arachni 0.4.0.4 → 0.4.1

data/plugins/defaults/resolver.rb

@@ -1,23 +1,25 @@
 =begin
-                  Arachni
-  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
 
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
 
-=end
+        http://www.apache.org/licenses/LICENSE-2.0
 
-module Arachni
-module Plugins
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
 
 #
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @author Tasos "Zapotek" Laskos<tasos.laskos@gmail.com>
+#
+# @version 0.1.1
 #
-class Resolver < Arachni::Plugin::Base
+class Arachni::Plugins::Resolver < Arachni::Plugin::Base
 
     def prepare
         wait_while_framework_running
@@ -27,29 +29,32 @@ class Resolver < Arachni::Plugin::Base
         print_status 'Resolving hostnames...'
 
         host_to_ipaddress = {}
-        @framework.audit_store.deep_clone.issues.each_with_index {
-            |issue|
-            exception_jail( false ) {
-                host = URI( issue.url ).host
+        framework.auditstore.issues.each_with_index do |issue|
+            uri = uri_parse( issue.url.dup )
+            next if !uri
+
+            host = uri.host
+
+            begin
                 host_to_ipaddress[host] ||= ::IPSocket.getaddress( host )
-            }
-        }
-        print_status 'Done!'
+            rescue
+                print_bad "Could not resolve #{host}."
+                next
+            end
+        end
 
+        print_status 'Done!'
         register_results( host_to_ipaddress )
     end
 
     def self.info
         {
-            :name           => 'Resolver',
-            :description    => %q{Resolves vulnerable hostnames to IP addresses.},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            :tags           => [ 'ip address', 'hostname' ],
-            :version        => '0.1'
+            name:        'Resolver',
+            description: %q{Resolves vulnerable hostnames to IP addresses.},
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            tags:        [ 'ip address', 'hostname' ],
+            version:     '0.1.1'
         }
     end
 
 end
-
-end
-end

data/plugins/email_notify.rb

@@ -1,66 +1,70 @@
 =begin
-                  Arachni
-  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
 
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
 
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
 =end
 
-module Arachni
-module Plugins
+require 'pony'
 
 #
 # Uses the Pony gem send a notification (and optionally report) at the end
 # of the scan over SMTP.
 #
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+#
+# @version 0.1.2
 #
-class EmailNotify < Arachni::Plugin::Base
+class Arachni::Plugins::EmailNotify < Arachni::Plugin::Base
 
     def run
         wait_while_framework_running
+        @auditstore = framework.auditstore
     end
 
     def clean_up
-        issue_cnt = @framework.audit_store.issues.size
-        time      = @framework.audit_store.delta_time
-        url       = @framework.opts.url
+        issue_cnt = @auditstore.issues.size
+        time      = @auditstore.delta_time
+        url       = framework.opts.url
 
         opts = {
-            :subject => "Scan for #{url} finished in #{time}",
-            :body    => "Found #{issue_cnt} unique issues.",
-            :to      => @options['to'],
-            :cc      => @options['cc'],
-            :bcc     => @options['bcc'],
-            :from    => @options['from'],
-            :via => :smtp,
-            :via_options => {
-                :address              => @options['server_address'],
-                :port                 => @options['server_port'],
-                :enable_starttls_auto => @options['tls'],
-                :user_name            => @options['username'],
-                :password             => @options['password'],
-                :authentication       => !@options['authentication'].empty? ? @options['authentication'].to_sym : nil,
-                :domain               => "localhost.localdomain"
+            subject:     "Scan for #{url} finished in #{time}",
+            body:        "Found #{issue_cnt} unique issues.",
+            to:          options['to'],
+            cc:          options['cc'],
+            bcc:         options['bcc'],
+            from:        options['from'],
+            via:         :smtp,
+            via_options: {
+                address:              options['server_address'],
+                port:                 options['server_port'],
+                enable_starttls_auto: options['tls'],
+                user_name:            options['username'],
+                password:             options['password'],
+                authentication:       !options['authentication'].empty? ? options['authentication'].to_sym : nil,
+                domain:               "localhost.localdomain"
             }
         }
 
