arachni 0.2.4 → 0.3

data/lib/ui/web/server/public/style.css

@@ -307,6 +307,48 @@ li ol, li ul {
     text-decoration: none;
 }
 
+#nav ul ul {
+    position:absolute;
+    display: none; /* Hide off-screen when not needed (this is more accessible than display:none;) */
+    background: none;
+    margin-left: -6px
+}
+
+#nav ul li:hover ul li{
+    list-style: none;
+    margin: 0;
+    height: 50px;
+    background: none;
+}
+
+#nav li:hover ul { /* Display the dropdown on hover */
+    display: block; /* Bring back on-screen when needed */
+    background: none;
+
+    -moz-border-radius-bottomleft: 10px;
+    -moz-border-radius-bottomright: 10px;
+    -webkit-border-radius-bottomright: 10px;
+    -webkit-border-radius-bottomleft: 10px;
+}
+
+#nav li:hover a{ /* These create persistent hover states, meaning the top-most link stays 'hovered' even when your cursor has moved down the list. */
+}
+
+#nav li:hover ul a{ /* The persistent hover state does however create a global style for links even before they're hovered. Here we undo these effects. */
+    text-decoration: none;
+    background: #202020;
+    -moz-border-radius-bottomleft: 10px;
+    -moz-border-radius-bottomright: 10px;
+    -webkit-border-radius-bottomright: 10px;
+    -webkit-border-radius-bottomleft: 10px;
+    height: 10px
+}
+
+#nav li:hover ul li a:hover{ /* Here we define the most explicit hover states--what happens when you hover each individual link. */
+    background: #333;
+}
+
+
 #page-intro {
     height: 150px;
     padding: 50px 20px 0;

data/lib/ui/web/server/views/addon.erb

@@ -0,0 +1,15 @@
+
+            <div id="page-intro">
+                <h2><%=escape( addon['name'] )%> v<%=escape( addon['version'] )%></h2>
+                <p>
+                    <%=escape( addon['description'] )%>
+                    <br/>
+                    <i>By <%=escape( addon['author'] )%></i>
+                </p>
+            </div>
+
+            <%= erb :flash, {:layout => false} %>
+
+
+            <%= erb tpl, {:layout => false}, tpl_args %>
+

data/lib/ui/web/server/views/addons.erb

@@ -0,0 +1,46 @@
+
+        <div id="page-intro">
+            <form action="/addons" method="post">
+
+            <h2>Add-ons</h2>
+            <p>This page allows you to enable add-ons in order to extend the functionality of the WebUI.
+            <br/><br/>
+            </p>
+
+            <% if !addons.available.empty? %>
+                    <%= csrf_tag %>
+                    <input type="submit" value="Save" />
+            <% end %>
+
+        </div>
+        <%= erb :flash, {:layout => false} %>
+
+        <% if !addons.available.empty? %>
+        <table>
+            <tr>
+                <th>Name</th>
+                <th>Description</th>
+                <th>Author</th>
+                <th>Version</th>
+                <th>Enable</th>
+            </tr>
+        <% addons.available.each do |addon| %>
+            <tr>
+
+                <td><%=escape( addon['name'] )%></td>
+                <td><%=escape( addon['description'] )%></td>
+                <td><%=escape( addon['author'] )%></td>
+                <td><%=escape( addon['version'] )%></td>
+
+                <td>
+                    <input type="checkbox" class="audit" name="addons[<%=addon['filename']%>]"
+                        <% if addons.enabled.include?( addon['filename'] ) %>
+                        checked="checked" <% end %> />
+                </td>
+            </tr>
+        <% end %>
+        </table>
+        </form>
+        <% else %>
+        <span class="notice"> There are no available add-ons at the moment.</span>
+        <% end %>

data/lib/ui/web/server/views/dispatchers.erb

@@ -21,7 +21,7 @@
         </h2>
 
         <%if !dispatcher_stats['running_jobs'].empty? %>
-        <form action="/dispatchers/<%=sanitize_url( d_url.dup )%>/shutdown_all" method="post">
+        <form action="/dispatchers/<%=remove_proto( d_url.dup )%>/shutdown_all" method="post">
             <%= csrf_tag %>
             <input type="submit" value="Shutdown all" />
         </form>

data/lib/ui/web/server/views/instance.erb

@@ -1,6 +1,6 @@
 
         <div id="page-intro">
-            <h2 id="page_header">Attached to instance @<%=sanitize_url( params['url'] )%></h2>
+            <h2 id="page_header">Attached to instance @<%=remove_proto( params['url'] )%></h2>
             <p id="page_description">
                 This page allows you to see what's going on at the other end of the wire (i.e. get status messages directly from the remote scanner).
                 <br/>
@@ -11,20 +11,20 @@
                 <%if !shutdown %>
 
