arachni 0.4.5.2 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +9 -9
- data/CHANGELOG.md +97 -0
- data/CONTRIBUTORS.md +1 -0
- data/NOTICE +1 -1
- data/README.md +4 -4
- data/Rakefile +111 -26
- data/arachni.gemspec +2 -2
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +1 -1
- data/bin/arachni_rpc +1 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +1 -1
- data/bin/arachni_script +1 -1
- data/external/metasploit/LICENSE +1 -1
- data/fingerprinters/frameworks/rack.rb +1 -1
- data/fingerprinters/languages/asp.rb +1 -1
- data/fingerprinters/languages/aspx.rb +1 -1
- data/fingerprinters/languages/jsp.rb +3 -5
- data/fingerprinters/languages/php.rb +1 -1
- data/fingerprinters/languages/python.rb +1 -1
- data/fingerprinters/languages/ruby.rb +1 -1
- data/fingerprinters/os/bsd.rb +1 -1
- data/fingerprinters/os/linux.rb +1 -1
- data/fingerprinters/os/solaris.rb +1 -1
- data/fingerprinters/os/unix.rb +1 -1
- data/fingerprinters/os/windows.rb +1 -1
- data/fingerprinters/servers/apache.rb +1 -1
- data/fingerprinters/servers/iis.rb +1 -1
- data/fingerprinters/servers/jetty.rb +1 -1
- data/fingerprinters/servers/nginx.rb +1 -1
- data/fingerprinters/servers/tomcat.rb +1 -1
- data/lib/arachni.rb +6 -1
- data/lib/arachni/audit_store.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/enum.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +45 -22
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +378 -122
- data/lib/arachni/element/capabilities/auditable/taint.rb +57 -20
- data/lib/arachni/element/capabilities/auditable/timeout.rb +95 -68
- data/lib/arachni/element/capabilities/mutable.rb +77 -40
- data/lib/arachni/element/capabilities/refreshable.rb +7 -1
- data/lib/arachni/element/cookie.rb +46 -167
- data/lib/arachni/element/form.rb +77 -517
- data/lib/arachni/element/header.rb +21 -15
- data/lib/arachni/element/link.rb +2 -2
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/framework.rb +16 -7
- data/lib/arachni/http.rb +111 -118
- data/lib/arachni/http/cookie_jar.rb +8 -2
- data/lib/arachni/issue.rb +4 -1
- data/lib/arachni/mixins/observable.rb +1 -1
- data/lib/arachni/mixins/progress_bar.rb +1 -1
- data/lib/arachni/mixins/terminal.rb +1 -1
- data/lib/arachni/module.rb +1 -1
- data/lib/arachni/module/auditor.rb +23 -17
- data/lib/arachni/module/base.rb +1 -1
- data/lib/arachni/module/manager.rb +4 -4
- data/lib/arachni/module/output.rb +1 -1
- data/lib/arachni/module/utilities.rb +1 -1
- data/lib/arachni/options.rb +28 -7
- data/lib/arachni/page.rb +4 -5
- data/lib/arachni/parser.rb +3 -2
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +11 -29
- data/lib/arachni/platform/manager.rb +31 -8
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +1 -1
- data/lib/arachni/plugin/manager.rb +1 -1
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +1 -1
- data/lib/arachni/report.rb +1 -1
- data/lib/arachni/report/base.rb +1 -1
- data/lib/arachni/report/manager.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +10 -6
- data/lib/arachni/rpc/server/dispatcher/handler.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +5 -3
- data/lib/arachni/rpc/server/framework.rb +5 -3
- data/lib/arachni/rpc/server/framework/distributor.rb +24 -19
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +7 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +5 -4
- data/lib/arachni/rpc/server/module/manager.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/rpc/server/spider.rb +5 -2
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +9 -1
- data/lib/arachni/ruby/enumerable.rb +1 -1
- data/lib/arachni/ruby/hash.rb +24 -5
- data/lib/arachni/ruby/io.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +13 -2
- data/lib/arachni/ruby/webrick.rb +3 -15
- data/lib/arachni/ruby/webrick/cookie.rb +30 -0
- data/lib/arachni/ruby/webrick/httprequest.rb +42 -0
- data/lib/arachni/session.rb +21 -8
- data/lib/arachni/spider.rb +18 -11
- data/lib/arachni/support.rb +3 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +5 -5
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +52 -69
- data/lib/arachni/{module → support}/key_filler.rb +11 -17
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/queue.rb +1 -1
- data/lib/arachni/support/queue/disk.rb +1 -1
- data/lib/arachni/support/signature.rb +153 -0
- data/lib/arachni/trainer.rb +30 -19
- data/lib/arachni/typhoeus/hydra.rb +1 -1
- data/lib/arachni/typhoeus/request.rb +1 -1
- data/lib/arachni/typhoeus/response.rb +8 -2
- data/lib/arachni/typhoeus/utils.rb +1 -1
- data/lib/arachni/ui/cli/cli.rb +18 -7
- data/lib/arachni/ui/cli/output.rb +28 -1
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +1 -1
- data/lib/arachni/ui/cli/rpc/instance.rb +1 -1
- data/lib/arachni/ui/cli/rpc/local.rb +1 -1
- data/lib/arachni/ui/cli/rpc/remote.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +14 -29
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +2 -3
- data/lib/arachni/utilities.rb +1 -1
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/modules/audit/code_injection.rb +1 -1
- data/modules/audit/code_injection_php_input_wrapper.rb +1 -1
- data/modules/audit/code_injection_timing.rb +1 -1
- data/modules/audit/csrf.rb +1 -1
- data/modules/audit/file_inclusion.rb +5 -5
- data/modules/audit/ldapi.rb +1 -1
- data/modules/audit/os_cmd_injection.rb +1 -1
- data/modules/audit/os_cmd_injection_timing.rb +4 -3
- data/modules/audit/path_traversal.rb +5 -5
- data/modules/audit/response_splitting.rb +1 -1
- data/modules/audit/rfi.rb +1 -1
