arachni 0.3 → 0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/ACKNOWLEDGMENTS.md +1 -1
- data/CHANGELOG.md +146 -0
- data/CONTRIBUTORS.md +1 -0
- data/HACKING.md +3 -3
- data/README.md +81 -49
- data/Rakefile +11 -14
- data/bin/arachni +4 -8
- data/bin/arachni_rpc +17 -0
- data/bin/arachni_rpcd +18 -0
- data/bin/arachni_rpcd_monitor +18 -0
- data/bin/arachni_web +25 -48
- data/bin/arachni_web_autostart +3 -3
- data/conf/README.webui.yaml.txt +7 -21
- data/external/metasploit/plugins/arachni.rb +0 -7
- data/extras/modules/recon/raft_dirs.rb +108 -0
- data/extras/modules/recon/raft_dirs/raft-large-directories.txt +62290 -0
- data/extras/modules/recon/raft_files.rb +110 -0
- data/extras/modules/recon/raft_files/raft-large-files.txt +37037 -0
- data/extras/modules/recon/svn_digger_dirs.rb +108 -0
- data/extras/modules/recon/svn_digger_dirs/Licence.txt +674 -0
- data/extras/modules/recon/svn_digger_dirs/ReadMe-Arachni.txt +4 -0
- data/extras/modules/recon/svn_digger_dirs/ReadMe.txt +6 -0
- data/extras/modules/recon/svn_digger_dirs/all-dirs.txt +5960 -0
- data/extras/modules/recon/svn_digger_files.rb +114 -0
- data/extras/modules/recon/svn_digger_files/Licence.txt +674 -0
- data/extras/modules/recon/svn_digger_files/ReadMe-Arachni.txt +4 -0
- data/extras/modules/recon/svn_digger_files/ReadMe.txt +6 -0
- data/extras/modules/recon/svn_digger_files/all-extensionless.txt +25419 -0
- data/extras/modules/recon/svn_digger_files/all.txt +43135 -0
- data/lib/arachni.rb +2 -7
- data/lib/{audit_store.rb → arachni/audit_store.rb} +68 -60
- data/lib/{component_manager.rb → arachni/component_manager.rb} +8 -8
- data/lib/{component_options.rb → arachni/component_options.rb} +34 -4
- data/lib/{crypto → arachni/crypto}/rsa_aes_cbc.rb +1 -2
- data/lib/arachni/database.rb +4 -0
- data/lib/arachni/database/base.rb +125 -0
- data/lib/arachni/database/hash.rb +384 -0
- data/lib/arachni/database/queue.rb +93 -0
- data/lib/{exceptions.rb → arachni/exceptions.rb} +1 -1
- data/lib/arachni/framework.rb +899 -0
- data/lib/{http.rb → arachni/http.rb} +63 -166
- data/lib/{issue.rb → arachni/issue.rb} +46 -17
- data/lib/{mixins → arachni/mixins}/observable.rb +1 -1
- data/lib/arachni/mixins/progress_bar.rb +81 -0
- data/lib/arachni/mixins/terminal.rb +106 -0
- data/lib/{module.rb → arachni/module.rb} +0 -0
- data/lib/{module → arachni/module}/auditor.rb +250 -86
- data/lib/{module → arachni/module}/base.rb +8 -18
- data/lib/{module → arachni/module}/element_db.rb +10 -2
- data/lib/{module → arachni/module}/key_filler.rb +1 -1
- data/lib/arachni/module/manager.rb +145 -0
- data/lib/{module → arachni/module}/output.rb +6 -1
- data/lib/{module → arachni/module}/trainer.rb +48 -52
- data/lib/{module → arachni/module}/utilities.rb +66 -15
- data/lib/{nokogiri → arachni/nokogiri}/xml/node.rb +0 -0
- data/lib/arachni/options.rb +986 -0
- data/lib/{parser.rb → arachni/parser.rb} +0 -0
- data/lib/{parser → arachni/parser}/auditable.rb +111 -32
- data/lib/{parser → arachni/parser}/elements.rb +28 -20
- data/lib/{parser → arachni/parser}/page.rb +20 -3
- data/lib/{parser → arachni/parser}/parser.rb +100 -63
- data/lib/{plugin.rb → arachni/plugin.rb} +0 -0
- data/lib/{plugin → arachni/plugin}/base.rb +43 -6
- data/lib/{plugin → arachni/plugin}/manager.rb +40 -13
- data/lib/{report.rb → arachni/report.rb} +0 -0
- data/lib/{report → arachni/report}/base.rb +43 -2
- data/lib/{report → arachni/report}/manager.rb +7 -18
- data/lib/arachni/rpc/client/base.rb +42 -0
- data/lib/{rpc/xml → arachni/rpc}/client/dispatcher.rb +12 -13
- data/lib/arachni/rpc/client/instance.rb +62 -0
- data/lib/arachni/rpc/server/base.rb +51 -0
- data/lib/arachni/rpc/server/dispatcher.rb +438 -0
- data/lib/arachni/rpc/server/framework.rb +1163 -0
- data/lib/arachni/rpc/server/instance.rb +184 -0
- data/lib/{rpc/xml → arachni/rpc}/server/module/manager.rb +8 -5
- data/lib/arachni/rpc/server/node.rb +267 -0
- data/lib/{rpc/xml → arachni/rpc}/server/options.rb +6 -35
- data/lib/{rpc/xml → arachni/rpc}/server/output.rb +29 -3
- data/lib/{rpc/xml → arachni/rpc}/server/plugin/manager.rb +5 -6
- data/lib/{ruby.rb → arachni/ruby.rb} +1 -2
- data/lib/arachni/ruby/array.rb +31 -0
- data/lib/{ruby → arachni/ruby}/object.rb +1 -1
- data/lib/{ruby → arachni/ruby}/string.rb +1 -1
- data/lib/{spider.rb → arachni/spider.rb} +83 -110
- data/lib/arachni/typhoeus/hydra.rb +7 -0
- data/lib/{typhoeus → arachni/typhoeus}/request.rb +11 -9
- data/lib/{typhoeus → arachni/typhoeus}/response.rb +4 -0
- data/lib/{ui → arachni/ui}/cli/cli.rb +154 -84
- data/lib/{ui → arachni/ui}/cli/output.rb +57 -19
- data/lib/{ui/xmlrpc → arachni/ui/rpc}/dispatcher_monitor.rb +11 -10
- data/lib/{ui/xmlrpc/xmlrpc.rb → arachni/ui/rpc/rpc.rb} +102 -158
- data/lib/{ui → arachni/ui}/web/addon_manager.rb +23 -3
- data/lib/arachni/ui/web/addons/autodeploy.rb +207 -0
- data/lib/{ui → arachni/ui}/web/addons/autodeploy/lib/manager.rb +142 -35
- data/lib/arachni/ui/web/addons/autodeploy/views/index.erb +291 -0
- data/lib/{ui → arachni/ui}/web/addons/sample.rb +1 -1
- data/lib/{ui → arachni/ui}/web/addons/sample/views/index.erb +0 -0
- data/lib/{ui → arachni/ui}/web/addons/scheduler.rb +30 -22
- data/lib/{ui → arachni/ui}/web/addons/scheduler/views/index.erb +56 -22
- data/lib/{ui → arachni/ui}/web/addons/scheduler/views/options.erb +0 -0
- data/lib/arachni/ui/web/dispatcher_manager.rb +274 -0
- data/lib/arachni/ui/web/instance_manager.rb +69 -0
- data/lib/{ui → arachni/ui}/web/log.rb +1 -1
- data/lib/arachni/ui/web/output_stream.rb +54 -0
- data/lib/{ui → arachni/ui}/web/report_manager.rb +48 -54
- data/lib/{ui → arachni/ui}/web/scheduler.rb +42 -47
- data/lib/arachni/ui/web/server.rb +1197 -0
- data/lib/{ui → arachni/ui}/web/server/db/placeholder +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/banner.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/bodybg-small.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/bodybg.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/pbar-ani.gif +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_222222_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_454545_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_888888_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/css/smoothness/jquery-ui-1.8.9.custom.css +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/favicon.ico +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/footer.jpg +0 -0
- data/lib/{ui/web/server/public/icons/error.png → arachni/ui/web/server/public/icons/bad.png} +0 -0
- data/lib/arachni/ui/web/server/public/icons/error.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/icons/info.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/icons/ok.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/icons/status.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/js/jquery-1.4.4.min.js +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/js/jquery-ui-1.8.9.custom.min.js +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/js/jquery-ui-timepicker.js +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/logo.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-left.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-right.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-selected-left.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/nav-selected-right.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/plugins/sample/style.css +0 -0
