arachni 0.4.5.2 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +9 -9
- data/CHANGELOG.md +97 -0
- data/CONTRIBUTORS.md +1 -0
- data/NOTICE +1 -1
- data/README.md +4 -4
- data/Rakefile +111 -26
- data/arachni.gemspec +2 -2
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +1 -1
- data/bin/arachni_rpc +1 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +1 -1
- data/bin/arachni_script +1 -1
- data/external/metasploit/LICENSE +1 -1
- data/fingerprinters/frameworks/rack.rb +1 -1
- data/fingerprinters/languages/asp.rb +1 -1
- data/fingerprinters/languages/aspx.rb +1 -1
- data/fingerprinters/languages/jsp.rb +3 -5
- data/fingerprinters/languages/php.rb +1 -1
- data/fingerprinters/languages/python.rb +1 -1
- data/fingerprinters/languages/ruby.rb +1 -1
- data/fingerprinters/os/bsd.rb +1 -1
- data/fingerprinters/os/linux.rb +1 -1
- data/fingerprinters/os/solaris.rb +1 -1
- data/fingerprinters/os/unix.rb +1 -1
- data/fingerprinters/os/windows.rb +1 -1
- data/fingerprinters/servers/apache.rb +1 -1
- data/fingerprinters/servers/iis.rb +1 -1
- data/fingerprinters/servers/jetty.rb +1 -1
- data/fingerprinters/servers/nginx.rb +1 -1
- data/fingerprinters/servers/tomcat.rb +1 -1
- data/lib/arachni.rb +6 -1
- data/lib/arachni/audit_store.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/enum.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +45 -22
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +378 -122
- data/lib/arachni/element/capabilities/auditable/taint.rb +57 -20
- data/lib/arachni/element/capabilities/auditable/timeout.rb +95 -68
- data/lib/arachni/element/capabilities/mutable.rb +77 -40
- data/lib/arachni/element/capabilities/refreshable.rb +7 -1
- data/lib/arachni/element/cookie.rb +46 -167
- data/lib/arachni/element/form.rb +77 -517
- data/lib/arachni/element/header.rb +21 -15
- data/lib/arachni/element/link.rb +2 -2
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/framework.rb +16 -7
- data/lib/arachni/http.rb +111 -118
- data/lib/arachni/http/cookie_jar.rb +8 -2
- data/lib/arachni/issue.rb +4 -1
- data/lib/arachni/mixins/observable.rb +1 -1
- data/lib/arachni/mixins/progress_bar.rb +1 -1
- data/lib/arachni/mixins/terminal.rb +1 -1
- data/lib/arachni/module.rb +1 -1
- data/lib/arachni/module/auditor.rb +23 -17
- data/lib/arachni/module/base.rb +1 -1
- data/lib/arachni/module/manager.rb +4 -4
- data/lib/arachni/module/output.rb +1 -1
- data/lib/arachni/module/utilities.rb +1 -1
- data/lib/arachni/options.rb +28 -7
- data/lib/arachni/page.rb +4 -5
- data/lib/arachni/parser.rb +3 -2
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +11 -29
- data/lib/arachni/platform/manager.rb +31 -8
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +1 -1
- data/lib/arachni/plugin/manager.rb +1 -1
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +1 -1
- data/lib/arachni/report.rb +1 -1
- data/lib/arachni/report/base.rb +1 -1
- data/lib/arachni/report/manager.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +10 -6
- data/lib/arachni/rpc/server/dispatcher/handler.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +5 -3
- data/lib/arachni/rpc/server/framework.rb +5 -3
- data/lib/arachni/rpc/server/framework/distributor.rb +24 -19
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +7 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +5 -4
- data/lib/arachni/rpc/server/module/manager.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/rpc/server/spider.rb +5 -2
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +9 -1
- data/lib/arachni/ruby/enumerable.rb +1 -1
- data/lib/arachni/ruby/hash.rb +24 -5
- data/lib/arachni/ruby/io.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +13 -2
- data/lib/arachni/ruby/webrick.rb +3 -15
- data/lib/arachni/ruby/webrick/cookie.rb +30 -0
- data/lib/arachni/ruby/webrick/httprequest.rb +42 -0
- data/lib/arachni/session.rb +21 -8
- data/lib/arachni/spider.rb +18 -11
- data/lib/arachni/support.rb +3 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +5 -5
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +52 -69
- data/lib/arachni/{module → support}/key_filler.rb +11 -17
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/queue.rb +1 -1
- data/lib/arachni/support/queue/disk.rb +1 -1
- data/lib/arachni/support/signature.rb +153 -0
- data/lib/arachni/trainer.rb +30 -19
- data/lib/arachni/typhoeus/hydra.rb +1 -1
- data/lib/arachni/typhoeus/request.rb +1 -1
- data/lib/arachni/typhoeus/response.rb +8 -2
- data/lib/arachni/typhoeus/utils.rb +1 -1
- data/lib/arachni/ui/cli/cli.rb +18 -7
- data/lib/arachni/ui/cli/output.rb +28 -1
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +1 -1
- data/lib/arachni/ui/cli/rpc/instance.rb +1 -1
- data/lib/arachni/ui/cli/rpc/local.rb +1 -1
- data/lib/arachni/ui/cli/rpc/remote.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +14 -29
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +2 -3
- data/lib/arachni/utilities.rb +1 -1
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/modules/audit/code_injection.rb +1 -1
- data/modules/audit/code_injection_php_input_wrapper.rb +1 -1
- data/modules/audit/code_injection_timing.rb +1 -1
- data/modules/audit/csrf.rb +1 -1
- data/modules/audit/file_inclusion.rb +5 -5
- data/modules/audit/ldapi.rb +1 -1
- data/modules/audit/os_cmd_injection.rb +1 -1
- data/modules/audit/os_cmd_injection_timing.rb +4 -3
- data/modules/audit/path_traversal.rb +5 -5
- data/modules/audit/response_splitting.rb +1 -1
- data/modules/audit/rfi.rb +1 -1
- data/modules/audit/session_fixation.rb +1 -1
- data/modules/audit/source_code_disclosure.rb +21 -17
- data/modules/audit/sqli.rb +11 -8
- data/modules/audit/sqli/patterns/pgsql +1 -0
- data/modules/audit/sqli/regexp_ignore.txt +1 -0
- data/modules/audit/sqli_blind_rdiff.rb +12 -12
- data/modules/audit/sqli_blind_rdiff/payloads.txt +1 -5
- data/modules/audit/sqli_blind_timing.rb +4 -6
