arachni 0.4.0.4 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/ACKNOWLEDGMENTS.md +2 -2
- data/AUTHORS.md +1 -4
- data/CHANGELOG.md +102 -3
- data/CONTRIBUTORS.md +4 -1
- data/EXPLOITATION.md +6 -6
- data/Gemfile +3 -0
- data/HACKING.md +29 -10
- data/LICENSE.md +176 -339
- data/NOTICE +12 -0
- data/README.md +160 -119
- data/Rakefile +83 -45
- data/arachni.gemspec +124 -0
- data/bin/arachni +14 -8
- data/bin/arachni_console +52 -0
- data/bin/arachni_rpc +14 -8
- data/bin/arachni_rpcd +15 -9
- data/bin/arachni_rpcd_monitor +14 -8
- data/bin/arachni_script +41 -0
- data/bin/arachni_web +18 -19
- data/bin/arachni_web_autostart +17 -18
- data/external/metasploit/plugins/arachni.rb +7 -9
- data/external/metasploit/{LICENSE → plugins/arachni/LICENSE} +0 -0
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_exec.rb +1 -1
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_path_traversal.rb +2 -2
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_php_eval.rb +1 -1
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_php_include.rb +1 -1
- data/external/metasploit/{modules → plugins/arachni/modules}/exploits/unix/webapp/arachni_sqlmap.rb +2 -2
- data/external/scripts/LICENSE.tpl +174 -0
- data/external/scripts/README.md +95 -0
- data/external/scripts/README.tpl +30 -0
- data/external/scripts/build.sh +631 -0
- data/external/scripts/build_all.sh +29 -0
- data/external/scripts/build_and_package.sh +100 -0
- data/external/scripts/cross_build_and_package.sh +20 -0
- data/external/scripts/installer.sh.tpl +166 -0
- data/external/scripts/lib/readlink_f.sh +40 -0
- data/external/scripts/package.sh +134 -0
- data/external/scripts/push_nightlies.sh +125 -0
- data/extras/placeholder +0 -0
- data/gfx/README.md +18 -0
- data/gfx/compiled/banner.png +0 -0
- data/gfx/compiled/favicon.ico +0 -0
- data/gfx/compiled/icon.png +0 -0
- data/gfx/compiled/logo.png +0 -0
- data/gfx/compiled/spider.png +0 -0
- data/gfx/font/Beneath_the_Surface.ttf +0 -0
- data/gfx/font/bts_readme.txt +14 -0
- data/gfx/source/banner.svg +999 -0
- data/gfx/source/icon.svg +627 -0
- data/gfx/source/logo.svg +672 -0
- data/gfx/source/spider.png +0 -0
- data/gfx/source/spider.svg +277 -0
- data/lib/arachni.rb +30 -5
- data/lib/arachni/audit_store.rb +111 -143
- data/lib/arachni/banner.rb +37 -0
- data/lib/arachni/bloom_filter.rb +74 -0
- data/lib/arachni/cache.rb +21 -0
- data/lib/arachni/cache/base.rb +170 -0
- data/lib/arachni/cache/least_cost_replacement.rb +89 -0
- data/lib/arachni/cache/least_recently_used.rb +73 -0
- data/lib/arachni/cache/random_replacement.rb +52 -0
- data/lib/arachni/component/manager.rb +391 -0
- data/lib/arachni/component/options.rb +38 -0
- data/lib/arachni/component/options/address.rb +41 -0
- data/lib/arachni/component/options/base.rb +126 -0
- data/lib/arachni/component/options/bool.rb +55 -0
- data/lib/arachni/component/options/enum.rb +51 -0
- data/lib/arachni/component/options/float.rb +45 -0
- data/lib/arachni/component/options/int.rb +44 -0
- data/lib/arachni/component/options/path.rb +36 -0
- data/lib/arachni/component/options/port.rb +37 -0
- data/lib/arachni/component/options/string.rb +44 -0
- data/lib/arachni/component/options/url.rb +42 -0
- data/lib/arachni/crypto/rsa_aes_cbc.rb +14 -8
- data/lib/arachni/database.rb +4 -4
- data/lib/arachni/database/base.rb +14 -8
- data/lib/arachni/database/hash.rb +21 -12
- data/lib/arachni/database/queue.rb +15 -9
- data/lib/arachni/element/base.rb +147 -0
- data/lib/arachni/element/capabilities/auditable.rb +623 -0
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +243 -0
- data/lib/arachni/element/capabilities/auditable/taint.rb +141 -0
- data/lib/arachni/element/capabilities/auditable/timeout.rb +330 -0
- data/lib/arachni/element/capabilities/body.rb +19 -0
- data/lib/arachni/element/capabilities/mutable.rb +286 -0
- data/lib/arachni/element/capabilities/path.rb +19 -0
- data/lib/arachni/element/capabilities/refreshable.rb +48 -0
- data/lib/arachni/element/capabilities/server.rb +19 -0
- data/lib/arachni/element/cookie.rb +1043 -0
- data/lib/arachni/element/form.rb +1364 -0
- data/lib/arachni/element/header.rb +87 -0
- data/lib/arachni/element/link.rb +227 -0
- data/lib/arachni/exceptions.rb +12 -34
- data/lib/arachni/framework.rb +345 -436
- data/lib/arachni/http.rb +445 -409
- data/lib/arachni/http/cookie_jar.rb +163 -0
- data/lib/arachni/issue.rb +102 -65
- data/lib/arachni/mixins/observable.rb +25 -28
- data/lib/arachni/mixins/progress_bar.rb +11 -5
- data/lib/arachni/mixins/terminal.rb +17 -11
- data/lib/arachni/module.rb +4 -4
- data/lib/arachni/module/auditor.rb +270 -793
- data/lib/arachni/module/base.rb +107 -101
- data/lib/arachni/module/element_db.rb +54 -59
- data/lib/arachni/module/key_filler.rb +35 -35
- data/lib/arachni/module/manager.rb +178 -68
- data/lib/arachni/module/output.rb +25 -30
- data/lib/arachni/module/trainer.rb +85 -156
- data/lib/arachni/module/utilities.rb +29 -138
- data/lib/arachni/options.rb +496 -162
- data/lib/arachni/page.rb +186 -0
- data/lib/arachni/parser.rb +392 -2
- data/lib/arachni/plugin.rb +4 -4
- data/lib/arachni/plugin/base.rb +113 -44
- data/lib/arachni/plugin/manager.rb +120 -54
- data/lib/arachni/report.rb +4 -4
- data/lib/arachni/report/base.rb +59 -44
- data/lib/arachni/report/manager.rb +33 -32
- data/lib/arachni/rpc/client.rb +2 -0
- data/lib/arachni/rpc/client/base.rb +31 -18
- data/lib/arachni/rpc/client/dispatcher.rb +24 -11
- data/lib/arachni/rpc/client/instance.rb +24 -11
- data/lib/arachni/rpc/server/base.rb +12 -9
- data/lib/arachni/rpc/server/dispatcher.rb +161 -164
- data/lib/arachni/rpc/server/dispatcher/handler.rb +164 -0
- data/lib/arachni/rpc/server/{node.rb → dispatcher/node.rb} +86 -104
- data/lib/arachni/rpc/server/distributor.rb +432 -0
- data/lib/arachni/rpc/server/framework.rb +266 -758
- data/lib/arachni/rpc/server/instance.rb +38 -53
- data/lib/arachni/rpc/server/module/manager.rb +17 -20
- data/lib/arachni/rpc/server/output.rb +73 -179
- data/lib/arachni/rpc/server/plugin/manager.rb +58 -24
- data/lib/arachni/ruby.rb +6 -4
- data/lib/arachni/ruby/array.rb +30 -9
- data/lib/arachni/ruby/enumerable.rb +29 -0
- data/lib/arachni/ruby/object.rb +47 -12
- data/lib/arachni/ruby/string.rb +69 -24
- data/lib/arachni/ruby/webrick.rb +31 -0
- data/lib/arachni/session.rb +279 -0
- data/lib/arachni/spider.rb +295 -149
- data/lib/arachni/typhoeus/hydra.rb +18 -4
- data/lib/arachni/typhoeus/request.rb +52 -65
- data/lib/arachni/typhoeus/response.rb +62 -22
- data/lib/arachni/typhoeus/utils.rb +25 -0
- data/lib/arachni/ui/cli/cli.rb +331 -298
- data/lib/arachni/ui/cli/output.rb +105 -77
- data/lib/arachni/ui/foo/output.rb +116 -0
- data/lib/arachni/ui/rpc/dispatcher_monitor.rb +5 -12
- data/lib/arachni/ui/rpc/rpc.rb +43 -48
- data/lib/arachni/ui/web/addon_manager.rb +18 -13
- data/lib/arachni/ui/web/addons/sample.rb +14 -8
- data/lib/arachni/ui/web/addons/scheduler.rb +14 -8
- data/lib/arachni/ui/web/addons/scheduler/views/index.erb +1 -1
- data/lib/arachni/ui/web/addons/scheduler/views/options.erb +0 -3
- data/lib/arachni/ui/web/dispatcher_manager.rb +14 -9
- data/lib/arachni/ui/web/instance_manager.rb +14 -8
- data/lib/arachni/ui/web/log.rb +14 -10
- data/lib/arachni/ui/web/output_stream.rb +11 -5
- data/lib/arachni/ui/web/report_manager.rb +14 -10
- data/lib/arachni/ui/web/scheduler.rb +16 -11
- data/lib/arachni/ui/web/server.rb +62 -56
- data/lib/arachni/ui/web/server/public/style.css +1 -1
- data/lib/arachni/ui/web/server/views/addon.erb +1 -1
