arachni 0.4.2 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/ACKNOWLEDGMENTS.md +3 -0
- data/CHANGELOG.md +181 -1
- data/README.md +68 -14
- data/Rakefile +1 -5
- data/arachni.gemspec +9 -6
- data/bin/arachni_multi +23 -0
- data/bin/arachni_rpc +2 -2
- data/bin/arachni_rpcd_monitor +1 -1
- data/fingerprinters/frameworks/rack.rb +41 -0
- data/fingerprinters/languages/asp.rb +42 -0
- data/fingerprinters/languages/aspx.rb +63 -0
- data/fingerprinters/languages/jsp.rb +44 -0
- data/fingerprinters/languages/php.rb +43 -0
- data/fingerprinters/languages/python.rb +40 -0
- data/fingerprinters/languages/ruby.rb +41 -0
- data/fingerprinters/os/bsd.rb +36 -0
- data/fingerprinters/os/linux.rb +42 -0
- data/fingerprinters/os/solaris.rb +41 -0
- data/fingerprinters/os/unix.rb +36 -0
- data/fingerprinters/os/windows.rb +41 -0
- data/fingerprinters/servers/apache.rb +36 -0
- data/fingerprinters/servers/iis.rb +36 -0
- data/fingerprinters/servers/jetty.rb +36 -0
- data/fingerprinters/servers/nginx.rb +36 -0
- data/fingerprinters/servers/tomcat.rb +36 -0
- data/lib/arachni/audit_store.rb +3 -4
- data/lib/arachni/banner.rb +0 -2
- data/lib/arachni/element/base.rb +25 -35
- data/lib/arachni/element/capabilities/auditable.rb +265 -133
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +14 -4
- data/lib/arachni/element/capabilities/auditable/taint.rb +32 -10
- data/lib/arachni/element/capabilities/auditable/timeout.rb +59 -29
- data/lib/arachni/element/cookie.rb +4 -3
- data/lib/arachni/element/form.rb +1 -5
- data/lib/arachni/element/header.rb +10 -0
- data/lib/arachni/element/link.rb +0 -1
- data/lib/arachni/element_filter.rb +2 -2
- data/lib/arachni/framework.rb +37 -13
- data/lib/arachni/http.rb +3 -2
- data/lib/arachni/issue.rb +27 -0
- data/lib/arachni/module.rb +16 -0
- data/lib/arachni/module/auditor.rb +107 -70
- data/lib/arachni/module/base.rb +1 -1
- data/lib/arachni/module/key_filler.rb +26 -39
- data/lib/arachni/module/manager.rb +53 -56
- data/lib/arachni/options.rb +126 -19
- data/lib/arachni/page.rb +41 -42
- data/lib/arachni/parser.rb +91 -139
- data/lib/arachni/platform.rb +19 -0
- data/lib/arachni/platform/fingerprinter.rb +100 -0
- data/lib/arachni/platform/list.rb +293 -0
- data/lib/arachni/platform/manager.rb +435 -0
- data/lib/arachni/platforms.rb +498 -0
- data/lib/arachni/plugin.rb +17 -1
- data/lib/arachni/plugin/manager.rb +35 -36
- data/lib/arachni/processes.rb +27 -0
- data/lib/arachni/processes/dispatchers.rb +149 -0
- data/lib/arachni/processes/helpers.rb +19 -0
- data/lib/arachni/processes/helpers/dispatchers.rb +45 -0
- data/lib/arachni/processes/helpers/instances.rb +51 -0
- data/lib/arachni/processes/helpers/processes.rb +51 -0
- data/lib/arachni/processes/instances.rb +196 -0
- data/lib/arachni/processes/manager.rb +129 -0
- data/lib/arachni/report.rb +16 -0
- data/lib/arachni/rpc/client/base.rb +9 -1
- data/lib/arachni/rpc/server/base.rb +1 -0
- data/lib/arachni/rpc/server/dispatcher.rb +60 -24
- data/lib/arachni/rpc/server/dispatcher/handler.rb +4 -2
- data/lib/arachni/rpc/server/dispatcher/node.rb +8 -3
- data/lib/arachni/rpc/server/framework.rb +70 -772
- data/lib/arachni/rpc/server/{distributor.rb → framework/distributor.rb} +150 -117
- data/lib/arachni/rpc/server/framework/master.rb +470 -0
- data/lib/arachni/rpc/server/framework/multi_instance.rb +267 -0
- data/lib/arachni/rpc/server/framework/slave.rb +159 -0
- data/lib/arachni/rpc/server/instance.rb +187 -109
- data/lib/arachni/rpc/server/spider.rb +136 -38
- data/lib/arachni/ruby.rb +19 -0
- data/lib/arachni/ruby/hash.rb +62 -0
- data/lib/arachni/ruby/io.rb +49 -0
- data/lib/arachni/ruby/set.rb +27 -0
- data/lib/arachni/ruby/string.rb +17 -2
- data/lib/arachni/spider.rb +60 -38
- data/lib/arachni/support.rb +26 -0
- data/lib/arachni/support/buffer.rb +19 -0
- data/lib/arachni/support/buffer/autoflush.rb +79 -0
- data/lib/arachni/{buffer → support/buffer}/base.rb +1 -1
- data/lib/arachni/{cache.rb → support/cache.rb} +1 -1
- data/lib/arachni/{cache → support/cache}/base.rb +7 -9
- data/lib/arachni/{cache → support/cache}/least_cost_replacement.rb +7 -1
- data/lib/arachni/{cache → support/cache}/least_recently_used.rb +10 -34
- data/lib/arachni/{cache → support/cache}/preference.rb +8 -3
- data/lib/arachni/{cache → support/cache}/random_replacement.rb +8 -3
- data/lib/arachni/support/crypto.rb +18 -0
- data/lib/arachni/{crypto → support/crypto}/rsa_aes_cbc.rb +7 -4
- data/lib/arachni/support/database.rb +20 -0
- data/lib/arachni/support/database/base.rb +124 -0
- data/lib/arachni/{database → support/database}/hash.rb +1 -1
- data/lib/arachni/{database → support/database}/queue.rb +1 -1
- data/lib/arachni/support/lookup.rb +20 -0
- data/lib/arachni/support/lookup/base.rb +91 -0
- data/lib/arachni/support/lookup/hash_set.rb +42 -0
- data/lib/arachni/support/lookup/moolb.rb +66 -0
- data/lib/arachni/support/queue.rb +18 -0
- data/lib/arachni/support/queue/disk.rb +171 -0
- data/lib/arachni/trainer.rb +2 -2
- data/lib/arachni/ui/cli/cli.rb +22 -0
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +7 -3
- data/lib/arachni/ui/cli/rpc/{rpc.rb → instance.rb} +69 -97
- data/lib/arachni/ui/cli/rpc/local.rb +80 -0
- data/lib/arachni/ui/cli/rpc/remote.rb +134 -0
- data/lib/arachni/ui/cli/utilities.rb +40 -5
- data/lib/arachni/ui/foo/output.rb +19 -16
- data/lib/arachni/uri.rb +35 -5
- data/lib/arachni/utilities.rb +5 -39
- data/lib/version +1 -1
- data/logs/Dispatcher - 21448-7331.log +17 -0
- data/logs/Dispatcher - 21645-1111.log +13 -0
- data/logs/Dispatcher - 21673-1111.log +21 -0
- data/modules/audit/code_injection.rb +21 -20
- data/modules/audit/code_injection_timing.rb +15 -13
- data/modules/audit/os_cmd_injection.rb +14 -10
- data/modules/audit/os_cmd_injection_timing.rb +12 -12
- data/modules/audit/path_traversal.rb +52 -47
- data/modules/audit/rfi.rb +25 -18
- data/modules/audit/sqli.rb +10 -10
- data/modules/audit/sqli_blind_rdiff.rb +3 -3
- data/modules/audit/sqli_blind_timing.rb +10 -10
- data/modules/audit/sqli_blind_timing/mssql.txt +9 -0
- data/modules/audit/sqli_blind_timing/mysql.txt +32 -0
- data/modules/audit/sqli_blind_timing/pgsql.txt +28 -0
- data/modules/audit/trainer.rb +7 -4
- data/modules/audit/unvalidated_redirect.rb +13 -11
- data/modules/audit/xpath.rb +10 -6
- data/modules/audit/xss_tag.rb +10 -3
- data/modules/recon/grep/html_objects.rb +9 -4
- data/plugins/defaults/content_types.rb +3 -3
- data/plugins/defaults/meta/remedies/timing_attacks.rb +4 -2
- data/plugins/defaults/meta/uniformity.rb +4 -3
- data/plugins/proxy.rb +42 -132
- data/plugins/proxy/panel/panel.html.erb +6 -0
- data/plugins/proxy/panel/vectors.yml.erb +9 -0
- data/plugins/proxy/server.rb +41 -10
- data/plugins/proxy/template_scope.rb +138 -0
- data/plugins/vector_feed.rb +12 -12
- data/reports/html.rb +1 -0
- data/spec/arachni/audit_store_spec.rb +1 -1
- data/spec/arachni/component/manager_spec.rb +10 -57
- data/spec/arachni/component/options/address_spec.rb +1 -1
- data/spec/arachni/component/options/base_spec.rb +1 -1
- data/spec/arachni/component/options/bool_spec.rb +1 -1
