arachni 0.3 → 0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/ACKNOWLEDGMENTS.md +1 -1
- data/CHANGELOG.md +146 -0
- data/CONTRIBUTORS.md +1 -0
- data/HACKING.md +3 -3
- data/README.md +81 -49
- data/Rakefile +11 -14
- data/bin/arachni +4 -8
- data/bin/arachni_rpc +17 -0
- data/bin/arachni_rpcd +18 -0
- data/bin/arachni_rpcd_monitor +18 -0
- data/bin/arachni_web +25 -48
- data/bin/arachni_web_autostart +3 -3
- data/conf/README.webui.yaml.txt +7 -21
- data/external/metasploit/plugins/arachni.rb +0 -7
- data/extras/modules/recon/raft_dirs.rb +108 -0
- data/extras/modules/recon/raft_dirs/raft-large-directories.txt +62290 -0
- data/extras/modules/recon/raft_files.rb +110 -0
- data/extras/modules/recon/raft_files/raft-large-files.txt +37037 -0
- data/extras/modules/recon/svn_digger_dirs.rb +108 -0
- data/extras/modules/recon/svn_digger_dirs/Licence.txt +674 -0
- data/extras/modules/recon/svn_digger_dirs/ReadMe-Arachni.txt +4 -0
- data/extras/modules/recon/svn_digger_dirs/ReadMe.txt +6 -0
- data/extras/modules/recon/svn_digger_dirs/all-dirs.txt +5960 -0
- data/extras/modules/recon/svn_digger_files.rb +114 -0
- data/extras/modules/recon/svn_digger_files/Licence.txt +674 -0
- data/extras/modules/recon/svn_digger_files/ReadMe-Arachni.txt +4 -0
- data/extras/modules/recon/svn_digger_files/ReadMe.txt +6 -0
- data/extras/modules/recon/svn_digger_files/all-extensionless.txt +25419 -0
- data/extras/modules/recon/svn_digger_files/all.txt +43135 -0
- data/lib/arachni.rb +2 -7
- data/lib/{audit_store.rb → arachni/audit_store.rb} +68 -60
- data/lib/{component_manager.rb → arachni/component_manager.rb} +8 -8
- data/lib/{component_options.rb → arachni/component_options.rb} +34 -4
- data/lib/{crypto → arachni/crypto}/rsa_aes_cbc.rb +1 -2
- data/lib/arachni/database.rb +4 -0
- data/lib/arachni/database/base.rb +125 -0
- data/lib/arachni/database/hash.rb +384 -0
- data/lib/arachni/database/queue.rb +93 -0
- data/lib/{exceptions.rb → arachni/exceptions.rb} +1 -1
- data/lib/arachni/framework.rb +899 -0
- data/lib/{http.rb → arachni/http.rb} +63 -166
- data/lib/{issue.rb → arachni/issue.rb} +46 -17
- data/lib/{mixins → arachni/mixins}/observable.rb +1 -1
- data/lib/arachni/mixins/progress_bar.rb +81 -0
- data/lib/arachni/mixins/terminal.rb +106 -0
- data/lib/{module.rb → arachni/module.rb} +0 -0
- data/lib/{module → arachni/module}/auditor.rb +250 -86
- data/lib/{module → arachni/module}/base.rb +8 -18
- data/lib/{module → arachni/module}/element_db.rb +10 -2
- data/lib/{module → arachni/module}/key_filler.rb +1 -1
- data/lib/arachni/module/manager.rb +145 -0
- data/lib/{module → arachni/module}/output.rb +6 -1
- data/lib/{module → arachni/module}/trainer.rb +48 -52
- data/lib/{module → arachni/module}/utilities.rb +66 -15
- data/lib/{nokogiri → arachni/nokogiri}/xml/node.rb +0 -0
- data/lib/arachni/options.rb +986 -0
- data/lib/{parser.rb → arachni/parser.rb} +0 -0
- data/lib/{parser → arachni/parser}/auditable.rb +111 -32
- data/lib/{parser → arachni/parser}/elements.rb +28 -20
- data/lib/{parser → arachni/parser}/page.rb +20 -3
- data/lib/{parser → arachni/parser}/parser.rb +100 -63
- data/lib/{plugin.rb → arachni/plugin.rb} +0 -0
- data/lib/{plugin → arachni/plugin}/base.rb +43 -6
- data/lib/{plugin → arachni/plugin}/manager.rb +40 -13
- data/lib/{report.rb → arachni/report.rb} +0 -0
- data/lib/{report → arachni/report}/base.rb +43 -2
- data/lib/{report → arachni/report}/manager.rb +7 -18
- data/lib/arachni/rpc/client/base.rb +42 -0
- data/lib/{rpc/xml → arachni/rpc}/client/dispatcher.rb +12 -13
- data/lib/arachni/rpc/client/instance.rb +62 -0
- data/lib/arachni/rpc/server/base.rb +51 -0
- data/lib/arachni/rpc/server/dispatcher.rb +438 -0
- data/lib/arachni/rpc/server/framework.rb +1163 -0
- data/lib/arachni/rpc/server/instance.rb +184 -0
- data/lib/{rpc/xml → arachni/rpc}/server/module/manager.rb +8 -5
- data/lib/arachni/rpc/server/node.rb +267 -0
- data/lib/{rpc/xml → arachni/rpc}/server/options.rb +6 -35
- data/lib/{rpc/xml → arachni/rpc}/server/output.rb +29 -3
- data/lib/{rpc/xml → arachni/rpc}/server/plugin/manager.rb +5 -6
- data/lib/{ruby.rb → arachni/ruby.rb} +1 -2
- data/lib/arachni/ruby/array.rb +31 -0
- data/lib/{ruby → arachni/ruby}/object.rb +1 -1
- data/lib/{ruby → arachni/ruby}/string.rb +1 -1
- data/lib/{spider.rb → arachni/spider.rb} +83 -110
- data/lib/arachni/typhoeus/hydra.rb +7 -0
- data/lib/{typhoeus → arachni/typhoeus}/request.rb +11 -9
- data/lib/{typhoeus → arachni/typhoeus}/response.rb +4 -0
- data/lib/{ui → arachni/ui}/cli/cli.rb +154 -84
- data/lib/{ui → arachni/ui}/cli/output.rb +57 -19
- data/lib/{ui/xmlrpc → arachni/ui/rpc}/dispatcher_monitor.rb +11 -10
- data/lib/{ui/xmlrpc/xmlrpc.rb → arachni/ui/rpc/rpc.rb} +102 -158
- data/lib/{ui → arachni/ui}/web/addon_manager.rb +23 -3