- data/lib/arachni/ui/web/server/views/dispatchers.erb +3 -3
- data/lib/arachni/ui/web/server/views/dispatchers_edit.erb +2 -2
- data/lib/arachni/ui/web/server/views/error.erb +1 -1
- data/lib/arachni/ui/web/server/views/home.erb +2 -2
- data/lib/arachni/ui/web/server/views/instance.erb +6 -6
- data/lib/arachni/ui/web/server/views/layout.erb +4 -4
- data/lib/arachni/ui/web/server/views/settings.erb +13 -8
- data/lib/arachni/ui/web/server/views/welcome.erb +1 -1
- data/lib/arachni/ui/web/utilities.rb +24 -35
- data/lib/arachni/uri.rb +619 -0
- data/lib/arachni/utilities.rb +316 -0
- data/lib/arachni/version.rb +12 -6
- data/lib/version +1 -0
- data/modules/audit/code_injection.rb +64 -81
- data/modules/audit/code_injection_timing.rb +57 -75
- data/modules/audit/csrf.rb +87 -185
- data/modules/audit/ldapi.rb +42 -67
- data/modules/audit/os_cmd_injection.rb +53 -71
- data/modules/audit/os_cmd_injection/payloads.txt +1 -1
- data/modules/audit/os_cmd_injection_timing.rb +54 -75
- data/modules/audit/os_cmd_injection_timing/payloads.txt +1 -3
- data/modules/audit/path_traversal.rb +84 -110
- data/modules/audit/response_splitting.rb +41 -53
- data/modules/audit/rfi.rb +68 -76
- data/modules/audit/session_fixation.rb +86 -0
- data/modules/audit/sqli.rb +51 -77
- data/modules/audit/sqli/regexp_ids.txt +5 -19
- data/modules/audit/sqli/regexp_ignore.txt +2 -0
- data/modules/audit/sqli_blind_rdiff.rb +51 -62
- data/modules/audit/sqli_blind_timing.rb +53 -73
- data/modules/audit/trainer.rb +21 -58
- data/modules/audit/unvalidated_redirect.rb +41 -51
- data/modules/audit/xpath.rb +38 -69
- data/modules/audit/xpath/errors.txt +2 -3
- data/modules/audit/xss.rb +65 -69
- data/modules/audit/xss_event.rb +50 -69
- data/modules/audit/xss_path.rb +63 -89
- data/modules/audit/xss_script_tag.rb +53 -66
- data/modules/audit/xss_tag.rb +46 -65
- data/modules/audit/xss_uri.rb +22 -24
- data/modules/recon/allowed_methods.rb +46 -62
- data/modules/recon/backdoors.rb +39 -66
- data/modules/recon/backup_files.rb +49 -79
- data/modules/recon/common_directories.rb +39 -63
- data/modules/recon/common_directories/directories.txt +0 -5
- data/modules/recon/common_files.rb +34 -63
- data/modules/recon/directory_listing.rb +66 -116
- data/modules/recon/grep/captcha.rb +34 -41
- data/modules/recon/grep/credit_card.rb +57 -68
- data/modules/recon/grep/cvs_svn_users.rb +40 -50
- data/modules/recon/grep/emails.rb +34 -41
- data/modules/recon/grep/html_objects.rb +30 -33
- data/modules/recon/grep/http_only_cookies.rb +57 -0
- data/modules/recon/grep/insecure_cookies.rb +55 -0
- data/modules/recon/grep/mixed_resource.rb +93 -0
- data/modules/recon/grep/private_ip.rb +34 -32
- data/modules/recon/grep/ssn.rb +33 -31
- data/modules/recon/grep/unencrypted_password_forms.rb +84 -0
- data/modules/recon/htaccess_limit.rb +38 -54
- data/modules/recon/http_put.rb +48 -62
- data/modules/recon/interesting_responses.rb +77 -79
- data/modules/recon/webdav.rb +53 -79
- data/modules/recon/xst.rb +44 -63
- data/modules/test2.rb +46 -0
- data/path_extractors/anchors.rb +17 -15
- data/path_extractors/forms.rb +17 -15
- data/path_extractors/frames.rb +17 -18
- data/path_extractors/generic.rb +52 -55
- data/path_extractors/links.rb +16 -14
- data/path_extractors/meta_refresh.rb +33 -18
- data/path_extractors/scripts.rb +17 -15
- data/plugins/autologin.rb +60 -85
- data/plugins/beep_notify.rb +25 -27
- data/plugins/cookie_collector.rb +28 -45
- data/plugins/defaults/autothrottle.rb +43 -51
- data/plugins/defaults/content_types.rb +63 -52
- data/plugins/defaults/healthmap.rb +45 -62
- data/plugins/defaults/{metamodules → meta}/remedies/discovery.rb +34 -69
- data/plugins/defaults/meta/remedies/manual_verification.rb +61 -0
- data/plugins/defaults/meta/remedies/timing_attacks.rb +108 -0
- data/plugins/defaults/meta/uniformity.rb +81 -0
- data/plugins/defaults/profiler.rb +68 -115
- data/plugins/defaults/resolver.rb +33 -28
- data/plugins/email_notify.rb +60 -62
- data/plugins/form_dicattack.rb +67 -121
- data/plugins/http_dicattack.rb +51 -65
- data/plugins/libnotify.rb +37 -41
- data/plugins/proxy.rb +407 -152
- data/plugins/proxy/panel/403_forbidden.html.erb +11 -0
- data/plugins/proxy/panel/404_not_found.html.erb +6 -0
- data/plugins/proxy/panel/css/bootstrap.min.css +9 -0
- data/plugins/proxy/panel/css/panel.css +30 -0
- data/plugins/proxy/panel/help.html.erb +66 -0
- data/plugins/proxy/panel/img/glyphicons-halflings-white.png +0 -0
- data/plugins/proxy/panel/img/glyphicons-halflings.png +0 -0
- data/plugins/proxy/panel/img/record.png +0 -0
- data/plugins/proxy/panel/inspect.html.erb +7 -0
- data/plugins/proxy/panel/js/bootstrap.min.js +6 -0
- data/plugins/proxy/panel/js/jquery.min.js +2 -0
- data/plugins/proxy/panel/js/panel.js +39 -0
- data/plugins/proxy/panel/layout.html.erb +25 -0
- data/plugins/proxy/panel/page_accordion.html.erb +67 -0
- data/plugins/proxy/panel/page_twin_accordion.html.erb +18 -0
- data/plugins/proxy/panel/panel.html.erb +63 -0
- data/plugins/proxy/panel/shutdown_message.html.erb +7 -0
- data/plugins/proxy/panel/verify_login_check.html.erb +31 -0
- data/plugins/proxy/panel/verify_login_final.html.erb +26 -0
- data/plugins/proxy/panel/verify_login_sequence.html.erb +45 -0
- data/plugins/proxy/server.rb +175 -47
- data/plugins/proxy/ssl-interceptor-cert.pem +34 -0
- data/plugins/proxy/ssl-interceptor-pkey.pem +51 -0
- data/plugins/rescan.rb +27 -28
- data/plugins/script.rb +53 -0
- data/plugins/vector_feed.rb +226 -0
- data/plugins/waf_detector.rb +70 -73
- data/reports/afr.rb +23 -24
- data/reports/ap.rb +25 -36
- data/reports/html.rb +109 -163
- data/reports/html/default.erb +13 -12
- data/reports/html/default/configuration.erb +21 -21
- data/reports/html/default/css/main.css +350 -350
- data/reports/html/default/issues.erb +1 -1
- data/reports/html/default/js/charts.js +2 -2
- data/reports/html/default/js/helpers.js +0 -42
- data/reports/html/default/js/init.js +0 -1
- data/reports/html/default/sitemap.erb +2 -2
- data/reports/html/default/summary.erb +4 -4
- data/reports/html/default/summary_issue.erb +1 -1
- data/reports/json.rb +26 -28
- data/reports/marshal.rb +23 -25
- data/reports/metareport.rb +65 -98
- data/reports/plugin_formatters/html/autologin.rb +34 -41
- data/reports/plugin_formatters/html/content_types.rb +46 -52
- data/reports/plugin_formatters/html/cookie_collector.rb +41 -47
- data/reports/plugin_formatters/html/discovery.rb +36 -41
- data/reports/plugin_formatters/html/form_dicattack.rb +28 -34
- data/reports/plugin_formatters/html/healthmap.rb +48 -55
- data/reports/plugin_formatters/html/http_dicattack.rb +28 -34
- data/reports/plugin_formatters/html/profiler.rb +26 -30
- data/reports/plugin_formatters/html/profiler/template.erb +7 -7
- data/reports/plugin_formatters/html/resolver.rb +44 -52
- data/reports/plugin_formatters/html/timing_attacks.rb +42 -44
- data/reports/plugin_formatters/html/uniformity.rb +37 -42
- data/reports/plugin_formatters/html/waf_detector.rb +26 -34
- data/reports/plugin_formatters/stdout/autologin.rb +28 -40
- data/reports/plugin_formatters/stdout/content_types.rb +36 -53
- data/reports/plugin_formatters/stdout/cookie_collector.rb +28 -41
- data/reports/plugin_formatters/stdout/discovery.rb +27 -37
- data/reports/plugin_formatters/stdout/form_dicattack.rb +22 -35
- data/reports/plugin_formatters/stdout/healthmap.rb +40 -57
- data/reports/plugin_formatters/stdout/http_dicattack.rb +22 -36
