arachni 0.4.4 → 0.4.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG.md +37 -0
- data/README.md +18 -3
- data/lib/arachni/element/capabilities/auditable.rb +5 -1
- data/lib/arachni/element/capabilities/auditable/taint.rb +37 -2
- data/lib/arachni/platform/fingerprinter.rb +4 -4
- data/lib/arachni/platform/manager.rb +15 -1
- data/lib/arachni/platforms.rb +2 -1
- data/lib/arachni/rpc/server/framework/distributor.rb +2 -2
- data/lib/arachni/spider.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +1 -1
- data/lib/version +1 -1
- data/modules/audit/file_inclusion.rb +126 -0
- data/modules/audit/os_cmd_injection.rb +11 -9
- data/modules/audit/path_traversal.rb +21 -21
- data/modules/audit/source_code_disclosure.rb +16 -15
- data/modules/audit/sqli.rb +13 -6
- data/modules/audit/sqli/patterns/access +3 -0
- data/modules/audit/sqli/patterns/coldfusion +1 -0
- data/modules/audit/sqli/patterns/db2 +5 -0
- data/modules/audit/sqli/patterns/emc +2 -0
- data/modules/audit/sqli/patterns/firebird +2 -0
- data/modules/audit/sqli/patterns/frontbase +1 -0
- data/modules/audit/sqli/patterns/hsqldb +1 -0
- data/modules/audit/sqli/patterns/informix +3 -0
- data/modules/audit/sqli/patterns/ingres +3 -0
- data/modules/audit/sqli/patterns/interbase +2 -0
- data/modules/audit/sqli/patterns/maxdb +2 -0
- data/modules/audit/sqli/patterns/mssql +24 -0
- data/modules/audit/sqli/patterns/mysql +15 -0
- data/modules/audit/sqli/patterns/oracle +6 -0
- data/modules/audit/sqli/patterns/pgsql +8 -0
- data/modules/audit/sqli/patterns/sqlite +5 -0
- data/modules/audit/sqli/patterns/sybase +3 -0
- data/modules/recon/common_files/filenames.txt +1 -0
- data/modules/recon/localstart_asp.rb +67 -0
- data/path_extractors/comments.rb +30 -0
- data/path_extractors/meta_refresh.rb +8 -4
- data/plugins/uncommon_headers.rb +91 -0
- data/reports/html/default/issue.erb +1 -1
- data/reports/html/default/plugins.erb +3 -3
- data/reports/plugin_formatters/html/uncommon_headers.rb +47 -0
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +37 -0
- data/reports/plugin_formatters/xml/discovery.rb +2 -0
- data/reports/plugin_formatters/xml/timing_attacks.rb +2 -0
- data/reports/plugin_formatters/xml/uncommon_headers.rb +38 -0
- data/reports/plugin_formatters/xml/uniformity.rb +2 -1
- data/reports/xml/buffer.rb +9 -5
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +295 -82
- data/spec/arachni/framework_spec.rb +48 -35
- data/spec/arachni/platform/manager_spec.rb +3 -2
- data/spec/modules/audit/file_inclusion_spec.rb +25 -0
- data/spec/modules/audit/path_traversal_spec.rb +3 -3
- data/spec/modules/audit/sqli_spec.rb +2 -1
- data/spec/modules/recon/localstart_asp_spec.rb +19 -0
- data/spec/path_extractors/comments_spec.rb +22 -0
- data/spec/path_extractors/meta_refresh_spec.rb +3 -3
- data/spec/plugins/uncommon_headers_spec.rb +64 -0
- data/spec/support/logs/Dispatcher - 1755-58492.log +9 -0
- data/spec/support/logs/Dispatcher - 1783-39171.log +21 -0
- data/spec/support/logs/Dispatcher - 1920-39032.log +9 -0
- data/spec/support/logs/Dispatcher - 1931-5309.log +19 -0
- data/spec/support/logs/Dispatcher - 1943-59691.log +17 -0
