arachni 0.4.7 → 1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/AUTHORS.md +1 -1
- data/CHANGELOG.md +211 -0
- data/CONTRIBUTORS.md +1 -0
- data/Gemfile +23 -2
- data/LICENSE.md +34 -1
- data/README.md +211 -127
- data/Rakefile +79 -67
- data/arachni.gemspec +54 -62
- data/bin/arachni +6 -18
- data/bin/arachni_console +5 -13
- data/bin/arachni_multi +6 -16
- data/bin/arachni_reporter +12 -0
- data/bin/arachni_restore +12 -0
- data/bin/arachni_rpc +6 -16
- data/bin/arachni_rpcd +6 -17
- data/bin/arachni_rpcd_monitor +6 -18
- data/bin/arachni_script +8 -19
- data/components/checks/active/code_injection.rb +123 -0
- data/components/checks/active/code_injection_php_input_wrapper.rb +99 -0
- data/components/checks/active/code_injection_timing.rb +106 -0
- data/components/checks/active/csrf.rb +218 -0
- data/components/checks/active/file_inclusion.rb +152 -0
- data/components/checks/active/ldap_injection.rb +109 -0
- data/{modules/audit/ldapi → components/checks/active/ldap_injection}/errors.txt +0 -0
- data/components/checks/active/no_sql_injection.rb +94 -0
- data/components/checks/active/no_sql_injection/patterns/mongodb +1 -0
- data/{extras/placeholder → components/checks/active/no_sql_injection/regexp_ignore.txt} +0 -0
- data/components/checks/active/no_sql_injection_differential.rb +78 -0
- data/components/checks/active/os_cmd_injection.rb +116 -0
- data/components/checks/active/os_cmd_injection_timing.rb +92 -0
- data/components/checks/active/path_traversal.rb +174 -0
- data/components/checks/active/response_splitting.rb +94 -0
- data/components/checks/active/rfi.rb +172 -0
- data/components/checks/active/session_fixation.rb +117 -0
- data/components/checks/active/source_code_disclosure.rb +177 -0
- data/components/checks/active/sql_injection.rb +123 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/access +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/coldfusion +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/db2 +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/emc +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/firebird +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/frontbase +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/hsqldb +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/informix +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/ingres +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/interbase +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/maxdb +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/mssql +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/mysql +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/oracle +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/pgsql +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/sqlite +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/patterns/sybase +0 -0
- data/{modules/audit/sqli → components/checks/active/sql_injection}/regexp_ignore.txt +0 -0
- data/components/checks/active/sql_injection_differential.rb +114 -0
- data/{modules/audit/sqli_blind_rdiff → components/checks/active/sql_injection_differential}/payloads.txt +0 -0
- data/components/checks/active/sql_injection_timing.rb +98 -0
- data/{modules/audit/sqli_blind_timing → components/checks/active/sql_injection_timing}/mssql.txt +0 -0
- data/{modules/audit/sqli_blind_timing → components/checks/active/sql_injection_timing}/mysql.txt +0 -0
- data/{modules/audit/sqli_blind_timing → components/checks/active/sql_injection_timing}/pgsql.txt +0 -0
- data/components/checks/active/trainer.rb +40 -0
- data/components/checks/active/unvalidated_redirect.rb +108 -0
- data/components/checks/active/xpath_injection.rb +87 -0
- data/{modules/audit/xpath → components/checks/active/xpath_injection}/errors.txt +0 -0
- data/components/checks/active/xss.rb +169 -0
- data/components/checks/active/xss_dom.rb +119 -0
- data/components/checks/active/xss_dom_inputs.rb +132 -0
- data/components/checks/active/xss_dom_script_context.rb +118 -0
- data/components/checks/active/xss_event.rb +165 -0
- data/components/checks/active/xss_path.rb +146 -0
- data/components/checks/active/xss_script_context.rb +207 -0
- data/components/checks/active/xss_tag.rb +135 -0
- data/components/checks/passive/allowed_methods.rb +92 -0
- data/components/checks/passive/backdoors.rb +79 -0
- data/{modules/recon → components/checks/passive}/backdoors/filenames.txt +0 -0
- data/components/checks/passive/backup_directories.rb +86 -0
- data/components/checks/passive/backup_directories/formats.txt +56 -0
- data/components/checks/passive/backup_files.rb +99 -0
- data/components/checks/passive/backup_files/formats.txt +106 -0
- data/components/checks/passive/common_directories.rb +81 -0
- data/{modules/recon → components/checks/passive}/common_directories/directories.txt +0 -0
- data/components/checks/passive/common_files.rb +73 -0
- data/components/checks/passive/common_files/filenames.txt +24 -0
- data/components/checks/passive/directory_listing.rb +129 -0
- data/components/checks/passive/grep/captcha.rb +73 -0
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +71 -0
- data/components/checks/passive/grep/credit_card.rb +124 -0
- data/components/checks/passive/grep/cvs_svn_users.rb +75 -0
- data/components/checks/passive/grep/emails.rb +53 -0
- data/components/checks/passive/grep/form_upload.rb +75 -0
- data/components/checks/passive/grep/hsts.rb +74 -0
- data/components/checks/passive/grep/html_objects.rb +45 -0
- data/components/checks/passive/grep/http_only_cookies.rb +72 -0
- data/components/checks/passive/grep/insecure_cookies.rb +74 -0
- data/components/checks/passive/grep/mixed_resource.rb +109 -0
- data/components/checks/passive/grep/password_autocomplete.rb +80 -0
- data/components/checks/passive/grep/private_ip.rb +73 -0
- data/components/checks/passive/grep/ssn.rb +62 -0
- data/components/checks/passive/grep/unencrypted_password_forms.rb +88 -0
- data/components/checks/passive/htaccess_limit.rb +71 -0
- data/components/checks/passive/http_put.rb +91 -0