                 <%if !paused %>
-                    <form action="/instance/<%=sanitize_url( params['url'] )%>/pause" method="post">
+                    <form action="/instance/<%=remove_proto( params['url'] )%>/pause" method="post">
                         <%= csrf_tag %>
                         <input type="submit" value="Pause" />
                     </form>
                 <%end%>
 
                 <%if paused %>
-                <form action="/instance/<%=sanitize_url( params['url'] )%>/resume" method="post">
+                <form action="/instance/<%=remove_proto( params['url'] )%>/resume" method="post">
                     <%= csrf_tag %>
                     <input type="submit" value="Resume" />
                 </form>
                 <%end%>
 
-                <form action="/instance/<%=sanitize_url( params['url'] )%>/shutdown" method="post">
+                <form action="/instance/<%=remove_proto( params['url'] )%>/shutdown" method="post">
                     <%= csrf_tag %>
                     <input type="submit" value="Shutdown" />
                 </form>
@@ -39,9 +39,9 @@
             <h3>Scan statisics</h3>
             <div class="left">
                 <ul>
-                    <li>Pages audited: <span id="audited">0</span></li>
-                    <li>Pages crawled: <span id="crawled">0</span></li>
+                    <li>Pages discovered: <span id="crawled">0</span></li>
                     <li>Progress: <span id="percentage">0</span>%</li>
+                    <li>Runtime: <span id="runtime">00:00:00</span></li>
                 </ul>
             </div>
             <div>
@@ -120,15 +120,14 @@
                 function setStats( stats ){
                     if( stats == undefined ){ return }
 
-                    document.getElementById( 'audited' ).innerHTML = stats.auditmap_size;
                     document.getElementById( 'crawled' ).innerHTML = stats.sitemap_size;
                     document.getElementById( 'current_page' ).innerHTML = stats.current_page;
                     document.getElementById( 'average_res_time' ).innerHTML = stats.average_res_time;
                     document.getElementById( 'time_out_count' ).innerHTML = stats.time_out_count;
                     document.getElementById( 'max_concurrency' ).innerHTML = stats.max_concurrency;
 
-                    percentage = (stats.auditmap_size / stats.sitemap_size) * 100
-                    document.getElementById( 'percentage' ).innerHTML = parseInt( percentage );
+                    document.getElementById( 'runtime' ).innerHTML = stats.time;
+                    document.getElementById( 'percentage' ).innerHTML = parseInt( stats.progress );
                 }
 
                 function updateProgressBar(){
@@ -136,8 +135,7 @@
                     $.getJSON( stats_url, function(data) {
                         if( data.stats == undefined ){ return }
                         setStats( data.stats );
-                        percentage = (data.stats.auditmap_size / data.stats.sitemap_size) * 100
-                        setProgressBar( percentage );
+                        setProgressBar( parseInt( data.stats.progress ) );
                     });
                 }
 

data/lib/ui/web/server/views/layout.erb

@@ -9,6 +9,7 @@
 
     <script type="text/javascript" src="/js/jquery-1.4.4.min.js"></script>
     <script type="text/javascript" src="/js/jquery-ui-1.8.9.custom.min.js"></script>
+    <script type="text/javascript" src="/js/jquery-ui-timepicker.js"></script>
 