- data/modules/audit/sqli_blind_timing/mssql.txt +9 -9
- data/modules/audit/sqli_blind_timing/mysql.txt +9 -31
- data/modules/audit/sqli_blind_timing/pgsql.txt +6 -28
- data/modules/audit/trainer.rb +1 -1
- data/modules/audit/unvalidated_redirect.rb +1 -1
- data/modules/audit/xpath.rb +1 -1
- data/modules/audit/xss.rb +12 -12
- data/modules/audit/xss_event.rb +1 -1
- data/modules/audit/xss_path.rb +1 -1
- data/modules/audit/xss_script_tag.rb +13 -20
- data/modules/audit/xss_tag.rb +5 -7
- data/modules/recon/allowed_methods.rb +1 -1
- data/modules/recon/backdoors.rb +1 -1
- data/modules/recon/backup_files.rb +1 -1
- data/modules/recon/common_directories.rb +1 -1
- data/modules/recon/common_files.rb +1 -1
- data/modules/recon/common_files/filenames.txt +1 -0
- data/modules/recon/directory_listing.rb +2 -2
- data/modules/recon/grep/captcha.rb +1 -1
- data/modules/recon/grep/credit_card.rb +1 -1
- data/modules/recon/grep/cvs_svn_users.rb +1 -1
- data/modules/recon/grep/emails.rb +1 -1
- data/modules/recon/grep/form_upload.rb +1 -1
- data/modules/recon/grep/html_objects.rb +1 -1
- data/modules/recon/grep/http_only_cookies.rb +1 -1
- data/modules/recon/grep/insecure_cookies.rb +1 -1
- data/modules/recon/grep/mixed_resource.rb +1 -1
- data/modules/recon/grep/password_autocomplete.rb +1 -1
- data/modules/recon/grep/private_ip.rb +1 -1
- data/modules/recon/grep/ssn.rb +1 -1
- data/modules/recon/grep/unencrypted_password_forms.rb +1 -1
- data/modules/recon/htaccess_limit.rb +1 -1
- data/modules/recon/http_put.rb +1 -1
- data/modules/recon/interesting_responses.rb +1 -1
- data/modules/recon/localstart_asp.rb +5 -5
- data/modules/recon/webdav.rb +1 -1
- data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +1 -1
- data/modules/recon/xst.rb +1 -1
- data/path_extractors/anchors.rb +1 -1
- data/path_extractors/areas.rb +1 -1
- data/path_extractors/forms.rb +1 -1
- data/path_extractors/frames.rb +1 -1
- data/path_extractors/generic.rb +1 -1
- data/path_extractors/links.rb +1 -1
- data/path_extractors/meta_refresh.rb +1 -1
- data/path_extractors/scripts.rb +1 -1
- data/plugins/autologin.rb +16 -8
- data/plugins/beep_notify.rb +1 -1
- data/plugins/{defaults/content_types.rb → content_types.rb} +1 -1
- data/plugins/cookie_collector.rb +21 -11
- data/plugins/defaults/autothrottle.rb +1 -1
- data/plugins/defaults/healthmap.rb +1 -1
- data/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/plugins/defaults/meta/remedies/timing_attacks.rb +6 -8
- data/plugins/defaults/meta/uniformity.rb +1 -1
- data/plugins/defaults/resolver.rb +1 -1
- data/plugins/email_notify.rb +1 -1
- data/plugins/form_dicattack.rb +1 -1
- data/plugins/http_dicattack.rb +1 -1
- data/plugins/libnotify.rb +1 -1
- data/plugins/profiler.rb +1 -1
- data/plugins/proxy.rb +2 -1
- data/plugins/proxy/server.rb +3 -1
- data/plugins/proxy/template_scope.rb +1 -1
- data/plugins/rescan.rb +1 -1
- data/plugins/script.rb +1 -1
- data/plugins/uncommon_headers.rb +2 -1
- data/plugins/vector_feed.rb +1 -1
- data/plugins/waf_detector.rb +1 -1
- data/reports/afr.rb +8 -9
- data/reports/ap.rb +1 -1
- data/reports/html.rb +8 -12
- data/reports/html/default.erb +2 -3
- data/reports/html/default/issue.erb +0 -12
- data/reports/html/default/issues.erb +2 -2
- data/reports/json.rb +13 -10
- data/reports/marshal.rb +8 -9
- data/reports/metareport.rb +9 -10
- data/reports/plugin_formatters/html/autologin.rb +1 -1
- data/reports/plugin_formatters/html/content_types.rb +1 -1
- data/reports/plugin_formatters/html/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/html/discovery.rb +1 -1
- data/reports/plugin_formatters/html/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/healthmap.rb +1 -1
- data/reports/plugin_formatters/html/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/profiler.rb +1 -1
- data/reports/plugin_formatters/html/resolver.rb +1 -1
- data/reports/plugin_formatters/html/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/html/uniformity.rb +1 -1
- data/reports/plugin_formatters/html/waf_detector.rb +1 -1
- data/reports/plugin_formatters/stdout/autologin.rb +1 -1
- data/reports/plugin_formatters/stdout/content_types.rb +1 -1
- data/reports/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/stdout/discovery.rb +1 -1
- data/reports/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/healthmap.rb +2 -4
- data/reports/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/profiler.rb +1 -1
- data/reports/plugin_formatters/stdout/resolver.rb +1 -1
- data/reports/plugin_formatters/stdout/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/stdout/uniformity.rb +1 -1
- data/reports/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/reports/plugin_formatters/xml/autologin.rb +1 -1
- data/reports/plugin_formatters/xml/content_types.rb +1 -1
- data/reports/plugin_formatters/xml/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/xml/discovery.rb +1 -1
- data/reports/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/healthmap.rb +1 -1
- data/reports/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/profiler.rb +1 -1
- data/reports/plugin_formatters/xml/resolver.rb +1 -1
- data/reports/plugin_formatters/xml/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/xml/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/xml/uniformity.rb +1 -1
- data/reports/plugin_formatters/xml/waf_detector.rb +1 -1
- data/reports/stdout.rb +1 -1
- data/reports/txt.rb +1 -1
- data/reports/xml.rb +8 -9
- data/reports/xml/buffer.rb +2 -2
- data/reports/yaml.rb +8 -9
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +80 -2
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +44 -29
- data/spec/arachni/element/cookie_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +31 -13
- data/spec/arachni/http/cookie_jar_spec.rb +11 -0
- data/spec/arachni/http_spec.rb +33 -7
- data/spec/arachni/issue_spec.rb +10 -3
