arachni 0.3 → 0.4

data/lib/rpc/xml/server/framework.rb

@@ -1,206 +0,0 @@
-=begin
-                  Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
-
-=end
-
-module Arachni
-
-require Options.instance.dir['lib'] + 'framework'
-require Options.instance.dir['lib'] + 'rpc/xml/server/module/manager'
-require Options.instance.dir['lib'] + 'rpc/xml/server/plugin/manager'
-
-module RPC
-module XML
-module Server
-
-#
-# Extends the Framework adding XML-RPC specific functionality
-#
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1.1
-#
-class Framework < Arachni::Framework
-
-    #
-    # Our run() method needs to run the parent's run() method in
-    # a separate thread.
-    #
-    alias :old_run :run
-
-    # make this inherited methods visible again
-    private :old_run, :stats, :pause!, :paused?, :resume!, :lsmod, :modules, :lsplug, :clean_up!
-    public  :stats, :pause!, :paused?, :resume!, :lsmod, :modules, :lsplug, :clean_up!
-
-    #
-    # Aborts the running audit.
-    #
-    def abort!
-        @job.kill
-        return true
-    end
-
-    #
-    # Checks to see if an audit is running.
-    #
-    # @return   [Bool]
-    #
-    def busy?
-        return false if !@job
-        return @job.alive?
-    end
-
-    #
-    # Checks whether the framework is in debug mode
-    #
-    def debug?
-        @@debug
-    end
-
-    #
-    # Checks whether the framework is in debug mode
-    #
-    def verbose?
-        @@verbose
-    end
-
-
-    #
-    # some XMLRPC libraries of other languages map remote objects to local objects
-    # creating an invalid syntax situation since the aforementioned languages
-    # may not allow "?" or "!" in method names.
-    #
-    # so we alias these methods to make it easier on 3rd party developers.
-    #
-    alias :pause :pause!
-    alias :is_paused :paused?
-    alias :resume :resume!
-    alias :clean_up :clean_up!
-    alias :is_busy :busy?
-    alias :is_debug :debug?
-    alias :is_verbose :verbose?
-
-    def initialize( opts )
-        super( opts )
-        @modules = Arachni::RPC::XML::Server::Module::Manager.new( opts )
-        @plugins = Arachni::RPC::XML::Server::Plugin::Manager.new( self )
-    end
-
-    #
-    # Returns an array of hashes with information
-    # about all available reports
-    #
-    # @return    [Array<Hash>]
-    #
-    def lsplug
-
-        plug_info = []
-
-        @plugins.available( ).each {
-            |plugin|
-
-            info = @plugins[plugin].info
-
-            info[:plug_name]   = plugin
-            info[:path]        = @plugins.name_to_path( plugin )
-
-            info[:options] = [info[:options]].flatten.compact.map {
-                |opt|
-                opt_h = opt.to_h
-                opt_h['default'] = '' if opt_h['default'].nil?
-                opt_h['type']    = opt.type
-                opt_h
-            }
-
-            plug_info << info
-        }
-
-        @plugins.clear( )
-
-        return plug_info
-    end
-
-
-    #
-    # Starts the audit.
-    #
-    # The audit is started in a new thread to avoid service blocking.
-    #
-    def run
-        @job = Thread.new {
-            exception_jail { old_run }
-        }
-        return true
-    end
-
-    #
-    # Returns the results of the audit.
-    #
-    # @return   [YAML]  YAML dump of the results hash
-    #
-    def report
-        exception_jail {
-            return false if !@job
-
-            store =  audit_store( true )
-            store.framework = ''
-            return YAML.dump( store.to_h.dup )
-        }
-    end
-
-    #
-    # Returns the results of the audit as a serialized AuditStore object.
-    #
-    # @return   [YAML]  YAML dump of the AuditStore
-    #
-    def auditstore
-        exception_jail {
-            return false if !@job
-
-            store =  audit_store( true )
-            store.framework = nil
-
-            return YAML.dump( store )
-        }
-    end
-
-    #
-    # Enables debugging output
-    #
-    def debug_on
-        @@debug = true
-    end
-
-    #
-    # Disables debugging output
-    #
-    def debug_off
-        @@debug = false
-    end
-
-    #
-    # Enables debugging output
-    #
-    def verbose_on
-        @@verbose = true
-    end
-
-    #
-    # Disables debugging output
-    #
-    def verbose_off
-        @@verbose = false
-    end
-
-end
-
-end
-end
-end
-end