- data/spec/support/logs/Dispatcher - 1953-29898.log +13 -0
- data/spec/support/logs/Dispatcher - 1962-41002.log +9 -0
- data/spec/support/logs/Dispatcher - 1973-27626.log +9 -0
- data/spec/support/logs/Dispatcher - 1983-18043.log +11 -0
- data/spec/support/logs/Dispatcher - 1996-23139.log +11 -0
- data/spec/support/logs/Dispatcher - 2010-10568.log +35 -0
- data/spec/support/logs/Dispatcher - 2072-29284.log +21 -0
- data/spec/support/logs/Dispatcher - 2081-3234.log +21 -0
- data/spec/support/logs/Dispatcher - 2090-18129.log +23 -0
- data/spec/support/logs/Dispatcher - 2132-43806.log +19 -0
- data/spec/support/logs/Dispatcher - 2141-1327.log +17 -0
- data/spec/support/logs/Dispatcher - 2150-52559.log +15 -0
- data/spec/support/logs/Dispatcher - 2163-60400.log +11 -0
- data/spec/support/logs/Dispatcher - 2176-6021.log +9 -0
- data/spec/support/logs/Dispatcher - 2185-22991.log +9 -0
- data/spec/support/logs/Dispatcher - 2194-15317.log +9 -0
- data/spec/support/logs/Dispatcher - 2203-51674.log +9 -0
- data/spec/support/logs/Dispatcher - 2212-25563.log +11 -0
- data/spec/support/logs/Dispatcher - 2225-7249.log +9 -0
- data/spec/support/logs/Dispatcher - 2234-36714.log +9 -0
- data/spec/support/logs/Dispatcher - 2291-34161.log +63 -0
- data/spec/support/logs/Dispatcher - 2300-29645.log +43 -0
- data/spec/support/logs/Dispatcher - 2309-26961.log +39 -0
- data/spec/support/logs/Dispatcher - 2320-25486.log +34 -0
- data/spec/support/logs/Dispatcher - 2394-20678.log +28 -0
- data/spec/support/logs/Dispatcher - 2409-35315.log +21 -0
- data/spec/support/logs/Dispatcher - 2428-13197.log +13 -0
- data/spec/support/logs/Dispatcher - 2444-26232.log +9 -0
- data/spec/support/logs/Dispatcher - 2573-19232.log +19 -0
- data/spec/support/logs/Dispatcher - 2583-26954.log +21 -0
- data/spec/support/logs/Dispatcher - 2592-57040.log +15 -0
- data/spec/support/logs/Dispatcher - 2606-55321.log +19 -0
- data/spec/support/logs/Dispatcher - 2615-56847.log +21 -0
- data/spec/support/logs/Dispatcher - 2624-51835.log +15 -0
- data/spec/support/logs/Dispatcher - 2745-54916.log +17 -0
- data/spec/support/logs/Dispatcher - 2754-32405.log +21 -0
- data/spec/support/logs/Dispatcher - 2763-13372.log +13 -0
- data/spec/support/logs/Dispatcher - 2776-6861.log +19 -0
- data/spec/support/logs/Dispatcher - 2785-19122.log +21 -0
- data/spec/support/logs/Dispatcher - 2794-54279.log +15 -0
- data/spec/support/logs/Dispatcher - 2847-13871.log +17 -0
- data/spec/support/logs/Dispatcher - 2856-56546.log +21 -0
- data/spec/support/logs/Dispatcher - 2865-22921.log +13 -0
- data/spec/support/logs/Dispatcher - 2878-27922.log +17 -0
- data/spec/support/logs/Dispatcher - 2888-5399.log +21 -0
- data/spec/support/logs/Dispatcher - 2897-6079.log +13 -0
- data/spec/support/logs/Dispatcher - 3129-24131.log +19 -0
- data/spec/support/logs/Dispatcher - 3139-17731.log +21 -0
- data/spec/support/logs/Dispatcher - 3148-33704.log +15 -0
- data/spec/support/logs/Dispatcher - 3172-16517.log +21 -0
- data/spec/support/logs/Dispatcher - 3181-26384.log +25 -0
- data/spec/support/logs/Dispatcher - 3190-37513.log +15 -0