- data/spec/arachni/options_spec.rb +18 -1
- data/spec/arachni/parser_spec.rb +27 -26
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +10 -1
- data/spec/arachni/rpc/server/dispatcher_spec.rb +15 -0
- data/spec/arachni/ruby/array_spec.rb +11 -0
- data/spec/arachni/ruby/hash_spec.rb +28 -1
- data/spec/arachni/ruby/string_spec.rb +14 -1
- data/spec/arachni/session_spec.rb +39 -0
- data/spec/arachni/spider_spec.rb +23 -14
- data/spec/arachni/{module → support}/key_filler.rb +20 -2
- data/spec/arachni/support/signature_spec.rb +158 -0
- data/spec/arachni/trainer_spec.rb +31 -0
- data/spec/arachni/typhoeus/response_spec.rb +17 -0
- data/spec/arachni/uri_spec.rb +1 -1
- data/spec/external/wavsep/active/lfi_spec.rb +94 -0
- data/spec/external/wavsep/active/rfi_spec.rb +35 -0
- data/spec/external/wavsep/active/sqli_spec.rb +108 -0
- data/spec/external/wavsep/active/xss_spec.rb +41 -0
- data/spec/external/wavsep/false_positives/lfi_spec.rb +33 -0
- data/spec/external/wavsep/false_positives/rfi_spec.rb +21 -0
- data/spec/external/wavsep/false_positives/sqli_spec.rb +32 -0
- data/spec/external/wavsep/false_positives/xss_spec.rb +21 -0
- data/spec/modules/audit/source_code_disclosure_spec.rb +4 -4
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_timing_spec.rb +3 -3
- data/spec/modules/audit/sqli_spec.rb +1 -1
- data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
- data/spec/plugins/autologin_spec.rb +25 -7
- data/spec/plugins/cookie_collector_spec.rb +17 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/modules/test.rb +1 -1
- data/spec/support/fixtures/modules/test2.rb +1 -1
- data/spec/support/fixtures/modules/test3.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/spider_hook.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_mod/body.rb +1 -1
- data/spec/support/fixtures/run_mod/cookies.rb +1 -1
- data/spec/support/fixtures/run_mod/empty.rb +1 -1
- data/spec/support/fixtures/run_mod/flch.rb +1 -1
- data/spec/support/fixtures/run_mod/forms.rb +1 -1
- data/spec/support/fixtures/run_mod/headers.rb +1 -1
- data/spec/support/fixtures/run_mod/links.rb +1 -1
- data/spec/support/fixtures/run_mod/nil.rb +1 -1
- data/spec/support/fixtures/run_mod/path.rb +1 -1
- data/spec/support/fixtures/run_mod/server.rb +1 -1
- data/spec/support/fixtures/taint_module/taint.rb +1 -1
- data/spec/support/fixtures/wait_module/wait.rb +1 -1
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +1 -1
- data/spec/support/logs/Dispatcher - 10129-46995.log +9 -0
- data/spec/support/logs/Dispatcher - 10139-63648.log +19 -0
- data/spec/support/logs/Dispatcher - 10149-5551.log +17 -0
- data/spec/support/logs/Dispatcher - 10158-34385.log +13 -0
- data/spec/support/logs/Dispatcher - 10167-55701.log +9 -0
- data/spec/support/logs/Dispatcher - 10176-8922.log +9 -0
- data/spec/support/logs/Dispatcher - 10185-53716.log +11 -0
- data/spec/support/logs/Dispatcher - 10198-44724.log +11 -0
- data/spec/support/logs/Dispatcher - 10211-7697.log +11 -0
- data/spec/support/logs/Dispatcher - 10224-3751.log +35 -0
- data/spec/support/logs/Dispatcher - 10285-7404.log +21 -0
- data/spec/support/logs/Dispatcher - 10294-56221.log +21 -0
- data/spec/support/logs/Dispatcher - 10303-2483.log +23 -0
- data/spec/support/logs/Dispatcher - 10344-60543.log +19 -0
- data/spec/support/logs/Dispatcher - 10355-31708.log +17 -0
- data/spec/support/logs/Dispatcher - 10364-63170.log +15 -0
- data/spec/support/logs/Dispatcher - 10377-37936.log +11 -0
- data/spec/support/logs/Dispatcher - 10390-37511.log +9 -0
- data/spec/support/logs/Dispatcher - 10400-29603.log +9 -0
- data/spec/support/logs/Dispatcher - 10409-57042.log +9 -0
- data/spec/support/logs/Dispatcher - 10418-17812.log +9 -0
- data/spec/support/logs/Dispatcher - 10427-59862.log +11 -0
- data/spec/support/logs/Dispatcher - 10440-48351.log +9 -0
- data/spec/support/logs/Dispatcher - 10449-24218.log +9 -0
- data/spec/support/logs/Dispatcher - 10458-54646.log +9 -0
- data/spec/support/logs/Dispatcher - 10511-3333.log +63 -0
- data/spec/support/logs/Dispatcher - 10520-50009.log +43 -0
- data/spec/support/logs/Dispatcher - 10529-44870.log +39 -0
- data/spec/support/logs/Dispatcher - 10538-49556.log +34 -0
- data/spec/support/logs/Dispatcher - 10547-61887.log +28 -0
- data/spec/support/logs/Dispatcher - 10556-31163.log +21 -0
- data/spec/support/logs/Dispatcher - 10565-40008.log +13 -0
- data/spec/support/logs/Dispatcher - 10575-18836.log +9 -0
- data/spec/support/logs/Dispatcher - 10747-32268.log +19 -0
- data/spec/support/logs/Dispatcher - 10757-4081.log +21 -0
- data/spec/support/logs/Dispatcher - 10766-49190.log +15 -0
- data/spec/support/logs/Dispatcher - 10780-46610.log +19 -0
- data/spec/support/logs/Dispatcher - 10789-5332.log +21 -0
- data/spec/support/logs/Dispatcher - 10798-56243.log +15 -0
- data/spec/support/logs/Dispatcher - 10920-32037.log +17 -0
- data/spec/support/logs/Dispatcher - 10929-35662.log +21 -0
- data/spec/support/logs/Dispatcher - 10938-64010.log +13 -0
- data/spec/support/logs/Dispatcher - 10951-44746.log +19 -0
- data/spec/support/logs/Dispatcher - 10961-55791.log +21 -0
- data/spec/support/logs/Dispatcher - 10972-58913.log +15 -0
- data/spec/support/logs/Dispatcher - 11023-45004.log +17 -0
- data/spec/support/logs/Dispatcher - 11033-55505.log +21 -0
- data/spec/support/logs/Dispatcher - 11042-46123.log +13 -0
- data/spec/support/logs/Dispatcher - 11055-26836.log +17 -0
- data/spec/support/logs/Dispatcher - 11064-60361.log +21 -0
- data/spec/support/logs/Dispatcher - 11073-17507.log +13 -0
- data/spec/support/logs/Dispatcher - 11298-28357.log +19 -0
- data/spec/support/logs/Dispatcher - 11307-62669.log +21 -0
- data/spec/support/logs/Dispatcher - 11316-9391.log +15 -0
- data/spec/support/logs/Dispatcher - 11340-45921.log +21 -0
- data/spec/support/logs/Dispatcher - 11349-8693.log +25 -0
- data/spec/support/logs/Dispatcher - 11358-53753.log +15 -0
