arachni 0.2.2.2 → 0.2.3

data/lib/ui/web/server.rb

@@ -31,6 +31,7 @@ require Arachni::Options.instance.dir['lib'] + 'framework'
 require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/dispatcher'
 require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/instance'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/report_manager'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/dispatcher_manager'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/log'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/output_stream'
 
@@ -41,14 +42,14 @@ require Arachni::Options.instance.dir['lib'] + 'ui/web/output_stream'
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1.1-pre
+# @version: 0.1.3
 #
 # @see Arachni::RPC::XML::Client::Instance
 # @see Arachni::RPC::XML::Client::Dispatcher
 #
 module Web
 
-    VERSION = '0.1.1-pre'
+    VERSION = '0.1.3'
 
 class Server < Sinatra::Base
 
@@ -67,6 +68,21 @@ class Server < Sinatra::Base
 
     helpers do
 
+        def title
+            main = 'Arachni - Web Application Security Scanner Framework'
+
+            sub = env['PATH_INFO'].split( '/' ).map {
+                |part|
+                normalize_section_name( part )
+            }.reject { |part| part.empty? }.join( ' &rarr; ' )
+
+            return sub.empty? ? main : sub + ' :: ' + main
+        end
+
+        def normalize_section_name( name )
+            name.gsub( '_', ' ' ).capitalize
+        end
+
         def report_count
             settings.reports.all.size
         end
@@ -131,7 +147,7 @@ class Server < Sinatra::Base
 
         def proc_mem( rss )
             # we assume a page size of 4096
-            (rss.to_i * 4096 / 1024 / 1024).to_s + 'MB'
+            rss.to_i * 4096 / 1024 / 1024
         end
 
         def secs_to_hms( secs )
@@ -161,6 +177,7 @@ class Server < Sinatra::Base
 
     set :log,     Log.new( Arachni::Options.instance, settings )
     set :reports, ReportManager.new( Arachni::Options.instance, settings )
+    set :dispatchers, DispatcherManager.new( Arachni::Options.instance, settings )
 
     enable :sessions
 
@@ -178,9 +195,9 @@ class Server < Sinatra::Base
     end
 
     def show( page, layout = true )
-        if page == :dispatcher
+        if page == :dispatchers
             ensure_dispatcher
-            erb :dispatcher, { :layout => true }, :stats => dispatcher_stats
+            erb :dispatchers, { :layout => true }, :stats => dispatcher_stats
         else
             erb page.to_sym, { :layout => layout }
         end
@@ -206,13 +223,42 @@ class Server < Sinatra::Base
     #
     # @param    [Integer]   port
     #
-    def connect_to_instance( port )
+    def connect_to_instance( url, token = nil )
         prep_session
 
+        url = 'https://' + url if URI( url ).scheme != 'https'
+
+        @@connections ||= {}
+
         begin
-            return Arachni::RPC::XML::Client::Instance.new( options, port_to_url( port ) )
-        rescue Exception
-            raise "Instance on port #{port} has shutdown."
+            if @@connections[url] && @@connections[url].alive?
+              return @@connections[url]
+            end
+        rescue
+        end
+
+        begin
+
+            #
+            # Sync up the session authentication tokens with the ones in the
+            # class variables.
+            #
+            # This will allow users to still connect to instances even if they
+            # shutdown the WebUI or removed their cookies.
+            #
+
+            @@tokens ||= {}
+            session['tokens'] ||= {}
+            @@tokens[url] = token if token
+
+            session['tokens'].merge!( @@tokens )
+            @@tokens.merge!( session['tokens'] )
+            session['tokens'].merge!( @@tokens )
+
+            return @@connections[url] =
+                Arachni::RPC::XML::Client::Instance.new( options, url, session['tokens'][url] )
+        rescue Exception => e
+            raise "Instance at #{url} has shutdown."
         end
     end
 
@@ -221,35 +267,41 @@ class Server < Sinatra::Base
     #
     # @param    [Integer]   port
     #
-    def port_to_url( port )
-        uri = URI( session[:dispatcher_url] )
+    def port_to_url( port, dispatcher_url, no_scheme = nil )
+        uri = URI( dispatcher_url )
         uri.port = port.to_i
-        uri.to_s
+        uri = uri.to_s
+
+        uri = sanitize_url( uri ) if no_scheme
+        return uri
     end
 