- data/spec/support/logs/Dispatcher - 3232-40996.log +17 -0
- data/spec/support/logs/Dispatcher - 3241-14948.log +21 -0
- data/spec/support/logs/Dispatcher - 3250-40285.log +13 -0
- data/spec/support/logs/Dispatcher - 3263-26987.log +21 -0
- data/spec/support/logs/Dispatcher - 3272-2729.log +25 -0
- data/spec/support/logs/Dispatcher - 3297-52308.log +15 -0
- data/spec/support/logs/Dispatcher - 3335-17008.log +17 -0
- data/spec/support/logs/Dispatcher - 3344-33205.log +21 -0
- data/spec/support/logs/Dispatcher - 3353-22917.log +13 -0
- data/spec/support/logs/Dispatcher - 3367-34935.log +17 -0
- data/spec/support/logs/Dispatcher - 3376-35370.log +21 -0
- data/spec/support/logs/Dispatcher - 3385-26487.log +13 -0
- data/spec/support/logs/Instance - 2588-19460.error.log +314 -0
- data/spec/support/logs/Instance - 2861-5917.error.log +314 -0
- data/spec/support/logs/Instance - 2893-61274.error.log +413 -0
- data/spec/support/logs/Instance - 2913-11030.error.log +312 -0
- data/spec/support/logs/Instance - 2919-17549.error.log +314 -0
- data/spec/support/logs/Instance - 3054-17565.error.log +312 -0
- data/spec/support/servers/modules/audit/file_inclusion.rb +202 -0
- data/spec/support/servers/modules/audit/sqli/access +3 -0
- data/spec/support/servers/modules/audit/sqli/firebird +1 -0
- data/spec/support/servers/modules/audit/sqli/frontbase +1 -0
- data/spec/support/servers/modules/audit/sqli/hsqldb +1 -0
- data/spec/support/servers/modules/audit/sqli/ingres +3 -0
- data/spec/support/servers/modules/audit/sqli/maxdb +2 -0
- data/spec/support/servers/modules/audit/sqli/mssql +0 -5
- data/spec/support/servers/modules/audit/sqli/oracle +1 -1
- data/spec/support/servers/modules/audit/sqli/sybase +3 -0
- data/spec/support/servers/modules/recon/localstart_asp.rb +5 -0
- data/spec/support/servers/plugins/uncommon_headers.rb +16 -0
- metadata +202 -4
- data/modules/audit/sqli/regexp_ids.txt +0 -69
- data/plugins/redundant_vectors.rb +0 -34
@@ -14,17 +14,15 @@
|
|
14
14
|
limitations under the License.
|
15
15
|
=end
|
16
16
|
|
17
|
-
#
|
18
17
|
# Path Traversal audit module.
|
19
18
|
#
|
20
19
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
21
20
|
#
|
22
|
-
# @version 0.
|
21
|
+
# @version 0.4
|
23
22
|
#
|
24
23
|
# @see http://cwe.mitre.org/data/definitions/22.html
|
25
24
|
# @see http://www.owasp.org/index.php/Path_Traversal
|
26
25
|
# @see http://projects.webappsec.org/Path-Traversal
|
27
|
-
#
|
28
26
|
class Arachni::Modules::PathTraversal < Arachni::Module::Base
|
29
27
|
|
30
28
|
MINIMUM_TRAVERSALS = 0
|
@@ -33,14 +31,19 @@ class Arachni::Modules::PathTraversal < Arachni::Module::Base
|
|
33
31
|
def self.options
|
34
32
|
@options ||= {
|
35
33
|
format: [Format::STRAIGHT],
|
36
|
-
regexp:
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
34
|
+
regexp: {
|
35
|
+
unix: [
|
36
|
+
/DOCUMENT_ROOT.*HTTP_USER_AGENT/,
|
37
|
+
/(root|mail):.+:\d+:\d+:.+:[0-9a-zA-Z\/]+/im
|
38
|
+
],
|
39
|
+
windows: [
|
40
|
+
/\[boot loader\](.*)\[operating systems\]/im,
|
41
|
+
/\[fonts\](.*)\[extensions\]/im
|
42
|
+
],
|
43
|
+
tomcat: [
|
44
|
+
/<web\-app/im
|
45
|
+
]