data/lib/rpc/xml/server/instance.rb

@@ -1,191 +0,0 @@
-=begin
-                  Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
-
-=end
-
-require 'webrick'
-require 'webrick/https'
-require 'xmlrpc/server'
-require 'openssl'
-
-module Arachni
-
-require Options.instance.dir['lib'] + 'rpc/xml/server/base'
-require Options.instance.dir['lib'] + 'rpc/xml/server/output'
-require Options.instance.dir['lib'] + 'rpc/xml/server/framework'
-require Options.instance.dir['lib'] + 'rpc/xml/server/options'
-
-module RPC
-module XML
-module Server
-
-#
-# XMLRPC Server class
-#
-# Provides an XML-RPC server to assist with general integration and UI development.
-#
-# Only instantiated by the Dispatcher to provide support for multiple
-# and concurent XMLRPC clients/scans.
-#
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1.4
-#
-class Instance < Base
-
-    # the output interface for XML-RPC
-    include Arachni::UI::Output
-    include Arachni::Module::Utilities
-
-    private :shutdown, :alive?
-    public  :shutdown, :alive?
-
-
-    #
-    # Initializes the XML-RPC interface, the HTTP(S) server and the framework.
-    #
-    # @param    [Options]    opts
-    #
-    def initialize( opts, token )
-
-        prep_framework
-        banner
-
-        @opts = opts
-        super( @opts, token )
-
-        if @opts.debug
-            debug!
-        end
-
-
-        if @opts.reroute_to_logfile
-            reroute_to_file( @opts.dir['root'] +
-                "logs/XMLRPC-Server - #{Process.pid}:#{@opts.rpc_port} - #{Time.now.asctime}.log" )
-        else
-            reroute_to_file( false )
-        end
-
-        set_handlers
-
-        # trap interupts and exit cleanly when required
-        trap( 'HUP' ) { shutdown }
-        trap( 'INT' ) { shutdown }
-
-    end
-
-    #
-    # Resets the framework leaving it lemon fresh for the next scan.
-    #
-    # If you reuse without reseting, Arachni will eat your kitten!<br/>
-    # (And I don't mean sexually...)
-    #
-    def reset
-
-        print_status( 'Resetting...' )
-
-        exception_jail {
-            @framework.modules.clear
-            Arachni.reset
-            Arachni::Options.instance.reset
-            prep_framework
-            set_handlers
-            output
-        }
-
-        print_status( 'Done.' )
-
-        return true
-    end
-
-    #
-    # Flushes the output buffer and returns all pending system messages.
-    #
-    # All messages are classified based on their type.
-    #
-    # @return   [Array<Hash>]
-    #
-    def output
-        flush_buffer( )
-    end
-
-    #
-    # Makes the HTTP(S) server go bye-bye...Lights out!
-    #
-    def shutdown
-        print_status( 'Shutting down...' )
-        super
-        print_status( 'Done.' )
-        return true
-    end
-    alias :shutdown! :shutdown
-
-    #
-    # Starts the HTTP(S) server and the XML-RPC service.
-    #
-    def run
-
-        begin
-            print_status( 'Starting the server...' )
-            # start the show!
-            super
-        rescue Exception => e
-            exception_jail{ raise e }
-            exit 0
-        end
-    end
-
-    private
-
-    #
-    # Initialises the RPC framework.
-    #
-    def prep_framework
-        @framework = nil
-        @framework = Arachni::RPC::XML::Server::Framework.new( Options.instance )
-    end
-
-    #
-    # Outputs the Arachni banner.<br/>
-    # Displays version number, revision number, author details etc.
-    #
-    def banner
-
-        puts 'Arachni - Web Application Security Scanner Framework v' +
-            @framework.version + ' [' + @framework.revision + ']
-       Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-                                      <zapotek@segfault.gr>
-               (With the support of the community and the Arachni Team.)
-
-       Website:       http://github.com/Zapotek/arachni
-       Documentation: http://github.com/Zapotek/arachni/wiki'
-        puts
-        puts
-
-    end
-
-    #
-    # Starts the XML-RPC service and attaches it to the HTTP(S) server.<br/>
-    # It also prepares all the RPC handlers.
-    #
-    def set_handlers
-        @service.clear_handlers
-        add_handler( "service",   self )
-        add_handler( "framework", @framework )
-        add_handler( "opts",      @framework.opts )
-        add_handler( "modules",   @framework.modules )
-        add_handler( "plugins",   @framework.plugins )
-    end
-
-end
-
-end
-end
-end
-end

data/lib/ruby/xmlrpc/server.rb

@@ -1,27 +0,0 @@
-=begin
-                  Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
-
-=end
-
-#
-# Overloads the {XMLRPC::BasicServer} class with a clear_handlers() method.
-#
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1
-#
-module XMLRPC
-class BasicServer
-
-    def clear_handlers
-        @handler.clear
-    end
-
-end
-end