- data/reports/plugin_formatters/stdout/profiler.rb +55 -74
- data/reports/plugin_formatters/stdout/resolver.rb +18 -34
- data/reports/plugin_formatters/stdout/timing_attacks.rb +27 -39
- data/reports/plugin_formatters/stdout/uniformity.rb +32 -44
- data/reports/plugin_formatters/stdout/waf_detector.rb +20 -32
- data/reports/plugin_formatters/xml/autologin.rb +27 -49
- data/reports/plugin_formatters/xml/content_types.rb +41 -66
- data/reports/plugin_formatters/xml/cookie_collector.rb +29 -49
- data/reports/plugin_formatters/xml/discovery.rb +23 -41
- data/reports/plugin_formatters/xml/form_dicattack.rb +22 -40
- data/reports/plugin_formatters/xml/healthmap.rb +44 -63
- data/reports/plugin_formatters/xml/http_dicattack.rb +22 -41
- data/reports/plugin_formatters/xml/profiler.rb +65 -89
- data/reports/plugin_formatters/xml/resolver.rb +21 -41
- data/reports/plugin_formatters/xml/timing_attacks.rb +27 -45
- data/reports/plugin_formatters/xml/uniformity.rb +36 -55
- data/reports/plugin_formatters/xml/waf_detector.rb +23 -42
- data/reports/stdout.rb +120 -121
- data/reports/txt.rb +29 -45
- data/reports/xml.rb +109 -148
- data/reports/xml/buffer.rb +66 -79
- data/reports/yaml.rb +26 -28
- data/rpcd_handlers/placeholder +0 -0
- data/spec/arachni/audit_store_spec.rb +223 -0
- data/spec/arachni/bloom_filter_spec.rb +76 -0
- data/spec/arachni/cache/base_spec.rb +275 -0
- data/spec/arachni/cache/least_cost_replacement_spec.rb +58 -0
- data/spec/arachni/cache/least_recently_used_spec.rb +91 -0
- data/spec/arachni/cache/random_replacement_spec.rb +43 -0
- data/spec/arachni/component/manager_spec.rb +448 -0
- data/spec/arachni/component/options/address_spec.rb +32 -0
- data/spec/arachni/component/options/base_spec.rb +105 -0
- data/spec/arachni/component/options/bool_spec.rb +67 -0
- data/spec/arachni/component/options/enum_spec.rb +51 -0
- data/spec/arachni/component/options/float_spec.rb +42 -0
- data/spec/arachni/component/options/int_spec.rb +46 -0
- data/spec/arachni/component/options/path_spec.rb +32 -0
- data/spec/arachni/component/options/port_spec.rb +38 -0
- data/spec/arachni/component/options/string_spec.rb +38 -0
- data/spec/arachni/component/options/url_spec.rb +36 -0
- data/spec/arachni/crypto/rsa_aes_cbc_spec.rb +31 -0
- data/spec/arachni/database/hash_spec.rb +217 -0
- data/spec/arachni/database/queue_spec.rb +52 -0
- data/spec/arachni/element/base_spec.rb +127 -0
- data/spec/arachni/element/body_spec.rb +9 -0
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +47 -0
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +110 -0
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +107 -0
- data/spec/arachni/element/capabilities/mutable_spec.rb +261 -0
- data/spec/arachni/element/cookie_spec.rb +362 -0
- data/spec/arachni/element/form_spec.rb +668 -0
- data/spec/arachni/element/header_spec.rb +49 -0
- data/spec/arachni/element/link_spec.rb +220 -0
- data/spec/arachni/element/path_spec.rb +9 -0
- data/spec/arachni/element/server_spec.rb +9 -0
- data/spec/arachni/framework_spec.rb +860 -0
- data/spec/arachni/http/cookie_jar_spec.rb +267 -0
- data/spec/arachni/http_spec.rb +991 -0
- data/spec/arachni/issue_spec.rb +307 -0
- data/spec/arachni/mixins/observable_spec.rb +59 -0
- data/spec/arachni/mixins/progress_bar_spec.rb +41 -0
- data/spec/arachni/module/auditor_spec.rb +506 -0
- data/spec/arachni/module/element_db_spec.rb +131 -0
- data/spec/arachni/module/key_filler.rb +15 -0
- data/spec/arachni/module/manager_spec.rb +154 -0
- data/spec/arachni/module/trainer_spec.rb +102 -0
- data/spec/arachni/module/utilities_spec.rb +30 -0
- data/spec/arachni/module/utilities_spec/read_file.txt +3 -0
- data/spec/arachni/options_spec.rb +555 -0
- data/spec/arachni/page_spec.rb +290 -0
- data/spec/arachni/parser_spec.rb +508 -0
- data/spec/arachni/plugin/manager_spec.rb +174 -0
- data/spec/arachni/report/base_spec.rb +53 -0
- data/spec/arachni/report/manager_spec.rb +82 -0
- data/spec/arachni/rpc/client/base_spec.rb +157 -0
- data/spec/arachni/rpc/client/dispatcher_spec.rb +40 -0
- data/spec/arachni/rpc/client/instance_spec.rb +92 -0
- data/spec/arachni/rpc/server/base_spec.rb +40 -0
- data/spec/arachni/rpc/server/dispatcher/handler.rb +120 -0
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +220 -0
- data/spec/arachni/rpc/server/dispatcher_spec.rb +136 -0
- data/spec/arachni/rpc/server/distributor_spec.rb +628 -0
- data/spec/arachni/rpc/server/framework_hpg_spec.rb +321 -0
- data/spec/arachni/rpc/server/framework_simple_spec.rb +453 -0
- data/spec/arachni/rpc/server/instance_spec.rb +81 -0
- data/spec/arachni/rpc/server/modules/manager_spec.rb +79 -0
- data/spec/arachni/rpc/server/options_spec.rb +124 -0
- data/spec/arachni/rpc/server/output_spec.rb +238 -0
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +86 -0
- data/spec/arachni/ruby/array_spec.rb +103 -0
- data/spec/arachni/ruby/enumerable_spec.rb +37 -0
- data/spec/arachni/ruby/object_spec.rb +38 -0
- data/spec/arachni/ruby/string_spec.rb +77 -0
- data/spec/arachni/ruby/webrick_spec.rb +15 -0
- data/spec/arachni/session_spec.rb +308 -0
- data/spec/arachni/spider_spec.rb +383 -0
- data/spec/arachni/typhoeus/hydra_spec.rb +14 -0
- data/spec/arachni/typhoeus/requrest_spec.rb +58 -0
- data/spec/arachni/typhoeus/response_spec.rb +78 -0
- data/spec/arachni/uri_spec.rb +462 -0
- data/spec/arachni/utilities_spec.rb +297 -0
- data/spec/fixtures/auditstore.afr +2959 -0
- data/spec/fixtures/cookies.txt +9 -0
- data/spec/fixtures/modules/test.rb +58 -0
- data/spec/fixtures/modules/test2.rb +46 -0
- data/spec/fixtures/modules/test3.rb +46 -0
- data/spec/fixtures/passwords.txt +17 -0
- data/spec/fixtures/plugins/bad.rb +46 -0
- data/spec/fixtures/plugins/defaults/default.rb +45 -0
- data/spec/fixtures/plugins/distributable.rb +42 -0
- data/spec/fixtures/plugins/loop.rb +32 -0
- data/spec/fixtures/plugins/wait.rb +34 -0
- data/spec/fixtures/plugins/with_options.rb +31 -0
- data/spec/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +21 -0
- data/spec/fixtures/reports/base_spec/with_formatters.rb +23 -0
- data/spec/fixtures/reports/base_spec/with_outfile.rb +24 -0
- data/spec/fixtures/reports/base_spec/without_outfile.rb +20 -0
- data/spec/fixtures/reports/manager_spec/afr.rb +21 -0
- data/spec/fixtures/reports/manager_spec/foo.rb +26 -0
- data/spec/fixtures/rescan.afr.tpl +145 -0
- data/spec/fixtures/rpcd_handlers/echo.rb +68 -0
- data/spec/fixtures/run_mod/body.rb +58 -0
- data/spec/fixtures/run_mod/cookies.rb +58 -0
- data/spec/fixtures/run_mod/empty.rb +58 -0
- data/spec/fixtures/run_mod/flch.rb +63 -0
- data/spec/fixtures/run_mod/forms.rb +58 -0
- data/spec/fixtures/run_mod/headers.rb +58 -0
- data/spec/fixtures/run_mod/links.rb +58 -0
- data/spec/fixtures/run_mod/nil.rb +57 -0
- data/spec/fixtures/run_mod/path.rb +58 -0
- data/spec/fixtures/run_mod/server.rb +58 -0
- data/spec/fixtures/script_plugin.rb +1 -0
- data/spec/fixtures/taint_module/taint.rb +48 -0
- data/spec/fixtures/usernames.txt +13 -0
- data/spec/fixtures/wait_module/wait.rb +48 -0
- data/spec/helpers/auditor.rb +9 -0
- data/spec/helpers/misc.rb +41 -0
- data/spec/helpers/processes.rb +112 -0
- data/spec/helpers/requires.rb +8 -0
- data/spec/helpers/server.rb +54 -0
- data/spec/logs/Dispatcher - 2752-13830.log +49 -0
- data/spec/logs/Dispatcher - 2766-8238.log +35 -0
- data/spec/logs/Dispatcher - 2808-9029.log +31 -0
- data/spec/logs/Dispatcher - 2854-8571.log +26 -0
- data/spec/logs/Dispatcher - 2888-10411.log +20 -0