|
46
|
+
},
|
44
47
|
|
45
48
|
# Add one more mutation (on the fly) which will include the extension
|
46
49
|
# of the original value (if that value was a filename) after a null byte.
|
@@ -72,23 +75,20 @@ class Arachni::Modules::PathTraversal < Arachni::Module::Base
|
|
72
75
|
'boot.ini',
|
73
76
|
'windows/win.ini',
|
74
77
|
'winnt/win.ini'
|
75
|
-
]
|
78
|
+
].map { |payload| [payload, "#{payload}#{'.'* 700}"] }.flatten
|
76
79
|
}.inject({}) do |h, (platform, payloads)|
|
77
80
|
h[platform] = payloads.map do |payload|
|
78
81
|
trv = '/'
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
trv << '../'
|
84
|
-
[ "#{trv}#{payload}", "file://#{trv}#{payload}" ]
|
85
|
-
end
|
82
|
+
(MINIMUM_TRAVERSALS..MAXIMUM_TRAVERSALS).map do
|
83
|
+
trv << '../'
|
84
|
+
[ "#{trv}#{payload}", "file://#{trv}#{payload}" ]
|
85
|
+
end
|
86
86
|
end.flatten
|
87
87
|
|
88
88
|
h
|
89
89
|
end
|
90
90
|
|
91
|
-
@payloads[:tomcat] = [ '
|
91
|
+
@payloads[:tomcat] = [ '/../../', '../../', ].map do |trv|
|
92
92
|
[ "#{trv}WEB-INF/web.xml", "file://#{trv}WEB-INF/web.xml" ]
|
93
93
|
end.flatten
|
94
94
|
|
@@ -107,7 +107,7 @@ class Arachni::Modules::PathTraversal < Arachni::Module::Base
|
|
107
107
|
based on the presence of relevant content in the HTML responses.},
|
108
108
|
elements: [ Element::FORM, Element::LINK, Element::COOKIE, Element::HEADER ],
|
109
109
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
|
110
|
-
version: '0.
|
110
|
+
version: '0.4',
|
111
111
|
references: {
|
112
112
|
'OWASP' => 'http://www.owasp.org/index.php/Path_Traversal',
|
113
113
|
'WASC' => 'http://projects.webappsec.org/Path-Traversal'
|
@@ -27,21 +27,22 @@ class Arachni::Modules::SourceCodeDisclosure < Arachni::Module::Base
|
|
27
27
|
|
28
28
|
def self.options
|
29
29
|
@options ||= {
|
30
|
-
format:
|
31
|
-
regexp:
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
30
|
+
format: [Format::STRAIGHT],
|
31
|
+
regexp: {
|
32
|
+
php: [
|
33
|
+
/<\?php/
|
34
|
+
],
|
35
|
+
jsp: [
|
36
|
+
/<%|<%=|<%@\s+page|<%@\s+include|<%--|import\s+javax.servlet|
|
37
|
+
import\s+java.io|import=['"]java.io|request\.getParameterValues\(|
|
38
|
+
response\.setHeader|response\.setIntHeader\(/m
|
39
|
+
],
|
40
|
+
asp: [
|
41
|
+
/<%|Response\.Write|Request\.Form|Request\.QueryString|
|
42
|
+
Response\.Flush|Session\.SessionID|Session\.Timeout|
|
43
|
+
Server\.CreateObject|Server\.MapPath/im
|
44
|
+
]
|
45
|
+
},
|
45
46
|
|
46
47
|
# Add one more mutation (on the fly) which will include the extension
|
47
48
|
# of the original value (if that value was a filename) after a null byte.
|
data/modules/audit/sqli.rb
CHANGED
@@ -14,23 +14,29 @@
|
|
14
14
|
limitations under the License.
