RubyGems - arachni - Versions diffs - 0.4.2 → 0.4.3 - Mend

arachni 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (650) hide show

checksums.yaml +8 -8
data/ACKNOWLEDGMENTS.md +3 -0
data/CHANGELOG.md +181 -1
data/README.md +68 -14
data/Rakefile +1 -5
data/arachni.gemspec +9 -6
data/bin/arachni_multi +23 -0
data/bin/arachni_rpc +2 -2
data/bin/arachni_rpcd_monitor +1 -1
data/fingerprinters/frameworks/rack.rb +41 -0
data/fingerprinters/languages/asp.rb +42 -0
data/fingerprinters/languages/aspx.rb +63 -0
data/fingerprinters/languages/jsp.rb +44 -0
data/fingerprinters/languages/php.rb +43 -0
data/fingerprinters/languages/python.rb +40 -0
data/fingerprinters/languages/ruby.rb +41 -0
data/fingerprinters/os/bsd.rb +36 -0
data/fingerprinters/os/linux.rb +42 -0
data/fingerprinters/os/solaris.rb +41 -0
data/fingerprinters/os/unix.rb +36 -0
data/fingerprinters/os/windows.rb +41 -0
data/fingerprinters/servers/apache.rb +36 -0
data/fingerprinters/servers/iis.rb +36 -0
data/fingerprinters/servers/jetty.rb +36 -0
data/fingerprinters/servers/nginx.rb +36 -0
data/fingerprinters/servers/tomcat.rb +36 -0
data/lib/arachni/audit_store.rb +3 -4
data/lib/arachni/banner.rb +0 -2
data/lib/arachni/element/base.rb +25 -35
data/lib/arachni/element/capabilities/auditable.rb +265 -133
data/lib/arachni/element/capabilities/auditable/rdiff.rb +14 -4
data/lib/arachni/element/capabilities/auditable/taint.rb +32 -10
data/lib/arachni/element/capabilities/auditable/timeout.rb +59 -29
data/lib/arachni/element/cookie.rb +4 -3
data/lib/arachni/element/form.rb +1 -5
data/lib/arachni/element/header.rb +10 -0
data/lib/arachni/element/link.rb +0 -1
data/lib/arachni/element_filter.rb +2 -2
data/lib/arachni/framework.rb +37 -13
data/lib/arachni/http.rb +3 -2
data/lib/arachni/issue.rb +27 -0
data/lib/arachni/module.rb +16 -0
data/lib/arachni/module/auditor.rb +107 -70
data/lib/arachni/module/base.rb +1 -1
data/lib/arachni/module/key_filler.rb +26 -39
data/lib/arachni/module/manager.rb +53 -56
data/lib/arachni/options.rb +126 -19
data/lib/arachni/page.rb +41 -42
data/lib/arachni/parser.rb +91 -139
data/lib/arachni/platform.rb +19 -0
data/lib/arachni/platform/fingerprinter.rb +100 -0
data/lib/arachni/platform/list.rb +293 -0
data/lib/arachni/platform/manager.rb +435 -0
data/lib/arachni/platforms.rb +498 -0
data/lib/arachni/plugin.rb +17 -1
data/lib/arachni/plugin/manager.rb +35 -36
data/lib/arachni/processes.rb +27 -0
data/lib/arachni/processes/dispatchers.rb +149 -0
data/lib/arachni/processes/helpers.rb +19 -0
data/lib/arachni/processes/helpers/dispatchers.rb +45 -0
data/lib/arachni/processes/helpers/instances.rb +51 -0
data/lib/arachni/processes/helpers/processes.rb +51 -0
data/lib/arachni/processes/instances.rb +196 -0
data/lib/arachni/processes/manager.rb +129 -0
data/lib/arachni/report.rb +16 -0
data/lib/arachni/rpc/client/base.rb +9 -1
data/lib/arachni/rpc/server/base.rb +1 -0
data/lib/arachni/rpc/server/dispatcher.rb +60 -24
data/lib/arachni/rpc/server/dispatcher/handler.rb +4 -2
data/lib/arachni/rpc/server/dispatcher/node.rb +8 -3
data/lib/arachni/rpc/server/framework.rb +70 -772
data/lib/arachni/rpc/server/{distributor.rb → framework/distributor.rb} +150 -117
data/lib/arachni/rpc/server/framework/master.rb +470 -0
data/lib/arachni/rpc/server/framework/multi_instance.rb +267 -0
data/lib/arachni/rpc/server/framework/slave.rb +159 -0
data/lib/arachni/rpc/server/instance.rb +187 -109
data/lib/arachni/rpc/server/spider.rb +136 -38
data/lib/arachni/ruby.rb +19 -0
data/lib/arachni/ruby/hash.rb +62 -0
data/lib/arachni/ruby/io.rb +49 -0
data/lib/arachni/ruby/set.rb +27 -0
data/lib/arachni/ruby/string.rb +17 -2
data/lib/arachni/spider.rb +60 -38
data/lib/arachni/support.rb +26 -0
data/lib/arachni/support/buffer.rb +19 -0
data/lib/arachni/support/buffer/autoflush.rb +79 -0
data/lib/arachni/{buffer → support/buffer}/base.rb +1 -1
data/lib/arachni/{cache.rb → support/cache.rb} +1 -1
data/lib/arachni/{cache → support/cache}/base.rb +7 -9
data/lib/arachni/{cache → support/cache}/least_cost_replacement.rb +7 -1
data/lib/arachni/{cache → support/cache}/least_recently_used.rb +10 -34
data/lib/arachni/{cache → support/cache}/preference.rb +8 -3
data/lib/arachni/{cache → support/cache}/random_replacement.rb +8 -3
data/lib/arachni/support/crypto.rb +18 -0
data/lib/arachni/{crypto → support/crypto}/rsa_aes_cbc.rb +7 -4
data/lib/arachni/support/database.rb +20 -0
data/lib/arachni/support/database/base.rb +124 -0
data/lib/arachni/{database → support/database}/hash.rb +1 -1
data/lib/arachni/{database → support/database}/queue.rb +1 -1
data/lib/arachni/support/lookup.rb +20 -0
data/lib/arachni/support/lookup/base.rb +91 -0
data/lib/arachni/support/lookup/hash_set.rb +42 -0
data/lib/arachni/support/lookup/moolb.rb +66 -0
data/lib/arachni/support/queue.rb +18 -0
data/lib/arachni/support/queue/disk.rb +171 -0
data/lib/arachni/trainer.rb +2 -2
data/lib/arachni/ui/cli/cli.rb +22 -0
data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +7 -3
data/lib/arachni/ui/cli/rpc/{rpc.rb → instance.rb} +69 -97
data/lib/arachni/ui/cli/rpc/local.rb +80 -0
data/lib/arachni/ui/cli/rpc/remote.rb +134 -0
data/lib/arachni/ui/cli/utilities.rb +40 -5
data/lib/arachni/ui/foo/output.rb +19 -16
data/lib/arachni/uri.rb +35 -5
data/lib/arachni/utilities.rb +5 -39
data/lib/version +1 -1
data/logs/Dispatcher - 21448-7331.log +17 -0
data/logs/Dispatcher - 21645-1111.log +13 -0
data/logs/Dispatcher - 21673-1111.log +21 -0
data/modules/audit/code_injection.rb +21 -20
data/modules/audit/code_injection_timing.rb +15 -13
data/modules/audit/os_cmd_injection.rb +14 -10
data/modules/audit/os_cmd_injection_timing.rb +12 -12
data/modules/audit/path_traversal.rb +52 -47
data/modules/audit/rfi.rb +25 -18
data/modules/audit/sqli.rb +10 -10
data/modules/audit/sqli_blind_rdiff.rb +3 -3
data/modules/audit/sqli_blind_timing.rb +10 -10
data/modules/audit/sqli_blind_timing/mssql.txt +9 -0
data/modules/audit/sqli_blind_timing/mysql.txt +32 -0
data/modules/audit/sqli_blind_timing/pgsql.txt +28 -0
data/modules/audit/trainer.rb +7 -4
data/modules/audit/unvalidated_redirect.rb +13 -11
data/modules/audit/xpath.rb +10 -6
data/modules/audit/xss_tag.rb +10 -3
data/modules/recon/grep/html_objects.rb +9 -4
data/plugins/defaults/content_types.rb +3 -3
data/plugins/defaults/meta/remedies/timing_attacks.rb +4 -2
data/plugins/defaults/meta/uniformity.rb +4 -3
data/plugins/proxy.rb +42 -132
data/plugins/proxy/panel/panel.html.erb +6 -0
data/plugins/proxy/panel/vectors.yml.erb +9 -0
data/plugins/proxy/server.rb +41 -10
data/plugins/proxy/template_scope.rb +138 -0