- data/components/checks/passive/interesting_responses.rb +88 -0
- data/components/checks/passive/localstart_asp.rb +88 -0
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +83 -0
- data/components/checks/passive/webdav.rb +101 -0
- data/components/checks/passive/xst.rb +90 -0
- data/components/fingerprinters/frameworks/rack.rb +33 -0
- data/components/fingerprinters/languages/asp.rb +34 -0
- data/components/fingerprinters/languages/aspx.rb +55 -0
- data/components/fingerprinters/languages/jsp.rb +34 -0
- data/components/fingerprinters/languages/php.rb +35 -0
- data/components/fingerprinters/languages/python.rb +32 -0
- data/components/fingerprinters/languages/ruby.rb +33 -0
- data/components/fingerprinters/os/bsd.rb +28 -0
- data/components/fingerprinters/os/linux.rb +34 -0
- data/components/fingerprinters/os/solaris.rb +33 -0
- data/components/fingerprinters/os/unix.rb +28 -0
- data/components/fingerprinters/os/windows.rb +33 -0
- data/components/fingerprinters/servers/apache.rb +28 -0
- data/components/fingerprinters/servers/iis.rb +28 -0
- data/components/fingerprinters/servers/jetty.rb +28 -0
- data/components/fingerprinters/servers/nginx.rb +28 -0
- data/components/fingerprinters/servers/tomcat.rb +28 -0
- data/components/path_extractors/anchors.rb +29 -0
- data/components/path_extractors/areas.rb +29 -0
- data/components/path_extractors/comments.rb +21 -0
- data/components/path_extractors/forms.rb +29 -0
- data/components/path_extractors/frames.rb +29 -0
- data/components/path_extractors/generic.rb +76 -0
- data/components/path_extractors/links.rb +29 -0
- data/components/path_extractors/meta_refresh.rb +50 -0
- data/components/path_extractors/scripts.rb +31 -0
- data/components/plugins/autologin.rb +120 -0
- data/components/plugins/beep_notify.rb +43 -0
- data/components/plugins/content_types.rb +110 -0
- data/components/plugins/cookie_collector.rb +94 -0
- data/components/plugins/defaults/autothrottle.rb +73 -0
- data/components/plugins/defaults/healthmap.rb +79 -0
- data/components/plugins/defaults/meta/remedies/discovery.rb +122 -0
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +98 -0
- data/components/plugins/defaults/meta/uniformity.rb +55 -0
- data/components/plugins/email_notify.rb +112 -0
- data/components/plugins/form_dicattack.rb +128 -0
- data/components/plugins/http_dicattack.rb +102 -0
- data/components/plugins/proxy.rb +492 -0
- data/{plugins → components/plugins}/proxy/panel/403_forbidden.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/404_not_found.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/css/bootstrap-responsive.css +0 -0
- data/{plugins → components/plugins}/proxy/panel/css/bootstrap.min.css +0 -0
- data/{plugins → components/plugins}/proxy/panel/css/panel.css +0 -0
- data/{plugins → components/plugins}/proxy/panel/help.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/img/glyphicons-halflings-white.png +0 -0
- data/{plugins → components/plugins}/proxy/panel/img/glyphicons-halflings.png +0 -0
- data/{plugins → components/plugins}/proxy/panel/img/record.png +0 -0
- data/{plugins → components/plugins}/proxy/panel/inspect.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/js/bootstrap.min.js +0 -0
- data/{plugins → components/plugins}/proxy/panel/js/jquery.min.js +0 -0
- data/{plugins → components/plugins}/proxy/panel/js/panel.js +0 -0
- data/{plugins → components/plugins}/proxy/panel/layout.html.erb +0 -0
- data/components/plugins/proxy/panel/page_accordion.html.erb +67 -0
- data/{plugins → components/plugins}/proxy/panel/page_twin_accordion.html.erb +0 -0
- data/components/plugins/proxy/panel/panel.html.erb +69 -0
- data/{plugins → components/plugins}/proxy/panel/shutdown_message.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/sign_in.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/vectors.yml.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/verify_login_check.html.erb +0 -0
- data/{plugins → components/plugins}/proxy/panel/verify_login_final.html.erb +0 -0
- data/components/plugins/proxy/panel/verify_login_sequence.html.erb +45 -0
- data/components/plugins/proxy/template_scope.rb +130 -0
- data/components/plugins/script.rb +48 -0
- data/components/plugins/uncommon_headers.rb +92 -0
- data/components/plugins/vector_feed.rb +225 -0
- data/components/plugins/waf_detector.rb +169 -0
- data/components/reporters/ap.rb +38 -0
- data/components/reporters/html.rb +468 -0
- data/components/reporters/html/default.erb +68 -0
- data/components/reporters/html/default/configuration.erb +78 -0
- data/components/reporters/html/default/css/lib/bootstrap-theme.min.css +7 -0
- data/components/reporters/html/default/css/lib/bootstrap.min.css +7 -0
- data/components/reporters/html/default/css/lib/c3.css +203 -0
- data/components/reporters/html/default/css/lib/font-awesome.min.css +4 -0
- data/components/reporters/html/default/css/main.css +140 -0
- data/components/reporters/html/default/fonts/FontAwesome.otf +0 -0
- data/components/reporters/html/default/fonts/fontawesome-webfont.eot +0 -0
- data/components/reporters/html/default/fonts/fontawesome-webfont.svg +504 -0
- data/components/reporters/html/default/fonts/fontawesome-webfont.ttf +0 -0
- data/components/reporters/html/default/fonts/fontawesome-webfont.woff +0 -0
- data/components/reporters/html/default/fonts/glyphicons-halflings-regular.eot +0 -0
- data/components/reporters/html/default/fonts/glyphicons-halflings-regular.svg +229 -0
- data/components/reporters/html/default/fonts/glyphicons-halflings-regular.ttf +0 -0
- data/components/reporters/html/default/fonts/glyphicons-halflings-regular.woff +0 -0
- data/components/reporters/html/default/issue.erb +81 -0
- data/components/reporters/html/default/issue/details.erb +68 -0
- data/components/reporters/html/default/issue/info.erb +74 -0
- data/components/reporters/html/default/issue/page.erb +117 -0
- data/components/reporters/html/default/issue/page/body.erb +42 -0
- data/components/reporters/html/default/issue/page/sink/data_flow.erb +95 -0
- data/components/reporters/html/default/issue/page/sink/data_flow/arguments.erb +70 -0