- data/lib/{ui/web/server/tmp → arachni/ui/web/server/public/reports}/placeholder +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/sidebar-bottom.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/sidebar-h4.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/sidebar-top.jpg +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/spider.png +0 -0
- data/lib/{ui → arachni/ui}/web/server/public/style.css +3 -2
- data/lib/arachni/ui/web/server/tmp/placeholder +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/addon.erb +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/addons.erb +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/dispatcher_error.erb +0 -0
- data/lib/arachni/ui/web/server/views/dispatchers.erb +175 -0
- data/lib/arachni/ui/web/server/views/dispatchers_edit.erb +71 -0
- data/lib/arachni/ui/web/server/views/error.erb +22 -0
- data/lib/{ui → arachni/ui}/web/server/views/flash.erb +2 -2
- data/lib/arachni/ui/web/server/views/home.erb +60 -0
- data/lib/{ui → arachni/ui}/web/server/views/instance.erb +55 -75
- data/lib/arachni/ui/web/server/views/js/home.erb +32 -0
- data/lib/{ui → arachni/ui}/web/server/views/layout.erb +2 -2
- data/lib/{ui → arachni/ui}/web/server/views/log.erb +0 -0
- data/lib/arachni/ui/web/server/views/module.erb +30 -0
- data/lib/{ui → arachni/ui}/web/server/views/modules.erb +2 -22
- data/lib/{ui → arachni/ui}/web/server/views/options.erb +0 -0
- data/lib/{ui → arachni/ui}/web/server/views/output_results.erb +4 -4
- data/lib/{ui → arachni/ui}/web/server/views/plugins.erb +23 -12
- data/lib/{ui → arachni/ui}/web/server/views/report_formats.erb +1 -1
- data/lib/{ui → arachni/ui}/web/server/views/reports.erb +1 -1
- data/lib/{ui → arachni/ui}/web/server/views/settings.erb +59 -16
- data/lib/{ui → arachni/ui}/web/server/views/welcome.erb +3 -1
- data/lib/{ui → arachni/ui}/web/utilities.rb +8 -3
- data/lib/arachni/version.rb +16 -0
- data/modules/audit/code_injection.rb +11 -20
- data/modules/audit/code_injection_timing.rb +2 -6
- data/modules/audit/csrf.rb +8 -16
- data/modules/audit/ldapi.rb +5 -11
- data/modules/audit/os_cmd_injection.rb +5 -9
- data/modules/audit/os_cmd_injection_timing.rb +4 -8
- data/modules/audit/path_traversal.rb +7 -13
- data/modules/audit/response_splitting.rb +8 -21
- data/modules/audit/rfi.rb +6 -46
- data/modules/audit/sqli.rb +5 -11
- data/modules/audit/sqli/regexp_ids.txt +0 -6
- data/modules/audit/sqli_blind_rdiff.rb +5 -10
- data/modules/audit/sqli_blind_timing.rb +4 -9
- data/modules/audit/trainer.rb +6 -12
- data/modules/audit/unvalidated_redirect.rb +6 -17
- data/modules/audit/xpath.rb +5 -12
- data/modules/audit/xss.rb +37 -23
- data/modules/audit/xss_event.rb +5 -10
- data/modules/audit/xss_path.rb +47 -41
- data/modules/audit/xss_script_tag.rb +5 -10
- data/modules/audit/xss_tag.rb +5 -10
- data/modules/audit/xss_uri.rb +17 -89
- data/modules/recon/allowed_methods.rb +6 -15
- data/modules/recon/backdoors.rb +12 -52
- data/modules/recon/backup_files.rb +25 -88
- data/modules/recon/common_directories.rb +8 -54
- data/modules/recon/common_files.rb +7 -58
- data/modules/recon/directory_listing.rb +6 -15
- data/modules/recon/grep/captcha.rb +1 -1
- data/modules/recon/grep/credit_card.rb +62 -27
- data/modules/recon/grep/cvs_svn_users.rb +1 -1
- data/modules/recon/grep/emails.rb +1 -1
- data/modules/recon/grep/html_objects.rb +1 -1
- data/modules/recon/grep/private_ip.rb +1 -1
- data/modules/recon/grep/ssn.rb +9 -9
- data/modules/recon/htaccess_limit.rb +6 -14
- data/modules/recon/http_put.rb +7 -15
- data/modules/recon/interesting_responses.rb +7 -13
- data/modules/recon/mixed_resource.rb +100 -0
- data/modules/recon/unencrypted_password_forms.rb +8 -20
- data/modules/recon/webdav.rb +6 -16
- data/modules/recon/xst.rb +7 -13
- data/path_extractors/anchors.rb +1 -1
- data/path_extractors/forms.rb +1 -1
- data/path_extractors/frames.rb +1 -1
- data/path_extractors/generic.rb +47 -3
- data/path_extractors/links.rb +1 -1
- data/path_extractors/meta_refresh.rb +1 -1
- data/path_extractors/scripts.rb +3 -4
- data/path_extractors/sitemap.rb +1 -1
- data/plugins/autologin.rb +9 -18
- data/plugins/beep_notify.rb +51 -0
- data/plugins/cookie_collector.rb +12 -12
- data/plugins/defaults/autothrottle.rb +86 -0
- data/plugins/{content_types.rb → defaults/content_types.rb} +25 -19
- data/plugins/{healthmap.rb → defaults/healthmap.rb} +30 -18
- data/plugins/defaults/metamodules/remedies/discovery.rb +164 -0
- data/plugins/defaults/metamodules/remedies/manual_verification.rb +65 -0
- data/{metamodules/timeout_notice.rb → plugins/defaults/metamodules/remedies/timing_attacks.rb} +26 -22
- data/{metamodules → plugins/defaults/metamodules}/uniformity.rb +15 -14
- data/plugins/{profiler.rb → defaults/profiler.rb} +19 -30
- data/plugins/defaults/resolver.rb +55 -0
- data/plugins/email_notify.rb +108 -0
- data/plugins/form_dicattack.rb +8 -16
- data/plugins/http_dicattack.rb +4 -12
- data/plugins/libnotify.rb +86 -0
- data/plugins/proxy.rb +8 -17
- data/plugins/proxy/server.rb +3 -3
- data/plugins/rescan.rb +60 -0
- data/plugins/waf_detector.rb +5 -16
- data/profiles/full.afp +3 -30
- data/reports/afr.rb +2 -5
- data/reports/ap.rb +3 -1
- data/reports/html.rb +210 -68
- data/reports/html/default.erb +72 -1014
- data/reports/html/default/configuration.erb +126 -0
- data/reports/html/default/css/jquery-ui.css +570 -0
- data/reports/html/default/css/jquery.jqplot.min.css +1 -0
- data/reports/html/default/css/main.css +391 -0
- data/reports/html/default/issue.erb +189 -0
- data/reports/html/default/issues.erb +65 -0
- data/reports/html/default/js/charts.js +146 -0
- data/reports/html/default/js/helpers.js +95 -0
- data/reports/html/default/js/init.js +73 -0
- data/reports/html/default/js/lib/jqplot.barRenderer.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.categoryAxisRenderer.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.cursor.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.pieRenderer.min.js +57 -0
- data/reports/html/default/js/lib/jqplot.pointLabels.min.js +57 -0
- data/reports/html/default/js/lib/jquery-ui.min.js +404 -0
- data/reports/html/default/js/lib/jquery.jqplot.min.js +57 -0
- data/reports/html/default/js/lib/jquery.min.js +167 -0
- data/reports/html/default/plugins.erb +22 -0
- data/reports/html/default/search.erb +8 -0
- data/reports/html/default/sitemap.erb +15 -0
- data/reports/html/default/summary.erb +68 -0
- data/reports/html/default/summary_issue.erb +19 -0
- data/reports/json.rb +51 -0
- data/reports/marshal.rb +49 -0
- data/reports/metareport.rb +4 -6
- data/reports/metareport/arachni_metareport.rb +1 -1
