arachni 0.4.5.2 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +9 -9
- data/CHANGELOG.md +97 -0
- data/CONTRIBUTORS.md +1 -0
- data/NOTICE +1 -1
- data/README.md +4 -4
- data/Rakefile +111 -26
- data/arachni.gemspec +2 -2
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +1 -1
- data/bin/arachni_rpc +1 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +1 -1
- data/bin/arachni_script +1 -1
- data/external/metasploit/LICENSE +1 -1
- data/fingerprinters/frameworks/rack.rb +1 -1
- data/fingerprinters/languages/asp.rb +1 -1
- data/fingerprinters/languages/aspx.rb +1 -1
- data/fingerprinters/languages/jsp.rb +3 -5
- data/fingerprinters/languages/php.rb +1 -1
- data/fingerprinters/languages/python.rb +1 -1
- data/fingerprinters/languages/ruby.rb +1 -1
- data/fingerprinters/os/bsd.rb +1 -1
- data/fingerprinters/os/linux.rb +1 -1
- data/fingerprinters/os/solaris.rb +1 -1
- data/fingerprinters/os/unix.rb +1 -1
- data/fingerprinters/os/windows.rb +1 -1
- data/fingerprinters/servers/apache.rb +1 -1
- data/fingerprinters/servers/iis.rb +1 -1
- data/fingerprinters/servers/jetty.rb +1 -1
- data/fingerprinters/servers/nginx.rb +1 -1
- data/fingerprinters/servers/tomcat.rb +1 -1
- data/lib/arachni.rb +6 -1
- data/lib/arachni/audit_store.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/enum.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +45 -22
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +378 -122
- data/lib/arachni/element/capabilities/auditable/taint.rb +57 -20
- data/lib/arachni/element/capabilities/auditable/timeout.rb +95 -68
- data/lib/arachni/element/capabilities/mutable.rb +77 -40
- data/lib/arachni/element/capabilities/refreshable.rb +7 -1
- data/lib/arachni/element/cookie.rb +46 -167
- data/lib/arachni/element/form.rb +77 -517
- data/lib/arachni/element/header.rb +21 -15
- data/lib/arachni/element/link.rb +2 -2
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/framework.rb +16 -7
- data/lib/arachni/http.rb +111 -118
- data/lib/arachni/http/cookie_jar.rb +8 -2
- data/lib/arachni/issue.rb +4 -1
- data/lib/arachni/mixins/observable.rb +1 -1
- data/lib/arachni/mixins/progress_bar.rb +1 -1
- data/lib/arachni/mixins/terminal.rb +1 -1
- data/lib/arachni/module.rb +1 -1
- data/lib/arachni/module/auditor.rb +23 -17
- data/lib/arachni/module/base.rb +1 -1
- data/lib/arachni/module/manager.rb +4 -4
- data/lib/arachni/module/output.rb +1 -1
- data/lib/arachni/module/utilities.rb +1 -1
- data/lib/arachni/options.rb +28 -7
- data/lib/arachni/page.rb +4 -5
- data/lib/arachni/parser.rb +3 -2
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +11 -29
- data/lib/arachni/platform/manager.rb +31 -8
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +1 -1
- data/lib/arachni/plugin/manager.rb +1 -1
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +1 -1
- data/lib/arachni/report.rb +1 -1
- data/lib/arachni/report/base.rb +1 -1
- data/lib/arachni/report/manager.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +10 -6
- data/lib/arachni/rpc/server/dispatcher/handler.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +5 -3
- data/lib/arachni/rpc/server/framework.rb +5 -3
- data/lib/arachni/rpc/server/framework/distributor.rb +24 -19
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +7 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +5 -4
- data/lib/arachni/rpc/server/module/manager.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/rpc/server/spider.rb +5 -2
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +9 -1
- data/lib/arachni/ruby/enumerable.rb +1 -1
- data/lib/arachni/ruby/hash.rb +24 -5
- data/lib/arachni/ruby/io.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +13 -2
- data/lib/arachni/ruby/webrick.rb +3 -15
- data/lib/arachni/ruby/webrick/cookie.rb +30 -0
- data/lib/arachni/ruby/webrick/httprequest.rb +42 -0
- data/lib/arachni/session.rb +21 -8
- data/lib/arachni/spider.rb +18 -11
- data/lib/arachni/support.rb +3 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +5 -5
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +52 -69
- data/lib/arachni/{module → support}/key_filler.rb +11 -17
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/queue.rb +1 -1
- data/lib/arachni/support/queue/disk.rb +1 -1
- data/lib/arachni/support/signature.rb +153 -0
- data/lib/arachni/trainer.rb +30 -19
- data/lib/arachni/typhoeus/hydra.rb +1 -1
- data/lib/arachni/typhoeus/request.rb +1 -1
- data/lib/arachni/typhoeus/response.rb +8 -2
- data/lib/arachni/typhoeus/utils.rb +1 -1
- data/lib/arachni/ui/cli/cli.rb +18 -7
- data/lib/arachni/ui/cli/output.rb +28 -1
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +1 -1
- data/lib/arachni/ui/cli/rpc/instance.rb +1 -1
- data/lib/arachni/ui/cli/rpc/local.rb +1 -1
- data/lib/arachni/ui/cli/rpc/remote.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +14 -29
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +2 -3
- data/lib/arachni/utilities.rb +1 -1
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/modules/audit/code_injection.rb +1 -1
- data/modules/audit/code_injection_php_input_wrapper.rb +1 -1
- data/modules/audit/code_injection_timing.rb +1 -1
- data/modules/audit/csrf.rb +1 -1
- data/modules/audit/file_inclusion.rb +5 -5
- data/modules/audit/ldapi.rb +1 -1
- data/modules/audit/os_cmd_injection.rb +1 -1
- data/modules/audit/os_cmd_injection_timing.rb +4 -3
- data/modules/audit/path_traversal.rb +5 -5
- data/modules/audit/response_splitting.rb +1 -1
- data/modules/audit/rfi.rb +1 -1
- data/modules/audit/session_fixation.rb +1 -1
- data/modules/audit/source_code_disclosure.rb +21 -17
- data/modules/audit/sqli.rb +11 -8
- data/modules/audit/sqli/patterns/pgsql +1 -0
- data/modules/audit/sqli/regexp_ignore.txt +1 -0
- data/modules/audit/sqli_blind_rdiff.rb +12 -12
- data/modules/audit/sqli_blind_rdiff/payloads.txt +1 -5