- data/components/reporters/html/default/issue/page/sink/data_flow/source.erb +1 -0
- data/components/reporters/html/default/issue/page/sink/execution_flow.erb +63 -0
- data/components/reporters/html/default/issue/page/sink/frame/source.erb +32 -0
- data/components/reporters/html/default/issue/page/sink/trace/table.erb +127 -0
- data/components/reporters/html/default/issue/page/transitions.erb +86 -0
- data/components/reporters/html/default/issue/platform.erb +8 -0
- data/components/reporters/html/default/issue/remarks.erb +28 -0
- data/components/reporters/html/default/issue/vector.erb +40 -0
- data/components/reporters/html/default/issues.erb +46 -0
- data/components/reporters/html/default/issues/grouped.erb +147 -0
- data/components/reporters/html/default/js/charts.js.erb +117 -0
- data/components/reporters/html/default/js/configuration.js.erb +12 -0
- data/components/reporters/html/default/js/helpers.js +107 -0
- data/components/reporters/html/default/js/init.js.erb +23 -0
- data/components/reporters/html/default/js/lib/bootstrap.min.js +6 -0
- data/components/reporters/html/default/js/lib/c3.min.js +3 -0
- data/components/reporters/html/default/js/lib/d3.min.js +5 -0
- data/components/reporters/html/default/js/lib/jquery.min.js +4 -0
- data/components/reporters/html/default/navigation.erb +136 -0
- data/components/reporters/html/default/plugins.erb +30 -0
- data/components/reporters/html/default/shared/hash.erb +10 -0
- data/components/reporters/html/default/shared/hash_table.erb +22 -0
- data/components/reporters/html/default/sitemap.erb +29 -0
- data/components/reporters/html/default/summary.erb +34 -0
- data/components/reporters/html/default/summary/charts.erb +67 -0
- data/components/reporters/html/default/summary/issues.erb +129 -0
- data/components/reporters/json.rb +44 -0
- data/components/reporters/marshal.rb +38 -0
- data/components/reporters/plugin_formatters/html/autologin.rb +50 -0
- data/components/reporters/plugin_formatters/html/content_types.rb +59 -0
- data/components/reporters/plugin_formatters/html/cookie_collector.rb +46 -0
- data/components/reporters/plugin_formatters/html/form_dicattack.rb +36 -0
- data/components/reporters/plugin_formatters/html/healthmap.rb +88 -0
- data/components/reporters/plugin_formatters/html/http_dicattack.rb +36 -0
- data/components/reporters/plugin_formatters/html/uncommon_headers.rb +40 -0
- data/components/reporters/plugin_formatters/html/uniformity.rb +55 -0
- data/components/reporters/plugin_formatters/html/waf_detector.rb +69 -0
- data/components/reporters/plugin_formatters/stdout/autologin.rb +25 -0
- data/components/reporters/plugin_formatters/stdout/content_types.rb +39 -0
- data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +31 -0
- data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +24 -0
- data/components/reporters/plugin_formatters/stdout/healthmap.rb +41 -0
- data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +24 -0
- data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +29 -0
- data/components/reporters/plugin_formatters/stdout/uniformity.rb +35 -0
- data/components/reporters/plugin_formatters/stdout/waf_detector.rb +21 -0
- data/components/reporters/plugin_formatters/xml/autologin.rb +28 -0
- data/components/reporters/plugin_formatters/xml/content_types.rb +36 -0
- data/components/reporters/plugin_formatters/xml/cookie_collector.rb +32 -0
- data/components/reporters/plugin_formatters/xml/form_dicattack.rb +22 -0
- data/components/reporters/plugin_formatters/xml/healthmap.rb +30 -0
- data/components/reporters/plugin_formatters/xml/http_dicattack.rb +22 -0
- data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +29 -0
- data/components/reporters/plugin_formatters/xml/uniformity.rb +23 -0
- data/components/reporters/plugin_formatters/xml/waf_detector.rb +22 -0
- data/components/reporters/stdout.rb +226 -0
- data/components/reporters/txt.rb +50 -0
- data/components/reporters/xml.rb +285 -0
- data/components/reporters/xml/schema.xsd +664 -0
- data/components/reporters/yaml.rb +37 -0
- data/{rpcd_handlers → components/services}/placeholder +0 -0
- data/lib/arachni.rb +29 -18
- data/lib/arachni/banner.rb +5 -13
- data/lib/arachni/browser.rb +1292 -0
- data/lib/arachni/browser/element_locator.rb +137 -0
- data/lib/arachni/browser/javascript.rb +383 -0
- data/lib/arachni/browser/javascript/dom_monitor.rb +31 -0
- data/lib/arachni/browser/javascript/proxy.rb +92 -0
- data/lib/arachni/browser/javascript/proxy/stub.rb +90 -0
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +146 -0
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +486 -0
- data/lib/arachni/browser/javascript/taint_tracer.rb +101 -0
- data/lib/arachni/browser/javascript/taint_tracer/frame.rb +73 -0
- data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +78 -0
- data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +63 -0
- data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +83 -0
- data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +30 -0
- data/lib/arachni/browser_cluster.rb +414 -0
- data/lib/arachni/browser_cluster/job.rb +193 -0
- data/lib/arachni/browser_cluster/job/result.rb +29 -0
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +27 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +60 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +43 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result.rb +23 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration/result.rb +23 -0
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +48 -0
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +33 -0
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +23 -0
- data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +23 -0
- data/lib/arachni/browser_cluster/worker.rb +277 -0
- data/lib/arachni/check.rb +12 -0
- data/lib/arachni/check/auditor.rb +612 -0
- data/lib/arachni/check/base.rb +177 -0
- data/lib/arachni/check/manager.rb +137 -0
- data/lib/arachni/component.rb +11 -0
- data/lib/arachni/component/base.rb +62 -0