- data/spec/arachni/component/options/enum_spec.rb +1 -1
- data/spec/arachni/component/options/float_spec.rb +1 -1
- data/spec/arachni/component/options/int_spec.rb +1 -1
- data/spec/arachni/component/options/path_spec.rb +1 -1
- data/spec/arachni/component/options/port_spec.rb +1 -1
- data/spec/arachni/component/options/string_spec.rb +1 -1
- data/spec/arachni/component/options/url_spec.rb +1 -1
- data/spec/arachni/element/base_spec.rb +16 -5
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +11 -3
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +27 -3
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +32 -3
- data/spec/arachni/element/capabilities/mutable_spec.rb +1 -1
- data/spec/arachni/element/cookie_spec.rb +21 -7
- data/spec/arachni/element/form_spec.rb +7 -58
- data/spec/arachni/element/header_spec.rb +15 -3
- data/spec/arachni/element/link_spec.rb +3 -26
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +1 -1
- data/spec/arachni/element_filter_spec.rb +1 -1
- data/spec/arachni/{error.rb → error_spec.rb} +1 -1
- data/spec/arachni/framework_spec.rb +127 -50
- data/spec/arachni/http/cookie_jar_spec.rb +9 -42
- data/spec/arachni/http_spec.rb +9 -21
- data/spec/arachni/issue_spec.rb +29 -1
- data/spec/arachni/mixins/observable_spec.rb +4 -6
- data/spec/arachni/mixins/progress_bar_spec.rb +1 -1
- data/spec/arachni/module/auditor_spec.rb +17 -5
- data/spec/arachni/module/key_filler.rb +33 -8
- data/spec/arachni/module/manager_spec.rb +1 -3
- data/spec/arachni/module/utilities_spec.rb +1 -1
- data/spec/arachni/options_spec.rb +185 -1
- data/spec/arachni/page_spec.rb +16 -3
- data/spec/arachni/parser_spec.rb +27 -123
- data/spec/arachni/platform/fingerprinter_spec.rb +159 -0
- data/spec/arachni/platform/list_spec.rb +399 -0
- data/spec/arachni/platform/manager_spec.rb +373 -0
- data/spec/arachni/plugin/manager_spec.rb +6 -29
- data/spec/arachni/report/base_spec.rb +2 -2
- data/spec/arachni/report/manager_spec.rb +2 -2
- data/spec/arachni/rpc/client/base_spec.rb +22 -27
- data/spec/arachni/rpc/client/dispatcher_spec.rb +4 -15
- data/spec/arachni/rpc/client/instance_spec.rb +3 -11
- data/spec/arachni/rpc/server/active_options_spec.rb +2 -17
- data/spec/arachni/rpc/server/base_spec.rb +23 -7
- data/spec/arachni/rpc/server/dispatcher/handler_spec.rb +4 -21
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +30 -8
- data/spec/arachni/rpc/server/dispatcher_spec.rb +130 -70
- data/spec/arachni/rpc/server/{distributor_spec.rb → framework/distributor_spec.rb} +95 -130
- data/spec/arachni/rpc/server/framework_hpg_spec.rb +38 -99
- data/spec/arachni/rpc/server/framework_simple_spec.rb +38 -71
- data/spec/arachni/rpc/server/instance_spec.rb +183 -135
- data/spec/arachni/rpc/server/modules/manager_spec.rb +18 -50
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +12 -36
- data/spec/arachni/rpc/server/spider_spec.rb +23 -48
- data/spec/arachni/ruby/array_spec.rb +1 -1
- data/spec/arachni/ruby/enumerable_spec.rb +1 -1
- data/spec/arachni/ruby/hash_spec.rb +70 -0
- data/spec/arachni/ruby/io_spec.rb +26 -0
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +15 -0
- data/spec/arachni/ruby/string_spec.rb +18 -1
- data/spec/arachni/ruby/webrick_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +3 -3
- data/spec/arachni/spider_spec.rb +30 -6
- data/spec/arachni/{buffer → support/buffer}/autoflush_spec.rb +7 -12
- data/spec/arachni/{buffer → support/buffer}/base_spec.rb +19 -23
- data/spec/arachni/{cache → support/cache}/base_spec.rb +7 -7
- data/spec/arachni/{cache → support/cache}/least_cost_replacement_spec.rb +3 -3
- data/spec/arachni/{cache → support/cache}/least_recently_used_spec.rb +3 -3
- data/spec/arachni/{cache → support/cache}/preference_spec.rb +3 -3
- data/spec/arachni/{cache → support/cache}/random_replacement_spec.rb +3 -3
- data/spec/arachni/{crypto → support/crypto}/rsa_aes_cbc_spec.rb +3 -5
- data/spec/arachni/{database → support/database}/hash_spec.rb +4 -5
- data/spec/arachni/{database → support/database}/queue_spec.rb +3 -4
- data/spec/arachni/support/lookup/hash_set_spec.rb +5 -0
- data/spec/arachni/support/lookup/moolb_spec.rb +41 -0
- data/spec/arachni/support/queue/disk_spec.rb +116 -0
- data/spec/arachni/trainer_spec.rb +6 -2
- data/spec/arachni/typhoeus/hydra_spec.rb +1 -1
- data/spec/arachni/typhoeus/requrest_spec.rb +1 -1
- data/spec/arachni/typhoeus/response_spec.rb +1 -1
- data/spec/arachni/uri_spec.rb +72 -38
- data/spec/arachni/utilities_spec.rb +6 -46
- data/spec/fingerprinters/frameworks/rack_spec.rb +41 -0
- data/spec/fingerprinters/languages/asp_spec.rb +40 -0
- data/spec/fingerprinters/languages/aspx_spec.rb +78 -0
- data/spec/fingerprinters/languages/jsp_spec.rb +58 -0
- data/spec/fingerprinters/languages/php_spec.rb +61 -0
- data/spec/fingerprinters/languages/python_spec.rb +23 -0
- data/spec/fingerprinters/languages/ruby.rb +34 -0
- data/spec/fingerprinters/os/bsd_spec.rb +26 -0
- data/spec/fingerprinters/os/linux_spec.rb +34 -0
- data/spec/fingerprinters/os/solaris_spec.rb +34 -0
- data/spec/fingerprinters/os/unix_spec.rb +26 -0
- data/spec/fingerprinters/os/windows_spec.rb +34 -0
- data/spec/fingerprinters/servers/apache_spec.rb +26 -0
- data/spec/fingerprinters/servers/iis_spec.rb +28 -0
- data/spec/fingerprinters/servers/jetty_spec.rb +28 -0
- data/spec/fingerprinters/servers/nginx_spec.rb +26 -0
- data/spec/fingerprinters/servers/tomcat_spec.rb +28 -0
- data/spec/modules/audit/code_injection_spec.rb +2 -2
- data/spec/modules/audit/code_injection_timing_spec.rb +1 -1
- data/spec/modules/audit/csrf_spec.rb +1 -1
- data/spec/modules/audit/ldapi_spec.rb +1 -1
- data/spec/modules/audit/os_cmd_injection_spec.rb +1 -1
- data/spec/modules/audit/os_cmd_injection_timing_spec.rb +2 -2
- data/spec/modules/audit/path_traversal_spec.rb +1 -1
- data/spec/modules/audit/response_splitting_spec.rb +1 -1
- data/spec/modules/audit/rfi_spec.rb +1 -1
- data/spec/modules/audit/session_fixation_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_timing_spec.rb +4 -4
- data/spec/modules/audit/sqli_spec.rb +2 -2
- data/spec/modules/audit/trainer_spec.rb +11 -1
- data/spec/modules/audit/unvalidated_redirect_spec.rb +1 -1
- data/spec/modules/audit/xpath_spec.rb +1 -1
- data/spec/modules/audit/xss_event_spec.rb +1 -1
- data/spec/modules/audit/xss_path_spec.rb +1 -1
- data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
- data/spec/modules/audit/xss_spec.rb +1 -1
- data/spec/modules/audit/xss_tag_spec.rb +1 -1
- data/spec/modules/recon/allowed_methods_spec.rb +1 -1
- data/spec/modules/recon/backdoors_spec.rb +1 -1
- data/spec/modules/recon/backup_files_spec.rb +1 -1
- data/spec/modules/recon/common_directories_spec.rb +1 -1
- data/spec/modules/recon/common_files_spec.rb +1 -1
- data/spec/modules/recon/directory_listing_spec.rb +1 -1
- data/spec/modules/recon/grep/captcha_spec.rb +1 -1
- data/spec/modules/recon/grep/credit_card_spec.rb +1 -1
- data/spec/modules/recon/grep/cvs_svn_users_spec.rb +1 -1
- data/spec/modules/recon/grep/emails_spec.rb +1 -1
- data/spec/modules/recon/grep/html_objects_spec.rb +1 -1