-        if @options['report'] != 'none'
-            report = @framework.reports[ @options['report'] ]
+        if options['report'] != 'none'
+            report = framework.reports[ options['report'] ]
 
             rep_opts = {}
-            report.info[:options].each {
-                |opt|
+            report.info[:options].each do |opt|
                 rep_opts[opt.name] = opt.default if opt.default
-            }
+            end
 
-            rep_opts['outfile'] = 'scan_report.' + @options['report']
-            report.new( @framework.audit_store( true ), rep_opts ).run
+            rep_opts['outfile'] = 'scan_report.' + options['report']
+            report.new( @auditstore, rep_opts ).run
 
             opts[:attachments] = {
                 rep_opts['outfile'] => File.read( rep_opts['outfile'] )
@@ -69,40 +73,34 @@ class EmailNotify < Arachni::Plugin::Base
             FileUtils.rm( rep_opts['outfile'] )
         end
 
-        print_status( 'Sending the notification...' )
+        print_status 'Sending the notification...'
+
         Pony.mail( opts )
-        print_status( 'Done.' )
-    end
 
-    def self.gems
-        [ 'pony' ]
+        print_status 'Done.'
     end
 
     def self.info
         {
-            :name           => 'E-mail notify',
-            :description    => %q{Sends a notification (and optionally a report) over SMTP
-                at the end of the scan.},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            :version        => '0.1',
-            :options        => [
-                Arachni::OptString.new( 'to', [ true, 'E-mail address of the receiver.' ] ),
-                Arachni::OptString.new( 'cc', [ false, 'E-mail address to which to send a carbon copy of the notification.' ] ),
-                Arachni::OptString.new( 'bcc', [ false, 'E-mail address for a blind carbon copy.' ] ),
-                Arachni::OptString.new( 'from', [ true, 'E-mail address of the sender.' ] ),
-                Arachni::OptAddress.new( 'server_address', [ true, 'Address of the SMTP server to use.' ] ),
-                Arachni::OptPort.new( 'server_port', [ true, 'SMTP port.' ] ),
-                Arachni::OptBool.new( 'tls', [ false, 'Use TLS/SSL?.' ] ),
-                Arachni::OptString.new( 'username', [ true, 'SMTP username.' ] ),
-                Arachni::OptString.new( 'password', [ true, 'SMTP password.' ] ),
-                Arachni::OptString.new( 'authentication', [ false, 'Authentication.', 'plain', [ 'plain', 'login', 'cram_md5', '' ] ] ),
-                Arachni::OptEnum.new( 'report', [ false, 'Report type to send as an attachment.', 'txt', [ 'txt', 'xml', 'html', 'json', 'yaml', 'marshal' 'none' ] ] )
+            name: 'E-mail notify',
+            description: %q{Sends a notification (and optionally a report) over SMTP at the end of the scan.},
+            author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            version: '0.1.2',
+            options: [
+                Options::String.new( 'to', [true, 'E-mail address of the receiver.'] ),
+                Options::String.new( 'cc', [false, 'E-mail address to which to send a carbon copy of the notification.'] ),
+                Options::String.new( 'bcc', [false, 'E-mail address for a blind carbon copy.'] ),
+                Options::String.new( 'from', [true, 'E-mail address of the sender.'] ),
+                Options::Address.new( 'server_address', [true, 'Address of the SMTP server to use.'] ),
+                Options::Port.new( 'server_port', [true, 'SMTP port.'] ),
+                Options::Bool.new( 'tls', [false, 'Use TLS/SSL?.'] ),
+                Options::String.new( 'username', [true, 'SMTP username.'] ),
+                Options::String.new( 'password', [true, 'SMTP password.'] ),
+                Options::String.new( 'authentication', [false, 'Authentication.', 'plain', ['plain', 'login', 'cram_md5', '']] ),
+                Options::Enum.new( 'report', [false, 'Report type to send as an attachment.', 'txt', ['txt', 'xml', 'html', 'json', 'yaml', 'marshal' 'none']] )
             ]
 