- data/lib/arachni/component/manager.rb +92 -90
- data/lib/arachni/component/options.rb +6 -28
- data/lib/arachni/component/options/address.rb +14 -30
- data/lib/arachni/component/options/base.rb +96 -81
- data/lib/arachni/component/options/bool.rb +20 -37
- data/lib/arachni/component/options/float.rb +12 -31
- data/lib/arachni/component/options/int.rb +14 -31
- data/lib/arachni/component/options/multiple_choice.rb +40 -0
- data/lib/arachni/component/options/object.rb +16 -0
- data/lib/arachni/component/options/path.rb +12 -25
- data/lib/arachni/component/options/port.rb +15 -25
- data/lib/arachni/component/options/string.rb +10 -32
- data/lib/arachni/component/options/url.rb +15 -30
- data/lib/arachni/component/output.rb +33 -0
- data/lib/arachni/component/utilities.rb +49 -0
- data/lib/arachni/data.rb +109 -0
- data/lib/arachni/data/framework.rb +160 -0
- data/lib/arachni/data/framework/rpc.rb +68 -0
- data/lib/arachni/data/issues.rb +227 -0
- data/lib/arachni/data/plugins.rb +109 -0
- data/lib/arachni/data/session.rb +48 -0
- data/lib/arachni/element/base.rb +131 -82
- data/lib/arachni/element/body.rb +43 -13
- data/lib/arachni/element/capabilities/analyzable.rb +46 -0
- data/lib/arachni/element/capabilities/analyzable/differential.rb +436 -0
- data/lib/arachni/element/capabilities/analyzable/taint.rb +218 -0
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +433 -0
- data/lib/arachni/element/capabilities/auditable.rb +172 -577
- data/lib/arachni/element/capabilities/auditable/dom.rb +156 -0
- data/lib/arachni/element/capabilities/inputtable.rb +267 -0
- data/lib/arachni/element/capabilities/mutable.rb +197 -155
- data/lib/arachni/element/capabilities/refreshable.rb +31 -24
- data/lib/arachni/element/capabilities/submittable.rb +128 -0
- data/lib/arachni/element/capabilities/with_auditor.rb +60 -0
- data/lib/arachni/element/capabilities/with_auditor/output.rb +33 -0
- data/lib/arachni/element/capabilities/with_dom.rb +40 -0
- data/lib/arachni/element/capabilities/with_node.rb +52 -0
- data/lib/arachni/element/capabilities/with_scope.rb +25 -0
- data/lib/arachni/element/capabilities/with_scope/scope.rb +38 -0
- data/lib/arachni/element/cookie.rb +337 -862
- data/lib/arachni/element/cookie/dom.rb +67 -0
- data/lib/arachni/element/form.rb +326 -756
- data/lib/arachni/element/form/dom.rb +52 -0
- data/lib/arachni/element/generic_dom.rb +133 -0
- data/lib/arachni/element/header.rb +46 -46
- data/lib/arachni/element/link.rb +134 -172
- data/lib/arachni/element/link/dom.rb +128 -0
- data/lib/arachni/element/link_template.rb +268 -0
- data/lib/arachni/element/link_template/dom.rb +143 -0
- data/lib/arachni/element/path.rb +24 -13
- data/lib/arachni/element/server.rb +89 -13
- data/lib/arachni/element_filter.rb +101 -99
- data/lib/arachni/error.rb +5 -15
- data/lib/arachni/ethon/easy.rb +22 -0
- data/lib/arachni/framework.rb +841 -476
- data/lib/arachni/http.rb +6 -714
- data/lib/arachni/http/client.rb +801 -0
- data/lib/arachni/http/cookie_jar.rb +50 -51
- data/lib/arachni/http/headers.rb +122 -0
- data/lib/arachni/http/message.rb +76 -0
- data/lib/arachni/http/message/scope.rb +35 -0
- data/lib/arachni/http/proxy_server.rb +303 -0
- data/{plugins/proxy → lib/arachni/http/proxy_server}/ssl-interceptor-cert.pem +0 -0
- data/{plugins/proxy → lib/arachni/http/proxy_server}/ssl-interceptor-pkey.pem +0 -0
- data/lib/arachni/http/request.rb +471 -0
- data/lib/arachni/http/request/scope.rb +30 -0
- data/lib/arachni/http/response.rb +226 -0
- data/lib/arachni/http/response/scope.rb +67 -0
- data/lib/arachni/issue.rb +389 -223
- data/lib/arachni/issue/severity.rb +34 -0
- data/lib/arachni/issue/severity/base.rb +39 -0
- data/lib/arachni/option_group.rb +137 -0
- data/lib/arachni/option_groups.rb +13 -0
- data/lib/arachni/option_groups/audit.rb +226 -0
- data/lib/arachni/option_groups/browser_cluster.rb +50 -0
- data/lib/arachni/option_groups/datastore.rb +31 -0
- data/lib/arachni/option_groups/dispatcher.rb +132 -0
- data/lib/arachni/option_groups/http.rb +174 -0
- data/lib/arachni/option_groups/input.rb +156 -0
- data/lib/arachni/option_groups/output.rb +22 -0
- data/lib/arachni/option_groups/paths.rb +63 -0
- data/lib/arachni/option_groups/rpc.rb +87 -0
- data/lib/arachni/option_groups/scope.rb +233 -0
- data/lib/arachni/option_groups/session.rb +54 -0
- data/lib/arachni/option_groups/snapshot.rb +22 -0
- data/lib/arachni/options.rb +286 -1486
- data/lib/arachni/page.rb +504 -108
- data/lib/arachni/page/dom.rb +280 -0
- data/lib/arachni/page/dom/transition.rb +302 -0
- data/lib/arachni/page/scope.rb +53 -0
- data/lib/arachni/parser.rb +177 -210
- data/lib/arachni/platform.rb +5 -13
- data/lib/arachni/platform/fingerprinter.rb +24 -23
- data/lib/arachni/platform/list.rb +48 -27
- data/lib/arachni/platform/manager.rb +146 -83
- data/lib/arachni/plugin.rb +5 -13
- data/lib/arachni/plugin/base.rb +90 -110
- data/lib/arachni/plugin/formatter.rb +40 -0
- data/lib/arachni/plugin/manager.rb +129 -108
- data/lib/arachni/processes.rb +6 -14
- data/lib/arachni/processes/dispatchers.rb +51 -58
- data/lib/arachni/processes/executables/base.rb +9 -0
- data/lib/arachni/processes/executables/dispatcher.rb +6 -0
- data/lib/arachni/processes/executables/instance.rb +13 -0
- data/lib/arachni/processes/helpers.rb +4 -12
- data/lib/arachni/processes/helpers/dispatchers.rb +8 -12
- data/lib/arachni/processes/helpers/instances.rb +13 -13
- data/lib/arachni/processes/helpers/processes.rb +8 -28
- data/lib/arachni/processes/instances.rb +86 -63
- data/lib/arachni/processes/manager.rb +89 -52
- data/lib/arachni/report.rb +282 -15
- data/lib/arachni/reporter.rb +12 -0
- data/lib/arachni/reporter/base.rb +126 -0
- data/lib/arachni/reporter/formatter_manager.rb +20 -0
- data/lib/arachni/reporter/manager.rb +54 -0
- data/lib/arachni/reporter/options.rb +47 -0
- data/lib/arachni/rpc/client/base.rb +27 -35
- data/lib/arachni/rpc/client/dispatcher.rb +13 -21
- data/lib/arachni/rpc/client/instance.rb +45 -40
- data/lib/arachni/rpc/client/instance/framework.rb +88 -0
- data/lib/arachni/rpc/client/instance/service.rb +106 -0
