RubyGems - arachni - Versions diffs - 0.3 → 0.4 - Mend

arachni 0.3 → 0.4

Files changed (348) hide show

data/ACKNOWLEDGMENTS.md +1 -1
data/CHANGELOG.md +146 -0
data/CONTRIBUTORS.md +1 -0
data/HACKING.md +3 -3
data/README.md +81 -49
data/Rakefile +11 -14
data/bin/arachni +4 -8
data/bin/arachni_rpc +17 -0
data/bin/arachni_rpcd +18 -0
data/bin/arachni_rpcd_monitor +18 -0
data/bin/arachni_web +25 -48
data/bin/arachni_web_autostart +3 -3
data/conf/README.webui.yaml.txt +7 -21
data/external/metasploit/plugins/arachni.rb +0 -7
data/extras/modules/recon/raft_dirs.rb +108 -0
data/extras/modules/recon/raft_dirs/raft-large-directories.txt +62290 -0
data/extras/modules/recon/raft_files.rb +110 -0
data/extras/modules/recon/raft_files/raft-large-files.txt +37037 -0
data/extras/modules/recon/svn_digger_dirs.rb +108 -0
data/extras/modules/recon/svn_digger_dirs/Licence.txt +674 -0
data/extras/modules/recon/svn_digger_dirs/ReadMe-Arachni.txt +4 -0
data/extras/modules/recon/svn_digger_dirs/ReadMe.txt +6 -0
data/extras/modules/recon/svn_digger_dirs/all-dirs.txt +5960 -0
data/extras/modules/recon/svn_digger_files.rb +114 -0
data/extras/modules/recon/svn_digger_files/Licence.txt +674 -0
data/extras/modules/recon/svn_digger_files/ReadMe-Arachni.txt +4 -0
data/extras/modules/recon/svn_digger_files/ReadMe.txt +6 -0
data/extras/modules/recon/svn_digger_files/all-extensionless.txt +25419 -0
data/extras/modules/recon/svn_digger_files/all.txt +43135 -0
data/lib/arachni.rb +2 -7
data/lib/{audit_store.rb → arachni/audit_store.rb} +68 -60
data/lib/{component_manager.rb → arachni/component_manager.rb} +8 -8
data/lib/{component_options.rb → arachni/component_options.rb} +34 -4
data/lib/{crypto → arachni/crypto}/rsa_aes_cbc.rb +1 -2
data/lib/arachni/database.rb +4 -0
data/lib/arachni/database/base.rb +125 -0
data/lib/arachni/database/hash.rb +384 -0
data/lib/arachni/database/queue.rb +93 -0
data/lib/{exceptions.rb → arachni/exceptions.rb} +1 -1
data/lib/arachni/framework.rb +899 -0
data/lib/{http.rb → arachni/http.rb} +63 -166
data/lib/{issue.rb → arachni/issue.rb} +46 -17
data/lib/{mixins → arachni/mixins}/observable.rb +1 -1
data/lib/arachni/mixins/progress_bar.rb +81 -0
data/lib/arachni/mixins/terminal.rb +106 -0
data/lib/{module.rb → arachni/module.rb} +0 -0
data/lib/{module → arachni/module}/auditor.rb +250 -86
data/lib/{module → arachni/module}/base.rb +8 -18
data/lib/{module → arachni/module}/element_db.rb +10 -2
data/lib/{module → arachni/module}/key_filler.rb +1 -1
data/lib/arachni/module/manager.rb +145 -0
data/lib/{module → arachni/module}/output.rb +6 -1
data/lib/{module → arachni/module}/trainer.rb +48 -52
data/lib/{module → arachni/module}/utilities.rb +66 -15
data/lib/{nokogiri → arachni/nokogiri}/xml/node.rb +0 -0
data/lib/arachni/options.rb +986 -0
data/lib/{parser.rb → arachni/parser.rb} +0 -0
data/lib/{parser → arachni/parser}/auditable.rb +111 -32
data/lib/{parser → arachni/parser}/elements.rb +28 -20
data/lib/{parser → arachni/parser}/page.rb +20 -3
data/lib/{parser → arachni/parser}/parser.rb +100 -63
data/lib/{plugin.rb → arachni/plugin.rb} +0 -0
data/lib/{plugin → arachni/plugin}/base.rb +43 -6
data/lib/{plugin → arachni/plugin}/manager.rb +40 -13
data/lib/{report.rb → arachni/report.rb} +0 -0
data/lib/{report → arachni/report}/base.rb +43 -2
data/lib/{report → arachni/report}/manager.rb +7 -18
data/lib/arachni/rpc/client/base.rb +42 -0
data/lib/{rpc/xml → arachni/rpc}/client/dispatcher.rb +12 -13
data/lib/arachni/rpc/client/instance.rb +62 -0
data/lib/arachni/rpc/server/base.rb +51 -0
data/lib/arachni/rpc/server/dispatcher.rb +438 -0
data/lib/arachni/rpc/server/framework.rb +1163 -0
data/lib/arachni/rpc/server/instance.rb +184 -0
data/lib/{rpc/xml → arachni/rpc}/server/module/manager.rb +8 -5
data/lib/arachni/rpc/server/node.rb +267 -0
data/lib/{rpc/xml → arachni/rpc}/server/options.rb +6 -35
data/lib/{rpc/xml → arachni/rpc}/server/output.rb +29 -3
data/lib/{rpc/xml → arachni/rpc}/server/plugin/manager.rb +5 -6
data/lib/{ruby.rb → arachni/ruby.rb} +1 -2
data/lib/arachni/ruby/array.rb +31 -0
data/lib/{ruby → arachni/ruby}/object.rb +1 -1
data/lib/{ruby → arachni/ruby}/string.rb +1 -1
data/lib/{spider.rb → arachni/spider.rb} +83 -110
data/lib/arachni/typhoeus/hydra.rb +7 -0
data/lib/{typhoeus → arachni/typhoeus}/request.rb +11 -9
data/lib/{typhoeus → arachni/typhoeus}/response.rb +4 -0
data/lib/{ui → arachni/ui}/cli/cli.rb +154 -84
data/lib/{ui → arachni/ui}/cli/output.rb +57 -19
data/lib/{ui/xmlrpc → arachni/ui/rpc}/dispatcher_monitor.rb +11 -10
data/lib/{ui/xmlrpc/xmlrpc.rb → arachni/ui/rpc/rpc.rb} +102 -158
data/lib/{ui → arachni/ui}/web/addon_manager.rb +23 -3
