arachni 0.2.4 → 0.3

data/lib/ui/web/server.rb

@@ -28,31 +28,38 @@ module UI
 
 require Arachni::Options.instance.dir['lib'] + 'ui/cli/output'
 require Arachni::Options.instance.dir['lib'] + 'framework'
-require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/dispatcher'
-require Arachni::Options.instance.dir['lib'] + 'rpc/xml/client/instance'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/utilities'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/report_manager'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/dispatcher_manager'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/instance_manager'
+require Arachni::Options.instance.dir['lib'] + 'ui/web/scheduler'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/log'
 require Arachni::Options.instance.dir['lib'] + 'ui/web/output_stream'
 
+require Arachni::Options.instance.dir['lib'] + 'ui/web/addon_manager'
+
+#
 #
+# Provides a web user interface for the Arachni Framework using Sinatra.
 #
-# Provides a web user interface for the Arachni Framework using Sinatra.<br/>
+# It's basically an XMLRPC client for Dispatchers and Instances wearing a pretty frock.
 #
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1.4
+# @version: 0.2
 #
 # @see Arachni::RPC::XML::Client::Instance
 # @see Arachni::RPC::XML::Client::Dispatcher
 #
 module Web
 
-    VERSION = '0.1.4'
+    VERSION = '0.2'
 
 class Server < Sinatra::Base
 
+    include Utilities
+
     configure do
         use Rack::Flash
         use Rack::Session::Cookie
@@ -84,7 +91,7 @@ class Server < Sinatra::Base
         end
 
         def report_count
-            settings.reports.all.size
+            reports.all.size
         end
 
         def plugin_has_required_file_option?( options )
@@ -116,14 +123,6 @@ class Server < Sinatra::Base
             cstr.chomp
         end
 
-        def escape( str )
-            CGI.escapeHTML( str )
-        end
-
-        def unescape( str )
-            CGI.unescapeHTML( str )
-        end
-
         def selected_tab?( tab )
             splits = env['PATH_INFO'].split( '/' )
             ( splits.empty? && tab == '/' ) || splits[1] == tab
@@ -175,15 +174,49 @@ class Server < Sinatra::Base
     #
     HELPER_OWNER =  "WebUI helper"
 
+    enable :sessions
+
     set :log,     Log.new( Arachni::Options.instance, settings )
     set :reports, ReportManager.new( Arachni::Options.instance, settings )
     set :dispatchers, DispatcherManager.new( Arachni::Options.instance, settings )
-
-    enable :sessions
+    set :instances,   InstanceManager.new( Arachni::Options.instance, settings )
+    set :scheduler,   Scheduler.new( Arachni::Options.instance, settings )
+    set :addons,     AddonManager.new( Arachni::Options.instance, settings )
 
     configure do
         # shit's on!
-        settings.log.webui_started
+        log.webui_started
+    end
+
+    def addons
+        settings.addons
+    end
+
+    def log
+        settings.log
+    end
+
+    def reports
+        settings.reports
+    end
+
+    def dispatchers
+        settings.dispatchers
+    end
+
+    #
+    # Provides statistics about running jobs etc using the dispatcher
+    #
+    def dispatcher_stats
+        dispatchers.stats
+    end
+
+    def scheduler
+        settings.scheduler
+    end
+
+    def instances
+        settings.instances
     end
 
     def exception_jail( &block )
@@ -218,93 +251,6 @@ class Server < Sinatra::Base
         redirect '/welcome'
     end
 