- data/lib/arachni/ui/web/addons/autodeploy.rb +207 -0
- data/lib/{ui → arachni/ui}/web/addons/autodeploy/lib/manager.rb +142 -35
- data/lib/arachni/ui/web/addons/autodeploy/views/index.erb +291 -0
- data/lib/{ui → arachni/ui}/web/addons/sample.rb +1 -1
- data/lib/{ui → arachni/ui}/web/addons/sample/views/index.erb +0 -0
- data/lib/{ui → arachni/ui}/web/addons/scheduler.rb +30 -22
- data/lib/{ui → arachni/ui}/web/addons/scheduler/views/index.erb +56 -22
- data/lib/{ui → arachni/ui}/web/addons/scheduler/views/options.erb +0 -0
- data/lib/arachni/ui/web/dispatcher_manager.rb +274 -0
- data/lib/arachni/ui/web/instance_manager.rb +69 -0
- data/lib/{ui → arachni/ui}/web/log.rb +1 -1
- data/lib/arachni/ui/web/output_stream.rb +54 -0
- data/lib/{ui → arachni/ui}/web/report_manager.rb +48 -54
- data/lib/{ui → arachni/ui}/web/scheduler.rb +42 -47
- data/lib/arachni/ui/web/server.rb +1197 -0
- data/lib/{ui → arachni/ui}/web/server/db/placeholder +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/banner.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/bodybg-small.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/bodybg.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/favicon.ico +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/footer.jpg +0 -0
- data/lib/{ui/web/server/public/icons/error.png → arachni/ui/web/server/public/icons/bad.png} +0 -0
- data/lib/arachni/ui/web/server/public/icons/error.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/icons/info.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/icons/ok.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/icons/status.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/js/jquery-1.4.4.min.js +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/js/jquery-ui-1.8.9.custom.min.js +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/js/jquery-ui-timepicker.js +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/logo.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-left.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-right.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-selected-left.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-selected-right.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/plugins/sample/style.css +0 -0
- data/lib/{ui/web/server/tmp → arachni/ui/web/server/public/reports}/placeholder +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/sidebar-bottom.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/sidebar-h4.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/sidebar-top.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/spider.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/style.css +3 -2
- data/lib/arachni/ui/web/server/tmp/placeholder +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/addon.erb +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/addons.erb +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/dispatcher_error.erb +0 -0
- data/lib/arachni/ui/web/server/views/dispatchers.erb +175 -0
- data/lib/arachni/ui/web/server/views/dispatchers_edit.erb +71 -0
- data/lib/arachni/ui/web/server/views/error.erb +22 -0
- data/lib/{ui → arachni/ui}/web/server/views/flash.erb +2 -2
- data/lib/arachni/ui/web/server/views/home.erb +60 -0
- data/lib/{ui → arachni/ui}/web/server/views/instance.erb +55 -75
- data/lib/arachni/ui/web/server/views/js/home.erb +32 -0
- data/lib/{ui → arachni/ui}/web/server/views/layout.erb +2 -2
- data/lib/{ui → arachni/ui}/web/server/views/log.erb +0 -0
- data/lib/arachni/ui/web/server/views/module.erb +30 -0
- data/lib/{ui → arachni/ui}/web/server/views/modules.erb +2 -22
- data/lib/{ui → arachni/ui}/web/server/views/options.erb +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/output_results.erb +4 -4
- data/lib/{ui → arachni/ui}/web/server/views/plugins.erb +23 -12
- data/lib/{ui → arachni/ui}/web/server/views/report_formats.erb +1 -1
- data/lib/{ui → arachni/ui}/web/server/views/reports.erb +1 -1
- data/lib/{ui → arachni/ui}/web/server/views/settings.erb +59 -16
- data/lib/{ui → arachni/ui}/web/server/views/welcome.erb +3 -1
- data/lib/{ui → arachni/ui}/web/utilities.rb +8 -3
- data/lib/arachni/version.rb +16 -0
- data/modules/audit/code_injection.rb +11 -20
- data/modules/audit/code_injection_timing.rb +2 -6
- data/modules/audit/csrf.rb +8 -16
- data/modules/audit/ldapi.rb +5 -11
- data/modules/audit/os_cmd_injection.rb +5 -9
- data/modules/audit/os_cmd_injection_timing.rb +4 -8
- data/modules/audit/path_traversal.rb +7 -13
- data/modules/audit/response_splitting.rb +8 -21
- data/modules/audit/rfi.rb +6 -46
- data/modules/audit/sqli.rb +5 -11
- data/modules/audit/sqli/regexp_ids.txt +0 -6
- data/modules/audit/sqli_blind_rdiff.rb +5 -10
- data/modules/audit/sqli_blind_timing.rb +4 -9
- data/modules/audit/trainer.rb +6 -12