- data/modules/audit/session_fixation.rb +1 -1
- data/modules/audit/source_code_disclosure.rb +21 -17
- data/modules/audit/sqli.rb +11 -8
- data/modules/audit/sqli/patterns/pgsql +1 -0
- data/modules/audit/sqli/regexp_ignore.txt +1 -0
- data/modules/audit/sqli_blind_rdiff.rb +12 -12
- data/modules/audit/sqli_blind_rdiff/payloads.txt +1 -5
- data/modules/audit/sqli_blind_timing.rb +4 -6
- data/modules/audit/sqli_blind_timing/mssql.txt +9 -9
- data/modules/audit/sqli_blind_timing/mysql.txt +9 -31
- data/modules/audit/sqli_blind_timing/pgsql.txt +6 -28
- data/modules/audit/trainer.rb +1 -1
- data/modules/audit/unvalidated_redirect.rb +1 -1
- data/modules/audit/xpath.rb +1 -1
- data/modules/audit/xss.rb +12 -12
- data/modules/audit/xss_event.rb +1 -1
- data/modules/audit/xss_path.rb +1 -1
- data/modules/audit/xss_script_tag.rb +13 -20
- data/modules/audit/xss_tag.rb +5 -7
- data/modules/recon/allowed_methods.rb +1 -1
- data/modules/recon/backdoors.rb +1 -1
- data/modules/recon/backup_files.rb +1 -1
- data/modules/recon/common_directories.rb +1 -1
- data/modules/recon/common_files.rb +1 -1
- data/modules/recon/common_files/filenames.txt +1 -0
- data/modules/recon/directory_listing.rb +2 -2
- data/modules/recon/grep/captcha.rb +1 -1
- data/modules/recon/grep/credit_card.rb +1 -1
- data/modules/recon/grep/cvs_svn_users.rb +1 -1
- data/modules/recon/grep/emails.rb +1 -1
- data/modules/recon/grep/form_upload.rb +1 -1
- data/modules/recon/grep/html_objects.rb +1 -1
- data/modules/recon/grep/http_only_cookies.rb +1 -1
- data/modules/recon/grep/insecure_cookies.rb +1 -1
- data/modules/recon/grep/mixed_resource.rb +1 -1
- data/modules/recon/grep/password_autocomplete.rb +1 -1
- data/modules/recon/grep/private_ip.rb +1 -1
- data/modules/recon/grep/ssn.rb +1 -1
- data/modules/recon/grep/unencrypted_password_forms.rb +1 -1
- data/modules/recon/htaccess_limit.rb +1 -1
- data/modules/recon/http_put.rb +1 -1
- data/modules/recon/interesting_responses.rb +1 -1
- data/modules/recon/localstart_asp.rb +5 -5
- data/modules/recon/webdav.rb +1 -1
- data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +1 -1
- data/modules/recon/xst.rb +1 -1
- data/path_extractors/anchors.rb +1 -1
- data/path_extractors/areas.rb +1 -1
- data/path_extractors/forms.rb +1 -1
- data/path_extractors/frames.rb +1 -1
- data/path_extractors/generic.rb +1 -1
- data/path_extractors/links.rb +1 -1
- data/path_extractors/meta_refresh.rb +1 -1
- data/path_extractors/scripts.rb +1 -1
- data/plugins/autologin.rb +16 -8
- data/plugins/beep_notify.rb +1 -1
- data/plugins/{defaults/content_types.rb → content_types.rb} +1 -1
- data/plugins/cookie_collector.rb +21 -11
- data/plugins/defaults/autothrottle.rb +1 -1
- data/plugins/defaults/healthmap.rb +1 -1
- data/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/plugins/defaults/meta/remedies/timing_attacks.rb +6 -8
- data/plugins/defaults/meta/uniformity.rb +1 -1
- data/plugins/defaults/resolver.rb +1 -1
- data/plugins/email_notify.rb +1 -1
- data/plugins/form_dicattack.rb +1 -1
- data/plugins/http_dicattack.rb +1 -1
- data/plugins/libnotify.rb +1 -1
- data/plugins/profiler.rb +1 -1
- data/plugins/proxy.rb +2 -1
- data/plugins/proxy/server.rb +3 -1
- data/plugins/proxy/template_scope.rb +1 -1
- data/plugins/rescan.rb +1 -1
- data/plugins/script.rb +1 -1
- data/plugins/uncommon_headers.rb +2 -1
- data/plugins/vector_feed.rb +1 -1
- data/plugins/waf_detector.rb +1 -1
- data/reports/afr.rb +8 -9
- data/reports/ap.rb +1 -1
- data/reports/html.rb +8 -12
- data/reports/html/default.erb +2 -3
- data/reports/html/default/issue.erb +0 -12
- data/reports/html/default/issues.erb +2 -2
- data/reports/json.rb +13 -10
- data/reports/marshal.rb +8 -9
- data/reports/metareport.rb +9 -10
- data/reports/plugin_formatters/html/autologin.rb +1 -1
- data/reports/plugin_formatters/html/content_types.rb +1 -1
- data/reports/plugin_formatters/html/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/html/discovery.rb +1 -1
- data/reports/plugin_formatters/html/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/healthmap.rb +1 -1
- data/reports/plugin_formatters/html/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/profiler.rb +1 -1
- data/reports/plugin_formatters/html/resolver.rb +1 -1
- data/reports/plugin_formatters/html/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/html/uniformity.rb +1 -1
- data/reports/plugin_formatters/html/waf_detector.rb +1 -1
- data/reports/plugin_formatters/stdout/autologin.rb +1 -1
- data/reports/plugin_formatters/stdout/content_types.rb +1 -1
- data/reports/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/stdout/discovery.rb +1 -1
- data/reports/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/healthmap.rb +2 -4
- data/reports/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/profiler.rb +1 -1
- data/reports/plugin_formatters/stdout/resolver.rb +1 -1
- data/reports/plugin_formatters/stdout/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/stdout/uniformity.rb +1 -1
- data/reports/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/reports/plugin_formatters/xml/autologin.rb +1 -1
- data/reports/plugin_formatters/xml/content_types.rb +1 -1
- data/reports/plugin_formatters/xml/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/xml/discovery.rb +1 -1
- data/reports/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/healthmap.rb +1 -1
- data/reports/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/profiler.rb +1 -1
- data/reports/plugin_formatters/xml/resolver.rb +1 -1