-    #
-    # Provides an easy way to connect to an instance by port
-    #
-    # @param    [Integer]   port
-    #
-    def connect_to_instance( url, token = nil )
-        prep_session
-
-        url = 'https://' + url if URI( url ).scheme != 'https'
-
-        @@connections ||= {}
-
-        begin
-            if @@connections[url] && @@connections[url].alive?
-              return @@connections[url]
-            end
-        rescue
-        end
-
-        begin
-
-            #
-            # Sync up the session authentication tokens with the ones in the
-            # class variables.
-            #
-            # This will allow users to still connect to instances even if they
-            # shutdown the WebUI or removed their cookies.
-            #
-
-            @@tokens ||= {}
-            session['tokens'] ||= {}
-            @@tokens[url] = token if token
-
-            session['tokens'].merge!( @@tokens )
-            @@tokens.merge!( session['tokens'] )
-            session['tokens'].merge!( @@tokens )
-
-            return @@connections[url] =
-                Arachni::RPC::XML::Client::Instance.new( options, url, session['tokens'][url] )
-        rescue Exception => e
-            raise "Instance at #{url} has shutdown."
-        end
-    end
-
-    #
-    # Converts a port to a URL instance.
-    #
-    # @param    [Integer]   port
-    #
-    def port_to_url( port, dispatcher_url, no_scheme = nil )
-        uri = URI( dispatcher_url )
-        uri.port = port.to_i
-        uri = uri.to_s
-
-        uri = sanitize_url( uri ) if no_scheme
-        return uri
-    end
-
-    def dispatchers
-        settings.dispatchers
-    end
-
-    #
-    # Provides statistics about running jobs etc using the dispatcher
-    #
-    def dispatcher_stats
-
-        stats = {}
-        dispatchers.all.each {
-            |dispatcher|
-
-            begin
-                stats[dispatcher['url']] = dispatchers.connect( dispatcher['url'] ).stats
-                stats[dispatcher['url']]['running_jobs'].each {
-                    |job|
-                    begin
-                        job['paused'] = connect_to_instance( port_to_url( job['port'], dispatcher['url'] ) ).framework.paused?
-                    rescue
-                    end
-                }
-            rescue
-            end
-        }
-
-        return stats
-    end
-
     def options
         Arachni::Options.instance
     end
@@ -376,26 +322,6 @@ class Server < Sinatra::Base
         return cparams
     end
 
-    def escape_hash( hash )
-        hash.each_pair {
-            |k, v|
-            hash[k] = escape( hash[k] ) if hash[k].is_a?( String )
-            hash[k] = escape_hash( v ) if v.is_a? Hash
-        }
-
-        return hash
-    end
-
-    def unescape_hash( hash )
-        hash.each_pair {
-            |k, v|
-            hash[k] = unescape( hash[k] ) if hash[k].is_a?( String )
-            hash[k] = unescape_hash( v ) if v.is_a? Hash
-        }
-
-        return hash
-    end
-
     def prep_modules( params )
         return ['-'] if !params['modules']
         mods = params['modules'].keys
@@ -420,15 +346,18 @@ class Server < Sinatra::Base
             @@arachni ||= nil
             if !@@arachni
 
-                d_url    = dispatchers.all.first['url']
+                d_url = dispatchers.first_alive.url
+
                 instance = dispatchers.connect( d_url ).dispatch( HELPER_OWNER )
-                instance_url = port_to_url( instance['port'], d_url )
+                instance_url = instances.port_to_url( instance['port'], d_url )
 
-                @@arachni = connect_to_instance( instance_url, instance['token'] )
+                @@arachni = instances.connect( instance_url, session, instance['token'] )
             end
 
             return @@arachni
-        rescue
+        rescue Exception => e
+            # ap e
+            # ap e.backtrace
             redirect '/dispatchers/edit'
         end
     end
@@ -497,7 +426,7 @@ class Server < Sinatra::Base
     # @return   [Bool]  true if alive, redirect if not
     #
     def ensure_dispatcher
-        redirect '/dispatchers/edit' if dispatchers.all.empty?
+        redirect '/dispatchers/edit' if !dispatchers.first_alive
     end
 
     #
@@ -508,7 +437,7 @@ class Server < Sinatra::Base
     #
     def save_shutdown_and_show( arachni )
         report = save_and_shutdown( arachni )
-        settings.reports.get( 'html', settings.reports.all.last.id )
+        reports.get( 'html', reports.all.last.id )
     end
 