data/lib/arachni/ui/web/addons/autodeploy.rb +207 -0
data/lib/{ui → arachni/ui}/web/addons/autodeploy/lib/manager.rb +142 -35
data/lib/arachni/ui/web/addons/autodeploy/views/index.erb +291 -0
data/lib/{ui → arachni/ui}/web/addons/sample.rb +1 -1
data/lib/{ui → arachni/ui}/web/addons/sample/views/index.erb +0 -0
data/lib/{ui → arachni/ui}/web/addons/scheduler.rb +30 -22
data/lib/{ui → arachni/ui}/web/addons/scheduler/views/index.erb +56 -22
data/lib/{ui → arachni/ui}/web/addons/scheduler/views/options.erb +0 -0
data/lib/arachni/ui/web/dispatcher_manager.rb +274 -0
data/lib/arachni/ui/web/instance_manager.rb +69 -0
data/lib/{ui → arachni/ui}/web/log.rb +1 -1
data/lib/arachni/ui/web/output_stream.rb +54 -0
data/lib/{ui → arachni/ui}/web/report_manager.rb +48 -54
data/lib/{ui → arachni/ui}/web/scheduler.rb +42 -47
data/lib/arachni/ui/web/server.rb +1197 -0
data/lib/{ui → arachni/ui}/web/server/db/placeholder +0 -0
data/lib/{ui → arachni/ui}/web/server/public/banner.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/bodybg-small.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/bodybg.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +0 -0
data/lib/{ui → arachni/ui}/web/server/public/favicon.ico +0 -0
data/lib/{ui → arachni/ui}/web/server/public/footer.jpg +0 -0
data/lib/{ui/web/server/public/icons/error.png → arachni/ui/web/server/public/icons/bad.png} +0 -0
data/lib/arachni/ui/web/server/public/icons/error.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/icons/info.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/icons/ok.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/icons/status.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/js/jquery-1.4.4.min.js +0 -0
data/lib/{ui → arachni/ui}/web/server/public/js/jquery-ui-1.8.9.custom.min.js +0 -0
data/lib/{ui → arachni/ui}/web/server/public/js/jquery-ui-timepicker.js +0 -0
data/lib/{ui → arachni/ui}/web/server/public/logo.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/nav-left.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/nav-right.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/nav-selected-left.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/nav-selected-right.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/plugins/sample/style.css +0 -0
data/lib/{ui/web/server/tmp → arachni/ui/web/server/public/reports}/placeholder +0 -0
data/lib/{ui → arachni/ui}/web/server/public/sidebar-bottom.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/sidebar-h4.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/sidebar-top.jpg +0 -0
data/lib/{ui → arachni/ui}/web/server/public/spider.png +0 -0
data/lib/{ui → arachni/ui}/web/server/public/style.css +3 -2
data/lib/arachni/ui/web/server/tmp/placeholder +0 -0
data/lib/{ui → arachni/ui}/web/server/views/addon.erb +0 -0
data/lib/{ui → arachni/ui}/web/server/views/addons.erb +0 -0
data/lib/{ui → arachni/ui}/web/server/views/dispatcher_error.erb +0 -0
data/lib/arachni/ui/web/server/views/dispatchers.erb +175 -0
data/lib/arachni/ui/web/server/views/dispatchers_edit.erb +71 -0
data/lib/arachni/ui/web/server/views/error.erb +22 -0
data/lib/{ui → arachni/ui}/web/server/views/flash.erb +2 -2
data/lib/arachni/ui/web/server/views/home.erb +60 -0
data/lib/{ui → arachni/ui}/web/server/views/instance.erb +55 -75
data/lib/arachni/ui/web/server/views/js/home.erb +32 -0
data/lib/{ui → arachni/ui}/web/server/views/layout.erb +2 -2
data/lib/{ui → arachni/ui}/web/server/views/log.erb +0 -0
data/lib/arachni/ui/web/server/views/module.erb +30 -0
data/lib/{ui → arachni/ui}/web/server/views/modules.erb +2 -22
data/lib/{ui → arachni/ui}/web/server/views/options.erb +0 -0
data/lib/{ui → arachni/ui}/web/server/views/output_results.erb +4 -4
data/lib/{ui → arachni/ui}/web/server/views/plugins.erb +23 -12
data/lib/{ui → arachni/ui}/web/server/views/report_formats.erb +1 -1
data/lib/{ui → arachni/ui}/web/server/views/reports.erb +1 -1
data/lib/{ui → arachni/ui}/web/server/views/settings.erb +59 -16
data/lib/{ui → arachni/ui}/web/server/views/welcome.erb +3 -1
data/lib/{ui → arachni/ui}/web/utilities.rb +8 -3
data/lib/arachni/version.rb +16 -0
data/modules/audit/code_injection.rb +11 -20
data/modules/audit/code_injection_timing.rb +2 -6
data/modules/audit/csrf.rb +8 -16
data/modules/audit/ldapi.rb +5 -11
data/modules/audit/os_cmd_injection.rb +5 -9
data/modules/audit/os_cmd_injection_timing.rb +4 -8
data/modules/audit/path_traversal.rb +7 -13
data/modules/audit/response_splitting.rb +8 -21
data/modules/audit/rfi.rb +6 -46
data/modules/audit/sqli.rb +5 -11
data/modules/audit/sqli/regexp_ids.txt +0 -6
data/modules/audit/sqli_blind_rdiff.rb +5 -10
data/modules/audit/sqli_blind_timing.rb +4 -9