- data/reports/plugin_formatters/xml/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/xml/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/xml/uniformity.rb +1 -1
- data/reports/plugin_formatters/xml/waf_detector.rb +1 -1
- data/reports/stdout.rb +1 -1
- data/reports/txt.rb +1 -1
- data/reports/xml.rb +8 -9
- data/reports/xml/buffer.rb +2 -2
- data/reports/yaml.rb +8 -9
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +80 -2
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +44 -29
- data/spec/arachni/element/cookie_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +31 -13
- data/spec/arachni/http/cookie_jar_spec.rb +11 -0
- data/spec/arachni/http_spec.rb +33 -7
- data/spec/arachni/issue_spec.rb +10 -3
- data/spec/arachni/options_spec.rb +18 -1
- data/spec/arachni/parser_spec.rb +27 -26
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +10 -1
- data/spec/arachni/rpc/server/dispatcher_spec.rb +15 -0
- data/spec/arachni/ruby/array_spec.rb +11 -0
- data/spec/arachni/ruby/hash_spec.rb +28 -1
- data/spec/arachni/ruby/string_spec.rb +14 -1
- data/spec/arachni/session_spec.rb +39 -0
- data/spec/arachni/spider_spec.rb +23 -14
- data/spec/arachni/{module → support}/key_filler.rb +20 -2
- data/spec/arachni/support/signature_spec.rb +158 -0
- data/spec/arachni/trainer_spec.rb +31 -0
- data/spec/arachni/typhoeus/response_spec.rb +17 -0
- data/spec/arachni/uri_spec.rb +1 -1
- data/spec/external/wavsep/active/lfi_spec.rb +94 -0
- data/spec/external/wavsep/active/rfi_spec.rb +35 -0
- data/spec/external/wavsep/active/sqli_spec.rb +108 -0
- data/spec/external/wavsep/active/xss_spec.rb +41 -0
- data/spec/external/wavsep/false_positives/lfi_spec.rb +33 -0
- data/spec/external/wavsep/false_positives/rfi_spec.rb +21 -0
- data/spec/external/wavsep/false_positives/sqli_spec.rb +32 -0
- data/spec/external/wavsep/false_positives/xss_spec.rb +21 -0
- data/spec/modules/audit/source_code_disclosure_spec.rb +4 -4
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_timing_spec.rb +3 -3
- data/spec/modules/audit/sqli_spec.rb +1 -1
- data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
- data/spec/plugins/autologin_spec.rb +25 -7
- data/spec/plugins/cookie_collector_spec.rb +17 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/modules/test.rb +1 -1
- data/spec/support/fixtures/modules/test2.rb +1 -1
- data/spec/support/fixtures/modules/test3.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/spider_hook.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_mod/body.rb +1 -1
- data/spec/support/fixtures/run_mod/cookies.rb +1 -1
- data/spec/support/fixtures/run_mod/empty.rb +1 -1
- data/spec/support/fixtures/run_mod/flch.rb +1 -1
- data/spec/support/fixtures/run_mod/forms.rb +1 -1
- data/spec/support/fixtures/run_mod/headers.rb +1 -1
- data/spec/support/fixtures/run_mod/links.rb +1 -1
- data/spec/support/fixtures/run_mod/nil.rb +1 -1
- data/spec/support/fixtures/run_mod/path.rb +1 -1
- data/spec/support/fixtures/run_mod/server.rb +1 -1
- data/spec/support/fixtures/taint_module/taint.rb +1 -1
- data/spec/support/fixtures/wait_module/wait.rb +1 -1
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +1 -1
- data/spec/support/logs/Dispatcher - 10129-46995.log +9 -0
- data/spec/support/logs/Dispatcher - 10139-63648.log +19 -0
- data/spec/support/logs/Dispatcher - 10149-5551.log +17 -0
- data/spec/support/logs/Dispatcher - 10158-34385.log +13 -0
- data/spec/support/logs/Dispatcher - 10167-55701.log +9 -0
- data/spec/support/logs/Dispatcher - 10176-8922.log +9 -0
- data/spec/support/logs/Dispatcher - 10185-53716.log +11 -0
- data/spec/support/logs/Dispatcher - 10198-44724.log +11 -0
- data/spec/support/logs/Dispatcher - 10211-7697.log +11 -0
- data/spec/support/logs/Dispatcher - 10224-3751.log +35 -0
- data/spec/support/logs/Dispatcher - 10285-7404.log +21 -0
- data/spec/support/logs/Dispatcher - 10294-56221.log +21 -0
- data/spec/support/logs/Dispatcher - 10303-2483.log +23 -0
- data/spec/support/logs/Dispatcher - 10344-60543.log +19 -0
- data/spec/support/logs/Dispatcher - 10355-31708.log +17 -0
- data/spec/support/logs/Dispatcher - 10364-63170.log +15 -0
- data/spec/support/logs/Dispatcher - 10377-37936.log +11 -0
- data/spec/support/logs/Dispatcher - 10390-37511.log +9 -0
- data/spec/support/logs/Dispatcher - 10400-29603.log +9 -0
- data/spec/support/logs/Dispatcher - 10409-57042.log +9 -0
- data/spec/support/logs/Dispatcher - 10418-17812.log +9 -0
- data/spec/support/logs/Dispatcher - 10427-59862.log +11 -0
- data/spec/support/logs/Dispatcher - 10440-48351.log +9 -0
- data/spec/support/logs/Dispatcher - 10449-24218.log +9 -0
- data/spec/support/logs/Dispatcher - 10458-54646.log +9 -0
- data/spec/support/logs/Dispatcher - 10511-3333.log +63 -0
- data/spec/support/logs/Dispatcher - 10520-50009.log +43 -0
- data/spec/support/logs/Dispatcher - 10529-44870.log +39 -0
- data/spec/support/logs/Dispatcher - 10538-49556.log +34 -0
- data/spec/support/logs/Dispatcher - 10547-61887.log +28 -0
- data/spec/support/logs/Dispatcher - 10556-31163.log +21 -0
- data/spec/support/logs/Dispatcher - 10565-40008.log +13 -0
- data/spec/support/logs/Dispatcher - 10575-18836.log +9 -0
- data/spec/support/logs/Dispatcher - 10747-32268.log +19 -0
- data/spec/support/logs/Dispatcher - 10757-4081.log +21 -0
- data/spec/support/logs/Dispatcher - 10766-49190.log +15 -0
- data/spec/support/logs/Dispatcher - 10780-46610.log +19 -0
- data/spec/support/logs/Dispatcher - 10789-5332.log +21 -0