- data/spec/modules/recon/grep/http_only_cookies_spec.rb +1 -1
- data/spec/modules/recon/grep/insecure_cookies_spec.rb +1 -1
- data/spec/modules/recon/grep/mixed_resource_spec.rb +1 -1
- data/spec/modules/recon/grep/password_autocomplete_spec.rb +1 -1
- data/spec/modules/recon/grep/private_ip_spec.rb +1 -1
- data/spec/modules/recon/grep/ssn_spec.rb +1 -1
- data/spec/modules/recon/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/modules/recon/htaccess_limit_spec.rb +1 -1
- data/spec/modules/recon/http_put_spec.rb +1 -1
- data/spec/modules/recon/interesting_responses_spec.rb +1 -1
- data/spec/modules/recon/webdav_spec.rb +1 -1
- data/spec/modules/recon/xst_spec.rb +1 -1
- data/spec/path_extractors/anchors_spec.rb +1 -1
- data/spec/path_extractors/areas_spec.rb +1 -1
- data/spec/path_extractors/forms_spec.rb +1 -1
- data/spec/path_extractors/frames_spec.rb +1 -1
- data/spec/path_extractors/generic_spec.rb +1 -1
- data/spec/path_extractors/links_spec.rb +1 -1
- data/spec/path_extractors/meta_refresh_spec.rb +1 -1
- data/spec/path_extractors/scripts_spec.rb +1 -1
- data/spec/plugins/autologin_spec.rb +1 -1
- data/spec/plugins/autothrottle_spec.rb +2 -2
- data/spec/plugins/content_types_spec.rb +1 -1
- data/spec/plugins/cookie_collector_spec.rb +1 -1
- data/spec/plugins/form_dicattack_spec.rb +7 -7
- data/spec/plugins/healthmap_spec.rb +1 -1
- data/spec/plugins/http_dicattack_spec.rb +6 -6
- data/spec/plugins/meta/remedies/discovery_spec.rb +1 -1
- data/spec/plugins/meta/remedies/timing_attacks_spec.rb +1 -1
- data/spec/plugins/meta/uniformity_spec.rb +1 -1
- data/spec/plugins/profiler_spec.rb +3 -3
- data/spec/plugins/rescan_spec.rb +3 -3
- data/spec/plugins/resolver_spec.rb +1 -1
- data/spec/plugins/script_spec.rb +2 -2
- data/spec/plugins/vector_feed_spec.rb +13 -1
- data/spec/plugins/waf_detector_spec.rb +2 -2
- data/spec/reports/afr_spec.rb +1 -1
- data/spec/reports/ap_spec.rb +1 -1
- data/spec/reports/html_spec.rb +1 -1
- data/spec/reports/json_spec.rb +1 -1
- data/spec/reports/marshal_spec.rb +1 -1
- data/spec/reports/stdout_spec.rb +1 -1
- data/spec/reports/txt_spec.rb +1 -1
- data/spec/reports/xml_spec.rb +1 -1
- data/spec/reports/yaml_spec.rb +1 -1
- data/spec/spec_helper.rb +27 -32
- data/spec/{fixtures → support/fixtures}/auditstore.afr +0 -0
- data/spec/{fixtures → support/fixtures}/cookies.txt +0 -0
- data/spec/support/fixtures/fingerprinters/test.rb +36 -0
- data/spec/{fixtures → support/fixtures}/modules/test.rb +0 -0
- data/spec/{fixtures → support/fixtures}/modules/test2.rb +0 -0
- data/spec/{fixtures → support/fixtures}/modules/test3.rb +0 -0
- data/spec/{fixtures → support/fixtures}/passwords.txt +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/bad.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/defaults/default.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/distributable.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/loop.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/spider_hook.rb +1 -0
- data/spec/{fixtures → support/fixtures}/plugins/wait.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/with_options.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/with_formatters.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/with_outfile.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/without_outfile.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/manager_spec/afr.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/manager_spec/foo.rb +0 -0
- data/spec/{fixtures → support/fixtures}/rescan.afr.tpl +0 -0
- data/spec/{fixtures → support/fixtures}/rpcd_handlers/echo.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/body.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/cookies.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/empty.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/flch.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/forms.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/headers.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/links.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/nil.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/path.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/server.rb +0 -0
- data/spec/{fixtures → support/fixtures}/script_plugin.rb +0 -0
- data/spec/{fixtures → support/fixtures}/taint_module/taint.rb +0 -0
- data/spec/{fixtures → support/fixtures}/usernames.txt +0 -0
- data/spec/{fixtures → support/fixtures}/wait_module/wait.rb +0 -0
- data/spec/{helpers → support/helpers}/auditor.rb +0 -0
- data/spec/support/helpers/framework.rb +19 -0
- data/spec/support/helpers/misc.rb +19 -0
- data/spec/support/helpers/paths.rb +31 -0
- data/spec/support/helpers/requires.rb +24 -0
- data/spec/support/helpers/resets.rb +42 -0
- data/spec/support/helpers/web_server.rb +27 -0
- data/spec/support/lib/web_server_manager.rb +120 -0
- data/spec/support/logs/Dispatcher - 11642-42685.log +9 -0
- data/spec/support/logs/Dispatcher - 11669-58445.log +21 -0
- data/spec/support/logs/Dispatcher - 11803-19013.log +9 -0
- data/spec/support/logs/Dispatcher - 11813-58646.log +19 -0
- data/spec/support/logs/Dispatcher - 11822-1913.log +17 -0
- data/spec/support/logs/Dispatcher - 11831-60571.log +13 -0
- data/spec/support/logs/Dispatcher - 11840-20151.log +9 -0
- data/spec/support/logs/Dispatcher - 11850-21796.log +9 -0
- data/spec/support/logs/Dispatcher - 11859-47650.log +11 -0
- data/spec/support/logs/Dispatcher - 11872-13669.log +11 -0
- data/spec/support/logs/Dispatcher - 11885-40034.log +35 -0
- data/spec/support/logs/Dispatcher - 11946-10629.log +21 -0
- data/spec/support/logs/Dispatcher - 11955-55497.log +21 -0
- data/spec/support/logs/Dispatcher - 11964-33080.log +23 -0
- data/spec/support/logs/Dispatcher - 12005-28558.log +19 -0
- data/spec/support/logs/Dispatcher - 12014-59368.log +17 -0
- data/spec/support/logs/Dispatcher - 12023-41547.log +15 -0
- data/spec/support/logs/Dispatcher - 12037-54838.log +11 -0
- data/spec/support/logs/Dispatcher - 12050-38840.log +9 -0
- data/spec/support/logs/Dispatcher - 12059-7283.log +9 -0
- data/spec/support/logs/Dispatcher - 12068-19765.log +9 -0
- data/spec/support/logs/Dispatcher - 12077-24147.log +9 -0
- data/spec/support/logs/Dispatcher - 12086-60404.log +11 -0
- data/spec/support/logs/Dispatcher - 12099-43307.log +9 -0
- data/spec/support/logs/Dispatcher - 12109-9701.log +9 -0
- data/spec/support/logs/Dispatcher - 12162-19782.log +63 -0
- data/spec/support/logs/Dispatcher - 12171-35883.log +43 -0
- data/spec/support/logs/Dispatcher - 12180-6456.log +39 -0
- data/spec/support/logs/Dispatcher - 12189-64516.log +34 -0
- data/spec/support/logs/Dispatcher - 12198-50800.log +28 -0
- data/spec/support/logs/Dispatcher - 12207-6148.log +21 -0
- data/spec/support/logs/Dispatcher - 12216-45994.log +13 -0
- data/spec/support/logs/Dispatcher - 12226-59932.log +9 -0
- data/spec/support/logs/Dispatcher - 12369-42683.log +19 -0
- data/spec/support/logs/Dispatcher - 12379-51205.log +21 -0
- data/spec/support/logs/Dispatcher - 12388-15229.log +15 -0