     #
@@ -518,7 +447,7 @@ class Server < Sinatra::Base
     #
     def save_and_shutdown( arachni )
         arachni.framework.clean_up!( true )
-        report_path = settings.reports.save( arachni.framework.auditstore )
+        report_path = reports.save( arachni.framework.auditstore )
         arachni.service.shutdown!
         return report_path
     end
@@ -527,29 +456,29 @@ class Server < Sinatra::Base
     # Kills all running instances
     #
     def shutdown_all( url )
-        settings.log.dispatcher_global_shutdown( env, url )
+        log.dispatcher_global_shutdown( env, url )
 
         dispatcher_stats.each_pair {
             |d_url, stats|
 
-            next if sanitize_url( d_url.dup ) != url
+            next if remove_proto( d_url.dup ) != url
 
             stats['running_jobs'].each {
                 |job|
 
-                instance_url = port_to_url( job['port'], d_url )
+                instance_url = instances.port_to_url( job['port'], d_url )
                 begin
-                    save_and_shutdown( connect_to_instance( instance_url ) )
+                    save_and_shutdown( instances.connect( instance_url, session ) )
                 rescue
                     begin
-                        connect_to_instance( instance_url ).service.shutdown!
+                        instances.connect( instance_url, session ).service.shutdown!
                     rescue
-                        settings.log.instance_fucker_wont_die( env, instance_url )
+                        log.instance_fucker_wont_die( env, instance_url )
                         next
                     end
                 end
 
-                settings.log.instance_shutdown( env, instance_url )
+                log.instance_shutdown( env, instance_url )
             }
         }
 
@@ -570,13 +499,13 @@ class Server < Sinatra::Base
                 |job|
 
                 begin
-                    instance_url = port_to_url( job['port'], url )
-                    arachni = connect_to_instance( instance_url )
+                    instance_url = instances.port_to_url( job['port'], url )
+                    arachni = instances.connect( instance_url, session )
 
                     begin
                         if !arachni.framework.busy? && !job['owner'] != HELPER_OWNER
                             save_and_shutdown( arachni )
-                            settings.log.webui_zombie_cleanup( env, instance_url )
+                            log.webui_zombie_cleanup( env, instance_url )
                             i+=1
                         end
                     rescue
@@ -590,11 +519,6 @@ class Server < Sinatra::Base
         return i
     end
 
-    def sanitize_url( url )
-        url.gsub!( 'http://', '' )
-        escape( url.gsub( 'https://', '' ) )
-    end
-
     get "/" do
         prep_session
         ensure_welcomed
@@ -618,15 +542,13 @@ class Server < Sinatra::Base
             flash[:err] = "URL cannot be empty."
             show :dispatchers_edit
         else
-
-            session[:dispatcher_url] = params['url']
-            settings.log.dispatcher_selected( env, params['url'] )
+            log.dispatcher_selected( env, params['url'] )
             begin
-                dispatcher.jobs
-                settings.log.dispatcher_verified( env, params['url'] )
+                dispatchers.connect( url ).jobs
+                log.dispatcher_verified( env, params['url'] )
                 redirect '/'
             rescue
-                settings.log.dispatcher_error( env, params['url'] )
+                log.dispatcher_error( env, params['url'] )
                 flash[:err] = "Couldn't find a dispatcher at \"#{escape( params['url'] )}\"."
                 show :dispatchers_edit
             end
@@ -639,10 +561,9 @@ class Server < Sinatra::Base
 
     post '/dispatchers/add' do
 
-        begin
-            dispatchers.alive?( params[:url] )
-            dispatchers.new( params )
-        rescue
+        if dispatchers.alive?( params[:url] )
+            dispatchers.new( params[:url] )
+        else
             flash[:err] = "Couldn't find a dispatcher at \"#{escape( params['url'] )}\"."
         end
 
@@ -686,36 +607,36 @@ class Server < Sinatra::Base
         elsif !valid
             flash[:err] = "Invalid URL."
             show :home
+        elsif !params['dispatcher'] || params['dispatcher'].empty?
+            flash[:err] = "Please select a Dispatcher."
+            show :home
         else
 