- data/spec/support/logs/Dispatcher - 10798-56243.log +15 -0
- data/spec/support/logs/Dispatcher - 10920-32037.log +17 -0
- data/spec/support/logs/Dispatcher - 10929-35662.log +21 -0
- data/spec/support/logs/Dispatcher - 10938-64010.log +13 -0
- data/spec/support/logs/Dispatcher - 10951-44746.log +19 -0
- data/spec/support/logs/Dispatcher - 10961-55791.log +21 -0
- data/spec/support/logs/Dispatcher - 10972-58913.log +15 -0
- data/spec/support/logs/Dispatcher - 11023-45004.log +17 -0
- data/spec/support/logs/Dispatcher - 11033-55505.log +21 -0
- data/spec/support/logs/Dispatcher - 11042-46123.log +13 -0
- data/spec/support/logs/Dispatcher - 11055-26836.log +17 -0
- data/spec/support/logs/Dispatcher - 11064-60361.log +21 -0
- data/spec/support/logs/Dispatcher - 11073-17507.log +13 -0
- data/spec/support/logs/Dispatcher - 11298-28357.log +19 -0
- data/spec/support/logs/Dispatcher - 11307-62669.log +21 -0
- data/spec/support/logs/Dispatcher - 11316-9391.log +15 -0
- data/spec/support/logs/Dispatcher - 11340-45921.log +21 -0
- data/spec/support/logs/Dispatcher - 11349-8693.log +25 -0
- data/spec/support/logs/Dispatcher - 11358-53753.log +15 -0
- data/spec/support/logs/Dispatcher - 11394-29437.log +17 -0
- data/spec/support/logs/Dispatcher - 11403-59953.log +21 -0
- data/spec/support/logs/Dispatcher - 11412-51134.log +13 -0
- data/spec/support/logs/Dispatcher - 11425-42569.log +21 -0
- data/spec/support/logs/Dispatcher - 11434-16150.log +25 -0
- data/spec/support/logs/Dispatcher - 11443-19072.log +15 -0
- data/spec/support/logs/Dispatcher - 11479-39149.log +17 -0
- data/spec/support/logs/Dispatcher - 11488-42169.log +21 -0
- data/spec/support/logs/Dispatcher - 11497-29822.log +13 -0
- data/spec/support/logs/Dispatcher - 11510-8273.log +17 -0
- data/spec/support/logs/Dispatcher - 11519-18206.log +21 -0
- data/spec/support/logs/Dispatcher - 11528-55825.log +13 -0
- data/spec/support/logs/Dispatcher - 9969-52890.log +9 -0
- data/spec/support/logs/Dispatcher - 9996-38451.log +21 -0
- data/spec/support/logs/{Instance - 12589-35500.error.log → Instance - 10762-33696.error.log } +63 -40
- data/spec/support/logs/{Instance - 16415-47240.error.log → Instance - 11038-18065.error.log } +65 -42
- data/spec/support/logs/{Instance - 16762-48636.error.log → Instance - 11069-34848.error.log } +162 -139
- data/spec/support/logs/{Instance - 16789-61713.error.log → Instance - 11091-33954.error.log } +60 -37
- data/spec/support/logs/{Instance - 16795-55306.error.log → Instance - 11097-33191.error.log } +65 -42
- data/spec/support/logs/{Instance - 12909-9442.error.log → Instance - 11229-38634.error.log } +60 -37
- data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +131 -7
- data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +4 -0
- data/spec/support/servers/arachni/element/form.rb +27 -0
- data/spec/support/servers/arachni/element/link.rb +16 -0
- data/spec/support/servers/arachni/session.rb +17 -1
- data/spec/support/servers/arachni/spider.rb +25 -1
- data/spec/support/servers/arachni/trainer.rb +8 -0
- data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +2 -1
- data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -1
- data/spec/support/servers/modules/audit/sqli/postgresql +2 -0
- data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +9 -13
- data/spec/support/shared/element/capabilities/auditable.rb +62 -3
- data/spec/support/shared/element/capabilities/refreshable.rb +27 -0
- data/spec/support/shared/external/wavsep.rb +89 -0
- metadata +1081 -1206
- data/lib/arachni/platforms.rb +0 -499
- data/logs/Dispatcher - 12101-7331.log +0 -15
- data/spec/support/logs/Dispatcher - 11821-58635.log +0 -9
- data/spec/support/logs/Dispatcher - 11848-37716.log +0 -21
- data/spec/support/logs/Dispatcher - 11974-31477.log +0 -9
- data/spec/support/logs/Dispatcher - 11984-10290.log +0 -19
- data/spec/support/logs/Dispatcher - 11993-33501.log +0 -17
- data/spec/support/logs/Dispatcher - 12002-62227.log +0 -13
- data/spec/support/logs/Dispatcher - 12013-45779.log +0 -9
- data/spec/support/logs/Dispatcher - 12022-22434.log +0 -9
- data/spec/support/logs/Dispatcher - 12031-41130.log +0 -11
- data/spec/support/logs/Dispatcher - 12045-23894.log +0 -11
- data/spec/support/logs/Dispatcher - 12059-57317.log +0 -35
- data/spec/support/logs/Dispatcher - 12122-60206.log +0 -21
- data/spec/support/logs/Dispatcher - 12132-58445.log +0 -21
- data/spec/support/logs/Dispatcher - 12141-13273.log +0 -23
- data/spec/support/logs/Dispatcher - 12183-2341.log +0 -19
- data/spec/support/logs/Dispatcher - 12192-56486.log +0 -17
- data/spec/support/logs/Dispatcher - 12201-8840.log +0 -15
- data/spec/support/logs/Dispatcher - 12214-47545.log +0 -11
- data/spec/support/logs/Dispatcher - 12227-23676.log +0 -9
- data/spec/support/logs/Dispatcher - 12236-16018.log +0 -9
- data/spec/support/logs/Dispatcher - 12245-61980.log +0 -9
- data/spec/support/logs/Dispatcher - 12254-30185.log +0 -9
- data/spec/support/logs/Dispatcher - 12263-29578.log +0 -11
- data/spec/support/logs/Dispatcher - 12276-64279.log +0 -9
- data/spec/support/logs/Dispatcher - 12285-49975.log +0 -9
- data/spec/support/logs/Dispatcher - 12347-26600.log +0 -63
- data/spec/support/logs/Dispatcher - 12356-43960.log +0 -43
- data/spec/support/logs/Dispatcher - 12365-30567.log +0 -39
- data/spec/support/logs/Dispatcher - 12374-49263.log +0 -34
- data/spec/support/logs/Dispatcher - 12401-6543.log +0 -28
- data/spec/support/logs/Dispatcher - 12410-21678.log +0 -21