- data/spec/support/logs/Dispatcher - 12401-35502.log +19 -0
- data/spec/support/logs/Dispatcher - 12410-3386.log +21 -0
- data/spec/support/logs/Dispatcher - 12419-16056.log +15 -0
- data/spec/support/logs/Dispatcher - 12540-25763.log +17 -0
- data/spec/support/logs/Dispatcher - 12549-49234.log +21 -0
- data/spec/support/logs/Dispatcher - 12558-61027.log +13 -0
- data/spec/support/logs/Dispatcher - 12571-34789.log +19 -0
- data/spec/support/logs/Dispatcher - 12580-27968.log +21 -0
- data/spec/support/logs/Dispatcher - 12589-38100.log +15 -0
- data/spec/support/logs/Dispatcher - 12643-8172.log +17 -0
- data/spec/support/logs/Dispatcher - 12652-44715.log +21 -0
- data/spec/support/logs/Dispatcher - 12661-40547.log +13 -0
- data/spec/support/logs/Dispatcher - 12674-20100.log +17 -0
- data/spec/support/logs/Dispatcher - 12683-57063.log +21 -0
- data/spec/support/logs/Dispatcher - 12692-20974.log +13 -0
- data/spec/support/logs/Dispatcher - 12920-24047.log +19 -0
- data/spec/support/logs/Dispatcher - 12929-13265.log +21 -0
- data/spec/support/logs/Dispatcher - 12938-38472.log +15 -0
- data/spec/support/logs/Dispatcher - 12962-47051.log +21 -0
- data/spec/support/logs/Dispatcher - 12971-48844.log +25 -0
- data/spec/support/logs/Dispatcher - 12980-2331.log +15 -0
- data/spec/support/logs/Dispatcher - 13016-57455.log +17 -0
- data/spec/support/logs/Dispatcher - 13025-44069.log +21 -0
- data/spec/support/logs/Dispatcher - 13034-59986.log +13 -0
- data/spec/support/logs/Dispatcher - 13047-17338.log +21 -0
- data/spec/support/logs/Dispatcher - 13056-57124.log +25 -0
- data/spec/support/logs/Dispatcher - 13065-3014.log +15 -0
- data/spec/support/logs/Dispatcher - 13101-42040.log +17 -0
- data/spec/support/logs/Dispatcher - 13110-29137.log +21 -0
- data/spec/support/logs/Dispatcher - 13119-52878.log +13 -0
- data/spec/support/logs/Dispatcher - 13132-20646.log +17 -0
- data/spec/support/logs/Dispatcher - 13141-21629.log +21 -0
- data/spec/support/logs/Dispatcher - 13150-42002.log +13 -0
- data/spec/support/logs/Dispatcher - 8291-38888.log +9 -0
- data/spec/support/logs/Dispatcher - 8325-2241.log +21 -0
- data/spec/support/logs/Dispatcher - 8458-40239.log +9 -0
- data/spec/support/logs/Dispatcher - 8468-26555.log +19 -0
- data/spec/support/logs/Dispatcher - 8477-28819.log +17 -0
- data/spec/support/logs/Dispatcher - 8486-36985.log +13 -0
- data/spec/support/logs/Dispatcher - 8495-59407.log +9 -0
- data/spec/support/logs/Dispatcher - 8504-27479.log +9 -0
- data/spec/support/logs/Dispatcher - 8513-51807.log +11 -0
- data/spec/support/logs/Dispatcher - 8526-53739.log +11 -0
- data/spec/support/logs/Dispatcher - 8539-55908.log +35 -0
- data/spec/support/logs/Dispatcher - 8603-24287.log +21 -0
- data/spec/support/logs/Dispatcher - 8612-37320.log +21 -0
- data/spec/support/logs/Dispatcher - 8621-60797.log +23 -0
- data/spec/support/logs/Dispatcher - 8662-56395.log +19 -0
- data/spec/support/logs/Dispatcher - 8671-54268.log +17 -0
- data/spec/support/logs/Dispatcher - 8680-32387.log +15 -0
- data/spec/support/logs/Dispatcher - 8693-60728.log +11 -0
- data/spec/support/logs/Dispatcher - 8706-53092.log +9 -0
- data/spec/support/logs/Dispatcher - 8715-35576.log +9 -0
- data/spec/support/logs/Dispatcher - 8724-9842.log +9 -0
- data/spec/support/logs/Dispatcher - 8734-37290.log +9 -0
- data/spec/support/logs/Dispatcher - 8743-46516.log +11 -0
- data/spec/support/logs/Dispatcher - 8756-59294.log +9 -0
- data/spec/support/logs/Dispatcher - 8765-16318.log +9 -0
- data/spec/support/logs/Dispatcher - 8818-35968.log +63 -0
- data/spec/support/logs/Dispatcher - 8827-57068.log +43 -0
- data/spec/support/logs/Dispatcher - 8836-31238.log +39 -0
- data/spec/support/logs/Dispatcher - 8845-48148.log +34 -0
- data/spec/support/logs/Dispatcher - 8854-17355.log +28 -0
- data/spec/support/logs/Dispatcher - 8863-6616.log +21 -0
- data/spec/support/logs/Dispatcher - 8872-1373.log +13 -0
- data/spec/support/logs/Dispatcher - 8882-40014.log +9 -0
- data/spec/support/logs/Dispatcher - 8989-17108.log +19 -0
- data/spec/support/logs/Dispatcher - 9000-23195.log +21 -0
- data/spec/support/logs/Dispatcher - 9009-33836.log +15 -0
- data/spec/support/logs/Dispatcher - 9022-55515.log +19 -0
- data/spec/support/logs/Dispatcher - 9031-51301.log +21 -0
- data/spec/support/logs/Dispatcher - 9040-10025.log +15 -0
- data/spec/support/logs/Dispatcher - 9180-20874.log +17 -0
- data/spec/support/logs/Dispatcher - 9189-29826.log +21 -0
- data/spec/support/logs/Dispatcher - 9198-21818.log +13 -0
- data/spec/support/logs/Dispatcher - 9211-64830.log +19 -0
- data/spec/support/logs/Dispatcher - 9220-2570.log +21 -0
- data/spec/support/logs/Dispatcher - 9229-45654.log +15 -0
- data/spec/support/logs/Dispatcher - 9286-1284.log +17 -0
- data/spec/support/logs/Dispatcher - 9295-58545.log +21 -0
- data/spec/support/logs/Dispatcher - 9304-52355.log +13 -0
- data/spec/support/logs/Dispatcher - 9317-58138.log +17 -0
- data/spec/support/logs/Dispatcher - 9326-39184.log +21 -0
- data/spec/support/logs/Dispatcher - 9336-44714.log +13 -0
- data/spec/support/logs/Dispatcher - 9555-26114.log +19 -0
- data/spec/support/logs/Dispatcher - 9564-2270.log +21 -0
- data/spec/support/logs/Dispatcher - 9573-26148.log +15 -0
- data/spec/support/logs/Dispatcher - 9597-62247.log +21 -0
- data/spec/support/logs/Dispatcher - 9606-16162.log +25 -0
- data/spec/support/logs/Dispatcher - 9615-8643.log +15 -0
- data/spec/support/logs/Dispatcher - 9651-49224.log +17 -0
- data/spec/support/logs/Dispatcher - 9660-4390.log +21 -0
- data/spec/support/logs/Dispatcher - 9669-18266.log +13 -0
- data/spec/support/logs/Dispatcher - 9682-44582.log +21 -0
- data/spec/support/logs/Dispatcher - 9691-15941.log +25 -0
- data/spec/support/logs/Dispatcher - 9700-22186.log +15 -0
- data/spec/support/logs/Dispatcher - 9736-29672.log +17 -0
- data/spec/support/logs/Dispatcher - 9745-33231.log +21 -0
- data/spec/support/logs/Dispatcher - 9754-48381.log +13 -0
- data/spec/support/logs/Dispatcher - 9767-29812.log +17 -0
- data/spec/support/logs/Dispatcher - 9776-9894.log +21 -0
- data/spec/support/logs/Dispatcher - 9785-1421.log +13 -0
- data/spec/support/logs/Instance - 12384-38605.error.log +328 -0
- data/spec/support/logs/Instance - 12657-2379.error.log +328 -0
- data/spec/support/logs/Instance - 12688-50940.error.log +427 -0
- data/spec/support/logs/Instance - 12708-13716.error.log +326 -0
- data/spec/support/logs/Instance - 12714-45400.error.log +328 -0
- data/spec/support/logs/Instance - 12848-32645.error.log +326 -0
- data/spec/support/logs/Instance - 9005-21883.error.log +328 -0
- data/spec/support/logs/Instance - 9300-33102.error.log +328 -0
- data/spec/support/logs/Instance - 9331-48336.error.log +427 -0
- data/spec/support/logs/Instance - 9352-62807.error.log +326 -0
- data/spec/support/logs/Instance - 9358-45154.error.log +328 -0
- data/spec/support/logs/Instance - 9487-8746.error.log +326 -0
- data/spec/{logs → support/logs}/placeholder +0 -0
- data/spec/{pems → support/pems}/cacert.pem +0 -0
- data/spec/{pems → support/pems}/client/cert.pem +0 -0