- data/spec/support/logs/Dispatcher - 11394-29437.log +17 -0
- data/spec/support/logs/Dispatcher - 11403-59953.log +21 -0
- data/spec/support/logs/Dispatcher - 11412-51134.log +13 -0
- data/spec/support/logs/Dispatcher - 11425-42569.log +21 -0
- data/spec/support/logs/Dispatcher - 11434-16150.log +25 -0
- data/spec/support/logs/Dispatcher - 11443-19072.log +15 -0
- data/spec/support/logs/Dispatcher - 11479-39149.log +17 -0
- data/spec/support/logs/Dispatcher - 11488-42169.log +21 -0
- data/spec/support/logs/Dispatcher - 11497-29822.log +13 -0
- data/spec/support/logs/Dispatcher - 11510-8273.log +17 -0
- data/spec/support/logs/Dispatcher - 11519-18206.log +21 -0
- data/spec/support/logs/Dispatcher - 11528-55825.log +13 -0
- data/spec/support/logs/Dispatcher - 9969-52890.log +9 -0
- data/spec/support/logs/Dispatcher - 9996-38451.log +21 -0
- data/spec/support/logs/{Instance - 12589-35500.error.log → Instance - 10762-33696.error.log } +63 -40
- data/spec/support/logs/{Instance - 16415-47240.error.log → Instance - 11038-18065.error.log } +65 -42
- data/spec/support/logs/{Instance - 16762-48636.error.log → Instance - 11069-34848.error.log } +162 -139
- data/spec/support/logs/{Instance - 16789-61713.error.log → Instance - 11091-33954.error.log } +60 -37
- data/spec/support/logs/{Instance - 16795-55306.error.log → Instance - 11097-33191.error.log } +65 -42
- data/spec/support/logs/{Instance - 12909-9442.error.log → Instance - 11229-38634.error.log } +60 -37
- data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +131 -7
- data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +4 -0
- data/spec/support/servers/arachni/element/form.rb +27 -0
- data/spec/support/servers/arachni/element/link.rb +16 -0
- data/spec/support/servers/arachni/session.rb +17 -1
- data/spec/support/servers/arachni/spider.rb +25 -1
- data/spec/support/servers/arachni/trainer.rb +8 -0
- data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +2 -1
- data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -1
- data/spec/support/servers/modules/audit/sqli/postgresql +2 -0
- data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +9 -13
- data/spec/support/shared/element/capabilities/auditable.rb +62 -3
- data/spec/support/shared/element/capabilities/refreshable.rb +27 -0
- data/spec/support/shared/external/wavsep.rb +89 -0
- metadata +1081 -1206
- data/lib/arachni/platforms.rb +0 -499
- data/logs/Dispatcher - 12101-7331.log +0 -15
- data/spec/support/logs/Dispatcher - 11821-58635.log +0 -9
- data/spec/support/logs/Dispatcher - 11848-37716.log +0 -21
- data/spec/support/logs/Dispatcher - 11974-31477.log +0 -9
- data/spec/support/logs/Dispatcher - 11984-10290.log +0 -19
- data/spec/support/logs/Dispatcher - 11993-33501.log +0 -17
- data/spec/support/logs/Dispatcher - 12002-62227.log +0 -13
- data/spec/support/logs/Dispatcher - 12013-45779.log +0 -9
- data/spec/support/logs/Dispatcher - 12022-22434.log +0 -9
- data/spec/support/logs/Dispatcher - 12031-41130.log +0 -11
- data/spec/support/logs/Dispatcher - 12045-23894.log +0 -11
- data/spec/support/logs/Dispatcher - 12059-57317.log +0 -35
- data/spec/support/logs/Dispatcher - 12122-60206.log +0 -21
- data/spec/support/logs/Dispatcher - 12132-58445.log +0 -21
- data/spec/support/logs/Dispatcher - 12141-13273.log +0 -23
- data/spec/support/logs/Dispatcher - 12183-2341.log +0 -19
- data/spec/support/logs/Dispatcher - 12192-56486.log +0 -17
- data/spec/support/logs/Dispatcher - 12201-8840.log +0 -15
- data/spec/support/logs/Dispatcher - 12214-47545.log +0 -11
- data/spec/support/logs/Dispatcher - 12227-23676.log +0 -9
- data/spec/support/logs/Dispatcher - 12236-16018.log +0 -9
- data/spec/support/logs/Dispatcher - 12245-61980.log +0 -9
- data/spec/support/logs/Dispatcher - 12254-30185.log +0 -9
- data/spec/support/logs/Dispatcher - 12263-29578.log +0 -11
- data/spec/support/logs/Dispatcher - 12276-64279.log +0 -9
- data/spec/support/logs/Dispatcher - 12285-49975.log +0 -9
- data/spec/support/logs/Dispatcher - 12347-26600.log +0 -63
- data/spec/support/logs/Dispatcher - 12356-43960.log +0 -43
- data/spec/support/logs/Dispatcher - 12365-30567.log +0 -39
- data/spec/support/logs/Dispatcher - 12374-49263.log +0 -34
- data/spec/support/logs/Dispatcher - 12401-6543.log +0 -28
- data/spec/support/logs/Dispatcher - 12410-21678.log +0 -21
- data/spec/support/logs/Dispatcher - 12419-42381.log +0 -13
- data/spec/support/logs/Dispatcher - 12429-25829.log +0 -9
- data/spec/support/logs/Dispatcher - 12574-63838.log +0 -19
- data/spec/support/logs/Dispatcher - 12584-33256.log +0 -21
- data/spec/support/logs/Dispatcher - 12593-45982.log +0 -15
- data/spec/support/logs/Dispatcher - 12606-64171.log +0 -19
- data/spec/support/logs/Dispatcher - 12615-52258.log +0 -21
- data/spec/support/logs/Dispatcher - 12624-48032.log +0 -15
- data/spec/support/logs/Dispatcher - 12744-31691.log +0 -17
- data/spec/support/logs/Dispatcher - 12753-9777.log +0 -21
- data/spec/support/logs/Dispatcher - 12762-14195.log +0 -13
- data/spec/support/logs/Dispatcher - 12775-52778.log +0 -19
- data/spec/support/logs/Dispatcher - 12784-33121.log +0 -21
- data/spec/support/logs/Dispatcher - 12793-23476.log +0 -15
- data/spec/support/logs/Dispatcher - 12845-33401.log +0 -17
- data/spec/support/logs/Dispatcher - 12854-58592.log +0 -21
- data/spec/support/logs/Dispatcher - 12863-38667.log +0 -13
- data/spec/support/logs/Dispatcher - 12876-18504.log +0 -17
- data/spec/support/logs/Dispatcher - 12885-8765.log +0 -21
- data/spec/support/logs/Dispatcher - 12894-7708.log +0 -13
- data/spec/support/logs/Dispatcher - 13112-20247.log +0 -19
- data/spec/support/logs/Dispatcher - 13121-37610.log +0 -21
- data/spec/support/logs/Dispatcher - 13130-55144.log +0 -15
- data/spec/support/logs/Dispatcher - 13154-11476.log +0 -21
- data/spec/support/logs/Dispatcher - 13163-28157.log +0 -25