- data/modules/audit/unvalidated_redirect.rb +6 -17
- data/modules/audit/xpath.rb +5 -12
- data/modules/audit/xss.rb +37 -23
- data/modules/audit/xss_event.rb +5 -10
- data/modules/audit/xss_path.rb +47 -41
- data/modules/audit/xss_script_tag.rb +5 -10
- data/modules/audit/xss_tag.rb +5 -10
- data/modules/audit/xss_uri.rb +17 -89
- data/modules/recon/allowed_methods.rb +6 -15
- data/modules/recon/backdoors.rb +12 -52
- data/modules/recon/backup_files.rb +25 -88
- data/modules/recon/common_directories.rb +8 -54
- data/modules/recon/common_files.rb +7 -58
- data/modules/recon/directory_listing.rb +6 -15
- data/modules/recon/grep/captcha.rb +1 -1
- data/modules/recon/grep/credit_card.rb +62 -27
- data/modules/recon/grep/cvs_svn_users.rb +1 -1
- data/modules/recon/grep/emails.rb +1 -1
- data/modules/recon/grep/html_objects.rb +1 -1
- data/modules/recon/grep/private_ip.rb +1 -1
- data/modules/recon/grep/ssn.rb +9 -9
- data/modules/recon/htaccess_limit.rb +6 -14
- data/modules/recon/http_put.rb +7 -15
- data/modules/recon/interesting_responses.rb +7 -13
- data/modules/recon/mixed_resource.rb +100 -0
- data/modules/recon/unencrypted_password_forms.rb +8 -20
- data/modules/recon/webdav.rb +6 -16
- data/modules/recon/xst.rb +7 -13
- data/path_extractors/anchors.rb +1 -1
- data/path_extractors/forms.rb +1 -1
- data/path_extractors/frames.rb +1 -1
- data/path_extractors/generic.rb +47 -3
- data/path_extractors/links.rb +1 -1
- data/path_extractors/meta_refresh.rb +1 -1
- data/path_extractors/scripts.rb +3 -4
- data/path_extractors/sitemap.rb +1 -1
- data/plugins/autologin.rb +9 -18
- data/plugins/beep_notify.rb +51 -0
- data/plugins/cookie_collector.rb +12 -12
- data/plugins/defaults/autothrottle.rb +86 -0
- data/plugins/{content_types.rb → defaults/content_types.rb} +25 -19
- data/plugins/{healthmap.rb → defaults/healthmap.rb} +30 -18
- data/plugins/defaults/metamodules/remedies/discovery.rb +164 -0
- data/plugins/defaults/metamodules/remedies/manual_verification.rb +65 -0
- data/{metamodules/timeout_notice.rb → plugins/defaults/metamodules/remedies/timing_attacks.rb} +26 -22
- data/{metamodules → plugins/defaults/metamodules}/uniformity.rb +15 -14
- data/plugins/{profiler.rb → defaults/profiler.rb} +19 -30
- data/plugins/defaults/resolver.rb +55 -0
- data/plugins/email_notify.rb +108 -0
- data/plugins/form_dicattack.rb +8 -16
- data/plugins/http_dicattack.rb +4 -12
- data/plugins/libnotify.rb +86 -0
- data/plugins/proxy.rb +8 -17
- data/plugins/proxy/server.rb +3 -3
- data/plugins/rescan.rb +60 -0
- data/plugins/waf_detector.rb +5 -16
- data/profiles/full.afp +3 -30
- data/reports/afr.rb +2 -5
- data/reports/ap.rb +3 -1
- data/reports/html.rb +210 -68
- data/reports/html/default.erb +72 -1014
- data/reports/html/default/configuration.erb +126 -0
- data/reports/html/default/css/jquery-ui.css +570 -0
- data/reports/html/default/css/jquery.jqplot.min.css +1 -0
- data/reports/html/default/css/main.css +391 -0
- data/reports/html/default/issue.erb +189 -0
- data/reports/html/default/issues.erb +65 -0
- data/reports/html/default/js/charts.js +146 -0
- data/reports/html/default/js/helpers.js +95 -0
- data/reports/html/default/js/init.js +73 -0
- data/reports/html/default/js/lib/jqplot.barRenderer.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.categoryAxisRenderer.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.cursor.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.pieRenderer.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.pointLabels.min.js +57 -0
- data/reports/html/default/js/lib/jquery-ui.min.js +404 -0
- data/reports/html/default/js/lib/jquery.jqplot.min.js +57 -0
- data/reports/html/default/js/lib/jquery.min.js +167 -0
- data/reports/html/default/plugins.erb +22 -0
- data/reports/html/default/search.erb +8 -0
- data/reports/html/default/sitemap.erb +15 -0
- data/reports/html/default/summary.erb +68 -0
- data/reports/html/default/summary_issue.erb +19 -0
- data/reports/json.rb +51 -0
- data/reports/marshal.rb +49 -0
- data/reports/metareport.rb +4 -6
- data/reports/metareport/arachni_metareport.rb +1 -1
- data/reports/plugin_formatters/html/autologin.rb +30 -41
- data/reports/plugin_formatters/html/content_types.rb +1 -10
- data/reports/plugin_formatters/html/cookie_collector.rb +36 -44
- data/reports/plugin_formatters/html/discovery.rb +50 -0
- data/reports/plugin_formatters/html/form_dicattack.rb +24 -32
- data/reports/plugin_formatters/html/healthmap.rb +45 -54
- data/reports/plugin_formatters/html/http_dicattack.rb +24 -32
- data/reports/plugin_formatters/html/profiler.rb +17 -48
- data/reports/plugin_formatters/html/profiler/template.erb +6 -99
- data/reports/plugin_formatters/html/resolver.rb +63 -0
- data/reports/plugin_formatters/html/{metaformatters/timeout_notice.rb → timing_attacks.rb} +7 -19
