )%>/resume" method="post">
|
22
22
|
<%= csrf_tag %>
|
23
23
|
<input type="submit" value="Resume" />
|
24
24
|
</form>
|
25
25
|
<%end%>
|
26
26
|
|
27
|
-
<form action="/instance/<%=params['
|
27
|
+
<form action="/instance/<%=sanitize_url( params['url'] )%>/shutdown" method="post">
|
28
28
|
<%= csrf_tag %>
|
29
29
|
<input type="submit" value="Shutdown" />
|
30
30
|
</form>
|
@@ -130,7 +130,7 @@
|
|
130
130
|
}
|
131
131
|
|
132
132
|
function updateProgressBar(){
|
133
|
-
var stats_url = "/instance/<%= params['
|
133
|
+
var stats_url = "/instance/<%= escape( params['url'].to_s ) %>/stats.json";
|
134
134
|
$.getJSON( stats_url, function(data) {
|
135
135
|
if( data.stats == undefined ){ return }
|
136
136
|
setStats( data.stats );
|
@@ -142,7 +142,7 @@
|
|
142
142
|
function updateOutput() {
|
143
143
|
if( !document.getElementById( 'output' ) ) return;
|
144
144
|
|
145
|
-
var output_url = "/instance/<%= params['
|
145
|
+
var output_url = "/instance/<%= escape( params['url'].to_s ) %>/output.json";
|
146
146
|
$.getJSON( output_url, function(data) {
|
147
147
|
|
148
148
|
if( data.status == 'finished' ){
|
@@ -163,7 +163,7 @@
|
|
163
163
|
function updateResults() {
|
164
164
|
if( !document.getElementById( 'output_results' ) ) return;
|
165
165
|
|
166
|
-
var output_results_url = "/instance/<%= params['
|
166
|
+
var output_results_url = "/instance/<%= escape( params['url'].to_s ) %>/output_results.json";
|
167
167
|
$.getJSON( output_results_url, function(data) {
|
168
168
|
document.getElementById( 'output_results' ).innerHTML = data.data;
|
169
169
|
});
|
@@ -1,7 +1,7 @@
|
|
1
1
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
2
2
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" dir="ltr">
|
3
3
|
<head>
|
4
|
-
<title
|
4
|
+
<title><%=title%></title>
|
5
5
|
<link rel="shortcut icon" href="/favicon.ico" />
|
6
6
|
|
7
7
|
<link type="text/css" href="/css/smoothness/jquery-ui-1.8.9.custom.css" rel="Stylesheet" />
|
@@ -37,7 +37,7 @@
|
|
37
37
|
<li <% if selected_tab?( 'plugins' )%>class="selected" <%end%>><a href="/plugins">Plugins</a></li>
|
38
38
|
<li <% if selected_tab?( 'settings' )%>class="selected" <%end%>><a href="/settings">Settings</a></li>
|
39
39
|
<li <% if selected_tab?( 'reports' )%>class="selected" <%end%>><a href="/reports">Reports [<%=report_count%>]</a></li>
|
40
|
-
<li <% if selected_tab?( '
|
40
|
+
<li <% if selected_tab?( 'dispatchers' )%>class="selected" <%end%>><a href="/dispatchers">Dispatchers</a></li>
|
41
41
|
<li <% if selected_tab?( 'log' )%>class="selected" <%end%>><a href="/log">Log</a></li>
|
42
42
|
</ul>
|
43
43
|
</div>
|
@@ -6,8 +6,7 @@
|
|
6
6
|
|
7
7
|
<h2>General</h2>
|
8
8
|
<p>
|
9
|
-
|
10
|
-
In the software world this means that the WebUI may empty your fridge, drink all your coffee, eat your puppy, slash your tires and/or burn down your house.<br/>
|
9
|
+
The WebUI may empty your fridge, drink all your coffee, eat your puppy, slash your tires and/or burn down your house.<br/>
|
11
10
|
Nevertheless, I'd appreciate it if you gave it a shot and <a href="https://github.com/Zapotek/arachni/issues">let me know</a> if you find anything wrong with it.
|
12
11
|
</p>
|
13
12
|
|
@@ -18,6 +17,7 @@
|
|
18
17
|
<li>make working with Arachni easier</li>
|
19
18
|
<li>make report management easier</li>
|
20
19
|
<li>run and manage multiple scans at the same time <em>(each scan will try its best for maximum bandwidth utilization so it'll be like lions fighting in a cage -- make sure you have sufficient resources)</em></li>
|
20
|
+
<li>work with and manage multiple Dispatchers</li>
|
21
21
|
</ul>
|
22
22
|
</p>
|
23
23
|
|
@@ -25,9 +25,8 @@
|
|
25
25
|
<p>
|
26
26
|
It isn't:
|
27
27
|
<ul>
|
28
|
-
<li>stable</li>
|
28
|
+
<li>too stable</li>
|
29
29
|
<li>a way to make Arachni's goodies available to multiple users <em>(you could but it wouldn't be safe)</em></li>
|
30
|
-
<li>a way to work with and manage multiple Dispatchers <em>(you can clear your session cookies to force the WebUI to ask you for a new Dispatcher to connect to but there are no guarantees)</em></li>
|
31
30
|
</ul>
|
32
31
|
</p>
|
33
32
|
|