- data/spec/logs/Dispatcher - 2922-14464.log +13 -0
- data/spec/logs/Dispatcher - 2957-15255.log +19 -0
- data/spec/logs/Dispatcher - 3216-14203.log +35 -0
- data/spec/logs/Dispatcher - 3305-8622.log +43 -0
- data/spec/logs/Dispatcher - 3340-15426.log +35 -0
- data/spec/logs/Dispatcher - 3399-12586.log +40 -0
- data/spec/logs/Dispatcher - 3433-14149.log +26 -0
- data/spec/logs/Dispatcher - 3582-6198.log +27 -0
- data/spec/logs/Dispatcher - 3616-11169.log +13 -0
- data/spec/logs/Dispatcher - 3849-9016.log +7 -0
- data/spec/logs/output_spec.log +4 -0
- data/spec/logs/placeholder +0 -0
- data/spec/modules/audit/code_injection_spec.rb +25 -0
- data/spec/modules/audit/code_injection_timing_spec.rb +24 -0
- data/spec/modules/audit/csrf_spec.rb +38 -0
- data/spec/modules/audit/ldapi_spec.rb +19 -0
- data/spec/modules/audit/os_cmd_injection_spec.rb +24 -0
- data/spec/modules/audit/os_cmd_injection_timing_spec.rb +24 -0
- data/spec/modules/audit/path_traversal_spec.rb +23 -0
- data/spec/modules/audit/response_splitting_spec.rb +19 -0
- data/spec/modules/audit/rfi_spec.rb +19 -0
- data/spec/modules/audit/session_fixation_spec.rb +23 -0
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +19 -0
- data/spec/modules/audit/sqli_blind_timing_spec.rb +23 -0
- data/spec/modules/audit/sqli_spec.rb +24 -0
- data/spec/modules/audit/trainer_spec.rb +25 -0
- data/spec/modules/audit/unvalidated_redirect_spec.rb +24 -0
- data/spec/modules/audit/xpath_spec.rb +25 -0
- data/spec/modules/audit/xss_event_spec.rb +19 -0
- data/spec/modules/audit/xss_path_spec.rb +19 -0
- data/spec/modules/audit/xss_script_tag_spec.rb +19 -0
- data/spec/modules/audit/xss_spec.rb +24 -0
- data/spec/modules/audit/xss_tag_spec.rb +19 -0
- data/spec/modules/recon/allowed_methods_spec.rb +19 -0
- data/spec/modules/recon/backdoors_spec.rb +19 -0
- data/spec/modules/recon/backup_files_spec.rb +19 -0
- data/spec/modules/recon/common_directories_spec.rb +19 -0
- data/spec/modules/recon/common_files_spec.rb +19 -0
- data/spec/modules/recon/directory_listing_spec.rb +19 -0
- data/spec/modules/recon/grep/captcha_spec.rb +19 -0
- data/spec/modules/recon/grep/credit_card_spec.rb +19 -0
- data/spec/modules/recon/grep/cvs_svn_users_spec.rb +19 -0
- data/spec/modules/recon/grep/emails_spec.rb +19 -0
- data/spec/modules/recon/grep/html_objects_spec.rb +19 -0
- data/spec/modules/recon/grep/http_only_cookies_spec.rb +19 -0
- data/spec/modules/recon/grep/insecure_cookies_spec.rb +19 -0
- data/spec/modules/recon/grep/mixed_resource_spec.rb +20 -0
- data/spec/modules/recon/grep/private_ip_spec.rb +26 -0
- data/spec/modules/recon/grep/ssn_spec.rb +19 -0
- data/spec/modules/recon/grep/unencrypted_password_forms_spec.rb +19 -0
- data/spec/modules/recon/htaccess_limit_spec.rb +19 -0
- data/spec/modules/recon/http_put_spec.rb +19 -0
- data/spec/modules/recon/interesting_responses_spec.rb +27 -0
- data/spec/modules/recon/webdav_spec.rb +19 -0
- data/spec/modules/recon/xst_spec.rb +19 -0
- data/spec/path_extractors/anchors_spec.rb +19 -0
- data/spec/path_extractors/forms_spec.rb +19 -0
- data/spec/path_extractors/frames_spec.rb +20 -0
- data/spec/path_extractors/generic_spec.rb +28 -0
- data/spec/path_extractors/links_spec.rb +19 -0
- data/spec/path_extractors/meta_refresh_spec.rb +24 -0
- data/spec/path_extractors/scripts_spec.rb +19 -0
- data/spec/pems/cacert.pem +39 -0
- data/spec/pems/client/cert.pem +39 -0
- data/spec/pems/client/foo-cert.pem +39 -0
- data/spec/pems/client/foo-key.pem +51 -0
- data/spec/pems/client/key.pem +51 -0
- data/spec/pems/server/cert.pem +39 -0
- data/spec/pems/server/key.pem +51 -0
- data/spec/plugins/autologin_spec.rb +76 -0
- data/spec/plugins/autothrottle_spec.rb +45 -0
- data/spec/plugins/content_types_spec.rb +93 -0
- data/spec/plugins/cookie_collector_spec.rb +32 -0
- data/spec/plugins/form_dicattack_spec.rb +60 -0
- data/spec/plugins/healthmap_spec.rb +40 -0
- data/spec/plugins/http_dicattack_spec.rb +40 -0
- data/spec/plugins/meta/remedies/discovery_spec.rb +15 -0
- data/spec/plugins/meta/remedies/manual_verification_spec.rb +28 -0
- data/spec/plugins/meta/remedies/timing_attacks_spec.rb +30 -0
- data/spec/plugins/meta/uniformity_spec.rb +83 -0
- data/spec/plugins/profiler_spec.rb +82 -0
- data/spec/plugins/rescan_spec.rb +26 -0
- data/spec/plugins/resolver_spec.rb +16 -0
- data/spec/plugins/script_spec.rb +12 -0
- data/spec/plugins/vector_feed_spec.rb +155 -0
- data/spec/plugins/waf_detector_spec.rb +41 -0
- data/spec/reports/afr_spec.rb +13 -0
- data/spec/reports/ap_spec.rb +9 -0
- data/spec/reports/html_spec.rb +13 -0
- data/spec/reports/json_spec.rb +17 -0
- data/spec/reports/marshal_spec.rb +13 -0
- data/spec/reports/stdout_spec.rb +9 -0
- data/spec/reports/txt_spec.rb +8 -0
- data/spec/reports/xml_spec.rb +13 -0
- data/spec/reports/yaml_spec.rb +13 -0
- data/spec/servers/arachni/element/capabilities/auditable/rdiff.rb +36 -0
- data/spec/servers/arachni/element/capabilities/auditable/taint.rb +10 -0
- data/spec/servers/arachni/element/capabilities/auditable/timeout.rb +30 -0
- data/spec/servers/arachni/element/cookie.rb +37 -0
- data/spec/servers/arachni/element/form.rb +93 -0
- data/spec/servers/arachni/element/header.rb +22 -0
- data/spec/servers/arachni/element/link.rb +26 -0
- data/spec/servers/arachni/framework.rb +54 -0
- data/spec/servers/arachni/http.rb +140 -0
- data/spec/servers/arachni/http_auth.rb +9 -0
- data/spec/servers/arachni/module/auditor.rb +135 -0
- data/spec/servers/arachni/module/trainer.rb +40 -0
- data/spec/servers/arachni/parser.rb +70 -0
- data/spec/servers/arachni/rpc/server/framework_hpg.rb +21 -0
- data/spec/servers/arachni/rpc/server/framework_simple.rb +30 -0
- data/spec/servers/arachni/session.rb +110 -0
- data/spec/servers/arachni/spider.rb +148 -0
- data/spec/servers/modules/audit/code_injection.rb +140 -0
- data/spec/servers/modules/audit/code_injection_timing.rb +110 -0
- data/spec/servers/modules/audit/csrf.rb +80 -0
- data/spec/servers/modules/audit/ldapi.rb +73 -0
- data/spec/servers/modules/audit/os_cmd_injection.rb +140 -0
- data/spec/servers/modules/audit/os_cmd_injection_timing.rb +111 -0
- data/spec/servers/modules/audit/path_traversal.rb +176 -0
- data/spec/servers/modules/audit/response_splitting.rb +114 -0
- data/spec/servers/modules/audit/rfi.rb +113 -0
- data/spec/servers/modules/audit/session_fixation.rb +87 -0
- data/spec/servers/modules/audit/sqli.rb +118 -0
- data/spec/servers/modules/audit/sqli/coldfusion +1 -0
- data/spec/servers/modules/audit/sqli/db2 +4 -0
- data/spec/servers/modules/audit/sqli/emc +2 -0
- data/spec/servers/modules/audit/sqli/informix +3 -0
- data/spec/servers/modules/audit/sqli/interbase +2 -0
- data/spec/servers/modules/audit/sqli/jdbc +0 -0
- data/spec/servers/modules/audit/sqli/mssql +26 -0
- data/spec/servers/modules/audit/sqli/mysql +13 -0
- data/spec/servers/modules/audit/sqli/oracle +6 -0
- data/spec/servers/modules/audit/sqli/postgresql +7 -0
- data/spec/servers/modules/audit/sqli/sqlite +4 -0
- data/spec/servers/modules/audit/sqli/sybase +0 -0
- data/spec/servers/modules/audit/sqli_blind_rdiff.rb +74 -0
- data/spec/servers/modules/audit/sqli_blind_timing.rb +121 -0
- data/spec/servers/modules/audit/trainer_module.rb +160 -0
- data/spec/servers/modules/audit/unvalidated_redirect.rb +115 -0
- data/spec/servers/modules/audit/xpath.rb +111 -0
- data/spec/servers/modules/audit/xpath/dotnet +5 -0
- data/spec/servers/modules/audit/xpath/general +13 -0
- data/spec/servers/modules/audit/xpath/java +3 -0