data/modules/audit/trainer.rb +6 -12
data/modules/audit/unvalidated_redirect.rb +6 -17
data/modules/audit/xpath.rb +5 -12
data/modules/audit/xss.rb +37 -23
data/modules/audit/xss_event.rb +5 -10
data/modules/audit/xss_path.rb +47 -41
data/modules/audit/xss_script_tag.rb +5 -10
data/modules/audit/xss_tag.rb +5 -10
data/modules/audit/xss_uri.rb +17 -89
data/modules/recon/allowed_methods.rb +6 -15
data/modules/recon/backdoors.rb +12 -52
data/modules/recon/backup_files.rb +25 -88
data/modules/recon/common_directories.rb +8 -54
data/modules/recon/common_files.rb +7 -58
data/modules/recon/directory_listing.rb +6 -15
data/modules/recon/grep/captcha.rb +1 -1
data/modules/recon/grep/credit_card.rb +62 -27
data/modules/recon/grep/cvs_svn_users.rb +1 -1
data/modules/recon/grep/emails.rb +1 -1
data/modules/recon/grep/html_objects.rb +1 -1
data/modules/recon/grep/private_ip.rb +1 -1
data/modules/recon/grep/ssn.rb +9 -9
data/modules/recon/htaccess_limit.rb +6 -14
data/modules/recon/http_put.rb +7 -15
data/modules/recon/interesting_responses.rb +7 -13
data/modules/recon/mixed_resource.rb +100 -0
data/modules/recon/unencrypted_password_forms.rb +8 -20
data/modules/recon/webdav.rb +6 -16
data/modules/recon/xst.rb +7 -13
data/path_extractors/anchors.rb +1 -1
data/path_extractors/forms.rb +1 -1
data/path_extractors/frames.rb +1 -1
data/path_extractors/generic.rb +47 -3
data/path_extractors/links.rb +1 -1
data/path_extractors/meta_refresh.rb +1 -1
data/path_extractors/scripts.rb +3 -4
data/path_extractors/sitemap.rb +1 -1
data/plugins/autologin.rb +9 -18
data/plugins/beep_notify.rb +51 -0
data/plugins/cookie_collector.rb +12 -12
data/plugins/defaults/autothrottle.rb +86 -0
data/plugins/{content_types.rb → defaults/content_types.rb} +25 -19
data/plugins/{healthmap.rb → defaults/healthmap.rb} +30 -18
data/plugins/defaults/metamodules/remedies/discovery.rb +164 -0
data/plugins/defaults/metamodules/remedies/manual_verification.rb +65 -0
data/{metamodules/timeout_notice.rb → plugins/defaults/metamodules/remedies/timing_attacks.rb} +26 -22
data/{metamodules → plugins/defaults/metamodules}/uniformity.rb +15 -14
data/plugins/{profiler.rb → defaults/profiler.rb} +19 -30
data/plugins/defaults/resolver.rb +55 -0
data/plugins/email_notify.rb +108 -0
data/plugins/form_dicattack.rb +8 -16
data/plugins/http_dicattack.rb +4 -12
data/plugins/libnotify.rb +86 -0
data/plugins/proxy.rb +8 -17
data/plugins/proxy/server.rb +3 -3
data/plugins/rescan.rb +60 -0
data/plugins/waf_detector.rb +5 -16
data/profiles/full.afp +3 -30
data/reports/afr.rb +2 -5
data/reports/ap.rb +3 -1
data/reports/html.rb +210 -68
data/reports/html/default.erb +72 -1014
data/reports/html/default/configuration.erb +126 -0
data/reports/html/default/css/jquery-ui.css +570 -0
data/reports/html/default/css/jquery.jqplot.min.css +1 -0
data/reports/html/default/css/main.css +391 -0
data/reports/html/default/issue.erb +189 -0
data/reports/html/default/issues.erb +65 -0
data/reports/html/default/js/charts.js +146 -0
data/reports/html/default/js/helpers.js +95 -0
data/reports/html/default/js/init.js +73 -0
data/reports/html/default/js/lib/jqplot.barRenderer.min.js +57 -0
data/reports/html/default/js/lib/jqplot.categoryAxisRenderer.min.js +57 -0
data/reports/html/default/js/lib/jqplot.cursor.min.js +57 -0
data/reports/html/default/js/lib/jqplot.pieRenderer.min.js +57 -0
data/reports/html/default/js/lib/jqplot.pointLabels.min.js +57 -0
data/reports/html/default/js/lib/jquery-ui.min.js +404 -0
data/reports/html/default/js/lib/jquery.jqplot.min.js +57 -0
data/reports/html/default/js/lib/jquery.min.js +167 -0
data/reports/html/default/plugins.erb +22 -0
data/reports/html/default/search.erb +8 -0
data/reports/html/default/sitemap.erb +15 -0
data/reports/html/default/summary.erb +68 -0
data/reports/html/default/summary_issue.erb +19 -0
data/reports/json.rb +51 -0
data/reports/marshal.rb +49 -0
data/reports/metareport.rb +4 -6
data/reports/metareport/arachni_metareport.rb +1 -1
data/reports/plugin_formatters/html/autologin.rb +30 -41
data/reports/plugin_formatters/html/content_types.rb +1 -10
data/reports/plugin_formatters/html/cookie_collector.rb +36 -44
data/reports/plugin_formatters/html/discovery.rb +50 -0
data/reports/plugin_formatters/html/form_dicattack.rb +24 -32
data/reports/plugin_formatters/html/healthmap.rb +45 -54
data/reports/plugin_formatters/html/http_dicattack.rb +24 -32
data/reports/plugin_formatters/html/profiler.rb +17 -48
data/reports/plugin_formatters/html/profiler/template.erb +6 -99
data/reports/plugin_formatters/html/resolver.rb +63 -0
data/reports/plugin_formatters/html/{metaformatters/timeout_notice.rb → timing_attacks.rb} +7 -19