- data/spec/support/logs/Dispatcher - 13172-1403.log +0 -15
- data/spec/support/logs/Dispatcher - 13208-39214.log +0 -17
- data/spec/support/logs/Dispatcher - 13217-25789.log +0 -21
- data/spec/support/logs/Dispatcher - 13226-32449.log +0 -13
- data/spec/support/logs/Dispatcher - 13239-50344.log +0 -21
- data/spec/support/logs/Dispatcher - 13248-35317.log +0 -25
- data/spec/support/logs/Dispatcher - 13257-20820.log +0 -15
- data/spec/support/logs/Dispatcher - 13293-39307.log +0 -17
- data/spec/support/logs/Dispatcher - 13302-62417.log +0 -21
- data/spec/support/logs/Dispatcher - 13311-57144.log +0 -13
- data/spec/support/logs/Dispatcher - 13324-35654.log +0 -17
- data/spec/support/logs/Dispatcher - 13333-9999.log +0 -21
- data/spec/support/logs/Dispatcher - 13342-64466.log +0 -13
- data/spec/support/logs/Dispatcher - 15092-40680.log +0 -9
- data/spec/support/logs/Dispatcher - 15119-21562.log +0 -21
- data/spec/support/logs/Dispatcher - 15680-63471.log +0 -9
- data/spec/support/logs/Dispatcher - 15690-15104.log +0 -19
- data/spec/support/logs/Dispatcher - 15699-36034.log +0 -17
- data/spec/support/logs/Dispatcher - 15708-21275.log +0 -13
- data/spec/support/logs/Dispatcher - 15717-6134.log +0 -9
- data/spec/support/logs/Dispatcher - 15727-5906.log +0 -9
- data/spec/support/logs/Dispatcher - 15736-27941.log +0 -11
- data/spec/support/logs/Dispatcher - 15749-31464.log +0 -11
- data/spec/support/logs/Dispatcher - 15762-52837.log +0 -35
- data/spec/support/logs/Dispatcher - 15823-2486.log +0 -21
- data/spec/support/logs/Dispatcher - 15832-34792.log +0 -21
- data/spec/support/logs/Dispatcher - 15841-3367.log +0 -23
- data/spec/support/logs/Dispatcher - 15886-2171.log +0 -19
- data/spec/support/logs/Dispatcher - 15895-6022.log +0 -17
- data/spec/support/logs/Dispatcher - 15904-51624.log +0 -15
- data/spec/support/logs/Dispatcher - 15917-11227.log +0 -11
- data/spec/support/logs/Dispatcher - 15930-17170.log +0 -9
- data/spec/support/logs/Dispatcher - 15939-24891.log +0 -9
- data/spec/support/logs/Dispatcher - 15948-26858.log +0 -9
- data/spec/support/logs/Dispatcher - 15957-12278.log +0 -9
- data/spec/support/logs/Dispatcher - 15967-37642.log +0 -11
- data/spec/support/logs/Dispatcher - 15981-57959.log +0 -9
- data/spec/support/logs/Dispatcher - 16000-51003.log +0 -9
- data/spec/support/logs/Dispatcher - 16064-25969.log +0 -63
- data/spec/support/logs/Dispatcher - 16073-13164.log +0 -43
- data/spec/support/logs/Dispatcher - 16083-21729.log +0 -39
- data/spec/support/logs/Dispatcher - 16092-48691.log +0 -34
- data/spec/support/logs/Dispatcher - 16101-7385.log +0 -28
- data/spec/support/logs/Dispatcher - 16110-24222.log +0 -21
- data/spec/support/logs/Dispatcher - 16119-29645.log +0 -13
- data/spec/support/logs/Dispatcher - 16129-23325.log +0 -9
- data/spec/support/logs/Dispatcher - 16399-42716.log +0 -19
- data/spec/support/logs/Dispatcher - 16410-3301.log +0 -21
- data/spec/support/logs/Dispatcher - 16419-8500.log +0 -15
- data/spec/support/logs/Dispatcher - 16432-2467.log +0 -19
- data/spec/support/logs/Dispatcher - 16441-27407.log +0 -21
- data/spec/support/logs/Dispatcher - 16450-28157.log +0 -15
- data/spec/support/logs/Dispatcher - 16607-37339.log +0 -17
- data/spec/support/logs/Dispatcher - 16616-50971.log +0 -21
- data/spec/support/logs/Dispatcher - 16625-28154.log +0 -13
- data/spec/support/logs/Dispatcher - 16638-17094.log +0 -19
- data/spec/support/logs/Dispatcher - 16647-25657.log +0 -21
- data/spec/support/logs/Dispatcher - 16656-11108.log +0 -15
- data/spec/support/logs/Dispatcher - 16716-31067.log +0 -17
- data/spec/support/logs/Dispatcher - 16726-34466.log +0 -21
- data/spec/support/logs/Dispatcher - 16735-55150.log +0 -13
- data/spec/support/logs/Dispatcher - 16748-7910.log +0 -17
- data/spec/support/logs/Dispatcher - 16757-62118.log +0 -21
- data/spec/support/logs/Dispatcher - 16766-31937.log +0 -13
- data/spec/support/logs/Dispatcher - 16999-6441.log +0 -19
- data/spec/support/logs/Dispatcher - 17008-51788.log +0 -21
- data/spec/support/logs/Dispatcher - 17017-20096.log +0 -15
- data/spec/support/logs/Dispatcher - 17041-15877.log +0 -21
- data/spec/support/logs/Dispatcher - 17050-42137.log +0 -25
- data/spec/support/logs/Dispatcher - 17059-12767.log +0 -15
- data/spec/support/logs/Dispatcher - 17095-3041.log +0 -17
- data/spec/support/logs/Dispatcher - 17104-42336.log +0 -21
- data/spec/support/logs/Dispatcher - 17113-11660.log +0 -13
- data/spec/support/logs/Dispatcher - 17126-64859.log +0 -21
- data/spec/support/logs/Dispatcher - 17135-11634.log +0 -25
- data/spec/support/logs/Dispatcher - 17144-37598.log +0 -15
- data/spec/support/logs/Dispatcher - 17180-55804.log +0 -17
- data/spec/support/logs/Dispatcher - 17189-5599.log +0 -21
- data/spec/support/logs/Dispatcher - 17198-13188.log +0 -13
- data/spec/support/logs/Dispatcher - 17211-23553.log +0 -17
- data/spec/support/logs/Dispatcher - 17220-36701.log +0 -21
- data/spec/support/logs/Dispatcher - 17229-41502.log +0 -13
- data/spec/support/logs/Instance - 12859-23151.error.log +0 -314
- data/spec/support/logs/Instance - 12890-17901.error.log +0 -413
- data/spec/support/logs/Instance - 12915-45947.error.log +0 -314
- data/spec/support/logs/Instance - 13044-48074.error.log +0 -312
- data/spec/support/logs/Instance - 16731-60738.error.log +0 -314
- data/spec/support/logs/Instance - 16931-37511.error.log +0 -312
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -100,9 +100,15 @@ class CookieJar
|
|
|
100
100
|
[cookies].flatten.compact.each do |c|
|
|
101
101
|
self << case c
|
|
102
102
|
when String
|
|
103
|
-
|
|
103
|
+
begin
|
|
104
|
+
Cookie.from_string( ::Arachni::Options.url.to_s, c )
|
|
105
|
+
rescue
|
|
106
|
+
Cookie.from_set_cookie( ::Arachni::Options.url.to_s, c )
|
|
107
|
+
end
|
|
108
|
+
|
|
104
109
|
when Hash
|
|
105
110
|
Cookie.new( ::Arachni::Options.url.to_s, c ) if c.any?