- data/modules/audit/sqli_blind_timing.rb +4 -6
- data/modules/audit/sqli_blind_timing/mssql.txt +9 -9
- data/modules/audit/sqli_blind_timing/mysql.txt +9 -31
- data/modules/audit/sqli_blind_timing/pgsql.txt +6 -28
- data/modules/audit/trainer.rb +1 -1
- data/modules/audit/unvalidated_redirect.rb +1 -1
- data/modules/audit/xpath.rb +1 -1
- data/modules/audit/xss.rb +12 -12
- data/modules/audit/xss_event.rb +1 -1
- data/modules/audit/xss_path.rb +1 -1
- data/modules/audit/xss_script_tag.rb +13 -20
- data/modules/audit/xss_tag.rb +5 -7
- data/modules/recon/allowed_methods.rb +1 -1
- data/modules/recon/backdoors.rb +1 -1
- data/modules/recon/backup_files.rb +1 -1
- data/modules/recon/common_directories.rb +1 -1
- data/modules/recon/common_files.rb +1 -1
- data/modules/recon/common_files/filenames.txt +1 -0
- data/modules/recon/directory_listing.rb +2 -2
- data/modules/recon/grep/captcha.rb +1 -1
- data/modules/recon/grep/credit_card.rb +1 -1
- data/modules/recon/grep/cvs_svn_users.rb +1 -1
- data/modules/recon/grep/emails.rb +1 -1
- data/modules/recon/grep/form_upload.rb +1 -1
- data/modules/recon/grep/html_objects.rb +1 -1
- data/modules/recon/grep/http_only_cookies.rb +1 -1
- data/modules/recon/grep/insecure_cookies.rb +1 -1
- data/modules/recon/grep/mixed_resource.rb +1 -1
- data/modules/recon/grep/password_autocomplete.rb +1 -1
- data/modules/recon/grep/private_ip.rb +1 -1
- data/modules/recon/grep/ssn.rb +1 -1
- data/modules/recon/grep/unencrypted_password_forms.rb +1 -1
- data/modules/recon/htaccess_limit.rb +1 -1
- data/modules/recon/http_put.rb +1 -1
- data/modules/recon/interesting_responses.rb +1 -1
- data/modules/recon/localstart_asp.rb +5 -5
- data/modules/recon/webdav.rb +1 -1
- data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +1 -1
- data/modules/recon/xst.rb +1 -1
- data/path_extractors/anchors.rb +1 -1
- data/path_extractors/areas.rb +1 -1
- data/path_extractors/forms.rb +1 -1
- data/path_extractors/frames.rb +1 -1
- data/path_extractors/generic.rb +1 -1
- data/path_extractors/links.rb +1 -1
- data/path_extractors/meta_refresh.rb +1 -1
- data/path_extractors/scripts.rb +1 -1
- data/plugins/autologin.rb +16 -8
- data/plugins/beep_notify.rb +1 -1
- data/plugins/{defaults/content_types.rb → content_types.rb} +1 -1
- data/plugins/cookie_collector.rb +21 -11
- data/plugins/defaults/autothrottle.rb +1 -1
- data/plugins/defaults/healthmap.rb +1 -1
- data/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/plugins/defaults/meta/remedies/timing_attacks.rb +6 -8
- data/plugins/defaults/meta/uniformity.rb +1 -1
- data/plugins/defaults/resolver.rb +1 -1
- data/plugins/email_notify.rb +1 -1
- data/plugins/form_dicattack.rb +1 -1
- data/plugins/http_dicattack.rb +1 -1
- data/plugins/libnotify.rb +1 -1
- data/plugins/profiler.rb +1 -1
- data/plugins/proxy.rb +2 -1
- data/plugins/proxy/server.rb +3 -1
- data/plugins/proxy/template_scope.rb +1 -1
- data/plugins/rescan.rb +1 -1
- data/plugins/script.rb +1 -1
- data/plugins/uncommon_headers.rb +2 -1
- data/plugins/vector_feed.rb +1 -1
- data/plugins/waf_detector.rb +1 -1
- data/reports/afr.rb +8 -9
- data/reports/ap.rb +1 -1
- data/reports/html.rb +8 -12
- data/reports/html/default.erb +2 -3
- data/reports/html/default/issue.erb +0 -12
- data/reports/html/default/issues.erb +2 -2
- data/reports/json.rb +13 -10
- data/reports/marshal.rb +8 -9
- data/reports/metareport.rb +9 -10
- data/reports/plugin_formatters/html/autologin.rb +1 -1
- data/reports/plugin_formatters/html/content_types.rb +1 -1
- data/reports/plugin_formatters/html/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/html/discovery.rb +1 -1
- data/reports/plugin_formatters/html/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/healthmap.rb +1 -1
- data/reports/plugin_formatters/html/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/profiler.rb +1 -1
- data/reports/plugin_formatters/html/resolver.rb +1 -1
- data/reports/plugin_formatters/html/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/html/uniformity.rb +1 -1
- data/reports/plugin_formatters/html/waf_detector.rb +1 -1
- data/reports/plugin_formatters/stdout/autologin.rb +1 -1
- data/reports/plugin_formatters/stdout/content_types.rb +1 -1
- data/reports/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/stdout/discovery.rb +1 -1
- data/reports/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/healthmap.rb +2 -4
- data/reports/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/profiler.rb +1 -1
- data/reports/plugin_formatters/stdout/resolver.rb +1 -1
- data/reports/plugin_formatters/stdout/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/stdout/uniformity.rb +1 -1
- data/reports/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/reports/plugin_formatters/xml/autologin.rb +1 -1
- data/reports/plugin_formatters/xml/content_types.rb +1 -1
- data/reports/plugin_formatters/xml/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/xml/discovery.rb +1 -1
- data/reports/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/healthmap.rb +1 -1
- data/reports/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/profiler.rb +1 -1
- data/reports/plugin_formatters/xml/resolver.rb +1 -1
- data/reports/plugin_formatters/xml/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/xml/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/xml/uniformity.rb +1 -1
- data/reports/plugin_formatters/xml/waf_detector.rb +1 -1
- data/reports/stdout.rb +1 -1
- data/reports/txt.rb +1 -1
- data/reports/xml.rb +8 -9
- data/reports/xml/buffer.rb +2 -2
- data/reports/yaml.rb +8 -9
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +80 -2
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +44 -29
- data/spec/arachni/element/cookie_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +31 -13
