arachni 0.3 → 0.4

data/lib/{ui → arachni/ui}/cli/output.rb

@@ -1,6 +1,6 @@
 =begin
                   Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 
   This is free software; you can copy and distribute and modify
   this program under the term of the GPL v2.0 License
@@ -21,7 +21,7 @@ module UI
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @version: 0.1.1
 #
 module Output
 
@@ -42,6 +42,8 @@ module Output
 
     @@mute  = false
 
+    @@opened = false
+
     # Prints an error message
     #
     # It ignores all flags, error messages will be output under all
@@ -51,7 +53,41 @@ module Output
     # @return    [void]
     #
     def print_error( str = '' )
-        print_color( '[-]', 31, str, $stderr )
+        print_color( '[-]', 31, str, $stderr, true )
+        File.open( 'error.log', 'a' ){
+            |f|
+            if !@@opened
+                f.puts
+                f.puts "#{Time.now} " + ( "-" * 80 )
+
+                h = {}
+                ENV.each { |k, v| h[k] = v }
+                f.puts 'ENV:'
+                f.puts h.to_yaml
+
+                f.puts "-" * 80
+
+                f.puts 'OPTIONS:'
+                f.puts Arachni::Options.instance.to_yaml
+
+                f.puts "-" * 80
+            end
+            print_color( "[#{Time.now}]", 31, str, f, true )
+        }
+
+        @@opened = true
+    end
+
+    #
+    # Same as print_error but the message won't be printed to stderr.
+    #
+    # Used mainly to draw attention.
+    #
+    # @param    [String]    error string
+    #
+    def print_bad( str = '', unmute = false )
+        return if muted? && !unmute
+        print_color( '[-]', 31, str, $stdout, unmute )
     end
 
     # Prints a status message
@@ -64,9 +100,9 @@ module Output
     # @param    [String]    status string
     # @return    [void]
     #
-    def print_status( str = '' )
+    def print_status( str = '', unmute = false )
         if @@only_positives then return end
-        print_color( '[*]', 34, str )
+        print_color( '[*]', 34, str, $stdout, unmute )
     end
 
     # Prints an info message
@@ -79,9 +115,9 @@ module Output
     # @param    [String]    info string
     # @return    [void]
     #
-    def print_info( str = '' )
+    def print_info( str = '', unmute = false )
         if @@only_positives then return end
-        print_color( '[~]', 30, str )
+        print_color( '[~]', 30, str, $stdout, unmute )
     end
 
     # Prints a good message, something that went very very right,
@@ -92,8 +128,8 @@ module Output
     # @param    [String]    ok string
     # @return    [void]
     #
-    def print_ok( str = '' )
-        print_color( '[+]', 32, str )
+    def print_ok( str = '', unmute = false )
+        print_color( '[+]', 32, str, $stdout, unmute )
     end
 
     # Prints a debugging message
@@ -106,9 +142,9 @@ module Output
     # @param    [String]    debugging string
     # @return    [void]
     #
-    def print_debug( str = '' )
+    def print_debug( str = '', unmute = false )
         if !@@debug then return end
-        print_color( '[!]', 36, str, $stderr )
+        print_color( '[!]', 36, str, $stderr, unmute )
     end
 
     # Pretty prints an object, used for debugging,
@@ -137,12 +173,12 @@ module Output
     # @param    [Exception]
     # @return    [void]
     #
-    def print_debug_backtrace( e = nil )
+    def print_debug_backtrace( e )
         if !@@debug then return end
         e.backtrace.each{ |line| print_debug( line ) }
     end
 
-    def print_error_backtrace( e = nil )
+    def print_error_backtrace( e )
         e.backtrace.each{ |line| print_error( line ) }
     end
 
@@ -157,9 +193,9 @@ module Output
     # @param    [String]    verbose string
     # @return    [void]
     #
-    def print_verbose( str = '' )
+    def print_verbose( str = '', unmute = false )
         if !@@verbose then return end
-        print_color( '[v]', 37, str )
+        print_color( '[v]', 37, str, $stdout, unmute )
     end
 
     # Prints a line of message
@@ -172,9 +208,9 @@ module Output
     # @param    [String]    string
     # @return    [void]
     #
-    def print_line( str = '' )
+    def print_line( str = '', unmute = false )
         if @@only_positives then return end
-        return if muted?
+        return if muted? && !unmute
         puts str
     end
 