- data/reports/plugin_formatters/html/{metaformatters/uniformity.rb → uniformity.rb} +5 -17
- data/reports/plugin_formatters/html/waf_detector.rb +24 -32
- data/reports/plugin_formatters/stdout/autologin.rb +30 -35
- data/reports/plugin_formatters/stdout/content_types.rb +41 -46
- data/reports/plugin_formatters/stdout/cookie_collector.rb +33 -38
- data/reports/plugin_formatters/stdout/discovery.rb +47 -0
- data/reports/plugin_formatters/stdout/form_dicattack.rb +27 -32
- data/reports/plugin_formatters/stdout/healthmap.rb +47 -51
- data/reports/plugin_formatters/stdout/http_dicattack.rb +27 -32
- data/reports/plugin_formatters/stdout/metamodules.rb +48 -55
- data/reports/plugin_formatters/stdout/profiler.rb +60 -65
- data/reports/plugin_formatters/stdout/resolver.rb +45 -0
- data/reports/plugin_formatters/stdout/{metaformatters/timeout_notice.rb → timing_attacks.rb} +6 -14
- data/reports/plugin_formatters/stdout/{metaformatters/uniformity.rb → uniformity.rb} +6 -14
- data/reports/plugin_formatters/stdout/waf_detector.rb +23 -28
- data/reports/plugin_formatters/xml/autologin.rb +36 -41
- data/reports/plugin_formatters/xml/content_types.rb +47 -52
- data/reports/plugin_formatters/xml/cookie_collector.rb +39 -44
- data/reports/plugin_formatters/xml/discovery.rb +54 -0
- data/reports/plugin_formatters/xml/form_dicattack.rb +22 -27
- data/reports/plugin_formatters/xml/healthmap.rb +53 -58
- data/reports/plugin_formatters/xml/http_dicattack.rb +22 -27
- data/reports/plugin_formatters/xml/profiler.rb +61 -77
- data/reports/plugin_formatters/xml/resolver.rb +53 -0
- data/reports/plugin_formatters/xml/{metaformatters/timeout_notice.rb → timing_attacks.rb} +3 -15
- data/reports/plugin_formatters/xml/{metaformatters/uniformity.rb → uniformity.rb} +4 -14
- data/reports/plugin_formatters/xml/waf_detector.rb +23 -28
- data/reports/stdout.rb +1 -1
- data/reports/txt.rb +2 -5
- data/reports/xml.rb +2 -5
- data/reports/xml/buffer.rb +6 -2
- data/reports/yaml.rb +49 -0
- metadata +419 -278
- data/bin/arachni_xmlrpc +0 -21
- data/bin/arachni_xmlrpcd +0 -82
- data/bin/arachni_xmlrpcd_monitor +0 -74
- data/getoptslong.rb +0 -242
- data/lib/anemone.rb +0 -2
- data/lib/framework.rb +0 -673
- data/lib/module/manager.rb +0 -111
- data/lib/options.rb +0 -547
- data/lib/rpc/xml/client/base.rb +0 -76
- data/lib/rpc/xml/client/instance.rb +0 -88
- data/lib/rpc/xml/server/base.rb +0 -112
- data/lib/rpc/xml/server/dispatcher.rb +0 -386
- data/lib/rpc/xml/server/framework.rb +0 -206
- data/lib/rpc/xml/server/instance.rb +0 -191
- data/lib/ruby/xmlrpc/server.rb +0 -27
- data/lib/ui/web/addons/autodeploy.rb +0 -172
- data/lib/ui/web/addons/autodeploy/views/index.erb +0 -124
- data/lib/ui/web/dispatcher_manager.rb +0 -165
- data/lib/ui/web/instance_manager.rb +0 -87
- data/lib/ui/web/output_stream.rb +0 -94
- data/lib/ui/web/server.rb +0 -925
- data/lib/ui/web/server/public/reports/placeholder +0 -1
- data/lib/ui/web/server/views/dispatchers.erb +0 -100
- data/lib/ui/web/server/views/dispatchers_edit.erb +0 -42
- data/lib/ui/web/server/views/error.erb +0 -1
- data/lib/ui/web/server/views/home.erb +0 -25
- data/metamodules/autothrottle.rb +0 -74
- data/plugins/metamodules.rb +0 -118
- data/profiles/comprehensive.afp +0 -74
- data/reports/plugin_formatters/html/metamodules.rb +0 -93
- data/reports/plugin_formatters/xml/metamodules.rb +0 -91
@@ -1,6 +1,6 @@
|
|
1
1
|
=begin
|
2
2
|
Arachni
|
3
|
-
Copyright (c) 2010-
|
3
|
+
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
This is free software; you can copy and distribute and modify
|
6
6
|
this program under the term of the GPL v2.0 License
|
@@ -21,7 +21,7 @@ module UI
|
|
21
21
|
# @author: Tasos "Zapotek" Laskos
|
22
22
|
# <tasos.laskos@gmail.com>
|
23
23
|
# <zapotek@segfault.gr>
|
24
|
-
# @version: 0.1
|
24
|
+
# @version: 0.1.1
|
25
25
|
#
|
26
26
|
module Output
|
27
27
|
|
@@ -42,6 +42,8 @@ module Output
|
|
42
42
|
|
43
43
|
@@mute = false
|
44
44
|
|
45
|
+
@@opened = false
|
46
|
+
|
45
47
|
# Prints an error message
|
46
48
|
#
|
47
49
|
# It ignores all flags, error messages will be output under all
|
@@ -51,7 +53,41 @@ module Output
|
|
51
53
|
# @return [void]
|
52
54
|
#
|
53
55
|
def print_error( str = '' )
|
54
|
-
print_color( '[-]', 31, str, $stderr )
|
56
|
+
print_color( '[-]', 31, str, $stderr, true )
|
57
|
+
File.open( 'error.log', 'a' ){
|
58
|
+
|f|
|
59
|
+
if !@@opened
|
60
|
+
f.puts
|
61
|
+
f.puts "#{Time.now} " + ( "-" * 80 )
|
62
|
+
|
63
|
+
h = {}
|
64
|
+
ENV.each { |k, v| h[k] = v }
|
65
|
+
f.puts 'ENV:'
|
66
|
+
f.puts h.to_yaml
|
67
|
+
|
68
|
+
f.puts "-" * 80
|
69
|
+
|
70
|
+
f.puts 'OPTIONS:'
|
71
|
+
f.puts Arachni::Options.instance.to_yaml
|
72
|
+
|
73
|
+
f.puts "-" * 80
|
74
|
+
end
|
75
|
+
print_color( "[#{Time.now}]", 31, str, f, true )