         }
     end
 
 end
-
-end
-end

data/plugins/form_dicattack.rb

@@ -1,177 +1,123 @@
 =begin
-                  Arachni
-  Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
 
-  This is free software; you can copy and distribute and modify
-  this program under the term of the GPL v2.0 License
-  (See LICENSE file for details)
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
 
-=end
+        http://www.apache.org/licenses/LICENSE-2.0
 
-module Arachni
-module Plugins
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
 
 #
-# @author: Tasos "Zapotek" Laskos
-#                                      <tasos.laskos@gmail.com>
-#                                      <zapotek@segfault.gr>
-# @version: 0.1
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
 #
-class FormDicattack < Arachni::Plugin::Base
-
-    attr_accessor :http
+# @version 0.1.4
+#
+class Arachni::Plugins::FormDicattack < Arachni::Plugin::Base
 
     def prepare
-        # disable spidering and the subsequent audit
-        # @framework.opts.link_count_limit = 0
+        # disable crawling and the subsequent audit
+        # framework.opts.link_count_limit = 0
 
         # don't scan the website just yet
-        @framework.pause!
-        print_info( "System paused." )
+        framework.pause
+        print_info 'System paused.'
 
-        @url     = @framework.opts.url.to_s
-        @users   = File.read( @options['username_list'] ).split( "\n" )
-        @passwds = File.read( @options['password_list'] ).split( "\n" )
-        @user_field   = @options['username_field']
-        @passwd_field = @options['password_field']
-        @verifier     = Regexp.new( @options['login_verifier'] )
+        @url = framework.opts.url
 
-        # we need to declare this in order to pass ourselves
-        # as the auditor to the form later in order to submit it.
-        @http = @framework.http
+        @users   = File.read( options['username_list'] ).split( "\n" )
+        @passwds = File.read( options['password_list'] ).split( "\n" )
+
+        @user_field   = options['username_field']
+        @passwd_field = options['password_field']
+
+        @verifier = Regexp.new( options['login_verifier'] )
 
         @found = false
     end
 
     def run
-
-        if !form = login_form
-            print_bad( 'Could not find a form suiting the provided params at: ' +
-                @url )
+        form = session.find_login_form( url: @url, inputs: [ @user_field, @passwd_field ] )
+        if !form
+            print_bad "Could not find a form suiting the provided params at: #{@url }"
             return
         end
 
         name = form.raw['attrs']['name'] ? form.raw['attrs']['name'] : '<n/a>'
-        print_status( "Found log-in form with name: "  + name )
+        print_status "Found log-in form with name: #{name}"
 
-        print_status( "Building the request queue..." )
+        print_status 'Building the request queue...'
 
         total_req = @users.size * @passwds.size
-        print_status( "Number of requests to be transmitted: #{total_req}" )
+        print_status "Number of requests to be transmitted: #{total_req}"
 
-        # register us as the auditor
-        form.auditor( self )
-        @users.each {
-            |user|
-            @passwds.each {
-                |pass|
+        # we need a clean cookie slate for each request
+        opts = {
+            no_cookiejar:    true,
+            update_cookies:  true,
+            follow_location: false
+        }
 
-                params = {
-                    @user_field     => user,
-                    @passwd_field   => pass
-                }
+        @users.each do |user|
+            @passwds.each do |pass|
 
                 # merge the input fields of the form with our own params
-                form.auditable.merge!( params.dup )
-
-                # we need a clean cookie slate for each request
-                opts = {
-                    :headers => {
-                        'cookie'  => ''
-                    },
-                    :update_cookies => true
-                }
-                form.submit( opts ).on_complete {
-                    |res|
-
+                form.update( @user_field => user, @passwd_field => pass )
+                form.submit( opts ) do |res|
                     next if @found
 