-    #
-    # Provides easy access to the dispatcher and handles failure
-    #
-    def dispatcher
-        begin
-            @dispatcher ||= Arachni::RPC::XML::Client::Dispatcher.new( options, session[:dispatcher_url] )
-        rescue Exception => e
-            redirect '/dispatcher_error'
-        end
+    def dispatchers
+        settings.dispatchers
     end
 
     #
     # Provides statistics about running jobs etc using the dispatcher
     #
     def dispatcher_stats
-        stats = dispatcher.stats
-        stats['running_jobs'].each {
-            |job|
+
+        stats = {}
+        dispatchers.all.each {
+            |dispatcher|
+
             begin
-                job['paused'] = connect_to_instance( job['port'] ).framework.paused?
+                stats[dispatcher['url']] = dispatchers.connect( dispatcher['url'] ).stats
+                stats[dispatcher['url']]['running_jobs'].each {
+                    |job|
+                    begin
+                        job['paused'] = connect_to_instance( port_to_url( job['port'], dispatcher['url'] ) ).framework.paused?
+                    rescue
+                    end
+                }
             rescue
             end
         }
+
         return stats
     end
 
@@ -367,12 +419,17 @@ class Server < Sinatra::Base
         begin
             @@arachni ||= nil
             if !@@arachni
-                instance = dispatcher.dispatch( HELPER_OWNER )
-                @@arachni = connect_to_instance( instance['port'] )
+
+                d_url    = dispatchers.all.first['url']
+                instance = dispatchers.connect( d_url ).dispatch( HELPER_OWNER )
+                instance_url = port_to_url( instance['port'], d_url )
+
+                @@arachni = connect_to_instance( instance_url, instance['token'] )
             end
+
             return @@arachni
         rescue
-            redirect '/dispatcher/error'
+            redirect '/dispatchers/edit'
         end
     end
 
@@ -403,8 +460,6 @@ class Server < Sinatra::Base
     # Makes sure that all systems are go and populates the session with default values
     #
     def prep_session
-        session[:dispatcher_url] ||= 'http://localhost:7331'
-
         ensure_dispatcher
 
         session['opts'] ||= {}
@@ -442,11 +497,7 @@ class Server < Sinatra::Base
     # @return   [Bool]  true if alive, redirect if not
     #
     def ensure_dispatcher
-        begin
-            dispatcher.alive?
-        rescue Exception => e
-            redirect '/dispatcher/error'
-        end
+        redirect '/dispatchers/edit' if dispatchers.all.empty?
     end
 
     #
@@ -475,23 +526,33 @@ class Server < Sinatra::Base
     #
     # Kills all running instances
     #
-    def shutdown_all
-        settings.log.dispatcher_global_shutdown( env )
-        dispatcher.stats['running_jobs'].each {
-            |job|
-            begin
-                save_and_shutdown( connect_to_instance( job['port'] ) )
-            rescue
+    def shutdown_all( url )
+        settings.log.dispatcher_global_shutdown( env, url )
+
+        dispatcher_stats.each_pair {
+            |d_url, stats|
+
+            next if sanitize_url( d_url.dup ) != url
+
+            stats['running_jobs'].each {
+                |job|
+
+                instance_url = port_to_url( job['port'], d_url )
                 begin
-                    connect_to_instance( job['port'] ).service.shutdown!
+                    save_and_shutdown( connect_to_instance( instance_url ) )
                 rescue
-                    settings.log.instance_fucker_wont_die( env, port_to_url( job['port'] ) )
-                    next
+                    begin
+                        connect_to_instance( instance_url ).service.shutdown!
+                    rescue
+                        settings.log.instance_fucker_wont_die( env, instance_url )
+                        next
+                    end
                 end
-            end
 
-            settings.log.instance_shutdown( env, port_to_url( job['port'] ) )
+                settings.log.instance_shutdown( env, instance_url )
+            }
         }
+
     end
 
     #
@@ -501,29 +562,39 @@ class Server < Sinatra::Base
     #
     def shutdown_zombies
         i = 0
-        dispatcher.stats['running_jobs'].each {
-            |job|
 