|
76
|
+
}
|
77
|
+
|
78
|
+
@@opened = true
|
79
|
+
end
|
80
|
+
|
81
|
+
#
|
82
|
+
# Same as print_error but the message won't be printed to stderr.
|
83
|
+
#
|
84
|
+
# Used mainly to draw attention.
|
85
|
+
#
|
86
|
+
# @param [String] error string
|
87
|
+
#
|
88
|
+
def print_bad( str = '', unmute = false )
|
89
|
+
return if muted? && !unmute
|
90
|
+
print_color( '[-]', 31, str, $stdout, unmute )
|
55
91
|
end
|
56
92
|
|
57
93
|
# Prints a status message
|
@@ -64,9 +100,9 @@ module Output
|
|
64
100
|
# @param [String] status string
|
65
101
|
# @return [void]
|
66
102
|
#
|
67
|
-
def print_status( str = '' )
|
103
|
+
def print_status( str = '', unmute = false )
|
68
104
|
if @@only_positives then return end
|
69
|
-
print_color( '[*]', 34, str )
|
105
|
+
print_color( '[*]', 34, str, $stdout, unmute )
|
70
106
|
end
|
71
107
|
|
72
108
|
# Prints an info message
|
@@ -79,9 +115,9 @@ module Output
|
|
79
115
|
# @param [String] info string
|
80
116
|
# @return [void]
|
81
117
|
#
|
82
|
-
def print_info( str = '' )
|
118
|
+
def print_info( str = '', unmute = false )
|
83
119
|
if @@only_positives then return end
|
84
|
-
print_color( '[~]', 30, str )
|
120
|
+
print_color( '[~]', 30, str, $stdout, unmute )
|
85
121
|
end
|
86
122
|
|
87
123
|
# Prints a good message, something that went very very right,
|
@@ -92,8 +128,8 @@ module Output
|
|
92
128
|
# @param [String] ok string
|
93
129
|
# @return [void]
|
94
130
|
#
|
95
|
-
def print_ok( str = '' )
|
96
|
-
print_color( '[+]', 32, str )
|
131
|
+
def print_ok( str = '', unmute = false )
|
132
|
+
print_color( '[+]', 32, str, $stdout, unmute )
|
97
133
|
end
|
98
134
|
|
99
135
|
# Prints a debugging message
|
@@ -106,9 +142,9 @@ module Output
|
|
106
142
|
# @param [String] debugging string
|
107
143
|
# @return [void]
|
108
144
|
#
|
109
|
-
def print_debug( str = '' )
|
145
|
+
def print_debug( str = '', unmute = false )
|
110
146
|
if !@@debug then return end
|
111
|
-
print_color( '[!]', 36, str, $stderr )
|
147
|
+
print_color( '[!]', 36, str, $stderr, unmute )
|
112
148
|
end
|
113
149
|
|
114
150
|
# Pretty prints an object, used for debugging,
|
@@ -137,12 +173,12 @@ module Output
|
|
137
173
|
# @param [Exception]
|
138
174
|
# @return [void]
|
139
175
|
#
|
140
|
-
def print_debug_backtrace( e
|
176
|
+
def print_debug_backtrace( e )
|
141
177
|
if !@@debug then return end
|
142
178
|
e.backtrace.each{ |line| print_debug( line ) }
|
143
179
|
end
|
144
180
|
|
145
|
-
def print_error_backtrace( e
|
181
|
+
def print_error_backtrace( e )
|
146
182
|
e.backtrace.each{ |line| print_error( line ) }
|
147
183
|
end
|
148
184
|
|
@@ -157,9 +193,9 @@ module Output
|
|
157
193
|
# @param [String] verbose string
|
158
194
|
# @return [void]
|
159
195
|
#
|
160
|
-
def print_verbose( str = '' )
|
196
|
+
def print_verbose( str = '', unmute = false )
|
161
197
|
if !@@verbose then return end
|
162
|
-
print_color( '[v]', 37, str )
|
198
|
+
print_color( '[v]', 37, str, $stdout, unmute )
|
163
199
|
end
|
164
200
|
|
165
201
|
# Prints a line of message
|
@@ -172,9 +208,9 @@ module Output
|
|
172
208
|
# @param [String] string
|
173
209
|
# @return [void]
|
174
210
|
#
|
175
|
-
def print_line( str = '' )
|
211
|
+
def print_line( str = '', unmute = false )
|
176
212
|
if @@only_positives then return end
|
177
|
-
return if muted?
|
213
|
+
return if muted? && !unmute
|
178
214
|
puts str
|
179
215
|
end
|
180
216
|
|
@@ -263,8 +299,8 @@ module Output
|
|
263
299
|
#
|
264
300
|
# @return [void]
|
265
301
|
#
|
266
|
-
def print_color( sign, color, string, out = $stdout )
|
267
|
-
return if muted?
|
302
|
+
def print_color( sign, color, string, out = $stdout, unmute = false )
|
303
|
+
return if muted? && !unmute
|
268
304
|
|
269
305
|
if out.tty?
|
270
306
|
out.print "\033[1;#{color.to_s}m #{sign}\033[1;00m #{string}\n";
|
@@ -273,6 +309,8 @@ module Output
|
|
273
309
|
end
|
274
310
|
end
|
275
311
|
|
312
|
+
extend self
|
313
|
+
|
276
314
|
end
|
277
315
|
|
278
316
|
end
|
@@ -1,10 +1,8 @@
|
|
1
|
-
require 'xmlrpc/client'
|
2
|
-
require 'openssl'
|
3
1
|
require 'terminal-table/import'
|
4
2
|
|
5
3
|
module Arachni
|
6
4
|
|
7
|
-
require Options.instance.dir['lib'] + 'rpc/
|
5
|
+
require Options.instance.dir['lib'] + 'rpc/client/dispatcher'
|
8
6
|
require Options.instance.dir['lib'] + 'ui/cli/output'
|
9
7
|
|
10
8
|
module UI
|
@@ -35,13 +33,16 @@ class DispatcherMonitor
|
|
35
33
|
exit 0
|
36
34
|
end
|
37
35
|
|
38
|
-
|
39
|
-
|
40
|
-
|
36
|
+
if !@opts.url
|
37
|
+
print_error "No server specified."
|
38
|
+
print_line
|
39
|
+
usage
|
40
|
+
exit 0
|
41
|
+
end
|
41
42
|
|
42
|
-
|
43
|
-
#
|
44
|
-
@dispatcher.
|
43
|
+
begin
|
44
|
+
# start the RPC client
|
45
|
+
@dispatcher = Arachni::RPC::Client::Dispatcher.new( @opts, @opts.url.to_s )
|
45
46
|
rescue Exception => e
|
46
47
|
print_error( "Could not connect to server." )
|
47
48
|
print_error( "Error: #{e.to_s}." )
|
@@ -176,7 +177,7 @@ class DispatcherMonitor
|
|
176
177
|
#
|
177
178
|
def usage
|
178
179
|
print_line <<USAGE
|
179
|
-
Usage:
|
180
|
+
Usage: arachni_rpcd_monitor host:port
|
180
181
|
|
181
182
|
Supported options:
|
182
183
|
|
@@ -1,10 +1,18 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
=begin
|
2
|
+
Arachni
|
3
|
+
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
4
|
+
|
5
|
+
This is free software; you can copy and distribute and modify
|
6
|
+
this program under the term of the GPL v2.0 License
|
7
|
+
(See LICENSE file for details)
|
8
|
+
|
9
|
+
=end
|
10
|
+
|
3
11
|
|
4
12
|
module Arachni
|
5
13
|
|
6
|
-
require Options.instance.dir['lib'] + 'rpc/
|
7
|
-
require Options.instance.dir['lib'] + 'rpc/
|
14
|
+
require Options.instance.dir['lib'] + 'rpc/client/dispatcher'
|
15
|
+
require Options.instance.dir['lib'] + 'rpc/client/instance'
|
8
16
|
|
9
17
|
require Options.instance.dir['lib'] + 'module/utilities'
|
10
18
|
require Options.instance.dir['lib'] + 'ui/cli/output'
|
@@ -13,14 +21,12 @@ require Options.instance.dir['lib'] + 'framework'