data/reports/plugin_formatters/html/{metaformatters/uniformity.rb → uniformity.rb} +5 -17
data/reports/plugin_formatters/html/waf_detector.rb +24 -32
data/reports/plugin_formatters/stdout/autologin.rb +30 -35
data/reports/plugin_formatters/stdout/content_types.rb +41 -46
data/reports/plugin_formatters/stdout/cookie_collector.rb +33 -38
data/reports/plugin_formatters/stdout/discovery.rb +47 -0
data/reports/plugin_formatters/stdout/form_dicattack.rb +27 -32
data/reports/plugin_formatters/stdout/healthmap.rb +47 -51
data/reports/plugin_formatters/stdout/http_dicattack.rb +27 -32
data/reports/plugin_formatters/stdout/metamodules.rb +48 -55
data/reports/plugin_formatters/stdout/profiler.rb +60 -65
data/reports/plugin_formatters/stdout/resolver.rb +45 -0
data/reports/plugin_formatters/stdout/{metaformatters/timeout_notice.rb → timing_attacks.rb} +6 -14
data/reports/plugin_formatters/stdout/{metaformatters/uniformity.rb → uniformity.rb} +6 -14
data/reports/plugin_formatters/stdout/waf_detector.rb +23 -28
data/reports/plugin_formatters/xml/autologin.rb +36 -41
data/reports/plugin_formatters/xml/content_types.rb +47 -52
data/reports/plugin_formatters/xml/cookie_collector.rb +39 -44
data/reports/plugin_formatters/xml/discovery.rb +54 -0
data/reports/plugin_formatters/xml/form_dicattack.rb +22 -27
data/reports/plugin_formatters/xml/healthmap.rb +53 -58
data/reports/plugin_formatters/xml/http_dicattack.rb +22 -27
data/reports/plugin_formatters/xml/profiler.rb +61 -77
data/reports/plugin_formatters/xml/resolver.rb +53 -0
data/reports/plugin_formatters/xml/{metaformatters/timeout_notice.rb → timing_attacks.rb} +3 -15
data/reports/plugin_formatters/xml/{metaformatters/uniformity.rb → uniformity.rb} +4 -14
data/reports/plugin_formatters/xml/waf_detector.rb +23 -28
data/reports/stdout.rb +1 -1
data/reports/txt.rb +2 -5
data/reports/xml.rb +2 -5
data/reports/xml/buffer.rb +6 -2
data/reports/yaml.rb +49 -0
metadata +419 -278
data/bin/arachni_xmlrpc +0 -21
data/bin/arachni_xmlrpcd +0 -82
data/bin/arachni_xmlrpcd_monitor +0 -74
data/getoptslong.rb +0 -242
data/lib/anemone.rb +0 -2
data/lib/framework.rb +0 -673
data/lib/module/manager.rb +0 -111
data/lib/options.rb +0 -547
data/lib/rpc/xml/client/base.rb +0 -76
data/lib/rpc/xml/client/instance.rb +0 -88
data/lib/rpc/xml/server/base.rb +0 -112
data/lib/rpc/xml/server/dispatcher.rb +0 -386
data/lib/rpc/xml/server/framework.rb +0 -206
data/lib/rpc/xml/server/instance.rb +0 -191
data/lib/ruby/xmlrpc/server.rb +0 -27
data/lib/ui/web/addons/autodeploy.rb +0 -172
data/lib/ui/web/addons/autodeploy/views/index.erb +0 -124
data/lib/ui/web/dispatcher_manager.rb +0 -165
data/lib/ui/web/instance_manager.rb +0 -87
data/lib/ui/web/output_stream.rb +0 -94
data/lib/ui/web/server.rb +0 -925
data/lib/ui/web/server/public/reports/placeholder +0 -1
data/lib/ui/web/server/views/dispatchers.erb +0 -100
data/lib/ui/web/server/views/dispatchers_edit.erb +0 -42
data/lib/ui/web/server/views/error.erb +0 -1
data/lib/ui/web/server/views/home.erb +0 -25
data/metamodules/autothrottle.rb +0 -74
data/plugins/metamodules.rb +0 -118
data/profiles/comprehensive.afp +0 -74
data/reports/plugin_formatters/html/metamodules.rb +0 -93
data/reports/plugin_formatters/xml/metamodules.rb +0 -91

data/lib/{module → arachni/module}/utilities.rb RENAMED

@@ -1,6 +1,6 @@
 =begin
                   Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
   This is free software; you can copy and distribute and modify
   this program under the term of the GPL v2.0 License
@@ -8,6 +8,9 @@
 =end
+require 'digest/sha1'
+require 'cgi'
 module Arachni
 module Module
@@ -20,20 +23,36 @@ module Module
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1.1
+# @version: 0.1.3
 #
 module Utilities
+    def uri_parser
+        @@uri_parser ||= URI::Parser.new
+    end
+    def uri_parse( url )
+        uri_parser.parse( url )
+    end
+    def uri_encode( *args )
+        uri_parser.escape( *args )
+    end
+    def uri_decode( *args )
+        uri_parser.unescape( *args )
+    end
     #
     # Decodes URLs to reverse multiple encodes and removes NULL characters
     #
     def url_sanitize( url )
-        while( url =~ /%/ )
-            url = ( URI.decode( url ).to_s.unpack( 'A*' )[0] )
+        while( url =~ /%[a-fA-F0-9]{2}/ )
+            url = ( uri_decode( url ).to_s.unpack( 'A*' )[0] )
         end
-        return URI.encode( url )
+        return uri_encode( CGI.unescapeHTML( url ) )
     end
     #
@@ -45,7 +64,7 @@ module Utilities
     #
     def get_path( url )
-        uri  = URI( URI.escape( url ) )
+        uri  = uri_parser.parse( uri_encode( url ) )
         path = uri.path
         if !File.extname( path ).empty?