@@ -263,8 +299,8 @@ module Output
     #
     # @return    [void]
     #
-    def print_color( sign, color, string, out = $stdout )
-        return if muted?
+    def print_color( sign, color, string, out = $stdout, unmute = false )
+        return if muted? && !unmute
 
         if out.tty?
             out.print "\033[1;#{color.to_s}m #{sign}\033[1;00m #{string}\n";
@@ -273,6 +309,8 @@ module Output
         end
     end
 
+    extend self
+
 end
 
 end

data/lib/{ui/xmlrpc → arachni/ui/rpc}/dispatcher_monitor.rb

@@ -1,10 +1,8 @@
-require 'xmlrpc/client'
-require 'openssl'
 require 'terminal-table/import'
 
 module Arachni
 
-require Options.instance.dir['lib'] + 'rpc/xml/client/dispatcher'
+require Options.instance.dir['lib'] + 'rpc/client/dispatcher'
 require Options.instance.dir['lib'] + 'ui/cli/output'
 
 module UI
@@ -35,13 +33,16 @@ class DispatcherMonitor
             exit 0
         end
 
-        begin
-            # start the XMLRPC client
-            @dispatcher = Arachni::RPC::XML::Client::Dispatcher.new( @opts, @opts.url.to_s )
+        if !@opts.url
+            print_error "No server specified."
+            print_line
+            usage
+            exit 0
+        end
 
-            # it seems like the XMLRPC client will connect us on the first
-            # call...so make sure that it *can* actually connect
-            @dispatcher.jobs
+        begin
+            # start the RPC client
+            @dispatcher = Arachni::RPC::Client::Dispatcher.new( @opts, @opts.url.to_s )
         rescue Exception => e
             print_error( "Could not connect to server." )
             print_error( "Error: #{e.to_s}." )
@@ -176,7 +177,7 @@ class DispatcherMonitor
     #
     def usage
         print_line <<USAGE
-  Usage:  arachni_xmlrpcd_monitor  https://host:port
+  Usage:  arachni_rpcd_monitor  host:port
 
   Supported options:
 

data/lib/{ui/xmlrpc/xmlrpc.rb → arachni/ui/rpc/rpc.rb}

@@ -1,10 +1,18 @@
-require 'xmlrpc/client'
-require 'openssl'
+=begin
+                  Arachni
+  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+
+  This is free software; you can copy and distribute and modify
+  this program under the term of the GPL v2.0 License
+  (See LICENSE file for details)
+
+=end
+
 
 module Arachni
 
-require Options.instance.dir['lib'] + 'rpc/xml/client/dispatcher'
-require Options.instance.dir['lib'] + 'rpc/xml/client/instance'
+require Options.instance.dir['lib'] + 'rpc/client/dispatcher'
+require Options.instance.dir['lib'] + 'rpc/client/instance'
 
 require Options.instance.dir['lib'] + 'module/utilities'
 require Options.instance.dir['lib'] + 'ui/cli/output'
@@ -13,14 +21,12 @@ require Options.instance.dir['lib'] + 'framework'
 module UI
 
 #
-# Arachni::UI:XMLRPC class
-#
-# Provides an self sufficient Arachni XML-RPC client.
+# Provides an self sufficient Arachni RPC client.
 #
 # It mimics the standard CLI interface's functionality
 # albeit in a client-server fashion.
 #
-# This should be your first stop when looking into creating your own XMLRPC client. <br/>
+# This should be your first stop when looking into creating your own RPC client. <br/>
 # Of course you don't need to instantiate the framework or any other Arachni related classes
 # in your own client, this is just to provide some other info to the user.
 #
@@ -28,9 +34,9 @@ module UI
 # @author: Tasos "Zapotek" Laskos
 #                                      <tasos.laskos@gmail.com>
 #                                      <zapotek@segfault.gr>
-# @version: 0.1.2
+# @version: 0.2
 #
-class XMLRPC
+class RPC
 
     include Arachni::UI::Output
     include Arachni::Module::Utilities
@@ -78,27 +84,24 @@ class XMLRPC
 
 
         # Check for missing url
-        if( !@opts.url && !@opts.lsmod )
-            print_error( "Missing url argument." )
+        if( !@opts.url && @opts.lsmod.empty? )
+            print_bad( "Missing url argument." )
             exit 0
         end
 
         begin
 
-            @dispatcher = Arachni::RPC::XML::Client::Dispatcher.new( @opts, @opts.server )
+            @dispatcher = Arachni::RPC::Client::Dispatcher.new( @opts, @opts.server )
 