- data/spec/support/logs/Dispatcher - 12419-42381.log +0 -13
- data/spec/support/logs/Dispatcher - 12429-25829.log +0 -9
- data/spec/support/logs/Dispatcher - 12574-63838.log +0 -19
- data/spec/support/logs/Dispatcher - 12584-33256.log +0 -21
- data/spec/support/logs/Dispatcher - 12593-45982.log +0 -15
- data/spec/support/logs/Dispatcher - 12606-64171.log +0 -19
- data/spec/support/logs/Dispatcher - 12615-52258.log +0 -21
- data/spec/support/logs/Dispatcher - 12624-48032.log +0 -15
- data/spec/support/logs/Dispatcher - 12744-31691.log +0 -17
- data/spec/support/logs/Dispatcher - 12753-9777.log +0 -21
- data/spec/support/logs/Dispatcher - 12762-14195.log +0 -13
- data/spec/support/logs/Dispatcher - 12775-52778.log +0 -19
- data/spec/support/logs/Dispatcher - 12784-33121.log +0 -21
- data/spec/support/logs/Dispatcher - 12793-23476.log +0 -15
- data/spec/support/logs/Dispatcher - 12845-33401.log +0 -17
- data/spec/support/logs/Dispatcher - 12854-58592.log +0 -21
- data/spec/support/logs/Dispatcher - 12863-38667.log +0 -13
- data/spec/support/logs/Dispatcher - 12876-18504.log +0 -17
- data/spec/support/logs/Dispatcher - 12885-8765.log +0 -21
- data/spec/support/logs/Dispatcher - 12894-7708.log +0 -13
- data/spec/support/logs/Dispatcher - 13112-20247.log +0 -19
- data/spec/support/logs/Dispatcher - 13121-37610.log +0 -21
- data/spec/support/logs/Dispatcher - 13130-55144.log +0 -15
- data/spec/support/logs/Dispatcher - 13154-11476.log +0 -21
- data/spec/support/logs/Dispatcher - 13163-28157.log +0 -25
- data/spec/support/logs/Dispatcher - 13172-1403.log +0 -15
- data/spec/support/logs/Dispatcher - 13208-39214.log +0 -17
- data/spec/support/logs/Dispatcher - 13217-25789.log +0 -21
- data/spec/support/logs/Dispatcher - 13226-32449.log +0 -13
- data/spec/support/logs/Dispatcher - 13239-50344.log +0 -21
- data/spec/support/logs/Dispatcher - 13248-35317.log +0 -25
- data/spec/support/logs/Dispatcher - 13257-20820.log +0 -15
- data/spec/support/logs/Dispatcher - 13293-39307.log +0 -17
- data/spec/support/logs/Dispatcher - 13302-62417.log +0 -21
- data/spec/support/logs/Dispatcher - 13311-57144.log +0 -13
- data/spec/support/logs/Dispatcher - 13324-35654.log +0 -17
- data/spec/support/logs/Dispatcher - 13333-9999.log +0 -21
- data/spec/support/logs/Dispatcher - 13342-64466.log +0 -13
- data/spec/support/logs/Dispatcher - 15092-40680.log +0 -9
- data/spec/support/logs/Dispatcher - 15119-21562.log +0 -21
- data/spec/support/logs/Dispatcher - 15680-63471.log +0 -9
- data/spec/support/logs/Dispatcher - 15690-15104.log +0 -19
- data/spec/support/logs/Dispatcher - 15699-36034.log +0 -17
- data/spec/support/logs/Dispatcher - 15708-21275.log +0 -13
- data/spec/support/logs/Dispatcher - 15717-6134.log +0 -9
- data/spec/support/logs/Dispatcher - 15727-5906.log +0 -9
- data/spec/support/logs/Dispatcher - 15736-27941.log +0 -11
- data/spec/support/logs/Dispatcher - 15749-31464.log +0 -11
- data/spec/support/logs/Dispatcher - 15762-52837.log +0 -35
- data/spec/support/logs/Dispatcher - 15823-2486.log +0 -21
- data/spec/support/logs/Dispatcher - 15832-34792.log +0 -21
- data/spec/support/logs/Dispatcher - 15841-3367.log +0 -23
- data/spec/support/logs/Dispatcher - 15886-2171.log +0 -19
- data/spec/support/logs/Dispatcher - 15895-6022.log +0 -17
- data/spec/support/logs/Dispatcher - 15904-51624.log +0 -15
- data/spec/support/logs/Dispatcher - 15917-11227.log +0 -11
- data/spec/support/logs/Dispatcher - 15930-17170.log +0 -9
- data/spec/support/logs/Dispatcher - 15939-24891.log +0 -9
- data/spec/support/logs/Dispatcher - 15948-26858.log +0 -9
- data/spec/support/logs/Dispatcher - 15957-12278.log +0 -9
- data/spec/support/logs/Dispatcher - 15967-37642.log +0 -11
- data/spec/support/logs/Dispatcher - 15981-57959.log +0 -9
- data/spec/support/logs/Dispatcher - 16000-51003.log +0 -9
- data/spec/support/logs/Dispatcher - 16064-25969.log +0 -63
- data/spec/support/logs/Dispatcher - 16073-13164.log +0 -43
- data/spec/support/logs/Dispatcher - 16083-21729.log +0 -39
- data/spec/support/logs/Dispatcher - 16092-48691.log +0 -34
- data/spec/support/logs/Dispatcher - 16101-7385.log +0 -28
- data/spec/support/logs/Dispatcher - 16110-24222.log +0 -21
- data/spec/support/logs/Dispatcher - 16119-29645.log +0 -13
- data/spec/support/logs/Dispatcher - 16129-23325.log +0 -9
- data/spec/support/logs/Dispatcher - 16399-42716.log +0 -19
- data/spec/support/logs/Dispatcher - 16410-3301.log +0 -21
- data/spec/support/logs/Dispatcher - 16419-8500.log +0 -15
- data/spec/support/logs/Dispatcher - 16432-2467.log +0 -19
- data/spec/support/logs/Dispatcher - 16441-27407.log +0 -21
- data/spec/support/logs/Dispatcher - 16450-28157.log +0 -15
- data/spec/support/logs/Dispatcher - 16607-37339.log +0 -17
- data/spec/support/logs/Dispatcher - 16616-50971.log +0 -21
- data/spec/support/logs/Dispatcher - 16625-28154.log +0 -13
- data/spec/support/logs/Dispatcher - 16638-17094.log +0 -19
- data/spec/support/logs/Dispatcher - 16647-25657.log +0 -21
- data/spec/support/logs/Dispatcher - 16656-11108.log +0 -15
- data/spec/support/logs/Dispatcher - 16716-31067.log +0 -17
- data/spec/support/logs/Dispatcher - 16726-34466.log +0 -21
- data/spec/support/logs/Dispatcher - 16735-55150.log +0 -13
- data/spec/support/logs/Dispatcher - 16748-7910.log +0 -17
- data/spec/support/logs/Dispatcher - 16757-62118.log +0 -21
- data/spec/support/logs/Dispatcher - 16766-31937.log +0 -13
- data/spec/support/logs/Dispatcher - 16999-6441.log +0 -19
- data/spec/support/logs/Dispatcher - 17008-51788.log +0 -21