|
|
13
21
|
module UI
|
14
22
|
|
15
23
|
#
|
16
|
-
# Arachni
|
17
|
-
#
|
18
|
-
# Provides an self sufficient Arachni XML-RPC client.
|
24
|
+
# Provides an self sufficient Arachni RPC client.
|
19
25
|
#
|
20
26
|
# It mimics the standard CLI interface's functionality
|
21
27
|
# albeit in a client-server fashion.
|
22
28
|
#
|
23
|
-
# This should be your first stop when looking into creating your own
|
29
|
+
# This should be your first stop when looking into creating your own RPC client. <br/>
|
24
30
|
# Of course you don't need to instantiate the framework or any other Arachni related classes
|
25
31
|
# in your own client, this is just to provide some other info to the user.
|
26
32
|
#
|
@@ -28,9 +34,9 @@ module UI
|
|
28
34
|
# @author: Tasos "Zapotek" Laskos
|
29
35
|
# <tasos.laskos@gmail.com>
|
30
36
|
# <zapotek@segfault.gr>
|
31
|
-
# @version: 0.
|
37
|
+
# @version: 0.2
|
32
38
|
#
|
33
|
-
class
|
39
|
+
class RPC
|
34
40
|
|
35
41
|
include Arachni::UI::Output
|
36
42
|
include Arachni::Module::Utilities
|
@@ -78,27 +84,24 @@ class XMLRPC
|
|
78
84
|
|
79
85
|
|
80
86
|
# Check for missing url
|
81
|
-
if( !@opts.url &&
|
82
|
-
|
87
|
+
if( !@opts.url && @opts.lsmod.empty? )
|
88
|
+
print_bad( "Missing url argument." )
|
83
89
|
exit 0
|
84
90
|
end
|
85
91
|
|
86
92
|
begin
|
87
93
|
|
88
|
-
@dispatcher = Arachni::RPC::
|
94
|
+
@dispatcher = Arachni::RPC::Client::Dispatcher.new( @opts, @opts.server )
|
89
95
|
|
90
96
|
# get a new instance and assign the url we're going to audit as the
|
91
97
|
# 'owner'
|
92
98
|
@instance = @dispatcher.dispatch( @opts.url.to_s )
|
93
99
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
# start the XMLRPC client
|
98
|
-
@server = Arachni::RPC::XML::Client::Instance.new( @opts, instance_url.to_s, @instance['token'] )
|
100
|
+
# start the RPC client
|
101
|
+
@server = Arachni::RPC::Client::Instance.new( @opts, @instance['url'], @instance['token'] )
|
99
102
|
rescue Exception => e
|
100
103
|
print_error( "Could not connect to server." )
|
101
|
-
|
104
|
+
print_debug( "Error: #{e.to_s}." )
|
102
105
|
print_debug_backtrace( e )
|
103
106
|
exit 0
|
104
107
|
end
|
@@ -119,7 +122,7 @@ class XMLRPC
|
|
119
122
|
end
|
120
123
|
|
121
124
|
#
|
122
|
-
# we could just execute pause() upon an interrupt but
|
125
|
+
# we could just execute pause() upon an interrupt but RPC I/O
|
123
126
|
# needs to be synchronized otherwise we'll get an HTTP exception
|
124
127
|
#
|
125
128
|
@pause = false
|
@@ -146,7 +149,7 @@ class XMLRPC
|
|
146
149
|
|
147
150
|
print_line
|
148
151
|
|
149
|
-
# grab the
|
152
|
+
# grab the RPC server output while a scan is running
|
150
153
|
while( @server.framework.busy? )
|
151
154
|
output
|
152
155
|
|
@@ -154,7 +157,7 @@ class XMLRPC
|
|
154
157
|
|
155
158
|
# things will get crazy if we don't block a bit I think...
|
156
159
|
# we'll see...
|
157
|
-
::IO::select( nil, nil, nil,
|
160
|
+
::IO::select( nil, nil, nil, 2 )
|
158
161
|
end
|
159
162
|
|
160
163
|
puts
|
@@ -177,7 +180,7 @@ class XMLRPC
|
|
177
180
|
@opts.load_profile = nil
|
178
181
|
profiles.each {
|
179
182
|
|filename|
|
180
|
-
@opts.merge!(
|
183
|
+
@opts.merge!( Arachni::Options.instance.load( filename ) )
|
181
184
|
}
|
182
185
|
}
|
183
186
|
end
|
@@ -201,7 +204,7 @@ class XMLRPC
|
|
201
204
|
end
|
202
205
|
|
203
206
|
#
|
204
|
-
# Grabs the output from the
|
207
|
+
# Grabs the output from the RPC server and routes it to the proper output method.
|
205
208
|
#
|
206
209
|
def output
|
207
210
|
@server.service.output.each {
|
@@ -237,21 +240,21 @@ class XMLRPC
|
|
237
240
|
# make it easier on the user, grab the report to have something
|
238
241
|
# to show him while the scan is paused.
|
239
242
|
#
|
243
|
+
|
240
244
|
begin
|
241
|
-
print_issues(
|
245
|
+
print_issues( @server.framework.issues )
|
242
246
|
rescue Exception => e
|
243
247
|
exception_jail{ raise e }
|
244
248
|
exit 0
|
245
249
|
end
|
246
250
|
|
247
|
-
print_info( 'Arachni
|
248
|
-
' do you want to continue?' )
|
251
|
+
print_info( 'Arachni is paused, do you want to continue?' )
|
249
252
|
|
250
253
|
print_info( 'Continue? (hit \'enter\' to continue, \'e\' to exit)' )
|
251
254
|
|
252
255
|
if gets[0] == 'e'
|
253
256
|
print_status( 'Aborting scan...' )
|
254
|
-
@server.framework.
|
257
|
+
@server.framework.clean_up!
|
255
258
|
report
|
256
259
|
shutdown
|
257
260
|
print_info( 'Exiting...' )
|
@@ -260,7 +263,6 @@ class XMLRPC
|
|
260
263
|
|
261
264
|
@pause = false
|
262
265
|
@server.framework.resume!
|
263
|
-
|
264
266
|
end
|
265
267
|
|
266
268
|
#
|
@@ -268,32 +270,27 @@ class XMLRPC
|
|
268
270
|
#
|
269
271
|
# This method is used during a pause.
|
270
272
|
#
|
271
|
-
def print_issues(
|
273
|
+
def print_issues( issues )
|
272
274
|
|
273
|
-
print_line
|
274
|
-
print_info(
|
275
|
-
' issues have been detected.' )
|
275
|
+
print_line
|
276
|
+
print_info( issues.size.to_s + ' issues have been detected.' )
|
276
277
|
|
277
|
-
print_line
|
278
|
-
|
278
|
+
print_line
|
279
|
+
issues.each {
|
279
280
|
|issue|
|
280
281
|
|
281
|
-
print_ok( "#{issue
|
282
|
-
" - Severity: #{issue
|
283
|
-
|
284
|
-
print_info( issue['variations'][0]['url'] )
|
285
|
-
|
286
|
-
print_line( )
|
282
|
+
print_ok( "#{issue.name} (In #{issue.elem} variable '#{issue.var}'" +
|
283
|
+
" - Severity: #{issue.severity}" )
|
287
284
|
}
|
288
285
|
|
289
|
-
print_line
|
290
|
-
|
286
|
+
print_line
|
291
287
|
end
|
292
288
|
|
293
289
|
#
|
294
|
-
# Parses, sets and sends options to the
|
290
|
+
# Parses, sets and sends options to the RPC server.
|
295
291
|
#
|
296
292
|
def parse_opts
|
293
|
+
@opts.reports['stdout'] = {} if @opts.reports.empty?