             # get a new instance and assign the url we're going to audit as the
             # 'owner'
             @instance = @dispatcher.dispatch( @opts.url.to_s )
 
-            instance_url = URI( @opts.server.to_s )
-            instance_url.port = @instance['port']
-
-            # start the XMLRPC client
-            @server = Arachni::RPC::XML::Client::Instance.new( @opts, instance_url.to_s, @instance['token'] )
+            # start the RPC client
+            @server = Arachni::RPC::Client::Instance.new( @opts, @instance['url'], @instance['token'] )
         rescue Exception => e
             print_error( "Could not connect to server." )
-            print_error( "Error: #{e.to_s}." )
+            print_debug( "Error: #{e.to_s}." )
             print_debug_backtrace( e )
             exit 0
         end
@@ -119,7 +122,7 @@ class XMLRPC
         end
 
         #
-        # we could just execute pause() upon an interrupt but XMLRPC I/O
+        # we could just execute pause() upon an interrupt but RPC I/O
         # needs to be synchronized otherwise we'll get an HTTP exception
         #
         @pause = false
@@ -146,7 +149,7 @@ class XMLRPC
 
             print_line
 
-            # grab the XMLRPC server output while a scan is running
+            # grab the RPC server output while a scan is running
             while( @server.framework.busy? )
                 output
 
@@ -154,7 +157,7 @@ class XMLRPC
 
                 # things will get crazy if we don't block a bit I think...
                 # we'll see...
-                ::IO::select( nil, nil, nil, 0.3 )
+                ::IO::select( nil, nil, nil, 2 )
             end
 
             puts
@@ -177,7 +180,7 @@ class XMLRPC
             @opts.load_profile = nil
             profiles.each {
                 |filename|
-                @opts.merge!( YAML::load( IO.read( filename ) ) )
+                @opts.merge!( Arachni::Options.instance.load( filename ) )
             }
         }
     end
@@ -201,7 +204,7 @@ class XMLRPC
     end
 
     #
-    # Grabs the output from the XMLRPC server and routes it to the proper output method.
+    # Grabs the output from the RPC server and routes it to the proper output method.
     #
     def output
         @server.service.output.each {
@@ -237,21 +240,21 @@ class XMLRPC
         # make it easier on the user, grab the report to have something
         # to show him while the scan is paused.
         #
+
         begin
-            print_issues( YAML.load( @server.framework.report ) )
+            print_issues( @server.framework.issues )
         rescue Exception => e
             exception_jail{ raise e }
             exit 0
         end
 
-        print_info( 'Arachni was interrupted,' +
-            ' do you want to continue?' )
+        print_info( 'Arachni is paused, do you want to continue?' )
 
         print_info( 'Continue? (hit \'enter\' to continue, \'e\' to exit)' )
 
         if gets[0] == 'e'
             print_status( 'Aborting scan...' )
-            @server.framework.abort!
+            @server.framework.clean_up!
             report
             shutdown
             print_info( 'Exiting...' )
@@ -260,7 +263,6 @@ class XMLRPC
 
         @pause = false
         @server.framework.resume!
-
     end
 
     #
@@ -268,32 +270,27 @@ class XMLRPC
     #
     # This method is used during a pause.
     #
-    def print_issues( audit_store )
+    def print_issues( issues )
 
-        print_line( )
-        print_info( audit_store['issues'].size.to_s +
-          ' issues have been detected.' )
+        print_line
+        print_info( issues.size.to_s + ' issues have been detected.' )
 
-        print_line( )
-        audit_store['issues'].each {
+        print_line
+        issues.each {
             |issue|
 
-            print_ok( "#{issue['name']} (In #{issue['elem']} variable '#{issue['var']}'" +
-              " - Severity: #{issue['severity']} - Variations: #{issue['variations'].size.to_s})" )
-
-            print_info( issue['variations'][0]['url'] )
-
-            print_line( )
+            print_ok( "#{issue.name} (In #{issue.elem} variable '#{issue.var}'" +
+              " - Severity: #{issue.severity}" )
         }
 
-        print_line( )
-
+        print_line
     end
 
     #
-    # Parses, sets and sends options to the XMLRPC server.
+    # Parses, sets and sends options to the RPC server.
     #
     def parse_opts
+        @opts.reports['stdout'] = {} if @opts.reports.empty?
 