- data/lib/arachni/rpc/serializer.rb +98 -0
- data/lib/arachni/rpc/server/active_options.rb +26 -42
- data/lib/arachni/rpc/server/base.rb +35 -26
- data/lib/arachni/rpc/server/check/manager.rb +38 -0
- data/lib/arachni/rpc/server/dispatcher.rb +125 -211
- data/lib/arachni/rpc/server/dispatcher/node.rb +36 -50
- data/lib/arachni/rpc/server/dispatcher/service.rb +153 -0
- data/lib/arachni/rpc/server/framework.rb +83 -176
- data/lib/arachni/rpc/server/framework/distributor.rb +292 -271
- data/lib/arachni/rpc/server/framework/master.rb +164 -296
- data/lib/arachni/rpc/server/framework/multi_instance.rb +96 -128
- data/lib/arachni/rpc/server/framework/slave.rb +79 -89
- data/lib/arachni/rpc/server/instance.rb +362 -413
- data/lib/arachni/rpc/server/output.rb +33 -147
- data/lib/arachni/rpc/server/plugin/manager.rb +18 -54
- data/lib/arachni/ruby.rb +5 -14
- data/lib/arachni/ruby/array.rb +4 -14
- data/lib/arachni/ruby/hash.rb +47 -15
- data/lib/arachni/ruby/io.rb +4 -14
- data/lib/arachni/ruby/object.rb +10 -52
- data/lib/arachni/ruby/set.rb +4 -12
- data/lib/arachni/ruby/string.rb +60 -40
- data/lib/arachni/ruby/webrick.rb +4 -12
- data/lib/arachni/ruby/webrick/cookie.rb +4 -12
- data/lib/arachni/ruby/webrick/httprequest.rb +4 -12
- data/lib/arachni/scope.rb +40 -0
- data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +46 -0
- data/lib/arachni/session.rb +150 -173
- data/lib/arachni/snapshot.rb +181 -0
- data/lib/arachni/state.rb +122 -0
- data/lib/arachni/state/audit.rb +57 -0
- data/lib/arachni/state/element_filter.rb +67 -0
- data/lib/arachni/state/framework.rb +419 -0
- data/lib/arachni/state/framework/rpc.rb +63 -0
- data/lib/arachni/state/http.rb +60 -0
- data/lib/arachni/state/options.rb +39 -0
- data/lib/arachni/state/plugins.rb +94 -0
- data/lib/arachni/support.rb +6 -15
- data/lib/arachni/support/buffer.rb +5 -13
- data/lib/arachni/support/buffer/autoflush.rb +5 -15
- data/lib/arachni/support/buffer/base.rb +41 -70
- data/lib/arachni/support/cache.rb +5 -13
- data/lib/arachni/support/cache/base.rb +45 -50
- data/lib/arachni/support/cache/least_cost_replacement.rb +9 -19
- data/lib/arachni/support/cache/least_recently_used.rb +5 -15
- data/lib/arachni/support/cache/preference.rb +11 -20
- data/lib/arachni/support/cache/random_replacement.rb +10 -15
- data/lib/arachni/support/crypto.rb +5 -13
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +15 -27
- data/lib/arachni/support/database.rb +5 -13
- data/lib/arachni/support/database/base.rb +20 -37
- data/lib/arachni/support/database/hash.rb +265 -350
- data/lib/arachni/support/database/queue.rb +86 -27
- data/lib/arachni/support/lookup.rb +5 -13
- data/lib/arachni/support/lookup/base.rb +33 -26
- data/lib/arachni/support/lookup/hash_set.rb +11 -15
- data/lib/arachni/support/lookup/moolb.rb +9 -20
- data/lib/arachni/support/mixins.rb +14 -0
- data/lib/arachni/support/mixins/observable.rb +105 -0
- data/lib/arachni/support/mixins/terminal.rb +65 -0
- data/lib/arachni/support/profiler.rb +130 -0
- data/lib/arachni/support/signature.rb +37 -67
- data/lib/arachni/trainer.rb +57 -97
- data/lib/arachni/ui/foo/output.rb +31 -33
- data/lib/arachni/uri.rb +456 -462
- data/lib/arachni/uri/scope.rb +168 -0
- data/lib/arachni/utilities.rb +125 -147
- data/lib/arachni/version.rb +4 -12
- data/lib/arachni/watir/element.rb +17 -0
- data/lib/version +1 -1
- data/{spec/support/servers/modules/audit/sqli/jdbc → profiles/placeholder} +0 -0
- data/spec/arachni/browser/element_locator_spec.rb +228 -0
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +195 -0
- data/spec/arachni/browser/javascript/proxy/stub_spec.rb +106 -0
- data/spec/arachni/browser/javascript/proxy_spec.rb +144 -0
- data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +72 -0
- data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +46 -0
- data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +81 -0
- data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +47 -0
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +1304 -0
- data/spec/arachni/browser/javascript_spec.rb +355 -0
- data/spec/arachni/browser_cluster/job/result_spec.rb +14 -0
- data/spec/arachni/browser_cluster/job_spec.rb +264 -0
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +7 -0
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +68 -0
- data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +7 -0
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +89 -0
- data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +149 -0
- data/spec/arachni/browser_cluster/worker_spec.rb +314 -0
- data/spec/arachni/browser_cluster_spec.rb +543 -0
- data/spec/arachni/browser_spec.rb +2368 -0
- data/spec/arachni/check/auditor_spec.rb +1089 -0
- data/spec/arachni/check/base_spec.rb +33 -0
- data/spec/arachni/check/manager_spec.rb +100 -0
- data/spec/arachni/component/base_spec.rb +64 -0
- data/spec/arachni/component/manager_spec.rb +37 -26
- data/spec/arachni/component/options/address_spec.rb +5 -11
- data/spec/arachni/component/options/base_spec.rb +29 -81
- data/spec/arachni/component/options/bool_spec.rb +16 -19
- data/spec/arachni/component/options/float_spec.rb +17 -16
- data/spec/arachni/component/options/int_spec.rb +17 -20
- data/spec/arachni/component/options/multiple_choice_spec.rb +82 -0
- data/spec/arachni/component/options/object_spec.rb +24 -0
- data/spec/arachni/component/options/path_spec.rb +8 -11
- data/spec/arachni/component/options/port_spec.rb +16 -15
- data/spec/arachni/component/options/string_spec.rb +8 -17
- data/spec/arachni/component/options/url_spec.rb +16 -14
- data/spec/arachni/component/utilities_spec.rb +30 -0
- data/spec/arachni/{module → component}/utilities_spec/read_file.txt +0 -0
- data/spec/arachni/data/framework/rpc_spec.rb +72 -0
- data/spec/arachni/data/framework_spec.rb +266 -0
- data/spec/arachni/data/issues_spec.rb +347 -0
- data/spec/arachni/data/plugins_spec.rb +102 -0
- data/spec/arachni/data/session_spec.rb +59 -0
- data/spec/arachni/data_spec.rb +71 -0
- data/spec/arachni/element/body_spec.rb +63 -4
