arachni 0.4.0.4 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/ACKNOWLEDGMENTS.md +2 -2
- data/AUTHORS.md +1 -4
- data/CHANGELOG.md +102 -3
- data/CONTRIBUTORS.md +4 -1
- data/EXPLOITATION.md +6 -6
- data/Gemfile +3 -0
- data/HACKING.md +29 -10
- data/LICENSE.md +176 -339
- data/NOTICE +12 -0
- data/README.md +160 -119
- data/Rakefile +83 -45
- data/arachni.gemspec +124 -0
- data/bin/arachni +14 -8
- data/bin/arachni_console +52 -0
- data/bin/arachni_rpc +14 -8
- data/bin/arachni_rpcd +15 -9
- data/bin/arachni_rpcd_monitor +14 -8
- data/bin/arachni_script +41 -0
- data/bin/arachni_web +18 -19
- data/bin/arachni_web_autostart +17 -18
- data/external/metasploit/plugins/arachni.rb +7 -9
- data/external/metasploit/{LICENSE → plugins/arachni/LICENSE} +0 -0
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_exec.rb +1 -1
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_path_traversal.rb +2 -2
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_php_eval.rb +1 -1
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_php_include.rb +1 -1
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_sqlmap.rb +2 -2
- data/external/scripts/LICENSE.tpl +174 -0
- data/external/scripts/README.md +95 -0
- data/external/scripts/README.tpl +30 -0
- data/external/scripts/build.sh +631 -0
- data/external/scripts/build_all.sh +29 -0
- data/external/scripts/build_and_package.sh +100 -0
- data/external/scripts/cross_build_and_package.sh +20 -0
- data/external/scripts/installer.sh.tpl +166 -0
- data/external/scripts/lib/readlink_f.sh +40 -0
- data/external/scripts/package.sh +134 -0
- data/external/scripts/push_nightlies.sh +125 -0
- data/extras/placeholder +0 -0
- data/gfx/README.md +18 -0
- data/gfx/compiled/banner.png +0 -0
- data/gfx/compiled/favicon.ico +0 -0
- data/gfx/compiled/icon.png +0 -0
- data/gfx/compiled/logo.png +0 -0
- data/gfx/compiled/spider.png +0 -0
- data/gfx/font/Beneath_the_Surface.ttf +0 -0
- data/gfx/font/bts_readme.txt +14 -0
- data/gfx/source/banner.svg +999 -0
- data/gfx/source/icon.svg +627 -0
- data/gfx/source/logo.svg +672 -0
- data/gfx/source/spider.png +0 -0
- data/gfx/source/spider.svg +277 -0
- data/lib/arachni.rb +30 -5
- data/lib/arachni/audit_store.rb +111 -143
- data/lib/arachni/banner.rb +37 -0
- data/lib/arachni/bloom_filter.rb +74 -0
- data/lib/arachni/cache.rb +21 -0
- data/lib/arachni/cache/base.rb +170 -0
- data/lib/arachni/cache/least_cost_replacement.rb +89 -0
- data/lib/arachni/cache/least_recently_used.rb +73 -0
- data/lib/arachni/cache/random_replacement.rb +52 -0
- data/lib/arachni/component/manager.rb +391 -0
- data/lib/arachni/component/options.rb +38 -0
- data/lib/arachni/component/options/address.rb +41 -0
- data/lib/arachni/component/options/base.rb +126 -0
- data/lib/arachni/component/options/bool.rb +55 -0
- data/lib/arachni/component/options/enum.rb +51 -0
- data/lib/arachni/component/options/float.rb +45 -0
- data/lib/arachni/component/options/int.rb +44 -0
- data/lib/arachni/component/options/path.rb +36 -0
- data/lib/arachni/component/options/port.rb +37 -0
- data/lib/arachni/component/options/string.rb +44 -0
- data/lib/arachni/component/options/url.rb +42 -0
- data/lib/arachni/crypto/rsa_aes_cbc.rb +14 -8
- data/lib/arachni/database.rb +4 -4
- data/lib/arachni/database/base.rb +14 -8
- data/lib/arachni/database/hash.rb +21 -12
- data/lib/arachni/database/queue.rb +15 -9
- data/lib/arachni/element/base.rb +147 -0
- data/lib/arachni/element/capabilities/auditable.rb +623 -0
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +243 -0
- data/lib/arachni/element/capabilities/auditable/taint.rb +141 -0
- data/lib/arachni/element/capabilities/auditable/timeout.rb +330 -0
- data/lib/arachni/element/capabilities/body.rb +19 -0
- data/lib/arachni/element/capabilities/mutable.rb +286 -0
- data/lib/arachni/element/capabilities/path.rb +19 -0
- data/lib/arachni/element/capabilities/refreshable.rb +48 -0
- data/lib/arachni/element/capabilities/server.rb +19 -0
- data/lib/arachni/element/cookie.rb +1043 -0
- data/lib/arachni/element/form.rb +1364 -0
- data/lib/arachni/element/header.rb +87 -0
- data/lib/arachni/element/link.rb +227 -0
- data/lib/arachni/exceptions.rb +12 -34
- data/lib/arachni/framework.rb +345 -436
- data/lib/arachni/http.rb +445 -409
- data/lib/arachni/http/cookie_jar.rb +163 -0
- data/lib/arachni/issue.rb +102 -65
- data/lib/arachni/mixins/observable.rb +25 -28
- data/lib/arachni/mixins/progress_bar.rb +11 -5
- data/lib/arachni/mixins/terminal.rb +17 -11
- data/lib/arachni/module.rb +4 -4
- data/lib/arachni/module/auditor.rb +270 -793
- data/lib/arachni/module/base.rb +107 -101
- data/lib/arachni/module/element_db.rb +54 -59
- data/lib/arachni/module/key_filler.rb +35 -35
- data/lib/arachni/module/manager.rb +178 -68
- data/lib/arachni/module/output.rb +25 -30
- data/lib/arachni/module/trainer.rb +85 -156
- data/lib/arachni/module/utilities.rb +29 -138
- data/lib/arachni/options.rb +496 -162
- data/lib/arachni/page.rb +186 -0
- data/lib/arachni/parser.rb +392 -2
- data/lib/arachni/plugin.rb +4 -4
- data/lib/arachni/plugin/base.rb +113 -44
- data/lib/arachni/plugin/manager.rb +120 -54
- data/lib/arachni/report.rb +4 -4
- data/lib/arachni/report/base.rb +59 -44
- data/lib/arachni/report/manager.rb +33 -32
- data/lib/arachni/rpc/client.rb +2 -0
- data/lib/arachni/rpc/client/base.rb +31 -18
- data/lib/arachni/rpc/client/dispatcher.rb +24 -11
- data/lib/arachni/rpc/client/instance.rb +24 -11
- data/lib/arachni/rpc/server/base.rb +12 -9
- data/lib/arachni/rpc/server/dispatcher.rb +161 -164
- data/lib/arachni/rpc/server/dispatcher/handler.rb +164 -0
- data/lib/arachni/rpc/server/{node.rb → dispatcher/node.rb} +86 -104
- data/lib/arachni/rpc/server/distributor.rb +432 -0
- data/lib/arachni/rpc/server/framework.rb +266 -758
- data/lib/arachni/rpc/server/instance.rb +38 -53
- data/lib/arachni/rpc/server/module/manager.rb +17 -20
- data/lib/arachni/rpc/server/output.rb +73 -179
- data/lib/arachni/rpc/server/plugin/manager.rb +58 -24
- data/lib/arachni/ruby.rb +6 -4
- data/lib/arachni/ruby/array.rb +30 -9
- data/lib/arachni/ruby/enumerable.rb +29 -0
- data/lib/arachni/ruby/object.rb +47 -12
- data/lib/arachni/ruby/string.rb +69 -24
- data/lib/arachni/ruby/webrick.rb +31 -0
- data/lib/arachni/session.rb +279 -0
- data/lib/arachni/spider.rb +295 -149
- data/lib/arachni/typhoeus/hydra.rb +18 -4
- data/lib/arachni/typhoeus/request.rb +52 -65
- data/lib/arachni/typhoeus/response.rb +62 -22
- data/lib/arachni/typhoeus/utils.rb +25 -0
- data/lib/arachni/ui/cli/cli.rb +331 -298
- data/lib/arachni/ui/cli/output.rb +105 -77
- data/lib/arachni/ui/foo/output.rb +116 -0
- data/lib/arachni/ui/rpc/dispatcher_monitor.rb +5 -12
- data/lib/arachni/ui/rpc/rpc.rb +43 -48
- data/lib/arachni/ui/web/addon_manager.rb +18 -13
- data/lib/arachni/ui/web/addons/sample.rb +14 -8
- data/lib/arachni/ui/web/addons/scheduler.rb +14 -8
- data/lib/arachni/ui/web/addons/scheduler/views/index.erb +1 -1
- data/lib/arachni/ui/web/addons/scheduler/views/options.erb +0 -3
- data/lib/arachni/ui/web/dispatcher_manager.rb +14 -9
- data/lib/arachni/ui/web/instance_manager.rb +14 -8
- data/lib/arachni/ui/web/log.rb +14 -10
- data/lib/arachni/ui/web/output_stream.rb +11 -5
- data/lib/arachni/ui/web/report_manager.rb +14 -10
- data/lib/arachni/ui/web/scheduler.rb +16 -11
- data/lib/arachni/ui/web/server.rb +62 -56
- data/lib/arachni/ui/web/server/public/style.css +1 -1
- data/lib/arachni/ui/web/server/views/addon.erb +1 -1
- data/lib/arachni/ui/web/server/views/dispatchers.erb +3 -3
- data/lib/arachni/ui/web/server/views/dispatchers_edit.erb +2 -2
- data/lib/arachni/ui/web/server/views/error.erb +1 -1
- data/lib/arachni/ui/web/server/views/home.erb +2 -2
- data/lib/arachni/ui/web/server/views/instance.erb +6 -6
- data/lib/arachni/ui/web/server/views/layout.erb +4 -4
- data/lib/arachni/ui/web/server/views/settings.erb +13 -8
- data/lib/arachni/ui/web/server/views/welcome.erb +1 -1
- data/lib/arachni/ui/web/utilities.rb +24 -35
- data/lib/arachni/uri.rb +619 -0
- data/lib/arachni/utilities.rb +316 -0
- data/lib/arachni/version.rb +12 -6
- data/lib/version +1 -0
- data/modules/audit/code_injection.rb +64 -81
- data/modules/audit/code_injection_timing.rb +57 -75
- data/modules/audit/csrf.rb +87 -185
- data/modules/audit/ldapi.rb +42 -67
- data/modules/audit/os_cmd_injection.rb +53 -71
- data/modules/audit/os_cmd_injection/payloads.txt +1 -1
- data/modules/audit/os_cmd_injection_timing.rb +54 -75
- data/modules/audit/os_cmd_injection_timing/payloads.txt +1 -3
- data/modules/audit/path_traversal.rb +84 -110
- data/modules/audit/response_splitting.rb +41 -53
- data/modules/audit/rfi.rb +68 -76
- data/modules/audit/session_fixation.rb +86 -0
- data/modules/audit/sqli.rb +51 -77
- data/modules/audit/sqli/regexp_ids.txt +5 -19
- data/modules/audit/sqli/regexp_ignore.txt +2 -0
- data/modules/audit/sqli_blind_rdiff.rb +51 -62
- data/modules/audit/sqli_blind_timing.rb +53 -73
- data/modules/audit/trainer.rb +21 -58
- data/modules/audit/unvalidated_redirect.rb +41 -51
- data/modules/audit/xpath.rb +38 -69
- data/modules/audit/xpath/errors.txt +2 -3
- data/modules/audit/xss.rb +65 -69
- data/modules/audit/xss_event.rb +50 -69
- data/modules/audit/xss_path.rb +63 -89
- data/modules/audit/xss_script_tag.rb +53 -66
- data/modules/audit/xss_tag.rb +46 -65
- data/modules/audit/xss_uri.rb +22 -24
