RubyGems - arachni - Versions diffs - 0.4.3.2 → 0.4.4 - Mend

arachni 0.4.3.2 → 0.4.4

Files changed (267) hide show

checksums.yaml +8 -8
data/CHANGELOG.md +42 -0
data/README.md +4 -1
data/lib/arachni/element/capabilities/auditable.rb +5 -0
data/lib/arachni/element/capabilities/auditable/rdiff.rb +105 -122
data/lib/arachni/framework.rb +4 -1
data/lib/arachni/http.rb +9 -10
data/lib/arachni/mixins/progress_bar.rb +1 -1
data/lib/arachni/options.rb +16 -0
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/ui/cli/utilities.rb +4 -0
data/lib/arachni/uri.rb +2 -1
data/lib/version +1 -1
data/modules/audit/code_injection_php_input_wrapper.rb +76 -0
data/modules/audit/path_traversal.rb +23 -13
data/modules/audit/rfi.rb +4 -3
data/modules/audit/source_code_disclosure.rb +138 -0
data/modules/audit/sqli_blind_rdiff.rb +16 -13
data/modules/audit/sqli_blind_rdiff/payloads.txt +5 -5
data/modules/recon/grep/form_upload.rb +61 -0
data/modules/recon/htaccess_limit.rb +6 -3
data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +55 -0
data/plugins/http_dicattack.rb +5 -8
data/plugins/redundant_vectors.rb +34 -0
data/reports/html/default/issues.erb +7 -22
data/reports/stdout.rb +3 -3
data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +3 -2
data/spec/arachni/http_spec.rb +27 -1
data/spec/modules/audit/path_traversal_spec.rb +2 -2
data/spec/modules/audit/rfi_spec.rb +1 -1
data/spec/modules/audit/source_code_disclosure_spec.rb +24 -0
data/spec/modules/recon/grep/form_upload_spec.rb +19 -0
data/spec/modules/recon/x_forwarded_for_access_restriction_bypass_spec.rb +19 -0
data/spec/plugins/http_dicattack_spec.rb +3 -3
data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +3 -1
data/spec/support/servers/modules/audit/path_traversal.rb +12 -6
data/spec/support/servers/modules/audit/source_code_disclosure.rb +96 -0
data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +2 -11
data/spec/support/servers/modules/recon/grep/form_upload.rb +9 -0
data/spec/support/servers/modules/recon/x_forwarded_for_access_restriction_bypass.rb +16 -0
data/spec/support/shared/element/capabilities/auditable.rb +22 -1
metadata +19 -452
data/spec/support/logs/Dispatcher - 1000-42597.log +0 -9
data/spec/support/logs/Dispatcher - 1009-18926.log +0 -9
data/spec/support/logs/Dispatcher - 1018-26020.log +0 -9
data/spec/support/logs/Dispatcher - 1027-51590.log +0 -9
data/spec/support/logs/Dispatcher - 1036-31265.log +0 -11
data/spec/support/logs/Dispatcher - 1049-64968.log +0 -9
data/spec/support/logs/Dispatcher - 1059-36177.log +0 -9
data/spec/support/logs/Dispatcher - 1119-32736.log +0 -63
data/spec/support/logs/Dispatcher - 1128-64822.log +0 -43
data/spec/support/logs/Dispatcher - 1137-33870.log +0 -39
data/spec/support/logs/Dispatcher - 1146-57070.log +0 -34
data/spec/support/logs/Dispatcher - 1155-1976.log +0 -28
data/spec/support/logs/Dispatcher - 1166-7613.log +0 -21
data/spec/support/logs/Dispatcher - 1176-38750.log +0 -13
data/spec/support/logs/Dispatcher - 1186-13313.log +0 -9
data/spec/support/logs/Dispatcher - 1328-54360.log +0 -19
data/spec/support/logs/Dispatcher - 1338-50709.log +0 -21
data/spec/support/logs/Dispatcher - 1347-36899.log +0 -15
data/spec/support/logs/Dispatcher - 1362-31178.log +0 -19
data/spec/support/logs/Dispatcher - 1374-11925.log +0 -21
data/spec/support/logs/Dispatcher - 1384-20223.log +0 -15
data/spec/support/logs/Dispatcher - 1575-41606.log +0 -17
data/spec/support/logs/Dispatcher - 1585-60468.log +0 -21
data/spec/support/logs/Dispatcher - 1594-55347.log +0 -13
data/spec/support/logs/Dispatcher - 1607-32309.log +0 -19
data/spec/support/logs/Dispatcher - 1616-38493.log +0 -21
data/spec/support/logs/Dispatcher - 1625-44887.log +0 -15
data/spec/support/logs/Dispatcher - 1677-56065.log +0 -17
data/spec/support/logs/Dispatcher - 1686-61752.log +0 -21
data/spec/support/logs/Dispatcher - 1698-55714.log +0 -13
data/spec/support/logs/Dispatcher - 1711-14301.log +0 -17
data/spec/support/logs/Dispatcher - 1720-52378.log +0 -21
data/spec/support/logs/Dispatcher - 1729-22756.log +0 -13
data/spec/support/logs/Dispatcher - 2016-10522.log +0 -19
data/spec/support/logs/Dispatcher - 2025-12440.log +0 -21
data/spec/support/logs/Dispatcher - 2034-6928.log +0 -15
data/spec/support/logs/Dispatcher - 2058-54432.log +0 -21
data/spec/support/logs/Dispatcher - 2067-19379.log +0 -25
data/spec/support/logs/Dispatcher - 2076-43318.log +0 -15
data/spec/support/logs/Dispatcher - 2112-16482.log +0 -17
data/spec/support/logs/Dispatcher - 2121-7790.log +0 -21
data/spec/support/logs/Dispatcher - 2130-18423.log +0 -13
data/spec/support/logs/Dispatcher - 2145-13060.log +0 -21
data/spec/support/logs/Dispatcher - 2154-42433.log +0 -25
data/spec/support/logs/Dispatcher - 2163-55198.log +0 -15
data/spec/support/logs/Dispatcher - 2199-19221.log +0 -17
data/spec/support/logs/Dispatcher - 2208-27404.log +0 -21
data/spec/support/logs/Dispatcher - 2217-34366.log +0 -13
data/spec/support/logs/Dispatcher - 2230-52868.log +0 -17
data/spec/support/logs/Dispatcher - 2239-1425.log +0 -21
data/spec/support/logs/Dispatcher - 2248-34228.log +0 -13
data/spec/support/logs/Dispatcher - 23550-62617.log +0 -9
data/spec/support/logs/Dispatcher - 23577-56565.log +0 -21
data/spec/support/logs/Dispatcher - 23734-28957.log +0 -9
data/spec/support/logs/Dispatcher - 23744-12387.log +0 -19
data/spec/support/logs/Dispatcher - 23753-8683.log +0 -17
data/spec/support/logs/Dispatcher - 23762-7032.log +0 -13
data/spec/support/logs/Dispatcher - 23771-13735.log +0 -9
data/spec/support/logs/Dispatcher - 23780-6422.log +0 -9
data/spec/support/logs/Dispatcher - 23789-37971.log +0 -11
data/spec/support/logs/Dispatcher - 23802-4861.log +0 -11
data/spec/support/logs/Dispatcher - 23815-27068.log +0 -35
data/spec/support/logs/Dispatcher - 23900-13978.log +0 -21
data/spec/support/logs/Dispatcher - 23928-16013.log +0 -21
data/spec/support/logs/Dispatcher - 23952-10950.log +0 -23
data/spec/support/logs/Dispatcher - 24002-6528.log +0 -19
data/spec/support/logs/Dispatcher - 24011-65281.log +0 -17
data/spec/support/logs/Dispatcher - 24020-51743.log +0 -15
data/spec/support/logs/Dispatcher - 24033-26547.log +0 -11
data/spec/support/logs/Dispatcher - 24046-57891.log +0 -9
data/spec/support/logs/Dispatcher - 24055-65062.log +0 -9
data/spec/support/logs/Dispatcher - 24064-19057.log +0 -9
data/spec/support/logs/Dispatcher - 24073-54430.log +0 -9
data/spec/support/logs/Dispatcher - 24082-25596.log +0 -11
data/spec/support/logs/Dispatcher - 24095-43694.log +0 -9
data/spec/support/logs/Dispatcher - 24104-17121.log +0 -9
data/spec/support/logs/Dispatcher - 24158-40106.log +0 -63
data/spec/support/logs/Dispatcher - 24167-21385.log +0 -43
data/spec/support/logs/Dispatcher - 24176-6454.log +0 -39
data/spec/support/logs/Dispatcher - 24185-5125.log +0 -34
data/spec/support/logs/Dispatcher - 24194-57640.log +0 -28
data/spec/support/logs/Dispatcher - 24203-3500.log +0 -21
data/spec/support/logs/Dispatcher - 24212-26331.log +0 -13
data/spec/support/logs/Dispatcher - 24222-65421.log +0 -9
data/spec/support/logs/Dispatcher - 24764-27994.log +0 -19
data/spec/support/logs/Dispatcher - 24774-32543.log +0 -21
data/spec/support/logs/Dispatcher - 24783-19136.log +0 -15
data/spec/support/logs/Dispatcher - 24796-60141.log +0 -19
data/spec/support/logs/Dispatcher - 24805-24219.log +0 -21
data/spec/support/logs/Dispatcher - 24814-22343.log +0 -15
data/spec/support/logs/Dispatcher - 24933-3408.log +0 -17
data/spec/support/logs/Dispatcher - 24942-62948.log +0 -21
data/spec/support/logs/Dispatcher - 24951-32294.log +0 -13
data/spec/support/logs/Dispatcher - 24964-62518.log +0 -19
data/spec/support/logs/Dispatcher - 24973-13438.log +0 -21