- data/reports/plugin_formatters/html/autologin.rb +30 -41
- data/reports/plugin_formatters/html/content_types.rb +1 -10
- data/reports/plugin_formatters/html/cookie_collector.rb +36 -44
- data/reports/plugin_formatters/html/discovery.rb +50 -0
- data/reports/plugin_formatters/html/form_dicattack.rb +24 -32
- data/reports/plugin_formatters/html/healthmap.rb +45 -54
- data/reports/plugin_formatters/html/http_dicattack.rb +24 -32
- data/reports/plugin_formatters/html/profiler.rb +17 -48
- data/reports/plugin_formatters/html/profiler/template.erb +6 -99
- data/reports/plugin_formatters/html/resolver.rb +63 -0
- data/reports/plugin_formatters/html/{metaformatters/timeout_notice.rb → timing_attacks.rb} +7 -19
- data/reports/plugin_formatters/html/{metaformatters/uniformity.rb → uniformity.rb} +5 -17
- data/reports/plugin_formatters/html/waf_detector.rb +24 -32
- data/reports/plugin_formatters/stdout/autologin.rb +30 -35
- data/reports/plugin_formatters/stdout/content_types.rb +41 -46
- data/reports/plugin_formatters/stdout/cookie_collector.rb +33 -38
- data/reports/plugin_formatters/stdout/discovery.rb +47 -0
- data/reports/plugin_formatters/stdout/form_dicattack.rb +27 -32
- data/reports/plugin_formatters/stdout/healthmap.rb +47 -51
- data/reports/plugin_formatters/stdout/http_dicattack.rb +27 -32
- data/reports/plugin_formatters/stdout/metamodules.rb +48 -55
- data/reports/plugin_formatters/stdout/profiler.rb +60 -65
- data/reports/plugin_formatters/stdout/resolver.rb +45 -0
- data/reports/plugin_formatters/stdout/{metaformatters/timeout_notice.rb → timing_attacks.rb} +6 -14
- data/reports/plugin_formatters/stdout/{metaformatters/uniformity.rb → uniformity.rb} +6 -14
- data/reports/plugin_formatters/stdout/waf_detector.rb +23 -28
- data/reports/plugin_formatters/xml/autologin.rb +36 -41
- data/reports/plugin_formatters/xml/content_types.rb +47 -52
- data/reports/plugin_formatters/xml/cookie_collector.rb +39 -44
- data/reports/plugin_formatters/xml/discovery.rb +54 -0
- data/reports/plugin_formatters/xml/form_dicattack.rb +22 -27
- data/reports/plugin_formatters/xml/healthmap.rb +53 -58
- data/reports/plugin_formatters/xml/http_dicattack.rb +22 -27
- data/reports/plugin_formatters/xml/profiler.rb +61 -77
- data/reports/plugin_formatters/xml/resolver.rb +53 -0
- data/reports/plugin_formatters/xml/{metaformatters/timeout_notice.rb → timing_attacks.rb} +3 -15
- data/reports/plugin_formatters/xml/{metaformatters/uniformity.rb → uniformity.rb} +4 -14
- data/reports/plugin_formatters/xml/waf_detector.rb +23 -28
- data/reports/stdout.rb +1 -1
- data/reports/txt.rb +2 -5
- data/reports/xml.rb +2 -5
- data/reports/xml/buffer.rb +6 -2
- data/reports/yaml.rb +49 -0
- metadata +419 -278
- data/bin/arachni_xmlrpc +0 -21
- data/bin/arachni_xmlrpcd +0 -82
- data/bin/arachni_xmlrpcd_monitor +0 -74
- data/getoptslong.rb +0 -242
- data/lib/anemone.rb +0 -2
- data/lib/framework.rb +0 -673
- data/lib/module/manager.rb +0 -111
- data/lib/options.rb +0 -547
- data/lib/rpc/xml/client/base.rb +0 -76
- data/lib/rpc/xml/client/instance.rb +0 -88
- data/lib/rpc/xml/server/base.rb +0 -112
- data/lib/rpc/xml/server/dispatcher.rb +0 -386
- data/lib/rpc/xml/server/framework.rb +0 -206
- data/lib/rpc/xml/server/instance.rb +0 -191
- data/lib/ruby/xmlrpc/server.rb +0 -27
- data/lib/ui/web/addons/autodeploy.rb +0 -172
- data/lib/ui/web/addons/autodeploy/views/index.erb +0 -124
- data/lib/ui/web/dispatcher_manager.rb +0 -165
- data/lib/ui/web/instance_manager.rb +0 -87
- data/lib/ui/web/output_stream.rb +0 -94
- data/lib/ui/web/server.rb +0 -925
- data/lib/ui/web/server/public/reports/placeholder +0 -1
- data/lib/ui/web/server/views/dispatchers.erb +0 -100
- data/lib/ui/web/server/views/dispatchers_edit.erb +0 -42
- data/lib/ui/web/server/views/error.erb +0 -1
- data/lib/ui/web/server/views/home.erb +0 -25
- data/metamodules/autothrottle.rb +0 -74
- data/plugins/metamodules.rb +0 -118
- data/profiles/comprehensive.afp +0 -74
- data/reports/plugin_formatters/html/metamodules.rb +0 -93
- data/reports/plugin_formatters/xml/metamodules.rb +0 -91
data/reports/html/default.erb
CHANGED
@@ -4,1021 +4,79 @@
|
|
4
4
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
5
5
|
|
6
6
|
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US">
|
7
|
-
<head>
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
7
|
+
<head>
|
8
|
+
<title><%= title_url %> :: Arachni Web Application Security Report</title>
|
9
|
+
|
10
|
+
<!--
|
11
|
+
Design by:
|
12
|
+
* Christos Chiotis <chris@survivetheinternet.com>
|
13
|
+
* Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
14
|
+
|
15
|
+
Copyright (c) Arachni 2011-2012.
|
16
|
+
-->
|
17
|
+
|
18
|
+
<script type="text/javascript">
|
19
|
+
//<![CDATA[
|
20
|
+
<%=erb 'js/init.js', { :conf => conf, :graph_data => graph_data } %>
|
21
|
+
//]]>
|
22
|
+
</script>
|
23
|
+
|
24
|
+
<style type="text/css">
|
25
|
+
/*<![CDATA[*/
|
26
|
+
<%=erb 'css/jquery.jqplot.min.css' %>
|
27
|
+
<%=erb 'css/jquery-ui.css' %>
|
28
|
+
<%=erb 'css/main.css' %>
|
29
|
+
/*]]>*/
|
30
|
+
</style>
|
31
|
+
|
32
|
+
</head>
|
33
|
+
|
34
|
+
<body>
|
35
|
+
|
36
|
+
<div id="fp_report_msg" class="hidden" title="Reporting a false positive."></div>
|
37
|
+
|
38
|
+
<div id="contentreport">
|
39
|
+
<header>
|
40
|
+
<h1>Report for <%=escapeHTML(audit_store.options['url'])%> (Generated on <strong><%=Time.now%></strong>)</h1>
|
41
|
+
<span style="float: right">Found a false positive? <a href="<%=escapeHTML(ISSUES_URL)%>">Report it here</a>.</span>
|
42
|
+
</header>
|
43
|
+
|
44
|
+
<nav>
|
45
|
+
<ul>
|
46
|
+
<li><a href="#summary">Summary</a></li>
|
47
|
+
<li><a href="#issues">Issues</a></li>
|
48
|
+
<li><a href="#plugins">Plugin results</a></li>
|
49
|
+
<li><a href="#sitemap">Sitemap</a></li>
|
50
|
+
<li><a href="#configuration">Configuration</a></li>
|
51
|
+
</ul>
|
52
|
+
</nav>
|
53
|
+
|
54
|
+
<section class="tab" id="summary">
|
55
|
+
<%= erb :summary, { :audit_store => audit_store} %>
|
56
|
+
</section>
|
57
|
+
|
58
|
+
<section class="tab" id="configuration">
|
59
|
+
<%= erb :configuration, { :audit_store => audit_store} %>
|
60
|
+
</section>
|
61
|
+
|
62
|
+
<section class="tab" id="issues">
|
63
|
+
<%= erb :issues, {
|
64
|
+
:audit_store => audit_store,
|
65
|
+
:filtered_hashes => filtered_hashes,
|
66
|
+
:anomalous_hashes => anomalous_hashes,
|
67
|
+
:anomalous_meta_results => anomalous_meta_results,
|
68
|
+
:crypto_issues => crypto_issues
|
69
|
+
} %>
|
70
|
+
</section>
|
71
|
+
|
72
|
+
<section class="tab" id="plugins">
|
73
|
+
<%= erb :plugins, { :audit_store => audit_store, :plugins => plugins } %>
|
74
|
+
</section>
|
75
|
+
|
76
|
+
<section class="tab" id="sitemap">
|
77
|
+
<%= erb :sitemap, { :audit_store => audit_store } %>
|
78
|
+
</section>
|
13
79
|
|
14
|
-
<!--
|
15
|
-
Design by:
|
16
|
-
* Christos Chiotis <chris@survivetheinternet.com>
|
17
|
-
* Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
18
|
-
|
19
|
-
Copyright (c) Arachni 2011.