|
15
15
|
=end
|
16
16
|
|
17
|
-
#
|
18
17
|
# SQL Injection audit module.
|
19
18
|
#
|
20
19
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
21
20
|
#
|
22
|
-
# @version 0.
|
21
|
+
# @version 0.2
|
23
22
|
#
|
24
23
|
# @see http://cwe.mitre.org/data/definitions/89.html
|
25
24
|
# @see http://unixwiz.net/techtips/sql-injection.html
|
26
25
|
# @see http://en.wikipedia.org/wiki/SQL_injection
|
27
26
|
# @see http://www.securiteam.com/securityreviews/5DP0N1P76E.html
|
28
27
|
# @see http://www.owasp.org/index.php/SQL_Injection
|
29
|
-
#
|
30
28
|
class Arachni::Modules::SQLInjection < Arachni::Module::Base
|
31
29
|
|
32
30
|
def self.error_patterns
|
33
|
-
@error_patterns
|
31
|
+
return @error_patterns if @error_patterns
|
32
|
+
|
33
|
+
@error_patterns = {}
|
34
|
+
Dir[File.dirname( __FILE__ ) + '/sqli/patterns/*'].each do |file|
|
35
|
+
@error_patterns[File.basename( file ).to_sym] =
|
36
|
+
IO.read( file ).split( "\n" )
|
37
|
+
end
|
38
|
+
|
39
|
+
@error_patterns
|
34
40
|
end
|
35
41
|
|
36
42
|
def self.ignore_patterns
|
@@ -62,14 +68,15 @@ class Arachni::Modules::SQLInjection < Arachni::Module::Base
|
|
62
68
|
description: %q{SQL injection module, uses known SQL DB errors to identify vulnerabilities.},
|
63
69
|
elements: [Element::LINK, Element::FORM, Element::COOKIE, Element::HEADER],
|
64
70
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
65
|
-
version: '0.
|
71
|
+
version: '0.2',
|
66
72
|
references: {
|
67
73
|
'UnixWiz' => 'http://unixwiz.net/techtips/sql-injection.html',
|
68
74
|
'Wikipedia' => 'http://en.wikipedia.org/wiki/SQL_injection',
|
69
75
|
'SecuriTeam' => 'http://www.securiteam.com/securityreviews/5DP0N1P76E.html',
|
70
76
|
'OWASP' => 'http://www.owasp.org/index.php/SQL_Injection'
|
71
77
|
},
|
72
|
-
targets: %w(Oracle ColdFusion InterBase PostgreSQL MySQL MSSQL EMC
|
78
|
+
targets: %w(Oracle ColdFusion InterBase PostgreSQL MySQL MSSQL EMC
|
79
|
+
SQLite DB2 Informix Firebird MaxDB Sybase Frontbase Ingres HSQLDB),
|
73
80
|
issue: {
|
74
81
|
name: %q{SQL Injection},
|
75
82
|
description: %q{SQL code can be injected into the web application.},
|
@@ -0,0 +1 @@
|
|
1
|
+
\[Macromedia\]\[SQLServer JDBC Driver\]
|
@@ -0,0 +1 @@
|
|
1
|
+
Exception (condition )?\d+\. Transaction rollback\.
|
@@ -0,0 +1 @@
|
|
1
|
+
org\.hsqldb\.jdbc
|
@@ -0,0 +1,24 @@
|
|
1
|
+
System\.Data\.OleDb\.OleDbException
|
2
|
+
\[Microsoft\]\[ODBC SQL Server Driver\]
|
3
|
+
\[SqlException
|
4
|
+
System\.Data\.SqlClient\.SqlException
|
5
|
+
Unclosed quotation mark after the character string
|
6
|
+
'80040e14'
|
7
|
+
mssql_query\(\)
|
8
|
+
Microsoft OLE DB Provider for ODBC Drivers
|
9
|
+
Microsoft OLE DB Provider for SQL Server
|
10
|
+
Incorrect syntax near
|
11
|
+
Sintaxis incorrecta cerca de
|
12
|
+
Syntax error in string in query expression
|
13
|
+
Procedure or function .* expects parameter
|
14
|
+
Unclosed quotation mark before the character string
|
15
|
+
Syntax error .* in query expression
|
16
|
+
Data type mismatch in criteria expression\.