@@ -61,15 +80,35 @@ module Utilities
     end
     def normalize_url( url )
+        # make sure we're working with the pure form of the URL
+        url = url_sanitize( url )
         begin
-            return URI.encode( URI.decode( url.to_s ) ).to_s.gsub( '[', '%5B' ).gsub( ']', '%5D' )
-        rescue
+            normalized = uri_encode( uri_decode( url.to_s ) ).to_s.gsub( '[', '%5B' ).gsub( ']', '%5D' )
+        rescue Exception => e
+            # ap e
+            # ap e.backtrace
             begin
-                return URI.encode( URI.decode( url.to_s ) ).to_s
-            rescue
-                return url
+                normalized = uri_encode( uri_decode( url.to_s ) ).to_s
+            rescue Exception => e
+                # ap e
+                # ap e.backtrace
+                normalized = url
             end
         end
+        #
+        # prevent this: http://example.com#fragment
+        # from becoming this: http://example.com%23fragment
+        #
+        begin
+            normalized.gsub!( '%23', '#' )
+        rescue
+        end
+        return normalized
     end
     #
@@ -99,18 +138,30 @@ module Utilities
     end
+    def hash_keys_to_str( hash )
+        nh = {}
+        hash.each_pair {
+            |k, v|
+            nh[k.to_s] = v
+            nh[k.to_s] = hash_keys_to_str( v ) if v.is_a? Hash
+        }
+        return nh
+    end
     #
     # Wraps the "block" in exception handling code and runs it.
     #
     # @param    [Block]
     #
-    def exception_jail( &block )
+    def exception_jail( raise_exception = true, &block )
         begin
             block.call
         rescue Exception => e
-            print_error( e.to_s )
-            print_debug_backtrace( e )
-            raise e
+            err_name = !e.to_s.empty? ? e.to_s : e.class.name
+            print_error( err_name )
+            print_error_backtrace( e )
+            raise e if raise_exception
         end
     end

data/lib/{nokogiri → arachni/nokogiri}/xml/node.rb RENAMED

File without changes

data/lib/arachni/options.rb ADDED

@@ -0,0 +1,986 @@
+=begin
+                  Arachni
+  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+=end
+require 'yaml'
+YAML::ENGINE.yamler = 'syck'
+require 'singleton'
+require 'getoptlong'
+module Arachni
+#
+# Options class.
+#
+# Implements the Singleton pattern and formally defines
+# all of Arachni's runtime options.
+#
+# @author: Tasos "Zapotek" Laskos
+#                                      <tasos.laskos@gmail.com>
+#                                      <zapotek@segfault.gr>
+# @version: 0.2
+#
+class Options
+    include Singleton
+    #
+    # The extension of the profile files.
+    #
+    # @return    [String]
+    #
+    PROFILE_EXT = '.afp'
+    #
+    # General purpose datastore.
+    #
+    # Since this class is a Singleton and is passed
+    # to pretty much everything it's a good candidate for message passing
+    # or obscure options that the user doesn't need to know.
+    #
+    # @return    [Hash]
+    #
+    attr_reader   :datastore
+    attr_accessor :grid_mode
+    #
+    # @return   [String]    the URL of a neighbouring Dispatcher
+    #
+    attr_accessor :neighbour
+    #
+    # @return   [Float]    cost of using the Dispatcher
+    #
+    attr_accessor :cost
+    #
+    # @return   [String]    a string identifying this bandwidth pipe
+    #
+    attr_accessor :pipe_id
+    #
+    # @return   [Float]    Dispatcher weight
+    #
+    attr_accessor :weight
+    #
+    # @return   [String]    Dispatcher nickname
+    #
+    attr_accessor :nickname
+    #
+    # Holds absolute paths for the directory structure of the framework
+    #
+    # @return    [Hash]
+    #
+    attr_accessor :dir
+    #
+    # The URL to audit
+    #
+    # @return    [String,URI]
+    #
+    attr_reader   :url
+    #
+    # Show help?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :help
+    #
+    # Output only positive results during the audit?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :only_positives
+    #
+    # Be verbose?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :arachni_verbose
+    #
+    # Output debugging messages?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :debug
+    #
+    # Filters for redundant links
+    #
+    # @return    [Array]
+    #
+    attr_accessor :redundant
+    #
+    # Should the crawler obery robots.txt files?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :obey_robots_txt
+    #
+    # How deep to go in the site structure?<br/>
+    # If nil, depth_limit = inf
+    #
+    # @return    [Integer]
+    #
+    attr_accessor :depth_limit
+    #
+    # How many links to follow?
+    # If -1, link_count_limit = inf
+    #
+    # @return    [Integer]
+    #
+    attr_accessor :link_count_limit
+    #
+    # How many redirects to follow?
+    # If -1, redirect_limit = inf
+    #
+    # @return    [Integer]
+    #
+    attr_accessor :redirect_limit
+    #
+    # List modules, based on regexps, and exit?
+    #
+    # @return    [Array<Regexp>]
+    #
+    attr_accessor :lsmod
+    #
+    # List reports and exit?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :lsrep
+    #
+    # How many concurrent HTTP requests?
+    #
+    # @return    [Integer]
+    #
+    attr_accessor :http_req_limit
+    #
+    # Should Arachni audit links?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :audit_links
+    #
+    # Should Arachni audit forms?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :audit_forms
+    #
+    # Should Arachni audit cookies?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :audit_cookies
+    #
+    # Should Arachni audit HTTP headers?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :audit_headers
+    #
+    # Array of modules to load
+    #
+    # @return    [Array]
+    #
+    attr_accessor :mods
+    #
+    # Array of reports to load
+    #
+    # @return    [Array]
+    #
+    attr_accessor :reports
+    #
+    # Location of an Arachni Framework Report (.afr) file to load
+    #
+    # @return    [String]
+    #
+    attr_accessor :repload
+    #
+    # Where to save the Arachni Framework Profile (.afp) file
+    #
+    # @return    [String]
+    #
+    attr_accessor :save_profile
+    #
+    # Location of Arachni Framework Profile (.afp) files to load
+    #
+    # @return    [Array]
+    #
+    attr_accessor :load_profile
+    attr_accessor :show_profile
+    #
+    # The person that authorized the scan<br/>
+    # It will be added to the HTTP "user-agent" and "from" headers.