|
20
|
-
-->
|
21
|
-
|
22
|
-
<script type="text/javascript">
|
23
|
-
//<![CDATA[
|
24
|
-
|
25
|
-
var configuration = <%=js_multiline( conf )%>
|
26
|
-
var email_address;
|
27
|
-
|
28
|
-
if( typeof jQuery == 'undefined' ) {
|
29
|
-
alert( "Could not load the necessary JavaScript libraries -- the presentation and functionality of the report will be crippled.\n" +
|
30
|
-
"Make sure that your internet connection is working and try refreshing the page." );
|
31
|
-
}
|
32
|
-
|
33
|
-
function getElem( id ){
|
34
|
-
return document.getElementById(id)
|
35
|
-
}
|
36
|
-
|
37
|
-
function report_fp( i ) {
|
38
|
-
|
39
|
-
if( !email_address ) {
|
40
|
-
email_address = prompt( "Please enter your e-mail address:", "")
|
41
|
-
}
|
42
|
-
|
43
|
-
if( !email_address )
|
44
|
-
return false;
|
45
|
-
|
46
|
-
// get some values from elements on the page:
|
47
|
-
var $form = $( "#false_positive_" + i ),
|
48
|
-
issue = $form.find( 'input[name="issue"]' ).val(),
|
49
|
-
module = $form.find( 'input[name="module"]' ).val(),
|
50
|
-
url = $form.find( 'input[name="url"]' ).val();
|
51
|
-
|
52
|
-
// Send the data using post and put the results in a div
|
53
|
-
$.post( "<%=REPORT_FP_URL%>",
|
54
|
-
{ email_address: email_address, url: url, module: module, issue: issue, configuration: configuration } ,
|
55
|
-
function( ) {
|
56
|
-
$( "#fp_report_msg" ).html( "Done!" )
|
57
|
-
}
|
58
|
-
);
|
59
|
-
|
60
|
-
$(function() {
|
61
|
-
var fp_txt = '<p>Please wait while the data is being transferred...</p>';
|
62
|
-
$( "#fp_report_msg" ).html( fp_txt );
|
63
|
-
|
64
|
-
$( "#fp_report_msg" ).dialog({
|
65
|
-
modal: true,
|
66
|
-
buttons: {
|
67
|
-
Ok: function() {
|
68
|
-
$( this ).dialog( "close" );
|
69
|
-
$( "#fp_report_msg" ).html( fp_txt );
|
70
|
-
}
|
71
|
-
}
|
72
|
-
});
|
73
|
-
});
|
74
|
-
|
75
|
-
}
|
76
|
-
|
77
|
-
function toggleElem( id ){
|
78
|
-
|
79
|
-
if( getElem(id).style.display == 'none' ||
|
80
|
-
getElem(id).style.display == '' )
|
81
|
-
{
|
82
|
-
getElem(id).style.display = 'block';
|
83
|
-
sign = '[-]';
|
84
|
-
} else {
|
85
|
-
getElem(id).style.display = 'none';
|
86
|
-
sign = '[+]';
|
87
|
-
}
|
88
|
-
|
89
|
-
if( getElem(id + '_sign') ){
|
90
|
-
getElem(id + '_sign').innerHTML = sign;
|
91
|
-
}
|
92
|
-
}
|
93
|
-
|
94
|
-
|
95
|
-
function inspect( id ){
|
96
|
-
$( id ).dialog({
|
97
|
-
height: 500,
|
98
|
-
width: 1000,
|
99
|
-
modal: true
|
100
|
-
});
|
101
|
-
}
|
102
|
-
|
103
|
-
jQuery(function($){
|
104
|
-
|
105
|
-
tabs = function(options) {
|
106
|
-
|
107
|
-
var defaults = {
|
108
|
-
selector: '.tabs',
|
109
|
-
selectedClass: 'selected'
|
110
|
-
};
|
111
|
-
|
112
|
-
if(typeof options == 'string') defaults.selector = options;
|
113
|
-
var options = $.extend(defaults, options);
|
114
|
-
|
115
|
-
return $(options.selector).each(function(){
|
116
|
-
|
117
|
-
var obj = this;
|
118
|
-
var targets = Array();
|
119
|
-
|
120
|
-
function show(i){
|
121
|
-
$.each(targets,function(index,value){
|
122
|
-
$(value).hide();
|
123
|
-
})
|
124
|
-
$(targets[i]).fadeIn('fast');
|
125
|
-
$(obj).children().removeClass(options.selectedClass);
|
126
|
-
selected = $(obj).children().get(i);
|
127
|
-
$(selected).addClass(options.selectedClass);
|
128
|
-
};
|
129
|
-
|
130
|
-
$('a',this).each(function(i){
|
131
|
-
targets.push($(this).attr('href'));
|
132
|
-
$(this).click(function(e){
|
133
|
-
e.preventDefault();
|
134
|
-
show(i);
|
135
|
-
});
|
136
|
-
});
|
137
|
-
|
138
|
-
show(0);
|
139
|
-
|
140
|
-
});
|
141
|
-
}
|
142
|
-
|
143
|
-
// initialize the function
|
144
|
-
// as a parameter we are sending a selector. For this particular script we must select the unordered (or ordered) list item element
|
145
|
-
tabs('nav ul');
|
146
|
-
|
147
|
-
});
|
148
|
-
|
149
|
-
var issues; // globally available
|
150
|
-
$(document).ready(function() {
|
151
|
-
issues = new Highcharts.Chart({
|
152
|
-
chart: {
|
153
|
-
renderTo: 'chart-issues',
|
154
|
-
defaultSeriesType: 'column',
|
155
|
-
backgroundColor: '#ccc'
|
156
|
-
},
|
157
|
-
title: {
|
158
|
-
text: 'Issues by type'
|
159
|
-
},
|
160
|
-
xAxis: {
|
161
|
-
categories: <%=@graph_data[:issues].keys.to_s %>
|
162
|
-
},
|
163
|
-
yAxis: {
|
164
|
-
title: {
|
165
|
-
text: ''
|
166
|
-
}
|
167
|
-
},
|
168
|
-
series: [{
|
169
|
-
data: <%=@graph_data[:issues].values.to_s %>
|
170
|
-
}]
|
171
|
-
});
|
172
|
-
});
|
173
|
-
|
174
|
-
var severities;
|
175
|
-
$(document).ready(function() {
|
176
|
-
severities = new Highcharts.Chart({
|
177
|
-
chart: {
|
178
|
-
renderTo: 'chart-severities',
|
179
|
-
backgroundColor: '#ccc'
|
180
|
-
},
|
181
|
-
title: {
|
182
|
-
text: 'Severity levels'
|
183
|
-
},
|
184
|
-
tooltip: {
|
185
|
-
formatter: function() {
|
186
|
-
return '<b>'+ this.point.name +'</b>: '+ this.y +' %';
|
187
|
-
}
|
188
|
-
},
|
189
|
-
series: [{
|
190
|
-
type: 'pie',
|
191
|
-
data: [
|
192
|
-
<%@graph_data[:severities].each do |severity| %>
|
193
|
-
<%=severity.to_s%>,
|
194
|
-
<%end%>
|
195
|
-
]
|
196
|
-
}]
|
197
|
-
});
|
198
|
-
});
|
199
|
-
|
200
|
-
var elements;
|
201
|
-
$(document).ready(function() {
|
202
|
-
elements = new Highcharts.Chart({
|
203
|
-
chart: {
|
204
|
-
renderTo: 'chart-elements',
|
205
|
-
backgroundColor: '#ccc'
|
206
|
-
},
|
207
|
-
title: {
|
208
|
-
text: 'Issues by elements'
|
209
|
-
},
|
210
|
-
tooltip: {
|
211
|
-
formatter: function() {
|
212
|
-
return '<b>'+ this.point.name +'</b>: '+ this.y +' %';
|
213
|
-
}
|
214
|
-
},
|
215
|
-
series: [{
|
216
|
-
type: 'pie',
|
217
|
-
data: [
|
218
|
-
<%@graph_data[:elements].each do |severity| %>
|
219
|
-
<%=severity.to_s%>,
|
220
|
-
<%end%>
|
221
|
-
]
|
222
|
-
}]
|
223
|
-
});
|
224
|
-
});
|
225
|
-
|
226
|
-
var verification;
|
227
|
-
$(document).ready(function() {
|
228
|
-
verification = new Highcharts.Chart({
|
229
|
-
chart: {
|
230
|
-
renderTo: 'chart-verification',
|
231
|
-