- data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +135 -0
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +355 -0
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +386 -0
- data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +25 -0
- data/spec/arachni/element/cookie/dom_spec.rb +145 -0
- data/spec/arachni/element/cookie_spec.rb +147 -108
- data/spec/arachni/element/form/dom_spec.rb +146 -0
- data/spec/arachni/element/form_spec.rb +519 -271
- data/spec/arachni/element/generic_dom_spec.rb +113 -0
- data/spec/arachni/element/header_spec.rb +68 -20
- data/spec/arachni/element/link/dom_spec.rb +206 -0
- data/spec/arachni/element/link_spec.rb +218 -130
- data/spec/arachni/element/link_template/dom_spec.rb +218 -0
- data/spec/arachni/element/link_template_spec.rb +403 -0
- data/spec/arachni/element/path_spec.rb +28 -4
- data/spec/arachni/element/server_spec.rb +171 -4
- data/spec/arachni/element_filter_spec.rb +227 -96
- data/spec/arachni/framework_spec.rb +1099 -759
- data/spec/arachni/http/client_spec.rb +1470 -0
- data/spec/arachni/http/cookie_jar_spec.rb +164 -130
- data/spec/arachni/http/headers_spec.rb +111 -0
- data/spec/arachni/http/message_spec.rb +5 -0
- data/spec/arachni/http/proxy_server_spec.rb +354 -0
- data/spec/arachni/http/request_spec.rb +602 -0
- data/spec/arachni/http/response/scope_spec.rb +135 -0
- data/spec/arachni/http/response_spec.rb +350 -0
- data/spec/arachni/issue/severity/base_spec.rb +15 -0
- data/spec/arachni/issue/severity_spec.rb +43 -0
- data/spec/arachni/issue_spec.rb +547 -284
- data/spec/arachni/option_groups/audit_spec.rb +298 -0
- data/spec/arachni/option_groups/browser_cluster_spec.rb +12 -0
- data/spec/arachni/option_groups/datastore_spec.rb +54 -0
- data/spec/arachni/option_groups/dispatcher_spec.rb +123 -0
- data/spec/arachni/option_groups/http_spec.rb +42 -0
- data/spec/arachni/option_groups/input_spec.rb +202 -0
- data/spec/arachni/option_groups/output_spec.rb +11 -0
- data/spec/arachni/option_groups/paths_spec.rb +34 -0
- data/spec/arachni/option_groups/rpc_spec.rb +13 -0
- data/spec/arachni/option_groups/scope_spec.rb +237 -0
- data/spec/arachni/option_groups/session_spec.rb +51 -0
- data/spec/arachni/option_groups/snapshot_spec.rb +11 -0
- data/spec/arachni/options_spec.rb +202 -756
- data/spec/arachni/page/dom/transition_spec.rb +515 -0
- data/spec/arachni/page/dom_spec.rb +308 -0
- data/spec/arachni/page/scope_spec.rb +80 -0
- data/spec/arachni/page_spec.rb +789 -175
- data/spec/arachni/parser_spec.rb +308 -200
- data/spec/arachni/platform/fingerprinter_spec.rb +51 -52
- data/spec/arachni/platform/manager_spec.rb +146 -34
- data/spec/arachni/plugin/base_spec.rb +97 -0
- data/spec/arachni/plugin/manager_spec.rb +186 -80
- data/spec/arachni/report_spec.rb +275 -0
- data/spec/arachni/reporter/base_spec.rb +96 -0
- data/spec/arachni/reporter/manager_spec.rb +38 -0
- data/spec/arachni/reporter/options_spec.rb +48 -0
- data/spec/arachni/rpc/client/base_spec.rb +43 -45
- data/spec/arachni/rpc/client/dispatcher_spec.rb +3 -3
- data/spec/arachni/rpc/client/instance_spec.rb +18 -40
- data/spec/arachni/rpc/server/active_options_spec.rb +35 -296
- data/spec/arachni/rpc/server/base_spec.rb +12 -6
- data/spec/arachni/rpc/server/checks/manager_spec.rb +48 -0
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +47 -74
- data/spec/arachni/rpc/server/dispatcher/service_spec.rb +99 -0
- data/spec/arachni/rpc/server/dispatcher_spec.rb +77 -38
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +356 -396
- data/spec/arachni/rpc/server/framework_multi_spec.rb +336 -0
- data/spec/arachni/rpc/server/framework_spec.rb +396 -0
- data/spec/arachni/rpc/server/instance_spec.rb +480 -281
- data/spec/arachni/rpc/server/output_spec.rb +9 -212
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -11
- data/spec/arachni/ruby/hash_spec.rb +30 -0
- data/spec/arachni/ruby/object_spec.rb +0 -16
- data/spec/arachni/ruby/string_spec.rb +98 -6
- data/spec/arachni/scope_spec.rb +13 -0
- data/spec/arachni/session_spec.rb +279 -251
- data/spec/arachni/snapshot_spec.rb +127 -0
- data/spec/arachni/state/audit_spec.rb +107 -0
- data/spec/arachni/state/element_filter_spec.rb +66 -0
- data/spec/arachni/state/framework/rpc_spec.rb +85 -0
- data/spec/arachni/state/framework_spec.rb +853 -0
- data/spec/arachni/state/http_spec.rb +63 -0
- data/spec/arachni/state/options_spec.rb +55 -0
- data/spec/arachni/state/plugins_spec.rb +76 -0
- data/spec/arachni/state_spec.rb +87 -0
- data/spec/arachni/support/cache/least_cost_replacement_spec.rb +30 -32
- data/spec/arachni/support/cache/least_recently_used_spec.rb +39 -40
- data/spec/arachni/support/cache/preference_spec.rb +17 -18
- data/spec/arachni/support/cache/random_replacement_spec.rb +19 -20
- data/spec/arachni/support/database/queue_spec.rb +200 -32
- data/spec/arachni/support/lookup/hash_set_spec.rb +74 -0
- data/spec/arachni/support/mixins/observable_spec.rb +81 -0
- data/spec/arachni/support/signature_spec.rb +9 -25
- data/spec/arachni/trainer_spec.rb +141 -124
- data/spec/arachni/uri/scope_spec.rb +416 -0
- data/spec/arachni/uri_spec.rb +187 -195
- data/spec/arachni/utilities_spec.rb +178 -525
- data/spec/components/checks/active/code_injection_spec.rb +26 -0
- data/spec/components/checks/active/code_injection_timing_spec.rb +26 -0
- data/spec/components/checks/active/csrf_spec.rb +44 -0
- data/spec/components/checks/active/file_inclusion_spec.rb +56 -0
- data/spec/components/checks/active/ldap_injection_spec.rb +16 -0
- data/spec/components/checks/active/no_sql_injection_differential_spec.rb +15 -0
- data/spec/components/checks/active/no_sql_injection_spec.rb +28 -0
- data/spec/components/checks/active/os_cmd_injection_spec.rb +26 -0
- data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +26 -0
- data/spec/components/checks/active/path_traversal_spec.rb +42 -0
- data/spec/components/checks/active/response_splitting_spec.rb +22 -0
- data/spec/components/checks/active/rfi_spec.rb +20 -0
- data/spec/components/checks/active/session_fixation_spec.rb +20 -0