     <script type="text/javascript">
         function checkAll( type ) {
@@ -37,6 +38,17 @@
                     <li <% if selected_tab?( 'plugins' )%>class="selected" <%end%>><a href="/plugins">Plugins</a></li>
                     <li <% if selected_tab?( 'settings' )%>class="selected" <%end%>><a href="/settings">Settings</a></li>
                     <li <% if selected_tab?( 'reports' )%>class="selected" <%end%>><a href="/reports">Reports [<%=report_count%>]</a></li>
+                    <li <% if selected_tab?( 'addons' )%>class="selected" <%end%>><a href="/addons">Add-ons <%if !addons.enabled.empty? %>&darr;<%end%> [<%=addons.enabled.size%>/<%=addons.available.size%>]</a>
+
+                        <% if !addons.enabled.empty?%>
+                        <ul>
+                            <% addons.enabled.each do |name| %>
+                            <li><a href="/addons/<%=escape( name )%>/"><%= escape( addons.by_name( name )['title'] ) %></a></li>
+                            <%end%>
+                        </ul>
+                        <%end%>
+
+                    </li>
                     <li <% if selected_tab?( 'dispatchers' )%>class="selected" <%end%>><a href="/dispatchers">Dispatchers</a></li>
                     <li <% if selected_tab?( 'log' )%>class="selected" <%end%>><a href="/log">Log</a></li>
                 </ul>
@@ -55,7 +67,7 @@
         <div class="footer-content">
 
             <div class="footer-box">
-                <h4><a href="https://github.com/Zapotek/arachni">About Arachni</a></h4>
+                <h4><a href="http://arachni.segfault.gr">About Arachni</a></h4>
                 <p>
                     Arachni is a feature-full, modular, high-performance Ruby framework aimed towards <br/>
                     helping penetration testers and administrators evaluate the security of web applications.
@@ -77,6 +89,7 @@
 
                 <h4>Interesting links</h4>
                 <ul>
+                    <li><a href="http://arachni.segfault.gr">Homepage</a></li>
                     <li><a href="http://trainofthought.segfault.gr/category/projects/arachni/">News straight from the developer's blog</a></li>
                     <li><a href="http://twitter.com/Zap0tek">Developer's Twitter feed</a></li>
                     <li><a href="https://github.com/Zapotek/arachni/tree/experimental">The bleeding edge, Arachni's experimental branch</a></li>

data/lib/ui/web/server/views/welcome.erb

@@ -14,10 +14,11 @@
             <p>
                 It is a way to:
                 <ul>
-                    <li>make working with Arachni easier</li>
-                    <li>make report management easier</li>
-                    <li>run and manage multiple scans at the same time <em>(each scan will try its best for maximum bandwidth utilization so it'll be like lions fighting in a cage -- make sure you have sufficient resources)</em></li>
-                    <li>work with and manage multiple Dispatchers</li>
+                    <li>make working with Arachni easier;</li>
+                    <li>make report management easier;</li>
+                    <li>enable you to schedule scans;</li>
+                    <li>run and manage multiple scans at the same time <em>(each scan will try its best for maximum bandwidth utilization so it'll be like lions fighting in a cage -- make sure you have sufficient resources)</em>;</li>
+                    <li>work with, and manage, multiple Dispatchers.</li>
                 </ul>
             </p>
 
@@ -25,8 +26,8 @@
             <p>
                 It isn't:
                 <ul>
-                    <li>too stable</li>
-                    <li>a way to make Arachni's goodies available to multiple users <em>(you could but it wouldn't be safe)</em></li>
+                    <li>too stable;</li>
+                    <li>a way to make Arachni's goodies available to multiple users <em>(you could but it wouldn't be safe)</em>.</li>
                 </ul>
             </p>
 