backgroundColor: '#ccc'
|
232
|
-
},
|
233
|
-
title: {
|
234
|
-
text: 'Issues which require manual verification'
|
235
|
-
},
|
236
|
-
tooltip: {
|
237
|
-
formatter: function() {
|
238
|
-
return '<b>'+ this.point.name +'</b>: '+ this.y +' %';
|
239
|
-
}
|
240
|
-
},
|
241
|
-
series: [{
|
242
|
-
type: 'pie',
|
243
|
-
data: [
|
244
|
-
<%@graph_data[:verification].each do |severity| %>
|
245
|
-
<%=severity.to_s%>,
|
246
|
-
<%end%>
|
247
|
-
]
|
248
|
-
}]
|
249
|
-
});
|
250
|
-
});
|
251
|
-
|
252
|
-
//]]>
|
253
|
-
</script>
|
254
|
-
|
255
|
-
<style type="text/css">
|
256
|
-
/*<![CDATA[*/
|
257
|
-
|
258
|
-
body {
|
259
|
-
background: #ddd;
|
260
|
-
margin:0;
|
261
|
-
padding:0;
|
262
|
-
font-family: Verdana, Geneva, sans-serif;
|
263
|
-
font-size: 12px;
|
264
|
-
color: #333;
|
265
|
-
}
|
266
|
-
|
267
|
-
.wrapper {
|
268
|
-
background: #ddd url('bodybg.png') repeat-x scroll top left;
|
269
|
-
}
|
270
|
-
|
271
|
-
.subpage {
|
272
|
-
background-image: url('bodybg-small.png');
|
273
|
-
}
|
274
|
-
|
275
|
-
* {
|
276
|
-
margin:0;
|
277
|
-
padding:0;
|
278
|
-
}
|
279
|
-
|
280
|
-
/** element defaults **/
|
281
|
-
table {
|
282
|
-
width: 100%;
|
283
|
-
text-align: left;
|
284
|
-
}
|
285
|
-
|
286
|
-
th, td {
|
287
|
-
padding: 10px 10px;
|
288
|
-
}
|
289
|
-
|
290
|
-
th {
|
291
|
-
color: #fff;
|
292
|
-
background: #2978A1 none repeat-x scroll -15px 0;
|
293
|
-
}
|
294
|
-
|
295
|
-
td {
|
296
|
-
color: #111;
|
297
|
-
vertical-align: top
|
298
|
-
}
|
299
|
-
|
300
|
-
code, blockquote {
|
301
|
-
display: block;
|
302
|
-
border-left: 5px solid #ddd;
|
303
|
-
padding: 10px;
|
304
|
-
margin-bottom: 20px;
|
305
|
-
}
|
306
|
-
code {
|
307
|
-
background-color: #ddd;
|
308
|
-
border: none;
|
309
|
-
}
|
310
|
-
blockquote {
|
311
|
-
border-left: 5px solid #333;
|
312
|
-
}
|
313
|
-
|
314
|
-
blockquote p {
|
315
|
-
font-style: italic;
|
316
|
-
font-family: Georgia, "Times New Roman", Times, serif;
|
317
|
-
margin: 0;
|
318
|
-
height: 1%;
|
319
|
-
}
|
320
|
-
|
321
|
-
p {
|
322
|
-
line-height: 1.9em;
|
323
|
-
margin-bottom: 20px;
|
324
|
-
}
|
325
|
-
|
326
|
-
a {
|
327
|
-
color: #256F94;
|
328
|
-
text-decoration: none
|
329
|
-
}
|
330
|
-
|
331
|
-
a:hover {
|
332
|
-
color: #BC6637;
|
333
|
-
}
|
334
|
-
|
335
|
-
a:focus {
|
336
|
-
outline: none;
|
337
|
-
}
|
338
|
-
|
339
|
-
fieldset {
|
340
|
-
display: block;
|
341
|
-
border: none;
|
342
|
-
border-top: 1px solid #ccc;
|
343
|
-
}
|
344
|
-
|
345
|
-
fieldset legend {
|
346
|
-
font-weight: bold;
|
347
|
-
font-size: 13px;
|
348
|
-
padding-right: 10px;
|
349
|
-
color: #666;
|
350
|
-
}
|
351
|
-
|
352
|
-
fieldset form {
|
353
|
-
padding-top: 15px;
|
354
|
-
}
|
355
|
-
|
356
|
-
fieldset p label {
|
357
|
-
float: left;
|
358
|
-
width: 150px;
|
359
|
-
}
|
360
|
-
|
361
|
-
form input, form select, form textarea {
|
362
|
-
padding: 5px;
|
363
|
-
color: #333333;
|
364
|
-
border: 1px solid #999;
|
365
|
-
font-family: Arial, Helvetica, sans-serif;
|
366
|
-
font-size: 12px;
|
367
|
-
-moz-border-radius: 5px;
|
368
|
-
-webkit-border-radius: 5px;
|
369
|
-
}
|
370
|
-
|
371
|
-
form input.formbutton {
|
372
|
-
border: none;
|
373
|
-
background: #FFFFFF url(bodybg.png) repeat-x scroll 0 -160px;
|
374
|
-
color: #ffffff;
|
375
|
-
font-weight: bold;
|
376
|
-
padding: 5px 10px;
|
377
|
-
font-size: 12px;
|
378
|
-
font-family: Tahoma, Geneva, sans-serif;
|
379
|
-
letter-spacing: 1px;
|
380
|
-
width: auto;
|
381
|
-
overflow: visible;
|
382
|
-
-moz-border-radius: 5px;
|
383
|
-
-webkit-border-radius: 5px;
|
384
|
-
}
|
385
|
-
|
386
|
-
form.searchform p {
|
387
|
-
margin: 5px 0;
|
388
|
-
}
|
389
|
-
|
390
|
-
form.searchform input.s {
|
391
|
-
border: 1px solid #000;
|
392
|
-
}
|
393
|
-
|
394
|
-
form.settings input, textarea {
|
395
|
-
float: right;
|
396
|
-
margin-right: 10px
|
397
|
-
}
|
398
|
-
|
399
|
-
.options input, textarea {
|
400
|
-
float: right;
|
401
|
-
margin-right: 10px
|
402
|
-
}
|
403
|
-
|
404
|
-
form.reset input {
|
405
|
-
float: left;
|
406
|
-
}
|
407
|
-
|
408
|
-
|
409
|
-
span.required {
|
410
|
-
font-family: Verdana, Arial, Helvetica, sans-serif;
|
411
|
-
color: #ff0000;
|
412
|
-
}
|
413
|
-
|
414
|
-
h1 {
|
415
|
-
color: #1F5D7C;
|
416
|
-
font-family: Arial, Helvetica, sans-serif;
|
417
|
-
font-size: 35px;
|
418
|
-
}
|
419
|
-
|
420
|
-
h2 {
|
421
|
-
color: #111;
|
422
|
-
font-family: Arial, Helvetica, sans-serif;
|
423
|
-
font-size: 28px;
|
424
|
-
letter-spacing: -0.5px;
|
425
|
-
padding: 0 0 5px;
|
426
|
-
margin: 0;
|
427
|
-
font-weight: normal;
|
428
|
-
}
|
429
|
-
|
430
|
-
h3 {
|
431
|
-
color: #BC6637;
|
432
|
-
font-family: Arial, Helvetica, sans-serif;
|
433
|
-
font-size: 18px;
|
434
|
-
font-weight: bold;
|
435
|
-
margin-bottom: 10px;
|
436
|
-
}
|
437
|
-
|
438
|
-
h4 {
|
439
|
-
padding-bottom: 10px;
|
440
|
-
font-size: 15px;
|
441
|
-
color: #666;
|
442
|
-
}
|
443
|
-
|
444
|
-
h5 {
|
445
|
-
padding-bottom: 10px;
|
446
|
-
font-size: 13px;
|
447
|
-
color: #666;
|
448
|
-
}
|
449
|
-
|
450
|
-
ul, ol {
|
451
|
-
margin: 0 0 35px 35px;
|
452
|
-
}
|
453
|
-
|
454
|
-
li {
|
455
|
-
padding-bottom: 5px;
|
456
|
-
}
|
457
|
-
|
458
|
-
li ol, li ul {
|
459
|
-
font-size: 1.0em;
|
460
|
-
margin-bottom: 0;
|
461
|
-
padding-top: 5px;
|
462
|
-
}
|
463
|
-
|
464
|
-
iframe {
|
465
|
-
border: 1px solid
|
466
|
-
}
|
467
|
-
|
468
|
-
.clear {
|
469
|
-
clear: both;
|
470
|
-
}
|
471
|
-
|
472
|
-
.notice {
|
473
|
-
color: #222;
|
474
|
-
background: #e3e4e3;
|
475
|
-
border: 1px solid #d5d5d5;
|
476
|
-
padding: 7px 10px;
|
477
|
-
display: block;
|
478
|
-
text-align: left
|
479
|
-
-moz-border-radius: 5px;
|
480
|
-
-webkit-border-radius: 5px;
|
481
|
-
}
|
482
|
-
|
483
|
-
.left {
|
484
|
-
float: left;
|
485
|
-
width: 49%;
|
486
|
-
padding-right: 5px
|
487
|
-
}
|
488
|
-
|
489
|
-
.right {
|
490
|
-
float: right;
|
491
|
-
width: 50%;
|
492
|
-