- data/spec/components/checks/active/source_code_disclosure_spec.rb +26 -0
- data/spec/components/checks/active/sql_injection_differential_spec.rb +15 -0
- data/spec/components/checks/active/sql_injection_spec.rb +142 -0
- data/spec/components/checks/active/sql_injection_timing_spec.rb +24 -0
- data/spec/components/checks/active/trainer_spec.rb +36 -0
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +20 -0
- data/spec/components/checks/active/xpath_injection_spec.rb +16 -0
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +32 -0
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +63 -0
- data/spec/components/checks/active/xss_dom_spec.rb +67 -0
- data/spec/components/checks/active/xss_event_spec.rb +15 -0
- data/spec/components/checks/active/xss_path_spec.rb +15 -0
- data/spec/components/checks/active/xss_script_context_spec.rb +22 -0
- data/spec/components/checks/active/xss_spec.rb +22 -0
- data/spec/components/checks/active/xss_tag_spec.rb +15 -0
- data/spec/components/checks/passive/allowed_methods_spec.rb +15 -0
- data/spec/components/checks/passive/backdoors_spec.rb +15 -0
- data/spec/components/checks/passive/backup_directories_spec.rb +15 -0
- data/spec/components/checks/passive/backup_files_spec.rb +15 -0
- data/spec/components/checks/passive/common_directories_spec.rb +15 -0
- data/spec/components/checks/passive/common_files_spec.rb +15 -0
- data/spec/components/checks/passive/directory_listing_spec.rb +15 -0
- data/spec/components/checks/passive/grep/captcha_spec.rb +15 -0
- data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +15 -0
- data/spec/components/checks/passive/grep/credit_card_spec.rb +15 -0
- data/spec/components/checks/passive/grep/cvs_svn_users_spec.rb +15 -0
- data/spec/components/checks/passive/grep/emails_spec.rb +15 -0
- data/spec/components/checks/passive/grep/form_upload_spec.rb +15 -0
- data/spec/components/checks/passive/grep/hsts_spec.rb +17 -0
- data/spec/components/checks/passive/grep/html_objects_spec.rb +15 -0
- data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +15 -0
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +15 -0
- data/spec/components/checks/passive/grep/mixed_resource_spec.rb +16 -0
- data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +15 -0
- data/spec/components/checks/passive/grep/private_ip_spec.rb +22 -0
- data/spec/components/checks/passive/grep/ssn_spec.rb +15 -0
- data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +15 -0
- data/spec/components/checks/passive/htaccess_limit_spec.rb +15 -0
- data/spec/components/checks/passive/http_put_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +23 -0
- data/spec/components/checks/passive/localstart_asp_spec.rb +15 -0
- data/spec/components/checks/passive/origin_spoof_access_restriction_bypass_spec.rb +15 -0
- data/spec/components/checks/passive/webdav_spec.rb +15 -0
- data/spec/components/checks/passive/xst_spec.rb +15 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +42 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +38 -0
- data/spec/components/fingerprinters/languages/aspx_spec.rb +79 -0
- data/spec/components/fingerprinters/languages/jsp_spec.rb +56 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +59 -0
- data/spec/components/fingerprinters/languages/python_spec.rb +23 -0
- data/spec/components/fingerprinters/languages/ruby.rb +34 -0
- data/spec/components/fingerprinters/os/bsd_spec.rb +26 -0
- data/spec/components/fingerprinters/os/linux_spec.rb +34 -0
- data/spec/components/fingerprinters/os/solaris_spec.rb +34 -0
- data/spec/components/fingerprinters/os/unix_spec.rb +26 -0
- data/spec/components/fingerprinters/os/windows_spec.rb +34 -0
- data/spec/components/fingerprinters/servers/apache_spec.rb +26 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/jetty_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/nginx_spec.rb +26 -0
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +28 -0
- data/spec/{path_extractors → components/path_extractors}/anchors_spec.rb +0 -0
- data/spec/{path_extractors → components/path_extractors}/areas_spec.rb +0 -0
- data/spec/components/path_extractors/comments_spec.rb +23 -0
- data/spec/{path_extractors → components/path_extractors}/forms_spec.rb +0 -0
- data/spec/{path_extractors → components/path_extractors}/frames_spec.rb +0 -0
- data/spec/{path_extractors → components/path_extractors}/generic_spec.rb +0 -0
- data/spec/{path_extractors → components/path_extractors}/links_spec.rb +0 -0
- data/spec/{path_extractors → components/path_extractors}/meta_refresh_spec.rb +0 -0
- data/spec/components/path_extractors/scripts_spec.rb +30 -0
- data/spec/components/plugins/autologin_spec.rb +96 -0
- data/spec/components/plugins/autothrottle_spec.rb +56 -0
- data/spec/components/plugins/content_types_spec.rb +91 -0
- data/spec/components/plugins/cookie_collector_spec.rb +41 -0
- data/spec/components/plugins/form_dicattack_spec.rb +54 -0
- data/spec/components/plugins/healthmap_spec.rb +40 -0
- data/spec/components/plugins/http_dicattack_spec.rb +40 -0
- data/spec/components/plugins/meta/remedies/discovery_spec.rb +23 -0
- data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +31 -0
- data/spec/components/plugins/meta/uniformity_spec.rb +29 -0
- data/spec/components/plugins/script_spec.rb +13 -0
- data/spec/components/plugins/uncommon_headers_spec.rb +64 -0
- data/spec/components/plugins/vector_feed_spec.rb +169 -0
- data/spec/components/plugins/waf_detector_spec.rb +50 -0
- data/spec/components/reporters/ap_spec.rb +9 -0
- data/spec/components/reporters/html_spec.rb +9 -0
- data/spec/components/reporters/json_spec.rb +17 -0
- data/spec/components/reporters/marshal_spec.rb +13 -0
- data/spec/components/reporters/stdout_spec.rb +9 -0
- data/spec/components/reporters/txt_spec.rb +8 -0
- data/spec/components/reporters/xml_spec.rb +9 -0
- data/spec/components/reporters/yaml_spec.rb +14 -0
- data/spec/external/wavsep/active/lfi_spec.rb +1 -1
- data/spec/external/wavsep/active/obsolete_files_spec.rb +225 -0
- data/spec/external/wavsep/active/rfi_spec.rb +1 -1