-            begin
-                arachni = connect_to_instance( job['port'] )
+        dispatcher_stats.each_pair {
+            |url, stats|
+
+            stats['running_jobs'].each {
+                |job|
 
                 begin
-                    if !arachni.framework.busy? && !job['owner'] != HELPER_OWNER
-                        save_and_shutdown( arachni )
-                        settings.log.webui_zombie_cleanup( env, port_to_url( job['port'] ) )
-                        i+=1
+                    instance_url = port_to_url( job['port'], url )
+                    arachni = connect_to_instance( instance_url )
+
+                    begin
+                        if !arachni.framework.busy? && !job['owner'] != HELPER_OWNER
+                            save_and_shutdown( arachni )
+                            settings.log.webui_zombie_cleanup( env, instance_url )
+                            i+=1
+                        end
+                    rescue
                     end
-                rescue
 
+                rescue
                 end
-
-            rescue
-            end
+            }
         }
 
         return i
     end
 
+    def sanitize_url( url )
+        url.gsub!( 'http://', '' )
+        escape( url.gsub( 'https://', '' ) )
+    end
+
     get "/" do
         prep_session
         ensure_welcomed
@@ -534,18 +605,18 @@ class Server < Sinatra::Base
         erb :welcome, { :layout => true }
     end
 
-    get "/dispatcher" do
-        show :dispatcher
+    get "/dispatchers" do
+        show :dispatchers
     end
 
     #
     # sets the dispatcher URL
     #
-    post "/dispatcher" do
+    post "/dispatchers" do
 
         if !params['url'] || params['url'].empty?
             flash[:err] = "URL cannot be empty."
-            show :dispatcher_error
+            show :dispatchers_edit
         else
 
             session[:dispatcher_url] = params['url']
@@ -557,22 +628,44 @@ class Server < Sinatra::Base
             rescue
                 settings.log.dispatcher_error( env, params['url'] )
                 flash[:err] = "Couldn't find a dispatcher at \"#{escape( params['url'] )}\"."
-                show :dispatcher_error
+                show :dispatchers_edit
             end
         end
     end
 
+    get '/dispatchers/edit' do
+      show :dispatchers_edit
+    end
+
+    post '/dispatchers/add' do
+
+        begin
+            dispatchers.alive?( params[:url] )
+            dispatchers.new( params )
+        rescue
+            flash[:err] = "Couldn't find a dispatcher at \"#{escape( params['url'] )}\"."
+        end
+
+        show :dispatchers_edit
+    end
+
+    post '/dispatchers/:url/delete' do
+        dispatchers.delete( params[:url] )
+        show :dispatchers_edit
+    end
+
+
     #
     # shuts down all instances
     #
-    post "/dispatcher/shutdown" do
-        shutdown_all
-        redirect '/dispatcher'
+    post "/dispatchers/:url/shutdown" do
+        shutdown_all( params[:url] )
+        redirect '/dispatchers'
     end
 
 
-    get '/dispatcher/error' do
-        show :dispatcher_error
+    get '/dispatchers/error' do
+        show :dispatchers_edit
     end
 
     #
@@ -595,11 +688,13 @@ class Server < Sinatra::Base
             show :home
         else
 
-            instance = dispatcher.dispatch( params['url'] )
-            settings.log.instance_dispatched( env, port_to_url( instance['port'] ) )
+            instance     = dispatchers.connect( params['dispatcher'] ).dispatch( params['url'] )
+            instance_url = port_to_url( instance['port'], params['dispatcher'] )
+
+            settings.log.instance_dispatched( env, instance_url )
             settings.log.instance_owner_assigned( env, params['url'] )
 
-            arachni  = connect_to_instance( instance['port'] )
+            arachni  = connect_to_instance( instance_url, instance['token'] )
 
             session['opts']['settings']['url'] = params['url']
 
@@ -618,7 +713,7 @@ class Server < Sinatra::Base
 
             settings.log.scan_started( env, params['url'] )
 
-            redirect '/instance/' + instance['port'].to_s
+            redirect '/instance/' + instance_url.to_s.gsub( 'https://', '' )
         end
 
     end
@@ -677,33 +772,27 @@ class Server < Sinatra::Base
         show :settings, true
     end
 