|
17
|
+
ADODB\.Field \(0x800A0BCD\)
|
18
|
+
the used select statements have different number of columns
|
19
|
+
OLE DB.*SQL Server
|
20
|
+
Warning.*mssql_.*
|
21
|
+
Driver.*SQL[\-\_\ ]*Server
|
22
|
+
SQL Server.*Driver
|
23
|
+
SQL Server.*[0-9a-fA-F]{8}
|
24
|
+
Exception.*\WSystem\.Data\.SqlClient\.
|
@@ -0,0 +1,15 @@
|
|
1
|
+
supplied argument is not a valid MySQL
|
2
|
+
Column count doesn't match value count at row
|
3
|
+
mysql_fetch_array\(\)
|
4
|
+
on MySQL result index
|
5
|
+
You have an error in your SQL syntax;
|
6
|
+
You have an error in your SQL syntax near
|
7
|
+
MySQL server version for the right syntax to use
|
8
|
+
\[MySQL\]\[ODBC
|
9
|
+
Column count doesn't match
|
10
|
+
Table '[^']+' doesn't exist
|
11
|
+
SQL syntax.*MySQL
|
12
|
+
Warning.*mysql_.*
|
13
|
+
valid MySQL result
|
14
|
+
MySqlClient\.
|
15
|
+
|
@@ -0,0 +1,67 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
16
|
+
|
17
|
+
# localstart.asp recon module.
|
18
|
+
#
|
19
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
20
|
+
#
|
21
|
+
# @version 0.1
|
22
|
+
class Arachni::Modules::LocalstartASP < Arachni::Module::Base
|
23
|
+
|
24
|
+
def run
|
25
|
+
return if page.platforms.os.any? && !page.platforms.os.include?( :windows )
|
26
|
+
|
27
|
+
path = get_path( page.url )
|
28
|
+
return if audited?( path )
|
29
|
+
audited path
|
30
|
+
|
31
|
+
http.get( "#{path}/#{seed}" ) do |response|
|
32
|
+
# If it needs auth by default then don't bother checking because
|
33
|
+
# we'll get an FP.
|
34
|
+
return if response.code == 401
|
35
|
+
|
36
|
+
url = "#{path}/localstart.asp"
|
37
|
+
|
38
|
+
print_status "Checking: #{url}"
|
39
|
+
http.get( url, &method( :check_and_log ) )
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def check_and_log( response )
|
44
|
+
return if response.code != 401
|
45
|
+
|
46
|
+
log( { element: Element::SERVER }, response )
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.info
|
50
|
+
{
|
51
|
+
name: 'localstart.asp',
|
52
|
+
description: %q{Checks for localstart.asp.},
|
53
|
+
elements: [ Element::SERVER ],
|
54
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
55
|
+
version: '0.1',
|
56
|
+
targets: %w(Generic),
|
57
|
+
issue: {
|
58
|
+
name: %q{Exposed localstart.asp page},
|
59
|
+
description: %q{The default management ISS page localstart.asp
|
60
|
+
is still on the server.},
|
61
|
+
tags: %w(asp iis server),
|
62
|
+
severity: Severity::LOW
|
63
|
+
}
|
64
|
+
}
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
16
|
+
|
17
|
+
require 'uri'
|
18
|
+
|
19
|
+
# Extract paths from HTML comments.
|
20
|
+
#
|
21
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
22
|
+
# @version 0.1
|
23
|
+
class Arachni::Parser::Extractors::Comments < Arachni::Parser::Extractors::Base
|
24
|
+
|
25
|
+
def run( doc )
|
26
|
+
doc.xpath( '//comment()' ).map(&:text).join.