|
|
111
|
+
|
|
106
112
|
when Cookie
|
|
107
113
|
c
|
|
108
114
|
end
|
data/lib/arachni/issue.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -146,6 +146,9 @@ class Issue
|
|
|
146
146
|
# method merged with a `Hash` holding {Issue} attributes.
|
|
147
147
|
#
|
|
148
148
|
def initialize( opts = {} )
|
|
149
|
+
# Make sure we're dealing with UTF-8 data.
|
|
150
|
+
opts = opts.recode
|
|
151
|
+
|
|
149
152
|
@verification = false
|
|
150
153
|
@references = {}
|
|
151
154
|
@opts = { regexp: '' }
|
data/lib/arachni/module.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -142,7 +142,7 @@ module Auditor
|
|
|
142
142
|
# Elements to audit.
|
|
143
143
|
#
|
|
144
144
|
# If no elements have been passed to audit methods, candidates will be
|
|
145
|
-
# determined by {#
|
|
145
|
+
# determined by {#each_candidate_element}.
|
|
146
146
|
#
|
|
147
147
|
elements: [Element::LINK, Element::FORM,
|
|
148
148
|
Element::COOKIE, Element::HEADER,
|
|
@@ -413,18 +413,18 @@ module Auditor
|
|
|
413
413
|
element = opts[:element] || opts[:elem]
|
|
414
414
|
|
|
415
415
|
msg = "In #{element}"
|
|
416
|
-
msg << "
|
|
416
|
+
msg << " input '#{var}'" if var
|
|
417
417
|
print_ok "#{msg} ( #{url} )"
|
|
418
418
|
|
|
419
419
|
print_verbose( "Injected string:\t" + opts[:injected] ) if opts[:injected]
|
|
420
420
|
print_verbose( "Verified string:\t" + opts[:match].to_s ) if opts[:match]
|
|
421
|
-
print_verbose(
|
|
421
|
+
print_verbose( 'Matched regular expression: ' + opts[:regexp].to_s ) if opts[:regexp]
|
|
422
422
|
print_debug( 'Request ID: ' + res.request.id.to_s ) if res
|
|
423
423
|
print_verbose( '---------' ) if only_positives?
|
|
424
424
|
|
|
425
425
|
# Platform identification by vulnerability.
|
|
426
426
|
platform_type = nil
|
|
427
|
-
if platform = opts[:platform]
|
|
427
|
+
if (platform = opts[:platform])
|
|
428
428
|
Platform::Manager[url] << platform if Options.fingerprint?
|
|
429
429
|
platform_type = Platform::Manager[url].find_type( platform )
|
|
430
430
|
end
|
|
@@ -484,6 +484,7 @@ module Auditor
|
|
|
484
484
|
false
|
|
485
485
|
end
|
|
486
486
|
|
|
487
|
+
# Passes each element prepared for audit to the block.
|
|
487
488
|
#
|
|
488
489
|
# If no element types have been specified in `opts`, it will use the elements
|
|
489
490
|
# from the module's {Base.info} hash.
|
|
@@ -495,9 +496,9 @@ module Auditor
|
|
|
495
496
|
# @option opts [Array] :elements
|
|
496
497
|
# Element types to audit (see {OPTIONS}`[:elements]`).
|
|
497
498
|
#
|
|
498
|
-
# @
|
|
499
|
-
#
|
|
500
|
-
def
|
|
499
|
+
# @yield [element] Each candidate element.
|
|
500
|
+
# @yieldparam [Arachni::Element]
|
|
501
|
+
def each_candidate_element( opts = {} )
|
|
501
502
|
if !opts.include?( :elements) || !opts[:elements] || opts[:elements].empty?
|
|
502
503
|
opts[:elements] = self.class.info[:elements]
|
|
503
504
|
end
|
|
@@ -529,14 +530,19 @@ module Auditor
|
|
|
529
530
|
end
|
|
530
531
|
end
|
|
531
532
|
|
|
532
|
-
|
|
533
|
+
while (e = elements.pop)
|
|
534
|
+
next if e.auditable.empty?
|
|
535
|
+
d = e.dup
|
|
536
|
+
d.auditor = self
|
|
537
|
+
yield d
|
|
538
|
+
end
|
|
533
539
|
end
|
|
534
540
|
|
|
535
541
|
#
|
|
536
542
|
# If a block has been provided it calls {Arachni::Element::Capabilities::Auditable#audit}
|
|
537
543
|
# for every element, otherwise, it defaults to {#audit_taint}.
|
|
538
544
|
#
|
|
539
|
-
# Uses {#
|
|
545
|
+
# Uses {#each_candidate_element} to decide which elements to audit.
|
|
540
546
|
#
|
|
541
547
|
# @see OPTIONS
|
|
542
548
|
# @see Arachni::Element::Capabilities::Auditable#audit
|
|
@@ -547,7 +553,7 @@ module Auditor
|
|
|
547
553
|
if !block_given?
|
|
548
554
|
audit_taint( payloads, opts )
|
|
549
555
|
else
|
|
550
|
-
|
|
556
|
+
each_candidate_element( opts ) { |e| e.audit( payloads, opts, &block ) }
|
|
551
557
|
end
|
|
552
558
|
end
|
|
553
559
|
|
|
@@ -555,40 +561,40 @@ module Auditor
|
|
|
555
561
|
# Provides easy access to element auditing using simple taint analysis
|
|
556
562
|
# and automatically logs results.
|
|
557
563
|
#
|
|
558
|
-
# Uses {#
|
|
564
|
+
# Uses {#each_candidate_element} to decide which elements to audit.
|
|
559
565
|
#
|
|
560
566
|
# @see OPTIONS
|
|
561
567
|
# @see Arachni::Element::Capabilities::Auditable::Taint
|
|
562
568
|
#
|
|
563
569
|
def audit_taint( payloads, opts = {} )
|
|
564
570
|
opts = OPTIONS.merge( opts )
|
|
565
|
-
|
|
571
|
+
each_candidate_element( opts ) { |e| e.taint_analysis( payloads, opts ) }
|
|
566
572
|
end
|
|
567
573
|
|
|
568
574
|
#
|
|
569
575
|
# Audits elements using differential analysis and automatically logs results.
|
|
570
576
|
#
|
|
571
|
-
# Uses {#
|
|
577
|
+
# Uses {#each_candidate_element} to decide which elements to audit.
|
|
572
578
|
#
|
|
573
579
|
# @see OPTIONS
|
|
574
580
|
# @see Arachni::Element::Capabilities::Auditable::RDiff
|
|
575
581
|
#
|
|
576
582
|
def audit_rdiff( opts = {}, &block )
|
|
577
583
|
opts = OPTIONS.merge( opts )
|
|
578
|
-
|
|
584
|
+
each_candidate_element( opts ) { |e| e.rdiff_analysis( opts, &block ) }
|
|
579
585
|
end
|
|
580
586
|
|
|
581
587
|
#
|
|
582
588
|
# Audits elements using timing attacks and automatically logs results.
|
|
583
589
|
#
|
|
584
|
-
# Uses {#
|
|
590
|
+
# Uses {#each_candidate_element} to decide which elements to audit.
|
|
585
591
|
#
|
|
586
592
|
# @see OPTIONS
|
|
587
593
|
# @see Arachni::Element::Capabilities::Auditable::Timeout
|
|
588
594
|
#
|
|
589
595
|
def audit_timeout( payloads, opts = {} )
|
|
590
596
|
opts = OPTIONS.merge( opts )
|
|
591
|
-
|
|
597
|
+
each_candidate_element( opts ) { |e| e.timeout_analysis( payloads, opts ) }
|
|
592
598
|
end
|
|
593
599
|
|
|
594
600
|
private
|
data/lib/arachni/module/base.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -173,17 +173,17 @@ class Manager < Arachni::Component::Manager
|
|
|
173
173
|
on_register_results_blocks_raw.each { |block| block.call( results ) }
|
|
174
174
|
|
|
175
175
|
unique = dedup( results )
|
|
176
|
-
return
|
|
176
|
+
return results if unique.empty?