- data/spec/servers/modules/audit/xpath/libxml2 +2 -0
- data/spec/servers/modules/audit/xpath/php +2 -0
- data/spec/servers/modules/audit/xss.rb +152 -0
- data/spec/servers/modules/audit/xss_event.rb +80 -0
- data/spec/servers/modules/audit/xss_path.rb +44 -0
- data/spec/servers/modules/audit/xss_script_tag.rb +73 -0
- data/spec/servers/modules/audit/xss_tag.rb +139 -0
- data/spec/servers/modules/module_server.rb +14 -0
- data/spec/servers/modules/recon/allowed_methods.rb +5 -0
- data/spec/servers/modules/recon/backdoors.rb +4 -0
- data/spec/servers/modules/recon/backup_files.rb +28 -0
- data/spec/servers/modules/recon/common_directories.rb +6 -0
- data/spec/servers/modules/recon/common_files.rb +6 -0
- data/spec/servers/modules/recon/directory_listing.rb +30 -0
- data/spec/servers/modules/recon/grep/captcha.rb +27 -0
- data/spec/servers/modules/recon/grep/credit_card.rb +28 -0
- data/spec/servers/modules/recon/grep/cvs_svn_users.rb +23 -0
- data/spec/servers/modules/recon/grep/emails.rb +21 -0
- data/spec/servers/modules/recon/grep/html_objects.rb +7 -0
- data/spec/servers/modules/recon/grep/http_only_cookies.rb +21 -0
- data/spec/servers/modules/recon/grep/insecure_cookies.rb +21 -0
- data/spec/servers/modules/recon/grep/mixed_resource.rb +83 -0
- data/spec/servers/modules/recon/grep/private_ip.rb +18 -0
- data/spec/servers/modules/recon/grep/ssn.rb +5 -0
- data/spec/servers/modules/recon/grep/unencrypted_password_forms.rb +33 -0
- data/spec/servers/modules/recon/htaccess_limit.rb +8 -0
- data/spec/servers/modules/recon/http_put.rb +7 -0
- data/spec/servers/modules/recon/interesting_responses.rb +5 -0
- data/spec/servers/modules/recon/webdav.rb +25 -0
- data/spec/servers/modules/recon/xst.rb +6 -0
- data/spec/servers/plugins/autologin.rb +38 -0
- data/spec/servers/plugins/autothrottle.rb +8 -0
- data/spec/servers/plugins/content_types.rb +17 -0
- data/spec/servers/plugins/cookie_collector.rb +20 -0
- data/spec/servers/plugins/form_dicattack.rb +28 -0
- data/spec/servers/plugins/healthmap.rb +16 -0
- data/spec/servers/plugins/http_dicattack.rb +9 -0
- data/spec/servers/plugins/http_dicattack_secure.rb +9 -0
- data/spec/servers/plugins/http_dicattack_unprotected.rb +5 -0
- data/spec/servers/plugins/meta/remedies/discovery.rb +7 -0
- data/spec/servers/plugins/meta/remedies/timing_attacks.rb +29 -0
- data/spec/servers/plugins/profiler.rb +82 -0
- data/spec/servers/plugins/rescan.rb +31 -0
- data/spec/servers/plugins/waf_detector.rb +33 -0
- data/spec/shared/component.rb +43 -0
- data/spec/shared/element/capabilities/auditable.rb +729 -0
- data/spec/shared/element/capabilities/refreshable.rb +56 -0
- data/spec/shared/module.rb +162 -0
- data/spec/shared/path_extractor.rb +47 -0
- data/spec/shared/plugin.rb +50 -0
- data/spec/shared/reports.rb +47 -0
- data/spec/spec_helper.rb +53 -0
- metadata +870 -323
- data/extras/modules/recon/raft_dirs.rb +0 -108
- data/extras/modules/recon/raft_dirs/raft-large-directories.txt +0 -62290
- data/extras/modules/recon/raft_files.rb +0 -110
- data/extras/modules/recon/raft_files/raft-large-files.txt +0 -37037
- data/extras/modules/recon/svn_digger_dirs.rb +0 -108
- data/extras/modules/recon/svn_digger_dirs/Licence.txt +0 -674
- data/extras/modules/recon/svn_digger_dirs/ReadMe-Arachni.txt +0 -4
- data/extras/modules/recon/svn_digger_dirs/ReadMe.txt +0 -6
- data/extras/modules/recon/svn_digger_dirs/all-dirs.txt +0 -5960
- data/extras/modules/recon/svn_digger_files.rb +0 -114
- data/extras/modules/recon/svn_digger_files/Licence.txt +0 -674
- data/extras/modules/recon/svn_digger_files/ReadMe-Arachni.txt +0 -4
- data/extras/modules/recon/svn_digger_files/ReadMe.txt +0 -6
- data/extras/modules/recon/svn_digger_files/all-extensionless.txt +0 -25419
- data/extras/modules/recon/svn_digger_files/all.txt +0 -43135
- data/lib/arachni/component_manager.rb +0 -293
- data/lib/arachni/component_options.rb +0 -425
- data/lib/arachni/parser/auditable.rb +0 -606
- data/lib/arachni/parser/elements.rb +0 -315
- data/lib/arachni/parser/page.rb +0 -168
- data/lib/arachni/parser/parser.rb +0 -866
- data/lib/arachni/rpc/server/options.rb +0 -95
- data/lib/arachni/ui/web/addons/autodeploy.rb +0 -207
- data/lib/arachni/ui/web/addons/autodeploy/lib/manager.rb +0 -398
- data/lib/arachni/ui/web/addons/autodeploy/views/index.erb +0 -291
- data/modules/recon/mixed_resource.rb +0 -100
- data/modules/recon/unencrypted_password_forms.rb +0 -107
- data/path_extractors/sitemap.rb +0 -31
- data/plugins/defaults/metamodules/remedies/manual_verification.rb +0 -65
- data/plugins/defaults/metamodules/remedies/timing_attacks.rb +0 -134
- data/plugins/defaults/metamodules/uniformity.rb +0 -99
- data/reports/metareport/arachni_metareport.rb +0 -174
- data/reports/plugin_formatters/stdout/metamodules.rb +0 -82
data/plugins/http_dicattack.rb
CHANGED
@@ -1,125 +1,111 @@
|
|
1
1
|
=begin
|
2
|
-
|
3
|
-
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
8
7
|
|
9
|
-
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
10
9
|
|
11
|
-
|
12
|
-
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
13
16
|
|
14
17
|
#
|
15
|
-
# @author
|
16
|
-
#
|
17
|
-
#
|
18
|
-
# @version: 0.1
|
18
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
19
|
+
#
|
20
|
+
# @version 0.1.2
|
19
21
|
#
|
20
|
-
class HTTPDicattack < Arachni::Plugin::Base
|
22
|
+
class Arachni::Plugins::HTTPDicattack < Arachni::Plugin::Base
|
21
23
|
|
22
24
|
def prepare
|
23
|
-
|
24
25
|
# disable spidering and the subsequent audit
|
25
26
|
# @framework.opts.link_count_limit = 0
|
26
27
|
|
27
28
|
# don't scan the website just yet
|
28
|
-
|
29
|
-
print_info
|
29
|
+
framework.pause
|
30
|
+
print_info "System paused."
|
31
|
+
|
32
|
+
@url = framework.opts.url.to_s
|
30
33
|
|
31
|
-
@
|
32
|
-
@
|
33
|
-
@passwds = File.read( @options['password_list'] ).split( "\n" )
|
34
|
+
@users = File.read( options['username_list'] ).split( "\n" )
|
35
|
+
@passwds = File.read( options['password_list'] ).split( "\n" )
|
34
36
|
|
35
37
|
@found = false
|
36
38
|
end
|
37
39
|
|
38
40
|
def run
|
39
|
-
|
40
41
|
if !protected?( @url )
|
41
|
-
print_info
|
42
|
-
print_info
|
42
|
+
print_info "The URL you provided doesn't seem to be protected."
|
43
|
+
print_info "Aborting..."
|
43
44
|
return
|
44
45
|
end
|
45
46
|
|
46
|
-
url =
|
47
|
+
url = uri_parse( @url )
|
47
48
|
|
48
|
-
print_status
|
49
|
+
print_status "Building the request queue..."
|
49
50
|
|
50
51
|
total_req = @users.size * @passwds.size
|
51
|
-
print_status
|
52
|
-
|
53
|
-
@users.each {
|
54
|
-
|user|
|
52
|
+
print_status "Maximum number of requests to be transmitted: #{total_req}"
|
55
53
|
|
54
|
+
@users.each do |user|
|
56
55
|
url.user = user
|
57
|
-
@passwds.each {
|
58
|
-
|pass|
|
59
56
|
|
60
|
-
|
61
|
-
|
62
|
-
|res|
|
57
|
+
@passwds.each do |pass|
|
58
|
+
url.password = pass.strip
|
63
59
|
|
60
|
+
http.get( url.to_s ).on_complete do |res|
|
64
61
|
next if @found
|
65
62
|
|
66
|
-
print_status
|
63
|
+
print_status "Username: '#{user}' -- Password: '#{pass}'"
|
67
64
|
next if res.code != 200
|
68
65
|
|
69
66
|
@found = true
|
70
67
|
|
71
|
-
print_ok
|
72
|
-
print_info
|
68
|
+
print_ok "Found a match. Username: '#{user}' -- Password: '#{pass}'"
|
69
|
+
print_info "URL: #{res.effective_url}"
|
73
70
|
|
74
|
-
|
71
|
+
framework.opts.url = res.effective_url
|
75
72
|
|
76
73
|
# register our findings...
|
77
|
-
register_results(
|
78
|
-
|
79
|
-
|
80
|
-
raise "Stopping the attack."