- data/spec/{pems → support/pems}/client/foo-cert.pem +0 -0
- data/spec/{pems → support/pems}/client/foo-key.pem +0 -0
- data/spec/{pems → support/pems}/client/key.pem +0 -0
- data/spec/{pems → support/pems}/server/cert.pem +0 -0
- data/spec/{pems → support/pems}/server/key.pem +0 -0
- data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/rdiff.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/taint.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/timeout.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/cookie.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/form.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/header.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/link.rb +0 -0
- data/spec/{servers → support/servers}/arachni/framework.rb +0 -0
- data/spec/{servers → support/servers}/arachni/http.rb +0 -0
- data/spec/{servers → support/servers}/arachni/http_auth.rb +0 -0
- data/spec/{servers → support/servers}/arachni/module/auditor.rb +0 -0
- data/spec/{servers → support/servers}/arachni/parser.rb +0 -0
- data/spec/{servers → support/servers}/arachni/rpc/server/framework_hpg.rb +0 -1
- data/spec/{servers → support/servers}/arachni/rpc/server/framework_simple.rb +0 -0
- data/spec/{servers → support/servers}/arachni/session.rb +0 -0
- data/spec/{servers → support/servers}/arachni/spider.rb +0 -0
- data/spec/{servers → support/servers}/arachni/spider_https.rb +0 -0
- data/spec/{servers → support/servers}/arachni/trainer.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/code_injection.rb +3 -4
- data/spec/{servers → support/servers}/modules/audit/code_injection_timing.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/csrf.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/ldapi.rb +1 -1
- data/spec/{servers → support/servers}/modules/audit/os_cmd_injection.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/os_cmd_injection_timing.rb +1 -10
- data/spec/{servers → support/servers}/modules/audit/path_traversal.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/response_splitting.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/rfi.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/session_fixation.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli.rb +1 -1
- data/spec/{servers → support/servers}/modules/audit/sqli/coldfusion +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/db2 +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/emc +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/informix +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/interbase +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/jdbc +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/mssql +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/mysql +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/oracle +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/postgresql +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/sqlite +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/sybase +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli_blind_rdiff.rb +1 -1
- data/spec/{servers → support/servers}/modules/audit/sqli_blind_timing.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/trainer_module.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/unvalidated_redirect.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/dotnet +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/general +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/java +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/libxml2 +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/php +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_event.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_path.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_script_tag.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_tag.rb +0 -0
- data/spec/{servers → support/servers}/modules/module_server.rb +1 -1
- data/spec/{servers → support/servers}/modules/recon/allowed_methods.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/backdoors.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/backup_files.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/common_directories.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/common_files.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/directory_listing.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/captcha.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/credit_card.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/cvs_svn_users.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/emails.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/html_objects.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/http_only_cookies.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/insecure_cookies.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/mixed_resource.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/password_autocomplete.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/private_ip.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/ssn.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/unencrypted_password_forms.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/htaccess_limit.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/http_put.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/interesting_responses.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/webdav.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/xst.rb +0 -0
- data/spec/{servers → support/servers}/plugins/autologin.rb +0 -0
- data/spec/{servers → support/servers}/plugins/autothrottle.rb +0 -0
- data/spec/{servers → support/servers}/plugins/content_types.rb +0 -0
- data/spec/{servers → support/servers}/plugins/cookie_collector.rb +0 -0
- data/spec/{servers → support/servers}/plugins/form_dicattack.rb +0 -0
- data/spec/{servers → support/servers}/plugins/healthmap.rb +0 -0
- data/spec/{servers → support/servers}/plugins/http_dicattack.rb +0 -0
- data/spec/{servers → support/servers}/plugins/http_dicattack_secure.rb +0 -0
- data/spec/{servers → support/servers}/plugins/http_dicattack_unprotected.rb +0 -0
- data/spec/{servers → support/servers}/plugins/meta/remedies/discovery.rb +1 -1
- data/spec/{servers → support/servers}/plugins/meta/remedies/timing_attacks.rb +0 -0
- data/spec/{servers → support/servers}/plugins/profiler.rb +0 -0
- data/spec/{servers → support/servers}/plugins/rescan.rb +0 -0
- data/spec/{servers → support/servers}/plugins/waf_detector.rb +0 -0
- data/spec/{shared → support/shared}/component.rb +1 -1
- data/spec/{shared → support/shared}/element/capabilities/auditable.rb +363 -194
- data/spec/{shared → support/shared}/element/capabilities/refreshable.rb +0 -0
- data/spec/support/shared/fingerprinter.rb +14 -0
- data/spec/{shared → support/shared}/module.rb +1 -1
- data/spec/{shared → support/shared}/path_extractor.rb +0 -0
- data/spec/{shared → support/shared}/plugin.rb +0 -0
- data/spec/{shared → support/shared}/reports.rb +1 -1
- data/spec/{arachni/bloom_filter_spec.rb → support/shared/support/lookup.rb} +11 -11