- data/modules/recon/allowed_methods.rb +46 -62
- data/modules/recon/backdoors.rb +39 -66
- data/modules/recon/backup_files.rb +49 -79
- data/modules/recon/common_directories.rb +39 -63
- data/modules/recon/common_directories/directories.txt +0 -5
- data/modules/recon/common_files.rb +34 -63
- data/modules/recon/directory_listing.rb +66 -116
- data/modules/recon/grep/captcha.rb +34 -41
- data/modules/recon/grep/credit_card.rb +57 -68
- data/modules/recon/grep/cvs_svn_users.rb +40 -50
- data/modules/recon/grep/emails.rb +34 -41
- data/modules/recon/grep/html_objects.rb +30 -33
- data/modules/recon/grep/http_only_cookies.rb +57 -0
- data/modules/recon/grep/insecure_cookies.rb +55 -0
- data/modules/recon/grep/mixed_resource.rb +93 -0
- data/modules/recon/grep/private_ip.rb +34 -32
- data/modules/recon/grep/ssn.rb +33 -31
- data/modules/recon/grep/unencrypted_password_forms.rb +84 -0
- data/modules/recon/htaccess_limit.rb +38 -54
- data/modules/recon/http_put.rb +48 -62
- data/modules/recon/interesting_responses.rb +77 -79
- data/modules/recon/webdav.rb +53 -79
- data/modules/recon/xst.rb +44 -63
- data/modules/test2.rb +46 -0
- data/path_extractors/anchors.rb +17 -15
- data/path_extractors/forms.rb +17 -15
- data/path_extractors/frames.rb +17 -18
- data/path_extractors/generic.rb +52 -55
- data/path_extractors/links.rb +16 -14
- data/path_extractors/meta_refresh.rb +33 -18
- data/path_extractors/scripts.rb +17 -15
- data/plugins/autologin.rb +60 -85
- data/plugins/beep_notify.rb +25 -27
- data/plugins/cookie_collector.rb +28 -45
- data/plugins/defaults/autothrottle.rb +43 -51
- data/plugins/defaults/content_types.rb +63 -52
- data/plugins/defaults/healthmap.rb +45 -62
- data/plugins/defaults/{metamodules → meta}/remedies/discovery.rb +34 -69
- data/plugins/defaults/meta/remedies/manual_verification.rb +61 -0
- data/plugins/defaults/meta/remedies/timing_attacks.rb +108 -0
- data/plugins/defaults/meta/uniformity.rb +81 -0
- data/plugins/defaults/profiler.rb +68 -115
- data/plugins/defaults/resolver.rb +33 -28
- data/plugins/email_notify.rb +60 -62
- data/plugins/form_dicattack.rb +67 -121
- data/plugins/http_dicattack.rb +51 -65
- data/plugins/libnotify.rb +37 -41
- data/plugins/proxy.rb +407 -152
- data/plugins/proxy/panel/403_forbidden.html.erb +11 -0
- data/plugins/proxy/panel/404_not_found.html.erb +6 -0
- data/plugins/proxy/panel/css/bootstrap.min.css +9 -0
- data/plugins/proxy/panel/css/panel.css +30 -0
- data/plugins/proxy/panel/help.html.erb +66 -0
- data/plugins/proxy/panel/img/glyphicons-halflings-white.png +0 -0
- data/plugins/proxy/panel/img/glyphicons-halflings.png +0 -0
- data/plugins/proxy/panel/img/record.png +0 -0
- data/plugins/proxy/panel/inspect.html.erb +7 -0
- data/plugins/proxy/panel/js/bootstrap.min.js +6 -0
- data/plugins/proxy/panel/js/jquery.min.js +2 -0
- data/plugins/proxy/panel/js/panel.js +39 -0
- data/plugins/proxy/panel/layout.html.erb +25 -0
- data/plugins/proxy/panel/page_accordion.html.erb +67 -0
- data/plugins/proxy/panel/page_twin_accordion.html.erb +18 -0
- data/plugins/proxy/panel/panel.html.erb +63 -0
- data/plugins/proxy/panel/shutdown_message.html.erb +7 -0
- data/plugins/proxy/panel/verify_login_check.html.erb +31 -0
- data/plugins/proxy/panel/verify_login_final.html.erb +26 -0
- data/plugins/proxy/panel/verify_login_sequence.html.erb +45 -0
- data/plugins/proxy/server.rb +175 -47
- data/plugins/proxy/ssl-interceptor-cert.pem +34 -0
- data/plugins/proxy/ssl-interceptor-pkey.pem +51 -0
- data/plugins/rescan.rb +27 -28
- data/plugins/script.rb +53 -0
- data/plugins/vector_feed.rb +226 -0
- data/plugins/waf_detector.rb +70 -73
- data/reports/afr.rb +23 -24
- data/reports/ap.rb +25 -36
- data/reports/html.rb +109 -163
- data/reports/html/default.erb +13 -12
- data/reports/html/default/configuration.erb +21 -21
- data/reports/html/default/css/main.css +350 -350
- data/reports/html/default/issues.erb +1 -1
- data/reports/html/default/js/charts.js +2 -2
- data/reports/html/default/js/helpers.js +0 -42
- data/reports/html/default/js/init.js +0 -1
- data/reports/html/default/sitemap.erb +2 -2
- data/reports/html/default/summary.erb +4 -4
- data/reports/html/default/summary_issue.erb +1 -1
- data/reports/json.rb +26 -28
- data/reports/marshal.rb +23 -25
- data/reports/metareport.rb +65 -98
- data/reports/plugin_formatters/html/autologin.rb +34 -41
- data/reports/plugin_formatters/html/content_types.rb +46 -52
- data/reports/plugin_formatters/html/cookie_collector.rb +41 -47
- data/reports/plugin_formatters/html/discovery.rb +36 -41
- data/reports/plugin_formatters/html/form_dicattack.rb +28 -34
- data/reports/plugin_formatters/html/healthmap.rb +48 -55
- data/reports/plugin_formatters/html/http_dicattack.rb +28 -34
- data/reports/plugin_formatters/html/profiler.rb +26 -30
- data/reports/plugin_formatters/html/profiler/template.erb +7 -7
- data/reports/plugin_formatters/html/resolver.rb +44 -52
- data/reports/plugin_formatters/html/timing_attacks.rb +42 -44
- data/reports/plugin_formatters/html/uniformity.rb +37 -42
- data/reports/plugin_formatters/html/waf_detector.rb +26 -34
- data/reports/plugin_formatters/stdout/autologin.rb +28 -40
- data/reports/plugin_formatters/stdout/content_types.rb +36 -53
- data/reports/plugin_formatters/stdout/cookie_collector.rb +28 -41
- data/reports/plugin_formatters/stdout/discovery.rb +27 -37
- data/reports/plugin_formatters/stdout/form_dicattack.rb +22 -35
- data/reports/plugin_formatters/stdout/healthmap.rb +40 -57
- data/reports/plugin_formatters/stdout/http_dicattack.rb +22 -36
- data/reports/plugin_formatters/stdout/profiler.rb +55 -74
- data/reports/plugin_formatters/stdout/resolver.rb +18 -34
- data/reports/plugin_formatters/stdout/timing_attacks.rb +27 -39
- data/reports/plugin_formatters/stdout/uniformity.rb +32 -44
- data/reports/plugin_formatters/stdout/waf_detector.rb +20 -32
- data/reports/plugin_formatters/xml/autologin.rb +27 -49
- data/reports/plugin_formatters/xml/content_types.rb +41 -66
- data/reports/plugin_formatters/xml/cookie_collector.rb +29 -49
- data/reports/plugin_formatters/xml/discovery.rb +23 -41
- data/reports/plugin_formatters/xml/form_dicattack.rb +22 -40
- data/reports/plugin_formatters/xml/healthmap.rb +44 -63
- data/reports/plugin_formatters/xml/http_dicattack.rb +22 -41
- data/reports/plugin_formatters/xml/profiler.rb +65 -89
- data/reports/plugin_formatters/xml/resolver.rb +21 -41
- data/reports/plugin_formatters/xml/timing_attacks.rb +27 -45
- data/reports/plugin_formatters/xml/uniformity.rb +36 -55
- data/reports/plugin_formatters/xml/waf_detector.rb +23 -42
- data/reports/stdout.rb +120 -121
- data/reports/txt.rb +29 -45
- data/reports/xml.rb +109 -148
- data/reports/xml/buffer.rb +66 -79
- data/reports/yaml.rb +26 -28
- data/rpcd_handlers/placeholder +0 -0
- data/spec/arachni/audit_store_spec.rb +223 -0
- data/spec/arachni/bloom_filter_spec.rb +76 -0
- data/spec/arachni/cache/base_spec.rb +275 -0
- data/spec/arachni/cache/least_cost_replacement_spec.rb +58 -0
- data/spec/arachni/cache/least_recently_used_spec.rb +91 -0
- data/spec/arachni/cache/random_replacement_spec.rb +43 -0
- data/spec/arachni/component/manager_spec.rb +448 -0
- data/spec/arachni/component/options/address_spec.rb +32 -0
- data/spec/arachni/component/options/base_spec.rb +105 -0
- data/spec/arachni/component/options/bool_spec.rb +67 -0
- data/spec/arachni/component/options/enum_spec.rb +51 -0
- data/spec/arachni/component/options/float_spec.rb +42 -0
- data/spec/arachni/component/options/int_spec.rb +46 -0
- data/spec/arachni/component/options/path_spec.rb +32 -0
- data/spec/arachni/component/options/port_spec.rb +38 -0
- data/spec/arachni/component/options/string_spec.rb +38 -0
- data/spec/arachni/component/options/url_spec.rb +36 -0
- data/spec/arachni/crypto/rsa_aes_cbc_spec.rb +31 -0
- data/spec/arachni/database/hash_spec.rb +217 -0
- data/spec/arachni/database/queue_spec.rb +52 -0
- data/spec/arachni/element/base_spec.rb +127 -0
- data/spec/arachni/element/body_spec.rb +9 -0
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +47 -0
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +110 -0
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +107 -0
- data/spec/arachni/element/capabilities/mutable_spec.rb +261 -0
- data/spec/arachni/element/cookie_spec.rb +362 -0
- data/spec/arachni/element/form_spec.rb +668 -0
- data/spec/arachni/element/header_spec.rb +49 -0
- data/spec/arachni/element/link_spec.rb +220 -0
- data/spec/arachni/element/path_spec.rb +9 -0
- data/spec/arachni/element/server_spec.rb +9 -0
- data/spec/arachni/framework_spec.rb +860 -0
- data/spec/arachni/http/cookie_jar_spec.rb +267 -0
- data/spec/arachni/http_spec.rb +991 -0
- data/spec/arachni/issue_spec.rb +307 -0
- data/spec/arachni/mixins/observable_spec.rb +59 -0
- data/spec/arachni/mixins/progress_bar_spec.rb +41 -0
- data/spec/arachni/module/auditor_spec.rb +506 -0
- data/spec/arachni/module/element_db_spec.rb +131 -0
- data/spec/arachni/module/key_filler.rb +15 -0
- data/spec/arachni/module/manager_spec.rb +154 -0
- data/spec/arachni/module/trainer_spec.rb +102 -0
- data/spec/arachni/module/utilities_spec.rb +30 -0
- data/spec/arachni/module/utilities_spec/read_file.txt +3 -0
- data/spec/arachni/options_spec.rb +555 -0
- data/spec/arachni/page_spec.rb +290 -0
- data/spec/arachni/parser_spec.rb +508 -0
- data/spec/arachni/plugin/manager_spec.rb +174 -0