data/spec/support/logs/Dispatcher - 24982-14621.log +0 -15
data/spec/support/logs/Dispatcher - 25033-2920.log +0 -17
data/spec/support/logs/Dispatcher - 25043-58761.log +0 -21
data/spec/support/logs/Dispatcher - 25052-29212.log +0 -13
data/spec/support/logs/Dispatcher - 25066-41541.log +0 -17
data/spec/support/logs/Dispatcher - 25075-37989.log +0 -21
data/spec/support/logs/Dispatcher - 25084-11499.log +0 -13
data/spec/support/logs/Dispatcher - 25311-26011.log +0 -19
data/spec/support/logs/Dispatcher - 25320-24733.log +0 -21
data/spec/support/logs/Dispatcher - 25329-29047.log +0 -15
data/spec/support/logs/Dispatcher - 25353-46711.log +0 -21
data/spec/support/logs/Dispatcher - 25362-36226.log +0 -25
data/spec/support/logs/Dispatcher - 25371-56232.log +0 -15
data/spec/support/logs/Dispatcher - 25407-3246.log +0 -17
data/spec/support/logs/Dispatcher - 25416-34890.log +0 -21
data/spec/support/logs/Dispatcher - 25425-15634.log +0 -13
data/spec/support/logs/Dispatcher - 25438-34664.log +0 -21
data/spec/support/logs/Dispatcher - 25447-3660.log +0 -25
data/spec/support/logs/Dispatcher - 25456-8081.log +0 -15
data/spec/support/logs/Dispatcher - 25492-10542.log +0 -17
data/spec/support/logs/Dispatcher - 25501-45084.log +0 -21
data/spec/support/logs/Dispatcher - 25510-35194.log +0 -13
data/spec/support/logs/Dispatcher - 25519-53450.log +0 -17
data/spec/support/logs/Dispatcher - 25532-55565.log +0 -21
data/spec/support/logs/Dispatcher - 25541-6244.log +0 -13
data/spec/support/logs/Dispatcher - 28179-60102.log +0 -9
data/spec/support/logs/Dispatcher - 28206-59109.log +0 -21
data/spec/support/logs/Dispatcher - 28347-64968.log +0 -9
data/spec/support/logs/Dispatcher - 28357-36177.log +0 -19
data/spec/support/logs/Dispatcher - 28366-50815.log +0 -17
data/spec/support/logs/Dispatcher - 28375-20163.log +0 -13
data/spec/support/logs/Dispatcher - 28384-40303.log +0 -9
data/spec/support/logs/Dispatcher - 28393-26451.log +0 -9
data/spec/support/logs/Dispatcher - 28402-18767.log +0 -11
data/spec/support/logs/Dispatcher - 28415-56936.log +0 -11
data/spec/support/logs/Dispatcher - 28428-4219.log +0 -35
data/spec/support/logs/Dispatcher - 28489-21241.log +0 -21
data/spec/support/logs/Dispatcher - 28498-4440.log +0 -21
data/spec/support/logs/Dispatcher - 28507-56565.log +0 -23
data/spec/support/logs/Dispatcher - 28548-64105.log +0 -19
data/spec/support/logs/Dispatcher - 28557-9265.log +0 -17
data/spec/support/logs/Dispatcher - 28566-60378.log +0 -15
data/spec/support/logs/Dispatcher - 28580-47697.log +0 -11
data/spec/support/logs/Dispatcher - 28593-45818.log +0 -9
data/spec/support/logs/Dispatcher - 28603-24718.log +0 -9
data/spec/support/logs/Dispatcher - 28612-10811.log +0 -9
data/spec/support/logs/Dispatcher - 28621-30580.log +0 -9
data/spec/support/logs/Dispatcher - 28642-14288.log +0 -11
data/spec/support/logs/Dispatcher - 28657-46406.log +0 -9
data/spec/support/logs/Dispatcher - 28666-48831.log +0 -9
data/spec/support/logs/Dispatcher - 28723-34387.log +0 -63
data/spec/support/logs/Dispatcher - 28732-54101.log +0 -43
data/spec/support/logs/Dispatcher - 28741-5251.log +0 -39
data/spec/support/logs/Dispatcher - 28750-8280.log +0 -34
data/spec/support/logs/Dispatcher - 28759-38308.log +0 -28
data/spec/support/logs/Dispatcher - 28768-65028.log +0 -21
data/spec/support/logs/Dispatcher - 28777-56986.log +0 -13
data/spec/support/logs/Dispatcher - 28787-15576.log +0 -9
data/spec/support/logs/Dispatcher - 28994-50422.log +0 -19
data/spec/support/logs/Dispatcher - 29004-46776.log +0 -21
data/spec/support/logs/Dispatcher - 29013-21266.log +0 -15
data/spec/support/logs/Dispatcher - 29026-3603.log +0 -19
data/spec/support/logs/Dispatcher - 29035-17800.log +0 -21
data/spec/support/logs/Dispatcher - 29044-7103.log +0 -15
data/spec/support/logs/Dispatcher - 29165-63459.log +0 -17
data/spec/support/logs/Dispatcher - 29174-14377.log +0 -21
data/spec/support/logs/Dispatcher - 29183-49752.log +0 -13
data/spec/support/logs/Dispatcher - 29196-55000.log +0 -19
data/spec/support/logs/Dispatcher - 29205-33060.log +0 -21
data/spec/support/logs/Dispatcher - 29214-62279.log +0 -15
data/spec/support/logs/Dispatcher - 29269-40689.log +0 -17
data/spec/support/logs/Dispatcher - 29278-10110.log +0 -21
data/spec/support/logs/Dispatcher - 29288-55076.log +0 -13
data/spec/support/logs/Dispatcher - 29301-13242.log +0 -17
data/spec/support/logs/Dispatcher - 29310-21310.log +0 -21
data/spec/support/logs/Dispatcher - 29319-62724.log +0 -13
data/spec/support/logs/Dispatcher - 29568-37063.log +0 -19
data/spec/support/logs/Dispatcher - 29577-56333.log +0 -21
data/spec/support/logs/Dispatcher - 29586-49998.log +0 -15
data/spec/support/logs/Dispatcher - 29611-63916.log +0 -21
data/spec/support/logs/Dispatcher - 29620-29551.log +0 -25
data/spec/support/logs/Dispatcher - 29629-49377.log +0 -15
data/spec/support/logs/Dispatcher - 29665-40270.log +0 -17
data/spec/support/logs/Dispatcher - 29674-61313.log +0 -21
data/spec/support/logs/Dispatcher - 29683-33859.log +0 -13
data/spec/support/logs/Dispatcher - 29696-38359.log +0 -21
data/spec/support/logs/Dispatcher - 29705-30896.log +0 -25
data/spec/support/logs/Dispatcher - 29714-17665.log +0 -15
data/spec/support/logs/Dispatcher - 29752-63853.log +0 -17
data/spec/support/logs/Dispatcher - 29761-3448.log +0 -21
data/spec/support/logs/Dispatcher - 29770-31902.log +0 -13
data/spec/support/logs/Dispatcher - 29783-47589.log +0 -17
data/spec/support/logs/Dispatcher - 29792-8436.log +0 -21
data/spec/support/logs/Dispatcher - 29801-9350.log +0 -13
data/spec/support/logs/Dispatcher - 339-13552.log +0 -9
data/spec/support/logs/Dispatcher - 384-22932.log +0 -21
data/spec/support/logs/Dispatcher - 744-9325.log +0 -9
data/spec/support/logs/Dispatcher - 754-41076.log +0 -19
data/spec/support/logs/Dispatcher - 763-49534.log +0 -17
data/spec/support/logs/Dispatcher - 772-59109.log +0 -13
data/spec/support/logs/Dispatcher - 782-41178.log +0 -9
data/spec/support/logs/Dispatcher - 791-11829.log +0 -9
data/spec/support/logs/Dispatcher - 800-47866.log +0 -11
data/spec/support/logs/Dispatcher - 814-16120.log +0 -11
data/spec/support/logs/Dispatcher - 827-2111.log +0 -35
data/spec/support/logs/Dispatcher - 889-13083.log +0 -21
data/spec/support/logs/Dispatcher - 898-53883.log +0 -21
data/spec/support/logs/Dispatcher - 911-41959.log +0 -23
data/spec/support/logs/Dispatcher - 955-24486.log +0 -19
data/spec/support/logs/Dispatcher - 965-25535.log +0 -17
data/spec/support/logs/Dispatcher - 974-14231.log +0 -15
data/spec/support/logs/Dispatcher - 987-5144.log +0 -11
data/spec/support/logs/Instance - 1343-24327.error.log +0 -328
data/spec/support/logs/Instance - 1694-39251.error.log +0 -328
data/spec/support/logs/Instance - 1725-15789.error.log +0 -427
data/spec/support/logs/Instance - 1766-53560.error.log +0 -326
data/spec/support/logs/Instance - 1773-12955.error.log +0 -328
data/spec/support/logs/Instance - 1948-11071.error.log +0 -326
data/spec/support/logs/Instance - 24779-49625.error.log +0 -328
data/spec/support/logs/Instance - 25048-11380.error.log +0 -328
data/spec/support/logs/Instance - 25080-24917.error.log +0 -427
data/spec/support/logs/Instance - 25106-33475.error.log +0 -326
data/spec/support/logs/Instance - 25112-54559.error.log +0 -328
data/spec/support/logs/Instance - 25242-65202.error.log +0 -326
data/spec/support/logs/Instance - 29009-57043.error.log +0 -328
data/spec/support/logs/Instance - 29283-31439.error.log +0 -328
data/spec/support/logs/Instance - 29315-55609.error.log +0 -427
data/spec/support/logs/Instance - 29341-7004.error.log +0 -326
data/spec/support/logs/Instance - 29347-6024.error.log +0 -328
data/spec/support/logs/Instance - 29492-27943.error.log +0 -326