- data/spec/arachni/http/cookie_jar_spec.rb +11 -0
- data/spec/arachni/http_spec.rb +33 -7
- data/spec/arachni/issue_spec.rb +10 -3
- data/spec/arachni/options_spec.rb +18 -1
- data/spec/arachni/parser_spec.rb +27 -26
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +10 -1
- data/spec/arachni/rpc/server/dispatcher_spec.rb +15 -0
- data/spec/arachni/ruby/array_spec.rb +11 -0
- data/spec/arachni/ruby/hash_spec.rb +28 -1
- data/spec/arachni/ruby/string_spec.rb +14 -1
- data/spec/arachni/session_spec.rb +39 -0
- data/spec/arachni/spider_spec.rb +23 -14
- data/spec/arachni/{module → support}/key_filler.rb +20 -2
- data/spec/arachni/support/signature_spec.rb +158 -0
- data/spec/arachni/trainer_spec.rb +31 -0
- data/spec/arachni/typhoeus/response_spec.rb +17 -0
- data/spec/arachni/uri_spec.rb +1 -1
- data/spec/external/wavsep/active/lfi_spec.rb +94 -0
- data/spec/external/wavsep/active/rfi_spec.rb +35 -0
- data/spec/external/wavsep/active/sqli_spec.rb +108 -0
- data/spec/external/wavsep/active/xss_spec.rb +41 -0
- data/spec/external/wavsep/false_positives/lfi_spec.rb +33 -0
- data/spec/external/wavsep/false_positives/rfi_spec.rb +21 -0
- data/spec/external/wavsep/false_positives/sqli_spec.rb +32 -0
- data/spec/external/wavsep/false_positives/xss_spec.rb +21 -0
- data/spec/modules/audit/source_code_disclosure_spec.rb +4 -4
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_timing_spec.rb +3 -3
- data/spec/modules/audit/sqli_spec.rb +1 -1
- data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
- data/spec/plugins/autologin_spec.rb +25 -7
- data/spec/plugins/cookie_collector_spec.rb +17 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/modules/test.rb +1 -1
- data/spec/support/fixtures/modules/test2.rb +1 -1
- data/spec/support/fixtures/modules/test3.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/spider_hook.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_mod/body.rb +1 -1
- data/spec/support/fixtures/run_mod/cookies.rb +1 -1
- data/spec/support/fixtures/run_mod/empty.rb +1 -1
- data/spec/support/fixtures/run_mod/flch.rb +1 -1
- data/spec/support/fixtures/run_mod/forms.rb +1 -1
- data/spec/support/fixtures/run_mod/headers.rb +1 -1
- data/spec/support/fixtures/run_mod/links.rb +1 -1
- data/spec/support/fixtures/run_mod/nil.rb +1 -1
- data/spec/support/fixtures/run_mod/path.rb +1 -1
- data/spec/support/fixtures/run_mod/server.rb +1 -1
- data/spec/support/fixtures/taint_module/taint.rb +1 -1
- data/spec/support/fixtures/wait_module/wait.rb +1 -1
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +1 -1
- data/spec/support/logs/Dispatcher - 10129-46995.log +9 -0
- data/spec/support/logs/Dispatcher - 10139-63648.log +19 -0
- data/spec/support/logs/Dispatcher - 10149-5551.log +17 -0
- data/spec/support/logs/Dispatcher - 10158-34385.log +13 -0
- data/spec/support/logs/Dispatcher - 10167-55701.log +9 -0
- data/spec/support/logs/Dispatcher - 10176-8922.log +9 -0
- data/spec/support/logs/Dispatcher - 10185-53716.log +11 -0
- data/spec/support/logs/Dispatcher - 10198-44724.log +11 -0
- data/spec/support/logs/Dispatcher - 10211-7697.log +11 -0
- data/spec/support/logs/Dispatcher - 10224-3751.log +35 -0
- data/spec/support/logs/Dispatcher - 10285-7404.log +21 -0
- data/spec/support/logs/Dispatcher - 10294-56221.log +21 -0
- data/spec/support/logs/Dispatcher - 10303-2483.log +23 -0
- data/spec/support/logs/Dispatcher - 10344-60543.log +19 -0
- data/spec/support/logs/Dispatcher - 10355-31708.log +17 -0
- data/spec/support/logs/Dispatcher - 10364-63170.log +15 -0
- data/spec/support/logs/Dispatcher - 10377-37936.log +11 -0
- data/spec/support/logs/Dispatcher - 10390-37511.log +9 -0
- data/spec/support/logs/Dispatcher - 10400-29603.log +9 -0
- data/spec/support/logs/Dispatcher - 10409-57042.log +9 -0
- data/spec/support/logs/Dispatcher - 10418-17812.log +9 -0
- data/spec/support/logs/Dispatcher - 10427-59862.log +11 -0
- data/spec/support/logs/Dispatcher - 10440-48351.log +9 -0
- data/spec/support/logs/Dispatcher - 10449-24218.log +9 -0
- data/spec/support/logs/Dispatcher - 10458-54646.log +9 -0
- data/spec/support/logs/Dispatcher - 10511-3333.log +63 -0
- data/spec/support/logs/Dispatcher - 10520-50009.log +43 -0
- data/spec/support/logs/Dispatcher - 10529-44870.log +39 -0
- data/spec/support/logs/Dispatcher - 10538-49556.log +34 -0
- data/spec/support/logs/Dispatcher - 10547-61887.log +28 -0
- data/spec/support/logs/Dispatcher - 10556-31163.log +21 -0
- data/spec/support/logs/Dispatcher - 10565-40008.log +13 -0
- data/spec/support/logs/Dispatcher - 10575-18836.log +9 -0
- data/spec/support/logs/Dispatcher - 10747-32268.log +19 -0
- data/spec/support/logs/Dispatcher - 10757-4081.log +21 -0
- data/spec/support/logs/Dispatcher - 10766-49190.log +15 -0
- data/spec/support/logs/Dispatcher - 10780-46610.log +19 -0
- data/spec/support/logs/Dispatcher - 10789-5332.log +21 -0
- data/spec/support/logs/Dispatcher - 10798-56243.log +15 -0
- data/spec/support/logs/Dispatcher - 10920-32037.log +17 -0
- data/spec/support/logs/Dispatcher - 10929-35662.log +21 -0
- data/spec/support/logs/Dispatcher - 10938-64010.log +13 -0
- data/spec/support/logs/Dispatcher - 10951-44746.log +19 -0
- data/spec/support/logs/Dispatcher - 10961-55791.log +21 -0
- data/spec/support/logs/Dispatcher - 10972-58913.log +15 -0
- data/spec/support/logs/Dispatcher - 11023-45004.log +17 -0
- data/spec/support/logs/Dispatcher - 11033-55505.log +21 -0
- data/spec/support/logs/Dispatcher - 11042-46123.log +13 -0
- data/spec/support/logs/Dispatcher - 11055-26836.log +17 -0
- data/spec/support/logs/Dispatcher - 11064-60361.log +21 -0
- data/spec/support/logs/Dispatcher - 11073-17507.log +13 -0
- data/spec/support/logs/Dispatcher - 11298-28357.log +19 -0
- data/spec/support/logs/Dispatcher - 11307-62669.log +21 -0
- data/spec/support/logs/Dispatcher - 11316-9391.log +15 -0