- data/spec/support/logs/Dispatcher - 17017-20096.log +0 -15
- data/spec/support/logs/Dispatcher - 17041-15877.log +0 -21
- data/spec/support/logs/Dispatcher - 17050-42137.log +0 -25
- data/spec/support/logs/Dispatcher - 17059-12767.log +0 -15
- data/spec/support/logs/Dispatcher - 17095-3041.log +0 -17
- data/spec/support/logs/Dispatcher - 17104-42336.log +0 -21
- data/spec/support/logs/Dispatcher - 17113-11660.log +0 -13
- data/spec/support/logs/Dispatcher - 17126-64859.log +0 -21
- data/spec/support/logs/Dispatcher - 17135-11634.log +0 -25
- data/spec/support/logs/Dispatcher - 17144-37598.log +0 -15
- data/spec/support/logs/Dispatcher - 17180-55804.log +0 -17
- data/spec/support/logs/Dispatcher - 17189-5599.log +0 -21
- data/spec/support/logs/Dispatcher - 17198-13188.log +0 -13
- data/spec/support/logs/Dispatcher - 17211-23553.log +0 -17
- data/spec/support/logs/Dispatcher - 17220-36701.log +0 -21
- data/spec/support/logs/Dispatcher - 17229-41502.log +0 -13
- data/spec/support/logs/Instance - 12859-23151.error.log +0 -314
- data/spec/support/logs/Instance - 12890-17901.error.log +0 -413
- data/spec/support/logs/Instance - 12915-45947.error.log +0 -314
- data/spec/support/logs/Instance - 13044-48074.error.log +0 -312
- data/spec/support/logs/Instance - 16731-60738.error.log +0 -314
- data/spec/support/logs/Instance - 16931-37511.error.log +0 -312
@@ -6,19 +6,19 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
|
|
6
6
|
Arachni::Options.url = @url = web_server_url_for( :timeout )
|
7
7
|
@auditor = Auditor.new( nil, Arachni::Framework.new )
|
8
8
|
|
9
|
-
inputs = { 'sleep' => '' }
|
9
|
+
@inputs = { 'sleep' => '' }
|
10
10
|
|
11
|
-
@positive = Arachni::Element::Link.new( @url + '/true', inputs )
|
11
|
+
@positive = Arachni::Element::Link.new( @url + '/true', @inputs )
|
12
12
|
@positive.auditor = @auditor
|
13
13
|
@positive.disable_deduplication
|
14
14
|
|
15
15
|
@positive_high_res = Arachni::Element::Link.new(
|
16
16
|
@url + '/high_response_time',
|
17
|
-
inputs
|
17
|
+
@inputs
|
18
18
|
)
|
19
19
|
@positive_high_res.auditor = @auditor
|
20
20
|
|
21
|
-
@negative = Arachni::Element::Link.new( @url + '/false', inputs )
|
21
|
+
@negative = Arachni::Element::Link.new( @url + '/false', @inputs )
|
22
22
|
@negative.auditor = @auditor
|
23
23
|
@negative.disable_deduplication
|
24
24
|
|
@@ -70,7 +70,7 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
|
|
70
70
|
@positive.timeout_analysis( payloads,
|
71
71
|
@timeout_opts.merge(
|
72
72
|
timeout_divider: 1000,
|
73
|
-
timeout:
|
73
|
+
timeout: 2000
|
74
74
|
)
|
75
75
|
)
|
76
76
|
@run.call
|
@@ -81,34 +81,50 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
|
|
81
81
|
end
|
82
82
|
end
|
83
83
|
|
84
|
+
describe :timeout do
|
85
|
+
it 'sets the delay' do
|
86
|
+
c = Arachni::Element::Link.new( @url + '/true', @inputs.merge( mili: true ) )
|
87
|
+
c.auditor = @auditor
|
88
|
+
c.disable_deduplication
|
89
|
+
c.opts[:skip_like] = proc { |m| m.altered == 'multi' }
|
90
|
+
|
91
|
+
c.timeout_analysis( '__TIME__', @timeout_opts.merge( timeout: 2000 ) )
|
92
|
+
@run.call
|
93
|
+
|
94
|
+
issues.should be_any
|
95
|
+
issues.first.injected.should == '8000'
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
84
99
|
describe :timeout_divider do
|
85
|
-
|
86
|
-
|
87
|
-
@
|
88
|
-
|
89
|
-
|
90
|
-
timeout: 2000
|
91
|
-
)
|
100
|
+
it 'modifies the final timeout value' do
|
101
|
+
@positive.timeout_analysis( '__TIME__',
|
102
|
+
@timeout_opts.merge(
|
103
|
+
timeout_divider: 1000,
|
104
|
+
timeout: 2000
|
92
105
|
)
|
93
|
-
|
106
|
+
)
|
107
|
+
@run.call
|
94
108
|
|
95
|
-
|
96
|
-
|
97
|
-
#issues.first.verification.should be_true
|
98
|
-
end
|
109
|
+
issues.should be_any
|
110
|
+
issues.first.injected.should == '8'
|
99
111
|
end
|
112
|
+
end
|
100
113
|
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
@run.call
|
114
|
+
describe :add do
|
115
|
+
it 'adds the given integer to the expected webapp delay' do
|
116
|
+
c = Arachni::Element::Link.new( @url + '/add', @inputs )
|
117
|
+
c.auditor = @auditor
|
118
|
+
c.disable_deduplication
|
107
119
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
120
|
+
c.timeout_analysis(
|
121
|
+
'__TIME__',
|
122
|
+
@timeout_opts.merge( timeout: 3000, timeout_divider: 1000, add: -1000 )
|
123
|
+
)
|
124
|
+
@run.call
|
125
|
+
|
126
|
+
issues.should be_any
|
127
|
+
issues.first.response.should == '11'
|
112
128
|
end
|
113
129
|
end
|
114
130
|
|
@@ -116,7 +132,7 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
|
|
116
132
|
before do
|
117
133
|
@delay_opts = {
|
118
134
|
timeout_divider: 1000,
|
119
|
-
timeout:
|
135
|
+
timeout: 4000
|
120
136
|
}.merge( @timeout_opts )
|
121
137
|
end
|
122
138
|
|
@@ -136,7 +152,6 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
|
|
136
152
|
end
|
137
153
|
end
|
138
154
|
end
|
139
|
-
|
140
155
|
end
|
141
156
|
|
142
157
|
end
|
@@ -189,7 +189,7 @@ describe Arachni::Element::Cookie do
|
|
189
189
|
|
190
190
|
describe '#encode' do
|
191
191
|
it 'encodes the string in a way that makes is suitable to be included in a cookie header' do
|
192
|
-
Arachni::Element::Cookie.encode( 'some stuff ;%=' ).should == 'some+stuff+%3B%25
|
192
|
+
Arachni::Element::Cookie.encode( 'some stuff ;%=' ).should == 'some+stuff+%3B%25='
|
193
193
|
end
|
194
194
|
end
|
195
195
|
|
@@ -211,7 +211,7 @@ describe Arachni::Element::Form do
|
|
211
211
|
|
212
212
|
if m.sample?