         #
         # No modules have been specified, set the mods to '*' (all).
@@ -321,8 +318,12 @@ class XMLRPC
             @opts.audit_cookies = true
         end
 
+        opts = @opts.to_h.dup
+
+        @framework.reports.load( opts['reports'].keys )
+
         # do not send these options over the wire
-        illegal = [
+        [
             # this is bad, do not override the server's directory structure
             'dir',
 
@@ -333,93 +334,39 @@ class XMLRPC
             'load_profile',
 
             # report options should remain local
-            # If you send this to the server it will cause a Ruby segfault.
             'repopts',
             'repsave',
 
             # do not automatically send this options over
             # we'll take care of this ourselves as soon as we get to the 'cookie_jar'
             # option.
-            'cookies'
-        ]
-
-        @server.plugins.load(
-            {
-                'content_types' => {},
-                'healthmap'     => {},
-                'metamodules'   => {},
-            }
-        )
-        @opts.to_h.each {
-            |opt, arg|
-
-            next if !arg
-            next if illegal.include? opt
-
-            case opt
-
-            when "arachni_verbose"
-                print_status "Enabling verbosity."
-                verbose!
-                @server.framework.verbose_on
-
-            when 'redundant'
-                print_status 'Setting redundancy rules.'
-
-                redundant = []
-                arg.each {
-                    |rule|
-                    rule['regexp'] = rule['regexp'].to_s
-                    redundant << rule
-                }
-                @server.opts.redundant( redundant )
-
-            when 'exclude', 'include'
-                print_status "Setting #{opt} rules."
-                @server.call( "opts.#{opt}=", arg.map{ |rule| rule.to_s } )
-
-            when 'url'
-                print_status 'Setting url: ' + @server.call( "opts.url=", arg.to_s )
-
-            when 'cookie_jar'
-                print_status 'Setting cookies:'
-                @server.opts.cookies( parse_cookie_jar( arg ) ).each_pair {
-                    |k, v|
-                    print_info ' * ' + k + ' => ' + v
-                }
-
-            when 'mods'
-                print_status 'Loading modules:'
-                @server.modules.load( arg ).each {
-                    |mod|
-                    print_info ' * ' + mod
-                }
-
-            when 'plugins'
-                next if arg.empty?
-
-                ap arg
-                print_status 'Loading plug-ins:'
-                @server.plugins.load( arg ).each {
-                    |mod|
-                    print_info ' * ' + mod
-                }
-
-            when "http_req_limit"
-                print_status 'Setting HTTP request limit: ' +
-                    @server.opts.http_req_limit( arg ).to_s
+            'cookies',
+            'rpc_instance_port_range',
+            'datastore',
+            'reports'
+        ].each {
+            |k|
+            opts.delete( k )
+        }
 
-            when 'reports'
-                arg['stdout'] = {}
-                exception_jail{ @framework.reports.load( arg.keys ) }
+        opts['url'] = opts['url'].to_s
 
-            else
-                print_status "Setting #{opt}."
-                @server.call( "opts.#{opt}=", arg )
+        if opts['cookie_jar']
+            opts['cookies'] = parse_cookie_jar( opts['cookie_jar'] )
+            opts.delete( 'cookie_jar' )
+        end
 
-            end
+        @framework.plugins.load_defaults!.each {
+            |plugin|
+            @opts.plugins[plugin] = {} if !@opts.plugins.include?( plugin )
         }
 
+        @server.plugins.load( @opts.plugins )
+        @server.modules.load( @opts.mods )
+        @server.opts.set( opts )
+
+        # ap opts
+        # exit
     end
 
     #
@@ -431,16 +378,13 @@ class XMLRPC
     end
 
     #
-    # Grabs the report from the XMLRPC server and runs the selected Arachni report module.
+    # Grabs the report from the RPC server and runs the selected Arachni report module.
     #
     def report
         print_status "Grabbing scan report..."
 
-        # this will return the AuditStore as a hash
-        # ap @server.call( "framework.report" )
-
         # this will return the AuditStore as a string in YAML format
-        audit_store = YAML.load( @server.framework.auditstore )
+        audit_store = @server.framework.auditstore
 
         # run the loaded reports and get the generated filename
         @framework.reports.run( audit_store )
@@ -448,16 +392,16 @@ class XMLRPC
         print_status "Grabbing stats..."
 
         stats = @server.framework.stats
+
         print_line
-        print_info( "Sent #{stats['requests']} requests." )
-        print_info( "Received and analyzed #{stats['responses']} responses." )
-        print_info( 'In ' + stats['time'] )
+        print_info( "Sent #{stats[:requests]} requests." )
+        print_info( "Received and analyzed #{stats[:responses]} responses." )
+        print_info( 'In ' + stats[:time].to_s )
 