- metadata +936 -199
- data/lib/arachni/bloom_filter.rb +0 -74
- data/lib/arachni/buffer.rb +0 -3
- data/lib/arachni/buffer/autoflush.rb +0 -77
- data/lib/arachni/database.rb +0 -4
- data/lib/arachni/database/base.rb +0 -131
- data/modules/audit/code_injection_timing/payloads.txt +0 -4
- data/modules/audit/os_cmd_injection/payloads.txt +0 -3
- data/modules/audit/os_cmd_injection_timing/payloads.txt +0 -2
- data/modules/audit/sqli_blind_timing/payloads.txt +0 -69
- data/spec/helpers/misc.rb +0 -41
- data/spec/helpers/processes.rb +0 -112
- data/spec/helpers/requires.rb +0 -8
- data/spec/helpers/server.rb +0 -54
data/lib/arachni/page.rb
CHANGED
@@ -21,77 +21,59 @@ module Arachni
|
|
21
21
|
#
|
22
22
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
23
23
|
#
|
24
|
-
#
|
25
24
|
class Page
|
26
25
|
|
27
|
-
#
|
28
|
-
# @return [String] url of the page
|
29
|
-
#
|
26
|
+
# @return [String] URL of the page
|
30
27
|
attr_reader :url
|
31
28
|
|
32
|
-
#
|
33
|
-
# @return [Fixnum] the HTTP response code
|
34
|
-
#
|
29
|
+
# @return [Fixnum] HTTP response code.
|
35
30
|
attr_reader :code
|
36
31
|
|
37
|
-
#
|
38
|
-
# @return [Hash] url variables
|
39
|
-
#
|
32
|
+
# @return [Hash] URL query parameters.
|
40
33
|
attr_reader :query_vars
|
41
34
|
|
42
|
-
#
|
43
|
-
# @return [String] the HTML response
|
44
|
-
#
|
35
|
+
# @return [String] HTTP response body.
|
45
36
|
attr_reader :body
|
46
37
|
|
47
|
-
#
|
48
|
-
# Request headers
|
49
|
-
#
|
50
|
-
# @return [Array<Element::Header>]
|
51
|
-
#
|
38
|
+
# @return [Array<Element::Header>] HTTP request headers.
|
52
39
|
attr_reader :headers
|
53
40
|
|
54
|
-
#
|
55
|
-
# @return [Hash]
|
56
|
-
#
|
41
|
+
# @return [Hash] HTTP request headers.
|
57
42
|
attr_reader :request_headers
|
58
43
|
|
59
|
-
#
|
60
|
-
# @return [Hash]
|
61
|
-
#
|
44
|
+
# @return [Hash] HTTP response headers.
|
62
45
|
attr_reader :response_headers
|
63
46
|
|
64
|
-
# @return [Array<String>]
|
47
|
+
# @return [Array<String>] Paths contained in this page.
|
65
48
|
attr_reader :paths
|
66
49
|
|
67
|
-
#
|
68
50
|
# @see Parser#links
|
69
|
-
#
|
70
51
|
# @return [Array<Element::Link>]
|
71
|
-
#
|
72
52
|
attr_accessor :links
|
73
53
|
|
74
|
-
#
|
75
54
|
# @see Parser#forms
|
76
|
-
#
|
77
55
|
# @return [Array<Element::Form>]
|
78
|
-
#
|
79
56
|
attr_accessor :forms
|
80
57
|
|
81
|
-
#
|
82
58
|
# @see Parser#cookies
|
83
|
-
#
|
84
59
|
# @return [Array<Element::Cookie>]
|
85
|
-
#
|
86
60
|
attr_accessor :cookies
|
87
61
|
|
88
|
-
#
|
89
|
-
# Cookies extracted from the supplied cookiejar
|
90
|
-
#
|
91
62
|
# @return [Array<Element::Cookie>]
|
92
|
-
#
|
63
|
+
# Cookies extracted from the supplied cookie-jar.
|
93
64
|
attr_accessor :cookiejar
|
94
65
|
|
66
|
+
# @param [String] url URL to fetch.
|
67
|
+
# @param [Hash] opts
|
68
|
+
# @option opts [Integer] :precision (1)
|
69
|
+
# How many times to request the page and examine changes between requests.
|
70
|
+
# Used tp identify nonce tokens etc.
|
71
|
+
# @option opts [Hash] :http HTTP {HTTP#get request} options.
|
72
|
+
# @param [Block] block
|
73
|
+
# Block to which to pass the page object. If given, the request will be
|
74
|
+
# performed asynchronously. If no block is given, the page will be fetched
|
75
|
+
# synchronously and be returned by this method.
|
76
|
+
# @return [Page]
|
95
77
|
def self.from_url( url, opts = {}, &block )
|
96
78
|
responses = []
|
97
79
|
|
@@ -110,11 +92,14 @@ class Page
|
|
110
92
|
end
|
111
93
|
end
|
112
94
|
|
95
|
+
# @param [Typhoeus::Response] res HTTP response to parse.
|
96
|
+
# @return [Page]
|
113
97
|
def self.from_response( res, opts = Options )
|
114
98
|
Parser.new( res, opts ).page
|
115
99
|
end
|
116
100
|
class << self; alias :from_http_response :from_response end
|
117
101
|
|
102
|
+
# @param [Hash] opts Hash from which to set instance attributes.
|
118
103
|
def initialize( opts = {} )
|
119
104
|
opts.each { |k, v| instance_variable_set( "@#{k}".to_sym, try_dup( v ) ) }
|
120
105
|
|
@@ -134,19 +119,28 @@ class Page
|
|
134
119
|
@body ||= ''
|
135
120
|
end
|
136
121
|
|
137
|
-
#
|
122
|
+
# @return [Platform] Applicable platforms for the page.
|
123
|
+
def platforms
|
124
|
+
Platform::Manager[@url]
|
125
|
+
end
|
126
|
+
|
127
|
+
# @return [Array] All page elements.
|
128
|
+
def elements
|
129
|
+
@links | @forms | @cookies | @headers
|
130
|
+
end
|
131
|
+
|
138
132
|
# @return [String] the request method that returned the page
|
139
|
-
#
|
140
133
|
def method( *args )
|
141
134
|
return super( *args ) if args.any?
|
142
|
-
|
143
135
|
@method
|
144
136
|
end
|
145
137
|
|
138
|
+
# @see #body
|
146
139
|
def html
|
147
140
|
@body
|
148
141
|
end
|
149
142
|
|
143
|
+
# @return [Nokogiri::HTML] Parsed {#body HTML} document.
|
150
144
|
def document
|
151
145
|
@document ||= Nokogiri::HTML( @body )
|
152
146
|
end
|
@@ -163,15 +157,19 @@ class Page
|
|
163
157
|
h.each { |k, v| instance_variable_set( k, v ) }
|
164
158
|
end
|
165
159
|
|
160
|
+
# @return [Boolean]
|
161
|
+
# `true` if the body of the page is text-base, `false` otherwise.
|
166
162
|
def text?
|
167
163
|
!!@text
|
168
164
|
end
|
169
165
|
|
166
|
+
# @return [String] Title of the page.
|
170
167
|
def title
|
171
168
|
document.css( 'title' ).first.text rescue nil
|
172
169
|
end
|
173
170
|
|
174
|
-
|
171
|
+
# @return [Hash] Converts the page data to a hash.
|
172
|
+
def to_h
|
175
173
|
instance_variables.reduce({}) do |h, iv|
|
176
174
|
if iv != :@document
|
177
175
|
h[iv.to_s.gsub( '@', '').to_sym] = try_dup( instance_variable_get( iv ) )
|
@@ -179,6 +177,7 @@ class Page
|
|
179
177
|
h
|
180
178
|
end
|
181
179
|
end
|
180
|
+
alias :to_hash :to_h
|
182
181
|
|
183
182
|
def hash
|
184
183
|
((links.map { |e| e.hash } + forms.map { |e| e.hash } +
|
data/lib/arachni/parser.rb
CHANGED
@@ -18,7 +18,7 @@ module Arachni
|
|
18
18
|
|
19
19
|
lib = Options.dir['lib']
|
20
20
|
|
21
|
-
#
|
21
|
+
# Load all available element types.
|
22
22
|
Dir.glob( lib + 'element/*.rb' ).each { |f| require f }
|
23
23
|
|
24
24
|
require lib + 'page'
|
@@ -26,27 +26,11 @@ require lib + 'utilities'
|
|
26
26
|
require lib + 'component/manager'