|
213
213
|
m.altered.should == Arachni::Element::Form::SAMPLE_VALUES
|
214
|
-
m.auditable.should == Arachni::
|
214
|
+
m.auditable.should == Arachni::Support::KeyFiller.fill( e.auditable )
|
215
215
|
has_sample ||= true
|
216
216
|
end
|
217
217
|
end
|
@@ -263,18 +263,14 @@ describe Arachni::Element::Form do
|
|
263
263
|
|
264
264
|
context 'when it contains more than 1 password field' do
|
265
265
|
it 'includes mutations which have the same values for all of them' do
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
'name' => 'my_pass_validation'
|
275
|
-
}
|
276
|
-
]
|
277
|
-
)
|
266
|
+
form = <<-EOHTML
|
267
|
+
<form>
|
268
|
+
<input type="password" name="my_pass" />
|
269
|
+
<input type="password" name="my_pass_validation" />
|
270
|
+
</form>
|
271
|
+
EOHTML
|
272
|
+
|
273
|
+
e = Arachni::Element::Form.from_document( 'http://test.com', form ).first
|
278
274
|
|
279
275
|
e.mutations( 'seed' ).reject do |m|
|
280
276
|
m.auditable['my_pass'] != m.auditable['my_pass_validation']
|
@@ -484,6 +480,28 @@ describe Arachni::Element::Form do
|
|
484
480
|
end
|
485
481
|
end
|
486
482
|
|
483
|
+
context 'with button inputs' do
|
484
|
+
it 'returns an array of forms' do
|
485
|
+
html = '
|
486
|
+
<html>
|
487
|
+
<body>
|
488
|
+
<form method="get" action="form_action" name="my_form">
|
489
|
+
<button type=submit name="my_button" value="my_button_value" />
|
490
|
+
</form>
|
491
|
+
|
492
|
+
</body>
|
493
|
+
</html>'
|
494
|
+
|
495
|
+
form = Arachni::Element::Form.from_document( @url, html ).first
|
496
|
+
form.action.should == @utils.normalize_url( @url + '/form_action' )
|
497
|
+
form.name.should == 'my_form'
|
498
|
+
form.url.should == @url
|
499
|
+
form.method.should == 'get'
|
500
|
+
form.field_type_for( 'my_button' ).should == 'submit'
|
501
|
+
form.auditable.should == { 'my_button' => 'my_button_value' }
|
502
|
+
end
|
503
|
+
end
|
504
|
+
|
487
505
|
context 'with selects' do
|
488
506
|
context 'with values' do
|
489
507
|
it 'returns an array of forms' do
|
@@ -140,6 +140,17 @@ describe Arachni::HTTP::CookieJar do
|
|
140
140
|
@jar.cookies.first.name.should == 'name'
|
141
141
|
@jar.cookies.first.value.should == 'value'
|
142
142
|
end
|
143
|
+
|
144
|
+
context 'when in the form of a Set-Cookie header' do
|
145
|
+
it 'parses it into a Cookie and update the cookie jar with it' do
|
146
|
+
@jar.should be_empty
|
147
|
+
|
148
|
+
Arachni::Options.url = 'http://test.com'
|
149
|
+
@jar.update( 'some_param=9e4ca2cc0f18a49f7c1881f78bebf7df; path=/; expires=Wed, 02-Oct-2020 23:53:46 GMT; HttpOnly' )
|
150
|
+
@jar.cookies.first.name.should == 'some_param'
|
151
|
+
@jar.cookies.first.value.should == '9e4ca2cc0f18a49f7c1881f78bebf7df'
|
152
|
+
end
|
153
|
+
end
|
143
154
|
end
|
144
155
|
|
145
156
|
context Array do
|
data/spec/arachni/http_spec.rb
CHANGED
@@ -338,21 +338,48 @@ describe Arachni::HTTP do
|
|
338
338
|
end
|
339
339
|
end
|
340
340
|
|
341
|
-
describe '#
|
342
|
-
it '
|
343
|
-
@http.run
|
344
|
-
end
|
345
|
-
|
346
|
-
it 'calls the after_run callbacks ONCE' do
|
341
|
+
describe '#after_run' do
|
342
|
+
it 'sets blocks to be called after #run' do
|
347
343
|
called = false
|
348
344
|
@http.after_run { called = true }
|
349
345
|
@http.run
|
350
346
|
called.should be_true
|
347
|
+
|
351
348
|
called = false
|
352
349
|
@http.run
|
353
350
|
called.should be_false
|
354
351
|
end
|
355
352
|
|
353
|
+
context 'when the callback creates new requests and nested callbacks' do
|
354
|
+
it 'run these too' do
|
355
|
+
called = false
|
356
|
+
@http.after_run do
|
357
|
+
@http.after_run { called = true }
|
358
|
+
end
|
359
|
+
@http.run
|
360
|
+
called.should be_false
|
361
|
+
|
362
|
+
called = false
|
363
|
+
@http.after_run do
|
364
|
+
@http.get
|
365
|
+
@http.after_run { called = true }
|
366
|
+
end
|
367
|
+
@http.run
|
368
|
+
called.should be_true
|
369
|
+
|
370
|
+
called = false
|
371
|
+
@http.run
|
372
|
+
called.should be_false
|
373
|
+
end
|
374
|
+
end
|
375
|
+
end
|
376
|
+
|
377
|
+
describe '#run' do
|
378
|
+
it 'performs the queues requests' do
|
379
|
+
@http.run
|
380
|
+
end
|
381
|
+
|
382
|
+
|
356
383
|
it 'calls the after_run_persistent callbacks EVERY TIME' do
|
357
384
|
called = false
|
358
385
|
@http.after_run_persistent { called = true }
|
@@ -868,7 +895,6 @@ describe Arachni::HTTP do
|
|
868
895
|
end
|
869
896
|
end
|
870
897
|
|
871
|
-
|
872
898
|
describe '#custom_404?' do
|
873
899
|
before { @custom_404 = @url + '/custom_404/' }
|
874
900
|
|
data/spec/arachni/issue_spec.rb
CHANGED
@@ -19,7 +19,10 @@ describe Arachni::Issue do
|
|
19
19
|
remedy_code: 'Sample code on how to fix the issue',
|
20
20
|
verification: false,
|
21
21
|
metasploitable: 'exploit/unix/webapp/php_include',
|
22
|
-
opts: {
|
22
|
+
opts: {
|
23
|
+
'some' => 'opts',
|
24
|
+
'blah' => "\xE2\x9C\x93"
|
25
|
+
},
|
23
26
|
mod_name: 'Module name',
|
24
27
|
internal_modname: 'module_name',
|
25
28
|
tags: %w(these are a few tags),
|
@@ -72,12 +75,16 @@ describe Arachni::Issue do
|
|
72
75
|
end