- data/spec/support/logs/Dispatcher - 11340-45921.log +21 -0
- data/spec/support/logs/Dispatcher - 11349-8693.log +25 -0
- data/spec/support/logs/Dispatcher - 11358-53753.log +15 -0
- data/spec/support/logs/Dispatcher - 11394-29437.log +17 -0
- data/spec/support/logs/Dispatcher - 11403-59953.log +21 -0
- data/spec/support/logs/Dispatcher - 11412-51134.log +13 -0
- data/spec/support/logs/Dispatcher - 11425-42569.log +21 -0
- data/spec/support/logs/Dispatcher - 11434-16150.log +25 -0
- data/spec/support/logs/Dispatcher - 11443-19072.log +15 -0
- data/spec/support/logs/Dispatcher - 11479-39149.log +17 -0
- data/spec/support/logs/Dispatcher - 11488-42169.log +21 -0
- data/spec/support/logs/Dispatcher - 11497-29822.log +13 -0
- data/spec/support/logs/Dispatcher - 11510-8273.log +17 -0
- data/spec/support/logs/Dispatcher - 11519-18206.log +21 -0
- data/spec/support/logs/Dispatcher - 11528-55825.log +13 -0
- data/spec/support/logs/Dispatcher - 9969-52890.log +9 -0
- data/spec/support/logs/Dispatcher - 9996-38451.log +21 -0
- data/spec/support/logs/{Instance - 12589-35500.error.log → Instance - 10762-33696.error.log } +63 -40
- data/spec/support/logs/{Instance - 16415-47240.error.log → Instance - 11038-18065.error.log } +65 -42
- data/spec/support/logs/{Instance - 16762-48636.error.log → Instance - 11069-34848.error.log } +162 -139
- data/spec/support/logs/{Instance - 16789-61713.error.log → Instance - 11091-33954.error.log } +60 -37
- data/spec/support/logs/{Instance - 16795-55306.error.log → Instance - 11097-33191.error.log } +65 -42
- data/spec/support/logs/{Instance - 12909-9442.error.log → Instance - 11229-38634.error.log } +60 -37
- data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +131 -7
- data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +4 -0
- data/spec/support/servers/arachni/element/form.rb +27 -0
- data/spec/support/servers/arachni/element/link.rb +16 -0
- data/spec/support/servers/arachni/session.rb +17 -1
- data/spec/support/servers/arachni/spider.rb +25 -1
- data/spec/support/servers/arachni/trainer.rb +8 -0
- data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +2 -1
- data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -1
- data/spec/support/servers/modules/audit/sqli/postgresql +2 -0
- data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +9 -13
- data/spec/support/shared/element/capabilities/auditable.rb +62 -3
- data/spec/support/shared/element/capabilities/refreshable.rb +27 -0
- data/spec/support/shared/external/wavsep.rb +89 -0
- metadata +1081 -1206
- data/lib/arachni/platforms.rb +0 -499
- data/logs/Dispatcher - 12101-7331.log +0 -15
- data/spec/support/logs/Dispatcher - 11821-58635.log +0 -9
- data/spec/support/logs/Dispatcher - 11848-37716.log +0 -21
- data/spec/support/logs/Dispatcher - 11974-31477.log +0 -9
- data/spec/support/logs/Dispatcher - 11984-10290.log +0 -19
- data/spec/support/logs/Dispatcher - 11993-33501.log +0 -17
- data/spec/support/logs/Dispatcher - 12002-62227.log +0 -13
- data/spec/support/logs/Dispatcher - 12013-45779.log +0 -9
- data/spec/support/logs/Dispatcher - 12022-22434.log +0 -9
- data/spec/support/logs/Dispatcher - 12031-41130.log +0 -11
- data/spec/support/logs/Dispatcher - 12045-23894.log +0 -11
- data/spec/support/logs/Dispatcher - 12059-57317.log +0 -35
- data/spec/support/logs/Dispatcher - 12122-60206.log +0 -21
- data/spec/support/logs/Dispatcher - 12132-58445.log +0 -21
- data/spec/support/logs/Dispatcher - 12141-13273.log +0 -23
- data/spec/support/logs/Dispatcher - 12183-2341.log +0 -19
- data/spec/support/logs/Dispatcher - 12192-56486.log +0 -17
- data/spec/support/logs/Dispatcher - 12201-8840.log +0 -15
- data/spec/support/logs/Dispatcher - 12214-47545.log +0 -11
- data/spec/support/logs/Dispatcher - 12227-23676.log +0 -9
- data/spec/support/logs/Dispatcher - 12236-16018.log +0 -9
- data/spec/support/logs/Dispatcher - 12245-61980.log +0 -9
- data/spec/support/logs/Dispatcher - 12254-30185.log +0 -9
- data/spec/support/logs/Dispatcher - 12263-29578.log +0 -11
- data/spec/support/logs/Dispatcher - 12276-64279.log +0 -9
- data/spec/support/logs/Dispatcher - 12285-49975.log +0 -9
- data/spec/support/logs/Dispatcher - 12347-26600.log +0 -63
- data/spec/support/logs/Dispatcher - 12356-43960.log +0 -43
- data/spec/support/logs/Dispatcher - 12365-30567.log +0 -39
- data/spec/support/logs/Dispatcher - 12374-49263.log +0 -34
- data/spec/support/logs/Dispatcher - 12401-6543.log +0 -28
- data/spec/support/logs/Dispatcher - 12410-21678.log +0 -21
- data/spec/support/logs/Dispatcher - 12419-42381.log +0 -13
- data/spec/support/logs/Dispatcher - 12429-25829.log +0 -9
- data/spec/support/logs/Dispatcher - 12574-63838.log +0 -19
- data/spec/support/logs/Dispatcher - 12584-33256.log +0 -21
- data/spec/support/logs/Dispatcher - 12593-45982.log +0 -15
- data/spec/support/logs/Dispatcher - 12606-64171.log +0 -19
- data/spec/support/logs/Dispatcher - 12615-52258.log +0 -21
- data/spec/support/logs/Dispatcher - 12624-48032.log +0 -15
- data/spec/support/logs/Dispatcher - 12744-31691.log +0 -17
- data/spec/support/logs/Dispatcher - 12753-9777.log +0 -21
- data/spec/support/logs/Dispatcher - 12762-14195.log +0 -13
- data/spec/support/logs/Dispatcher - 12775-52778.log +0 -19
- data/spec/support/logs/Dispatcher - 12784-33121.log +0 -21
- data/spec/support/logs/Dispatcher - 12793-23476.log +0 -15
- data/spec/support/logs/Dispatcher - 12845-33401.log +0 -17
- data/spec/support/logs/Dispatcher - 12854-58592.log +0 -21
- data/spec/support/logs/Dispatcher - 12863-38667.log +0 -13
- data/spec/support/logs/Dispatcher - 12876-18504.log +0 -17
- data/spec/support/logs/Dispatcher - 12885-8765.log +0 -21
- data/spec/support/logs/Dispatcher - 12894-7708.log +0 -13
- data/spec/support/logs/Dispatcher - 13112-20247.log +0 -19