border-left: 1px
|
493
|
-
}
|
494
|
-
|
495
|
-
.variation{
|
496
|
-
display: none;
|
497
|
-
padding: 20px;
|
498
|
-
padding-left: 40px;
|
499
|
-
padding-top: 0px
|
500
|
-
}
|
501
|
-
|
502
|
-
.hidden {
|
503
|
-
display: none
|
504
|
-
}
|
505
|
-
|
506
|
-
.separator {
|
507
|
-
min-width: 100%;
|
508
|
-
border-bottom: 1px solid #333333
|
509
|
-
}
|
510
|
-
|
511
|
-
.ui-widget-bg { border-top: 1px dotted #aed0ea; font-size:9px; }
|
512
|
-
.ui-widget-bar {position:absolute;zIndex:10;bottom:0;font-size:10px; }
|
513
|
-
|
514
|
-
.graphs li{
|
515
|
-
list-style-type:none;
|
516
|
-
}
|
517
|
-
|
518
|
-
/* Security Reports Style */
|
519
|
-
|
520
|
-
header, nav, article, section, footer, address {display:block;}
|
521
|
-
|
522
|
-
header{
|
523
|
-
height: 38px;
|
524
|
-
overflow:hidden;
|
525
|
-
background:#e1e1e1;
|
526
|
-
background:-webkit-gradient(linear, left top, left bottom, from(#cccccc), to(#e1e1e1));
|
527
|
-
background:-moz-linear-gradient(top, #cccccc, #e1e1e1);
|
528
|
-
padding:0 5px;
|
529
|
-
}
|
530
|
-
header h1{
|
531
|
-
line-height:32px;
|
532
|
-
font-size:14px;
|
533
|
-
text-shadow:#fff 0 1px 0;
|
534
|
-
text-align:center;
|
535
|
-
display: inline
|
536
|
-
}
|
537
|
-
|
538
|
-
nav{
|
539
|
-
height:34px;
|
540
|
-
overflow:hidden;
|
541
|
-
}
|
542
|
-
nav ul{
|
543
|
-
margin:0;
|
544
|
-
padding:0 5px;
|
545
|
-
width:100%;
|
546
|
-
height:34px;
|
547
|
-
-moz-box-shadow:inset -2px 2px 2px #999;
|
548
|
-
-webkit-box-shadow:inset -2px 2px 2px #999;
|
549
|
-
box-shadow:inset -2px 0px 2px #999;
|
550
|
-
background:#ddd;
|
551
|
-
}
|
552
|
-
nav li{
|
553
|
-
list-style:none;
|
554
|
-
float:left;
|
555
|
-
height:24px;
|
556
|
-
line-height:24px;
|
557
|
-
-moz-box-shadow:0 0 3px #888;
|
558
|
-
-webkit-box-shadow:0 0 3px #888;
|
559
|
-
box-shadow:0 0 3px #888;
|
560
|
-
-webkit-border-bottom-right-radius:3px;
|
561
|
-
-webkit-border-bottom-left-radius:3px;
|
562
|
-
-moz-border-radius-bottomright:3px;
|
563
|
-
-moz-border-radius-bottomleft:3px;
|
564
|
-
border-bottom-right-radius:3px;
|
565
|
-
border-bottom-left-radius:3px;
|
566
|
-
margin:0 2px;
|
567
|
-
width:200px;
|
568
|
-
overflow:hidden;
|
569
|
-
position:relative;
|
570
|
-
background:#ccc;
|
571
|
-
background:-webkit-gradient(linear, left top, left bottom, from(#ccc), to(#aaa));
|
572
|
-
background:-moz-linear-gradient(top, #ccc, #aaa);
|
573
|
-
}
|
574
|
-
nav li a, nav li a:visited, nav li a:hover{
|
575
|
-
list-style:none;
|
576
|
-
display:block;
|
577
|
-
position:absolute;
|
578
|
-
top:0;
|
579
|
-
left:-2px;
|
580
|
-
height:24px;
|
581
|
-
line-height:24px;
|
582
|
-
width:204px;
|
583
|
-
text-align:center;
|
584
|
-
color:#333;
|
585
|
-
font-size:13px;
|
586
|
-
text-shadow:#e8e8e8 0 1px 0;
|
587
|
-
-moz-box-shadow:inset 0 1px 1px #888;
|
588
|
-
-webkit-box-shadow:inset 0 1px 1px #888;
|
589
|
-
box-shadow:inset 0 1px 1px #888;
|
590
|
-
}
|
591
|
-
nav li.selected {background:#e1e1e1;background:-webkit-gradient(linear, left top, left bottom, from(#e1e1e1), to(#d1d1d1));background:-moz-linear-gradient(top, #e1e1e1, #d1d1d1);}
|
592
|
-
nav li.selected a {-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none;}
|
593
|
-
nav li a:focus {outline:none;}
|
594
|
-
|
595
|
-
/* style your sections here */
|
596
|
-
section {padding:20px;background:#ddd;}
|
597
|
-
section hr {margin:10px 0;}
|
598
|
-
section h2 {border-bottom:1px solid #444;margin:0 0 20px 0;padding:0 0 10px 0;}
|
599
|
-
section p.notice {
|
600
|
-
white-space: -moz-pre-wrap !important; /* Mozilla, since 1999 */
|
601
|
-
white-space: -pre-wrap; /* Opera 4-6 */
|
602
|
-
white-space: -o-pre-wrap; /* Opera 7 */
|
603
|
-
white-space: pre-wrap; /* css-3 */
|
604
|
-
word-wrap: break-word; /* Internet Explorer 5.5+ */
|
605
|
-
}
|
606
|
-
section div.variations form input {cursor:pointer;}
|
607
|
-
/*]]>*/
|
608
|
-
</style>
|
609
|
-
|
610
|
-
</head>
|
611
|
-
|
612
|
-
<body>
|
613
|
-
|
614
|
-
<div id="fp_report_msg" class="hidden" title="Reporting a false positive."></div>
|
615
|
-
|
616
|
-
<div id="contentreport">
|
617
|
-
<header>
|
618
|
-
<h1>Report for <%=escapeHTML(@audit_store.options['url'])%> (Generated on <strong><%=Time.now%></strong>)</h1>
|
619
|
-
<span style="float: right">Found a false positive? <a href="<%=escapeHTML(REPORT_FP)%>">Report it here</a>.</span>
|
620
|
-
</header>
|
621
|
-
|
622
|
-
<nav>
|
623
|
-
<ul>
|
624
|
-
<li><a href="#summary">Summary</a></li>
|
625
|
-
<li><a href="#issues">Issues</a></li>
|
626
|
-
<li><a href="#plugins">Plugin results</a></li>
|
627
|
-
<li><a href="#sitemap">Sitemap</a></li>
|
628
|
-
<li><a href="#configuration">Configuration</a></li>
|
629
|
-
</ul>
|
630
|
-
</nav>
|
631
|
-
|
632
|
-
<section class="tab" id="summary">
|
633
|
-
<h2>Summary</h2>
|
634
|
-
|
635
|
-
<h3>Charts</h3>
|
636
|
-
|
637
|
-
<div id="chart-issues" style="width: 1000px">
|
638
|
-
</div>
|
639
|
-
|
640
|
-
<p class="clear"> </p>
|
641
|
-
|
642
|
-
<div id="chart-severities" style="width: 500px; float:left">
|
643
|
-
</div>
|
644
|
-
|
645
|
-
<div id="chart-elements" style="width: 450px">
|
646
|
-
</div>
|
647
|
-
|
648
|
-
<p class="clear"> </p>
|
649
|
-
|
650
|
-
<div id="chart-verification" style="width: 333px">
|
651
|
-
</div>
|
652
|
-
|
653
|
-
|
654
|
-
<p class="clear"> </p>
|
655
|
-
<p class="clear"> </p>
|
656
|
-
|
657
|
-
<hr/>
|
658
|
-
|
659
|
-
|
660
|
-
<h3>Found <%=@audit_store.issues.size%> issues</h3>
|
661
|
-
|
662
|
-
<% @audit_store.issues.each_with_index do |issue, i| %>
|
663
|
-
<p>
|
664
|
-
<h5>[<%=i+1%>] <%= issue.name %> ( Severity: <%= issue.severity %> )</h5>
|
665
|
-
In <%= issue.elem %>
|
666
|
-
|
667
|
-
<% if issue.var%>
|
668
|
-
input <em><%= issue.var %></em>
|
669
|
-
<%end%>
|
670
|
-
|
671
|
-
<% if issue.method %>
|
672
|
-
using <%= issue.method %>
|
673
|
-
<%end%>
|
674
|
-
|
675
|
-
at <a href="<%= issue.url %>"><%= issue.url %></a>.