|
27
|
+
scan( /[\/a-zA-Z0-9%._-]+/ ).select { |s| s.include? '/' }
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
@@ -19,7 +19,7 @@
|
|
19
19
|
#
|
20
20
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
21
21
|
#
|
22
|
-
# @version 0.1.
|
22
|
+
# @version 0.1.2
|
23
23
|
#
|
24
24
|
class Arachni::Parser::Extractors::MetaRefresh < Arachni::Parser::Extractors::Base
|
25
25
|
|
@@ -31,7 +31,13 @@ class Arachni::Parser::Extractors::MetaRefresh < Arachni::Parser::Extractors::Ba
|
|
31
31
|
# @return [Array<String>] paths
|
32
32
|
#
|
33
33
|
def run( doc )
|
34
|
-
doc.search( "//meta[
|
34
|
+
doc.search( "//meta[
|
35
|
+
translate(
|
36
|
+
@http-equiv,
|
37
|
+
'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
|
38
|
+
'abcdefghijklmnopqrstuvwxyz'
|
39
|
+
) = 'refresh'
|
40
|
+
]" ).map do |url|
|
35
41
|
begin
|
36
42
|
_, url = url['content'].split( ';', 2 )
|
37
43
|
next if !url
|
@@ -40,8 +46,6 @@ class Arachni::Parser::Extractors::MetaRefresh < Arachni::Parser::Extractors::Ba
|
|
40
46
|
next
|
41
47
|
end
|
42
48
|
end
|
43
|
-
rescue
|
44
|
-
nil
|
45
49
|
end
|
46
50
|
|
47
51
|
def unquote( str )
|
@@ -0,0 +1,91 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
16
|
+
|
17
|
+
#
|
18
|
+
#
|
19
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
20
|
+
class Arachni::Plugins::UncommonHeaders < Arachni::Plugin::Base
|
21
|
+
|
22
|
+
is_distributable
|
23
|
+
|
24
|
+
COMMON = Set.new([
|
25
|
+
'content-type',
|
26
|
+
'content-length',
|
27
|
+
'server',
|
28
|
+
'connection',
|
29
|
+
'accept-ranges',
|
30
|
+
'age',
|
31
|
+
'allow',
|
32
|
+
'cache-control',
|
33
|
+
'content-encoding',
|
34
|
+
'content-language',
|
35
|
+
'content-range',
|
36
|
+
'date',
|
37
|
+
'etag',
|
38
|
+
'expires',
|
39
|
+
'last-modified',
|
40
|
+
'location',
|
41
|
+
'pragma',
|
42
|
+
'proxy-authenticate',
|
43
|
+
'set-cookie',
|
44
|
+
'trailer',
|
45
|
+
'transfer-encoding'
|
46
|
+
])
|
47
|
+
|
48
|
+
def prepare
|
49
|
+
@headers_per_url = Hash.new do |h, url|
|
50
|
+
h[url] = {}
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def run
|
55
|
+
http.add_on_complete do |response|
|
56
|
+
headers = response.headers_hash.
|
57
|
+
select { |name, _| !COMMON.include?( name.to_s.downcase ) }
|
58
|
+
|
59
|
+
@headers_per_url[response.effective_url].merge! headers
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
def clean_up
|
64
|
+
wait_while_framework_running
|
65
|
+
register_results @headers_per_url
|
66
|
+
end
|
67
|
+
|
68
|
+
def self.merge( results )
|
69
|
+
merged = Hash.new do |h, url|
|
70
|
+
h[url] = {}
|
71
|
+
end
|
72
|
+
|
73
|
+
results.each do |headers_per_url|
|
74
|
+
headers_per_url.each do |url, headers|
|
75
|
+
merged[url].merge! headers
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
merged
|
80
|
+
end
|
81
|
+
|
82
|
+
def self.info
|
83
|
+
{
|
84
|
+
name: 'Uncommon headers',
|
85
|
+
description: %q{Intercepts HTTP responses and logs uncommon headers.},
|
86
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
87
|
+
version: '0.1'
|
88
|
+
}
|
89
|
+
end
|
90
|
+
|
91
|
+
end
|