-            instance     = dispatchers.connect( params['dispatcher'] ).dispatch( params['url'] )
-            instance_url = port_to_url( instance['port'], params['dispatcher'] )
-
-            settings.log.instance_dispatched( env, instance_url )
-            settings.log.instance_owner_assigned( env, params['url'] )
-
-            arachni  = connect_to_instance( instance_url, instance['token'] )
-
-            session['opts']['settings']['url'] = params['url']
+            session['opts']['settings']['url'] = params[:url]
 
             unescape_hash( session['opts'] )
-
             session['opts']['settings']['audit_links']   = true if session['opts']['settings']['audit_links']
             session['opts']['settings']['audit_forms']   = true if session['opts']['settings']['audit_forms']
             session['opts']['settings']['audit_cookies'] = true if session['opts']['settings']['audit_cookies']
             session['opts']['settings']['audit_headers'] = true if session['opts']['settings']['audit_headers']
 
-            opts = prep_opts( session['opts']['settings'] )
-            arachni.opts.set( opts )
-            arachni.modules.load( session['opts']['modules'] )
-            arachni.plugins.load( YAML::load( session['opts']['plugins'] ) )
-            arachni.framework.run
-
-            settings.log.scan_started( env, params['url'] )
-
+            opts = {}
+            opts['settings'] = prep_opts( session['opts']['settings'] )
+            opts['plugins']  = YAML::load( session['opts']['plugins'] )
+            opts['modules']  = session['opts']['modules']
+
+            job = Scheduler::Job.new(
+                :dispatcher  => params[:dispatcher],
+                :url         => params[:url],
+                :opts        => opts.to_yaml,
+                :owner_addr  => env['REMOTE_ADDR'],
+                :owner_host  => env['REMOTE_HOST'],
+                :created_at  => Time.now
+            )
+
+            instance_url = scheduler.run( job, env, session )
             redirect '/instance/' + instance_url.to_s.gsub( 'https://', '' )
         end
-
     end
 
     get "/modules" do
@@ -774,11 +695,11 @@ class Server < Sinatra::Base
 
     get "/instance/:url" do
         begin
-            arachni = connect_to_instance( params[:url] )
+            arachni = instances.connect( params[:url], session )
             erb :instance, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false
         rescue Exception => e
             flash.now[:notice] = "Instance at #{params[:url]} has been shutdown."
-            erb :instance, { :layout => true }, :shutdown => true, :stats => dispatcher_stats
+            erb :instance, { :layout => true }, :shutdown => true
         end
 
     end
@@ -787,17 +708,20 @@ class Server < Sinatra::Base
         content_type :json
 
         begin
-            arachni = connect_to_instance( params[:url] )
+            arachni = instances.connect( params[:url], session )
             if arachni.framework.busy?
                 @@output_streams ||= {}
                 @@output_streams[params[:url]] ||= OutputStream.new( arachni, 38 )
                 { 'data' => @@output_streams[params[:url]].data }.to_json
             else
-                settings.log.instance_shutdown( env, params[:url] )
+                log.instance_shutdown( env, params[:url] )
                 save_and_shutdown( arachni )
                 { 'status' => 'finished', 'data' => "The server has been shut down." }.to_json
             end
-        rescue
+        rescue IOError, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError,
+               Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e
+            { 'data' => "<strong>Connection error, retrying...</strong>" }.to_json
+        rescue Exception => e
             { 'status' => 'finished', 'data' => "The server has been shut down." }.to_json
         end
     end
@@ -805,12 +729,15 @@ class Server < Sinatra::Base
     get "/instance/:url/output_results.json" do
         content_type :json
         begin
-            arachni = connect_to_instance( params[:url] )
+            arachni = instances.connect( params[:url], session )
             if !arachni.framework.paused? && arachni.framework.busy?
-                out = erb( :output_results, { :layout => false }, :issues => YAML.load( arachni.framework.auditstore ).issues)
+                out = erb( :output_results, { :layout => false }, :issues => YAML.load( arachni.framework.auditstore ).issues )
                 { 'data' => out }.to_json
             end
-        rescue
+        rescue IOError, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError,
+               Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e
+            { 'data' => "<strong>Connection error, retrying...</strong>" }.to_json
+        rescue Exception => e
             { 'data' => "The server has been shut down." }.to_json
         end
     end
@@ -818,8 +745,8 @@ class Server < Sinatra::Base
     get "/instance/:url/stats.json" do
         content_type :json
         begin
-            arachni = connect_to_instance( params[:url] )
-            stats = arachni.framework.stats
+            arachni = instances.connect( params[:url], session )
+            stats = arachni.framework.stats( true )
             stats['current_page'] = escape( stats['current_page'] )
             { 'refresh' => true, 'stats' => stats }.to_json
         rescue
@@ -829,11 +756,11 @@ class Server < Sinatra::Base
 