+    #
+    # @return    [String]
+    #
+    attr_accessor :authed_by
+    #
+    # The address of the proxy server
+    #
+    # @return    [String]
+    #
+    attr_accessor :proxy_addr
+    #
+    # The port to connect on the proxy server
+    #
+    # @return    [String]
+    #
+    attr_accessor :proxy_port
+    #
+    # The proxy password
+    #
+    # @return    [String]
+    #
+    attr_accessor :proxy_pass
+    #
+    # The proxy user
+    #
+    # @return    [String]
+    #
+    attr_accessor :proxy_user
+    #
+    # The proxy type
+    #
+    # @return    [String]     [http, socks]
+    #
+    attr_accessor :proxy_type
+    #
+    # To be populated by the framework
+    #
+    # Parsed cookiejar cookies
+    #
+    # @return    [Hash]     name=>value pairs
+    #
+    attr_accessor :cookies
+    #
+    # Location of the cookiejar
+    #
+    # @return    [String]
+    #
+    attr_accessor :cookie_jar
+    #
+    # The HTTP user-agent to use
+    #
+    # @return    [String]
+    #
+    attr_accessor :user_agent
+    #
+    # Exclude filters <br/>
+    # URL matching any of these patterns won't be followed
+    #
+    # @return    [Array]
+    #
+    attr_accessor :exclude
+    #
+    # Cookies to exclude from audit<br/>
+    #
+    # @return    [Array]
+    #
+    attr_accessor :exclude_cookies
+    #
+    # Include filters <br/>
+    # Only URLs that match any of these patterns will be followed
+    #
+    # @return    [Array]
+    #
+    attr_accessor :include
+    #
+    # Should the crawler follow subdomains?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :follow_subdomains
+    #
+    # Harvest the HTTP responses for the whole site at the end or
+    # for each page?
+    #
+    # @return    [Bool]
+    #
+    attr_accessor :http_harvest_last
+    # to be populated by the framework
+    attr_accessor :start_datetime
+    # to be populated by the framework
+    attr_accessor :finish_datetime
+    # to be populated by the framework
+    attr_accessor :delta_time
+    attr_accessor :lsplug
+    attr_accessor :plugins
+    attr_accessor :rpc_port
+    attr_accessor :rpc_address
+    attr_accessor :rpc_instance_port_range
+    attr_accessor :ssl
+    attr_accessor :ssl_pkey
+    attr_accessor :ssl_cert
+    attr_accessor :ssl_ca
+    attr_accessor :node_ssl_pkey
+    attr_accessor :node_ssl_cert
+    attr_accessor :server
+    attr_accessor :reroute_to_logfile
+    attr_accessor :pool_size
+    attr_accessor :webui_username
+    attr_accessor :webui_password
+    attr_accessor :custom_headers
+    attr_accessor :restrict_paths
+    attr_accessor :restrict_paths_filepath
+    attr_accessor :extend_paths
+    attr_accessor :extend_paths_filepath
+    attr_accessor :min_pages_per_instance
+    attr_accessor :max_slaves
+    def initialize
+        reset!
+    end
+    def reset!
+        # nil everything out
+        self.instance_variables.each {
+            |var|
+            instance_variable_set( var.to_s, nil )
+        }
+        @dir            = {}
+        @dir['root']    = root_path
+        @dir['gfx']     = @dir['root'] + 'gfx/'
+        @dir['conf']    = @dir['root'] + 'conf/'
+        @dir['logs']    = @dir['root'] + 'logs/'
+        @dir['data']    = @dir['root'] + 'data/'
+        @dir['modules'] = @dir['root'] + 'modules/'
+        @dir['reports'] = @dir['root'] + 'reports/'
+        @dir['plugins'] = @dir['root'] + 'plugins/'
+        @dir['path_extractors']    = @dir['root'] + 'path_extractors/'
+        @dir['lib']     = @dir['root'] + 'lib/arachni/'
+        @dir['mixins']  = @dir['lib'] + 'mixins/'
+        @dir['arachni'] = @dir['lib'][0...-1]
+        # we must add default values for everything because that can serve
+        # both as a default configuration and as an inexpensive way to declare
+        # their data types for later verification
+        @datastore  = {}
+        @redundant  = []
+        @obey_robots_txt = false
+        @depth_limit      = -1
+        @link_count_limit = -1
+        @redirect_limit   = 20
+        @lsmod      = []
+        @lsrep      = []
+        @http_req_limit = 20
+        @mods = []
+        @reports    = {}
+        @exclude    = []
+        @exclude_cookies    = []
+        @include    = []
+        @lsplug     = []
+        @plugins    = {}
+        @rpc_instance_port_range = [1025, 65535]
+        @exclude_cookies    = []
+        @load_profile       = []
+        @restrict_paths     = []
+        @extend_paths       = []
+        @custom_headers     = {}
+        @min_pages_per_instance = 30
+        @max_slaves = 10
+    end
+    def parse!