- data/spec/arachni/report/base_spec.rb +53 -0
- data/spec/arachni/report/manager_spec.rb +82 -0
- data/spec/arachni/rpc/client/base_spec.rb +157 -0
- data/spec/arachni/rpc/client/dispatcher_spec.rb +40 -0
- data/spec/arachni/rpc/client/instance_spec.rb +92 -0
- data/spec/arachni/rpc/server/base_spec.rb +40 -0
- data/spec/arachni/rpc/server/dispatcher/handler.rb +120 -0
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +220 -0
- data/spec/arachni/rpc/server/dispatcher_spec.rb +136 -0
- data/spec/arachni/rpc/server/distributor_spec.rb +628 -0
- data/spec/arachni/rpc/server/framework_hpg_spec.rb +321 -0
- data/spec/arachni/rpc/server/framework_simple_spec.rb +453 -0
- data/spec/arachni/rpc/server/instance_spec.rb +81 -0
- data/spec/arachni/rpc/server/modules/manager_spec.rb +79 -0
- data/spec/arachni/rpc/server/options_spec.rb +124 -0
- data/spec/arachni/rpc/server/output_spec.rb +238 -0
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +86 -0
- data/spec/arachni/ruby/array_spec.rb +103 -0
- data/spec/arachni/ruby/enumerable_spec.rb +37 -0
- data/spec/arachni/ruby/object_spec.rb +38 -0
- data/spec/arachni/ruby/string_spec.rb +77 -0
- data/spec/arachni/ruby/webrick_spec.rb +15 -0
- data/spec/arachni/session_spec.rb +308 -0
- data/spec/arachni/spider_spec.rb +383 -0
- data/spec/arachni/typhoeus/hydra_spec.rb +14 -0
- data/spec/arachni/typhoeus/requrest_spec.rb +58 -0
- data/spec/arachni/typhoeus/response_spec.rb +78 -0
- data/spec/arachni/uri_spec.rb +462 -0
- data/spec/arachni/utilities_spec.rb +297 -0
- data/spec/fixtures/auditstore.afr +2959 -0
- data/spec/fixtures/cookies.txt +9 -0
- data/spec/fixtures/modules/test.rb +58 -0
- data/spec/fixtures/modules/test2.rb +46 -0
- data/spec/fixtures/modules/test3.rb +46 -0
- data/spec/fixtures/passwords.txt +17 -0
- data/spec/fixtures/plugins/bad.rb +46 -0
- data/spec/fixtures/plugins/defaults/default.rb +45 -0
- data/spec/fixtures/plugins/distributable.rb +42 -0
- data/spec/fixtures/plugins/loop.rb +32 -0
- data/spec/fixtures/plugins/wait.rb +34 -0
- data/spec/fixtures/plugins/with_options.rb +31 -0
- data/spec/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +21 -0
- data/spec/fixtures/reports/base_spec/with_formatters.rb +23 -0
- data/spec/fixtures/reports/base_spec/with_outfile.rb +24 -0
- data/spec/fixtures/reports/base_spec/without_outfile.rb +20 -0
- data/spec/fixtures/reports/manager_spec/afr.rb +21 -0
- data/spec/fixtures/reports/manager_spec/foo.rb +26 -0
- data/spec/fixtures/rescan.afr.tpl +145 -0
- data/spec/fixtures/rpcd_handlers/echo.rb +68 -0
- data/spec/fixtures/run_mod/body.rb +58 -0
- data/spec/fixtures/run_mod/cookies.rb +58 -0
- data/spec/fixtures/run_mod/empty.rb +58 -0
- data/spec/fixtures/run_mod/flch.rb +63 -0
- data/spec/fixtures/run_mod/forms.rb +58 -0
- data/spec/fixtures/run_mod/headers.rb +58 -0
- data/spec/fixtures/run_mod/links.rb +58 -0
- data/spec/fixtures/run_mod/nil.rb +57 -0
- data/spec/fixtures/run_mod/path.rb +58 -0
- data/spec/fixtures/run_mod/server.rb +58 -0
- data/spec/fixtures/script_plugin.rb +1 -0
- data/spec/fixtures/taint_module/taint.rb +48 -0
- data/spec/fixtures/usernames.txt +13 -0
- data/spec/fixtures/wait_module/wait.rb +48 -0
- data/spec/helpers/auditor.rb +9 -0
- data/spec/helpers/misc.rb +41 -0
- data/spec/helpers/processes.rb +112 -0
- data/spec/helpers/requires.rb +8 -0
- data/spec/helpers/server.rb +54 -0
- data/spec/logs/Dispatcher - 2752-13830.log +49 -0
- data/spec/logs/Dispatcher - 2766-8238.log +35 -0
- data/spec/logs/Dispatcher - 2808-9029.log +31 -0
- data/spec/logs/Dispatcher - 2854-8571.log +26 -0
- data/spec/logs/Dispatcher - 2888-10411.log +20 -0
- data/spec/logs/Dispatcher - 2922-14464.log +13 -0
- data/spec/logs/Dispatcher - 2957-15255.log +19 -0
- data/spec/logs/Dispatcher - 3216-14203.log +35 -0
- data/spec/logs/Dispatcher - 3305-8622.log +43 -0
- data/spec/logs/Dispatcher - 3340-15426.log +35 -0
- data/spec/logs/Dispatcher - 3399-12586.log +40 -0
- data/spec/logs/Dispatcher - 3433-14149.log +26 -0
- data/spec/logs/Dispatcher - 3582-6198.log +27 -0
- data/spec/logs/Dispatcher - 3616-11169.log +13 -0
- data/spec/logs/Dispatcher - 3849-9016.log +7 -0
- data/spec/logs/output_spec.log +4 -0
- data/spec/logs/placeholder +0 -0
- data/spec/modules/audit/code_injection_spec.rb +25 -0
- data/spec/modules/audit/code_injection_timing_spec.rb +24 -0
- data/spec/modules/audit/csrf_spec.rb +38 -0
- data/spec/modules/audit/ldapi_spec.rb +19 -0
- data/spec/modules/audit/os_cmd_injection_spec.rb +24 -0
- data/spec/modules/audit/os_cmd_injection_timing_spec.rb +24 -0
- data/spec/modules/audit/path_traversal_spec.rb +23 -0
- data/spec/modules/audit/response_splitting_spec.rb +19 -0
- data/spec/modules/audit/rfi_spec.rb +19 -0
- data/spec/modules/audit/session_fixation_spec.rb +23 -0
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +19 -0
- data/spec/modules/audit/sqli_blind_timing_spec.rb +23 -0
- data/spec/modules/audit/sqli_spec.rb +24 -0
- data/spec/modules/audit/trainer_spec.rb +25 -0
- data/spec/modules/audit/unvalidated_redirect_spec.rb +24 -0
- data/spec/modules/audit/xpath_spec.rb +25 -0
- data/spec/modules/audit/xss_event_spec.rb +19 -0
- data/spec/modules/audit/xss_path_spec.rb +19 -0
- data/spec/modules/audit/xss_script_tag_spec.rb +19 -0
- data/spec/modules/audit/xss_spec.rb +24 -0
- data/spec/modules/audit/xss_tag_spec.rb +19 -0
- data/spec/modules/recon/allowed_methods_spec.rb +19 -0
- data/spec/modules/recon/backdoors_spec.rb +19 -0
- data/spec/modules/recon/backup_files_spec.rb +19 -0
- data/spec/modules/recon/common_directories_spec.rb +19 -0
- data/spec/modules/recon/common_files_spec.rb +19 -0
- data/spec/modules/recon/directory_listing_spec.rb +19 -0
- data/spec/modules/recon/grep/captcha_spec.rb +19 -0
- data/spec/modules/recon/grep/credit_card_spec.rb +19 -0
- data/spec/modules/recon/grep/cvs_svn_users_spec.rb +19 -0
- data/spec/modules/recon/grep/emails_spec.rb +19 -0
- data/spec/modules/recon/grep/html_objects_spec.rb +19 -0
- data/spec/modules/recon/grep/http_only_cookies_spec.rb +19 -0
- data/spec/modules/recon/grep/insecure_cookies_spec.rb +19 -0
- data/spec/modules/recon/grep/mixed_resource_spec.rb +20 -0
- data/spec/modules/recon/grep/private_ip_spec.rb +26 -0
- data/spec/modules/recon/grep/ssn_spec.rb +19 -0
- data/spec/modules/recon/grep/unencrypted_password_forms_spec.rb +19 -0
- data/spec/modules/recon/htaccess_limit_spec.rb +19 -0
- data/spec/modules/recon/http_put_spec.rb +19 -0
- data/spec/modules/recon/interesting_responses_spec.rb +27 -0
- data/spec/modules/recon/webdav_spec.rb +19 -0
- data/spec/modules/recon/xst_spec.rb +19 -0
- data/spec/path_extractors/anchors_spec.rb +19 -0
- data/spec/path_extractors/forms_spec.rb +19 -0
- data/spec/path_extractors/frames_spec.rb +20 -0
- data/spec/path_extractors/generic_spec.rb +28 -0
- data/spec/path_extractors/links_spec.rb +19 -0
- data/spec/path_extractors/meta_refresh_spec.rb +24 -0
- data/spec/path_extractors/scripts_spec.rb +19 -0
- data/spec/pems/cacert.pem +39 -0
- data/spec/pems/client/cert.pem +39 -0
- data/spec/pems/client/foo-cert.pem +39 -0
- data/spec/pems/client/foo-key.pem +51 -0
- data/spec/pems/client/key.pem +51 -0
- data/spec/pems/server/cert.pem +39 -0
- data/spec/pems/server/key.pem +51 -0
- data/spec/plugins/autologin_spec.rb +76 -0
- data/spec/plugins/autothrottle_spec.rb +45 -0
- data/spec/plugins/content_types_spec.rb +93 -0
- data/spec/plugins/cookie_collector_spec.rb +32 -0
- data/spec/plugins/form_dicattack_spec.rb +60 -0
- data/spec/plugins/healthmap_spec.rb +40 -0
- data/spec/plugins/http_dicattack_spec.rb +40 -0
- data/spec/plugins/meta/remedies/discovery_spec.rb +15 -0
- data/spec/plugins/meta/remedies/manual_verification_spec.rb +28 -0
- data/spec/plugins/meta/remedies/timing_attacks_spec.rb +30 -0
- data/spec/plugins/meta/uniformity_spec.rb +83 -0
- data/spec/plugins/profiler_spec.rb +82 -0
- data/spec/plugins/rescan_spec.rb +26 -0
- data/spec/plugins/resolver_spec.rb +16 -0
- data/spec/plugins/script_spec.rb +12 -0
- data/spec/plugins/vector_feed_spec.rb +155 -0
- data/spec/plugins/waf_detector_spec.rb +41 -0
- data/spec/reports/afr_spec.rb +13 -0
- data/spec/reports/ap_spec.rb +9 -0
- data/spec/reports/html_spec.rb +13 -0
- data/spec/reports/json_spec.rb +17 -0
- data/spec/reports/marshal_spec.rb +13 -0
- data/spec/reports/stdout_spec.rb +9 -0
- data/spec/reports/txt_spec.rb +8 -0
- data/spec/reports/xml_spec.rb +13 -0
- data/spec/reports/yaml_spec.rb +13 -0
- data/spec/servers/arachni/element/capabilities/auditable/rdiff.rb +36 -0
- data/spec/servers/arachni/element/capabilities/auditable/taint.rb +10 -0
- data/spec/servers/arachni/element/capabilities/auditable/timeout.rb +30 -0
- data/spec/servers/arachni/element/cookie.rb +37 -0
- data/spec/servers/arachni/element/form.rb +93 -0
- data/spec/servers/arachni/element/header.rb +22 -0
- data/spec/servers/arachni/element/link.rb +26 -0
- data/spec/servers/arachni/framework.rb +54 -0
- data/spec/servers/arachni/http.rb +140 -0
- data/spec/servers/arachni/http_auth.rb +9 -0
- data/spec/servers/arachni/module/auditor.rb +135 -0
- data/spec/servers/arachni/module/trainer.rb +40 -0
- data/spec/servers/arachni/parser.rb +70 -0
- data/spec/servers/arachni/rpc/server/framework_hpg.rb +21 -0
- data/spec/servers/arachni/rpc/server/framework_simple.rb +30 -0
- data/spec/servers/arachni/session.rb +110 -0
- data/spec/servers/arachni/spider.rb +148 -0