|
676
|
-
</p>
|
677
|
-
<%end%>
|
678
|
-
|
679
|
-
</section>
|
680
|
-
|
681
|
-
<section class="tab" id="configuration">
|
682
|
-
<h2>Configuration</h2>
|
683
|
-
|
684
|
-
<strong>Version</strong>: <%=@audit_store.version%><br />
|
685
|
-
<strong>Revision</strong>: <%=@audit_store.revision%><br />
|
686
|
-
<strong>Audit started on</strong>: <%=@audit_store.start_datetime%><br />
|
687
|
-
<strong>Audit finished on</strong>: <%=@audit_store.finish_datetime%><br />
|
688
|
-
<strong>Runtime</strong>: <%=@audit_store.delta_time%><br />
|
689
|
-
|
690
|
-
<p> </p>
|
691
|
-
<h3>Runtime options</h3>
|
692
|
-
|
693
|
-
<strong>URL:</strong> <%=@audit_store.options['url']%><br />
|
694
|
-
<strong>User agent:</strong> <%=escapeHTML( @audit_store.options['user_agent'] )%><br />
|
695
|
-
|
696
|
-
<p> </p>
|
697
|
-
|
698
|
-
<table>
|
699
|
-
<tr>
|
700
|
-
<th>Audited elements</th>
|
701
|
-
<th>Modules</th>
|
702
|
-
<th>Filters</th>
|
703
|
-
<th>Cookies</th>
|
704
|
-
</tr>
|
705
|
-
<tr>
|
706
|
-
<td>
|
707
|
-
<ul>
|
708
|
-
|
709
|
-
<% if @audit_store.options['audit_links']%>
|
710
|
-
<li>Links</li>
|
711
|
-
<%end%>
|
712
|
-
|
713
|
-
<% if @audit_store.options['audit_forms']%>
|
714
|
-
<li>Forms</li>
|
715
|
-
<%end%>
|
716
|
-
|
717
|
-
<% if @audit_store.options['audit_cookies']%>
|
718
|
-
<li>Cookies</li>
|
719
|
-
<%end%>
|
720
|
-
|
721
|
-
<% if @audit_store.options['audit_headers']%>
|
722
|
-
<li>Headers</li>
|
723
|
-
<%end%>
|
724
|
-
|
725
|
-
</ul>
|
726
|
-
</td>
|
727
|
-
|
728
|
-
<td>
|
729
|
-
<ul>
|
730
|
-
<% @audit_store.options['mods'].each do |mod|%>
|
731
|
-
<li><%=mod%></li>
|
732
|
-
<%end%>
|
733
|
-
</ul>
|
734
|
-
</td>
|
735
|
-
|
736
|
-
<td>
|
737
|
-
<ul>
|
738
|
-
|
739
|
-
<li>Exclude:
|
740
|
-
<ul>
|
741
|
-
<% if !@audit_store.options['exclude'].empty?%>
|
742
|
-
<% @audit_store.options['exclude'].each do |rule|%>
|
743
|
-
|
744
|
-
<li><%=escapeHTML( rule )%></li>
|
745
|
-
|
746
|
-
<%end%>
|
747
|
-
<% else %>
|
748
|
-
<li>N/A</li>
|
749
|
-
<%end%>
|
750
|
-
</ul>
|
751
|
-
</li>
|
752
|
-
|
753
|
-
<li>Include:
|
754
|
-
|
755
|
-
<ul>
|
756
|
-
<% if !@audit_store.options['include'].empty?%>
|
757
|
-
<% @audit_store.options['include'].each do |rule|%>
|
758
|
-
|
759
|
-
<li><%=escapeHTML( rule )%></li>
|
760
|
-
|
761
|
-
<%end%>
|
762
|
-
<% else %>
|
763
|
-
<li>N/A</li>
|
764
|
-
<%end%>
|
765
|
-
</ul>
|
766
|
-
</li>
|
767
|
-
|
768
|
-
<li>Redundant:
|
769
|
-
|
770
|
-
<ul>
|
771
|
-
<% if !@audit_store.options['redundant'].empty?%>
|
772
|
-
<% @audit_store.options['redundant'].each do |rule|%>
|
773
|
-
|
774
|
-
<li><%=escapeHTML( rule['regexp'] )%> - Count: <%=rule['count']%></li>
|
775
|
-
|
776
|
-
<%end%>
|
777
|
-
<% else %>
|
778
|
-
<li>N/A</li>
|
779
|
-
<%end%>
|
780
|
-
</ul>
|
781
|
-
</li>
|
782
|
-
|
783
|
-
</ul>
|
784
|
-
</td>
|
785
|
-
|
786
|
-
<td>
|
787
|
-
<ul>
|
788
|
-
<% if @audit_store.options['cookies'] && !@audit_store.options['cookies'].empty?%>
|
789
|
-
<% @audit_store.options['cookies'].each_pair do |name, val|%>
|
790
|
-
<li><%=escapeHTML( name )%> = <%=escapeHTML( val )%></li>
|
791
|
-
<%end%>
|
792
|
-
<% else %>
|
793
|
-
<li>N/A</li>
|
794
|
-
<%end%>
|
795
|
-
</ul>
|
796
|
-
|
797
|
-
</td>
|
798
|
-
</tr>
|
799
|
-
</table>
|
800
|
-
</section>
|
801
|
-
|
802
|
-
<section class="tab" id="issues">
|
803
|
-
<h2>Issues</h2>
|
804
|
-
<p> </p>
|
805
|
-
|
806
|
-
<% if @plugins['metamodules']%>
|
807
|
-
<div class="metamodules notice">
|
808
|
-
<%=@plugins['metamodules']%>
|
809
|
-
</div>
|
810
|
-
|
811
|
-
<hr/>
|
812
|
-
|
813
|
-
<%end%>
|
814
|
-
|
815
|
-
<% @audit_store.issues.each_with_index do |issue, i|%>
|
816
|
-
<%idx = i+1%>
|
817
|
-
<div class="issue">
|
818
|
-
|
819
|
-
<h3 id="issue_<%=idx%>">
|
820
|
-
<a href="#issue_<%=idx%>">[<%=idx%>] <%=escapeHTML(issue.name)%></a>
|
821
|
-
</h3>
|
822
|
-
|
823
|
-
<p>
|
824
|
-
<form name="false_positive_<%=j%>" id="false_positive_<%=i%>">
|
825
|
-
<input type="hidden" name="module" value="<%=escapeHTML(issue.internal_modname)%>" />
|
826
|
-
<input type="hidden" name="url" value="<%=escapeHTML(issue.url)%>" />
|
827
|
-
<input type="hidden" name="issue" value="<%=@crypto_issues[i]%>" />
|
828
|
-
<input onclick="javascript:report_fp( <%=i%> );" type="button" value="Report false positive" />
|
829
|
-
</form>
|
830
|
-
</p>
|
831
|
-
|
832
|
-
|
833
|
-
<div class="left">
|
834
|
-
<ul>
|
835
|
-
<li><strong>Module name</strong>: <%=escapeHTML(issue.mod_name)%> <br/>
|
836
|
-
(Internal module name: <strong><%=escapeHTML(issue.internal_modname)%></strong>)</li>
|
837
|
-
|
838
|
-
<% if issue.var %>
|
839
|
-
<li><strong>Affected variable</strong>: <%=escapeHTML(issue.var)%></li>
|
840
|
-
<%end%>
|
841
|
-
|
842
|
-
<li><strong>Affected URL</strong>: <a href="<%=escapeHTML(issue.url)%>"><%=escapeHTML(issue.url)%></a> </li>
|
843
|
-
<li><strong>HTML Element</strong>: <%=issue.elem%></li>
|
844
|
-
<li><strong>Requires manual verification?</strong>: <%=issue.verification ? 'Yes' : 'No'%></li>
|
845
|
-
<hr/>
|
846
|
-
|
847
|
-
<% if issue.cwe %>
|
848
|
-
<li><strong>CWE</strong>: <%=issue.cwe%><br/>
|
849
|
-
(<a target="_blank" href="<%=issue.cwe_url%>"><%=issue.cwe_url%></a>)</li>
|
850
|
-
<%end%>
|
851
|
-
|
852
|
-
<li><strong>Severity</strong>: <%=issue.severity%></li>
|
853
|
-
<li><strong>CVSSV2</strong>: <%=issue.cvssv2%></li>
|
854
|
-
|
855
|
-
</ul>
|
856
|
-
|
857
|
-
<p>
|
858
|
-
<h3>References</h3>
|
859
|
-
<ul>
|
860
|
-
<% if issue.references && !issue.references.empty? %>
|
861
|
-
<% issue.references.each_pair do |source, url| %>
|
862
|
-
|