data/spec/plugins/http_dicattack_spec.rb CHANGED

@@ -14,15 +14,15 @@ describe name_from_filename do
         results_for( name_from_filename )
     end
-    context "when given the right params" do
-        it 'locates the form and login successfully' do
+    context 'when given the right params' do
+        it 'logins successfully' do
             options.url = web_server_url_for( name_from_filename )
             run
             results.should == { username: 'admin', password: 'pass' }
         end
     end
-    context "when being unable to login" do
+    context 'when being unable to login' do
         it 'logs nothing' do
             options.url = web_server_url_for( "#{name_from_filename}_secure" )
             run

data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb CHANGED

@@ -13,6 +13,7 @@ get '/true' do
     end
     <<-EOHTML
+    #{rand(9999999)}
     <a href='?rdiff=blah'>Inject here</a>
     #{out}
 EOHTML
@@ -29,7 +30,8 @@ get '/false' do
             'No idea what you want mate...'
     end
-<<-EOHTML
+    <<-EOHTML
+    #{rand(9999999)}
     <a href='?rdiff=blah'>Inject here</a>
     #{out}
 EOHTML

data/spec/support/servers/modules/audit/path_traversal.rb CHANGED

@@ -6,17 +6,22 @@ def default
 end
 FILE_TO_PLATFORM = {
-    '/boot.ini'        => :windows,
-    '/windows/win.ini' => :windows,
-    '/winnt/win.ini'   => :windows,
-    '/etc/passwd'      => :unix,
-    '/WEB-INF/web.xml' => :tomcat
+    '/boot.ini'          => :windows,
+    '/windows/win.ini'   => :windows,
+    '/winnt/win.ini'     => :windows,
+    '/etc/passwd'        => :unix,
+    '/proc/self/environ' => :unix,
+    '/WEB-INF/web.xml'   => :tomcat
 }
 OUT = {
     unix:    'root:x:0:0:root:/root:/bin/bash
 daemon:x:1:1:daemon:/usr/sbin:/bin/sh
 mail:x:8:8:mail:/var/mail:/bin/sh
+DOCUMENT_ROOT=/home/www/web424/htmlGATEWAY_INTERFACE=CGI/1.1HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8HTTP_ACCEPT_ENCODING=gzip, deflateHTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5HTTP_CONNECTION=keep-aliveHTTP_DNT=1HTTP_HOST=www.kaffeehausleclub.deHTTP_USER_AGENT=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0PATH=/bin:/usr/binPHPRC=/etc/apache2/confixx_php/web424/1QUERY_STRING=inhalt=/proc/self/environREDIRECT_STATUS=200REMOTE_ADDR=79.107.71.228REMOTE_PORT=48720REQUEST_METHOD=GETREQUEST_URI=/inhalt/start.php?inhalt=/proc/self/environSCRIPT_FILENAME=/home/www/web424/html/inhalt/start.phpSCRIPT_NAME=/inhalt/start.phpSERVER_ADDR=87.119.215.14SERVER_ADMIN=[no address given]SERVER_NAME=www.kaffeehausleclub.deSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SIGNATURE=
+Apache/2.2.16 (Debian) Server at www.kaffeehausleclub.de Port 80
+SERVER_SOFTWARE=Apache/2.2.16 (Debian)UNIQUE_ID=Uf6y2Fd31w4AAHYyW8AAAAAk
 ',
     windows: '[boot loader]
 timeout=30
@@ -87,7 +92,8 @@ MAPIX=1
 def get_variations( system, str )
     return if !str
     str = str.split( "\0" ).first
-    str = str.split( "file:/" ).last
+    str = str.split( 'file:/' ).last
+    str = str.split( 'c:' ).last
     file = File.expand_path( str ).gsub( /\/+/, '/' )
     OUT[FILE_TO_PLATFORM[file]] if system == FILE_TO_PLATFORM[file]

data/spec/support/servers/modules/audit/source_code_disclosure.rb ADDED

@@ -0,0 +1,96 @@
+require 'sinatra'
+require 'sinatra/contrib'
+def default
+    "default.html"
+end
+OUT = {
+    php: '<?php
+    $q = $_GET["q"];',
+    jsp: 'response.setIntHeader( "test" )',
+    asp: 'Response.Write "stuff"'
+}
+require 'ap'
+def get_variations( language, str )
+    return if !str.to_s.end_with? ".#{language}"
+    OUT[language]
+end
+OUT.keys.each do |language|
+    get "/#{language}" do
+        <<-EOHTML
+        <a href="/#{language}/link">Link</a>
+        <a href="/#{language}/form">Form</a>
+        <a href="/#{language}/cookie">Cookie</a>
+        <a href="/#{language}/header">Header</a>
+    EOHTML
+    end
+    get "/#{language}/link" do
+        <<-EOHTML
+            <a href="/#{language}/link/straight.#{language}?input=#{default}">Link</a>
+            <a href="/#{language}/link/with_null.#{language}?input=#{default}">Link</a>
+        EOHTML
+    end
+    get "/#{language}/link/straight.#{language}" do
+        return if params['input'].include?( "\0" )
+        get_variations( language, params['input'] )
+    end
+    get "/#{language}/link/with_null.#{language}" do
+        return if !params['input'].end_with?( "\00.html" )
+        get_variations( language, params['input'].split( "\0.html" ).first )
+    end
+    get "/#{language}/form" do
+        <<-EOHTML
+            <form action="/#{language}/form/straight.#{language}" method='post'>
+                <input name='input' value='#{default}' />
+            </form>
+            <form action="/#{language}/form/with_null.#{language}" method='post'>
+                <input name='input' value='#{default}' />
+            </form>
+        EOHTML
+    end
+    post "/#{language}/form/straight.#{language}" do
+        return if params['input'].include?( "\0" )
+        get_variations( language, params['input'] )
+    end
+    post "/#{language}/form/with_null.#{language}" do
+        return if !params['input'].end_with?( "\00.html" )
+        get_variations( language, params['input'].split( "\0.html" ).first )
+    end
+    get "/#{language}/cookie" do
+        <<-HTML
+            <a href="/#{language}/cookie/straight.#{language}">Cookie</a>
+        HTML
+    end
+    get "/#{language}/cookie/straight.#{language}" do
+        cookies['cookie'] ||= default
+        get_variations( language, cookies['cookie'] )
+    end
+    get "/#{language}/header" do
+        <<-EOHTML
+            <a href="/#{language}/header/straight.#{language}">Header</a>
+        EOHTML
+    end
+    get "/#{language}/header/straight.#{language}" do
+        default = 'arachni_user'
+        return if env['HTTP_USER_AGENT'].start_with?( default ) || env['HTTP_USER_AGENT'].include?( "\0" )
+        get_variations( language, env['HTTP_USER_AGENT'] )
+    end
+end

data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb CHANGED

@@ -5,19 +5,10 @@ def default
     'default'
 end
-@@ignore ||= IO.read( File.dirname( __FILE__ ) + '/../../../../../modules/audit/sqli_blind_rdiff/payloads.txt' ).split( "\n" )
-@@faults ||= [ default + '\'"`' ]
-def booleans
-    @@booleans ||= [ '\'', '"', '' ].map do |quote|
-        @@ignore.map { |i| default + i.gsub( '%q%', quote ) }
-    end.flatten
-end
 def get_result( str )
-    if @@faults.include?( str )
+    if str.end_with?( '1=2' )
         'Could not find any results, bugger off!'
-    elsif booleans.include?( str ) || str == default
+    elsif str.end_with?( '1=1' ) || str == default
         '1 item found: Blah blah blah...'
     else
         'No idea what you want mate...'

data/spec/support/servers/modules/recon/grep/form_upload.rb ADDED

@@ -0,0 +1,9 @@
+require 'sinatra'
+get '/' do
+    <<-EOHTML
+        <form name="upload-form">
+            <input type="file" name="upload-me">
+        </form>
+    EOHTML
+end

data/spec/support/servers/modules/recon/x_forwarded_for_access_restriction_bypass.rb ADDED

@@ -0,0 +1,16 @@
+require 'sinatra'
+get '/' do
+    <<EOHTML
+        <a href="/401">401</a>
+        <a href="/403">403</a>
+EOHTML
+end
+get '/401' do
+    env['HTTP_X_FORWARDED_FOR'] == '127.0.0.1' ? 200 : 401
+end
+get '/403' do
+    env['HTTP_X_FORWARDED_FOR'] == '127.0.0.1' ? 200 : 403
+end

data/spec/support/shared/element/capabilities/auditable.rb CHANGED

@@ -31,7 +31,11 @@ shared_examples_for 'auditable' do |options = {}|
         @default_input_value = @auditable.auditable['param']
     end
-    describe '#skip_like' do
+    before :each do
+        Arachni::Element::Capabilities::Auditable.reset
+    end
+    describe '.skip_like' do
         it 'skips elements based on the block\'s return value' do
             (@auditable.audit( 'seed' ){}).should be_true
             Arachni::Element::Capabilities::Auditable.reset
@@ -40,6 +44,23 @@ shared_examples_for 'auditable' do |options = {}|
             end
             (@auditable.audit( 'seed' ){}).should be_false
         end
+        it 'skips element mutations based on the block\'s return value' do
+            i = 0
+            (@auditable.audit( 'seed' ){ i += 1 }).should be_true
+            @auditable.http.run
+            i.should == (@auditable.is_a?( Arachni::Form) ? 5 : 4)
+            Arachni::Element::Capabilities::Auditable.reset
+            Arachni::Element::Capabilities::Auditable.skip_like do |element|
+                element.altered == 'param'
+            end
+            i = 0
+            (@auditable.audit( 'seed' ){ i += 1}).should be_true
+            @auditable.http.run
+            i.should == (@auditable.is_a?( Arachni::Form) ? 1 : 0)
+        end
     end
     describe '#use_anonymous_auditor' do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arachni
 version: !ruby/object:Gem::Version
-  version: 0.4.3.2
+  version: 0.4.4
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-07-16 00:00:00.000000000 Z
+date: 2013-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: arachni-rpc-em
@@ -492,6 +492,7 @@ files:
 - modules/audit/session_fixation.rb
 - modules/audit/response_splitting.rb
 - modules/audit/sqli_blind_rdiff/payloads.txt
+- modules/audit/source_code_disclosure.rb
 - modules/audit/ldapi/errors.txt
 - modules/audit/os_cmd_injection.rb
 - modules/audit/sqli_blind_timing/mysql.txt
@@ -506,6 +507,7 @@ files:
 - modules/audit/trainer.rb
 - modules/audit/xss_tag.rb
 - modules/audit/xpath/errors.txt
+- modules/audit/code_injection_php_input_wrapper.rb
 - modules/audit/xss_script_tag.rb
 - modules/audit/sqli.rb
 - modules/audit/unvalidated_redirect.rb
@@ -513,6 +515,7 @@ files:
 - modules/audit/xss_event.rb
 - modules/recon/common_files/filenames.txt
 - modules/recon/xst.rb
+- modules/recon/x_forwarded_for_access_restriction_bypass.rb
 - modules/recon/backup_files/extensions.txt
 - modules/recon/htaccess_limit.rb
 - modules/recon/http_put.rb
@@ -534,6 +537,7 @@ files:
 - modules/recon/grep/html_objects.rb
 - modules/recon/grep/mixed_resource.rb
 - modules/recon/grep/emails.rb
+- modules/recon/grep/form_upload.rb
 - modules/recon/grep/http_only_cookies.rb
 - modules/recon/grep/captcha.rb
 - modules/recon/grep/cvs_svn_users.rb
@@ -573,6 +577,7 @@ files:
 - plugins/libnotify.rb
 - plugins/cookie_collector.rb
 - plugins/proxy.rb
+- plugins/redundant_vectors.rb
 - plugins/profiler.rb
 - plugins/beep_notify.rb
 - plugins/rescan.rb
@@ -709,232 +714,7 @@ files:
 - spec/support/helpers/resets.rb
 - spec/support/helpers/paths.rb
 - spec/support/helpers/auditor.rb
-- spec/support/logs/Dispatcher - 25425-15634.log
-- spec/support/logs/Dispatcher - 24774-32543.log
-- spec/support/logs/Dispatcher - 1374-11925.log
-- spec/support/logs/Dispatcher - 28621-30580.log
-- spec/support/logs/Dispatcher - 25353-46711.log
-- spec/support/logs/Dispatcher - 1384-20223.log
-- spec/support/logs/Dispatcher - 28723-34387.log
-- spec/support/logs/Dispatcher - 28566-60378.log
-- spec/support/logs/Dispatcher - 24982-14621.log
-- spec/support/logs/Dispatcher - 2076-43318.log
-- spec/support/logs/Dispatcher - 29035-17800.log
-- spec/support/logs/Dispatcher - 24764-27994.log
-- spec/support/logs/Dispatcher - 29196-55000.log
-- spec/support/logs/Dispatcher - 29792-8436.log
-- spec/support/logs/Dispatcher - 29801-9350.log
-- spec/support/logs/Dispatcher - 754-41076.log
-- spec/support/logs/Dispatcher - 1677-56065.log
-- spec/support/logs/Dispatcher - 24158-40106.log
-- spec/support/logs/Instance - 25048-11380.error.log
-- spec/support/logs/Dispatcher - 24942-62948.log
-- spec/support/logs/Dispatcher - 24020-51743.log
-- spec/support/logs/Dispatcher - 24082-25596.log
-- spec/support/logs/Dispatcher - 2217-34366.log
-- spec/support/logs/Dispatcher - 29683-33859.log
-- spec/support/logs/Dispatcher - 24073-54430.log
-- spec/support/logs/Dispatcher - 29205-33060.log
-- spec/support/logs/Dispatcher - 2067-19379.log
-- spec/support/logs/Dispatcher - 1146-57070.log
-- spec/support/logs/Instance - 29347-6024.error.log
-- spec/support/logs/Dispatcher - 25033-2920.log
-- spec/support/logs/Dispatcher - 25043-58761.log
-- spec/support/logs/Dispatcher - 2154-42433.log
-- spec/support/logs/Dispatcher - 28548-64105.log
-- spec/support/logs/Dispatcher - 791-11829.log
-- spec/support/logs/Dispatcher - 28557-9265.log
-- spec/support/logs/Dispatcher - 28750-8280.log
-- spec/support/logs/Dispatcher - 23577-56565.log
-- spec/support/logs/Dispatcher - 25456-8081.log
-- spec/support/logs/Dispatcher - 2208-27404.log
-- spec/support/logs/Dispatcher - 384-22932.log
-- spec/support/logs/Dispatcher - 23771-13735.log
-- spec/support/logs/Dispatcher - 24055-65062.log
-- spec/support/logs/Dispatcher - 28347-64968.log
-- spec/support/logs/Dispatcher - 29620-29551.log
-- spec/support/logs/Dispatcher - 772-59109.log
-- spec/support/logs/Dispatcher - 1338-50709.log
-- spec/support/logs/Dispatcher - 25084-11499.log
-- spec/support/logs/Dispatcher - 29288-55076.log
 - spec/support/logs/placeholder
-- spec/support/logs/Dispatcher - 1607-32309.log
-- spec/support/logs/Dispatcher - 24185-5125.log
-- spec/support/logs/Dispatcher - 1137-33870.log
-- spec/support/logs/Dispatcher - 28384-40303.log
-- spec/support/logs/Dispatcher - 28657-46406.log
-- spec/support/logs/Dispatcher - 24203-3500.log
-- spec/support/logs/Dispatcher - 1036-31265.log
-- spec/support/logs/Dispatcher - 28642-14288.log
-- spec/support/logs/Dispatcher - 28366-50815.log
-- spec/support/logs/Dispatcher - 2016-10522.log
-- spec/support/logs/Dispatcher - 29674-61313.log
-- spec/support/logs/Dispatcher - 28375-20163.log
-- spec/support/logs/Dispatcher - 1729-22756.log
-- spec/support/logs/Dispatcher - 24033-26547.log
-- spec/support/logs/Instance - 25242-65202.error.log
-- spec/support/logs/Dispatcher - 23789-37971.log
-- spec/support/logs/Dispatcher - 2025-12440.log
-- spec/support/logs/Dispatcher - 1711-14301.log
-- spec/support/logs/Dispatcher - 23928-16013.log
-- spec/support/logs/Dispatcher - 24814-22343.log
-- spec/support/logs/Dispatcher - 28402-18767.log
-- spec/support/logs/Dispatcher - 25438-34664.log
-- spec/support/logs/Dispatcher - 29044-7103.log
-- spec/support/logs/Dispatcher - 889-13083.log
-- spec/support/logs/Instance - 29341-7004.error.log
-- spec/support/logs/Dispatcher - 24796-60141.log
-- spec/support/logs/Dispatcher - 1347-36899.log
-- spec/support/logs/Dispatcher - 898-53883.log
-- spec/support/logs/Dispatcher - 28428-4219.log
-- spec/support/logs/Dispatcher - 24064-19057.log
-- spec/support/logs/Dispatcher - 23802-4861.log
-- spec/support/logs/Dispatcher - 23762-7032.log
-- spec/support/logs/Dispatcher - 25519-53450.log
-- spec/support/logs/Dispatcher - 28507-56565.log
-- spec/support/logs/Dispatcher - 339-13552.log
-- spec/support/logs/Dispatcher - 29770-31902.log
-- spec/support/logs/Dispatcher - 25320-24733.log
-- spec/support/logs/Dispatcher - 25532-55565.log
-- spec/support/logs/Dispatcher - 28768-65028.log
-- spec/support/logs/Dispatcher - 29319-62724.log
-- spec/support/logs/Dispatcher - 29752-63853.log
-- spec/support/logs/Dispatcher - 25447-3660.log
-- spec/support/logs/Dispatcher - 814-16120.log
-- spec/support/logs/Dispatcher - 28759-38308.log
-- spec/support/logs/Dispatcher - 2163-55198.log
-- spec/support/logs/Dispatcher - 25329-29047.log
-- spec/support/logs/Dispatcher - 25501-45084.log
-- spec/support/logs/Dispatcher - 24212-26331.log
-- spec/support/logs/Instance - 1766-53560.error.log
-- spec/support/logs/Dispatcher - 29714-17665.log
-- spec/support/logs/Dispatcher - 24973-13438.log
-- spec/support/logs/Dispatcher - 29761-3448.log
-- spec/support/logs/Dispatcher - 1018-26020.log
-- spec/support/logs/Dispatcher - 24783-19136.log
-- spec/support/logs/Dispatcher - 29174-14377.log
-- spec/support/logs/Dispatcher - 25052-29212.log
-- spec/support/logs/Dispatcher - 2239-1425.log
-- spec/support/logs/Dispatcher - 1616-38493.log
-- spec/support/logs/Instance - 25080-24917.error.log
-- spec/support/logs/Dispatcher - 1128-64822.log
-- spec/support/logs/Dispatcher - 29269-40689.log
-- spec/support/logs/Dispatcher - 24194-57640.log
-- spec/support/logs/Dispatcher - 1328-54360.log
-- spec/support/logs/Dispatcher - 24176-6454.log
-- spec/support/logs/Dispatcher - 1049-64968.log
-- spec/support/logs/Dispatcher - 29586-49998.log
-- spec/support/logs/Instance - 29315-55609.error.log
-- spec/support/logs/Dispatcher - 28741-5251.log
-- spec/support/logs/Dispatcher - 25541-6244.log
-- spec/support/logs/Dispatcher - 23734-28957.log
-- spec/support/logs/Dispatcher - 28612-10811.log
-- spec/support/logs/Dispatcher - 28415-56936.log
-- spec/support/logs/Dispatcher - 29004-46776.log
-- spec/support/logs/Dispatcher - 2058-54432.log
-- spec/support/logs/Dispatcher - 1000-42597.log
-- spec/support/logs/Dispatcher - 1009-18926.log
-- spec/support/logs/Dispatcher - 29026-3603.log
-- spec/support/logs/Dispatcher - 23815-27068.log
-- spec/support/logs/Instance - 29492-27943.error.log
-- spec/support/logs/Dispatcher - 2112-16482.log
-- spec/support/logs/Dispatcher - 800-47866.log
-- spec/support/logs/Dispatcher - 29013-21266.log
-- spec/support/logs/Dispatcher - 23753-8683.log
-- spec/support/logs/Dispatcher - 1720-52378.log
-- spec/support/logs/Dispatcher - 1585-60468.log
-- spec/support/logs/Dispatcher - 24951-32294.log
-- spec/support/logs/Dispatcher - 23900-13978.log
-- spec/support/logs/Dispatcher - 1594-55347.log
-- spec/support/logs/Dispatcher - 28580-47697.log
-- spec/support/logs/Dispatcher - 965-25535.log
-- spec/support/logs/Instance - 1343-24327.error.log
-- spec/support/logs/Dispatcher - 2034-6928.log
-- spec/support/logs/Dispatcher - 1625-44887.log
-- spec/support/logs/Dispatcher - 29629-49377.log
-- spec/support/logs/Dispatcher - 744-9325.log
-- spec/support/logs/Dispatcher - 28603-24718.log
-- spec/support/logs/Dispatcher - 1166-7613.log
-- spec/support/logs/Dispatcher - 24046-57891.log
-- spec/support/logs/Dispatcher - 2130-18423.log
-- spec/support/logs/Dispatcher - 23550-62617.log
-- spec/support/logs/Dispatcher - 2230-52868.log
-- spec/support/logs/Dispatcher - 911-41959.log
-- spec/support/logs/Dispatcher - 23952-10950.log
-- spec/support/logs/Dispatcher - 2199-19221.log
-- spec/support/logs/Dispatcher - 2121-7790.log
-- spec/support/logs/Dispatcher - 1119-32736.log
-- spec/support/logs/Dispatcher - 25371-56232.log
-- spec/support/logs/Dispatcher - 25075-37989.log
-- spec/support/logs/Dispatcher - 1362-31178.log
-- spec/support/logs/Dispatcher - 28732-54101.log
-- spec/support/logs/Dispatcher - 2145-13060.log
-- spec/support/logs/Instance - 1773-12955.error.log
-- spec/support/logs/Dispatcher - 25510-35194.log
-- spec/support/logs/Dispatcher - 24095-43694.log
-- spec/support/logs/Dispatcher - 24104-17121.log
-- spec/support/logs/Dispatcher - 25362-36226.log
-- spec/support/logs/Dispatcher - 29214-62279.log
-- spec/support/logs/Dispatcher - 24011-65281.log
-- spec/support/logs/Dispatcher - 29611-63916.log
-- spec/support/logs/Dispatcher - 955-24486.log
-- spec/support/logs/Instance - 24779-49625.error.log
-- spec/support/logs/Dispatcher - 24002-6528.log
-- spec/support/logs/Dispatcher - 25492-10542.log
-- spec/support/logs/Dispatcher - 28357-36177.log
-- spec/support/logs/Dispatcher - 24167-21385.log
-- spec/support/logs/Dispatcher - 29165-63459.log
-- spec/support/logs/Dispatcher - 25066-41541.log
-- spec/support/logs/Dispatcher - 28777-56986.log
-- spec/support/logs/Dispatcher - 29278-10110.log
-- spec/support/logs/Instance - 1948-11071.error.log
-- spec/support/logs/Dispatcher - 24805-24219.log
-- spec/support/logs/Dispatcher - 782-41178.log
-- spec/support/logs/Instance - 25106-33475.error.log
-- spec/support/logs/Dispatcher - 1698-55714.log
-- spec/support/logs/Instance - 1694-39251.error.log
-- spec/support/logs/Dispatcher - 25407-3246.log
-- spec/support/logs/Dispatcher - 1686-61752.log
-- spec/support/logs/Dispatcher - 28393-26451.log
-- spec/support/logs/Dispatcher - 28666-48831.log
-- spec/support/logs/Dispatcher - 1176-38750.log
-- spec/support/logs/Dispatcher - 24933-3408.log
-- spec/support/logs/Dispatcher - 827-2111.log
-- spec/support/logs/Instance - 25112-54559.error.log
-- spec/support/logs/Dispatcher - 29310-21310.log
-- spec/support/logs/Dispatcher - 28498-4440.log
-- spec/support/logs/Dispatcher - 29183-49752.log
-- spec/support/logs/Dispatcher - 29665-40270.log
-- spec/support/logs/Dispatcher - 25416-34890.log
-- spec/support/logs/Dispatcher - 2248-34228.log
-- spec/support/logs/Dispatcher - 28994-50422.log
-- spec/support/logs/Dispatcher - 29696-38359.log
-- spec/support/logs/Dispatcher - 974-14231.log
-- spec/support/logs/Instance - 29283-31439.error.log
-- spec/support/logs/Dispatcher - 1059-36177.log
-- spec/support/logs/Instance - 29009-57043.error.log
-- spec/support/logs/Dispatcher - 29783-47589.log
-- spec/support/logs/Dispatcher - 1155-1976.log
-- spec/support/logs/Dispatcher - 29301-13242.log
-- spec/support/logs/Dispatcher - 28787-15576.log
-- spec/support/logs/Dispatcher - 23744-12387.log
-- spec/support/logs/Dispatcher - 28489-21241.log
-- spec/support/logs/Dispatcher - 24222-65421.log
-- spec/support/logs/Dispatcher - 24964-62518.log
-- spec/support/logs/Dispatcher - 28179-60102.log
-- spec/support/logs/Instance - 1725-15789.error.log
-- spec/support/logs/Dispatcher - 28206-59109.log
-- spec/support/logs/Dispatcher - 29705-30896.log
-- spec/support/logs/Dispatcher - 1186-13313.log
-- spec/support/logs/Dispatcher - 29568-37063.log
-- spec/support/logs/Dispatcher - 23780-6422.log
-- spec/support/logs/Dispatcher - 1575-41606.log
-- spec/support/logs/Dispatcher - 29577-56333.log
-- spec/support/logs/Dispatcher - 1027-51590.log
-- spec/support/logs/Dispatcher - 763-49534.log
-- spec/support/logs/Dispatcher - 25311-26011.log
-- spec/support/logs/Dispatcher - 28593-45818.log
-- spec/support/logs/Dispatcher - 987-5144.log
 - spec/support/pems/cacert.pem
 - spec/support/pems/server/key.pem
 - spec/support/pems/server/cert.pem
@@ -1029,6 +809,7 @@ files:
 - spec/support/servers/modules/audit/rfi.rb
 - spec/support/servers/modules/audit/session_fixation.rb
 - spec/support/servers/modules/audit/response_splitting.rb
+- spec/support/servers/modules/audit/source_code_disclosure.rb
 - spec/support/servers/modules/audit/os_cmd_injection.rb
 - spec/support/servers/modules/audit/os_cmd_injection_timing.rb
 - spec/support/servers/modules/audit/trainer_module.rb
@@ -1050,6 +831,7 @@ files:
 - spec/support/servers/modules/audit/xss_event.rb
 - spec/support/servers/modules/module_server.rb
 - spec/support/servers/modules/recon/xst.rb
+- spec/support/servers/modules/recon/x_forwarded_for_access_restriction_bypass.rb
 - spec/support/servers/modules/recon/htaccess_limit.rb
 - spec/support/servers/modules/recon/http_put.rb
 - spec/support/servers/modules/recon/webdav.rb
@@ -1068,6 +850,7 @@ files:
 - spec/support/servers/modules/recon/grep/html_objects.rb
 - spec/support/servers/modules/recon/grep/mixed_resource.rb
 - spec/support/servers/modules/recon/grep/emails.rb
+- spec/support/servers/modules/recon/grep/form_upload.rb
 - spec/support/servers/modules/recon/grep/http_only_cookies.rb
 - spec/support/servers/modules/recon/grep/captcha.rb
 - spec/support/servers/modules/recon/grep/cvs_svn_users.rb
@@ -1208,6 +991,7 @@ files:
 - spec/modules/audit/path_traversal_spec.rb
 - spec/modules/audit/csrf_spec.rb
 - spec/modules/audit/xpath_spec.rb
+- spec/modules/audit/source_code_disclosure_spec.rb
 - spec/modules/audit/xss_event_spec.rb
 - spec/modules/audit/sqli_blind_rdiff_spec.rb
 - spec/modules/audit/os_cmd_injection_timing_spec.rb
@@ -1228,9 +1012,11 @@ files:
 - spec/modules/recon/common_directories_spec.rb
 - spec/modules/recon/interesting_responses_spec.rb
 - spec/modules/recon/htaccess_limit_spec.rb
+- spec/modules/recon/x_forwarded_for_access_restriction_bypass_spec.rb
 - spec/modules/recon/webdav_spec.rb
 - spec/modules/recon/backup_files_spec.rb
 - spec/modules/recon/grep/emails_spec.rb
+- spec/modules/recon/grep/form_upload_spec.rb
 - spec/modules/recon/grep/ssn_spec.rb
 - spec/modules/recon/grep/html_objects_spec.rb
 - spec/modules/recon/grep/unencrypted_password_forms_spec.rb
@@ -1354,232 +1140,7 @@ test_files:
 - spec/support/helpers/resets.rb
 - spec/support/helpers/paths.rb
 - spec/support/helpers/auditor.rb
-- spec/support/logs/Dispatcher - 25425-15634.log
-- spec/support/logs/Dispatcher - 24774-32543.log
-- spec/support/logs/Dispatcher - 1374-11925.log
-- spec/support/logs/Dispatcher - 28621-30580.log
-- spec/support/logs/Dispatcher - 25353-46711.log
-- spec/support/logs/Dispatcher - 1384-20223.log
-- spec/support/logs/Dispatcher - 28723-34387.log
-- spec/support/logs/Dispatcher - 28566-60378.log
-- spec/support/logs/Dispatcher - 24982-14621.log
-- spec/support/logs/Dispatcher - 2076-43318.log
-- spec/support/logs/Dispatcher - 29035-17800.log
-- spec/support/logs/Dispatcher - 24764-27994.log
-- spec/support/logs/Dispatcher - 29196-55000.log
-- spec/support/logs/Dispatcher - 29792-8436.log
-- spec/support/logs/Dispatcher - 29801-9350.log
-- spec/support/logs/Dispatcher - 754-41076.log
-- spec/support/logs/Dispatcher - 1677-56065.log
-- spec/support/logs/Dispatcher - 24158-40106.log
-- spec/support/logs/Instance - 25048-11380.error.log
-- spec/support/logs/Dispatcher - 24942-62948.log
-- spec/support/logs/Dispatcher - 24020-51743.log
-- spec/support/logs/Dispatcher - 24082-25596.log
-- spec/support/logs/Dispatcher - 2217-34366.log
-- spec/support/logs/Dispatcher - 29683-33859.log
-- spec/support/logs/Dispatcher - 24073-54430.log
-- spec/support/logs/Dispatcher - 29205-33060.log
-- spec/support/logs/Dispatcher - 2067-19379.log
-- spec/support/logs/Dispatcher - 1146-57070.log
-- spec/support/logs/Instance - 29347-6024.error.log
-- spec/support/logs/Dispatcher - 25033-2920.log
-- spec/support/logs/Dispatcher - 25043-58761.log
-- spec/support/logs/Dispatcher - 2154-42433.log
-- spec/support/logs/Dispatcher - 28548-64105.log
-- spec/support/logs/Dispatcher - 791-11829.log
-- spec/support/logs/Dispatcher - 28557-9265.log
-- spec/support/logs/Dispatcher - 28750-8280.log
-- spec/support/logs/Dispatcher - 23577-56565.log
-- spec/support/logs/Dispatcher - 25456-8081.log
-- spec/support/logs/Dispatcher - 2208-27404.log
-- spec/support/logs/Dispatcher - 384-22932.log
-- spec/support/logs/Dispatcher - 23771-13735.log
-- spec/support/logs/Dispatcher - 24055-65062.log
-- spec/support/logs/Dispatcher - 28347-64968.log
-- spec/support/logs/Dispatcher - 29620-29551.log
-- spec/support/logs/Dispatcher - 772-59109.log
-- spec/support/logs/Dispatcher - 1338-50709.log
-- spec/support/logs/Dispatcher - 25084-11499.log
-- spec/support/logs/Dispatcher - 29288-55076.log
 - spec/support/logs/placeholder
-- spec/support/logs/Dispatcher - 1607-32309.log
-- spec/support/logs/Dispatcher - 24185-5125.log
-- spec/support/logs/Dispatcher - 1137-33870.log
-- spec/support/logs/Dispatcher - 28384-40303.log
-- spec/support/logs/Dispatcher - 28657-46406.log
-- spec/support/logs/Dispatcher - 24203-3500.log
-- spec/support/logs/Dispatcher - 1036-31265.log
-- spec/support/logs/Dispatcher - 28642-14288.log
-- spec/support/logs/Dispatcher - 28366-50815.log
-- spec/support/logs/Dispatcher - 2016-10522.log
-- spec/support/logs/Dispatcher - 29674-61313.log
-- spec/support/logs/Dispatcher - 28375-20163.log
-- spec/support/logs/Dispatcher - 1729-22756.log
-- spec/support/logs/Dispatcher - 24033-26547.log
-- spec/support/logs/Instance - 25242-65202.error.log
-- spec/support/logs/Dispatcher - 23789-37971.log
-- spec/support/logs/Dispatcher - 2025-12440.log
-- spec/support/logs/Dispatcher - 1711-14301.log
-- spec/support/logs/Dispatcher - 23928-16013.log
-- spec/support/logs/Dispatcher - 24814-22343.log
-- spec/support/logs/Dispatcher - 28402-18767.log
-- spec/support/logs/Dispatcher - 25438-34664.log
-- spec/support/logs/Dispatcher - 29044-7103.log
-- spec/support/logs/Dispatcher - 889-13083.log
-- spec/support/logs/Instance - 29341-7004.error.log
-- spec/support/logs/Dispatcher - 24796-60141.log
-- spec/support/logs/Dispatcher - 1347-36899.log
-- spec/support/logs/Dispatcher - 898-53883.log
-- spec/support/logs/Dispatcher - 28428-4219.log
-- spec/support/logs/Dispatcher - 24064-19057.log
-- spec/support/logs/Dispatcher - 23802-4861.log
-- spec/support/logs/Dispatcher - 23762-7032.log
-- spec/support/logs/Dispatcher - 25519-53450.log
-- spec/support/logs/Dispatcher - 28507-56565.log
-- spec/support/logs/Dispatcher - 339-13552.log
-- spec/support/logs/Dispatcher - 29770-31902.log
-- spec/support/logs/Dispatcher - 25320-24733.log
-- spec/support/logs/Dispatcher - 25532-55565.log
-- spec/support/logs/Dispatcher - 28768-65028.log
-- spec/support/logs/Dispatcher - 29319-62724.log
-- spec/support/logs/Dispatcher - 29752-63853.log
-- spec/support/logs/Dispatcher - 25447-3660.log
-- spec/support/logs/Dispatcher - 814-16120.log
-- spec/support/logs/Dispatcher - 28759-38308.log
-- spec/support/logs/Dispatcher - 2163-55198.log
-- spec/support/logs/Dispatcher - 25329-29047.log
-- spec/support/logs/Dispatcher - 25501-45084.log
-- spec/support/logs/Dispatcher - 24212-26331.log
-- spec/support/logs/Instance - 1766-53560.error.log
-- spec/support/logs/Dispatcher - 29714-17665.log
-- spec/support/logs/Dispatcher - 24973-13438.log
-- spec/support/logs/Dispatcher - 29761-3448.log
-- spec/support/logs/Dispatcher - 1018-26020.log
-- spec/support/logs/Dispatcher - 24783-19136.log
-- spec/support/logs/Dispatcher - 29174-14377.log
-- spec/support/logs/Dispatcher - 25052-29212.log
-- spec/support/logs/Dispatcher - 2239-1425.log
-- spec/support/logs/Dispatcher - 1616-38493.log
-- spec/support/logs/Instance - 25080-24917.error.log
-- spec/support/logs/Dispatcher - 1128-64822.log
-- spec/support/logs/Dispatcher - 29269-40689.log
-- spec/support/logs/Dispatcher - 24194-57640.log
-- spec/support/logs/Dispatcher - 1328-54360.log
-- spec/support/logs/Dispatcher - 24176-6454.log
-- spec/support/logs/Dispatcher - 1049-64968.log
-- spec/support/logs/Dispatcher - 29586-49998.log
-- spec/support/logs/Instance - 29315-55609.error.log
-- spec/support/logs/Dispatcher - 28741-5251.log
-- spec/support/logs/Dispatcher - 25541-6244.log
-- spec/support/logs/Dispatcher - 23734-28957.log
-- spec/support/logs/Dispatcher - 28612-10811.log