- data/spec/servers/modules/audit/code_injection.rb +140 -0
- data/spec/servers/modules/audit/code_injection_timing.rb +110 -0
- data/spec/servers/modules/audit/csrf.rb +80 -0
- data/spec/servers/modules/audit/ldapi.rb +73 -0
- data/spec/servers/modules/audit/os_cmd_injection.rb +140 -0
- data/spec/servers/modules/audit/os_cmd_injection_timing.rb +111 -0
- data/spec/servers/modules/audit/path_traversal.rb +176 -0
- data/spec/servers/modules/audit/response_splitting.rb +114 -0
- data/spec/servers/modules/audit/rfi.rb +113 -0
- data/spec/servers/modules/audit/session_fixation.rb +87 -0
- data/spec/servers/modules/audit/sqli.rb +118 -0
- data/spec/servers/modules/audit/sqli/coldfusion +1 -0
- data/spec/servers/modules/audit/sqli/db2 +4 -0
- data/spec/servers/modules/audit/sqli/emc +2 -0
- data/spec/servers/modules/audit/sqli/informix +3 -0
- data/spec/servers/modules/audit/sqli/interbase +2 -0
- data/spec/servers/modules/audit/sqli/jdbc +0 -0
- data/spec/servers/modules/audit/sqli/mssql +26 -0
- data/spec/servers/modules/audit/sqli/mysql +13 -0
- data/spec/servers/modules/audit/sqli/oracle +6 -0
- data/spec/servers/modules/audit/sqli/postgresql +7 -0
- data/spec/servers/modules/audit/sqli/sqlite +4 -0
- data/spec/servers/modules/audit/sqli/sybase +0 -0
- data/spec/servers/modules/audit/sqli_blind_rdiff.rb +74 -0
- data/spec/servers/modules/audit/sqli_blind_timing.rb +121 -0
- data/spec/servers/modules/audit/trainer_module.rb +160 -0
- data/spec/servers/modules/audit/unvalidated_redirect.rb +115 -0
- data/spec/servers/modules/audit/xpath.rb +111 -0
- data/spec/servers/modules/audit/xpath/dotnet +5 -0
- data/spec/servers/modules/audit/xpath/general +13 -0
- data/spec/servers/modules/audit/xpath/java +3 -0
- data/spec/servers/modules/audit/xpath/libxml2 +2 -0
- data/spec/servers/modules/audit/xpath/php +2 -0
- data/spec/servers/modules/audit/xss.rb +152 -0
- data/spec/servers/modules/audit/xss_event.rb +80 -0
- data/spec/servers/modules/audit/xss_path.rb +44 -0
- data/spec/servers/modules/audit/xss_script_tag.rb +73 -0
- data/spec/servers/modules/audit/xss_tag.rb +139 -0
- data/spec/servers/modules/module_server.rb +14 -0
- data/spec/servers/modules/recon/allowed_methods.rb +5 -0
- data/spec/servers/modules/recon/backdoors.rb +4 -0
- data/spec/servers/modules/recon/backup_files.rb +28 -0
- data/spec/servers/modules/recon/common_directories.rb +6 -0
- data/spec/servers/modules/recon/common_files.rb +6 -0
- data/spec/servers/modules/recon/directory_listing.rb +30 -0
- data/spec/servers/modules/recon/grep/captcha.rb +27 -0
- data/spec/servers/modules/recon/grep/credit_card.rb +28 -0
- data/spec/servers/modules/recon/grep/cvs_svn_users.rb +23 -0
- data/spec/servers/modules/recon/grep/emails.rb +21 -0
- data/spec/servers/modules/recon/grep/html_objects.rb +7 -0
- data/spec/servers/modules/recon/grep/http_only_cookies.rb +21 -0
- data/spec/servers/modules/recon/grep/insecure_cookies.rb +21 -0
- data/spec/servers/modules/recon/grep/mixed_resource.rb +83 -0
- data/spec/servers/modules/recon/grep/private_ip.rb +18 -0
- data/spec/servers/modules/recon/grep/ssn.rb +5 -0
- data/spec/servers/modules/recon/grep/unencrypted_password_forms.rb +33 -0
- data/spec/servers/modules/recon/htaccess_limit.rb +8 -0
- data/spec/servers/modules/recon/http_put.rb +7 -0
- data/spec/servers/modules/recon/interesting_responses.rb +5 -0
- data/spec/servers/modules/recon/webdav.rb +25 -0
- data/spec/servers/modules/recon/xst.rb +6 -0
- data/spec/servers/plugins/autologin.rb +38 -0
- data/spec/servers/plugins/autothrottle.rb +8 -0
- data/spec/servers/plugins/content_types.rb +17 -0
- data/spec/servers/plugins/cookie_collector.rb +20 -0
- data/spec/servers/plugins/form_dicattack.rb +28 -0
- data/spec/servers/plugins/healthmap.rb +16 -0
- data/spec/servers/plugins/http_dicattack.rb +9 -0
- data/spec/servers/plugins/http_dicattack_secure.rb +9 -0
- data/spec/servers/plugins/http_dicattack_unprotected.rb +5 -0
- data/spec/servers/plugins/meta/remedies/discovery.rb +7 -0
- data/spec/servers/plugins/meta/remedies/timing_attacks.rb +29 -0
- data/spec/servers/plugins/profiler.rb +82 -0
- data/spec/servers/plugins/rescan.rb +31 -0
- data/spec/servers/plugins/waf_detector.rb +33 -0
- data/spec/shared/component.rb +43 -0
- data/spec/shared/element/capabilities/auditable.rb +729 -0
- data/spec/shared/element/capabilities/refreshable.rb +56 -0
- data/spec/shared/module.rb +162 -0
- data/spec/shared/path_extractor.rb +47 -0
- data/spec/shared/plugin.rb +50 -0
- data/spec/shared/reports.rb +47 -0
- data/spec/spec_helper.rb +53 -0
- metadata +870 -323
- data/extras/modules/recon/raft_dirs.rb +0 -108
- data/extras/modules/recon/raft_dirs/raft-large-directories.txt +0 -62290
- data/extras/modules/recon/raft_files.rb +0 -110
- data/extras/modules/recon/raft_files/raft-large-files.txt +0 -37037
- data/extras/modules/recon/svn_digger_dirs.rb +0 -108
- data/extras/modules/recon/svn_digger_dirs/Licence.txt +0 -674
- data/extras/modules/recon/svn_digger_dirs/ReadMe-Arachni.txt +0 -4
- data/extras/modules/recon/svn_digger_dirs/ReadMe.txt +0 -6
- data/extras/modules/recon/svn_digger_dirs/all-dirs.txt +0 -5960
- data/extras/modules/recon/svn_digger_files.rb +0 -114
- data/extras/modules/recon/svn_digger_files/Licence.txt +0 -674
- data/extras/modules/recon/svn_digger_files/ReadMe-Arachni.txt +0 -4
- data/extras/modules/recon/svn_digger_files/ReadMe.txt +0 -6
- data/extras/modules/recon/svn_digger_files/all-extensionless.txt +0 -25419
- data/extras/modules/recon/svn_digger_files/all.txt +0 -43135
- data/lib/arachni/component_manager.rb +0 -293
- data/lib/arachni/component_options.rb +0 -425
- data/lib/arachni/parser/auditable.rb +0 -606
- data/lib/arachni/parser/elements.rb +0 -315
- data/lib/arachni/parser/page.rb +0 -168
- data/lib/arachni/parser/parser.rb +0 -866
- data/lib/arachni/rpc/server/options.rb +0 -95
- data/lib/arachni/ui/web/addons/autodeploy.rb +0 -207
- data/lib/arachni/ui/web/addons/autodeploy/lib/manager.rb +0 -398
- data/lib/arachni/ui/web/addons/autodeploy/views/index.erb +0 -291
- data/modules/recon/mixed_resource.rb +0 -100
- data/modules/recon/unencrypted_password_forms.rb +0 -107
- data/path_extractors/sitemap.rb +0 -31
- data/plugins/defaults/metamodules/remedies/manual_verification.rb +0 -65
- data/plugins/defaults/metamodules/remedies/timing_attacks.rb +0 -134
- data/plugins/defaults/metamodules/uniformity.rb +0 -99
- data/reports/metareport/arachni_metareport.rb +0 -174
- data/reports/plugin_formatters/stdout/metamodules.rb +0 -82
@@ -1,7 +1,21 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
3
9
|
|
4
|
-
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
5
16
|
|
6
|
-
|
17
|
+
module Typhoeus
|
18
|
+
class Hydra
|
19
|
+
attr_accessor :max_concurrency
|
20
|
+
end
|
7
21
|
end
|
@@ -1,93 +1,80 @@
|
|
1
1
|
=begin
|
2
|
-
|
3
|
-
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
8
7
|
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
9
15
|
=end
|
10
16
|
|
11
17
|
#
|
12
|
-
#
|
18
|
+
# Overrides the on_complete methods of Typhoeus adding support
|
13
19
|
# for multiple on_complete blocks.
|
14
20
|
#
|
15
|
-
# Also
|
21
|
+
# Also adds support for on demand training of the response and
|
16
22
|
# incremental request id numbers.
|
17
23
|
#
|
18
24
|
module Typhoeus
|
25
|
+
class Request
|
19
26
|
|
20
|
-
|
21
|
-
|
22
|
-
attr_accessor :id
|
27
|
+
attr_accessor :id
|
23
28
|
|
24
|
-
|
29
|
+
alias :old_initialize :initialize
|
30
|
+
def initialize( url, options = {} )
|
31
|
+
old_initialize( url, options )
|
25
32
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
@train = false
|
33
|
-
@update_cookies = false
|
34
|
-
end
|
35
|
-
|
36
|
-
def on_complete( multi = false, &block )
|
37
|
-
|
38
|
-
# remember user preference for subsequent calls
|
39
|
-
if( multi || @multiple_callbacks )
|
40
|
-
@multiple_callbacks = true
|
41
|
-
@on_complete << block
|
42
|
-
else
|
43
|
-
@on_complete = block
|
44
|
-
end
|
45
|
-
|
46
|
-
end
|
47
|
-
|
48
|
-
def on_complete=( multi = false, proc )
|
49
|
-
|
50
|
-
# remember user preference for subsequent calls
|
51
|
-
if( multi || @multiple_callbacks )
|
52
|
-
@multiple_callbacks = true
|
53
|
-
@on_complete << proc
|
54
|
-
else
|
55
|
-
@on_complete = proc
|
56
|
-
end
|
33
|
+
@on_complete = []
|
34
|
+
@handled_response = []
|
35
|
+
@multiple_callbacks = false
|
36
|
+
@train = false
|
37
|
+
@update_cookies = false
|
38
|
+
end
|
57
39
|
|
40
|
+
def on_complete( multi = false, &block )
|
41
|
+
# remember user preference for subsequent calls
|
42
|
+
if multi || @multiple_callbacks
|
43
|
+
@multiple_callbacks = true
|
44
|
+
@on_complete << block
|
45
|
+
else
|
46
|
+
@on_complete = block
|
58
47
|
end
|
59
48
|
|
60
|
-
|
61
|
-
|
62
|
-
if @on_complete.is_a? Array
|
63
|
-
|
64
|
-
@on_complete.each do |callback|
|
65
|
-
@handled_response << callback.call(response)
|
66
|
-
end
|
49
|
+
end
|
67
50
|
|
68
|
-
|
69
|
-
|
51
|
+
def call_handlers
|
52
|
+
if @on_complete.is_a? Array
|
53
|
+
@on_complete.each do |callback|
|
54
|
+
@handled_response << callback.call( response )
|
70
55
|
end
|
71
|
-
|
72
|
-
|
56
|
+
else
|
57
|
+
@handled_response << @on_complete.call( response )
|
73
58
|
end
|
74
59
|
|
75
|
-
|
76
|
-
|
77
|
-
end
|
60
|
+
call_after_complete
|
61
|
+
end
|
78
62
|
|
79
|
-
|
80
|
-
|
81
|
-
|
63
|
+
def train?