|
|
177
177
|
|
|
178
178
|
# Don't allow multiple variations of the same audit-type issue,
|
|
179
179
|
# only allow variations for recon modules.
|
|
180
180
|
unique.each { |issue| issue_set << issue.unique_id if issue.audit? }
|
|
181
181
|
|
|
182
182
|
on_register_results_blocks.each { |block| block.call( unique ) }
|
|
183
|
-
return
|
|
183
|
+
return results if !store?
|
|
184
184
|
|
|
185
185
|
unique.each { |issue| self.results << issue }
|
|
186
|
-
|
|
186
|
+
results
|
|
187
187
|
end
|
|
188
188
|
def register_results( results )
|
|
189
189
|
self.class.register_results( results )
|
data/lib/arachni/options.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -210,6 +210,14 @@ class Options
|
|
|
210
210
|
#
|
|
211
211
|
attr_accessor :http_req_limit
|
|
212
212
|
|
|
213
|
+
# Maximum amount of requests to keep in the queue.
|
|
214
|
+
#
|
|
215
|
+
# Bigger size means better scheduling and bette performance, smaller means
|
|
216
|
+
# less RAM consumption.
|
|
217
|
+
#
|
|
218
|
+
# @return [Integer]
|
|
219
|
+
attr_accessor :http_queue_size
|
|
220
|
+
|
|
213
221
|
#
|
|
214
222
|
# Should Arachni audit links?
|
|
215
223
|
#
|
|
@@ -417,12 +425,15 @@ class Options
|
|
|
417
425
|
# @return [String] Path to the UNIX socket to use.
|
|
418
426
|
attr_accessor :rpc_socket
|
|
419
427
|
|
|
420
|
-
# @return [Integer] port for the RPC server to listen to
|
|
428
|
+
# @return [Integer] port for the RPC server to listen to.
|
|
421
429
|
attr_accessor :rpc_port
|
|
422
430
|
|
|
423
|
-
# @return [String]
|
|
431
|
+
# @return [String] Hostname or IP address for the RPC server to bind to.
|
|
424
432
|
attr_accessor :rpc_address
|
|
425
433
|
|
|
434
|
+
# @return [String] External (hostname or IP) address for the RPC server to bind to.
|
|
435
|
+
attr_accessor :rpc_external_address
|
|
436
|
+
|
|
426
437
|
# @return [Array<Integer>]
|
|
427
438
|
# Range of ports to use when spawning instances,
|
|
428
439
|
# first element should be the lowest port number, last the max port number.
|
|
@@ -581,9 +592,10 @@ class Options
|
|
|
581
592
|
@lsmod = []
|
|
582
593
|
@lsrep = []
|
|
583
594
|
|
|
584
|
-
@http_req_limit
|
|
585
|
-
@
|
|
586
|
-
@
|
|
595
|
+
@http_req_limit = 20
|
|
596
|
+
@http_queue_size = 500
|
|
597
|
+
@http_username = nil
|
|
598
|
+
@http_password = nil
|
|
587
599
|
|
|
588
600
|
@mods = []
|
|
589
601
|
|
|
@@ -974,6 +986,7 @@ class Options
|
|
|
974
986
|
[ '--exclude-vector', GetoptLong::REQUIRED_ARGUMENT ],
|
|
975
987
|
[ '--include', '-i', GetoptLong::REQUIRED_ARGUMENT ],
|
|
976
988
|
[ '--http-req-limit', GetoptLong::REQUIRED_ARGUMENT ],
|
|
989
|
+
[ '--http-queue-size', GetoptLong::REQUIRED_ARGUMENT ],
|
|
977
990
|
[ '--http-timeout', GetoptLong::REQUIRED_ARGUMENT ],
|
|
978
991
|
[ '--follow-subdomains', '-f', GetoptLong::NO_ARGUMENT ],
|
|
979
992
|
[ '--debug', '-w', GetoptLong::NO_ARGUMENT ],
|
|
@@ -988,6 +1001,7 @@ class Options
|
|
|
988
1001
|
[ '--node-ssl-cert', GetoptLong::REQUIRED_ARGUMENT ],
|
|
989
1002
|
[ '--ssl-ca', GetoptLong::REQUIRED_ARGUMENT ],
|
|
990
1003
|
[ '--address', GetoptLong::REQUIRED_ARGUMENT ],
|
|
1004
|
+
[ '--external-address', GetoptLong::REQUIRED_ARGUMENT ],
|
|
991
1005
|
[ '--reroute-to-logfile', GetoptLong::NO_ARGUMENT ],
|
|
992
1006
|
[ '--pool-size', GetoptLong::REQUIRED_ARGUMENT ],
|
|
993
1007
|
[ '--neighbour', GetoptLong::REQUIRED_ARGUMENT ],
|
|
@@ -1114,6 +1128,9 @@ class Options
|
|
|
1114
1128
|
when '--http-req-limit'
|
|
1115
1129
|
@http_req_limit = arg.to_i
|
|
1116
1130
|
|
|
1131
|
+
when '--http-queue-size'
|
|
1132
|
+
@http_queue_size = arg.to_i
|
|
1133
|
+
|
|
1117
1134
|
when '--http-timeout'
|
|
1118
1135
|
@http_timeout = arg.to_i
|
|
1119
1136
|
|
|
@@ -1234,6 +1251,9 @@ class Options
|
|
|
1234
1251
|
when '--address'
|
|
1235
1252
|
@rpc_address = arg.to_s
|
|
1236
1253
|
|
|
1254
|
+
when '--external-address'
|
|
1255
|
+
@rpc_external_address = arg.to_s
|
|
1256
|
+
|
|
1237
1257
|
when '--pool-size'
|
|
1238
1258
|
@pool_size = arg.to_i
|
|
1239
1259
|
|
|
@@ -1401,6 +1421,7 @@ class Options
|
|
|
1401
1421
|
#
|
|
1402
1422
|
def load( filepath )
|
|
1403
1423
|
opts = YAML::load( IO.read( filepath ) )
|
|
1424
|
+
opts = self.deep_clone.merge!( opts ) if opts.is_a? Hash
|
|
1404
1425
|
|
|
1405
1426
|
if opts.restrict_paths_filepath
|
|
1406
1427
|
opts.restrict_paths = paths_from_file( opts.restrict_paths_filepath )
|
|
@@ -1450,7 +1471,7 @@ class Options
|
|
|
1450
1471
|
options.to_hash.each_pair do |k, v|
|
|
1451
1472
|
next if !v
|
|
1452
1473
|
next if ( v.is_a?( Array ) || v.is_a?( Hash ) ) && v.empty?