 
     post "/*/:url/pause" do
-        arachni = connect_to_instance( params[:url] )
+        arachni = instances.connect( params[:url], session )
 
         begin
             arachni.framework.pause!
-            settings.log.instance_paused( env, params[:url] )
+            log.instance_paused( env, params[:url] )
 
             flash.now[:notice] = "Instance at #{params[:url]} will pause as soon as the current page is audited."
             erb params[:splat][0].to_sym, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false, :stats => dispatcher_stats
@@ -845,11 +772,11 @@ class Server < Sinatra::Base
     end
 
     post "/*/:url/resume" do
-        arachni = connect_to_instance( params[:url] )
+        arachni = instances.connect( params[:url], session )
 
         begin
             arachni.framework.resume!
-            settings.log.instance_resumed( env, params[:url] )
+            log.instance_resumed( env, params[:url] )
 
             flash.now[:notice] = "Instance at #{params[:url]} resumes."
             erb params[:splat][0].to_sym, { :layout => true }, :paused => arachni.framework.paused?, :shutdown => false, :stats => dispatcher_stats
@@ -860,11 +787,11 @@ class Server < Sinatra::Base
     end
 
     post "/*/:url/shutdown" do
-        arachni = connect_to_instance( params[:url] )
+        arachni = instances.connect( params[:url], session )
 
         begin
             arachni.framework.busy?
-            settings.log.instance_shutdown( env, params[:url] )
+            log.instance_shutdown( env, params[:url] )
 
             begin
                 save_shutdown_and_show( arachni )
@@ -881,38 +808,51 @@ class Server < Sinatra::Base
     end
 
     get "/reports" do
-        erb :reports, { :layout => true }, :reports => settings.reports.all( :order => :datestamp.desc ),
-            :available => settings.reports.available
+        erb :reports, { :layout => true }, :reports => reports.all( :order => :datestamp.desc ),
+            :available => reports.available
     end
 
     get '/reports/formats' do
-        erb :report_formats, { :layout => true }, :reports => settings.reports.available
+        erb :report_formats, { :layout => true }, :reports => reports.available
     end
 
     post '/reports/delete' do
-        settings.reports.delete_all
-        settings.log.reports_deleted( env )
+        reports.delete_all
+        log.reports_deleted( env )
 
         redirect '/reports'
     end
 
     post '/report/:id/delete' do
-        settings.reports.delete( params[:id] )
-        settings.log.report_deleted( env, params[:id] )
+        reports.delete( params[:id] )
+        log.report_deleted( env, params[:id] )
 
         redirect '/reports'
     end
 
     get '/report/:id.:type' do
-        settings.log.report_converted( env, params[:id] + '.' + params[:type] )
+        log.report_converted( env, params[:id] + '.' + params[:type] )
         content_type( params[:type], :default => 'application/octet-stream' )
-        settings.reports.get( params[:type], params[:id] )
+        reports.get( params[:type], params[:id] )
     end
 
     get '/log' do
-        erb :log, { :layout => true }, :entries => settings.log.entry.all.reverse
+        erb :log, { :layout => true }, :entries => log.entry.all.reverse
+    end
+
+    get '/addons' do
+        erb :addons
     end
 
+    post '/addons' do
+        params['addons'] ||= {}
+        addon_names = params['addons'].keys
+
+        addons.enable!( addon_names )
+        erb :addons
+    end
+
+
     # override run! using this patch: https://github.com/sinatra/sinatra/pull/132
     def self.run!( options = {} )
         set options
@@ -967,7 +907,7 @@ class Server < Sinatra::Base
 
     at_exit do
 
-        settings.log.webui_shutdown
+        log.webui_shutdown
 
         begin
             # shutdown our helper instance