- data/spec/support/logs/Dispatcher - 13121-37610.log +0 -21
- data/spec/support/logs/Dispatcher - 13130-55144.log +0 -15
- data/spec/support/logs/Dispatcher - 13154-11476.log +0 -21
- data/spec/support/logs/Dispatcher - 13163-28157.log +0 -25
- data/spec/support/logs/Dispatcher - 13172-1403.log +0 -15
- data/spec/support/logs/Dispatcher - 13208-39214.log +0 -17
- data/spec/support/logs/Dispatcher - 13217-25789.log +0 -21
- data/spec/support/logs/Dispatcher - 13226-32449.log +0 -13
- data/spec/support/logs/Dispatcher - 13239-50344.log +0 -21
- data/spec/support/logs/Dispatcher - 13248-35317.log +0 -25
- data/spec/support/logs/Dispatcher - 13257-20820.log +0 -15
- data/spec/support/logs/Dispatcher - 13293-39307.log +0 -17
- data/spec/support/logs/Dispatcher - 13302-62417.log +0 -21
- data/spec/support/logs/Dispatcher - 13311-57144.log +0 -13
- data/spec/support/logs/Dispatcher - 13324-35654.log +0 -17
- data/spec/support/logs/Dispatcher - 13333-9999.log +0 -21
- data/spec/support/logs/Dispatcher - 13342-64466.log +0 -13
- data/spec/support/logs/Dispatcher - 15092-40680.log +0 -9
- data/spec/support/logs/Dispatcher - 15119-21562.log +0 -21
- data/spec/support/logs/Dispatcher - 15680-63471.log +0 -9
- data/spec/support/logs/Dispatcher - 15690-15104.log +0 -19
- data/spec/support/logs/Dispatcher - 15699-36034.log +0 -17
- data/spec/support/logs/Dispatcher - 15708-21275.log +0 -13
- data/spec/support/logs/Dispatcher - 15717-6134.log +0 -9
- data/spec/support/logs/Dispatcher - 15727-5906.log +0 -9
- data/spec/support/logs/Dispatcher - 15736-27941.log +0 -11
- data/spec/support/logs/Dispatcher - 15749-31464.log +0 -11
- data/spec/support/logs/Dispatcher - 15762-52837.log +0 -35
- data/spec/support/logs/Dispatcher - 15823-2486.log +0 -21
- data/spec/support/logs/Dispatcher - 15832-34792.log +0 -21
- data/spec/support/logs/Dispatcher - 15841-3367.log +0 -23
- data/spec/support/logs/Dispatcher - 15886-2171.log +0 -19
- data/spec/support/logs/Dispatcher - 15895-6022.log +0 -17
- data/spec/support/logs/Dispatcher - 15904-51624.log +0 -15
- data/spec/support/logs/Dispatcher - 15917-11227.log +0 -11
- data/spec/support/logs/Dispatcher - 15930-17170.log +0 -9
- data/spec/support/logs/Dispatcher - 15939-24891.log +0 -9
- data/spec/support/logs/Dispatcher - 15948-26858.log +0 -9
- data/spec/support/logs/Dispatcher - 15957-12278.log +0 -9
- data/spec/support/logs/Dispatcher - 15967-37642.log +0 -11
- data/spec/support/logs/Dispatcher - 15981-57959.log +0 -9
- data/spec/support/logs/Dispatcher - 16000-51003.log +0 -9
- data/spec/support/logs/Dispatcher - 16064-25969.log +0 -63
- data/spec/support/logs/Dispatcher - 16073-13164.log +0 -43
- data/spec/support/logs/Dispatcher - 16083-21729.log +0 -39
- data/spec/support/logs/Dispatcher - 16092-48691.log +0 -34
- data/spec/support/logs/Dispatcher - 16101-7385.log +0 -28
- data/spec/support/logs/Dispatcher - 16110-24222.log +0 -21
- data/spec/support/logs/Dispatcher - 16119-29645.log +0 -13
- data/spec/support/logs/Dispatcher - 16129-23325.log +0 -9
- data/spec/support/logs/Dispatcher - 16399-42716.log +0 -19
- data/spec/support/logs/Dispatcher - 16410-3301.log +0 -21
- data/spec/support/logs/Dispatcher - 16419-8500.log +0 -15
- data/spec/support/logs/Dispatcher - 16432-2467.log +0 -19
- data/spec/support/logs/Dispatcher - 16441-27407.log +0 -21
- data/spec/support/logs/Dispatcher - 16450-28157.log +0 -15
- data/spec/support/logs/Dispatcher - 16607-37339.log +0 -17
- data/spec/support/logs/Dispatcher - 16616-50971.log +0 -21
- data/spec/support/logs/Dispatcher - 16625-28154.log +0 -13
- data/spec/support/logs/Dispatcher - 16638-17094.log +0 -19
- data/spec/support/logs/Dispatcher - 16647-25657.log +0 -21
- data/spec/support/logs/Dispatcher - 16656-11108.log +0 -15
- data/spec/support/logs/Dispatcher - 16716-31067.log +0 -17
- data/spec/support/logs/Dispatcher - 16726-34466.log +0 -21
- data/spec/support/logs/Dispatcher - 16735-55150.log +0 -13
- data/spec/support/logs/Dispatcher - 16748-7910.log +0 -17
- data/spec/support/logs/Dispatcher - 16757-62118.log +0 -21
- data/spec/support/logs/Dispatcher - 16766-31937.log +0 -13
- data/spec/support/logs/Dispatcher - 16999-6441.log +0 -19
- data/spec/support/logs/Dispatcher - 17008-51788.log +0 -21
- data/spec/support/logs/Dispatcher - 17017-20096.log +0 -15
- data/spec/support/logs/Dispatcher - 17041-15877.log +0 -21
- data/spec/support/logs/Dispatcher - 17050-42137.log +0 -25
- data/spec/support/logs/Dispatcher - 17059-12767.log +0 -15
- data/spec/support/logs/Dispatcher - 17095-3041.log +0 -17
- data/spec/support/logs/Dispatcher - 17104-42336.log +0 -21
- data/spec/support/logs/Dispatcher - 17113-11660.log +0 -13
- data/spec/support/logs/Dispatcher - 17126-64859.log +0 -21
- data/spec/support/logs/Dispatcher - 17135-11634.log +0 -25
- data/spec/support/logs/Dispatcher - 17144-37598.log +0 -15
- data/spec/support/logs/Dispatcher - 17180-55804.log +0 -17
- data/spec/support/logs/Dispatcher - 17189-5599.log +0 -21
- data/spec/support/logs/Dispatcher - 17198-13188.log +0 -13
- data/spec/support/logs/Dispatcher - 17211-23553.log +0 -17
- data/spec/support/logs/Dispatcher - 17220-36701.log +0 -21
- data/spec/support/logs/Dispatcher - 17229-41502.log +0 -13
- data/spec/support/logs/Instance - 12859-23151.error.log +0 -314
- data/spec/support/logs/Instance - 12890-17901.error.log +0 -413
- data/spec/support/logs/Instance - 12915-45947.error.log +0 -314
- data/spec/support/logs/Instance - 13044-48074.error.log +0 -312
- data/spec/support/logs/Instance - 16731-60738.error.log +0 -314
- data/spec/support/logs/Instance - 16931-37511.error.log +0 -312
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
3
3
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
you may not use this file except in compliance with the License.