|
81
|
-
|
82
|
-
}
|
74
|
+
register_results( username: user, password: pass )
|
75
|
+
http.abort
|
76
|
+
end
|
83
77
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
print_status( "Waiting for the requests to complete..." )
|
88
|
-
@framework.http.run
|
89
|
-
print_bad( "Couldn't find a match." )
|
78
|
+
end
|
79
|
+
end
|
90
80
|
|
81
|
+
print_status "Waiting for the requests to complete..."
|
82
|
+
http_run
|
83
|
+
print_bad "Couldn't find a match."
|
91
84
|
end
|
92
85
|
|
93
86
|
def clean_up
|
94
|
-
# abort the rest of the queued requests
|
95
|
-
@framework.http.abort
|
96
|
-
|
97
87
|
# continue with the scan
|
98
|
-
|
88
|
+
framework.resume
|
99
89
|
end
|
100
90
|
|
101
|
-
|
102
91
|
def protected?( url )
|
103
|
-
|
92
|
+
http.get( url, async: false ).response.code == 401
|
104
93
|
end
|
105
94
|
|
106
95
|
def self.info
|
107
96
|
{
|
108
|
-
:
|
109
|
-
:
|
97
|
+
name: 'HTTP dictionary attacker',
|
98
|
+
description: %q{Uses wordlists to crack password protected directories.
|
110
99
|
If the cracking process is successful the found credentials will be set
|
111
100
|
framework-wide and used for the duration of the audit.
|
112
101
|
If that's not what you want set the crawler's link-count limit to "0".},
|
113
|
-
:
|
114
|
-
:
|
115
|
-
:
|
116
|
-
|
117
|
-
|
102
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
103
|
+
version: '0.1.2',
|
104
|
+
options: [
|
105
|
+
Options::Path.new( 'username_list', [true, 'File with a list of usernames (newline separated).'] ),
|
106
|
+
Options::Path.new( 'password_list', [true, 'File with a list of passwords (newline separated).'] )
|
118
107
|
]
|
119
108
|
}
|
120
109
|
end
|
121
110
|
|
122
111
|
end
|
123
|
-
|
124
|
-
end
|
125
|
-
end
|
data/plugins/libnotify.rb
CHANGED
@@ -1,42 +1,42 @@
|
|
1
1
|
=begin
|
2
|
-
|
3
|
-
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
8
7
|
|
9
|
-
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
10
9
|
|
11
|
-
|
12
|
-
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
13
16
|
|
14
17
|
#
|
15
18
|
# Uses the libnotify library to send notifications for each discovered issue
|
16
19
|
# and a summary at the end on the scan.
|
17
20
|
#
|
18
|
-
# @author
|
19
|
-
# <tasos.laskos@gmail.com>
|
20
|
-
# <zapotek@segfault.gr>
|
21
|
-
# @version: 0.1
|
21
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
22
22
|
#
|
23
|
-
|
23
|
+
# @version 0.1.1
|
24
|
+
#
|
25
|
+
class Arachni::Plugins::LibNotify < Arachni::Plugin::Base
|
24
26
|
|
25
27
|
def prepare
|
26
|
-
return if
|
28
|
+
return if !options['for_every_issue']
|
27
29
|
|
28
|
-
Arachni::Module::Manager.on_register_results
|
29
|
-
|
30
|
-
issues.each {
|
31
|
-
|issue|
|
30
|
+
Arachni::Module::Manager.on_register_results do |issues|
|
31
|
+
issues.each do |issue|
|
32
32
|
notify(
|
33
|
-
:
|
34
|
-
:
|
33
|
+
summary: "Found #{issue.name}",
|
34
|
+
body: "In #{issue.elem} variable" +
|
35
35
|
" '#{issue.var}' (Severity: #{issue.severity})\n" +
|
36
36
|
"At #{issue.url}"
|
37
37
|
)
|
38
|
-
|
39
|
-
|
38
|
+
end
|
39
|
+
end
|
40
40
|
end
|
41
41
|
|
42
42
|
def run
|
@@ -44,21 +44,21 @@ class LibNotify < Arachni::Plugin::Base
|
|
44
44
|
end
|
45
45
|
|
46
46
|
def clean_up
|
47
|
-
issue_cnt =
|
48
|
-
time =
|
49
|
-
url =
|
47
|
+
issue_cnt = framework.audit_store.issues.size
|
48
|
+
time = framework.audit_store.delta_time
|
49
|
+
url = framework.opts.url
|
50
50
|
|
51
51
|
notify(
|
52
|
-
|
53
|
-
|
52
|
+
summary: "Scan finished in #{time}",
|
53
|
+
body: "Found #{issue_cnt} unique issues for #{url}."
|
54
54
|
)
|
55
55
|
end
|
56
56
|
|
57
57
|
def notify( opts )
|
58
58
|
Libnotify.show({
|
59
|
-
:
|
60
|
-
:
|
61
|
-
:
|
59
|
+
icon_path: framework.opts.dir['gfx'] + "spider.png",
|
60
|
+
timeout: 2.5,
|
61
|
+
append: true
|
62
62
|
}.merge( opts ))
|
63
63
|
end
|
64
64
|
|
@@ -68,19 +68,15 @@ class LibNotify < Arachni::Plugin::Base
|
|
68
68
|
|
69
69
|
def self.info
|
70
70
|
{
|
71
|
-
:
|
72
|
-
:
|
71
|
+
name: 'libnotify',
|
72
|
+
description: %q{Uses the libnotify library to send notifications for each discovered issue
|
73
73
|
and a summary at the end of the scan.},
|
74
|
-
:
|
75
|
-
:
|
76
|
-
:
|
77
|
-
|
78
|
-
|
79
|
-
|
74
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
75
|
+
version: '0.1.1',
|
76
|
+
options: [
|
77
|
+
Options::Bool.new( 'for_every_issue', [false, 'Show every issue.', true] )
|
78
|
+
]
|
80
79
|
}
|
81
80
|
end
|
82
81
|
|
83
82
|
end
|
84
|
-
|
85
|
-
end
|
86
|
-
end
|
data/plugins/proxy.rb
CHANGED
@@ -1,34 +1,152 @@
|
|
1
1
|
=begin
|
2
|
-
|
3
|
-
Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
2
|
+
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
8
7
|
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
9
15
|
=end
|
10
16
|
|
11
|
-
|
12
|
-
|
17
|
+
require 'erb'
|
18
|
+
require 'ostruct'
|
13
19
|
|
14
20
|
#
|
15
21
|
# Passive proxy.
|
16
22
|
#
|
17
23
|
# Will gather data based on user actions and exchanged HTTP traffic and push that
|
18
|
-
# data to
|
24
|
+
# data to {Framework#push_to_page_queue} to be audited.
|
25
|
+
#
|
26
|
+
# Supports SSL interception.
|
27
|
+
#
|
28
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
19
29
|
#
|
20
|
-
# @
|
21
|
-
# <tasos.laskos@gmail.com>
|
22
|
-
# <zapotek@segfault.gr>
|
23
|
-
# @version: 0.1.2
|
30
|
+
# @version 0.2
|
24
31
|
#
|
25
|
-
class Proxy < Arachni::Plugin::Base
|
32
|
+
class Arachni::Plugins::Proxy < Arachni::Plugin::Base
|
33
|
+
|
34
|
+
BASEDIR = "#{File.dirname( __FILE__ )}/proxy/"
|
35
|
+
BASE_URL = 'http://arachni.proxy.'
|
36
|
+
|
37
|
+
class TemplateScope
|
38
|
+
include Arachni::Utilities
|
39
|
+
|
40
|
+
PANEL_BASEDIR = "#{Arachni::Plugins::Proxy::BASEDIR}panel/"
|
41
|
+
PANEL_TEMPLATE = "#{PANEL_BASEDIR}panel.html.erb"
|
42
|
+
PANEL_URL = "#{Arachni::Plugins::Proxy::BASE_URL}panel/"
|
43
|
+
|
44
|
+
def initialize( params = {} )
|
45
|
+
update( params )
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.new( *args )
|
49
|
+
@self ||= super( *args )
|
50
|
+
end
|
51
|
+
|
52
|
+
def self.get
|
53
|
+
new
|
54
|
+
end
|
55
|
+
|
56
|
+
def root_url
|
57
|
+
PANEL_URL
|
58
|
+
end
|
59
|
+
|
60
|
+
def js_url
|
61
|
+
"#{root_url}js/"
|
62
|
+
end
|
63
|
+
|
64
|
+
def css_url
|
65
|
+
"#{root_url}css/"
|
66
|
+
end
|
67
|
+
|
68
|
+
def img_url
|
69
|
+
"#{root_url}img/"
|
70
|
+
end
|
71
|
+
|
72
|
+
def inspect_url
|
73
|
+
"#{root_url}inspect"
|
74
|
+
end
|
75
|
+
|
76
|
+
def shutdown_url
|
77
|
+
url_for :shutdown
|
78
|
+
end
|
79
|
+
|
80
|
+
def url_for( *args )
|
81
|
+
Arachni::Plugins::Proxy.url_for( *args )
|
82
|
+
end
|
83
|
+
|
84
|
+
def update( params )
|
85
|
+
params.each { |name, value| set( name, value ) }
|
86
|
+
self
|
87
|
+
end
|
88
|
+
|
89
|
+
def set( name, value )
|
90
|
+
self.class.send( :attr_accessor, name )
|
91
|
+
instance_variable_set( "@#{name.to_s}", value )
|
92
|
+
self
|
93
|
+
end
|
94
|
+
|
95
|
+
def content_for?( ivar )
|
96
|
+
!!instance_variable_get( "@#{ivar.to_s}" )
|
97
|
+
end
|
98
|
+
|
99
|
+
def content_for( name, value = :nil )
|
100
|
+
if value == :nil
|
101
|
+
instance_variable_get( "@#{name.to_s}" )
|
102
|
+
else
|
103
|
+
set( name, html_encode( value.to_s ) )
|
104
|
+
nil
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def erb( tpl, params = {} )
|
109
|
+
params = params.dup
|
110
|
+
params[:params] ||= {}
|
111
|
+
|
112
|
+
with_layout = true
|
113
|
+
with_layout = !!params.delete( :layout ) if params.include?( :layout )
|
114
|
+
|
115
|
+
update( params )
|
116
|
+
|
117
|
+
tpl = tpl.to_s + '.html.erb' if tpl.is_a?( Symbol )
|
118
|
+
|
119
|
+
path = File.exist?( tpl ) ? tpl : PANEL_BASEDIR + tpl
|
120
|
+
|
121
|
+
evaled = ERB.new( IO.read( path ) ).result( get_binding )
|
122
|
+
with_layout ? layout { evaled } : evaled
|
123
|
+
end
|
124
|
+
|
125
|
+
def render( tpl, opts )
|
126
|
+
erb tpl, opts.merge( layout: false )
|
127
|
+
end
|
128
|
+
|
129
|
+
def layout
|
130
|
+
ERB.new( IO.read( PANEL_BASEDIR + 'layout.html.erb' ) ).result( binding )
|
131
|
+
end
|
132
|
+
|
133
|
+
def panel
|
134
|
+
erb :panel
|
135
|
+
end
|
136
|
+
|
137
|
+
def get_binding
|
138
|
+
binding
|
139
|
+
end
|
140
|
+
|
141
|
+
def clear
|
142
|
+
instance_variables.each { |v| instance_variable_set( v, nil ) }
|
143
|
+
end
|
144
|
+
end
|
26
145
|
|
27
|
-
SHUTDOWN_URL = 'http://arachni.proxy.shutdown/'
|
28
146
|
|
29
147
|
MSG_SHUTDOWN = 'Shutting down the Arachni proxy plug-in...'