-    get "/instance/:port" do
+    get "/instance/:url" do
         begin
-            arachni = connect_to_instance( params[:port] )
+            arachni = connect_to_instance( params[:url] )
             erb :instance, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false
-        rescue
-            flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+        rescue Exception => e
+            flash.now[:notice] = "Instance at #{params[:url]} has been shutdown."
             erb :instance, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
         end
 
     end
 
-    get "/instance/:port/output.json" do
+    get "/instance/:url/output.json" do
         content_type :json
 
         begin
-            arachni = connect_to_instance( params[:port] )
+            arachni = connect_to_instance( params[:url] )
             if arachni.framework.busy?
                 { 'data' => OutputStream.new( arachni, 38 ).data }.to_json
             else
-                settings.log.instance_shutdown( env, port_to_url( params[:port] ) )
+                settings.log.instance_shutdown( env, params[:url] )
                 save_and_shutdown( arachni )
-
-                # {
-                #     'report' => '"data:text/html;base64, ' +
-                #         Base64.encode64( save_shutdown_and_show( arachni ) ) + '"'
-                # }.to_json
-
                 { 'status' => 'finished', 'data' => "The server has been shut down." }.to_json
             end
         rescue
@@ -711,10 +800,10 @@ class Server < Sinatra::Base
         end
     end
 
-    get "/instance/:port/output_results.json" do
+    get "/instance/:url/output_results.json" do
         content_type :json
         begin
-            arachni = connect_to_instance( params[:port] )
+            arachni = connect_to_instance( params[:url] )
             if !arachni.framework.paused? && arachni.framework.busy?
                 out = erb( :output_results, { :layout => false }, :issues => YAML.load( arachni.framework.auditstore ).issues)
                 { 'data' => out }.to_json
@@ -724,10 +813,10 @@ class Server < Sinatra::Base
         end
     end
 
-    get "/instance/:port/stats.json" do
+    get "/instance/:url/stats.json" do
         content_type :json
         begin
-            arachni = connect_to_instance( params[:port] )
+            arachni = connect_to_instance( params[:url] )
             stats = arachni.framework.stats
             stats['current_page'] = escape( stats['current_page'] )
             { 'refresh' => true, 'stats' => stats }.to_json
@@ -737,54 +826,54 @@ class Server < Sinatra::Base
     end
 
 
-    post "/*/:port/pause" do
-        arachni = connect_to_instance( params[:port] )
+    post "/*/:url/pause" do
+        arachni = connect_to_instance( params[:url] )
 
         begin
             arachni.framework.pause!
-            settings.log.instance_paused( env, port_to_url( params[:port] ) )
+            settings.log.instance_paused( env, params[:url] )
 
-            flash.now[:notice] = "Instance on port #{params[:port]} will pause as soon as the current page is audited."
+            flash.now[:notice] = "Instance at #{params[:url]} will pause as soon as the current page is audited."
             erb params[:splat][0].to_sym, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false, :stats => dispatcher_stats
         rescue
-            flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+            flash.now[:notice] = "Instance at #{params[:url]} has been shutdown."
             erb params[:splat][0].to_sym, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
         end
 
     end
 
-    post "/*/:port/resume" do
-        arachni = connect_to_instance( params[:port] )
+    post "/*/:url/resume" do
+        arachni = connect_to_instance( params[:url] )
 
         begin
             arachni.framework.resume!
-            settings.log.instance_resumed( env, port_to_url( params[:port] ) )
+            settings.log.instance_resumed( env, params[:url] )
 
-            flash.now[:notice] = "Instance on port #{params[:port]} resumes."
+            flash.now[:notice] = "Instance at #{params[:url]} resumes."
             erb params[:splat][0].to_sym, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false, :stats => dispatcher_stats
         rescue
-            flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+            flash.now[:notice] = "Instance at #{params[:url]} has been shutdown."
             erb params[:splat][0].to_sym, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
         end
     end
 