|
297
294
|
|
298
295
|
#
|
299
296
|
# No modules have been specified, set the mods to '*' (all).
|
@@ -321,8 +318,12 @@ class XMLRPC
|
|
321
318
|
@opts.audit_cookies = true
|
322
319
|
end
|
323
320
|
|
321
|
+
opts = @opts.to_h.dup
|
322
|
+
|
323
|
+
@framework.reports.load( opts['reports'].keys )
|
324
|
+
|
324
325
|
# do not send these options over the wire
|
325
|
-
|
326
|
+
[
|
326
327
|
# this is bad, do not override the server's directory structure
|
327
328
|
'dir',
|
328
329
|
|
@@ -333,93 +334,39 @@ class XMLRPC
|
|
333
334
|
'load_profile',
|
334
335
|
|
335
336
|
# report options should remain local
|
336
|
-
# If you send this to the server it will cause a Ruby segfault.
|
337
337
|
'repopts',
|
338
338
|
'repsave',
|
339
339
|
|
340
340
|
# do not automatically send this options over
|
341
341
|
# we'll take care of this ourselves as soon as we get to the 'cookie_jar'
|
342
342
|
# option.
|
343
|
-
'cookies'
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
}
|
352
|
-
)
|
353
|
-
@opts.to_h.each {
|
354
|
-
|opt, arg|
|
355
|
-
|
356
|
-
next if !arg
|
357
|
-
next if illegal.include? opt
|
358
|
-
|
359
|
-
case opt
|
360
|
-
|
361
|
-
when "arachni_verbose"
|
362
|
-
print_status "Enabling verbosity."
|
363
|
-
verbose!
|
364
|
-
@server.framework.verbose_on
|
365
|
-
|
366
|
-
when 'redundant'
|
367
|
-
print_status 'Setting redundancy rules.'
|
368
|
-
|
369
|
-
redundant = []
|
370
|
-
arg.each {
|
371
|
-
|rule|
|
372
|
-
rule['regexp'] = rule['regexp'].to_s
|
373
|
-
redundant << rule
|
374
|
-
}
|
375
|
-
@server.opts.redundant( redundant )
|
376
|
-
|
377
|
-
when 'exclude', 'include'
|
378
|
-
print_status "Setting #{opt} rules."
|
379
|
-
@server.call( "opts.#{opt}=", arg.map{ |rule| rule.to_s } )
|
380
|
-
|
381
|
-
when 'url'
|
382
|
-
print_status 'Setting url: ' + @server.call( "opts.url=", arg.to_s )
|
383
|
-
|
384
|
-
when 'cookie_jar'
|
385
|
-
print_status 'Setting cookies:'
|
386
|
-
@server.opts.cookies( parse_cookie_jar( arg ) ).each_pair {
|
387
|
-
|k, v|
|
388
|
-
print_info ' * ' + k + ' => ' + v
|
389
|
-
}
|
390
|
-
|
391
|
-
when 'mods'
|
392
|
-
print_status 'Loading modules:'
|
393
|
-
@server.modules.load( arg ).each {
|
394
|
-
|mod|
|
395
|
-
print_info ' * ' + mod
|
396
|
-
}
|
397
|
-
|
398
|
-
when 'plugins'
|
399
|
-
next if arg.empty?
|
400
|
-
|
401
|
-
ap arg
|
402
|
-
print_status 'Loading plug-ins:'
|
403
|
-
@server.plugins.load( arg ).each {
|
404
|
-
|mod|
|
405
|
-
print_info ' * ' + mod
|
406
|
-
}
|
407
|
-
|
408
|
-
when "http_req_limit"
|
409
|
-
print_status 'Setting HTTP request limit: ' +
|
410
|
-
@server.opts.http_req_limit( arg ).to_s
|
343
|
+
'cookies',
|
344
|
+
'rpc_instance_port_range',
|
345
|
+
'datastore',
|
346
|
+
'reports'
|
347
|
+
].each {
|
348
|
+
|k|
|
349
|
+
opts.delete( k )
|
350
|
+
}
|
411
351
|
|
412
|
-
|
413
|
-
arg['stdout'] = {}
|
414
|
-
exception_jail{ @framework.reports.load( arg.keys ) }
|
352
|
+
opts['url'] = opts['url'].to_s
|
415
353
|
|
416
|
-
|
417
|
-
|
418
|
-
|
354
|
+
if opts['cookie_jar']
|
355
|
+
opts['cookies'] = parse_cookie_jar( opts['cookie_jar'] )
|
356
|
+
opts.delete( 'cookie_jar' )
|
357
|
+
end
|
419
358
|
|
420
|
-
|
359
|
+
@framework.plugins.load_defaults!.each {
|
360
|
+
|plugin|
|
361
|
+
@opts.plugins[plugin] = {} if !@opts.plugins.include?( plugin )
|
421
362
|
}
|
422
363
|
|
364
|
+
@server.plugins.load( @opts.plugins )
|
365
|
+
@server.modules.load( @opts.mods )
|
366
|
+
@server.opts.set( opts )
|
367
|
+
|
368
|
+
# ap opts
|
369
|
+
# exit
|
423
370
|
end
|
424
371
|
|
425
372
|
#
|
@@ -431,16 +378,13 @@ class XMLRPC
|
|
431
378
|
end
|
432
379
|
|
433
380
|
#
|
434
|
-
# Grabs the report from the
|
381
|
+
# Grabs the report from the RPC server and runs the selected Arachni report module.
|
435
382
|
#
|
436
383
|
def report
|
437
384
|
print_status "Grabbing scan report..."