|
@@ -16,11 +16,9 @@
|
|
16
16
|
|
17
17
|
module Arachni::Element::Capabilities
|
18
18
|
|
19
|
-
#
|
20
19
|
# Looks for specific substrings or patterns in response bodies.
|
21
20
|
#
|
22
21
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
23
|
-
#
|
24
22
|
module Auditable::Taint
|
25
23
|
|
26
24
|
TAINT_OPTIONS = {
|
@@ -49,13 +47,20 @@ module Auditable::Taint
|
|
49
47
|
# Useful when needing to narrow down what to log without
|
50
48
|
# having to construct overly complex match regexps.
|
51
49
|
#
|
52
|
-
ignore: nil
|
50
|
+
ignore: nil,
|
51
|
+
|
52
|
+
#
|
53
|
+
# Extract the longest word from each regexp and only proceed to the
|
54
|
+
# full match only if that word is included in the response body.
|
55
|
+
#
|
56
|
+
# The check is case insensitive.
|
57
|
+
#
|
58
|
+
longest_word_optimization: false
|
53
59
|
}
|
54
60
|
|
55
61
|
REMARK = 'This issue was identified by a pattern but the pattern matched ' <<
|
56
62
|
'the page\'s response body even before auditing the logged element.'
|
57
63
|
|
58
|
-
#
|
59
64
|
# Performs taint analysis and logs an issue should there be one.
|
60
65
|
#
|
61
66
|
# It logs an issue when:
|
@@ -81,27 +86,30 @@ module Auditable::Taint
|
|
81
86
|
# @return [Bool]
|
82
87
|
# `true` if the audit was scheduled successfully, `false` otherwise (like
|
83
88
|
# if the resource is out of scope).
|
84
|
-
#
|
85
89
|
def taint_analysis( payloads, opts = { } )
|
90
|
+
return false if self.auditable.empty?
|
91
|
+
|
86
92
|
if skip_path? self.action
|
87
93
|
print_debug "Element's action matches skip rule, bailing out."
|
88
94
|
return false
|
89
95
|
end
|
90
96
|
|
97
|
+
# We'll have to keep track of logged issues for analysis a bit down the line.
|
98
|
+
@logged_issues = []
|
99
|
+
|
100
|
+
# Perform the taint analysis.
|
91
101
|
opts = self.class::OPTIONS.merge( TAINT_OPTIONS.merge( opts ) )
|
92
102
|
audit( payloads, opts ) { |res, c_opts| get_matches( res, c_opts ) }
|
93
103
|
end
|
94
104
|
|
95
105
|
private
|
96
106
|
|
97
|
-
#
|
98
107
|
# Tries to identify an issue through pattern matching.
|
99
108
|
#
|
100
109
|
# If a issue is found a message will be printed and the issue will be logged.
|
101
110
|
#
|
102
111
|
# @param [Typhoeus::Response] res
|
103
112
|
# @param [Hash] opts
|
104
|
-
#
|
105
113
|
def get_matches( res, opts )
|
106
114
|
opts[:substring] = opts[:injected_orig] if !opts[:regexp] && !opts[:substring]
|
107
115
|
|
@@ -110,6 +118,10 @@ module Auditable::Taint
|
|
110
118
|
end
|
111
119
|
|
112
120
|
def match_patterns( patterns, matcher, res, opts )
|
121
|
+
if opts[:longest_word_optimization]
|
122
|
+
opts[:downcased_body] = res.body.downcase
|
123
|
+
end
|
124
|
+
|
113
125
|
case patterns
|
114
126
|
when Regexp, String, Array
|
115
127
|
[patterns].flatten.compact.
|
@@ -149,14 +161,10 @@ module Auditable::Taint
|
|
149
161
|
def match_substring_and_log( substring, res, opts )
|
150
162
|
return if substring.to_s.empty?
|
151
163
|
|
152
|
-
opts[:verification] = @auditor.page && @auditor.page.body &&
|
153
|
-
@auditor.page.body.include?( substring )
|
154
|
-
|
155
|
-
opts[:remarks] = { auditor: [REMARK] } if opts[:verification]
|
156
|
-
|
157
164
|
if res.body.include?( substring ) && !ignore?( res, opts )
|
158
165
|
opts[:regexp] = opts[:id] = opts[:match] = substring.dup
|
159
|
-
@auditor.log( opts, res )
|
166
|
+
@logged_issues |= @auditor.log( opts, res )
|
167
|
+
setup_verification_callbacks
|
160
168
|
end
|
161
169
|
end
|
162
170
|
|
@@ -164,12 +172,11 @@ module Auditable::Taint
|
|
164
172
|
regexp = regexp.is_a?( Regexp ) ? regexp :
|
165
173
|
Regexp.new( regexp.to_s, Regexp::IGNORECASE )
|
166
174
|
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
opts[:verification] = (@auditor.page && @auditor.page.body.to_s =~ regexp) rescue false
|
175
|
+
if opts[:downcased_body]
|
176
|
+
return if !opts[:downcased_body].include?( longest_word_for_regexp( regexp ) )
|
177
|
+
end
|
171
178
|
|
172
|
-
|
179
|
+
match_data = res.body.scan( regexp ).flatten.first.to_s
|
173
180
|
|
174
181
|
# fairly obscure condition...pardon me...
|
175
182
|
if ( opts[:match] && match_data == opts[:match] ) ||
|
@@ -180,7 +187,8 @@ module Auditable::Taint
|
|
180
187
|
opts[:id] = opts[:match] = opts[:match] ? opts[:match] : match_data
|
181
188
|
opts[:regexp] = regexp
|
182
189
|
|
183
|
-
@auditor.log( opts, res )
|
190
|
+
@logged_issues |= @auditor.log( opts, res )
|
191
|
+
setup_verification_callbacks
|
184
192
|
end
|
185
193
|
|
186
194
|
rescue => e
|
@@ -196,5 +204,34 @@ module Auditable::Taint
|
|
196
204
|
false
|
197
205
|
end
|
198
206
|
|
207
|
+
def setup_verification_callbacks
|
208
|
+
return if @setup_verification_callbacks
|
209
|
+
@setup_verification_callbacks = true
|
210
|
+
|
211
|
+
# Go over the issues and flag them as untrusted if the pattern that
|
212
|
+
# caused them to be logged matches the untainted response.
|
213
|
+
http.after_run do
|
214
|
+
@setup_verification_callbacks = false
|
215
|
+
|
216
|
+
# Grab an untainted response.
|
217
|
+
submit do |response|
|
218
|
+
@logged_issues.each do |issue|
|
219
|
+
next if !response.body.include?( issue.match )
|
220
|
+
|
221
|
+
issue.verification = true
|
222
|
+
issue.add_remark :auditor, REMARK
|
223
|
+
end
|
224
|
+
|
225
|
+
@logged_issues = []
|
226
|
+
end
|
227
|
+
end
|
228
|
+
end
|
229
|
+
|
230
|
+
def longest_word_for_regexp( regexp )
|
231
|
+
@@longest_word_for_regex ||= {}
|
232
|
+
@@longest_word_for_regex[regexp.source.hash] ||=
|
233
|
+
regexp.source.longest_word.downcase
|
234
|
+
end
|
235
|
+
|
199
236
|
end
|
200
237
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
3
3
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
you may not use this file except in compliance with the License.