+        # Construct getops struct
+        opts = GetoptLong.new(
+            [ '--help',              '-h', GetoptLong::NO_ARGUMENT ],
+            [ '--verbosity',         '-v', GetoptLong::NO_ARGUMENT ],
+            [ '--only-positives',    '-k', GetoptLong::NO_ARGUMENT ],
+            [ '--lsmod',                   GetoptLong::OPTIONAL_ARGUMENT ],
+            [ '--lsrep',                   GetoptLong::OPTIONAL_ARGUMENT ],
+            [ '--audit-links',       '-g', GetoptLong::NO_ARGUMENT ],
+            [ '--audit-forms',       '-p', GetoptLong::NO_ARGUMENT ],
+            [ '--audit-cookies',     '-c', GetoptLong::NO_ARGUMENT ],
+            [ '--audit-cookie-jar',        GetoptLong::NO_ARGUMENT ],
+            [ '--audit-headers',           GetoptLong::NO_ARGUMENT ],
+            [ '--spider-first',            GetoptLong::NO_ARGUMENT ],
+            [ '--obey-robots-txt',   '-o', GetoptLong::NO_ARGUMENT ],
+            [ '--redundant',               GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--depth',             '-d', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--redirect-limit',    '-q', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--link-count',        '-u', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--mods',              '-m', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--report',                  GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--repload',                 GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--authed-by',               GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--load-profile',            GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--save-profile',            GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--show-profile',            GetoptLong::NO_ARGUMENT ],
+            [ '--proxy',             '-z', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--proxy-auth',        '-x', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--proxy-type',        '-y', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--cookie-jar',        '-j', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--user-agent',        '-b', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--exclude',           '-e', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--include',           '-i', GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--exclude-cookie',          GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--http-req-limit',          GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--follow-subdomains', '-f', GetoptLong::NO_ARGUMENT ],
+            [ '--http-harvest-last', '-s', GetoptLong::NO_ARGUMENT ],
+            [ '--debug',             '-w', GetoptLong::NO_ARGUMENT ],
+            [ '--server',                  GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--plugin',                  GetoptLong::OPTIONAL_ARGUMENT ],
+            [ '--lsplug',                  GetoptLong::OPTIONAL_ARGUMENT ],
+            [ '--ssl',                     GetoptLong::NO_ARGUMENT ],
+            [ '--ssl-pkey',                GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--ssl-cert',                GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--node-ssl-pkey',          GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--node-ssl-cert',          GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--ssl-ca',                 GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--address',                GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--reroute-to-logfile',     GetoptLong::NO_ARGUMENT ],
+            [ '--pool-size',              GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--neighbour',              GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--weight',                 GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--cost',                   GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--pipe-id',                GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--nickname',               GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--username',               GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--password',               GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--port',                   GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--host',                   GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--custom-header',          GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--restrict-paths',         GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--extend-paths',           GetoptLong::REQUIRED_ARGUMENT ],
+            [ '--port-range',             GetoptLong::REQUIRED_ARGUMENT ]
+        )
+        opts.quiet = true
+        begin
+            opts.each {
+                |opt, arg|
+                case opt
+                    when '--help'
+                        @help = true
+                    when '--only-positives'
+                        @only_positives = true
+                    when '--verbosity'
+                        @arachni_verbose = true
+                    when '--debug'
+                        @debug = true
+                    when '--plugin'
+                        plugin, opt_str = arg.split( ':', 2 )
+                        opts = {}
+                        if( opt_str )
+                            opt_arr = opt_str.split( ',' )
+                            opt_arr.each {
+                                |c_opt|
+                                name, val = c_opt.split( '=', 2 )
+                                opts[name] = val
+                            }
+                        end
+                        @plugins[plugin] = opts
+                    when '--redundant'
+                        @redundant << {
+                            'regexp'  => Regexp.new( arg.to_s.split( /:/ )[0] ),
+                            'count'   => Integer( arg.to_s.split( /:/ )[1] ),
+                        }
+                    when '--port-range'
+                        first, last = arg.to_s.split( '-' )
+                        @rpc_instance_port_range = [ Integer( first ), Integer( last ) ]
+                    when '--custom-header'
+                        header, val = arg.to_s.split( /=/, 2 )
+                        @custom_headers[header] = val
+                    when '--restrict-paths'
+                        @restrict_paths |= paths_from_file( arg )
+                        @restrict_paths_filepath = arg
+                    when '--extend-paths'
+                        @extend_paths |= paths_from_file( arg )
+                        @extend_paths_filepath = arg
+                    when '--obey_robots_txt'
+                        @obey_robots_txt = true
+                    when '--depth'
+                        @depth_limit = arg.to_i
+                    when '--link-count'
+                        @link_count_limit = arg.to_i
+                    when '--redirect-limit'
+                        @redirect_limit = arg.to_i
+                    when '--lsmod'
+                        @lsmod << Regexp.new( arg.to_s )
+                    when '--lsplug'
+                        @lsplug << Regexp.new( arg.to_s )
+                    when '--lsrep'
+                        @lsrep << Regexp.new( arg.to_s )
+                    when '--http-req-limit'
+                      @http_req_limit = arg.to_i
+                    when '--audit-links'
+                        @audit_links = true
+                    when '--audit-forms'
+                        @audit_forms = true
+                    when '--audit-cookies'
+                        @audit_cookies = true
+                    when '--audit-cookie-jar'
+                        @audit_cookie_jar = true
+                    when '--audit-headers'
+                        @audit_headers = true
+                    when '--mods'
+                        @mods = arg.to_s.split( /,/ )
+                    when '--report'
+                        report, opt_str = arg.split( ':' )
+                        opts = {}
+                        if( opt_str )
+                            opt_arr = opt_str.split( ',' )
+                            opt_arr.each {
+                                |c_opt|
+                                name, val = c_opt.split( '=' )
+                                opts[name] = val
+                            }
+                        end
+                        @reports[report] = opts
+                    when '--repload'