data/lib/ui/web/addons/autodeploy.rb

@@ -1,172 +0,0 @@
-=begin
-                  Arachni
-  Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
-
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
-
-=end
-
-module Arachni
-module UI
-module Web
-module Addons
-
-#
-#
-# Auto-deploy add-on.
-#
-# Allows users to automatically convert any SSH enabled Linux box into an Arachni Dispatcher.
-#
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-#
-# @version: 0.1
-#
-class AutoDeploy < Base
-
-    def run
-
-        settings.helpers do
-            require File.dirname( __FILE__ ) + '/autodeploy/lib/manager'
-
-            def autodeploy
-                @@autodeploy ||= Manager.new( Options.instance, settings )
-            end
-
-        end
-
-        get "/" do
-            present :index, :deployments => autodeploy.list,
-                :root => current_addon.path_root, :show_output => false,  :ret => {}
-
-        end
-
-        post "/" do
-
-            if !params[:host] || params[:host].empty? || !params[:username] ||
-                params[:username].empty? || !params[:password] || params[:password].empty? ||
-                !params[:port] || params[:port].empty? ||
-                !params[:dispatcher_port] || params[:dispatcher_port].empty?
-
-                flash[:err] = "Please fill in all the fields."
-
-                present :index, :deployments => autodeploy.list,
-                    :root => current_addon.path_root, :show_output => false,
-                    :ret => {}
-            else
-                deployment = Manager::Deployment.new( :host => params[:host],
-                    :port => params[:port], :user => params[:username],
-                    :dispatcher_port => params[:dispatcher_port] )
-
-                settings.log.autodeploy_setup_started( env, autodeploy.get_url( deployment ) )
-                channel = autodeploy.setup( deployment, params[:password] )
-
-                present :index, :deployments => autodeploy.list,
-                    :root => current_addon.path_root, :channel => channel,
-                    :show_output => true,  :ret => {}
-            end
-
-        end
-
-        get '/channel/:channel' do
-            content_type :json
-            autodeploy.output( params[:channel] ).to_json
-        end
-
-        get '/channel/:channel/finalize' do
-
-            deployment = autodeploy.finalize_setup( params[:channel] )
-            log.autodeploy_deployment_saved( env,
-                "ID: #{deployment.id} [#{autodeploy.get_url( deployment )}]" )
-
-            flash[:ok] = "Deployment was successful."
-
-            present :index, :deployments => autodeploy.list, :ret => {},
-                :root => current_addon.path_root, :show_output => false
-        end
-
-
-        post '/:id' do
-
-            ret = {}
-            if !params[:password] || params[:password].empty?
-                flash[:err] = "The password field is required."
-            else
-                if params[:action] == 'delete'
-
-                    ret = autodeploy.delete( params[:id], params[:password] )
-
-                    if ret[:code]
-                        flash[:err] = "Uninstall process aborted because the last command failed.<br/>" +
-                            " Please ensure that the password is correct and the network is up."
-                    else
-                        log.autodeploy_deployment_deleted( env, params[:id] )
-                        flash[:ok] = "Uninstall process was successful."
-                    end
-
-                elsif params[:action] == 'run'
-                    deployment = autodeploy.get( params[:id] )
-                    ret = autodeploy.run( deployment, params[:password] )
-
-                    url = 'https://' + deployment.host + ':' + deployment.dispatcher_port
-
-                    if settings.dispatchers.alive?( url )
-                        flash[:ok] = "Dispatcher is up and running."
-                        DispatcherManager::Dispatcher.first_or_create( :url => url )
-                        settings.log.autodeploy_dispatcher_enabled( env,
-                            "ID: #{deployment.id} [#{autodeploy.get_url( deployment )}]" )
-
-                        ret = {}
-                    else
-                        flash[:err] = "Could not run the Dispatcher.<br/>" +
-                            " Please ensure that the password is correct and the network is up."
-                    end
-                elsif params[:action] == 'shutdown'
-                    deployment = autodeploy.get( params[:id] )
-                    ret = autodeploy.shutdown( deployment, params[:password] )
-
-                    if ret[:code] == 0 && !settings.dispatchers.alive?( url )
-                        flash[:ok] = "Dispatcher has been shutdown."
-                        settings.log.autodeploy_dispatcher_shutdown( env,
-                            "ID: #{deployment.id} [#{autodeploy.get_url( deployment )}]" )
-
-                        ret = {}
-                    else
-                        flash[:err] = "Could not shutdown the Dispatcher.<br/>" +
-                            " Please ensure that the password is correct and the network is up."
-                    end
-
-
-                end
-            end
-
-            present :index, :deployments => autodeploy.list,
-                :root => current_addon.path_root, :ret => ret, :show_output => false
-        end
-
-
-    end
-
-    def title
-        "Auto-deploy [#{Manager.new( Options.instance, settings ).list.size}]"
-    end
-
-    def self.info
-        {
-            :name           => 'Auto-deploy',
-            :description    => %q{Enables you to automatically convert any SSH enabled Linux box into an Arachni Dispatcher.},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
-            :version        => '0.1'
-        }
-    end
-
-
-end
-
-end
-end
-end
-end