863
|
-
<li><%=escapeHTML(source)%> - <a target="_blank" href="<%=url%>"><%=url%></a></li>
|
864
|
-
|
865
|
-
<%end%>
|
866
|
-
<%else%>
|
867
|
-
<li>N/A</li>
|
868
|
-
<%end%>
|
869
|
-
</ul>
|
870
|
-
</p>
|
871
|
-
|
872
|
-
</div>
|
873
|
-
|
874
|
-
<div class="right">
|
875
|
-
<p>
|
876
|
-
<h3>Description</h3>
|
877
|
-
<blockquote><p><%=escapeHTML(issue.description)%></p></blockquote>
|
878
|
-
</p>
|
879
|
-
|
880
|
-
<% if issue.remedy_guidance && !issue.remedy_guidance.empty? %>
|
881
|
-
<p>
|
882
|
-
<h3>Remedial guidance</h3>
|
883
|
-
<blockquote><p><%=escapeHTML(issue.remedy_guidance)%></p></blockquote>
|
884
|
-
</p>
|
885
|
-
<%end%>
|
886
|
-
|
887
|
-
<% if issue.remedy_code && !issue.remedy_code.empty? %>
|
888
|
-
<p>
|
889
|
-
<h3>Remedial code</h3>
|
890
|
-
<pre class="code notice"><%=escapeHTML(issue.remedy_code)%></pre>
|
891
|
-
</p>
|
892
|
-
<%end%>
|
893
|
-
|
894
|
-
|
895
|
-
</div>
|
896
|
-
|
897
|
-
<div class="clear variations" style="display: block;">
|
898
|
-
<% issue.variations.each_with_index do |variation, j| %>
|
899
|
-
<% var_idx = j + 1%>
|
900
|
-
|
901
|
-
<h5 class="variation_header">
|
902
|
-
<a href='javascript:toggleElem( "var_<%=var_idx%>_<%=idx%>" )'>
|
903
|
-
<span id="var_<%=var_idx%>_<%=idx%>_sign">[+]</span>
|
904
|
-
Variation <%=var_idx%>
|
905
|
-
</a>
|
906
|
-
</h5>
|
907
|
-
|
908
|
-
<strong>Affected URL</strong>:
|
909
|
-
<p class="notice"><a href="<%=escapeHTML(variation['url'])%>"><%=escapeHTML(variation['url'])%></a></p>
|
910
|
-
|
911
|
-
<% if (variation['response'] && !variation['response'].empty?) && variation['regexp_match'] %>
|
912
|
-
|
913
|
-
<div class="hidden" id="inspection-dialog_<%=var_idx%>_<%=idx%>" title="Relevant content is shown in red.">
|
914
|
-
<% match = escapeHTML( variation['regexp_match'] )%>
|
915
|
-
<pre> <%=escapeHTML( variation['response'] ).gsub( match, '<strong style="color: red">' + match + '</strong>' ) %> </pre>
|
916
|
-
</div>
|
917
|
-
|
918
|
-
<form style="display:inline" action="#">
|
919
|
-
<input onclick="javascript:inspect( '#inspection-dialog_<%=var_idx%>_<%=idx%>')" type="button" value="Inspect" />
|
920
|
-
</form>
|
921
|
-
|
922
|
-
<%end%>
|
923
|
-
|
924
|
-
<% if issue.method && (issue.elem.downcase == 'form' || issue.elem.downcase == 'link' ) &&
|
925
|
-
( issue.method.downcase == 'get' || issue.method.downcase == 'post' ) %>
|
926
|
-
<form style="display:inline" action="<%=issue.url%>" target="_blank" method="<%=issue.method.downcase%>">
|
927
|
-
<% if variation['opts'][:combo]%>
|
928
|
-
<%variation['opts'][:combo].each_pair do |name, value|%>
|
929
|
-
<input type="hidden" name="<%=escapeHTML(name)%>" value="<%=escapeHTML( value )%>" />
|
930
|
-
<%end%>
|
931
|
-
<%end%>
|
932
|
-
<input type="submit" value="Replay" />
|
933
|
-
</form>
|
934
|
-
<%end%>
|
935
|
-
|
936
|
-
<br/><br/>
|
937
|
-
|
938
|
-
<div class="variation" id="var_<%=var_idx%>_<%=idx%>">
|
939
|
-
|
940
|
-
<% if variation['injected'] %>
|
941
|
-
<strong>Injected value</strong>:
|
942
|
-
<pre> <%=escapeHTML(variation['injected'])%> </pre>
|
943
|
-
<br/>
|
944
|
-
<%end%>
|
945
|
-
|
946
|
-
<% if variation['id'] %>
|
947
|
-
<strong>ID</strong>:
|
948
|
-
<pre><%=escapeHTML(variation['id'])%></pre>
|
949
|
-
<br/>
|
950
|
-
<%end%>
|
951
|
-
|
952
|
-
<% if variation['regexp'] %>
|
953
|
-
<strong>Regular expression</strong>:
|
954
|
-
<pre><%=escapeHTML(variation['regexp'])%></pre>
|
955
|
-
<br/>
|
956
|
-
<%end%>
|
957
|
-
|
958
|
-
<% if variation['regexp_match'] %>
|
959
|
-
<strong>Matched by the regular expression</strong>:
|
960
|
-
<pre><%=escapeHTML(variation['regexp_match'])%> </pre>
|
961
|
-
<%end%>
|
962
|
-
|
963
|
-
<br/>
|
964
|
-
|
965
|
-
<table>
|
966
|
-
<tr>
|
967
|
-
<th colspan="2" style="text-align: center">Headers</th>
|
968
|
-
</tr>
|
969
|
-
<tr>
|
970
|
-
<th>Request</th>
|
971
|
-
<th>Response</th>
|
972
|
-
</tr>
|
973
|
-
<tr>
|
974
|
-
<td>
|
975
|
-
<% if variation['headers']['request'].is_a?( Hash ) %>
|
976
|
-
<pre class="notice"><% variation['headers']['request'].each_pair do |name, val| %><strong><%=name%></strong><%="\t" + escapeHTML(val) + "\n"%><%end%></pre>
|
977
|
-
<%end%>
|
978
|
-
</td>
|
979
|
-
<td>
|
980
|
-
<% if variation['headers']['response'].is_a?( Hash ) %>
|
981
|
-
<pre class="notice"><% variation['headers']['response'].each_pair do |name, val| %><strong><%=name%></strong><%="\t" + escapeHTML(val) + "\n"%><%end%></pre>
|
982
|
-
<%end%>
|
983
|
-
</td>
|
984
|
-
</tr>
|
985
|
-
</table>
|
986
|
-
|
987
|
-
<% if variation['escaped_response']%>
|
988
|
-
<h5>HTML Response</h5>
|
989
|
-
<iframe style="width: 100%; height: 400px" src="data:text/html;base64, <%=variation['escaped_response']%>"></iframe>
|
990
|
-
<%end%>
|
991
|
-
|
992
|
-
</div>
|
993
|
-
<%end%>
|
994
|
-
|
995
|
-
</div>
|
996
|
-
|
997
|
-
</div>
|
998
|
-
|
999
|
-
<p class="clear separator"> </p>
|
1000
|
-
|
1001
|
-
<%end%>
|
1002
|
-
</section>
|
1003
|
-
|
1004
|
-
<section class="tab" id="plugins">
|
1005
|
-
<h2>Plugin results</h2>
|
1006
|
-
<p> </p>
|
1007
|
-
|
1008
|
-
<%@plugins.values.each do |plugin|%>
|
1009
|
-
<p><%=plugin.force_encoding( 'utf-8' )%></p>
|
1010
|
-
<%end%>
|
1011
|
-
</section>
|
1012
|
-
|
1013
|
-
<section class="tab" id="sitemap">
|
1014
|
-
<h2>Sitemap</h2>
|
1015
|
-
<p> </p>
|
1016
|
-
<h3><%=@audit_store.sitemap.size%> pages</h3>
|
1017
|
-
<% @audit_store.sitemap.each do |url| %>
|
1018
|
-
<a href="<%=escapeHTML(url)%>"><%=escapeHTML(url)%></a><br/>
|
1019
|
-
<%end%>
|
1020
|
-
|
1021
|
-
</section>
|
1022
80
|
</div>
|
1023
81
|
</body>
|
1024
82
|
</html>
|