-                    print_status( "#{@user_field}: '#{res.request.params[@user_field]}'" +
-                        " -- #{@passwd_field}: '#{res.request.params[@passwd_field]}'" )
+                    print_status "#{@user_field}: '#{res.request.params[@user_field]}'" +
+                        " -- #{@passwd_field}: '#{res.request.params[@passwd_field]}'"
 
                     next if !res.body.match( @verifier )
 
                     @found = true
 
-                    print_ok( "Found a match. #{@user_field}: '#{res.request.params[@user_field]}'" +
-                        " -- #{@passwd_field}: '#{res.request.params[@passwd_field]}'" )
+                    print_ok "Found a match -- #{@user_field}: '#{res.request.params[@user_field]}'" +
+                        " -- #{@passwd_field}: '#{res.request.params[@passwd_field]}'"
 
                     # register our findings...
-                    register_results( { :username => user, :password => pass } )
-                    clean_up
-
-                    raise "Stopping the attack."
-                }
-
-            }
-        }
+                    register_results( username: user, password: pass )
+                    http.abort
+                end
 
-        print_status( "Waiting for the requests to complete..." )
-        @http.run
-        print_bad( "Couldn't find a match." )
+            end
+        end
 
+        print_status 'Waiting for the requests to complete...'
+        http_run
+        print_bad 'Couldn\'t find a match.' if !@found
     end
 
     def clean_up
-        # abort the rest of the queued requests
-        @http.abort
-
         # continue with the scan
-        @framework.resume!
-    end
-
-    def login_form
-        # grab the page containing the login form
-        res  = @http.get( @url, :async => false ).response
-
-        # parse the response as a Page object
-        page = Arachni::Parser.new( @framework.opts, res ).run
-
-        # find the login form
-        form = nil
-        page.forms.each {
-            |cform|
-            form = cform if login_form?( cform )
-        }
-
-        return form
+        framework.resume
     end
 
-
-    def login_form?( form )
-        avail    = form.auditable.keys
-        provided = [ @user_field, @passwd_field ]
-
-        provided.each {
-            |name|
-            return false if !avail.include?( name )
-        }
-
-        return true
-    end
-
-
     def self.info
         {
-            :name           => 'Form dictionary attacker',
-            :description    => %q{Uses wordlists to crack login forms.
+            name:        'Form dictionary attacker',
+            description: %q{Uses wordlists to crack login forms.
                 If the cracking process is successful the found credentials will be set
                 framework-wide and used for the duration of the audit.
                 If that's not what you want set the crawler's link-count limit to "0".},
-            :author         => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
-            :version        => '0.1',
-            :options        => [
-                Arachni::OptPath.new( 'username_list', [ true, 'File with a list of usernames (newline separated).' ] ),
-                Arachni::OptPath.new( 'password_list', [ true, 'File with a list of passwords (newline separated).' ] ),
-                Arachni::OptString.new( 'username_field', [ true, 'The name of the username form field.'] ),
-                Arachni::OptString.new( 'password_field', [ true, 'The name of the password form field.'] ),
-                Arachni::OptString.new( 'login_verifier', [ true, 'A string that will be used to verify a successful login.
-                    For example, if a logout link only appears when a user is logged in then it can be a perfect choice.'] ),
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
+            version:     '0.1.4',
+            options:     [
+                Options::Path.new( 'username_list', [true, 'File with a list of usernames (newline separated).'] ),
+                Options::Path.new( 'password_list', [true, 'File with a list of passwords (newline separated).'] ),
+                Options::String.new( 'username_field', [true, 'The name of the username form field.'] ),
+                Options::String.new( 'password_field', [true, 'The name of the password form field.'] ),
+                Options::String.new( 'login_verifier', [true, 'A regular expression which will be used to verify a successful login.
+                    For example, if a logout link only appears when a user is logged in then it can be a perfect choice.'] )
             ]
         }
     end
 
 end
-
-end
-end