|
30
148
|
|
31
|
-
|
149
|
+
MSG_DISALLOWED = "You can't access this resource via the Arachni " +
|
32
150
|
"proxy plug-in for the following reasons:"
|
33
151
|
|
34
152
|
MSG_NOT_IN_DOMAIN = 'This resource is on a domain or subdomain' +
|
@@ -40,200 +158,337 @@ class Proxy < Arachni::Plugin::Base
|
|
40
158
|
|
41
159
|
def prepare
|
42
160
|
# don't let the framework run just yet
|
43
|
-
|
44
|
-
print_info
|
45
|
-
|
46
|
-
require @framework.opts.dir['plugins'] + '/proxy/server.rb'
|
161
|
+
framework.pause
|
162
|
+
print_info 'System paused.'
|
47
163
|
|
48
|
-
#
|
49
|
-
@parser = Arachni::Parser.new( @framework.opts,
|
50
|
-
Typhoeus::Response.new(
|
51
|
-
:effective_url => @framework.opts.url.to_s,
|
52
|
-
:body => '',
|
53
|
-
:headers_hash => {}
|
54
|
-
)
|
55
|
-
)
|
164
|
+
require "#{File.dirname( __FILE__ )}/proxy/server"
|
56
165
|
|
57
166
|
@server = Server.new(
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
167
|
+
BindAddress: options['bind_address'],
|
168
|
+
Port: options['port'],
|
169
|
+
ProxyVia: false,
|
170
|
+
ProxyContentHandler: method( :response_handler ),
|
171
|
+
ProxyRequestHandler: method( :request_handler ),
|
172
|
+
AccessLog: [],
|
173
|
+
#Logger: WEBrick::Log::new( '/dev/null', 7 ),
|
174
|
+
Timeout: options['timeout']
|
65
175
|
)
|
66
|
-
end
|
67
|
-
|
68
|
-
def run
|
69
|
-
print_status( "Listening on: " +
|
70
|
-
"http://#{@server[:BindAddress]}:#{@server[:Port]}" )
|
71
176
|
|
72
|
-
|
73
|
-
|
74
|
-
@server.start
|
177
|
+
@pages = Set.new
|
178
|
+
@login_sequence = []
|
75
179
|
end
|
76
180
|
|
77
|
-
|
78
|
-
|
79
|
-
#
|
80
|
-
def handler( req, res )
|
181
|
+
def run
|
182
|
+
print_status "Listening on: http://#{@server[:BindAddress]}:#{@server[:Port]}"
|
81
183
|
|
82
|
-
|
83
|
-
|
84
|
-
res.body = Zlib::GzipReader.new( StringIO.new( res.body ) ).read
|
85
|
-
end
|
184
|
+
print_status "Shutdown URL: #{url_for( :shutdown )}"
|
185
|
+
print_info 'The scan will resume once you visit the shutdown URL.'
|
86
186
|
|
87
|
-
|
88
|
-
|
89
|
-
|
187
|
+
print_info
|
188
|
+
print_info '*' * 82
|
189
|
+
print_info '* You need to clear your browser\'s cookies for this site before using the proxy! *'
|
190
|
+
print_info '*' * 82
|
191
|
+
print_info
|
90
192
|
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
:headers_hash => headers
|
97
|
-
)
|
98
|
-
)
|
193
|
+
def @server.service( req, res )
|
194
|
+
if req.request_method.downcase == 'connect'
|
195
|
+
super( req, res )
|
196
|
+
return
|
197
|
+
end
|
99
198
|
|
100
|
-
|
101
|
-
|
102
|
-
page.method = res.request_method
|
103
|
-
page.code = res.status
|
199
|
+
super( req, res ) if @config[:ProxyRequestHandler].call( req, res )
|
200
|
+
end
|
104
201
|
|
105
|
-
|
106
|
-
|
107
|
-
|
202
|
+
TemplateScope.get.set :params, {}
|
203
|
+
@server.start
|
204
|
+
end
|
108
205
|
|
109
|
-
|
110
|
-
@framework.push_to_page_queue(
|
206
|
+
def clean_up
|
207
|
+
@pages.each { |p| framework.push_to_page_queue( p ) }
|
208
|
+
framework.resume
|
209
|
+
end
|
111
210
|
|
112
|
-
|
211
|
+
def prepare_pages_for_inspection
|
212
|
+
@pages.select { |p| (p.forms.any? || p.links.any? || p.cookies.any?) && p.text? }
|
113
213
|
end
|
114
214
|
|
115
|
-
def
|
215
|
+
def request_handler( req, res )
|
216
|
+
url = req.unparsed_uri
|
217
|
+
params = parse_request_body( req.body.to_s ).merge( parse_query( url ) ) || {}
|
218
|
+
|
219
|
+
TemplateScope.get.clear
|
220
|
+
TemplateScope.get.set :page_count, prepare_pages_for_inspection.size
|
221
|
+
TemplateScope.get.set :recording, recording?
|
116
222
|
|
117
|
-
|
223
|
+
print_status "Requesting #{url}"
|
118
224
|
|
119
|
-
|
225
|
+
if shutdown?( url )
|
226
|
+
print_status 'Shutting down...'
|
227
|
+
set_response_body( res, erb( :shutdown_message ) )
|
228
|
+
@server.shutdown
|
229
|
+
return
|
230
|
+
end
|
120
231
|
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
}
|
232
|
+
reasons = []
|
233
|
+
if !system_url?( url )
|
234
|
+
reasons << MSG_NOT_IN_DOMAIN if !path_in_domain?( url )
|
235
|
+
reasons << MSG_EXCLUDED if exclude_path?( url )
|
236
|
+
reasons << MSG_NOT_INCLUDED if !include_path?( url )
|
127
237
|
end
|
128
238
|
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
}
|
239
|
+
if reasons.any?
|
240
|
+
print_info MSG_DISALLOWED
|
241
|
+
reasons.each { |reason| print_info " * #{reason}" }
|
133
242
|
|
134
|
-
|
135
|
-
|
243
|
+
# forbidden
|
244
|
+
res.status = 403
|
245
|
+
set_response_body( res, erb( '403_forbidden'.to_sym, { reasons: reasons } ) )
|
136
246
|
return
|
137
|
-
else
|
138
|
-
print_debug( 'Extracted cookies:' )
|
139
|
-
cookies.each{
|
140
|
-
|k, v|
|
141
|
-
print_debug( " * #{k} => #{v}" )
|
142
|
-
}
|
143
247
|
end
|
144
248
|
|
145
|
-
@
|
249
|
+
@login_sequence << req if recording?
|
250
|
+
|
251
|
+
if url.start_with? url_for( :panel )
|
252
|
+
body = case res.request_uri.path
|
253
|
+
when '/'
|
254
|
+
erb :panel
|
255
|
+
|
256
|
+
when '/inspect'
|
257
|
+
erb :inspect,
|
258
|
+
pages: prepare_pages_for_inspection
|
259
|
+
|
260
|
+
when '/help'
|
261
|
+
erb :help
|
262
|
+
|
263
|
+
when '/record/start'
|
264
|
+
record_start
|
265
|
+
erb :panel
|
266
|
+
|
267
|
+
when '/record/stop'
|
268
|
+
record_stop
|
269
|
+
erb :verify_login_check, verify_fail: false, params: {
|
270
|
+
'url' => session.opts.login_check_url,
|
271
|
+
'pattern' => session.opts.login_check_pattern
|
272
|
+
}
|
273
|
+
|
274
|
+
when '/verify/login_check'
|
275
|
+
|
276
|
+
if req.request_method != 'POST'
|
277
|
+
erb :verify_login_check, verify_fail: false
|
278
|
+
else
|
279
|
+
session.set_login_check( params['url'], params['pattern'] )
|
280
|
+
|
281
|
+
if !session.logged_in?