|
64
|
+
@train
|
65
|
+
end
|
82
66
|
|
83
|
-
|
84
|
-
|
85
|
-
|
67
|
+
def train
|
68
|
+
@train = true
|
69
|
+
end
|
86
70
|
|
87
|
-
|
88
|
-
|
89
|
-
|
71
|
+
def update_cookies?
|
72
|
+
@update_cookies
|
73
|
+
end
|
90
74
|
|
75
|
+
def update_cookies
|
76
|
+
@update_cookies = true
|
91
77
|
end
|
92
78
|
|
93
79
|
end
|
80
|
+
end
|
@@ -1,38 +1,78 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
1
16
|
|
2
17
|
module Typhoeus
|
3
|
-
|
18
|
+
class Response
|
19
|
+
|
20
|
+
alias :old_initialize :initialize
|
21
|
+
def initialize( *args )
|
22
|
+
old_initialize( *args )
|
23
|
+
@body = @body.repack if @body
|
24
|
+
end
|
25
|
+
|
26
|
+
def []( k )
|
27
|
+
find_header_value( k )
|
28
|
+
end
|
29
|
+
|
30
|
+
def []=( k, v )
|
31
|
+
headers_hash[find_header_field( k ) || k] = v
|
32
|
+
end
|
33
|
+
|
34
|
+
def each( &block )
|
35
|
+
headers_hash.each( &block )
|
36
|
+
end
|
37
|
+
|
38
|
+
def content_type
|
39
|
+
find_header_value( 'content-type' )
|
40
|
+
end
|
41
|
+
|
42
|
+
def location
|
43
|
+
find_header_value( 'location' )
|
44
|
+
end
|
4
45
|
|
5
46
|
def redirection?
|
6
|
-
(300
|
47
|
+
(300..399).include?( @code ) || !location.nil?
|
7
48
|
end
|
8
49
|
|
9
|
-
#
|
10
|
-
# Converts obj to hash
|
11
|
-
#
|
12
|
-
# @param [Object] obj instance of an object
|
13
|
-
#
|
14
|
-
# @return [Hash]
|
15
|
-
#
|
50
|
+
# @return [Hash] converts self to hash
|
16
51
|
def to_hash
|
17
|
-
hash =
|
18
|
-
instance_variables.each
|
19
|
-
|
20
|
-
|
21
|
-
hash[key] = instance_variable_get( var )
|
22
|
-
|
23
|
-
}
|
52
|
+
hash = {}
|
53
|
+
instance_variables.each do |var|
|
54
|
+
hash[var.to_s.gsub( /@/, '' )] = instance_variable_get( var )
|
55
|
+
end
|
24
56
|
|
25
57
|
hash['headers_hash'] = {}
|
26
|
-
headers_hash.each_pair {
|
27
|
-
|k, v|
|
28
|
-
hash['headers_hash'][k] = v
|
29
|
-
}
|
58
|
+
headers_hash.to_hash.each_pair { |k, v| hash['headers_hash'][k] = v }
|
30
59
|
|
31
60
|
hash.delete( 'request' )
|
61
|
+
hash
|
62
|
+
end
|
32
63
|
|
33
|
-
|
64
|
+
private
|
65
|
+
def find_header_value( field )
|
66
|
+
return if !headers_hash.is_a?( Hash ) || headers_hash[field].empty?
|
67
|
+
headers_hash.to_hash.each { |k, v| return v if k.downcase == field.downcase }
|
68
|
+
nil
|
34
69
|
end
|
35
70
|
|
71
|
+
def find_header_field( field )
|
72
|
+
return if !headers_hash.is_a?( Hash ) || headers_hash[field].empty?
|
73
|
+
headers_hash.to_hash.each { |k, v| return k if k.downcase == field.downcase }
|
74
|
+
nil
|
75
|
+
end
|
36
76
|
|
37
|
-
|
77
|
+
end
|
38
78
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
16
|
+
|
17
|
+
module Typhoeus::Utils
|
18
|
+
def escape( s )
|
19
|
+
s.encode( 'UTF-8', invalid: :replace, undef: :replace ).
|
20
|
+
to_s.gsub( /([^ a-zA-Z0-9_.-]+)/u ) {
|
21
|
+
'%' + $1.unpack( 'H2' * bytesize( $1 ) ).join( '%' ).upcase
|
22
|
+
}.tr( ' ', '+' )
|
23
|
+
end
|
24
|
+
module_function :escape
|
25
|
+
end
|
data/lib/arachni/ui/cli/cli.rb
CHANGED
@@ -1,63 +1,61 @@
|
|
1
1
|
=begin
|
2
|
-
|
3
|
-
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
8
7
|
|
9
|
-
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
10
9
|
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
11
16
|
|
12
17
|
module Arachni
|
13
18
|
|
14
|
-
require Options.
|
15
|
-
require Options.
|
16
|
-
require Options.
|
17
|
-
require Options.
|
19
|
+
require Options.dir['lib'] + 'ui/cli/output'
|
20
|
+
require Options.dir['mixins'] + 'terminal'
|
21
|
+
require Options.dir['mixins'] + 'progress_bar'
|
22
|
+
require Options.dir['arachni']
|
18
23
|
|
19
24
|
module UI
|
20
25
|
|
21
26
|
#
|
22
|
-
# Arachni
|
23
|
-
#
|
24
|
-
# Provides a command line interface for the Arachni Framework.<br/>
|
25
|
-
# Most of the logic is in the Framework class however profiles can only<br/>
|
27
|
+
# Provides a command line interface for the Arachni Framework.
|
28
|
+
# Most of the logic is in the Framework class however profiles can only
|
26
29
|
# be loaded and saved at this level.
|
27
30
|
#
|
28
|
-
# @author
|
29
|
-
#
|
30
|
-
#
|
31
|
-
# @version: 0.1.9
|
31
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
32
|
+
#
|
33
|
+
# @version 0.1.9.1
|
32
34
|
# @see Arachni::Framework
|
33
35
|
#
|
34
36
|
class CLI
|
35
|
-
include ::Arachni
|
36
|
-
include
|
37
|
+
include ::Arachni
|
38
|
+
include Mixins::Terminal
|
39
|
+
include Mixins::ProgressBar
|
40
|
+
|
41
|
+
# the output interface for CLI
|
42
|
+
include UI::Output
|
43
|
+
include Utilities
|
37
44
|
|
38
|
-
#
|
39
|
-
# Instance options
|
40
|
-
#
|
41
45
|
# @return [Options]
|
42
|
-
#
|
43
46
|
attr_reader :opts
|
44
47
|
|
45
|
-
# the output interface for CLI
|
46
|
-
include Arachni::UI::Output
|
47
|
-
include Arachni::Module::Utilities
|
48
|
-
|
49
48
|
#
|
50
49
|
# Initializes the command line interface and the framework
|
51
50
|
#
|
52
51
|
# @param [Options] opts
|
53
52
|
#
|
54
53
|
def initialize( opts )
|
55
|
-
|
56
54
|
@opts = opts
|
57
55
|
|
58
56
|
# if we have a load profile load it and merge it with the
|
59
57
|
# user supplied options
|
60
|
-
if
|
58
|
+
if @opts.load_profile
|
61
59
|
load_profile( @opts.load_profile )
|
62
60
|
end
|
63
61
|
|
@@ -71,32 +69,33 @@ class CLI
|
|
71
69
|
# *do not* forget this check, otherwise the reports registry
|
72
70
|
# will desync
|
73
71
|
#
|
74
|
-
if
|
72
|
+
if @opts.reports.empty? && @opts.lsrep.empty?
|
75
73
|
@opts.reports['stdout'] = {}
|
76
74
|
end
|
77
75
|
|
78
76
|
# instantiate the big-boy!
|
79
|
-
@arachni =
|
80
|
-
|
77
|
+
@arachni = Framework.new( @opts )
|
81
78
|
|
82
79
|
# echo the banner
|
83
|
-
banner
|
80
|
+
banner
|
84
81
|
|
85
82
|
# work on the user supplied arguments
|
86
|
-
parse_opts
|
83
|
+
parse_opts
|
87
84
|
|
88
85
|
@interrupt_handler = nil
|
89
86
|
|
90
87
|
# trap Ctrl+C interrupts
|
91
|
-
trap( 'INT' ) { handle_interrupt
|
88
|
+
trap( 'INT' ) { handle_interrupt }
|
89
|
+
|
90
|
+
# trap SIGUSR1 interrupts
|
91
|
+
trap ( 'USR1' ) { handle_usr1_interrupt }
|
92
92
|
end
|
93
93
|
|
94
94
|
#
|
95
95
|
# Runs Arachni
|
96
96
|
#
|
97
|
-
def run
|
98
|
-
|
99
|
-
print_status( 'Initing...' )
|
97
|
+
def run
|
98
|
+
print_status 'Initialising...'
|
100
99
|
|
101
100
|
begin
|
102
101
|
# we may need to kill the audit so put it in a thread
|
@@ -104,40 +103,43 @@ class CLI
|
|
104
103
|
# start the show!
|
105
104
|
@arachni.run {
|
106
105
|
kill_interrupt_handler
|
107
|
-
clear_screen
|
106
|
+
clear_screen
|
108
107
|
}
|
109
108
|
print_stats
|
110
109
|
}
|
111
110
|
|
112
111
|
@audit.join
|
113
112
|
|
114
|
-
# if the user requested to exit the scan wait
|
115
|
-
# Thread that takes care of the clean
|
113
|
+
# if the user requested to exit the scan wait for the
|
114
|
+
# Thread that takes care of the clean-up to finish
|
116
115
|
@exit_handler.join if @exit_handler
|
117
|
-
rescue
|
118
|
-
print_error
|
119
|
-
|
120
|
-
print_info( "with the '--lsmod' parameter to see all available modules." )
|
116
|
+
rescue Component::Manager::InvalidOptions => e
|
117
|
+
print_error e
|
118
|
+
print_error_backtrace e
|
121
119
|
print_line
|
122
|
-
exit
|
123
|
-
rescue
|
124
|
-
print_error
|
125
|
-
print_info
|
120
|
+
exit 1
|
121
|
+
rescue Exceptions::NoMods => e
|
122
|
+
print_error e
|
123
|
+
print_info "Run arachni with the '-h' parameter for help or "
|
124
|
+
print_info "with the '--lsmod' parameter to see all available modules."
|
126
125
|
print_line
|
127
|
-
exit
|
126
|
+
exit 1
|
127
|
+
rescue Exceptions => e
|
128
|
+
print_error e
|
129
|
+
print_info "Run arachni with the '-h' parameter for help."
|
130
|
+
print_line
|
131
|
+
exit 1
|
128
132
|
rescue Exception => e
|
129
|
-
|
130
|
-
|
133
|
+
print_error e
|
134
|
+
print_error_backtrace e
|
135
|
+
exit 1
|
131
136
|
end
|
132
137
|
end
|
133
138
|
|
134
139
|
private
|
135
140
|
|
136
141
|
def print_stats( refresh_time = false, unmute = false )
|
137
|
-
|
138
142
|
stats = @arachni.stats( refresh_time )
|
139
|
-
|
140
|
-
audited = stats[:auditmap_size]
|
141
143
|
mapped = stats[:sitemap_size]
|
142
144
|
|
143
145
|
print_line( restr, unmute )
|
@@ -195,14 +197,14 @@ class CLI
|
|
195
197
|
def kill_interrupt_handler
|
196
198
|
@@only_positives = @only_positives_opt
|
197
199
|
@interrupt_handler.exit if @interrupt_handler
|
198
|
-
unmute
|
200
|
+
unmute
|
199
201
|
end
|
200
202
|
|
201
203
|
#
|
202
204
|
# Handles Ctrl+C interrupts
|
203
205
|
#
|
204
206
|
# Once an interrupt has been trapped the system pauses and waits
|
205
|
-
# for user input.
|
207
|
+
# for user input.
|
206
208
|
# The user can either continue or exit.
|
207
209
|
#
|
208
210
|
# The interrupt will be handled after a module has finished.
|
@@ -210,7 +212,7 @@ class CLI
|
|
210
212
|
def handle_interrupt
|
211
213
|
return if @interrupt_handler && @interrupt_handler.alive?
|
212
214
|
|
213
|
-
@only_positives_opt =
|
215
|
+
@only_positives_opt = only_positives?
|
214
216
|
@@only_positives = false
|
215
217
|
|
216
218
|
@interrupt_handler = Thread.new {
|
@@ -218,44 +220,33 @@ class CLI
|
|
218
220
|
Thread.new {
|
219
221
|
|
220
222
|
c = gets[0]
|
221
|
-
clear_screen
|
222
|
-
unmute
|
223
|
+
clear_screen
|
224
|
+
unmute
|
223
225
|
case c
|
224
226
|
|
225
227
|
when 'e'
|
226
228
|
@@only_positives = false
|
227
229
|
@interrupt_handler.kill
|
228
|
-
|
229
|
-
print_status( 'Exiting...' )
|
230
|
-
print_info( 'Please wait while the system cleans up.' )
|
231
|
-
|
232
|
-
# kill the audit
|
233
|
-
@audit.exit
|
234
|
-
|
235
|
-
@exit_handler = Thread.new {
|
236
|
-
@arachni.clean_up!( true )
|
237
|
-
@arachni.reports.run( @arachni.audit_store( true ) )
|
238
|
-
print_stats
|
239
|
-
}
|
230
|
+
shutdown
|
240
231
|
|
241
232
|
when 'r'
|
242
|
-
@arachni.reports.run( @arachni.audit_store
|
233
|
+
@arachni.reports.run( @arachni.audit_store )
|
243
234
|
end
|
244
235
|
|
245
236
|
kill_interrupt_handler
|
246
237
|
Thread.exit
|
247
238
|
}
|
248
239
|
|
249
|
-
mute
|
250
|
-
clear_screen
|
240
|
+
mute
|
241
|
+
clear_screen
|
251
242
|
loop do
|
252
243
|
|
253
244
|
print_line( restr, true )
|
254
|
-
move_to_home
|
245
|
+
move_to_home
|
255
246
|
print_info( restr( 'Results thus far:' ), true )
|
256
247
|
|
257
248
|
begin
|
258
|
-
print_issues( @arachni.audit_store
|
249
|
+
print_issues( @arachni.audit_store, true )
|
259
250
|
print_stats( true, true )
|
260
251
|
rescue Exception => e
|
261
252
|
exception_jail{ raise e }
|
@@ -263,29 +254,49 @@ class CLI
|
|
263
254
|
end
|
264
255
|
|
265
256
|
print_info( restr( 'Continue? (hit \'enter\' to continue, \'r\' to generate reports and \'e\' to exit)' ), true )
|
266
|
-
flush
|
257
|
+
flush
|
267
258
|
|
268
259
|
::IO::select( nil, nil, nil, 0.3 )
|
269
260
|
end
|
270
261
|
|
271
|
-
unmute
|
262
|
+
unmute
|
272
263
|
}
|
273
264
|
|
274
265
|
end
|
275
266
|
|
276
|
-
|
267
|
+
#
|
268
|
+
# Handles SIGUSR1 system calls
|
269
|
+
#
|
270
|
+
# It will cause Arachni to create a report and shut down afterwards
|
271
|
+
#
|
272
|
+
def handle_usr1_interrupt
|
273
|
+
print_status 'Received SIGUSR1!'
|
274
|
+
shutdown
|
275
|
+
end
|
276
|
+
|
277
|
+
def shutdown
|
278
|
+
print_status 'Exiting...'
|
279
|
+
print_info 'Please wait while the system cleans up.'
|
277
280
|
|
281
|
+
# kill the audit
|
282
|
+
@audit.exit
|
283
|
+
|
284
|
+
@exit_handler = Thread.new {
|
285
|
+
@arachni.clean_up( true )
|
286
|
+
@arachni.reports.run( @arachni.audit_store )
|
287
|
+
print_stats
|
288
|
+
}
|
289
|
+
end
|
290
|
+
|
291
|
+
def print_issues( audit_store, unmute = false )
|
278
292
|
print_line( restr, unmute )
|
279
|
-
print_info( restr( audit_store.issues.size.
|
280
|
-
' issues have been detected.' ), unmute )
|
293
|
+
print_info( restr( "#{audit_store.issues.size} issues have been detected." ), unmute )
|
281
294
|
|
282
295
|
print_line( restr, unmute )
|
283
296
|
|
284
297
|
issues = audit_store.issues
|
285
298
|
issue_cnt = audit_store.issues.count
|
286
|
-
issues.each.with_index
|
287
|
-
|issue, i|
|
288
|
-
|
299
|
+
issues.each.with_index do |issue, i|
|
289
300
|
input = issue.var ? " input `#{issue.var}`" : ''
|
290
301
|
meth = issue.method ? " using #{issue.method}" : ''
|
291
302
|
cnt = "#{i + 1} |".rjust( issue_cnt.to_s.size + 2 )
|
@@ -294,7 +305,7 @@ class CLI
|
|
294
305
|
" #{issue.elem}#{input}#{meth}." ),
|
295
306
|
unmute
|
296
307
|
)
|
297
|
-
|
308
|
+
end
|
298
309
|
|
299
310
|
print_line( restr, unmute )
|
300
311
|
end
|
@@ -302,38 +313,34 @@ class CLI
|
|
302
313
|
#
|
303
314
|
# It parses and processes the user options.
|
304
315
|
#
|
305
|
-
# Loads modules, reports, saves/loads profiles etc
|
316
|
+
# Loads modules, reports, saves/loads profiles etc.
|
306
317
|
# It basically prepares the framework before calling {Arachni::Framework#run}.
|
307
318
|
#
|
308
|
-
def parse_opts
|
309
|
-
|
319
|
+
def parse_opts
|
310
320
|
if !@opts.repload && !@opts.help
|
311
321
|
|
312
|
-
if
|
313
|
-
print_info
|
314
|
-
print_info
|
322
|
+
if !@opts.mods || @opts.mods.empty?
|
323
|
+
print_info 'No modules were specified.'
|
324
|
+
print_info ' -> Will run all mods.'
|
325
|
+
print_line
|
315
326
|
|
316
|
-
@opts.mods =
|
327
|
+
@opts.mods = '*'
|
317
328
|
end
|
318
329
|
|
319
|
-
if
|
320
|
-
!@opts.audit_forms &&
|
321
|
-
!@opts.audit_cookies &&
|
330
|
+
if !@opts.audit_links && !@opts.audit_forms && !@opts.audit_cookies &&
|
322
331
|
!@opts.audit_headers
|
323
|
-
)
|
324
|
-
print_info( "No audit options were specified." )
|
325
|
-
print_info( " -> Will audit links, forms and cookies." )
|
326
332
|
|
327
|
-
|
328
|
-
|
329
|
-
|
333
|
+
print_info 'No audit options were specified.'
|
334
|
+
print_info ' -> Will audit links, forms and cookies.'
|
335
|
+
print_line
|
336
|
+
|
337
|
+
@opts.audit :links, :forms, :cookies
|
330
338
|
end
|
331
339
|
|
332
340
|
end
|
333
341
|
|
334
|
-
@arachni.plugins.load_defaults
|
335
|
-
@opts.
|
336
|
-
|opt, arg|
|
342
|
+
@arachni.plugins.load_defaults
|
343
|
+
@opts.to_hash.each do |opt, arg|
|
337
344
|
|
338
345
|
case opt.to_s
|
339
346
|
|
@@ -342,13 +349,13 @@ class CLI
|
|
342
349
|
exit 0
|
343
350
|
|
344
351
|
when 'arachni_verbose'
|
345
|
-
verbose
|
352
|
+
verbose
|
346
353
|
|
347
354
|
when 'debug'
|
348
|
-
debug
|
355
|
+
debug
|
349
356
|
|
350
357
|
when 'only_positives'
|
351
|
-
only_positives
|
358
|
+
only_positives
|
352
359
|
|
353
360
|
when 'lsmod'
|
354
361
|
next if arg.empty?
|
@@ -366,7 +373,7 @@ class CLI
|
|
366
373
|
exit 0
|
367
374
|
|
368
375
|
when 'show_profile'
|
369
|
-
print_profile
|
376
|
+
print_profile
|
370
377
|
exit 0
|
371
378
|
|
372
379
|
when 'save_profile'
|
@@ -375,38 +382,58 @@ class CLI
|
|
375
382
|
|
376
383
|
when 'mods'
|
377
384
|
begin
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
385
|
+
@opts.mods = @arachni.modules.load( arg )
|
386
|
+
rescue Exceptions::ComponentNotFound => e
|
387
|
+
print_error e
|
388
|
+
print_info 'Available modules are:'
|
389
|
+
print_info @arachni.modules.available.join( ', ' )
|
390
|
+
print_line
|
391
|
+
print_info 'Use the \'--lsmod\' parameter to see a detailed list of all available modules.'
|
392
|
+
exit 1
|
383
393
|
end
|
384
394
|
|
385
395
|
when 'reports'
|
386
396
|
begin
|
387
|
-
|
388
|
-
rescue
|
389
|
-
|
397
|
+
@arachni.reports.load( arg.keys )
|
398
|
+
rescue Exceptions::ComponentNotFound => e
|
399
|
+
print_error e
|
400
|
+
print_info 'Available reports are:'
|
401
|
+
print_info @arachni.reports.available.join( ', ' )
|
402
|
+
print_line
|
403
|
+
print_info 'Use the \'--lsrep\' parameter to see a detailed list of all available reports.'
|
404
|
+
exit 1
|
390
405
|
end
|
391
406
|
|
392
407
|
when 'plugins'
|
393
408
|
begin
|
394
|
-
|
395
|
-
rescue
|
396
|
-
|
409
|
+
@arachni.plugins.load( arg.keys )
|
410
|
+
rescue Exceptions::ComponentNotFound => e
|
411
|
+
print_error e
|
412
|
+
print_info 'Available plugins are:'
|
413
|
+
print_info @arachni.plugins.available.join( ', ' )
|
414
|
+
print_line
|
415
|
+
print_info 'Use the \'--lsplug\' parameter to see a detailed list of all available plugins.'
|
416
|
+
exit 1
|
397
417
|
end
|
398
418
|
|
399
419
|
when 'repload'
|
400
|
-
|
401
|
-
|
402
|
-
|
420
|
+
begin
|
421
|
+
@arachni.reports.run( AuditStore.load( arg ), false )
|
422
|
+
rescue ::Errno::ENOENT
|
423
|
+
print_error "Report file '#{arg}' doesn't exist."
|
424
|
+
exit 1
|
425
|
+
rescue => e
|
426
|
+
print_error e
|
427
|
+
print_error_backtrace e
|
428
|
+
end
|
429
|
+
exit
|
403
430
|
end
|
404
|
-
|
431
|
+
end
|
405
432
|
|
406
433
|
# Check for missing url
|
407
|
-
if
|
408
|
-
print_error
|
409
|
-
exit
|
434
|
+
if !@opts.url && !@opts.repload
|
435
|
+
print_error 'Missing url argument.'
|
436
|
+
exit 1
|
410
437
|
end
|
411
438
|
|
412
439
|
end
|
@@ -417,61 +444,60 @@ class CLI
|
|
417
444
|
def lsmod
|
418
445
|
print_line
|
419
446
|
print_line
|
420
|
-
print_info
|
447
|
+
print_info 'Available modules:'
|
421
448
|
print_line
|
422
449
|
|
423
450
|
mods = @arachni.lsmod
|
424
451
|
|
425
452
|
i = 0
|
426
|
-
mods.each
|
427
|
-
|
428
|
-
|
429
|
-
print_status( "#{info[:mod_name]}:" )
|
430
|
-
print_line( "--------------------" )
|
453
|
+
mods.each do |info|
|
454
|
+
print_status "#{info[:mod_name]}:"
|
455
|
+
print_line '--------------------'
|
431
456
|
|
432
|
-
print_line
|
433
|
-
print_line
|
457
|
+
print_line "Name:\t\t#{info[:name]}"
|
458
|
+
print_line "Description:\t#{info[:description]}"
|
434
459
|
|
435
|
-
if
|
436
|
-
print_line
|
437
|
-
info[:elements].join( ', ' ).downcase )
|
460
|
+
if info[:elements] && info[:elements].size > 0
|
461
|
+
print_line "Elements:\t#{info[:elements].join( ', ' ).downcase}"
|
438
462
|
end
|
439
463
|
|
440
|
-
print_line
|
441
|
-
print_line
|
464
|
+
print_line "Author:\t\t#{info[:author].join( ", " )}"
|
465
|
+
print_line "Version:\t#{info[:version]}"
|
442
466
|
|
443
|
-
if
|
444
|
-
print_line
|
445
|
-
info[:references].keys.each
|
446
|
-
|
447
|
-
|
448
|
-
}
|
467
|
+
if info[:references]
|
468
|
+
print_line 'References:'
|
469
|
+
info[:references].keys.each do |key|
|
470
|
+
print_info "#{key}\t\t#{info[:references][key]}"
|
471
|
+
end
|
449
472
|
end
|
450
473
|
|
451
474
|
if info[:targets]
|
452
|
-
print_line
|
453
|
-
|
454
|
-
|
455
|
-
|
456
|
-
|
475
|
+
print_line 'Targets:'
|
476
|
+
|
477
|
+
if info[:targets].is_a?( Hash )
|
478
|
+
info[:targets].keys.each do |key|
|
479
|
+
print_info "#{key}\t\t#{info[:targets][key]}"
|
480
|
+
end
|
481
|
+
else
|
482
|
+
info[:targets].each { |target| print_info( target ) }
|
483
|
+
end
|
457
484
|
end
|
458
485
|
|
459
|
-
if
|
460
|
-
|
461
|
-
print_line( "Metasploitable:\t" + sploit )
|
486
|
+
if info[:issue] && sploit = info[:issue][:metasploitable]
|
487
|
+
print_line "Metasploitable:\t#{sploit}"
|
462
488
|
end
|
463
489
|
|
464
|
-
print_line
|
490
|
+
print_line "Path:\t#{info[:path]}"
|
465
491
|
|
466
|
-
i+=1
|
492
|
+
i += 1
|
467
493
|
|
468
494
|
# pause every 3 modules to give the user time to read
|
469
495
|
# (cheers to aungkhant@yehg.net for suggesting it)
|
470
|
-
if
|
496
|
+
if i % 3 == 0 && i != mods.size
|
471
497
|
print_line
|
472
|
-
print_line
|
498
|
+
print_line 'Hit <space> <enter> to continue, any other key to exit. '
|
473
499
|
|
474
|
-
if gets[0] !=
|
500
|
+
if gets[0] != ' '
|
475
501
|
print_line
|
476
502
|
return
|
477
503
|
end
|
@@ -479,7 +505,7 @@ class CLI
|
|
479
505
|
end
|
480
506
|
|
481
507
|
print_line
|
482
|
-
|
508
|
+
end
|
483
509
|
|
484
510
|
end
|
485
511
|
|
@@ -489,39 +515,35 @@ class CLI
|
|
489
515
|
def lsrep
|
490
516
|
print_line
|
491
517
|
print_line
|
492
|
-
print_info
|
518
|
+
print_info 'Available reports:'
|
493
519
|
print_line
|
494
520
|
|
495
|
-
@arachni.lsrep
|
496
|
-
|
521
|
+
@arachni.lsrep.each do |info|
|
522
|
+
print_status "#{info[:rep_name]}:"
|
523
|
+
print_line '--------------------'
|
497
524
|
|
498
|
-
|
499
|
-
print_line
|
525
|
+
print_line "Name:\t\t#{info[:name]}"
|
526
|
+
print_line "Description:\t#{info[:description]}"
|
500
527
|
|
501
|
-
|
502
|
-
print_line( "Description:\t" + info[:description] )
|
503
|
-
|
504
|
-
if( info[:options] && !info[:options].empty? )
|
528
|
+
if info[:options] && !info[:options].empty?
|
505
529
|
print_line( "Options:\t" )
|
506
530
|
|
507
|
-
info[:options].each
|
508
|
-
|
509
|
-
print_info
|
510
|
-
print_info
|
511
|
-
print_info
|
512
|
-
print_info( "\tRequired?: #{option.required?}" )
|
531
|
+
info[:options].each do |option|
|
532
|
+
print_info "\t#{option.name} - #{option.desc}"
|
533
|
+
print_info "\tType: #{option.type}"
|
534
|
+
print_info "\tDefault: #{option.default}"
|
535
|
+
print_info "\tRequired?: #{option.required?}"
|
513
536
|
|
514
|
-
print_line
|
515
|
-
|
537
|
+
print_line
|
538
|
+
end
|
516
539
|
end
|
517
540
|
|
518
|
-
print_line
|
519
|
-
print_line
|
520
|
-
print_line
|
541
|
+
print_line "Author:\t\t#{info[:author].join( ", " )}"
|
542
|
+
print_line "Version:\t#{info[:version] }"
|
543
|
+
print_line "Path:\t#{info[:path]}"
|
521
544
|
|
522
545
|
print_line
|
523
|
-
|
524
|
-
|
546
|
+
end
|
525
547
|
end
|
526
548
|
|
527
549
|
#
|
@@ -530,39 +552,35 @@ class CLI
|
|
530
552
|
def lsplug
|
531
553
|
print_line
|
532
554
|
print_line
|
533
|
-
print_info
|
555
|
+
print_info 'Available plugins:'
|
534
556
|
print_line
|
535
557
|
|
536
|
-
@arachni.lsplug
|
537
|
-
|
538
|
-
|
539
|
-
print_status( "#{info[:plug_name]}:" )
|
540
|
-
print_line( "--------------------" )
|
558
|
+
@arachni.lsplug.each do |info|
|
559
|
+
print_status "#{info[:plug_name]}:"
|
560
|
+
print_line '--------------------'
|
541
561
|
|
542
|
-
print_line
|
543
|
-
print_line
|
562
|
+
print_line "Name:\t\t#{info[:name]}"
|
563
|
+
print_line "Description:\t#{info[:description]}"
|
544
564
|
|
545
|
-
if
|
546
|
-
print_line
|
565
|
+
if info[:options] && !info[:options].empty?
|
566
|
+
print_line "Options:\t"
|
547
567
|
|
548
|
-
info[:options].each
|
549
|
-
|
550
|
-
print_info
|
551
|
-
print_info
|
552
|
-
print_info
|
553
|
-
print_info( "\tRequired?: #{option.required?}" )
|
568
|
+
info[:options].each do |option|
|
569
|
+
print_info "\t#{option.name} - #{option.desc}"
|
570
|
+
print_info "\tType: #{option.type}"
|
571
|
+
print_info "\tDefault: #{option.default}"
|
572
|
+
print_info "\tRequired?: #{option.required?}"
|
554
573
|
|
555
|
-
print_line
|
556
|
-
|
574
|
+
print_line
|
575
|
+
end
|
557
576
|
end
|
558
577
|
|
559
|
-
print_line
|
560
|
-
print_line
|
561
|
-
print_line
|
578
|
+
print_line "Author:\t\t#{info[:author].join( ', ' )}"
|
579
|
+
print_line "Version:\t#{info[:version]}"
|
580
|
+
print_line "Path:\t#{info[:path]}"
|
562
581
|
|
563
582
|
print_line
|
564
|
-
|
565
|
-
|
583
|
+
end
|
566
584
|
end
|
567
585
|
|
568
586
|
|
@@ -570,43 +588,39 @@ class CLI
|
|
570
588
|
# Loads an Arachni Framework Profile file and merges it with the
|
571
589
|
# user supplied options.
|
572
590
|
#
|
573
|
-
# @param [String]
|
591
|
+
# @param [Array<String>] profiles the files to load
|
574
592
|
#
|
575
593
|
def load_profile( profiles )
|
576
594
|
exception_jail{
|
577
595
|
@opts.load_profile = nil
|
578
|
-
profiles.each {
|
579
|
-
|filename|
|
580
|
-
@opts.merge!( @opts.load( filename ) )
|
581
|
-
}
|
596
|
+
profiles.each { |filename| @opts.merge!( @opts.load( filename ) ) }
|
582
597
|
}
|
583
598
|
end
|
584
599
|
|
585
600
|
#
|
586
|
-
# Saves options to an Arachni Framework Profile file
|
601
|
+
# Saves options to an Arachni Framework Profile file.
|
587
602
|
# The file will be appended with the {PROFILE_EXT} extension.
|
588
603
|
#
|
589
604
|
# @param [String] filename
|
590
605
|
#
|
591
606
|
def save_profile( filename )
|
592
|
-
|
593
607
|
if filename = @opts.save( filename )
|
594
|
-
print_status
|
595
|
-
print_line
|
608
|
+
print_status "Saved profile in '#{filename}'."
|
609
|
+
print_line
|
596
610
|
else
|
597
|
-
banner
|
598
|
-
print_error
|
611
|
+
banner
|
612
|
+
print_error 'Could not save profile.'
|
599
613
|
exit 0
|
600
614
|
end
|
601
615
|
end
|
602
616
|
|
603
|
-
def print_profile
|
604
|
-
print_info
|
605
|
-
print_info
|
617
|
+
def print_profile
|
618
|
+
print_info 'Running profile:'
|
619
|
+
print_info @opts.to_args
|
606
620
|
end
|
607
621
|
|
608
622
|
#
|
609
|
-
# Outputs Arachni banner
|
623
|
+
# Outputs Arachni banner.
|
610
624
|
# Displays version number, revision number, author details etc.
|
611
625
|
#
|
612
626
|
# @see VERSION
|
@@ -615,22 +629,13 @@ class CLI
|
|
615
629
|
# @return [void]
|
616
630
|
#
|
617
631
|
def banner
|
618
|
-
|
619
|
-
print_line 'Arachni - Web Application Security Scanner Framework v' +
|
620
|
-
@arachni.version + ' [' + @arachni.revision + ']
|
621
|
-
Author: Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
622
|
-
<zapotek@segfault.gr>
|
623
|
-
(With the support of the community and the Arachni Team.)
|
624
|
-
|
625
|
-
Website: http://arachni.segfault.gr - http://github.com/Zapotek/arachni
|
626
|
-
Documentation: http://github.com/Zapotek/arachni/wiki'
|
632
|
+
print_line BANNER
|
627
633
|
print_line
|
628
634
|
print_line
|
629
|
-
|
630
635
|
end
|
631
636
|
|
632
637
|
#
|
633
|
-
# Outputs help/usage information
|
638
|
+
# Outputs help/usage information.
|
634
639
|
# Displays supported options and parameters.
|
635
640
|
#
|
636
641
|
# @return [void]
|
@@ -645,171 +650,199 @@ class CLI
|
|
645
650
|
General ----------------------
|
646
651
|
|
647
652
|
-h
|
648
|
-
--help
|
653
|
+
--help Output this.