-        avg = 'Average: ' + stats['avg'] + ' requests/second.'
+        avg = 'Average: ' + stats[:avg].to_s + ' requests/second.'
         print_info( avg )
 
         print_line
-
     end
 
     def parse_cookie_jar( jar )
@@ -482,45 +426,45 @@ class XMLRPC
         mods.each {
             |info|
 
-            print_status( "#{info['mod_name']}:" )
+            print_status( "#{info[:mod_name]}:" )
             print_line( "--------------------" )
 
-            print_line( "Name:\t\t"       + info['name'] )
-            print_line( "Description:\t"  + info['description'] )
+            print_line( "Name:\t\t"       + info[:name] )
+            print_line( "Description:\t"  + info[:description] )
 
-            if( info['elements'] && info['elements'].size > 0 )
+            if( info[:elements] && info[:elements].size > 0 )
                 print_line( "Elements:\t" +
-                    info['elements'].join( ', ' ).downcase )
+                    info[:elements].join( ', ' ).downcase )
             end
 
-            if( info['dependencies'] )
+            if( info[:dependencies] )
                 print_line( "Dependencies:\t" +
-                    info['dependencies'].join( ', ' ).downcase )
+                    info[:dependencies].join( ', ' ).downcase )
             end
 
-            print_line( "Author:\t\t"     + info['author'] )
-            print_line( "Version:\t"      + info['version'] )
+            print_line( "Author:\t\t"     + info[:author].join( ", " ) )
+            print_line( "Version:\t"      + info[:version] )
 
             print_line( "References:" )
-            if info['references'].is_a?( Hash )
-                info['references'].keys.each {
+            if info[:references].is_a?( Hash )
+                info[:references].keys.each {
                     |key|
-                    print_info( key + "\t\t" + info['references'][key] )
+                    print_info( key + "\t\t" + info[:references][key] )
                 }
             end
 
             print_line( "Targets:" )
-            info['targets'].keys.each {
+            info[:targets].keys.each {
                 |key|
-                print_info( key + "\t\t" + info['targets'][key] )
+                print_info( key + "\t\t" + info[:targets][key] )
             }
 
-            if( info['issue'] &&
-                ( sploit = info['issue']['metasploitable'] ) )
+            if( info[:issue] &&
+                ( sploit = info[:issue]['metasploitable'] ) )
                 print_line( "Metasploitable:\t" + sploit )
             end
 
-            print_line( "Path:\t"    + info['path'] )
+            print_line( "Path:\t"    + info[:path] )
 
             i+=1
 
@@ -573,7 +517,7 @@ class XMLRPC
                 }
             end
 
-            print_line( "Author:\t\t"     + info[:author] )
+            print_line( "Author:\t\t"     + info[:author].join( ", " ) )
             print_line( "Version:\t"      + info[:version] )
             print_line( "Path:\t"         + info[:path] )
 
@@ -596,16 +540,16 @@ class XMLRPC
         plugins.each {
             |info|
 
-            print_status( "#{info['plug_name']}:" )
+            print_status( "#{info[:plug_name]}:" )
             print_line( "--------------------" )
 
-            print_line( "Name:\t\t"       + info['name'] )
-            print_line( "Description:\t"  + info['description'] )
+            print_line( "Name:\t\t"       + info[:name] )
+            print_line( "Description:\t"  + info[:description] )
 
-            if( info['options'] && !info['options'].empty? )
+            if( info[:options] && !info[:options].empty? )
                 print_line( "Options:\t" )
 
-                info['options'].each {
+                info[:options].each {
                     |option|
                     print_info( "\t#{option['name']} - #{option['desc']}" )
                     print_info( "\tType:        #{option['type']}" )
@@ -616,9 +560,9 @@ class XMLRPC
                 }
             end
 
-            print_line( "Author:\t\t"     + info['author'] )
-            print_line( "Version:\t"      + info['version'] )
-            print_line( "Path:\t"         + info['path'] )
+            print_line( "Author:\t\t"     + info[:author].join( ", " ) )
+            print_line( "Version:\t"      + info[:version] )
+            print_line( "Path:\t"         + info[:path] )
 
             print_line
         }
@@ -662,7 +606,7 @@ class XMLRPC
     #
     def usage
         print_line <<USAGE
-  Usage:  arachni_xmlrpc --server https://host:port \[options\] url
+  Usage:  arachni_rpc --server https://host:port \[options\] url
 
   Supported options: