arachni 0.4.4 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG.md +37 -0
- data/README.md +18 -3
- data/lib/arachni/element/capabilities/auditable.rb +5 -1
- data/lib/arachni/element/capabilities/auditable/taint.rb +37 -2
- data/lib/arachni/platform/fingerprinter.rb +4 -4
- data/lib/arachni/platform/manager.rb +15 -1
- data/lib/arachni/platforms.rb +2 -1
- data/lib/arachni/rpc/server/framework/distributor.rb +2 -2
- data/lib/arachni/spider.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +1 -1
- data/lib/version +1 -1
- data/modules/audit/file_inclusion.rb +126 -0
- data/modules/audit/os_cmd_injection.rb +11 -9
- data/modules/audit/path_traversal.rb +21 -21
- data/modules/audit/source_code_disclosure.rb +16 -15
- data/modules/audit/sqli.rb +13 -6
- data/modules/audit/sqli/patterns/access +3 -0
- data/modules/audit/sqli/patterns/coldfusion +1 -0
- data/modules/audit/sqli/patterns/db2 +5 -0
- data/modules/audit/sqli/patterns/emc +2 -0
- data/modules/audit/sqli/patterns/firebird +2 -0
- data/modules/audit/sqli/patterns/frontbase +1 -0
- data/modules/audit/sqli/patterns/hsqldb +1 -0
- data/modules/audit/sqli/patterns/informix +3 -0
- data/modules/audit/sqli/patterns/ingres +3 -0
- data/modules/audit/sqli/patterns/interbase +2 -0
- data/modules/audit/sqli/patterns/maxdb +2 -0
- data/modules/audit/sqli/patterns/mssql +24 -0
- data/modules/audit/sqli/patterns/mysql +15 -0
- data/modules/audit/sqli/patterns/oracle +6 -0
- data/modules/audit/sqli/patterns/pgsql +8 -0
- data/modules/audit/sqli/patterns/sqlite +5 -0
- data/modules/audit/sqli/patterns/sybase +3 -0
- data/modules/recon/common_files/filenames.txt +1 -0
- data/modules/recon/localstart_asp.rb +67 -0
- data/path_extractors/comments.rb +30 -0
- data/path_extractors/meta_refresh.rb +8 -4
- data/plugins/uncommon_headers.rb +91 -0
- data/reports/html/default/issue.erb +1 -1
- data/reports/html/default/plugins.erb +3 -3
- data/reports/plugin_formatters/html/uncommon_headers.rb +47 -0
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +37 -0
- data/reports/plugin_formatters/xml/discovery.rb +2 -0
- data/reports/plugin_formatters/xml/timing_attacks.rb +2 -0
- data/reports/plugin_formatters/xml/uncommon_headers.rb +38 -0
- data/reports/plugin_formatters/xml/uniformity.rb +2 -1
- data/reports/xml/buffer.rb +9 -5
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +295 -82
- data/spec/arachni/framework_spec.rb +48 -35
- data/spec/arachni/platform/manager_spec.rb +3 -2
- data/spec/modules/audit/file_inclusion_spec.rb +25 -0
- data/spec/modules/audit/path_traversal_spec.rb +3 -3
- data/spec/modules/audit/sqli_spec.rb +2 -1
- data/spec/modules/recon/localstart_asp_spec.rb +19 -0
- data/spec/path_extractors/comments_spec.rb +22 -0
- data/spec/path_extractors/meta_refresh_spec.rb +3 -3
- data/spec/plugins/uncommon_headers_spec.rb +64 -0
- data/spec/support/logs/Dispatcher - 1755-58492.log +9 -0
- data/spec/support/logs/Dispatcher - 1783-39171.log +21 -0
- data/spec/support/logs/Dispatcher - 1920-39032.log +9 -0
- data/spec/support/logs/Dispatcher - 1931-5309.log +19 -0
- data/spec/support/logs/Dispatcher - 1943-59691.log +17 -0
- data/spec/support/logs/Dispatcher - 1953-29898.log +13 -0
- data/spec/support/logs/Dispatcher - 1962-41002.log +9 -0
- data/spec/support/logs/Dispatcher - 1973-27626.log +9 -0
- data/spec/support/logs/Dispatcher - 1983-18043.log +11 -0
- data/spec/support/logs/Dispatcher - 1996-23139.log +11 -0
- data/spec/support/logs/Dispatcher - 2010-10568.log +35 -0
- data/spec/support/logs/Dispatcher - 2072-29284.log +21 -0
- data/spec/support/logs/Dispatcher - 2081-3234.log +21 -0
- data/spec/support/logs/Dispatcher - 2090-18129.log +23 -0
- data/spec/support/logs/Dispatcher - 2132-43806.log +19 -0
- data/spec/support/logs/Dispatcher - 2141-1327.log +17 -0
- data/spec/support/logs/Dispatcher - 2150-52559.log +15 -0
- data/spec/support/logs/Dispatcher - 2163-60400.log +11 -0
- data/spec/support/logs/Dispatcher - 2176-6021.log +9 -0
- data/spec/support/logs/Dispatcher - 2185-22991.log +9 -0
- data/spec/support/logs/Dispatcher - 2194-15317.log +9 -0
- data/spec/support/logs/Dispatcher - 2203-51674.log +9 -0
- data/spec/support/logs/Dispatcher - 2212-25563.log +11 -0
- data/spec/support/logs/Dispatcher - 2225-7249.log +9 -0
- data/spec/support/logs/Dispatcher - 2234-36714.log +9 -0
- data/spec/support/logs/Dispatcher - 2291-34161.log +63 -0
- data/spec/support/logs/Dispatcher - 2300-29645.log +43 -0
- data/spec/support/logs/Dispatcher - 2309-26961.log +39 -0
- data/spec/support/logs/Dispatcher - 2320-25486.log +34 -0
- data/spec/support/logs/Dispatcher - 2394-20678.log +28 -0
- data/spec/support/logs/Dispatcher - 2409-35315.log +21 -0
- data/spec/support/logs/Dispatcher - 2428-13197.log +13 -0
- data/spec/support/logs/Dispatcher - 2444-26232.log +9 -0
- data/spec/support/logs/Dispatcher - 2573-19232.log +19 -0
- data/spec/support/logs/Dispatcher - 2583-26954.log +21 -0
- data/spec/support/logs/Dispatcher - 2592-57040.log +15 -0
- data/spec/support/logs/Dispatcher - 2606-55321.log +19 -0
- data/spec/support/logs/Dispatcher - 2615-56847.log +21 -0
- data/spec/support/logs/Dispatcher - 2624-51835.log +15 -0
- data/spec/support/logs/Dispatcher - 2745-54916.log +17 -0
- data/spec/support/logs/Dispatcher - 2754-32405.log +21 -0
- data/spec/support/logs/Dispatcher - 2763-13372.log +13 -0
- data/spec/support/logs/Dispatcher - 2776-6861.log +19 -0
- data/spec/support/logs/Dispatcher - 2785-19122.log +21 -0
- data/spec/support/logs/Dispatcher - 2794-54279.log +15 -0
- data/spec/support/logs/Dispatcher - 2847-13871.log +17 -0
- data/spec/support/logs/Dispatcher - 2856-56546.log +21 -0
- data/spec/support/logs/Dispatcher - 2865-22921.log +13 -0
- data/spec/support/logs/Dispatcher - 2878-27922.log +17 -0
- data/spec/support/logs/Dispatcher - 2888-5399.log +21 -0
- data/spec/support/logs/Dispatcher - 2897-6079.log +13 -0
- data/spec/support/logs/Dispatcher - 3129-24131.log +19 -0
- data/spec/support/logs/Dispatcher - 3139-17731.log +21 -0
- data/spec/support/logs/Dispatcher - 3148-33704.log +15 -0
- data/spec/support/logs/Dispatcher - 3172-16517.log +21 -0
- data/spec/support/logs/Dispatcher - 3181-26384.log +25 -0
- data/spec/support/logs/Dispatcher - 3190-37513.log +15 -0
- data/spec/support/logs/Dispatcher - 3232-40996.log +17 -0
- data/spec/support/logs/Dispatcher - 3241-14948.log +21 -0
- data/spec/support/logs/Dispatcher - 3250-40285.log +13 -0
- data/spec/support/logs/Dispatcher - 3263-26987.log +21 -0
- data/spec/support/logs/Dispatcher - 3272-2729.log +25 -0
- data/spec/support/logs/Dispatcher - 3297-52308.log +15 -0
- data/spec/support/logs/Dispatcher - 3335-17008.log +17 -0
- data/spec/support/logs/Dispatcher - 3344-33205.log +21 -0
- data/spec/support/logs/Dispatcher - 3353-22917.log +13 -0
- data/spec/support/logs/Dispatcher - 3367-34935.log +17 -0
- data/spec/support/logs/Dispatcher - 3376-35370.log +21 -0
- data/spec/support/logs/Dispatcher - 3385-26487.log +13 -0
- data/spec/support/logs/Instance - 2588-19460.error.log +314 -0
- data/spec/support/logs/Instance - 2861-5917.error.log +314 -0
- data/spec/support/logs/Instance - 2893-61274.error.log +413 -0
- data/spec/support/logs/Instance - 2913-11030.error.log +312 -0
- data/spec/support/logs/Instance - 2919-17549.error.log +314 -0
- data/spec/support/logs/Instance - 3054-17565.error.log +312 -0
- data/spec/support/servers/modules/audit/file_inclusion.rb +202 -0
- data/spec/support/servers/modules/audit/sqli/access +3 -0
- data/spec/support/servers/modules/audit/sqli/firebird +1 -0
- data/spec/support/servers/modules/audit/sqli/frontbase +1 -0
- data/spec/support/servers/modules/audit/sqli/hsqldb +1 -0
- data/spec/support/servers/modules/audit/sqli/ingres +3 -0
- data/spec/support/servers/modules/audit/sqli/maxdb +2 -0
- data/spec/support/servers/modules/audit/sqli/mssql +0 -5
- data/spec/support/servers/modules/audit/sqli/oracle +1 -1
- data/spec/support/servers/modules/audit/sqli/sybase +3 -0
- data/spec/support/servers/modules/recon/localstart_asp.rb +5 -0
- data/spec/support/servers/plugins/uncommon_headers.rb +16 -0
- metadata +202 -4
- data/modules/audit/sqli/regexp_ids.txt +0 -69
- data/plugins/redundant_vectors.rb +0 -34
@@ -1,69 +0,0 @@
|
|
1
|
-
System\.Data\.OleDb\.OleDbException
|
2
|
-
\[Microsoft\]\[ODBC SQL Server Driver\]
|
3
|
-
\[SQLServer JDBC Driver\]
|
4
|
-
\[SqlException
|
5
|
-
System\.Data\.SqlClient\.SqlException
|
6
|
-
Unclosed quotation mark after the character string
|
7
|
-
'80040e14'
|
8
|
-
mssql_query\(\)
|
9
|
-
Microsoft OLE DB Provider for ODBC Drivers
|
10
|
-
Microsoft OLE DB Provider for SQL Server
|
11
|
-
Incorrect syntax near
|
12
|
-
Sintaxis incorrecta cerca de
|
13
|
-
Syntax error in string in query expression
|
14
|
-
ADODB\.Field \(0x800A0BCD\)
|
15
|
-
odbc_exec\(\)
|
16
|
-
Procedure or function .* expects parameter
|
17
|
-
Unclosed quotation mark before the character string
|
18
|
-
DB2 SQL error:
|
19
|
-
\[IBM\]\[CLI Driver\]\[DB2/6000\]
|
20
|
-
Sybase message:
|
21
|
-
Syntax error .* in query expression
|
22
|
-
Data type mismatch in criteria expression\.