|
27
27
|
|
28
28
|
#
|
29
|
-
#
|
29
|
+
# HTML Parser
|
30
30
|
#
|
31
|
-
# Analyzes HTML code extracting forms, links and cookies
|
32
|
-
# depending on user opts.
|
31
|
+
# Analyzes HTML code extracting forms, links and cookies depending on user opts.
|
33
32
|
#
|
34
|
-
#
|
35
|
-
# All URLs are converted to absolute and URLs outside the domain are ignored.
|
36
|
-
#
|
37
|
-
# === Forms
|
38
|
-
# Form analysis uses both regular expressions and the Nokogiri parser
|
39
|
-
# in order to be able to handle badly written HTML code, such as not closed
|
40
|
-
# tags and tag overlaps.
|
41
|
-
#
|
42
|
-
# In order to ease audits, in addition to parsing forms into data structures
|
43
|
-
# like "select" and "option", all auditable inputs are put under the "auditable" key.
|
44
|
-
#
|
45
|
-
# === Links
|
46
|
-
# Links are extracted using the Nokogiri parser.
|
47
|
-
#
|
48
|
-
# === Cookies
|
49
|
-
# Cookies are extracted from the HTTP headers and parsed by WEBrick::Cookie
|
33
|
+
# ignored.
|
50
34
|
#
|
51
35
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
52
36
|
#
|
@@ -56,12 +40,9 @@ class Parser
|
|
56
40
|
include Utilities
|
57
41
|
|
58
42
|
module Extractors
|
59
|
-
|
60
|
-
#
|
43
|
+
|
61
44
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
62
|
-
#
|
63
45
|
# @abstract
|
64
|
-
#
|
65
46
|
class Base
|
66
47
|
|
67
48
|
#
|
@@ -80,22 +61,18 @@ class Parser
|
|
80
61
|
|
81
62
|
alias :skip? :skip_path?
|
82
63
|
|
83
|
-
#
|
84
|
-
# @return [String] the url of the page
|
85
|
-
#
|
64
|
+
# @return [String] The url of the page.
|
86
65
|
attr_reader :url
|
87
66
|
|
88
|
-
#
|
89
|
-
# Options instance
|
90
|
-
#
|
91
|
-
# @return [Options]
|
92
|
-
#
|
67
|
+
# @return [Options] Options instance.
|
93
68
|
attr_reader :opts
|
94
69
|
|
95
|
-
#
|
96
|
-
# Instantiates Analyzer class with user options.
|
97
70
|
#
|
98
71
|
# @param [Typhoeus::Responses, Array<Typhoeus::Responses>] res
|
72
|
+
# Response(s) to analyze and parse into a {Page}. By providing multiple
|
73
|
+
# responses the parser will be able to perform some preliminary differential
|
74
|
+
# analysis and identify nonce tokens in inputs.
|
75
|
+
#
|
99
76
|
# @param [Options] opts
|
100
77
|
#
|
101
78
|
def initialize( res, opts = Options )
|
@@ -127,7 +104,9 @@ class Parser
|
|
127
104
|
#
|
128
105
|
# Converts a relative URL to an absolute one.
|
129
106
|
#
|
130
|
-
# @
|
107
|
+
# @param [String] relative_url URL to convert to absolute.
|
108
|
+
#
|
109
|
+
# @return [String] Absolute URL.
|
131
110
|
#
|
132
111
|
def to_absolute( relative_url )
|
133
112
|
if url = base
|
@@ -138,32 +117,16 @@ class Parser
|
|
138
117
|
super( relative_url, base_url )
|
139
118
|
end
|
140
119
|
|
141
|
-
#
|
142
|
-
# @param [String] url to check
|
143
|
-
#
|
144
|
-
# @return [Bool] true if URL is within domain limits, false if not
|
145
|
-
#
|
146
|
-
def path_in_domain?( url )
|
147
|
-
super( url, @url )
|
148
|
-
end
|
149
|
-
|
150
|
-
#
|
151
|
-
# Runs the Analyzer and extracts forms, links and cookies
|
152
|
-
#
|
153
120
|
# @return [Page]
|
154
|
-
#
|
121
|
+
# Parsed page object based on the given options and HTTP responses.
|
155
122
|
def page
|
156
|
-
req_method = 'get'
|
157
|
-
begin
|
158
|
-
req_method = @response.request.method.to_s
|
159
|
-
rescue
|
160
|
-
end
|
123
|
+
req_method = @response.request ? @response.request.method.to_s : 'get'
|
161
124
|
|
162
125
|
self_link = Link.new( @url, inputs: link_vars( @url ) )
|
163
126
|
|
164
|
-
#
|
127
|
+
# Non text files won't contain any auditable elements.
|
165
128
|
if !text?
|
166
|
-
|
129
|
+
page = Page.new(
|
167
130
|
code: @code,
|
168
131
|
url: @url,
|
169
132
|
method: req_method,
|
@@ -173,25 +136,27 @@ class Parser
|
|
173
136
|
response_headers: @response_headers,
|
174
137
|
text: false
|
175
138
|
)
|
139
|
+
Platform::Manager.fingerprint( page ) if Options.fingerprint?
|
140
|
+
return page
|
176
141
|
end
|
177
142
|
|
178
|
-
#
|
143
|
+
# Extract cookies from the response.
|
179
144
|
c_cookies = cookies
|
180
145
|
|
181
|
-
#
|
146
|
+
# Make a list of the response cookie names.
|
182
147
|
cookie_names = c_cookies.map { |c| c.name }
|
183
148
|
|
184
149
|
from_jar = []
|
185
150
|
|
186
|
-
#
|
187
|
-
# i.e. only if they weren't in the response
|
151
|
+
# If there's a Netscape cookiejar file load cookies from it but only
|
152
|
+
# new ones, i.e. only if they weren't already in the response.
|
188
153
|
if @opts.cookie_jar.is_a?( String ) && File.exists?( @opts.cookie_jar )
|
189
154
|
from_jar |= cookies_from_file( @url, @opts.cookie_jar )
|
190
155
|
.reject { |c| cookie_names.include?( c.name ) }
|
191
156
|
end
|
192
157
|
|
193
|
-
#
|
194
|
-
#
|
158
|
+
# If we somehow have runtime configuration cookies load them too, but
|
159
|
+
# only if they haven't already been seen.
|
195
160
|
if @opts.cookies && !@opts.cookies.empty?
|
196
161
|
from_jar |= @opts.cookies.reject { |c| cookie_names.include?( c.name ) }
|
197
162
|
end
|
@@ -201,17 +166,17 @@ class Parser
|
|
201
166
|
cookie_names.include?( c.name )
|
202
167
|
end
|
203
168
|
|
204
|
-
#
|
169
|
+
# These cookies are to be audited and thus are dirty and anarchistic,
|
205
170
|
# so they have to contain even cookies completely irrelevant to the
|
206
|
-
# current page
|
207
|
-
#
|
171
|
+
# current page. I.e. it contains all cookies that have been observed
|
172
|
+
# since the beginning of the scan
|
208
173
|
cookies_to_be_audited = (c_cookies | from_jar | from_http_jar).map do |c|
|
209
174
|
dc = c.dup
|
210
175
|
dc.action = @url
|
211
176
|
dc
|
212
177
|
end
|
213
178
|
|
214
|
-
Page.new(
|
179
|
+
page = Page.new(
|
215
180
|
code: @code,
|
216
181
|
url: @url,
|
217
182
|
query_vars: self_link.auditable,
|
@@ -223,43 +188,50 @@ class Parser
|
|
223
188
|
|
224
189
|
document: doc,
|
225
190
|
|
226
|
-
#
|
191
|
+
# All paths seen in the page.
|
227
192
|
paths: paths,
|
228
193
|
forms: forms,
|
229
194
|
|
230
|
-
#
|
195
|
+
# All `href` attributes from `a` elements.
|
231
196
|
links: links | [self_link],
|
232
197
|
|
233
198
|
cookies: cookies_to_be_audited,
|
234
199
|
headers: headers,
|
235
200
|
|
236
|
-
#
|
237
|
-
# by a module the cookiejar of the HTTP class will be updated
|
238
|
-
# with the cookies specified here
|
201
|
+
# This is the page cookiejar, each time the page is to be audited
|
202
|
+
# by a module, the cookiejar of the HTTP class will be updated
|
203
|
+
# with the cookies specified here.
|
239
204
|
cookiejar: c_cookies | from_jar,
|
240
205
|
|
206
|
+
# Contains text-based data -- i.e. not a binary response.
|
241
207
|
text: true
|
242
208
|
)
|
209
|
+
Platform::Manager.fingerprint( page ) if Options.fingerprint?