|
649
654
|
|
650
|
-
-v
|
655
|
+
-v Be verbose.
|
651
656
|
|
652
|
-
--debug
|
657
|
+
--debug Show what is happening internally.
|
653
658
|
(You should give it a shot sometime ;) )
|
654
659
|
|
655
|
-
--only-positives
|
660
|
+
--only-positives Echo positive results *only*.
|
656
661
|
|
657
|
-
--http-req-limit
|
658
|
-
(Be careful not to kill your server.)
|
662
|
+
--http-req-limit=<integer> Concurrent HTTP requests limit.
|
659
663
|
(Default: #{@opts.http_req_limit})
|
664
|
+
(Be careful not to kill your server.)
|
660
665
|
(*NOTE*: If your scan seems unresponsive try lowering the limit.)
|
661
666
|
|
662
|
-
--http-
|
663
|
-
|
664
|
-
|
665
|
-
(Default: responses will be harvested for each page)
|
666
|
-
(*NOTE*: If you are scanning a high-end server and
|
667
|
-
you are using a powerful machine with enough bandwidth
|
668
|
-
*and* you feel dangerous you can use
|
669
|
-
this flag with an increased '--http-req-limit'
|
670
|
-
to get maximum performance out of your scan.)
|
671
|
-
(*WARNING*: When scanning large websites with hundreds
|
672
|
-
of pages this could eat up all your memory pretty quickly.)
|
667
|
+
--http-timeout=<integer> HTTP request timeout in milliseconds.
|
668
|
+
|
669
|
+
--cookie-jar=<filepath> Netscape HTTP cookie file, use curl to create it.
|
673
670
|
|
674
|
-
--cookie-
|
671
|
+
--cookie-string='<name>=<value>; <name2>=<value2>'
|
675
672
|
|
673
|
+
Cookies, as a string, to be sent to the web application.
|
676
674
|
|
677
|
-
--user-agent=<
|
675
|
+
--user-agent=<string> Specify user agent.
|
678
676
|
|
679
677
|
--custom-header='<name>=<value>'
|
680
678
|
|
681
|
-
|
679
|
+
Specify custom headers to be included in the HTTP requests.
|
682
680
|
(Can be used multiple times.)
|
683
681
|
|
684
|
-
--authed-by=<
|
682
|
+
--authed-by=<string> Who authorized the scan, include name and e-mail address.
|
685
683
|
(It'll make it easier on the sys-admins during log reviews.)
|
686
684
|
(Will be appended to the user-agent string.)
|
687
685
|
|
686
|
+
--login-check-url=<url> A URL used to verify that the scanner is still logged in to the web application.
|
687
|
+
(Requires 'login-check-pattern'.)
|
688
|
+
|
689
|
+
--login-check-pattern=<regexp>
|
690
|
+
|
691
|
+
A pattern used against the body of the 'login-check-url' to verify that the scanner is still logged in to the web application.
|
692
|
+
(Requires 'login-check-url'.)
|
688
693
|
|
689
694
|
Profiles -----------------------
|
690
695
|
|
691
|
-
--save-profile=<
|
696
|
+
--save-profile=<filepath> Save the current run profile/options to <filepath>.
|
692
697
|
|
693
|
-
--load-profile=<
|
698
|
+
--load-profile=<filepath> Load a run profile from <filepath>.
|
694
699
|
(Can be used multiple times.)
|
695
700
|
(You can complement it with more options, except for:
|
696
|
-
* --
|
701
|
+
* --modules
|
697
702
|
* --redundant)
|
698
703
|
|
699
|
-
--show-profile
|
704
|
+
--show-profile Will output the running profile as CLI arguments.
|
700
705
|
|
701
706
|
|
702
707
|
Crawler -----------------------
|
703
708
|
|
704
|
-
-e <
|
705
|
-
--exclude=<
|
709
|
+
-e <regexp>
|
710
|
+
--exclude=<regexp> Exclude urls matching <regexp>.
|
706
711
|
(Can be used multiple times.)
|
707
712
|
|
708
|
-
-i <
|
709
|
-
--include=<
|
713
|
+
-i <regexp>
|
714
|
+
--include=<regexp> Include *only* urls matching <regex>.
|
710
715
|
(Can be used multiple times.)
|
711
716
|
|
712
|
-
--redundant=<
|
713
|
-
|
717
|
+
--redundant=<regexp>:<limit>
|
718
|
+
|
719
|
+
Limit crawl on redundant pages like galleries or catalogs.
|
720
|
+
(URLs matching <regexp> will be crawled <limit> amount of times.)
|
714
721
|
(Can be used multiple times.)
|
715
722
|
|
716
|
-
-
|
717
|
-
|
723
|
+
--auto-redundant=<limit> Only follow <limit> amount of URLs with identical query parameter names.
|
724
|
+
(Default: inf)
|
725
|
+
(Will default to 10 if no value has been specified.)
|
718
726
|
|
719
|
-
|
727
|
+
-f
|
728
|
+
--follow-subdomains Follow links to subdomains.
|
729
|
+
(Default: off)
|
720
730
|
|
721
|
-
--depth=<
|
731
|
+
--depth=<integer> Directory depth limit.
|
732
|
+
(Default: inf)
|
722
733
|
(How deep Arachni should go into the site structure.)
|
723
734
|
|
724
|
-
--link-count=<
|
735
|
+
--link-count=<integer> How many links to follow.
|
736
|
+
(Default: inf)
|
725
737
|
|
726
|
-
--redirect-limit=<
|
738
|
+
--redirect-limit=<integer> How many redirects to follow.
|
739
|
+
(Default: #{@opts.redirect_limit})
|
727
740
|
|
728
|
-
--extend-paths=<
|
741
|
+
--extend-paths=<filepath> Add the paths in <file> to the ones discovered by the crawler.
|
729
742
|
(Can be used multiple times.)
|
730
743
|
|
731
|
-
--restrict-paths=<
|
744
|
+
--restrict-paths=<filepath> Use the paths in <file> instead of crawling.
|
732
745
|
(Can be used multiple times.)
|
733
746
|
|
734
747
|
|
735
748
|
Auditor ------------------------
|
736
749
|
|
737
750
|
-g
|
738
|
-
--audit-links
|
751
|
+
--audit-links Audit links.
|
739
752
|
|
740
753
|
-p
|
741
|
-
--audit-forms
|
742
|
-
(usually POST, can also be GET)
|
754
|
+
--audit-forms Audit forms.
|
743
755
|
|
744
756
|
-c
|
745
|
-
--audit-cookies
|
757
|
+
--audit-cookies Audit cookies.
|
758
|
+
|
759
|
+
--exclude-cookie=<name> Cookie to exclude from the audit by name.
|
760
|
+
(Can be used multiple times.)
|
746
761
|
|
747
|
-
--exclude-
|
748
|
-
(You should exclude session cookies.)
|
762
|
+
--exclude-vector=<name> Input vector (parameter) not to audit by name.
|
749
763
|
(Can be used multiple times.)
|
750
764
|
|
751
|
-
--audit-headers
|
765
|
+
--audit-headers Audit HTTP headers.
|
752
766
|
(*NOTE*: Header audits use brute force.
|
753
767
|
Almost all valid HTTP request headers will be audited
|
754
768
|
even if there's no indication that the web app uses them.)
|
755
769
|
(*WARNING*: Enabling this option will result in increased requests,
|
756
770
|
maybe by an order of magnitude.)
|
757
771
|
|
772
|
+
Coverage -----------------------
|
773
|
+
|
774
|
+
--audit-cookies-extensively Submit all links and forms of the page along with the cookie permutations.
|
775
|
+
(*WARNING*: This will severely increase the scan-time.)
|
776
|
+
|
777
|
+
--fuzz-methods Audit links, forms and cookies using both GET and POST requests.
|
778
|
+
(*WARNING*: This will severely increase the scan-time.)
|
779
|
+
|
780
|
+
--exclude-binaries Exclude non text-based pages from the audit.
|
781
|
+
(Binary content can confuse recon modules that perform pattern matching.)
|
758
782
|
|
759
783
|
Modules ------------------------
|
760
784
|
|
761
|
-
--lsmod=<regexp>
|
785
|
+
--lsmod=<regexp> List available modules based on the provided regular expression.
|
762
786
|
(If no regexp is provided all modules will be listed.)
|
763
787
|
(Can be used multiple times.)
|
764
788
|
|
765
789
|
|
766
790
|
-m <modname,modname..>
|
767
|
-
--
|
768
|
-
|
769
|
-
|
770
|
-
|
791
|
+
--modules=<modname,modname..>
|
792
|
+
|
793
|
+
Comma separated list of modules to load.
|
794
|
+
(Modules are referenced by their filename without the '.rb' extension, use '--lsmod' to list all.
|
795
|
+
Use '*' as a module name to deploy all modules or as a wildcard, like so:
|
796
|
+
xss* to load all xss modules
|
797
|
+
sqli* to load all sql injection modules
|
771
798
|
etc.
|
772
799
|
|
773
|
-
You can exclude modules by prefixing their name with a
|
774
|
-
--
|
800
|
+
You can exclude modules by prefixing their name with a minus sign:
|
801
|
+
--modules=*,-backup_files,-xss
|
775
802
|
The above will load all modules except for the 'backup_files' and 'xss' modules.
|
776
803
|
|
777
804
|
Or mix and match:
|
778
|
-
-
|
805
|
+
-xss* to unload all xss modules.)
|
779
806
|
|
780
807
|
|
781
808
|
Reports ------------------------
|
782
809
|
|
783
|
-
--lsrep
|
810
|
+
--lsrep=<regexp> List available reports based on the provided regular expression.
|
811
|
+
(If no regexp is provided all reports will be listed.)
|
812
|
+
(Can be used multiple times.)
|
784
813
|
|
785
|
-
--repload=<
|
814
|
+
--repload=<filepath> Load audit results from an '.afr' report file.
|
786
815
|
(Allows you to create new reports from finished scans.)
|
787
816
|
|
788
817
|
--report='<report>:<optname>=<val>,<optname2>=<val2>,...'
|
789
818
|
|
790
|
-
|
791
|
-
|
792
|
-
|
819
|
+
<report>: the name of the report as displayed by '--lsrep'
|
820
|
+
(Reports are referenced by their filename without the '.rb' extension, use '--lsrep' to list all.)
|
821
|
+
(Default: stdout)
|
822
|
+
(Can be used multiple times.)
|
793
823
|
|
794
824
|
|
795
825
|
Plugins ------------------------
|
796
826
|
|
797
|
-
--lsplug
|
827
|
+
--lsplug=<regexp> List available plugins based on the provided regular expression.
|
828
|
+
(If no regexp is provided all plugins will be listed.)
|
829
|
+
(Can be used multiple times.)
|
798
830
|
|
799
831
|
--plugin='<plugin>:<optname>=<val>,<optname2>=<val2>,...'
|
800
832
|
|
801
|
-
|
802
|
-
|
833
|
+
<plugin>: the name of the plugin as displayed by '--lsplug'
|
834
|
+
(Plugins are referenced by their filename without the '.rb' extension, use '--lsplug' to list all.)
|
835
|
+
(Can be used multiple times.)
|
803
836
|
|
804
837
|
|
805
838
|
Proxy --------------------------
|
806
839
|
|
807
|
-
--proxy=<server:port>
|
840
|
+
--proxy=<server:port> Proxy address to use.
|
808
841
|
|
809
|
-
--proxy-auth=<user:passwd>
|
842
|
+
--proxy-auth=<user:passwd> Proxy authentication credentials.
|
810
843
|
|
811
|
-
--proxy-type=<type>
|
812
|
-
|
844
|
+
--proxy-type=<type> Proxy type; can be http, http_1_0, socks4, socks5, socks4a
|
845
|
+
(Default: http)
|
813
846
|
|
814
847
|
|
815
848
|
USAGE
|