|
23
|
-
\[Microsoft\]\[ODBC Microsoft Access Driver\]
|
24
|
-
PostgreSQL query failed:
|
25
|
-
supplied argument is not a valid PostgreSQL result
|
26
|
-
pg_query\(\) \[:
|
27
|
-
pg_exec\(\) \[:
|
28
|
-
supplied argument is not a valid MySQL
|
29
|
-
Column count doesn't match value count at row
|
30
|
-
mysql_fetch_array\(\)
|
31
|
-
on MySQL result index
|
32
|
-
You have an error in your SQL syntax;
|
33
|
-
You have an error in your SQL syntax near
|
34
|
-
MySQL server version for the right syntax to use
|
35
|
-
\[MySQL\]\[ODBC
|
36
|
-
Column count doesn't match
|
37
|
-
the used select statements have different number of columns
|
38
|
-
Table '[^']+' doesn't exist
|
39
|
-
com\.informix\.jdbc
|
40
|
-
An illegal character has been found in the statement
|
41
|
-
<b>Warning<b>: ibase_
|
42
|
-
\[DM_QUERY_E_SYNTAX\]
|
43
|
-
has occurred in the vicinity of:
|
44
|
-
java\.sql\.SQLException
|
45
|
-
Unexpected end of command in statement
|
46
|
-
\[Macromedia\]\[SQLServer JDBC Driver\]
|
47
|
-
SQL syntax.*MySQL
|
48
|
-
Warning.*mysql_.*
|
49
|
-
valid MySQL result
|
50
|
-
PostgreSQL.*ERROR
|
51
|
-
Warning.*pg_.*
|
52
|
-
valid PostgreSQL result
|
53
|
-
Driver.*SQL[\-\_\ ]*Server
|
54
|
-
OLE DB.*SQL Server
|
55
|
-
SQL Server.*Driver
|
56
|
-
Warning.*mssql_.*
|
57
|
-
JET Database Engine
|
58
|
-
Access Database Engine
|
59
|
-
Oracle error
|
60
|
-
Oracle.*Driver
|
61
|
-
Warning.*oci_.*
|
62
|
-
Warning.*ora_.*
|
63
|
-
CLI Driver.*DB2
|
64
|
-
DB2 SQL error
|
65
|
-
Exception.*Informix
|
66
|
-
Warning.*sqlite_.*
|
67
|
-
SQLite/JDBCDriver
|
68
|
-
SQLite\.Exception
|
69
|
-
System\.Data\.SQLite\.SQLiteException
|
@@ -1,34 +0,0 @@
|
|
1
|
-
class Arachni::Plugins::RedundantVectors < Arachni::Plugin::Base
|
2
|
-
|
3
|
-
def run
|
4
|
-
@filter = Arachni::Support::LookUp::HashSet.new
|
5
|
-
|
6
|
-
Arachni::Element::Capabilities::Auditable.skip_like do |element|
|
7
|
-
next false if element.altered.to_s.empty?
|
8
|
-
|
9
|
-
id = get_id( element )
|
10
|
-
|
11
|
-
if @filter.include? id
|
12
|
-
print_info "Skipping: #{element.altered}"
|
13
|
-
true
|
14
|
-
else
|
15
|
-
@filter << id
|
16
|
-
false
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
def get_id( element )
|
22
|
-
"#{element.auditor.class}:#{element.altered}"
|
23
|
-
end
|
24
|
-
|
25
|
-
def self.info
|
26
|
-
{
|
27
|
-
name: 'Redundant vectors',
|
28
|
-
description: %q{Prevents vectors with the same name from being audited more than once.},
|
29
|
-
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
30
|
-
version: '0.1'
|
31
|
-
}
|
32
|
-
end
|
33
|
-
|
34
|
-
end
|