|
282
|
+
erb :verify_login_check, verify_fail: true
|
283
|
+
else
|
284
|
+
erb :verify_login_sequence,
|
285
|
+
params: params,
|
286
|
+
form: find_login_form
|
287
|
+
end
|
288
|
+
|
289
|
+
end
|
290
|
+
|
291
|
+
when '/verify/login_sequence'
|
292
|
+
|
293
|
+
session.login_form = find_login_form
|
294
|
+
|
295
|
+
logged_in = false
|
296
|
+
framework.http.sandbox do |http|
|
297
|
+
http.cookie_jar.clear
|
298
|
+
session.login
|
299
|
+
logged_in = session.logged_in?
|
300
|
+
end
|
301
|
+
|
302
|
+
erb :verify_login_final, ok: logged_in
|
303
|
+
|
304
|
+
else
|
305
|
+
begin
|
306
|
+
IO.read TemplateScope::PANEL_BASEDIR + res.request_uri.path
|
307
|
+
rescue Errno::ENOENT
|
308
|
+
# forbidden
|
309
|
+
res.status = 404
|
310
|
+
erb '404_not_found'.to_sym
|
311
|
+
end
|
312
|
+
end.to_s
|
313
|
+
set_response_body( res, body )
|
314
|
+
return
|
315
|
+
end
|
146
316
|
|
317
|
+
true
|
147
318
|
end
|
148
319
|
|
149
|
-
def
|
150
|
-
|
320
|
+
def recording?
|
321
|
+
@record ||= false
|
322
|
+
end
|
151
323
|
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
324
|
+
def record_start
|
325
|
+
@login_sequence = []
|
326
|
+
@record = true
|
327
|
+
end
|
328
|
+
def record_stop
|
329
|
+
@record = false
|
330
|
+
end
|
157
331
|
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
332
|
+
#
|
333
|
+
# Tries to determine which form is the login one from the logged requests in
|
334
|
+
# the recorded login sequence.
|
335
|
+
#
|
336
|
+
# @return [Array<Arachni::Element::Form>]
|
337
|
+
#
|
338
|
+
def find_login_form
|
339
|
+
@login_sequence.each do |r|
|
340
|
+
form = find_login_form_from_request( r )
|
341
|
+
return form if form
|
342
|
+
end
|
343
|
+
nil
|
344
|
+
end
|
164
345
|
|
165
|
-
|
166
|
-
|
346
|
+
#
|
347
|
+
# Goes through all forms which contain password fields and tries to match
|
348
|
+
# them to the given request.
|
349
|
+
#
|
350
|
+
# @param [WEBrick::HTTPRequest] request
|
351
|
+
#
|
352
|
+
# @return [Array<Arachni::Element::Form>]
|
353
|
+
#
|
354
|
+
# @see #forms_with_password
|
355
|
+
#
|
356
|
+
def find_login_form_from_request( request )
|
357
|
+
return if (params = parse_request_body( request.body )).empty?
|
167
358
|
|
168
|
-
|
359
|
+
f = session.find_login_form( pages: @pages.to_a,
|
360
|
+
action: normalize_url( request.unparsed_uri ),
|
361
|
+
inputs: params.keys )
|
169
362
|
|
170
|
-
return
|
363
|
+
return if !f
|
364
|
+
f.update( params )
|
171
365
|
end
|
172
366
|
|
173
367
|
#
|
174
|
-
#
|
368
|
+
# Goes through the logged pages and returns all forms which contain password fields
|
175
369
|
#
|
176
|
-
#
|
370
|
+
# @return [Array<Arachni::Element::Form>]
|
177
371
|
#
|
178
|
-
def
|
372
|
+
def forms_with_password
|
373
|
+
@pages.map { |p| p.forms.select { |f| f.requires_password? } }.flatten
|
374
|
+
end
|
179
375
|
|
180
|
-
|
376
|
+
#
|
377
|
+
# Called by the proxy for each response.
|
378
|
+
#
|
379
|
+
def response_handler( req, res )
|
380
|
+
return res if res.request_method.to_s.downcase == 'connect'
|
181
381
|
|
182
|
-
|
382
|
+
headers = {}
|
383
|
+
headers.merge!( res.header.dup ) if res.header
|
384
|
+
headers['set-cookie'] = res.cookies if !res.cookies.empty?
|
183
385
|
|
184
|
-
|
185
|
-
|
186
|
-
|
386
|
+
page = page_from_response( Typhoeus::Response.new(
|
387
|
+
effective_url: res.request_uri.to_s,
|
388
|
+
body: res.body,
|
389
|
+
headers_hash: headers,
|
390
|
+
method: res.request_method,
|
391
|
+
code: res.status.to_i
|
392
|
+
)
|
393
|
+
)
|
394
|
+
page = update_forms( page, req, res ) if req.body
|
187
395
|
|
188
|
-
|
396
|
+
print_info " * #{page.forms.size} forms"
|
397
|
+
print_info " * #{page.links.size} links"
|
398
|
+
print_info " * #{page.cookies.size} cookies"
|
189
399
|
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
reasons << MSG_SHUTDOWN
|
194
|
-
return reasons
|
195
|
-
end
|
400
|
+
@pages << page.dup
|
401
|
+
inject_panel( res )
|
402
|
+
end
|
196
403
|
|
197
|
-
|
404
|
+
def inject_panel( res )
|
405
|
+
return res if !res.header['content-type'].to_s.start_with?( 'text/html' )
|
198
406
|
|
199
|
-
|
200
|
-
|
201
|
-
|
407
|
+
body_tag = res.body.match( /<(\s*)body(.*)>/i )
|
408
|
+
res.body.gsub!( body_tag.to_s, "#{body_tag}#{panel_iframe}" )
|
409
|
+
res.header['content-length'] = res.body.size.to_s
|
410
|
+
res
|
411
|
+
end
|
202
412
|
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
413
|
+
def panel_iframe
|
414
|
+
<<-HTML
|
415
|
+
<style type='text/css'>
|
416
|
+
.panel {
|
417
|
+
left: 0px;
|
418
|
+
top: 0px;
|
419
|
+
margin: 0px;
|
420
|
+
width: 100%;
|
421
|
+
height: 50px;
|
422
|
+
border: 0px;
|
423
|
+
position:fixed;
|
424
|
+
}
|
425
|
+
body {
|
426
|
+
padding-top: 40px;
|
427
|
+
}
|
428
|
+
</style>
|
429
|
+
<iframe class='panel' src='#{TemplateScope::PANEL_URL}'></iframe>
|
430
|
+
HTML
|
431
|
+
end
|
432
|
+
|
433
|
+
def erb( *args )
|
434
|
+
TemplateScope.get.erb( *args )
|
435
|
+
end
|
436
|
+
|
437
|
+
def update_forms( page, req, res )
|
438
|
+
page.forms << Form.new( res.request_uri.to_s,
|
439
|
+
action: res.request_uri.to_s,
|
440
|
+
method: req.request_method,
|
441
|
+
inputs: form_parse_request_body( req.body )
|
442
|
+
)
|
443
|
+
page
|
444
|
+
end
|
208
445
|
|
209
|
-
|
446
|
+
def system_url?( url )
|
447
|
+
url.start_with? BASE_URL
|
210
448
|
end
|
211
449
|
|
212
450
|
def shutdown?( url )
|
213
|
-
|
451
|
+
url.to_s.start_with? url_for( :shutdown )
|
214
452
|
end
|
215
453
|
|
216
|
-
def
|
217
|
-
|
454
|
+
def set_response_body( res, body )
|
455
|
+
res.body = body
|
456
|
+
res.header['content-length'] = res.body.size.to_s
|
457
|
+
res.header['content-type'] = 'text/html' if body =~ /<(\s)*html(\s*)(.*?)>/i
|
458
|
+
res
|
459
|
+
end
|
460
|
+
|
461
|
+
def self.url_for( type )
|
462
|
+
{
|
463
|
+
shutdown: "#{BASE_URL}shutdown",
|
464
|
+
panel: "#{BASE_URL}panel",
|
465
|
+
inspect: "#{BASE_URL}panel/inspect",
|
466
|
+
}[type]
|
467
|
+
end
|
468
|
+
def url_for( *args )
|
469
|
+
self.class.url_for( *args )
|
218
470
|
end
|
219
471
|
|
220
472
|
def self.info
|
221
473
|
{
|
222
|
-
:
|
223
|
-
:
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
474
|
+
name: 'Proxy',
|
475
|
+
description: %q{
|
476
|
+
* Gathers data based on user actions and exchanged HTTP
|
477
|
+
traffic and pushes that data to the framework's page-queue to be audited.
|
478
|
+
* Updates the framework cookies with the cookies of the HTTP requests and
|
479
|
+
responses, thus it can also be used to login to a web application.
|
480
|
+
* Supports SSL interception.
|
481
|
+
|
482
|
+
To skip crawling and only audit elements discovered by using the proxy
|
483
|
+
set '--link-count=0'.},
|
484
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
485
|
+
version: '0.2',
|
486
|
+
options: [
|
487
|
+
Options::Port.new( 'port', [false, 'Port to bind to.', 8282] ),
|
488
|
+
Options::Address.new( 'bind_address', [false, 'IP address to bind to.', '0.0.0.0'] ),
|
489
|
+
Options::Int.new( 'timeout', [false, 'How long to wait for a request to complete, in milliseconds.', 20000] )
|
490
|
+
]
|
233
491
|
}
|
234
492
|
end
|
235
493
|
|
236
494
|
end
|
237
|
-
|
238
|
-
end
|
239
|
-
end
|