|
@@ -16,7 +16,8 @@
|
|
16
16
|
|
17
17
|
module Arachni::Element::Capabilities
|
18
18
|
|
19
|
-
|
19
|
+
module Auditable
|
20
|
+
|
20
21
|
# Evaluates whether or not the injection of specific data affects the response
|
21
22
|
# time of the web application.
|
22
23
|
#
|
@@ -64,8 +65,7 @@ module Arachni::Element::Capabilities
|
|
64
65
|
# a callback block to {on_timing_attacks}.
|
65
66
|
#
|
66
67
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
67
|
-
|
68
|
-
module Auditable::Timeout
|
68
|
+
module Timeout
|
69
69
|
|
70
70
|
def self.included( mod )
|
71
71
|
@@parent = mod
|
@@ -131,7 +131,6 @@ module Auditable::Timeout
|
|
131
131
|
end
|
132
132
|
end
|
133
133
|
|
134
|
-
#
|
135
134
|
# (Called by {timeout_audit_run}, do *NOT* call manually.)
|
136
135
|
#
|
137
136
|
# Runs phase 2 of the timing attack auditing an individual element
|
@@ -144,47 +143,63 @@ module Auditable::Timeout
|
|
144
143
|
# * If verification fails it aborts
|
145
144
|
# * If verification succeeds the issue is logged
|
146
145
|
# * Stabilize responsiveness: Wait for the effects of the timing attack to wear off
|
147
|
-
#
|
148
146
|
def @@parent.timeout_analysis_phase_2( elem )
|
149
|
-
opts
|
150
|
-
|
147
|
+
opts = elem.opts
|
148
|
+
opts[:delay] *= 2
|
151
149
|
|
152
|
-
str = opts[:timing_string].
|
153
|
-
|
154
|
-
|
155
|
-
opts[:timeout] *= 0.7
|
150
|
+
str = opts[:timing_string].dup
|
151
|
+
str.gsub!( '__TIME__', (opts[:delay] / opts[:timeout_divider]).to_s )
|
156
152
|
|
157
153
|
elem.auditable = elem.orig
|
158
154
|
|
159
|
-
|
160
|
-
|
161
|
-
|
155
|
+
elem.print_status "Phase 2 for #{elem.type} input '#{elem.altered}'" <<
|
156
|
+
" with action #{elem.action}"
|
157
|
+
|
158
|
+
elem.print_info '* Performing liveness check.'
|
159
|
+
|
160
|
+
# This is the control; request the URL of the element to make sure
|
161
|
+
# that the web page is responsive i.e won't time-out by default.
|
162
|
+
elem.submit( timeout: opts[:delay] ) do |res|
|
162
163
|
self.call_on_timing_blocks( res, elem )
|
163
164
|
|
165
|
+
# Remove the timeout option set by the liveness check in order
|
166
|
+
# to now affect later requests.
|
167
|
+
elem.opts.delete( :timeout )
|
168
|
+
|
164
169
|
if res.timed_out?
|
165
|
-
elem.print_info '
|
170
|
+
elem.print_info '* Liveness check failed, aborting.'
|
166
171
|
next
|
167
172
|
end
|
168
173
|
|
169
|
-
elem.print_info '
|
170
|
-
|
171
|
-
|
172
|
-
|
174
|
+
elem.print_info '* Liveness check was successful, progressing' <<
|
175
|
+
' to verification.'
|
176
|
+
|
177
|
+
opts[:skip_like] = proc { |m| m.altered != elem.altered }
|
178
|
+
opts[:format] = [Mutable::Format::STRAIGHT]
|
179
|
+
opts[:silent] = true
|
180
|
+
|
181
|
+
elem.audit( str, opts ) do |c_res|
|
182
|
+
if c_res.app_time <= (opts[:delay] + opts[:add]) / 1000.0
|
183
|
+
elem.print_info '* Verification failed.'
|
173
184
|
next
|
174
185
|
end
|
175
186
|
|
176
|
-
elem.opts[:timeout] = injected_timeout
|
177
|
-
|
178
187
|
if deduplicate?
|
179
|
-
|
188
|
+
if @@timeout_candidate_phase3_ids.include?( elem.audit_id )
|
189
|
+
elem.print_info '* Duplicate, skipping.'
|
190
|
+
next
|
191
|
+
end
|
192
|
+
|
180
193
|
@@timeout_candidate_phase3_ids << elem.audit_id
|
181
194
|
end
|
182
195
|
|
183
|
-
elem.
|
184
|
-
|
185
|
-
|
196
|
+
elem.opts[:delay] = opts[:delay]
|
197
|
+
|
198
|
+
elem.print_info '* Verification was successful, ' <<
|
199
|
+
'candidate can progress to Phase 3.'
|
186
200
|
|
187
201
|
@@parent.add_timeout_phase3_candidate( elem )
|
202
|
+
elem.responsive?
|
188
203
|
end
|
189
204
|
end
|
190
205
|
|
@@ -204,40 +219,46 @@ module Auditable::Timeout
|
|
204
219
|
end
|
205
220
|
|
206
221
|
def @@parent.timeout_analysis_phase_3( elem )
|
207
|
-
opts
|
208
|
-
opts[:
|
209
|
-
|
210
|
-
str = opts[:timing_string].
|
211
|
-
gsub( '__TIME__', ( opts[:timeout] / opts[:timeout_divider] ).to_s )
|
222
|
+
opts = elem.opts
|
223
|
+
opts[:delay] *= 2
|
212
224
|
|
213
|
-
opts[:
|
225
|
+
str = opts[:timing_string].dup
|
226
|
+
str.gsub!( '__TIME__', (opts[:delay] / opts[:timeout_divider]).to_s )
|
214
227
|
|
215
228
|
elem.auditable = elem.orig
|
216
229
|
|
217
|
-
|
218
|
-
|
219
|
-
|
230
|
+
elem.print_status "Phase 3 for #{elem.type} input '#{elem.altered}'" <<
|
231
|
+
" with action #{elem.action}"
|
232
|
+
|
233
|
+
elem.print_info '* Performing liveness check.'
|
234
|
+
|
235
|
+
# This is the control; request the URL of the element to make sure
|
236
|
+
# that the web page is alive i.e won't time-out by default.
|
237
|
+
elem.submit( timeout: opts[:delay] ) do |res|
|
220
238
|
self.call_on_timing_blocks( res, elem )
|
221
239
|
|
222
240
|
if res.timed_out?
|
223
|
-
elem.print_info '
|
241
|
+
elem.print_info '* Liveness check failed.'
|
224
242
|
next
|
225
243
|
end
|
226
244
|
|
227
|
-
elem.print_info '
|
245
|
+
elem.print_info '* Liveness check was successful, progressing' <<
|
246
|
+
' to verification.'
|
247
|
+
|
248
|
+
opts[:skip_like] = proc { |m| m.altered != elem.altered }
|
249
|
+
opts[:format] = [Mutable::Format::STRAIGHT]
|
250
|
+
opts[:silent] = true
|
251
|
+
|
228
252
|
elem.audit( str, opts ) do |c_res, c_opts|
|
229
|
-
if
|
230
|
-
elem.print_info '
|
253
|
+
if c_res.app_time <= (opts[:delay] + opts[:add]) / 1000.0
|
254
|
+
elem.print_info '* Verification failed.'