|
73
76
|
end
|
74
77
|
|
78
|
+
it 'recodes string data to UTF8' do
|
79
|
+
@issue.opts['blah'].should == "\u2713"
|
80
|
+
end
|
81
|
+
|
75
82
|
it 'assigns the values in opts to the the instance vars' do
|
76
83
|
@issue_data.each do |k, v|
|
77
84
|
next if [ :opts, :regexp ].include?( k )
|
78
85
|
@issue.instance_variable_get( "@#{k}".to_sym ).should == @issue_data[k]
|
79
86
|
end
|
80
|
-
@issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] )
|
87
|
+
@issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] ).recode
|
81
88
|
@issue.cwe_url.should == 'http://cwe.mitre.org/data/definitions/1.html'
|
82
89
|
end
|
83
90
|
|
@@ -125,7 +132,7 @@ describe Arachni::Issue do
|
|
125
132
|
next if [ :opts, :regexp, :mod_name ].include?( k )
|
126
133
|
issue.instance_variable_get( "@#{k}".to_sym ).should == @issue_data[k]
|
127
134
|
end
|
128
|
-
issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] )
|
135
|
+
issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] ).recode
|
129
136
|
issue.cwe_url.should == 'http://cwe.mitre.org/data/definitions/1.html'
|
130
137
|
end
|
131
138
|
end
|
@@ -793,7 +793,7 @@ describe Arachni::Options do
|
|
793
793
|
end
|
794
794
|
|
795
795
|
describe '#load' do
|
796
|
-
it '
|
796
|
+
it 'loads a serialized version of self' do
|
797
797
|
f = 'options'
|
798
798
|
@opts.save( f )
|
799
799
|
|
@@ -808,6 +808,23 @@ describe Arachni::Options do
|
|
808
808
|
end
|
809
809
|
raised.should be_false
|
810
810
|
end
|
811
|
+
|
812
|
+
it 'supports a serialized Hash' do
|
813
|
+
f = 'options'
|
814
|
+
|
815
|
+
File.open( f, 'w' ) { |file| YAML.dump( @opts.to_hash, file ) }
|
816
|
+
|
817
|
+
@opts.dir = nil
|
818
|
+
@opts.load( f ).should == @opts
|
819
|
+
|
820
|
+
raised = false
|
821
|
+
begin
|
822
|
+
File.delete( f )
|
823
|
+
rescue
|
824
|
+
raised = true
|
825
|
+
end
|
826
|
+
raised.should be_false
|
827
|
+
end
|
811
828
|
end
|
812
829
|
|
813
830
|
describe '#to_hash' do
|
data/spec/arachni/parser_spec.rb
CHANGED
@@ -198,54 +198,55 @@ describe Arachni::Parser do
|
|
198
198
|
form.url.should == @url
|
199
199
|
|
200
200
|
form.auditable.should == {
|
201
|
-
|
202
|
-
|
201
|
+
'form_input_1' => 'form_val_1',
|
202
|
+
'form_input_2' => 'form_val_2'
|
203
203
|
}
|
204
204
|
form.method.should == 'post'
|
205
205
|
form.raw.should == {
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
206
|
+
'attrs' => {
|
207
|
+
'method' => 'post',
|
208
|
+
'action' => form.action,
|
209
|
+
'name' => 'my_form'
|
210
210
|
},
|
211
|
-
|
212
|
-
|
213
|
-
|
211
|
+
'textarea' => [],
|
212
|
+
'select' => [],
|
213
|
+
'button' => [],
|
214
|
+
'input' => [
|
214
215
|
{
|
215
|
-
|
216
|
-
|
217
|
-
|
216
|
+
'type' => 'text',
|
217
|
+
'name' => 'form_input_1',
|
218
|
+
'value' => 'form_val_1'
|
218
219
|
},
|
219
220
|
{
|
220
|
-
|
221
|
-
|
222
|
-
|
221
|
+
'type' => 'text',
|
222
|
+
'name' => 'form_input_2',
|
223
|
+
'value' => 'form_val_2'
|
223
224
|
},
|
224
225
|
{
|
225
|
-
|
226
|
+
'type' => 'submit'
|
226
227
|
}
|
227
228
|
],
|
228
|
-
|
229
|
+
'auditable' => [
|
229
230
|
{
|
230
|
-
|
231
|
-
|
232
|
-
|
231
|
+
'type' => 'text',
|
232
|
+
'name' => 'form_input_1',
|
233
|
+
'value' => 'form_val_1'
|
233
234
|
},
|
234
235
|
{
|
235
|
-
|
236
|
-
|
237
|
-
|
236
|
+
'type' => 'text',
|
237
|
+
'name' => 'form_input_2',
|
238
|
+
'value' => 'form_val_2'
|
238
239
|
},
|
239
240
|
{
|
240
|
-
|
241
|
+
'type' => 'submit'
|
241
242
|
}
|
242
243
|
]
|
243
244
|
}
|
244
245
|
|
245
246
|
form = @parser.forms.last
|
246
|
-
form.action.should == @utils.normalize_url( @opts.url + '/form_2')
|
247
|
+
form.action.should == @utils.normalize_url( @opts.url + '/form_2' )
|
247
248
|
form.url.should == @url
|
248
|
-
form.auditable.should == {
|
249
|
+
form.auditable.should == { 'form_2_input_1' => 'form_2_val_1' }
|
249
250
|
end
|
250
251
|
|
251
252
|
context 'when passed secondary responses' do
|
@@ -22,7 +22,7 @@ class Node < Arachni::RPC::Server::Dispatcher::Node
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def url
|
25
|
-
@opts.rpc_address
|
25
|
+
"#{@opts.rpc_address}:#{@opts.rpc_port}"
|
26
26
|
end
|
27
27
|
|
28
28
|
def shutdown
|
@@ -57,6 +57,8 @@ describe Arachni::RPC::Server::Dispatcher::Node do
|
|
57
57
|
@node = @get_node.call
|
58
58
|
end
|
59
59
|
|
60
|
+
before( :each ) { @opts.rpc_external_address = nil }
|
61
|
+
|
60
62
|
describe '#grid_member?' do
|
61
63
|
context 'when the dispatcher is a grid member' do
|
62
64
|
it 'should return true' do
|
@@ -232,6 +234,13 @@ describe Arachni::RPC::Server::Dispatcher::Node do
|
|
232
234
|
info['nickname'].should == @opts.nickname
|
233
235
|
info['cost'].should == @opts.cost
|
234
236
|
end
|
237
|
+
|
238
|
+
context 'when Options#rpc_external_address has been set' do
|
239
|
+
it 'advertises that address' do
|
240
|
+
@opts.rpc_external_address = '9.9.9.9'
|
241
|
+
@get_node.call.info['url'].should start_with @opts.rpc_external_address
|
242
|
+
end
|
243
|
+
end
|
235
244
|
end
|
236
245
|
|
237
246
|
describe '#alive?' do
|