|
|
1453
|
-
send( "#{k.to_s}=", v )
|
|
1474
|
+
send( "#{k.to_s}=", v ) rescue NoMethodError
|
|
1454
1475
|
end
|
|
1455
1476
|
self
|
|
1456
1477
|
end
|
data/lib/arachni/page.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -146,8 +146,8 @@ class Page
|
|
|
146
146
|
end
|
|
147
147
|
|
|
148
148
|
def marshal_dump
|
|
149
|
-
@document = nil
|
|
150
149
|
instance_variables.inject( {} ) do |h, iv|
|
|
150
|
+
next h if iv == :@document
|
|
151
151
|
h[iv] = instance_variable_get( iv )
|
|
152
152
|
h
|
|
153
153
|
end
|
|
@@ -171,9 +171,8 @@ class Page
|
|
|
171
171
|
# @return [Hash] Converts the page data to a hash.
|
|
172
172
|
def to_h
|
|
173
173
|
instance_variables.reduce({}) do |h, iv|
|
|
174
|
-
if iv
|
|
175
|
-
|
|
176
|
-
end
|
|
174
|
+
next h if iv == :@document
|
|
175
|
+
h[iv.to_s.gsub( '@', '').to_sym] = try_dup( instance_variable_get( iv ) )
|
|
177
176
|
h
|
|
178
177
|
end
|
|
179
178
|
end
|
data/lib/arachni/parser.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -134,7 +134,8 @@ class Parser
|
|
|
134
134
|
body: @html,
|
|
135
135
|
request_headers: @response.request ? @response.request.headers : {},
|
|
136
136
|
response_headers: @response_headers,
|
|
137
|
-
text: false
|
|
137
|
+
text: false,
|
|
138
|
+
links: [self_link]
|
|
138
139
|
)
|
|
139
140
|
Platform::Manager.fingerprint( page ) if Options.fingerprint?
|
|
140
141
|
return page
|
data/lib/arachni/platform.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
=begin
|
|
2
|
-
Copyright 2010-
|
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
|
3
3
|
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
you may not use this file except in compliance with the License.
|
|
@@ -28,12 +28,12 @@ class List
|
|
|
28
28
|
# Valid platforms for this list.
|
|
29
29
|
def initialize( valid_platforms )
|
|
30
30
|
@valid_platforms = normalize!( valid_platforms )
|
|
31
|
-
@platforms =
|
|
31
|
+
@platforms = []
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
# @return [Array<Symbol>] Supported platforms.
|
|
35
35
|
def valid
|
|
36
|
-
|
|
36
|
+
hierarchical? ? @valid_platforms.find_symbol_keys_recursively : @valid_platforms
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
# Selects appropriate data depending on the applicable platforms
|
|
@@ -126,39 +126,31 @@ class List
|
|
|
126
126
|
# @return [Platform] `self`
|
|
127
127
|
# @raise [Error::Invalid] On {#invalid?} platforms.
|
|
128
128
|
def <<( platform )
|
|
129
|
-
@platforms
|
|
129
|
+
@platforms |= [normalize( platform )]
|
|
130
130
|
self
|
|
131
131
|
end
|
|
132
132
|
|
|
133
133
|
# @param [Platform, Enumerable] enum
|
|
134
134
|
# Enumerable object containing platforms.
|
|
135
|
-
#
|
|
135
|
+
# New {Platform} built by merging `self` and the elements of the
|
|
136
|
+
# given enumerable object.
|
|
136
137
|
# @raise [Error::Invalid] On {#invalid?} platforms.
|
|
137
138
|
def merge( enum )
|
|
138
139
|
dup.merge!( enum )
|
|
139
140
|
end
|
|
141
|
+
alias + merge
|
|
142
|
+
alias | merge
|
|
140
143
|
|
|
141
144
|
# @param [Enumerable] enum
|
|
142
145
|
# Enumerable object containing platforms.
|
|
143
146
|
# @return [Platform] Updated `self`.
|
|
144
147
|
# @raise [Error::Invalid] On {#invalid?} platforms.
|
|
145
148
|
def merge!( enum )
|
|
146
|
-
@platforms
|
|
149
|
+
@platforms |= normalize( enum )
|
|
147
150
|
self
|
|
148
151
|
end
|
|
149
152
|
alias update merge!
|
|
150
153
|
|
|
151
|
-
# @param [Platform, Enumerable] enum
|
|
152
|
-
# {Platform} or enumerable object containing platforms.
|
|
153
|
-
# @return [Platform]
|
|
154
|
-
# New {Platform} built by merging `self` and the elements of the
|
|
155
|
-
# given enumerable object.
|
|
156
|
-
# @raise [Error::Invalid] On {#invalid?} platforms.
|
|
157
|
-
def |( enum )
|
|
158
|
-
dup.merge( enum )
|
|
159
|
-
end
|
|
160
|
-
alias + |
|
|
161
|
-
|
|
162
154
|
# @param [Block] block Block to be passed each platform.
|
|
163
155
|
# @return [Enumerator, Platform]
|
|
164
156
|
# `Enumerator` if no `block` is given, `self` otherwise.
|
|
@@ -217,28 +209,18 @@ class List
|
|
|
217
209
|
protected
|
|
218
210
|
|
|
219
211
|
def platforms=( enum )
|
|
220
|
-
@platforms =
|
|
212
|
+
@platforms = enum.to_a
|
|
221
213
|
end
|
|
222
214
|
|
|
223
215
|
private
|
|
224
216
|
|
|
225
|
-
# @return [Array<Symbol>] Flat list of supported {OS operating systems}.
|
|
226
|
-
def flat_list( hash = @valid_platforms )
|
|
227
|
-
flat = []
|
|
228
|
-
hash.each do |k, v|
|
|
229
|
-
flat << k
|
|
230
|
-
flat |= flat_list( v ) if v.any?
|
|
231
|
-
end
|
|
232
|
-
flat.reject { |i| !i.is_a? Symbol }
|
|
233
|
-
end
|
|
234
|
-
|
|
235
217
|
def find_children( platform, hash = @valid_platforms )
|
|
236
218
|
return [] if hash.empty?
|
|
237
219
|
|
|
238
220
|
children = []
|
|
239
221
|
hash.each do |k, v|
|
|
240
222
|
if k == platform
|
|
241
|
-
children |=
|
|
223
|
+
children |= v.find_symbol_keys_recursively
|
|
242
224
|
elsif v.is_a? Hash
|
|
243
225
|
children |= find_children( platform, v )
|
|
244
226
|
end
|