|
231
255
|
next
|
232
256
|
end
|
233
257
|
|
234
|
-
|
235
|
-
#c_opts[:verification] = true
|
236
|
-
|
258
|
+
elem.print_info '* Verification was successful.'
|
237
259
|
elem.auditor.log( c_opts, c_res )
|
238
260
|
elem.responsive?
|
239
261
|
end
|
240
|
-
|
241
262
|
end
|
242
263
|
|
243
264
|
elem.http.run
|
@@ -269,7 +290,7 @@ module Auditable::Timeout
|
|
269
290
|
@@deduplicate ||= 't'
|
270
291
|
end
|
271
292
|
|
272
|
-
def
|
293
|
+
def Timeout.reset
|
273
294
|
@@timeout_audit_operations_cnt = 0
|
274
295
|
|
275
296
|
@@timeout_candidates.clear
|
@@ -315,14 +336,19 @@ module Auditable::Timeout
|
|
315
336
|
# with the specified extras.
|
316
337
|
# @option opts [Integer] :timeout
|
317
338
|
# Milliseconds to wait for the request to complete.
|
318
|
-
# @option opts [Integer] :timeout_divider
|
339
|
+
# @option opts [Integer] :timeout_divider (1)
|
319
340
|
# `__TIME__ = timeout / timeout_divider`
|
341
|
+
# @option opts [Integer] :add (0)
|
342
|
+
# Add this integer to the expected time the request is supposed to take,
|
343
|
+
# in milliseconds.
|
320
344
|
#
|
321
345
|
# @return [Bool]
|
322
346
|
# `true` if the audit was scheduled successfully, `false` otherwise (like
|
323
347
|
# if the resource is out of scope).
|
324
348
|
#
|
325
349
|
def timeout_analysis( payloads, opts )
|
350
|
+
return false if self.auditable.empty?
|
351
|
+
|
326
352
|
if skip_path? self.action
|
327
353
|
print_debug "Element's action matches skip rule, bailing out."
|
328
354
|
return false
|
@@ -331,7 +357,6 @@ module Auditable::Timeout
|
|
331
357
|
@@timeout_loaded_modules << @auditor.fancy_name
|
332
358
|
|
333
359
|
delay = opts[:timeout]
|
334
|
-
|
335
360
|
audit_timeout_debug_msg( 1, delay )
|
336
361
|
timing_attack( payloads, opts ) do |elem|
|
337
362
|
elem.auditor = @auditor
|
@@ -342,51 +367,48 @@ module Auditable::Timeout
|
|
342
367
|
end
|
343
368
|
|
344
369
|
print_info 'Found a candidate for Phase 2 -- ' <<
|
345
|
-
|
346
|
-
|
347
|
-
@@parent.add_timeout_candidate( elem ) if elem.responsive?
|
370
|
+
"#{elem.type.capitalize} input '#{elem.altered}' at #{elem.action}"
|
371
|
+
@@parent.add_timeout_candidate( elem )
|
348
372
|
end
|
349
373
|
|
350
374
|
true
|
351
375
|
end
|
352
376
|
|
353
|
-
#
|
354
377
|
# Submits self with a high timeout value and blocks until it gets a response.
|
378
|
+
# This is to make sure that responsiveness has been restored before
|
379
|
+
# progressing further.
|
355
380
|
#
|
356
|
-
#
|
357
|
-
#
|
358
|
-
# @param [Float] limit How much time to afford the server to respond.
|
381
|
+
# @param [Integer] limit
|
382
|
+
# How many milliseconds to afford the server to respond.
|
359
383
|
#
|
360
384
|
# @return [Bool]
|
361
385
|
# `true` if server responds within the given time limit, `false` otherwise.
|
362
|
-
|
363
|
-
def responsive?( limit = 120.0 )
|
386
|
+
def responsive?( limit = 120_000, prepend = '* ' )
|
364
387
|
d_opts = {
|
365
388
|
skip_orig: true,
|
366
389
|
redundant: true,
|
367
|
-
timeout: limit
|
390
|
+
timeout: limit,
|
368
391
|
silent: true,
|
369
392
|
async: false
|
370
393
|
}
|
371
394
|
|
372
395
|
orig_opts = opts
|
373
396
|
|
374
|
-
print_info
|
375
|
-
|
397
|
+
print_info "#{prepend}Waiting for the effects of the timing attack to " <<
|
398
|
+
'wear off, this may take a while (max waiting time is ' <<
|
399
|
+
"#{d_opts[:timeout] / 1000.0} seconds)."
|
376
400
|
|
377
401
|
@auditable = @orig
|
378
402
|
res = submit( d_opts ).response
|
379
403
|
|
380
404
|
@opts.merge!( orig_opts )
|
381
405
|
|
382
|
-
if
|
383
|
-
|
406
|
+
if res.timed_out?
|
407
|
+
print_bad 'Max waiting time exceeded.'
|
408
|
+
false
|
384
409
|
else
|
385
|
-
|
386
|
-
return false
|
410
|
+
true
|
387
411
|
end
|
388
|
-
|
389
|
-
true
|
390
412
|
end
|
391
413
|
|
392
414
|
private
|
@@ -414,9 +436,10 @@ module Auditable::Timeout
|
|
414
436
|
# {Typhoeus::Response response} and `opts`.
|
415
437
|
#
|
416
438
|
def timing_attack( payloads, opts, &block )
|
417
|
-
opts
|
439
|
+
opts = opts.dup
|
440
|
+
opts[:delay] = opts.delete(:timeout)
|
418
441
|
opts[:timeout_divider] ||= 1
|
419
|
-
|
442
|
+
opts[:add] ||= 0
|
420
443
|
|
421
444
|
# Intercept each element mutation prior to it being submitted and replace
|
422
445
|
# the '__TIME__' placeholder with the actual delay value.
|
@@ -427,16 +450,20 @@ module Auditable::Timeout
|
|
427
450
|
# verification phases.
|
428
451
|
mutation.opts[:timing_string] = injected
|
429
452
|
|
430
|
-
mutation.altered_value = injected.
|
453
|
+
mutation.altered_value = injected.
|
454
|
+
gsub( '__TIME__', (opts[:delay] / opts[:timeout_divider]).to_s )
|
431
455
|
end
|
432
456
|
|
433
457
|
opts.merge!( each_mutation: each_mutation, skip_orig: true )
|
434
458
|
|
435
459
|
audit( payloads, opts ) do |res, _, elem|
|
436
460
|
call_on_timing_blocks( res, elem )
|
437
|
-
block.
|
461
|
+
next if !block || res.app_time < (opts[:delay] + opts[:add]) / 1000.0
|
462
|
+
|
463
|
+
block.call( elem )
|
438
464
|
end
|
439
465
|
end
|
440
466
|
|
441
467
|
end
|
442
468
|
end
|
469
|
+
end
|