-    post "/*/:port/shutdown" do
-        arachni = connect_to_instance( params[:port] )
+    post "/*/:url/shutdown" do
+        arachni = connect_to_instance( params[:url] )
 
         begin
             arachni.framework.busy?
-            settings.log.instance_shutdown( env, port_to_url( params[:port] ) )
+            settings.log.instance_shutdown( env, params[:url] )
 
             begin
                 save_shutdown_and_show( arachni )
             rescue
-                flash.now[:notice] = "Instance on port #{params[:port]} has been shutdown."
+                flash.now[:notice] = "Instance at #{params[:url]} has been shutdown."
                 show params[:splat][0].to_sym
             ensure
                 arachni.service.shutdown!
             end
         rescue
-            flash.now[:notice] = "Instance on port #{params[:port]} has already been shutdown."
+            flash.now[:notice] = "Instance at #{params[:url]} has already been shutdown."
             erb params[:splat][0].to_sym, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
         end
     end

data/lib/ui/xmlrpc/dispatcher_monitor.rb

@@ -176,17 +176,13 @@ class DispatcherMonitor
     #
     def usage
         print_line <<USAGE
-  Usage:  arachni_xmlrpcd_monitor  [server address]
+  Usage:  arachni_xmlrpcd_monitor  https://host:port
 
   Supported options:
 
 
     SSL --------------------------
 
-    --ssl                       use SSL?
-                                   (If you want encryption without authentication
-                                    you can skip rest of the SSL options.)
-
     --ssl-pkey   <file>         location of the SSL private key (.pem)
                                     (Used to verify the the client to the servers.)
 

data/lib/ui/xmlrpc/xmlrpc.rb

@@ -95,7 +95,7 @@ class XMLRPC
             instance_url.port = @instance['port']
 
             # start the XMLRPC client
-            @server = Arachni::RPC::XML::Client::Instance.new( @opts, instance_url.to_s )
+            @server = Arachni::RPC::XML::Client::Instance.new( @opts, instance_url.to_s, @instance['token'] )
         rescue Exception => e
             print_error( "Could not connect to server." )
             print_error( "Error: #{e.to_s}." )
@@ -662,7 +662,7 @@ class XMLRPC
     #
     def usage
         print_line <<USAGE
-  Usage:  arachni_xmlrpc --server http[s]://host:port/ \[options\] url
+  Usage:  arachni_xmlrpc --server https://host:port \[options\] url
 
   Supported options:
 
@@ -670,10 +670,6 @@ class XMLRPC
     SSL --------------------------
     (Do *not* use encrypted keys!)
 
-    --ssl                       use SSL?
-                                   (If you want encryption without authentication
-                                    you can skip rest of the SSL options.)
-
     --ssl-pkey   <file>         location of the SSL private key (.pem)
                                     (Used to verify the the client to the servers.)
 

data/modules/audit/path_traversal.rb

@@ -18,7 +18,7 @@ module Modules
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.2.1
+# @version: 0.2.2
 #
 # @see http://cwe.mitre.org/data/definitions/22.html
 # @see http://www.owasp.org/index.php/Path_Traversal
@@ -48,7 +48,12 @@ class PathTraversal < Arachni::Module::Base
         #
 
 
-        @__trv =  '../../../../../../../../../../../../../../../../'
+        @__trv =  [
+          '../../../../../../../../../../../../../../../../',
+          '//%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/' +
+          '%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/' +
+          '%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/'
+        ]
         @__ext = [
             "",
             "\0.htm",
@@ -91,9 +96,11 @@ class PathTraversal < Arachni::Module::Base
             @__opts[:regexp] = param['regexp']
             @__ext.each {
                 |ext|
-
-                injection_str = @__trv + param['value'] + ext
-                audit( injection_str, @__opts )
+                @__trv.each {
+                    |trv|
+                    injection_str = trv + param['value'] + ext
+                    audit( injection_str, @__opts )
+                }
             }
         }
     end
@@ -112,7 +119,7 @@ class PathTraversal < Arachni::Module::Base
                 Issue::Element::HEADER
             ],
             :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
-            :version        => '0.2.1',
+            :version        => '0.2.2',
             :references     => {
                 'OWASP' => 'http://www.owasp.org/index.php/Path_Traversal',
                 'WASC'  => 'http://projects.webappsec.org/Path-Traversal'