+                        @repload = arg
+                    when '--save-profile'
+                        @save_profile = arg
+                    when '--load-profile'
+                        @load_profile << arg
+                    when '--show-profile'
+                        @show_profile = true
+                    when '--authed-by'
+                        @authed_by = arg
+                    when '--proxy'
+                        @proxy_addr, @proxy_port =
+                            arg.to_s.split( /:/ )
+                    when '--proxy-auth'
+                        @proxy_user, @proxy_pass =
+                            arg.to_s.split( /:/ )
+                    when '--proxy-type'
+                        @proxy_type = arg.to_s
+                    when '--cookie-jar'
+                        @cookie_jar = arg.to_s
+                    when '--user-agent'
+                        @user_agent = arg.to_s
+                    when '--exclude'
+                        @exclude << Regexp.new( arg )
+                    when '--include'
+                        @include << Regexp.new( arg )
+                    when '--exclude-cookie'
+                        @exclude_cookies << arg
+                    when '--follow-subdomains'
+                        @follow_subdomains = true
+                    when '--http-harvest-last'
+                        @http_harvest_last = true
+                    when '--ssl'
+                        @ssl = true
+                    when '--ssl-pkey'
+                        @ssl_pkey = arg.to_s
+                    when '--ssl-cert'
+                        @ssl_cert = arg.to_s
+                    when '--ssl-ca'
+                        @ssl_ca = arg.to_s
+                    when '--server'
+                        @server = arg.to_s
+                    when '--reroute-to-logfile'
+                        @reroute_to_logfile = true
+                    when '--port'
+                        @rpc_port = arg.to_i
+                    when '--address'
+                        @rpc_address = arg.to_s
+                    when '--pool-size'
+                        @pool_size = arg.to_i
+                    when '--neighbour'
+                        @neighbour = arg.to_s
+                    when '--cost'
+                        @cost = arg.to_s
+                    when '--weight'
+                        @weight = arg.to_s
+                    when '--pipe-id'
+                        @pipe_id = arg.to_s
+                    when '--nickname'
+                        @nickname = arg.to_s
+                    when '--host'
+                        @server = arg.to_s
+                    when '--username'
+                        @webui_username = arg.to_s
+                    when '--password'
+                        @webui_password = arg.to_s
+                end
+            }
+        rescue Exception => e
+            puts e.inspect
+            exit
+        end
+        self.url = ARGV.shift
+    end
+    def root_path
+        File.dirname( File.dirname( File.dirname( File.expand_path( File.expand_path(  __FILE__  ) ) ) ) ) + '/'
+    end
+    #
+    # Saves 'self' to file
+    #
+    # @param    [String]    file
+    #
+    def save( file )
+        dir           = @dir.clone
+        load_profile  = @load_profile.clone if @load_profile
+        save_profile  = @save_profile.clone if @save_profile
+        authed_by     = @authed_by.clone if @authed_by
+        restrict_paths = @restrict_paths.clone if @restrict_paths
+        extend_paths   = @extend_paths.clone if @extend_paths
+        @dir          = nil
+        @load_profile = nil
+        @save_profile = nil
+        @authed_by    = nil
+        @restrict_paths = nil
+        @extend_paths   = nil
+        begin
+            f = File.open( file, 'w' )
+            YAML.dump( self, f )
+        rescue
+            return
+        ensure
+            f.close
+            @dir          = dir
+            @load_profile = load_profile
+            @save_profile = save_profile
+            @authed_by    = authed_by
+            @restrict_paths = restrict_paths
+            @extend_paths   = extend_paths
+        end
+        return f.path
+    end
+    def load( filename )
+        opts = YAML::load( IO.read( filename ) )
+        if opts.restrict_paths_filepath
+            opts.restrict_paths = paths_from_file( opts.restrict_paths_filepath )
+        end
+        if opts.extend_paths_filepath
+            opts.extend_paths   = paths_from_file( opts.extend_paths_filepath )
+        end
+        return opts
+    end
+    def url=( str )
+        return if !str
+        require 'uri'
+        require @dir['lib'] + 'exceptions'
+        require @dir['lib'] + 'module/utilities'
+        begin
+            @url = URI( Arachni::Module::Utilities.normalize_url( str.to_s ) )
+        rescue Exception => e
+            # ap e
+            # ap e.backtrace
+            raise( Arachni::Exceptions::InvalidURL, "Invalid URL argument." )
+        end
+        return str
+    end
+    def restrict_paths=( urls )
+        @restrict_paths = [urls].flatten
+    end
+    #
+    # Converts the Options object to hash
+    #
+    # @return    [Hash]
+    #
+    def to_h
+        hash = Hash.new
+        self.instance_variables.each {
+            |var|
+            hash[normalize_name( var )] = self.instance_variable_get( var )
+        }
+        hash
+    end
+    #
+    # Merges self with the object in 'options'
+    #
+    # @param    [Options]
+    #
+    def merge!( options )
+        options.to_h.each_pair {
+            |k, v|
+            next if ( v.is_a?( Array ) || v.is_a?( Hash ) ) && v.empty?
+            send( "#{k}=", v ) if v
+        }
+    end
+    def to_args
+        cli_args = ''
+        self.to_h.keys.each {
+            |key|
+            arg = self.to_arg( key )
+            cli_args += " #{arg.to_s}" if arg
+        }
+        return cli_args += " #{self.url}"
+    end
+    def to_arg( key )
+        do_not_parse = [
+            'show_profile',
+            'url',
+            'dir',
+        ]
+        var = self.instance_variable_get( "@#{key}" )
+        return if !var
+        return if ( var.is_a?( Array ) || var.is_a?( Hash ) ) && var.empty?
+        return if do_not_parse.include?( key )
+        return if key == 'include' && var == [/.*/]
+        return if key == 'reports' && var.keys == ['stdout']
+        key = 'exclude_cookie' if key == 'exclude_cookies'
+        key = 'report'         if key == 'reports'
+        key = key.gsub( '_', '-' )
+        arg = ''
+        case key
+            when 'mods'
+                var = var.join( ',' )
+            when 'restrict-paths'
+                var = @restrict_paths_filepath
+            when 'extend-paths'
+                var = @extend_paths_filepath
+            when 'rpc-instance-port-range'
+                var = var.join( '-' )
+            when 'arachni-verbose'
+                key = 'verbosity'
+            when 'redundant'
+                var.each {
+                    |rule|
+                    arg += " --#{key}=#{rule['regexp'].source}:#{rule['count']}"
+                }
+                return arg
+            when 'plugins','report'
+                arg = ''
+                var.each {
+                    |opt, val|
+                    arg += " --#{key.chomp( 's' )}=#{opt}"
+                    arg += ':' if !val.empty?
+                    val.each {
+                        |k, v|
+                        arg += "#{k}=#{v},"
+                    }
+                    arg.chomp!( ',' )
+                }
+                return arg
+            when 'proxy-port'
+                return
+            when 'proxy-addr'
+                return "--proxy=#{self.proxy_addr}:#{self.proxy_port}"
+        end
+        if( var.is_a?( TrueClass ) )
+            arg = "--#{key}"
+        end
+        if( var.is_a?( String ) || var.is_a?( Fixnum ) )
+            arg = "--#{key}=#{var.to_s}"
+        end
+        if( var.is_a?( Array ) )
+            var.each {
+                |i|
+                i = i.source if i.is_a?( Regexp )
+                arg += " --#{key}=#{i}"
+            }
+        end
+        return arg
+    end
+    def paths_from_file( file )
+        IO.read( file ).lines.map {
+            |path|
+            path.gsub!( "\n", '' )
+            path.gsub!( "\r", '' )
+            path
+        }
+    end
+    private
+    def normalize_name( name )
+        name.to_s.gsub( '@', '' )
+    end
+end
+end