data/plugins/vector_feed.rb +12 -12
data/reports/html.rb +1 -0
data/spec/arachni/audit_store_spec.rb +1 -1
data/spec/arachni/component/manager_spec.rb +10 -57
data/spec/arachni/component/options/address_spec.rb +1 -1
data/spec/arachni/component/options/base_spec.rb +1 -1
data/spec/arachni/component/options/bool_spec.rb +1 -1
data/spec/arachni/component/options/enum_spec.rb +1 -1
data/spec/arachni/component/options/float_spec.rb +1 -1
data/spec/arachni/component/options/int_spec.rb +1 -1
data/spec/arachni/component/options/path_spec.rb +1 -1
data/spec/arachni/component/options/port_spec.rb +1 -1
data/spec/arachni/component/options/string_spec.rb +1 -1
data/spec/arachni/component/options/url_spec.rb +1 -1
data/spec/arachni/element/base_spec.rb +16 -5
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +11 -3
data/spec/arachni/element/capabilities/auditable/taint_spec.rb +27 -3
data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +32 -3
data/spec/arachni/element/capabilities/mutable_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +21 -7
data/spec/arachni/element/form_spec.rb +7 -58
data/spec/arachni/element/header_spec.rb +15 -3
data/spec/arachni/element/link_spec.rb +3 -26
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +1 -1
data/spec/arachni/element_filter_spec.rb +1 -1
data/spec/arachni/{error.rb → error_spec.rb} +1 -1
data/spec/arachni/framework_spec.rb +127 -50
data/spec/arachni/http/cookie_jar_spec.rb +9 -42
data/spec/arachni/http_spec.rb +9 -21
data/spec/arachni/issue_spec.rb +29 -1
data/spec/arachni/mixins/observable_spec.rb +4 -6
data/spec/arachni/mixins/progress_bar_spec.rb +1 -1
data/spec/arachni/module/auditor_spec.rb +17 -5
data/spec/arachni/module/key_filler.rb +33 -8
data/spec/arachni/module/manager_spec.rb +1 -3
data/spec/arachni/module/utilities_spec.rb +1 -1
data/spec/arachni/options_spec.rb +185 -1
data/spec/arachni/page_spec.rb +16 -3
data/spec/arachni/parser_spec.rb +27 -123
data/spec/arachni/platform/fingerprinter_spec.rb +159 -0
data/spec/arachni/platform/list_spec.rb +399 -0
data/spec/arachni/platform/manager_spec.rb +373 -0
data/spec/arachni/plugin/manager_spec.rb +6 -29
data/spec/arachni/report/base_spec.rb +2 -2
data/spec/arachni/report/manager_spec.rb +2 -2
data/spec/arachni/rpc/client/base_spec.rb +22 -27
data/spec/arachni/rpc/client/dispatcher_spec.rb +4 -15
data/spec/arachni/rpc/client/instance_spec.rb +3 -11
data/spec/arachni/rpc/server/active_options_spec.rb +2 -17
data/spec/arachni/rpc/server/base_spec.rb +23 -7
data/spec/arachni/rpc/server/dispatcher/handler_spec.rb +4 -21
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +30 -8
data/spec/arachni/rpc/server/dispatcher_spec.rb +130 -70
data/spec/arachni/rpc/server/{distributor_spec.rb → framework/distributor_spec.rb} +95 -130
data/spec/arachni/rpc/server/framework_hpg_spec.rb +38 -99
data/spec/arachni/rpc/server/framework_simple_spec.rb +38 -71
data/spec/arachni/rpc/server/instance_spec.rb +183 -135
data/spec/arachni/rpc/server/modules/manager_spec.rb +18 -50
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +12 -36
data/spec/arachni/rpc/server/spider_spec.rb +23 -48
data/spec/arachni/ruby/array_spec.rb +1 -1
data/spec/arachni/ruby/enumerable_spec.rb +1 -1
data/spec/arachni/ruby/hash_spec.rb +70 -0
data/spec/arachni/ruby/io_spec.rb +26 -0
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +15 -0
data/spec/arachni/ruby/string_spec.rb +18 -1
data/spec/arachni/ruby/webrick_spec.rb +1 -1
data/spec/arachni/session_spec.rb +3 -3
data/spec/arachni/spider_spec.rb +30 -6
data/spec/arachni/{buffer → support/buffer}/autoflush_spec.rb +7 -12
data/spec/arachni/{buffer → support/buffer}/base_spec.rb +19 -23
data/spec/arachni/{cache → support/cache}/base_spec.rb +7 -7
data/spec/arachni/{cache → support/cache}/least_cost_replacement_spec.rb +3 -3
data/spec/arachni/{cache → support/cache}/least_recently_used_spec.rb +3 -3
data/spec/arachni/{cache → support/cache}/preference_spec.rb +3 -3
data/spec/arachni/{cache → support/cache}/random_replacement_spec.rb +3 -3
data/spec/arachni/{crypto → support/crypto}/rsa_aes_cbc_spec.rb +3 -5
data/spec/arachni/{database → support/database}/hash_spec.rb +4 -5
data/spec/arachni/{database → support/database}/queue_spec.rb +3 -4
data/spec/arachni/support/lookup/hash_set_spec.rb +5 -0
data/spec/arachni/support/lookup/moolb_spec.rb +41 -0
data/spec/arachni/support/queue/disk_spec.rb +116 -0
data/spec/arachni/trainer_spec.rb +6 -2
data/spec/arachni/typhoeus/hydra_spec.rb +1 -1
data/spec/arachni/typhoeus/requrest_spec.rb +1 -1
data/spec/arachni/typhoeus/response_spec.rb +1 -1
data/spec/arachni/uri_spec.rb +72 -38
data/spec/arachni/utilities_spec.rb +6 -46
data/spec/fingerprinters/frameworks/rack_spec.rb +41 -0
data/spec/fingerprinters/languages/asp_spec.rb +40 -0
data/spec/fingerprinters/languages/aspx_spec.rb +78 -0
data/spec/fingerprinters/languages/jsp_spec.rb +58 -0
data/spec/fingerprinters/languages/php_spec.rb +61 -0
data/spec/fingerprinters/languages/python_spec.rb +23 -0
data/spec/fingerprinters/languages/ruby.rb +34 -0
data/spec/fingerprinters/os/bsd_spec.rb +26 -0
data/spec/fingerprinters/os/linux_spec.rb +34 -0
data/spec/fingerprinters/os/solaris_spec.rb +34 -0
data/spec/fingerprinters/os/unix_spec.rb +26 -0
data/spec/fingerprinters/os/windows_spec.rb +34 -0
data/spec/fingerprinters/servers/apache_spec.rb +26 -0
data/spec/fingerprinters/servers/iis_spec.rb +28 -0
data/spec/fingerprinters/servers/jetty_spec.rb +28 -0
data/spec/fingerprinters/servers/nginx_spec.rb +26 -0
data/spec/fingerprinters/servers/tomcat_spec.rb +28 -0
data/spec/modules/audit/code_injection_spec.rb +2 -2
data/spec/modules/audit/code_injection_timing_spec.rb +1 -1
data/spec/modules/audit/csrf_spec.rb +1 -1
data/spec/modules/audit/ldapi_spec.rb +1 -1
data/spec/modules/audit/os_cmd_injection_spec.rb +1 -1
data/spec/modules/audit/os_cmd_injection_timing_spec.rb +2 -2
data/spec/modules/audit/path_traversal_spec.rb +1 -1
data/spec/modules/audit/response_splitting_spec.rb +1 -1
data/spec/modules/audit/rfi_spec.rb +1 -1
data/spec/modules/audit/session_fixation_spec.rb +1 -1
data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
data/spec/modules/audit/sqli_blind_timing_spec.rb +4 -4
data/spec/modules/audit/sqli_spec.rb +2 -2
data/spec/modules/audit/trainer_spec.rb +11 -1
data/spec/modules/audit/unvalidated_redirect_spec.rb +1 -1
data/spec/modules/audit/xpath_spec.rb +1 -1
data/spec/modules/audit/xss_event_spec.rb +1 -1
data/spec/modules/audit/xss_path_spec.rb +1 -1
data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
data/spec/modules/audit/xss_spec.rb +1 -1
data/spec/modules/audit/xss_tag_spec.rb +1 -1
data/spec/modules/recon/allowed_methods_spec.rb +1 -1
data/spec/modules/recon/backdoors_spec.rb +1 -1
data/spec/modules/recon/backup_files_spec.rb +1 -1
data/spec/modules/recon/common_directories_spec.rb +1 -1
data/spec/modules/recon/common_files_spec.rb +1 -1
data/spec/modules/recon/directory_listing_spec.rb +1 -1
data/spec/modules/recon/grep/captcha_spec.rb +1 -1
data/spec/modules/recon/grep/credit_card_spec.rb +1 -1
data/spec/modules/recon/grep/cvs_svn_users_spec.rb +1 -1
data/spec/modules/recon/grep/emails_spec.rb +1 -1
data/spec/modules/recon/grep/html_objects_spec.rb +1 -1
data/spec/modules/recon/grep/http_only_cookies_spec.rb +1 -1
data/spec/modules/recon/grep/insecure_cookies_spec.rb +1 -1
data/spec/modules/recon/grep/mixed_resource_spec.rb +1 -1
data/spec/modules/recon/grep/password_autocomplete_spec.rb +1 -1
data/spec/modules/recon/grep/private_ip_spec.rb +1 -1
data/spec/modules/recon/grep/ssn_spec.rb +1 -1
data/spec/modules/recon/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/modules/recon/htaccess_limit_spec.rb +1 -1
data/spec/modules/recon/http_put_spec.rb +1 -1
data/spec/modules/recon/interesting_responses_spec.rb +1 -1
data/spec/modules/recon/webdav_spec.rb +1 -1
data/spec/modules/recon/xst_spec.rb +1 -1
data/spec/path_extractors/anchors_spec.rb +1 -1
data/spec/path_extractors/areas_spec.rb +1 -1
data/spec/path_extractors/forms_spec.rb +1 -1
data/spec/path_extractors/frames_spec.rb +1 -1
data/spec/path_extractors/generic_spec.rb +1 -1
data/spec/path_extractors/links_spec.rb +1 -1
data/spec/path_extractors/meta_refresh_spec.rb +1 -1
data/spec/path_extractors/scripts_spec.rb +1 -1
data/spec/plugins/autologin_spec.rb +1 -1
data/spec/plugins/autothrottle_spec.rb +2 -2
data/spec/plugins/content_types_spec.rb +1 -1
data/spec/plugins/cookie_collector_spec.rb +1 -1
data/spec/plugins/form_dicattack_spec.rb +7 -7
data/spec/plugins/healthmap_spec.rb +1 -1
data/spec/plugins/http_dicattack_spec.rb +6 -6
data/spec/plugins/meta/remedies/discovery_spec.rb +1 -1
data/spec/plugins/meta/remedies/timing_attacks_spec.rb +1 -1
data/spec/plugins/meta/uniformity_spec.rb +1 -1
data/spec/plugins/profiler_spec.rb +3 -3
data/spec/plugins/rescan_spec.rb +3 -3
data/spec/plugins/resolver_spec.rb +1 -1
data/spec/plugins/script_spec.rb +2 -2
data/spec/plugins/vector_feed_spec.rb +13 -1
data/spec/plugins/waf_detector_spec.rb +2 -2
data/spec/reports/afr_spec.rb +1 -1
data/spec/reports/ap_spec.rb +1 -1
data/spec/reports/html_spec.rb +1 -1
data/spec/reports/json_spec.rb +1 -1
data/spec/reports/marshal_spec.rb +1 -1
data/spec/reports/stdout_spec.rb +1 -1
data/spec/reports/txt_spec.rb +1 -1
data/spec/reports/xml_spec.rb +1 -1
data/spec/reports/yaml_spec.rb +1 -1
data/spec/spec_helper.rb +27 -32
data/spec/{fixtures → support/fixtures}/auditstore.afr +0 -0
data/spec/{fixtures → support/fixtures}/cookies.txt +0 -0
data/spec/support/fixtures/fingerprinters/test.rb +36 -0
data/spec/{fixtures → support/fixtures}/modules/test.rb +0 -0
data/spec/{fixtures → support/fixtures}/modules/test2.rb +0 -0
data/spec/{fixtures → support/fixtures}/modules/test3.rb +0 -0
data/spec/{fixtures → support/fixtures}/passwords.txt +0 -0
data/spec/{fixtures → support/fixtures}/plugins/bad.rb +0 -0
data/spec/{fixtures → support/fixtures}/plugins/defaults/default.rb +0 -0
data/spec/{fixtures → support/fixtures}/plugins/distributable.rb +0 -0
data/spec/{fixtures → support/fixtures}/plugins/loop.rb +0 -0
data/spec/{fixtures → support/fixtures}/plugins/spider_hook.rb +1 -0
data/spec/{fixtures → support/fixtures}/plugins/wait.rb +0 -0
data/spec/{fixtures → support/fixtures}/plugins/with_options.rb +0 -0
data/spec/{fixtures → support/fixtures}/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +0 -0
data/spec/{fixtures → support/fixtures}/reports/base_spec/with_formatters.rb +0 -0
data/spec/{fixtures → support/fixtures}/reports/base_spec/with_outfile.rb +0 -0
data/spec/{fixtures → support/fixtures}/reports/base_spec/without_outfile.rb +0 -0
data/spec/{fixtures → support/fixtures}/reports/manager_spec/afr.rb +0 -0
data/spec/{fixtures → support/fixtures}/reports/manager_spec/foo.rb +0 -0
data/spec/{fixtures → support/fixtures}/rescan.afr.tpl +0 -0
data/spec/{fixtures → support/fixtures}/rpcd_handlers/echo.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/body.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/cookies.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/empty.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/flch.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/forms.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/headers.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/links.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/nil.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/path.rb +0 -0
data/spec/{fixtures → support/fixtures}/run_mod/server.rb +0 -0
data/spec/{fixtures → support/fixtures}/script_plugin.rb +0 -0
data/spec/{fixtures → support/fixtures}/taint_module/taint.rb +0 -0
data/spec/{fixtures → support/fixtures}/usernames.txt +0 -0
data/spec/{fixtures → support/fixtures}/wait_module/wait.rb +0 -0
data/spec/{helpers → support/helpers}/auditor.rb +0 -0
data/spec/support/helpers/framework.rb +19 -0
data/spec/support/helpers/misc.rb +19 -0
data/spec/support/helpers/paths.rb +31 -0
data/spec/support/helpers/requires.rb +24 -0
data/spec/support/helpers/resets.rb +42 -0
data/spec/support/helpers/web_server.rb +27 -0
data/spec/support/lib/web_server_manager.rb +120 -0
data/spec/support/logs/Dispatcher - 11642-42685.log +9 -0
data/spec/support/logs/Dispatcher - 11669-58445.log +21 -0
data/spec/support/logs/Dispatcher - 11803-19013.log +9 -0
data/spec/support/logs/Dispatcher - 11813-58646.log +19 -0
data/spec/support/logs/Dispatcher - 11822-1913.log +17 -0
data/spec/support/logs/Dispatcher - 11831-60571.log +13 -0
data/spec/support/logs/Dispatcher - 11840-20151.log +9 -0
data/spec/support/logs/Dispatcher - 11850-21796.log +9 -0
data/spec/support/logs/Dispatcher - 11859-47650.log +11 -0
data/spec/support/logs/Dispatcher - 11872-13669.log +11 -0
data/spec/support/logs/Dispatcher - 11885-40034.log +35 -0
data/spec/support/logs/Dispatcher - 11946-10629.log +21 -0
data/spec/support/logs/Dispatcher - 11955-55497.log +21 -0
data/spec/support/logs/Dispatcher - 11964-33080.log +23 -0
data/spec/support/logs/Dispatcher - 12005-28558.log +19 -0
data/spec/support/logs/Dispatcher - 12014-59368.log +17 -0
data/spec/support/logs/Dispatcher - 12023-41547.log +15 -0
data/spec/support/logs/Dispatcher - 12037-54838.log +11 -0
data/spec/support/logs/Dispatcher - 12050-38840.log +9 -0
data/spec/support/logs/Dispatcher - 12059-7283.log +9 -0
data/spec/support/logs/Dispatcher - 12068-19765.log +9 -0
data/spec/support/logs/Dispatcher - 12077-24147.log +9 -0
data/spec/support/logs/Dispatcher - 12086-60404.log +11 -0
data/spec/support/logs/Dispatcher - 12099-43307.log +9 -0
data/spec/support/logs/Dispatcher - 12109-9701.log +9 -0
data/spec/support/logs/Dispatcher - 12162-19782.log +63 -0
data/spec/support/logs/Dispatcher - 12171-35883.log +43 -0
data/spec/support/logs/Dispatcher - 12180-6456.log +39 -0
data/spec/support/logs/Dispatcher - 12189-64516.log +34 -0
data/spec/support/logs/Dispatcher - 12198-50800.log +28 -0
data/spec/support/logs/Dispatcher - 12207-6148.log +21 -0
data/spec/support/logs/Dispatcher - 12216-45994.log +13 -0
data/spec/support/logs/Dispatcher - 12226-59932.log +9 -0
data/spec/support/logs/Dispatcher - 12369-42683.log +19 -0
data/spec/support/logs/Dispatcher - 12379-51205.log +21 -0
data/spec/support/logs/Dispatcher - 12388-15229.log +15 -0
data/spec/support/logs/Dispatcher - 12401-35502.log +19 -0
data/spec/support/logs/Dispatcher - 12410-3386.log +21 -0
data/spec/support/logs/Dispatcher - 12419-16056.log +15 -0
data/spec/support/logs/Dispatcher - 12540-25763.log +17 -0
data/spec/support/logs/Dispatcher - 12549-49234.log +21 -0
data/spec/support/logs/Dispatcher - 12558-61027.log +13 -0
data/spec/support/logs/Dispatcher - 12571-34789.log +19 -0
data/spec/support/logs/Dispatcher - 12580-27968.log +21 -0
data/spec/support/logs/Dispatcher - 12589-38100.log +15 -0
data/spec/support/logs/Dispatcher - 12643-8172.log +17 -0
data/spec/support/logs/Dispatcher - 12652-44715.log +21 -0
data/spec/support/logs/Dispatcher - 12661-40547.log +13 -0
data/spec/support/logs/Dispatcher - 12674-20100.log +17 -0
data/spec/support/logs/Dispatcher - 12683-57063.log +21 -0
data/spec/support/logs/Dispatcher - 12692-20974.log +13 -0
data/spec/support/logs/Dispatcher - 12920-24047.log +19 -0
data/spec/support/logs/Dispatcher - 12929-13265.log +21 -0
data/spec/support/logs/Dispatcher - 12938-38472.log +15 -0
data/spec/support/logs/Dispatcher - 12962-47051.log +21 -0
data/spec/support/logs/Dispatcher - 12971-48844.log +25 -0
data/spec/support/logs/Dispatcher - 12980-2331.log +15 -0
data/spec/support/logs/Dispatcher - 13016-57455.log +17 -0
data/spec/support/logs/Dispatcher - 13025-44069.log +21 -0
data/spec/support/logs/Dispatcher - 13034-59986.log +13 -0
data/spec/support/logs/Dispatcher - 13047-17338.log +21 -0
data/spec/support/logs/Dispatcher - 13056-57124.log +25 -0
data/spec/support/logs/Dispatcher - 13065-3014.log +15 -0
data/spec/support/logs/Dispatcher - 13101-42040.log +17 -0
data/spec/support/logs/Dispatcher - 13110-29137.log +21 -0
data/spec/support/logs/Dispatcher - 13119-52878.log +13 -0
data/spec/support/logs/Dispatcher - 13132-20646.log +17 -0
data/spec/support/logs/Dispatcher - 13141-21629.log +21 -0
data/spec/support/logs/Dispatcher - 13150-42002.log +13 -0
data/spec/support/logs/Dispatcher - 8291-38888.log +9 -0
data/spec/support/logs/Dispatcher - 8325-2241.log +21 -0
data/spec/support/logs/Dispatcher - 8458-40239.log +9 -0
data/spec/support/logs/Dispatcher - 8468-26555.log +19 -0
data/spec/support/logs/Dispatcher - 8477-28819.log +17 -0
data/spec/support/logs/Dispatcher - 8486-36985.log +13 -0
data/spec/support/logs/Dispatcher - 8495-59407.log +9 -0
data/spec/support/logs/Dispatcher - 8504-27479.log +9 -0
data/spec/support/logs/Dispatcher - 8513-51807.log +11 -0
data/spec/support/logs/Dispatcher - 8526-53739.log +11 -0
data/spec/support/logs/Dispatcher - 8539-55908.log +35 -0
data/spec/support/logs/Dispatcher - 8603-24287.log +21 -0
data/spec/support/logs/Dispatcher - 8612-37320.log +21 -0
data/spec/support/logs/Dispatcher - 8621-60797.log +23 -0
data/spec/support/logs/Dispatcher - 8662-56395.log +19 -0
data/spec/support/logs/Dispatcher - 8671-54268.log +17 -0
data/spec/support/logs/Dispatcher - 8680-32387.log +15 -0
data/spec/support/logs/Dispatcher - 8693-60728.log +11 -0
data/spec/support/logs/Dispatcher - 8706-53092.log +9 -0
data/spec/support/logs/Dispatcher - 8715-35576.log +9 -0
data/spec/support/logs/Dispatcher - 8724-9842.log +9 -0
data/spec/support/logs/Dispatcher - 8734-37290.log +9 -0
data/spec/support/logs/Dispatcher - 8743-46516.log +11 -0
data/spec/support/logs/Dispatcher - 8756-59294.log +9 -0
data/spec/support/logs/Dispatcher - 8765-16318.log +9 -0
data/spec/support/logs/Dispatcher - 8818-35968.log +63 -0
data/spec/support/logs/Dispatcher - 8827-57068.log +43 -0
data/spec/support/logs/Dispatcher - 8836-31238.log +39 -0
data/spec/support/logs/Dispatcher - 8845-48148.log +34 -0
data/spec/support/logs/Dispatcher - 8854-17355.log +28 -0
data/spec/support/logs/Dispatcher - 8863-6616.log +21 -0
data/spec/support/logs/Dispatcher - 8872-1373.log +13 -0
data/spec/support/logs/Dispatcher - 8882-40014.log +9 -0
data/spec/support/logs/Dispatcher - 8989-17108.log +19 -0
data/spec/support/logs/Dispatcher - 9000-23195.log +21 -0
data/spec/support/logs/Dispatcher - 9009-33836.log +15 -0
data/spec/support/logs/Dispatcher - 9022-55515.log +19 -0
data/spec/support/logs/Dispatcher - 9031-51301.log +21 -0
data/spec/support/logs/Dispatcher - 9040-10025.log +15 -0
data/spec/support/logs/Dispatcher - 9180-20874.log +17 -0
data/spec/support/logs/Dispatcher - 9189-29826.log +21 -0
data/spec/support/logs/Dispatcher - 9198-21818.log +13 -0
data/spec/support/logs/Dispatcher - 9211-64830.log +19 -0
data/spec/support/logs/Dispatcher - 9220-2570.log +21 -0
data/spec/support/logs/Dispatcher - 9229-45654.log +15 -0
data/spec/support/logs/Dispatcher - 9286-1284.log +17 -0
data/spec/support/logs/Dispatcher - 9295-58545.log +21 -0
data/spec/support/logs/Dispatcher - 9304-52355.log +13 -0
data/spec/support/logs/Dispatcher - 9317-58138.log +17 -0
data/spec/support/logs/Dispatcher - 9326-39184.log +21 -0
data/spec/support/logs/Dispatcher - 9336-44714.log +13 -0
data/spec/support/logs/Dispatcher - 9555-26114.log +19 -0
data/spec/support/logs/Dispatcher - 9564-2270.log +21 -0
data/spec/support/logs/Dispatcher - 9573-26148.log +15 -0
data/spec/support/logs/Dispatcher - 9597-62247.log +21 -0
data/spec/support/logs/Dispatcher - 9606-16162.log +25 -0
data/spec/support/logs/Dispatcher - 9615-8643.log +15 -0
data/spec/support/logs/Dispatcher - 9651-49224.log +17 -0
data/spec/support/logs/Dispatcher - 9660-4390.log +21 -0
data/spec/support/logs/Dispatcher - 9669-18266.log +13 -0
data/spec/support/logs/Dispatcher - 9682-44582.log +21 -0
data/spec/support/logs/Dispatcher - 9691-15941.log +25 -0
data/spec/support/logs/Dispatcher - 9700-22186.log +15 -0
data/spec/support/logs/Dispatcher - 9736-29672.log +17 -0
data/spec/support/logs/Dispatcher - 9745-33231.log +21 -0
data/spec/support/logs/Dispatcher - 9754-48381.log +13 -0
data/spec/support/logs/Dispatcher - 9767-29812.log +17 -0
data/spec/support/logs/Dispatcher - 9776-9894.log +21 -0
data/spec/support/logs/Dispatcher - 9785-1421.log +13 -0
data/spec/support/logs/Instance - 12384-38605.error.log +328 -0
data/spec/support/logs/Instance - 12657-2379.error.log +328 -0
data/spec/support/logs/Instance - 12688-50940.error.log +427 -0
data/spec/support/logs/Instance - 12708-13716.error.log +326 -0
data/spec/support/logs/Instance - 12714-45400.error.log +328 -0
data/spec/support/logs/Instance - 12848-32645.error.log +326 -0
data/spec/support/logs/Instance - 9005-21883.error.log +328 -0
data/spec/support/logs/Instance - 9300-33102.error.log +328 -0
data/spec/support/logs/Instance - 9331-48336.error.log +427 -0
data/spec/support/logs/Instance - 9352-62807.error.log +326 -0
data/spec/support/logs/Instance - 9358-45154.error.log +328 -0
data/spec/support/logs/Instance - 9487-8746.error.log +326 -0
data/spec/{logs → support/logs}/placeholder +0 -0
data/spec/{pems → support/pems}/cacert.pem +0 -0
data/spec/{pems → support/pems}/client/cert.pem +0 -0
data/spec/{pems → support/pems}/client/foo-cert.pem +0 -0
data/spec/{pems → support/pems}/client/foo-key.pem +0 -0
data/spec/{pems → support/pems}/client/key.pem +0 -0
data/spec/{pems → support/pems}/server/cert.pem +0 -0
data/spec/{pems → support/pems}/server/key.pem +0 -0
data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/rdiff.rb +0 -0
data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/taint.rb +0 -0
data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/timeout.rb +0 -0
data/spec/{servers → support/servers}/arachni/element/cookie.rb +0 -0
data/spec/{servers → support/servers}/arachni/element/form.rb +0 -0
data/spec/{servers → support/servers}/arachni/element/header.rb +0 -0
data/spec/{servers → support/servers}/arachni/element/link.rb +0 -0
data/spec/{servers → support/servers}/arachni/framework.rb +0 -0
data/spec/{servers → support/servers}/arachni/http.rb +0 -0
data/spec/{servers → support/servers}/arachni/http_auth.rb +0 -0
data/spec/{servers → support/servers}/arachni/module/auditor.rb +0 -0
data/spec/{servers → support/servers}/arachni/parser.rb +0 -0
data/spec/{servers → support/servers}/arachni/rpc/server/framework_hpg.rb +0 -1
data/spec/{servers → support/servers}/arachni/rpc/server/framework_simple.rb +0 -0
data/spec/{servers → support/servers}/arachni/session.rb +0 -0
data/spec/{servers → support/servers}/arachni/spider.rb +0 -0
data/spec/{servers → support/servers}/arachni/spider_https.rb +0 -0
data/spec/{servers → support/servers}/arachni/trainer.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/code_injection.rb +3 -4
data/spec/{servers → support/servers}/modules/audit/code_injection_timing.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/csrf.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/ldapi.rb +1 -1
data/spec/{servers → support/servers}/modules/audit/os_cmd_injection.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/os_cmd_injection_timing.rb +1 -10
data/spec/{servers → support/servers}/modules/audit/path_traversal.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/response_splitting.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/rfi.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/session_fixation.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli.rb +1 -1
data/spec/{servers → support/servers}/modules/audit/sqli/coldfusion +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/db2 +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/emc +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/informix +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/interbase +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/jdbc +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/mssql +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/mysql +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/oracle +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/postgresql +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/sqlite +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli/sybase +0 -0
data/spec/{servers → support/servers}/modules/audit/sqli_blind_rdiff.rb +1 -1
data/spec/{servers → support/servers}/modules/audit/sqli_blind_timing.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/trainer_module.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/unvalidated_redirect.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/xpath.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/xpath/dotnet +0 -0
data/spec/{servers → support/servers}/modules/audit/xpath/general +0 -0
data/spec/{servers → support/servers}/modules/audit/xpath/java +0 -0
data/spec/{servers → support/servers}/modules/audit/xpath/libxml2 +0 -0
data/spec/{servers → support/servers}/modules/audit/xpath/php +0 -0
data/spec/{servers → support/servers}/modules/audit/xss.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/xss_event.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/xss_path.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/xss_script_tag.rb +0 -0
data/spec/{servers → support/servers}/modules/audit/xss_tag.rb +0 -0
data/spec/{servers → support/servers}/modules/module_server.rb +1 -1
data/spec/{servers → support/servers}/modules/recon/allowed_methods.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/backdoors.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/backup_files.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/common_directories.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/common_files.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/directory_listing.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/captcha.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/credit_card.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/cvs_svn_users.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/emails.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/html_objects.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/http_only_cookies.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/insecure_cookies.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/mixed_resource.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/password_autocomplete.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/private_ip.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/ssn.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/grep/unencrypted_password_forms.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/htaccess_limit.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/http_put.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/interesting_responses.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/webdav.rb +0 -0
data/spec/{servers → support/servers}/modules/recon/xst.rb +0 -0
data/spec/{servers → support/servers}/plugins/autologin.rb +0 -0
data/spec/{servers → support/servers}/plugins/autothrottle.rb +0 -0
data/spec/{servers → support/servers}/plugins/content_types.rb +0 -0
data/spec/{servers → support/servers}/plugins/cookie_collector.rb +0 -0
data/spec/{servers → support/servers}/plugins/form_dicattack.rb +0 -0
data/spec/{servers → support/servers}/plugins/healthmap.rb +0 -0
data/spec/{servers → support/servers}/plugins/http_dicattack.rb +0 -0
data/spec/{servers → support/servers}/plugins/http_dicattack_secure.rb +0 -0
data/spec/{servers → support/servers}/plugins/http_dicattack_unprotected.rb +0 -0
data/spec/{servers → support/servers}/plugins/meta/remedies/discovery.rb +1 -1
data/spec/{servers → support/servers}/plugins/meta/remedies/timing_attacks.rb +0 -0
data/spec/{servers → support/servers}/plugins/profiler.rb +0 -0
data/spec/{servers → support/servers}/plugins/rescan.rb +0 -0
data/spec/{servers → support/servers}/plugins/waf_detector.rb +0 -0
data/spec/{shared → support/shared}/component.rb +1 -1
data/spec/{shared → support/shared}/element/capabilities/auditable.rb +363 -194
data/spec/{shared → support/shared}/element/capabilities/refreshable.rb +0 -0
data/spec/support/shared/fingerprinter.rb +14 -0
data/spec/{shared → support/shared}/module.rb +1 -1
data/spec/{shared → support/shared}/path_extractor.rb +0 -0
data/spec/{shared → support/shared}/plugin.rb +0 -0
data/spec/{shared → support/shared}/reports.rb +1 -1
data/spec/{arachni/bloom_filter_spec.rb → support/shared/support/lookup.rb} +11 -11
metadata +936 -199
data/lib/arachni/bloom_filter.rb +0 -74
data/lib/arachni/buffer.rb +0 -3
data/lib/arachni/buffer/autoflush.rb +0 -77
data/lib/arachni/database.rb +0 -4
data/lib/arachni/database/base.rb +0 -131
data/modules/audit/code_injection_timing/payloads.txt +0 -4
data/modules/audit/os_cmd_injection/payloads.txt +0 -3
data/modules/audit/os_cmd_injection_timing/payloads.txt +0 -2
data/modules/audit/sqli_blind_timing/payloads.txt +0 -69
data/spec/helpers/misc.rb +0 -41
data/spec/helpers/processes.rb +0 -112
data/spec/helpers/requires.rb +0 -8
data/spec/helpers/server.rb +0 -54

checksums.yaml CHANGED

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZGEyZTQwN2Y1MDBmYjVmMWUwNmI0MmFmMjBlNGRjYTRjYzMzYjc2Yg==
+    ZWZmNTMzNDdmNmFlYjYzMTQyMjk3MzcyYzlmNWM1NzIwNTM3ZDE4Yg==
   data.tar.gz: !binary |-
-    Zjk3MzE2NzJlZTFjMjUzZTgzODhiYTQwMTc0NzQ1ODMxMmUyMTMzZg==
+    ZGE1Y2EyYTAxZjU0Y2I3YmRlOGIxZmFlNzRjODFiNjg0NWVhMTliZg==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    NDMwZjQ3YjM0ODExY2U3N2RkNmFiNmJlZjNhYTdjNjI2ZjkyNzFhYjM4ZWM5
-    MWVjMmI3NTFlMGRhZjQzMDZjZTJmMGFhNDM2NDkwNmFhZWMyYmIwZTJlMjY4
-    Y2U2ZTA5YmUxMDk5MGZiZTQyMWY4MTc3MTU4ZjU5OTMxYjZmZGY=
+    ZThkOWMzZDQ5MzY4ODUxN2UzMWY0ODk2MDFkMTYxZmZkZWIwZTA5ZGFhOTdm
+    MmYyN2NkNzMyNjU4NWJlOTdiOGUzMDRjN2NkZDhlZTcyNGYwZWRkM2Y5MTEw
+    NTA2MWFjZWQzMDkxNjQ3MDRiZjE3ZmQ1MWE4NzE3NGI5YWI3YjE=
   data.tar.gz: !binary |-
-    ZWUzN2FkOTc2N2MzNTg1OGJlNDc1N2U0ZTgyYjgxM2RhN2JmYWRiZjI2ODc2
-    ZGYzNjUwYTMzYzM5MDY3ODI1MGIxYWJkMDZiOTA1MGIyZjhkZDhlZmI2ZDM4
-    N2RmY2JlZWY5ZjM3YmJkZTIxYWE1NDZhNzRjODcwOTI4NzVlYWI=
+    ZTFjNmVmZjM4ZjA4MjZkNGE4NjYzYjdhYWJlZDc2YjQyNmU1ZmM2MGVkNmY0
+    ZTc2NmMyMGNjMmQ1MWQyMDI4ODI3NzM3OTlhYWI3NDMzZWUwYTMzZTQ5ZDJi
+    ZjNiZDM2OThmNzFlNWQwODAxZmFkYTBhYjJhZjE0MGY3ZmFiODI=

data/ACKNOWLEDGMENTS.md CHANGED

@@ -16,3 +16,6 @@ All the people on:
 * [GitHub](http://github.com/Arachni/arachni/issues) who have submitted bugs and
     given constructive feedback.
 * The `CONTRIBUTORS.md` file.
+Finally, a big thanks to the [RubyMine](http://www.jetbrains.com/ruby/) people
+for providing their wonderful IDE to the Arachni project for free.

data/CHANGELOG.md CHANGED

@@ -1,5 +1,186 @@
 # ChangeLog
+## Version 0.4.3 _(July 06, 2013)_
+- RPC protocol
+    - YAML serialization switched from `Syck` to `Psych` (the current Ruby default).
+- Executables:
+    - Added `arachni_multi`
+        - Spawns and controls an `RPC::Server::Instance` process in order to
+            provide access to RPC-only features such as multi-Instance scans
+            **without** requiring a Dispatcher.
+- CLI
+    - Added platform fingerprinting options:
+        - `--lsplat` -- Lists all available platforms.
+        - `--no-fingerprinting` -- Disables platform fingerprinting.
+        - `--platforms` -- Allows for user specified platforms.
+    - RPC client
+        - Added the `--grid-mode` option to allow the user to choose between:
+            - Load-balancing -- Slaves will be provided by the least burdened
+                Grid Dispatchers.
+            - Load balancing **with** line-aggregation -- In addition to balancing,
+                slaves will all be from Dispatchers with unique bandwidth Pipe-IDs
+                to result in application-level line-aggregation.
+- Added modular `Page` fingeprinting, via `fingerprinter` components, identifying:
+    - Operating systems
+        - BSD
+        - Linux
+        - Unix
+        - Windows
+        - Solaris
+    - Web servers
+        - Apache
+        - IIS
+        - Nginx
+        - Tomcat
+        - Jetty
+    - Programming languages
+        - PHP
+        - ASP
+        - ASPX
+        - JSP
+        - Python
+        - Ruby
+    - Frameworks
+        - Rack
+- `HTTP`
+    - `Accept-Encoding` set to `gzip, deflate` by default.
+- `Parser`
+    - Now fingerprints the pages it returns.
+- `Framework`
+    - Removed the following deprecated aliases:
+        - `:resume!` -- Only use `resume` from now on.
+        - `:pause!` -- Only use `pause` from now on.
+        - `:clean_up!` -- Only use `clean_up` from now on.
+    - Added `#list_platforms`.
+- `Spider`
+    - Optimized path de-duplication.
+    - Paths-list synchronized using a `Mutex` to prevent issues when running as
+        part of a multi-Instance operation.
+- `RPC::Server::Instance`
+    - Removed the following deprecated aliases:
+        - `:shutdown!` -- Only use `shutdown` from now on.
+    - Added preliminary support for UNIX sockets.
+    - Added `#list_platforms`.
+- `Module::Auditor`
+    - Having access to the `Framework` is now required and guaranteed.
+- `Element::Capabilities::Auditable`
+    - Out of scope elements are now visible in order to allow access to 3rd
+        party resources like Single Sign-On services.
+    - All audit methods return `false` when the element is out of the scan's scope.
+    - `#anonymous_auditor` now instantiates a `Framework`.
+    - Added `#skip_like` method to be passed blocks deciding what elements should
+        not be audited.
+    - `#audit`
+        - Updated to support the following payload types:
+            - `Array` -- Array of payloads to be injected.
+            - `Hash` -- Array of payloads to be injected per platform.
+- Grid
+    - `RPC::Server::Dispatcher#dispatch`
+        - When the Dispatcher is a Grid member, it returns an Instance from the least
+            burdened Grid member by default, thus allowing for easy load-balancing.
+- Multi-Instance scans
+    - Instances now communicate via UNIX domain sockets when all of them are on
+        the same host, to avoid TCP/IP overhead for IPC.
+    - `RPC::Server::Instance#scan`
+        - Added `grid_mode` option:
+            - `:balance` -- Slaves will be provided by the least burdened
+                Grid Dispatchers.
+            - `:aggregate` -- In addition to balancing, slaves will all be from
+                Dispatchers with unique bandwidth Pipe-IDs to result in
+                application-level line-aggregation.
+    - `RPC::Server::Framework`
+        - No longer performs a multi-Instance scan when its Dispatcher is a Grid
+            member. The `grid` or `grid_mode` options need to be set explicitly,
+            along with a `spawns` option value of 1 and higher.
+        - General code cleanup.
+            - Multi-Instance code moved under the `RPC::Server::Framework::MultiInstance`
+                module which concentrates multi-Instance code and pulls in the
+                following modules:
+                - `RPC::Server::Framework::Slave` -- Holds API and utilities for
+                    slave instances.
+                - `RPC::Server::Framework::Master` -- Holds API and utilities for
+                    master instances.
+        - Master seed crawl runs in its own thread to avoid blocking during the
+            initial seeding process.
+        - Removed the concept of issue summaries -- were used for lightweight
+            transmission of issue data for real-time feedback. Instead, full issues
+            are being buffered and flushed to the master after each page is audited.
+    - `RPC::Server::Framework::Distributor#distribute_elements`
+        - Optimized to handle large data sets.
+    - `RPC::Server::Spider`
+        - Updated buffering strategy to reduce RPC calls.
+- Cleaned up and removed `@@` vars from:
+    - `Module::Manager`
+    - `Module::KeyFiller`
+    - `Plugin::Manager`
+    - `Parser`
+- Moved supporting classes under `Arachni::Support`.
+    - `Support::Cache` classes now store `#hash` values of keys to preserve space.
+    - Added:
+        - `Support::LookUp` namespace to hold look-up optimized data structures with:
+            - `Support::LookUp::HashSet` -- Stores hashed items in a `Set`.
+            - `Support::LookUp::Moolb` -- Reverse of a Bloom-filter.
+        - `Support::Queue::Disk` -- Disk Queue with in-memory buffer.
+- Added:
+    - `Arachni::Platform` -- Holds resources relevant to platform identification,
+        storage, and filtering.
+        - `Fingerprinters` -- Namespace under which all fingerprinter
+            components reside.
+        - `List` - List structure holding applicable platforms for a given WWW resource.
+        - `Manager` - Collection of `Lists`s for easy management of platforms of
+            different types.
+    - `IO#tail` -- Returns a specified amount of lines from the bottom of a file.
+    - Process helpers for RPC Instance and Dispatcher servers.
+        - `Arachni::Processes::Dispatchers` -- Spawns and kills Dispatchers.
+        - `Arachni::Processes::Instances` -- Spawns and kills Instances.
+        - `Arachni::Processes::Manager` -- Forks and kills processes.
+- RSpec tests
+    - Major cleanup, using the aforementioned process helpers to remove duplicate code.
+    - Moved supporting components under `spec/support/`.
+- Modules
+    - Audit
+        - `code_injection`
+            - Removed `Ruby` payload since it wasn't applicable.
+            - Updated to categorize payloads by platform.
+        - `code_injection_timing`
+            - Code cleanup.
+            - Removed `payloads.txt`, payloads are now in the module.
+            - Updated to categorize payloads by platform.
+        - `os_cmd_injection`
+            - Code cleanup.
+            - Removed `payloads.txt`, payloads are now in the module.
+            - Updated to categorize payloads by platform.
+        - `os_cmd_injection_timing`
+            - Code cleanup.
+            - Removed `payloads.txt`, payloads are now in the module.
+            - Updated to categorize payloads by platform.
+        - `path_traversal`
+            - Code cleanup.
+            - Updated to categorize payloads by platform.
+        - `sqli_blind_timing`
+            - Code cleanup.
+            - Split `payloads.txt`, to individual files per platform.
+            - Updated to categorize payloads by platform.
+    - Recon
+        - `html_objects`
+            - Updated description.
+- Plugins
+    - Proxy
+        - Out-of-scope pages no longer return a _403 Forbidden_ error but are
+            instead loaded, though ignored.
+        - Fixed bug causing the `Content-Length` header to sometimes hold an
+            incorrect value.
+        - Fixed bug causing the control panel to be injected in a loop.
+        - Added support for `PUT` and `DELETE` methods.
+        - Supports exporting of discovered vectors in YAML format suitable for
+            use with the `vector_feed` plugin.
+        - Fixed bug with `POST` requests resulting in timed-out connections due
+            to forwarding a `Content-Length` request header to the origin server.
+    - AutoLogin
+        - Updated to allow access to out-of-scope resources like Single Sign-On
+            services.
 ## Version 0.4.2 _(April 26, 2013)_
 - Options
@@ -34,7 +215,6 @@
   - Protocol -- Now supports both ```Marshal``` and ```YAML``` automatically.
       - ```Marshal``` by default since it's many times faster than ```YAML```.
       - ```YAML``` as an automatic fallback in order to maintain backwards compatibility and ease of integration with 3rd parties.
-          - Updated to use the Ruby-default ```Psych``` engine.
   - ```Framework```
       - Updated gathering of slave status -- once a slave is done it reports back to the master.
       - Clean-up happens automatically, clients no longer need to call ```#clean_up``` (like previously mentioned).

data/README.md CHANGED

@@ -3,18 +3,18 @@
 <table>
     <tr>
         <th>Version</th>
-        <td>0.4.2</td>
+        <td>0.4.3</td>
     </tr>
     <tr>
         <th>Homepage</th>
-        <td><a href="http://arachni-scanner.com">http://arachni-scanner.com</a></td>
+        <td><a href="http://www.arachni-scanner.com">http://arachni-scanner.com</a></td>
     </tr>
     <tr>
         <th>Blog</th>
-        <td><a href="http://arachni-scanner.com/blog">http://arachni-scanner.com/blog</a></td>
+        <td><a href="http://www.arachni-scanner.com/blog">http://arachni-scanner.com/blog</a></td>
     <tr>
         <th>Github</th>
-        <td><a href="http://github.com/Arachni/arachni">http://github.com/Arachni/arachni</a></td>
+        <td><a href="https://github.com/Arachni/arachni">http://github.com/Arachni/arachni</a></td>
      <tr/>
     <tr>
         <th>Documentation</th>
@@ -133,17 +133,29 @@ you with its findings.
 ### Open [distributed architecture](https://github.com/Arachni/arachni/wiki/Distributed-components)
-- High-performance/low-bandwidth [communication protocol](https://github.com/Arachni/arachni-rpc).
-- Multiple clients.
+- High-performance/low-bandwidth [communication protocol](https://github.com/Arachni/arachni-rpc-em).
+    - `Marshal` serialization for performance and efficiency.
+        - Automatically falls back to `YAML` for ease of integration with 3rd party systems.
+    - TCP/IP for general network communications.
+    - UNIX domain sockets for multi-Instance IPC.
+- Remote monitoring and management of Dispatchers and Instances.
 - Parallel scans -- Each scan is compartmentalized to its own OS process to take
     advantage of:
     - Multi-core/SMP architectures.
     - OS-level scheduling/restrictions.
     - Sandboxed failure propagation.
+- Multi-Instance scans for parallelization of _individual scans_ using multiple
+    Instances to:
+    - Take advantage of multi-core/SMP architectures.
+    - Greatly diminish scan-times.
+- Dispatcher Grids supporting:
+    - _(Optional)_ High-Performance mode -- Combines the resources of
+        multiple nodes to perform multi-Instance scans.
+        - Enabled on a per-scan basis.
+    - _(Always-on)_ Load-balancing -- All Instances are automatically provided
+        by the least burdened Grid member.
+        - With optional per-scan opt-out/override.
 - SSL encryption (with optional peer authentication).
-- Remote monitoring and management.
-- Experimental support for High Performance Grid configuration, combining the
-    resources of multiple nodes to perform faster scans.
 ### Crawler
@@ -176,6 +188,43 @@ you with its findings.
     permutations to provide extensive cookie-audit coverage.
  - Can exclude specific input vectors by name.
+### Platform fingerprinter
+In order to make efficient use of the available bandwidth, Arachni performs some
+basic platform fingerprinting and tailors the audit process to the server-side
+deployed platforms by only injecting applicable payloads.
+Currently, the following platforms can be identified:
+- Operating systems
+    - BSD
+    - Linux
+    - Unix
+    - Windows
+    - Solaris
+- Web servers
+    - Apache
+    - IIS
+    - Nginx
+    - Tomcat
+    - Jetty
+- Programming languages
+    - PHP
+    - ASP
+    - ASPX
+    - JSP
+    - Python
+    - Ruby
+- Frameworks
+    - Rack
+The user also has the option of specifying extra platforms (like a DB server)
+in order to help the system be as efficient as possible. Alternatively, fingerprinting
+can be disabled altogether.
+Finally, Arachni will always err on the side of caution and send all available
+payloads when it fails to identify specific platforms.
 ### HTML Parser
 Can extract and analyze:
@@ -400,7 +449,10 @@ You can run `rake spec` to run **all** specs or you can run them selectively usi
     rake spec:reports         # for the reports
     rake spec:path_extractors # for the path extractors
-**Note**: _The module specs will take about 90 minutes due to the ones which perform timing attacks._
+**Please be warned**, the core specs will require a beast of a machine due to the
+necessity to test the Grid/multi-Instance features of the system.
+**Note**: _The module specs will take about 90 minutes due to the timing-attack tests._
 ## Bug reports/Feature requests
@@ -409,19 +461,21 @@ get support via the [Support Portal](http://support.arachni-scanner.com).
 ## Contributing
+(Before starting any work, please read the [instructions](https://github.com/Arachni/arachni/tree/experimental#source)
+for working with the source code.)
 We're happy to accept help from fellow code-monkeys and these are the steps you
 need to follow in order to contribute code:
-* [Fork the project](https://github.com/Arachni/arachni/fork_select).
-* Start a feature branch based on the `experimental` branch (`git checkout -b <feature-name> experimental`).
+* Fork the project.
+* Start a feature branch based on the [experimental](https://github.com/Arachni/arachni-ui-web/tree/experimental)
+    branch (`git checkout -b <feature-name> experimental`).
 * Add specs for your code.
 * Run the spec suite to make sure you didn't break anything (`rake spec:core`
     for the core libs or `rake spec` for everything).
 * Commit and push your changes.
 * Issue a pull request and wait for your code to be reviewed.
-_PS: You may want to setup a [development environment](https://github.com/Arachni/arachni/wiki/Development-environment) first._
 ## License
 Arachni is licensed under the Apache License Version 2.0.<br/>

data/Rakefile CHANGED

@@ -157,11 +157,7 @@ task :clean do
     sh "rm *.marshal || true"
     sh "rm *.gem || true"
     sh "rm logs/*.log || true"
-    sh "rm spec/logs/*.log || true"
-    sh "rm lib/arachni/ui/web/server/db/*.* || true"
-    sh "rm lib/arachni/ui/web/server/db/welcomed || true"
-    sh "rm lib/arachni/ui/web/server/public/reports/*.* || true"
-    sh "rm lib/arachni/ui/web/server/tmp/*.* || true"
+    sh "rm spec/support/logs/*.log || true"
 end

data/arachni.gemspec CHANGED

@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
         ' Ruby framework aimed towards helping penetration testers and' +
         ' administrators evaluate the security of web applications.'
-    s.homepage          = 'https://github.com/Arachni/arachni'
+    s.homepage          = 'https://www.arachni-scanner.com'
     s.email             = 'tasos.laskos@gmail.com'
     s.authors           = [ 'Tasos Laskos' ]
@@ -38,6 +38,7 @@ Gem::Specification.new do |s|
     s.files            += Dir.glob( 'lib/**/**' )
     s.files            += Dir.glob( 'logs/**/**' )
     s.files            += Dir.glob( 'modules/**/**' )
+    s.files            += Dir.glob( 'fingerprinters/**/**' )
     s.files            += Dir.glob( 'path_extractors/**/**' )
     s.files            += Dir.glob( 'plugins/**/**' )
     s.files            += Dir.glob( 'profiles/**/**' )
@@ -45,9 +46,11 @@ Gem::Specification.new do |s|
     s.files            += Dir.glob( 'rpcd_handlers/**/**' )
     s.files            += Dir.glob( 'spec/**/**' )
     s.files            += %w(Gemfile Rakefile arachni.gemspec)
+    s.test_files        = Dir.glob( 'spec/**/**' )
     s.executables       = [ 'arachni', 'arachni_rpcd_monitor', 'arachni_rpcd',
-                          'arachni_rpc', 'arachni_console', 'arachni_script' ]
+                            'arachni_rpc', 'arachni_console', 'arachni_script',
+                            'arachni_multi' ]
     s.extra_rdoc_files  = %w(README.md ACKNOWLEDGMENTS.md LICENSE.md
                             AUTHORS.md CHANGELOG.md CONTRIBUTORS.md
@@ -55,7 +58,8 @@ Gem::Specification.new do |s|
     s.rdoc_options      = [ '--charset=UTF-8' ]
-    s.add_dependency 'bundler',         '>= 1.0.0'
+    # RPC client/server implementation.
+    s.add_dependency 'arachni-rpc-em',  '0.2'
     # HTTP interface.
     s.add_dependency 'typhoeus',        '~> 0.3.3'
@@ -84,16 +88,15 @@ Gem::Specification.new do |s|
     # Outputting data in table format (arachni_rpcd_monitor).
     s.add_dependency 'terminal-table',  '>= 1.4.2'
-    # RPC client/server implementation.
-    s.add_dependency 'arachni-rpc-em',  '~> 0.1.3'
     # For CLI interfaces.
     s.add_dependency 'highline'
+    s.add_development_dependency 'bundler'
     s.add_development_dependency 'rake'
     s.add_development_dependency 'rspec'
     # For test mini-servers.
+    s.add_development_dependency 'thin'
     s.add_development_dependency 'sinatra',         '~> 1.3.2'
     s.add_development_dependency 'sinatra-contrib', '~> 1.3.1'

data/bin/arachni_multi ADDED

@@ -0,0 +1,23 @@
+#!/usr/bin/env ruby
+=begin
+    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+        http://www.apache.org/licenses/LICENSE-2.0
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
+require_relative '../lib/arachni'
+Arachni::Options.parse
+require Arachni::Options.dir['lib'] + 'ui/cli/rpc/local'
+Arachni::UI::CLI::RPC::Local.new