data/lib/ui/web/utilities.rb

@@ -0,0 +1,134 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
+module Arachni
+module UI
+module Web
+
+#
+# General utility methods.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.1
+#
+module Utilities
+
+    #
+    # Escapes HTML chars.
+    #
+    # @param    [String]    str
+    #
+    # @return   [String]
+    #
+    # @see CGI.escapeHTML
+    #
+    def escape( str )
+        CGI.escapeHTML( str )
+    end
+
+    #
+    # Unescapes HTML chars.
+    #
+    # @param    [String]    str
+    #
+    # @return   [String]
+    #
+    # @see CGI.unescapeHTML
+    #
+    def unescape( str )
+        CGI.unescapeHTML( str )
+    end
+
+    #
+    # Recursively escapes all HTML characters.
+    #
+    # @param    [Hash]  hash
+    #
+    # @return   [Hash]
+    #
+    def escape_hash( hash )
+        hash.each_pair {
+            |k, v|
+            hash[k] = escape( hash[k] ) if hash[k].is_a?( String )
+            hash[k] = escape_hash( v ) if v.is_a? Hash
+        }
+
+        return hash
+    end
+
+    #
+    # Recursively unescapes all HTML characters.
+    #
+    # @param    [Hash]  hash
+    #
+    # @return   [Hash]
+    #
+    def unescape_hash( hash )
+        hash.each_pair {
+            |k, v|
+            hash[k] = unescape( hash[k] ) if hash[k].is_a?( String )
+            hash[k] = unescape_hash( v ) if v.is_a? Hash
+        }
+
+        return hash
+    end
+
+    #
+    # Parses datetime strings such as 07/23/2011 15:34 into Time objects.
+    #
+    # @param    [String]    datetime
+    #
+    # @return   [Time]
+    #
+    def parse_datetime( datetime )
+        date, time = datetime.split( ' ' )
+
+        month, day, year = date.split( '/' )
+        hour, minute     = time.split( ':' )
+
+        Time.new( year, month, day, hour, minute )
+    end
+
+    #
+    # Constructs an instance URL by port using its dispatcher's url.
+    #
+    # @param    [Integer]   port
+    # @param    [String]   dispatcher_url   URL of the dispatcher
+    # @param    [Bool]     no_scheme        include scheme in the URL?
+    #
+    # @return   [String]
+    #
+    def port_to_url( port, dispatcher_url, no_scheme = nil )
+        uri = URI( dispatcher_url )
+        uri.port = port.to_i
+        uri = uri.to_s
+
+        uri = remove_proto( uri ) if no_scheme
+        return uri
+    end
+
+    #
+    # Removes the protocol from URL string.
+    #
+    # @param    [String]    url
+    #
+    # @return   [String]
+    #
+    def remove_proto( url )
+        url.gsub!( 'http://', '' )
+        escape( url.gsub( 'https://', '' ) )
+    end
+
+end
+end
+end
+end

data/modules/audit/code_injection_timing.rb

@@ -20,7 +20,7 @@ module Modules
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.2
+# @version: 0.2.1
 #
 # @see http://cwe.mitre.org/data/definitions/94.html
 # @see http://php.net/manual/en/function.eval.php
@@ -63,6 +63,10 @@ class CodeInjectionTiming < Arachni::Module::Base
         audit_timeout( @@__injection_str, @__opts )
     end
 
+    def redundant
+        [ 'code_injection' ]
+    end
+
     def self.info
         {
             :name           => 'Code injection (timing)',
@@ -76,7 +80,7 @@ class CodeInjectionTiming < Arachni::Module::Base
                 Issue::Element::HEADER
             ],
             :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
-            :version        => '0.1',
+            :version        => '0.2.1',
             :references     => {
                 'PHP'    => 'http://php.net/manual/en/function.eval.php',
                 'Perl'   => 'http://perldoc.perl.org/functions/eval.html',

data/modules/audit/code_injection_timing/payloads.txt

@@ -1,4 +1,4 @@
-sleep(__TIME__);
-import time;time.sleep(__TIME__);
+sleep(__TIME__/1000);
+import time;time.sleep(__TIME__/1000);
 Thread.sleep(__TIME__);
 Thread.Sleep(__TIME__);

data/modules/audit/os_cmd_injection_timing.rb

@@ -18,7 +18,7 @@ module Modules
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.2
+# @version: 0.2.1
 #
 # @see http://cwe.mitre.org/data/definitions/78.html
 # @see http://www.owasp.org/index.php/OS_Command_Injection
@@ -50,7 +50,7 @@ class OSCmdInjectionTiming < Arachni::Module::Base
 
         @__opts = {
             :format  => [ Format::STRAIGHT ],
-            :timeout => 4000,
+            :timeout => 10000,
             :timeout_divider => 1000
         }
 
@@ -60,6 +60,10 @@ class OSCmdInjectionTiming < Arachni::Module::Base
         audit_timeout( @@__injection_str, @__opts )
     end
 
+    def redundant
+        [ 'os_cmd_injection' ]
+    end
+
     def self.info
         {
             :name           => 'OS command injection (timing)',
@@ -71,7 +75,7 @@ class OSCmdInjectionTiming < Arachni::Module::Base
                 Issue::Element::HEADER
             ],
             :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
-            :version        => '0.1',
+            :version        => '0.2.1',
             :references     => {
                  'OWASP'         => 'http://www.owasp.org/index.php/OS_Command_Injection'
             },