-- spec/support/logs/Dispatcher - 28415-56936.log
-- spec/support/logs/Dispatcher - 29004-46776.log
-- spec/support/logs/Dispatcher - 2058-54432.log
-- spec/support/logs/Dispatcher - 1000-42597.log
-- spec/support/logs/Dispatcher - 1009-18926.log
-- spec/support/logs/Dispatcher - 29026-3603.log
-- spec/support/logs/Dispatcher - 23815-27068.log
-- spec/support/logs/Instance - 29492-27943.error.log
-- spec/support/logs/Dispatcher - 2112-16482.log
-- spec/support/logs/Dispatcher - 800-47866.log
-- spec/support/logs/Dispatcher - 29013-21266.log
-- spec/support/logs/Dispatcher - 23753-8683.log
-- spec/support/logs/Dispatcher - 1720-52378.log
-- spec/support/logs/Dispatcher - 1585-60468.log
-- spec/support/logs/Dispatcher - 24951-32294.log
-- spec/support/logs/Dispatcher - 23900-13978.log
-- spec/support/logs/Dispatcher - 1594-55347.log
-- spec/support/logs/Dispatcher - 28580-47697.log
-- spec/support/logs/Dispatcher - 965-25535.log
-- spec/support/logs/Instance - 1343-24327.error.log
-- spec/support/logs/Dispatcher - 2034-6928.log
-- spec/support/logs/Dispatcher - 1625-44887.log
-- spec/support/logs/Dispatcher - 29629-49377.log
-- spec/support/logs/Dispatcher - 744-9325.log
-- spec/support/logs/Dispatcher - 28603-24718.log
-- spec/support/logs/Dispatcher - 1166-7613.log
-- spec/support/logs/Dispatcher - 24046-57891.log
-- spec/support/logs/Dispatcher - 2130-18423.log
-- spec/support/logs/Dispatcher - 23550-62617.log
-- spec/support/logs/Dispatcher - 2230-52868.log
-- spec/support/logs/Dispatcher - 911-41959.log
-- spec/support/logs/Dispatcher - 23952-10950.log
-- spec/support/logs/Dispatcher - 2199-19221.log
-- spec/support/logs/Dispatcher - 2121-7790.log
-- spec/support/logs/Dispatcher - 1119-32736.log
-- spec/support/logs/Dispatcher - 25371-56232.log
-- spec/support/logs/Dispatcher - 25075-37989.log
-- spec/support/logs/Dispatcher - 1362-31178.log
-- spec/support/logs/Dispatcher - 28732-54101.log
-- spec/support/logs/Dispatcher - 2145-13060.log
-- spec/support/logs/Instance - 1773-12955.error.log
-- spec/support/logs/Dispatcher - 25510-35194.log
-- spec/support/logs/Dispatcher - 24095-43694.log
-- spec/support/logs/Dispatcher - 24104-17121.log
-- spec/support/logs/Dispatcher - 25362-36226.log
-- spec/support/logs/Dispatcher - 29214-62279.log
-- spec/support/logs/Dispatcher - 24011-65281.log
-- spec/support/logs/Dispatcher - 29611-63916.log
-- spec/support/logs/Dispatcher - 955-24486.log
-- spec/support/logs/Instance - 24779-49625.error.log
-- spec/support/logs/Dispatcher - 24002-6528.log
-- spec/support/logs/Dispatcher - 25492-10542.log
-- spec/support/logs/Dispatcher - 28357-36177.log
-- spec/support/logs/Dispatcher - 24167-21385.log
-- spec/support/logs/Dispatcher - 29165-63459.log
-- spec/support/logs/Dispatcher - 25066-41541.log
-- spec/support/logs/Dispatcher - 28777-56986.log
-- spec/support/logs/Dispatcher - 29278-10110.log
-- spec/support/logs/Instance - 1948-11071.error.log
-- spec/support/logs/Dispatcher - 24805-24219.log
-- spec/support/logs/Dispatcher - 782-41178.log
-- spec/support/logs/Instance - 25106-33475.error.log
-- spec/support/logs/Dispatcher - 1698-55714.log
-- spec/support/logs/Instance - 1694-39251.error.log
-- spec/support/logs/Dispatcher - 25407-3246.log
-- spec/support/logs/Dispatcher - 1686-61752.log
-- spec/support/logs/Dispatcher - 28393-26451.log
-- spec/support/logs/Dispatcher - 28666-48831.log
-- spec/support/logs/Dispatcher - 1176-38750.log
-- spec/support/logs/Dispatcher - 24933-3408.log
-- spec/support/logs/Dispatcher - 827-2111.log
-- spec/support/logs/Instance - 25112-54559.error.log
-- spec/support/logs/Dispatcher - 29310-21310.log
-- spec/support/logs/Dispatcher - 28498-4440.log
-- spec/support/logs/Dispatcher - 29183-49752.log
-- spec/support/logs/Dispatcher - 29665-40270.log
-- spec/support/logs/Dispatcher - 25416-34890.log
-- spec/support/logs/Dispatcher - 2248-34228.log
-- spec/support/logs/Dispatcher - 28994-50422.log
-- spec/support/logs/Dispatcher - 29696-38359.log
-- spec/support/logs/Dispatcher - 974-14231.log
-- spec/support/logs/Instance - 29283-31439.error.log
-- spec/support/logs/Dispatcher - 1059-36177.log
-- spec/support/logs/Instance - 29009-57043.error.log
-- spec/support/logs/Dispatcher - 29783-47589.log
-- spec/support/logs/Dispatcher - 1155-1976.log
-- spec/support/logs/Dispatcher - 29301-13242.log
-- spec/support/logs/Dispatcher - 28787-15576.log
-- spec/support/logs/Dispatcher - 23744-12387.log
-- spec/support/logs/Dispatcher - 28489-21241.log
-- spec/support/logs/Dispatcher - 24222-65421.log
-- spec/support/logs/Dispatcher - 24964-62518.log
-- spec/support/logs/Dispatcher - 28179-60102.log
-- spec/support/logs/Instance - 1725-15789.error.log
-- spec/support/logs/Dispatcher - 28206-59109.log
-- spec/support/logs/Dispatcher - 29705-30896.log
-- spec/support/logs/Dispatcher - 1186-13313.log
-- spec/support/logs/Dispatcher - 29568-37063.log
-- spec/support/logs/Dispatcher - 23780-6422.log
-- spec/support/logs/Dispatcher - 1575-41606.log
-- spec/support/logs/Dispatcher - 29577-56333.log
-- spec/support/logs/Dispatcher - 1027-51590.log
-- spec/support/logs/Dispatcher - 763-49534.log
-- spec/support/logs/Dispatcher - 25311-26011.log
-- spec/support/logs/Dispatcher - 28593-45818.log
-- spec/support/logs/Dispatcher - 987-5144.log
 - spec/support/pems/cacert.pem
 - spec/support/pems/server/key.pem
 - spec/support/pems/server/cert.pem
@@ -1674,6 +1235,7 @@ test_files:
 - spec/support/servers/modules/audit/rfi.rb
 - spec/support/servers/modules/audit/session_fixation.rb
 - spec/support/servers/modules/audit/response_splitting.rb
+- spec/support/servers/modules/audit/source_code_disclosure.rb
 - spec/support/servers/modules/audit/os_cmd_injection.rb
 - spec/support/servers/modules/audit/os_cmd_injection_timing.rb
 - spec/support/servers/modules/audit/trainer_module.rb
@@ -1695,6 +1257,7 @@ test_files:
 - spec/support/servers/modules/audit/xss_event.rb
 - spec/support/servers/modules/module_server.rb
 - spec/support/servers/modules/recon/xst.rb
+- spec/support/servers/modules/recon/x_forwarded_for_access_restriction_bypass.rb
 - spec/support/servers/modules/recon/htaccess_limit.rb
 - spec/support/servers/modules/recon/http_put.rb
 - spec/support/servers/modules/recon/webdav.rb
@@ -1713,6 +1276,7 @@ test_files:
 - spec/support/servers/modules/recon/grep/html_objects.rb
 - spec/support/servers/modules/recon/grep/mixed_resource.rb
 - spec/support/servers/modules/recon/grep/emails.rb
+- spec/support/servers/modules/recon/grep/form_upload.rb
 - spec/support/servers/modules/recon/grep/http_only_cookies.rb
 - spec/support/servers/modules/recon/grep/captcha.rb
 - spec/support/servers/modules/recon/grep/cvs_svn_users.rb
@@ -1853,6 +1417,7 @@ test_files:
 - spec/modules/audit/path_traversal_spec.rb
 - spec/modules/audit/csrf_spec.rb
 - spec/modules/audit/xpath_spec.rb
+- spec/modules/audit/source_code_disclosure_spec.rb
 - spec/modules/audit/xss_event_spec.rb
 - spec/modules/audit/sqli_blind_rdiff_spec.rb
 - spec/modules/audit/os_cmd_injection_timing_spec.rb
@@ -1873,9 +1438,11 @@ test_files:
 - spec/modules/recon/common_directories_spec.rb
 - spec/modules/recon/interesting_responses_spec.rb
 - spec/modules/recon/htaccess_limit_spec.rb
+- spec/modules/recon/x_forwarded_for_access_restriction_bypass_spec.rb
 - spec/modules/recon/webdav_spec.rb
 - spec/modules/recon/backup_files_spec.rb
 - spec/modules/recon/grep/emails_spec.rb
+- spec/modules/recon/grep/form_upload_spec.rb
 - spec/modules/recon/grep/ssn_spec.rb
 - spec/modules/recon/grep/html_objects_spec.rb
 - spec/modules/recon/grep/unencrypted_password_forms_spec.rb