|
210
|
+
page
|
243
211
|
end
|
244
212
|
alias :run :page
|
245
213
|
|
214
|
+
# @return [Boolean]
|
215
|
+
# `true` if the given HTTP response data are text based, `false` otherwise.
|
246
216
|
def text?
|
247
217
|
@response.text?
|
248
218
|
end
|
249
219
|
|
220
|
+
# @return [Nokogiri::HTML, nil]
|
221
|
+
# Returns a parsed HTML document from the body of the HTTP response or
|
222
|
+
# `nil` if the response data wasn't {#text? text-based} or the response
|
223
|
+
# couldn't be parsed.
|
250
224
|
def doc
|
251
225
|
return @doc if @doc
|
252
226
|
@doc = Nokogiri::HTML( @html ) if text? rescue nil
|
253
227
|
end
|
254
228
|
|
255
229
|
#
|
256
|
-
#
|
257
|
-
#
|
258
|
-
#
|
259
|
-
# It's a long shot that any of these will be vulnerable but better
|
260
|
-
# be safe than sorry.
|
230
|
+
# @note It's more of a placeholder method, it doesn't actually analyze anything.
|
231
|
+
# It's a long shot that any of these will be vulnerable but better be safe
|
232
|
+
# than sorry.
|
261
233
|
#
|
262
|
-
# @return [Hash] HTTP header fields
|
234
|
+
# @return [Hash] List of valid auditable HTTP header fields.
|
263
235
|
#
|
264
236
|
def headers
|
265
237
|
{
|
@@ -267,37 +239,36 @@ class Parser
|
|
267
239
|
'/xml;q=0.9,*/*;q=0.8',
|
268
240
|
'Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
|
269
241
|
'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
|
270
|
-
'From'
|
271
|
-
'User-Agent'
|
272
|
-
'Referer'
|
273
|
-
'Pragma'
|
242
|
+
'From' => @opts.authed_by || '',
|
243
|
+
'User-Agent' => @opts.user_agent || '',
|
244
|
+
'Referer' => @url,
|
245
|
+
'Pragma' => 'no-cache'
|
274
246
|
}.map { |k, v| Header.new( @url, { k => v } ) }
|
275
247
|
end
|
276
248
|
|
249
|
+
# @param [String, Nokogiri::HTML] html
|
250
|
+
# Document to analyze, defaults to {#doc}.
|
277
251
|
#
|
278
|
-
#
|
279
|
-
#
|
280
|
-
# @param [String] html
|
281
|
-
#
|
282
|
-
# @return [Array<Element::Form>] array of forms
|
283
|
-
#
|
252
|
+
# @return [Array<Element::Form>] Forms from `html`.
|
284
253
|
def forms( html = nil )
|
285
254
|
return [] if !text? && !html
|
286
255
|
|
287
256
|
f = Form.from_document( @url, html || doc )
|
257
|
+
return f if !@secondary_responses
|
258
|
+
|
259
|
+
@secondary_responses.each do |response|
|
260
|
+
next if response.body.to_s.empty?
|
288
261
|
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
next if
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
end
|
300
|
-
end
|
262
|
+
Form.from_document( @url, response.body ).each do |form2|
|
263
|
+
f.each do |form|
|
264
|
+
next if "#{form.id}:#{form.name_or_id}" !=
|
265
|
+
"#{form2.id}:#{form2.name_or_id}"
|
266
|
+
|
267
|
+
form.auditable.each do |k, v|
|
268
|
+
next if !(v != form2.auditable[k] &&
|
269
|
+
form.field_type_for( k ) == 'hidden')
|
270
|
+
|
271
|
+
form.nonce_name = k
|
301
272
|
end
|
302
273
|
end
|
303
274
|
end
|
@@ -306,13 +277,10 @@ class Parser
|
|
306
277
|
f
|
307
278
|
end
|
308
279
|
|
280
|
+
# @param [String, Nokogiri::HTML] html
|
281
|
+
# Document to analyze, defaults to {#doc}.
|
309
282
|
#
|
310
|
-
#
|
311
|
-
#
|
312
|
-
# @param [String] html
|
313
|
-
#
|
314
|
-
# @return [Array<Element::Link>] of links
|
315
|
-
#
|
283
|
+
# @return [Array<Element::Link>] Links in `html`.
|
316
284
|
def links( html = nil )
|
317
285
|
return [] if !text? && !html
|
318
286
|
|
@@ -323,34 +291,21 @@ class Parser
|
|
323
291
|
end | Link.from_document( @url, html || doc )
|
324
292
|
end
|
325
293
|
|
326
|
-
#
|
327
|
-
#
|
328
|
-
#
|
329
|
-
# @see #links
|
330
|
-
#
|
331
|
-
# @param [String] url
|
332
|
-
#
|
333
|
-
# @return [Hash] name=>value pairs
|
334
|
-
#
|
294
|
+
# @param [String] url URL to analyze.
|
295
|
+
# @return [Hash] Parameters found in `url`.
|
335
296
|
def link_vars( url )
|
336
297
|
Link.parse_query_vars( url )
|
337
298
|
end
|
338
299
|
|
339
|
-
#
|
340
|
-
# Extracts cookies from an HTTP headers and the response body
|
341
300
|
#
|
342
301
|
# @return [Array<Element::Cookie>]
|
343
|
-
#
|
302
|
+
# Cookies from HTTP headers and response body.
|
344
303
|
def cookies
|
345
304
|
( Cookie.from_document( @url, doc ) |
|
346
305
|
Cookie.from_headers( @url, @response_headers ) )
|
347
306
|
end
|
348
307
|
|
349
|
-
#
|
350
|
-
# Array of distinct links to follow
|
351
|
-
#
|
352
|
-
# @return [Array<String>]
|
353
|
-
#
|
308
|
+
# @return [Array<String>] Distinct links to follow.
|
354
309
|
def paths
|
355
310
|
return @paths unless @paths.nil?
|
356
311
|
@paths = []
|
@@ -359,37 +314,34 @@ class Parser
|
|
359
314
|
@paths = run_extractors
|
360
315
|
end
|
361
316
|
|
362
|
-
#
|
363
|
-
# @return [String] base href if there is one
|
364
|
-
#
|
317
|
+
# @return [String] `base href`, if there is one.
|
365
318
|
def base
|
366
|
-
@base ||=
|
367
|
-
doc.search( '//base[@href]' ).first['href']
|
368
|
-
rescue
|
369
|
-
end
|
319
|
+
@base ||= doc.search( '//base[@href]' ).first['href'] rescue nil
|
370
320
|
end
|
371
321
|
|
372
322
|
private
|
373
323
|
|
374
324
|
#
|
375
|
-
# Runs all
|
325
|
+
# Runs all path extraction components and returns an array of paths.
|
376
326
|
#
|
377
|
-
# @return [Array]
|
327
|
+
# @return [Array<String>] Paths.
|
378
328
|
#
|
379
329
|
def run_extractors
|
380
330
|
begin
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
|
386
|
-
map { |path| to_absolute( path ) }.compact.uniq.
|
387
|
-
reject { |path| skip?( path ) }
|
331
|
+
return self.class.extractors.available.map do |name|
|
332
|
+
exception_jail( false ){ self.class.extractors[name].new.run( doc ) }
|
333
|
+
end.flatten.uniq.compact.
|
334
|
+
map { |path| to_absolute( path ) }.compact.uniq.
|
335
|
+
reject { |path| skip?( path ) }
|
388
336
|
rescue ::Exception => e
|
389
|
-
print_error
|
390
|
-
print_error_backtrace
|
337
|
+
print_error e.to_s
|
338
|
+
print_error_backtrace e
|
391
339
|
end
|
392
340
|
end
|
393
341
|
|
342
|
+
def self.extractors
|
343
|
+
@manager ||= Component::Manager.new( Options.dir['path_extractors'], Extractors )
|
344
|
+
end
|
345
|
+
|
394
346
|
end
|
395
347
|
end
|