|
438
385
|
|
439
|
-
# this will return the AuditStore as a hash
|
440
|
-
# ap @server.call( "framework.report" )
|
441
|
-
|
442
386
|
# this will return the AuditStore as a string in YAML format
|
443
|
-
audit_store =
|
387
|
+
audit_store = @server.framework.auditstore
|
444
388
|
|
445
389
|
# run the loaded reports and get the generated filename
|
446
390
|
@framework.reports.run( audit_store )
|
@@ -448,16 +392,16 @@ class XMLRPC
|
|
448
392
|
print_status "Grabbing stats..."
|
449
393
|
|
450
394
|
stats = @server.framework.stats
|
395
|
+
|
451
396
|
print_line
|
452
|
-
print_info( "Sent #{stats[
|
453
|
-
print_info( "Received and analyzed #{stats[
|
454
|
-
print_info( 'In ' + stats[
|
397
|
+
print_info( "Sent #{stats[:requests]} requests." )
|
398
|
+
print_info( "Received and analyzed #{stats[:responses]} responses." )
|
399
|
+
print_info( 'In ' + stats[:time].to_s )
|
455
400
|
|
456
|
-
avg = 'Average: ' + stats[
|
401
|
+
avg = 'Average: ' + stats[:avg].to_s + ' requests/second.'
|
457
402
|
print_info( avg )
|
458
403
|
|
459
404
|
print_line
|
460
|
-
|
461
405
|
end
|
462
406
|
|
463
407
|
def parse_cookie_jar( jar )
|
@@ -482,45 +426,45 @@ class XMLRPC
|
|
482
426
|
mods.each {
|
483
427
|
|info|
|
484
428
|
|
485
|
-
print_status( "#{info[
|
429
|
+
print_status( "#{info[:mod_name]}:" )
|
486
430
|
print_line( "--------------------" )
|
487
431
|
|
488
|
-
print_line( "Name:\t\t" + info[
|
489
|
-
print_line( "Description:\t" + info[
|
432
|
+
print_line( "Name:\t\t" + info[:name] )
|
433
|
+
print_line( "Description:\t" + info[:description] )
|
490
434
|
|
491
|
-
if( info[
|
435
|
+
if( info[:elements] && info[:elements].size > 0 )
|
492
436
|
print_line( "Elements:\t" +
|
493
|
-
info[
|
437
|
+
info[:elements].join( ', ' ).downcase )
|
494
438
|
end
|
495
439
|
|
496
|
-
if( info[
|
440
|
+
if( info[:dependencies] )
|
497
441
|
print_line( "Dependencies:\t" +
|
498
|
-
info[
|
442
|
+
info[:dependencies].join( ', ' ).downcase )
|
499
443
|
end
|
500
444
|
|
501
|
-
print_line( "Author:\t\t" + info[
|
502
|
-
print_line( "Version:\t" + info[
|
445
|
+
print_line( "Author:\t\t" + info[:author].join( ", " ) )
|
446
|
+
print_line( "Version:\t" + info[:version] )
|
503
447
|
|
504
448
|
print_line( "References:" )
|
505
|
-
if info[
|
506
|
-
info[
|
449
|
+
if info[:references].is_a?( Hash )
|
450
|
+
info[:references].keys.each {
|
507
451
|
|key|
|
508
|
-
print_info( key + "\t\t" + info[
|
452
|
+
print_info( key + "\t\t" + info[:references][key] )
|
509
453
|
}
|
510
454
|
end
|
511
455
|
|
512
456
|
print_line( "Targets:" )
|
513
|
-
info[
|
457
|
+
info[:targets].keys.each {
|
514
458
|
|key|
|
515
|
-
print_info( key + "\t\t" + info[
|
459
|
+
print_info( key + "\t\t" + info[:targets][key] )
|
516
460
|
}
|
517
461
|
|
518
|
-
if( info[
|
519
|
-
( sploit = info[
|
462
|
+
if( info[:issue] &&
|
463
|
+
( sploit = info[:issue]['metasploitable'] ) )
|
520
464
|
print_line( "Metasploitable:\t" + sploit )
|
521
465
|
end
|
522
466
|
|
523
|
-
print_line( "Path:\t" + info[
|
467
|
+
print_line( "Path:\t" + info[:path] )
|
524
468
|
|
525
469
|
i+=1
|
526
470
|
|
@@ -573,7 +517,7 @@ class XMLRPC
|
|
573
517
|
}
|
574
518
|
end
|
575
519
|
|
576
|
-
print_line( "Author:\t\t" + info[:author] )
|
520
|
+
print_line( "Author:\t\t" + info[:author].join( ", " ) )
|
577
521
|
print_line( "Version:\t" + info[:version] )
|
578
522
|
print_line( "Path:\t" + info[:path] )
|
579
523
|
|
@@ -596,16 +540,16 @@ class XMLRPC
|
|
596
540
|
plugins.each {
|
597
541
|
|info|
|
598
542
|
|
599
|
-
print_status( "#{info[
|
543
|
+
print_status( "#{info[:plug_name]}:" )
|
600
544
|
print_line( "--------------------" )
|
601
545
|
|
602
|
-
print_line( "Name:\t\t" + info[
|
603
|
-
print_line( "Description:\t" + info[
|
546
|
+
print_line( "Name:\t\t" + info[:name] )
|
547
|
+
print_line( "Description:\t" + info[:description] )
|
604
548
|
|
605
|
-
if( info[
|
549
|
+
if( info[:options] && !info[:options].empty? )
|
606
550
|
print_line( "Options:\t" )
|
607
551
|
|
608
|
-
info[
|
552
|
+
info[:options].each {
|
609
553
|
|option|
|
610
554
|
print_info( "\t#{option['name']} - #{option['desc']}" )
|
611
555
|
print_info( "\tType: #{option['type']}" )
|
@@ -616,9 +560,9 @@ class XMLRPC
|
|
616
560
|
}
|
617
561
|
end
|
618
562
|
|
619
|
-
print_line( "Author:\t\t" + info[
|
620
|
-
print_line( "Version:\t" + info[
|
621
|
-
print_line( "Path:\t" + info[
|
563
|
+
print_line( "Author:\t\t" + info[:author].join( ", " ) )
|
564
|
+
print_line( "Version:\t" + info[:version] )
|
565
|
+
print_line( "Path:\t" + info[:path] )
|
622
566
|
|
623
567
|
print_line
|
624
568
|
}
|
@@ -662,7 +606,7 @@ class XMLRPC
|
|
662
606
|
#
|
663
607
|
def usage
|
664
608
|
print_line <<USAGE
|
665
|
-
Usage:
|
609
|
+
Usage: arachni_rpc --server https://host:port \[options\] url
|
666
610
|
|
667
611
|
Supported options:
|
668
612
|
|