- data/spec/external/wavsep/active/sqli_spec.rb +8 -6
- data/spec/external/wavsep/active/unvalidated_redirect_spec.rb +57 -0
- data/spec/external/wavsep/active/xss_dom_spec.rb +27 -0
- data/spec/external/wavsep/active/xss_spec.rb +13 -3
- data/spec/external/wavsep/false_positives/lfi_spec.rb +4 -16
- data/spec/external/wavsep/false_positives/obsolete_files_spec.rb +21 -0
- data/spec/external/wavsep/false_positives/rfi_spec.rb +2 -2
- data/spec/external/wavsep/false_positives/sqli_spec.rb +4 -15
- data/spec/external/wavsep/false_positives/unvalidated_redirect_spec.rb +21 -0
- data/spec/external/wavsep/false_positives/xss_spec.rb +2 -2
- data/spec/spec_helper.rb +17 -18
- data/spec/support/factories/browser/javascript/taint_tracer/frame.rb +10 -0
- data/spec/support/factories/browser/javascript/taint_tracer/frame/called_function.rb +11 -0
- data/spec/support/factories/browser/javascript/taint_tracer/sink/data_flow.rb +14 -0
- data/spec/support/factories/browser/javascript/taint_tracer/sink/execution_flow.rb +10 -0
- data/spec/support/factories/browser_cluster/job.rb +27 -0
- data/spec/support/factories/element/cookie.rb +7 -0
- data/spec/support/factories/element/form.rb +12 -0
- data/spec/support/factories/element/header.rb +5 -0
- data/spec/support/factories/element/link.rb +11 -0
- data/spec/support/factories/element/link_template.rb +11 -0
- data/spec/support/factories/http/request.rb +9 -0
- data/spec/support/factories/http/response.rb +42 -0
- data/spec/support/factories/issue.rb +67 -0
- data/spec/support/factories/page.rb +7 -0
- data/spec/support/factories/page/dom.rb +13 -0
- data/spec/support/factories/page/dom/transition.rb +21 -0
- data/spec/support/factories/scan_report.rb +35 -0
- data/spec/support/factories/vector.rb +32 -0
- data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +37 -0
- data/spec/support/fixtures/checks/test.rb +58 -0
- data/spec/support/fixtures/checks/test2.rb +41 -0
- data/spec/support/fixtures/checks/test3.rb +41 -0
- data/spec/support/fixtures/executables/node.rb +47 -0
- data/spec/support/fixtures/fingerprinters/test.rb +5 -13
- data/spec/support/fixtures/option_groups/input.yml +2 -0
- data/spec/support/fixtures/plugins/bad.rb +5 -13
- data/spec/support/fixtures/plugins/defaults/default.rb +6 -14
- data/spec/support/fixtures/plugins/distributable.rb +7 -15
- data/spec/support/fixtures/plugins/loop.rb +5 -13
- data/spec/support/fixtures/plugins/suspendable.rb +44 -0
- data/spec/support/fixtures/plugins/wait.rb +6 -14
- data/spec/support/fixtures/plugins/with_options.rb +20 -16
- data/spec/support/fixtures/plugins_with_priorities/p0.rb +17 -0
- data/spec/support/fixtures/plugins_with_priorities/p00.rb +17 -0
- data/spec/support/fixtures/plugins_with_priorities/p1.rb +17 -0
- data/spec/support/fixtures/plugins_with_priorities/p2.rb +17 -0
- data/spec/support/fixtures/plugins_with_priorities/p22.rb +17 -0
- data/spec/support/fixtures/plugins_with_priorities/p222.rb +17 -0
- data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +16 -0
- data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +16 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +13 -0
- data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +15 -0
- data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +16 -0
- data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +12 -0
- data/spec/support/fixtures/reporters/manager_spec/afr.rb +13 -0
- data/spec/support/fixtures/reporters/manager_spec/foo.rb +18 -0
- data/spec/support/fixtures/rescan.afr.tpl +4 -5
- data/spec/support/fixtures/run_check/body.rb +48 -0
- data/spec/support/fixtures/run_check/cookies.rb +48 -0
- data/spec/support/fixtures/run_check/empty.rb +34 -0
- data/spec/support/fixtures/run_check/flch.rb +53 -0
- data/spec/support/fixtures/run_check/forms.rb +48 -0
- data/spec/support/fixtures/run_check/headers.rb +48 -0
- data/spec/support/fixtures/run_check/links.rb +48 -0
- data/spec/support/fixtures/run_check/nil.rb +47 -0
- data/spec/support/fixtures/run_check/path.rb +48 -0
- data/spec/support/fixtures/run_check/server.rb +48 -0
- data/spec/support/fixtures/services/echo.rb +64 -0
- data/spec/support/fixtures/taint_check/taint.rb +38 -0
- data/spec/support/fixtures/wait_check/wait.rb +38 -0
- data/spec/support/helpers/auditor.rb +18 -5
- data/spec/support/helpers/browser.rb +6 -0
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +32 -0
- data/spec/support/helpers/framework.rb +5 -13
- data/spec/support/helpers/misc.rb +4 -12
- data/spec/support/helpers/pages.rb +18 -0
- data/spec/support/helpers/paths.rb +4 -12
- data/spec/support/helpers/requires.rb +5 -13
- data/spec/support/helpers/resets.rb +12 -19
- data/spec/support/helpers/web_server.rb +11 -15
- data/spec/support/lib/factory.rb +115 -0
- data/spec/support/lib/web_server_client.rb +49 -0
- data/spec/support/lib/web_server_dispatcher.rb +33 -0
- data/spec/support/lib/web_server_manager.rb +29 -32
- data/spec/support/pems/cacert.pem +35 -37
- data/spec/support/pems/client/cert.pem +35 -37
- data/spec/support/pems/client/key.pem +49 -49
- data/spec/support/pems/server/cert.pem +35 -37
- data/spec/support/pems/server/key.pem +49 -49
- data/spec/support/servers/arachni/browser.rb +836 -0
- data/spec/support/servers/arachni/browser/javascript.rb +7 -0
- data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +20554 -0
- data/spec/support/servers/arachni/browser/javascript/angular-route.js +911 -0
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +90 -0
- data/spec/support/servers/arachni/browser/javascript/jquery-2.0.3.js +8829 -0
- data/spec/support/servers/arachni/browser/javascript/proxy.rb +17 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +714 -0
- data/spec/support/servers/arachni/browser_cluster/jobs/event_trigger.rb +25 -0
- data/spec/support/servers/arachni/browser_https.rb +60 -0
- data/spec/support/servers/arachni/check/auditor.rb +247 -0
- data/spec/support/servers/arachni/element/body.rb +5 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +162 -0
- data/spec/support/servers/arachni/element/capabilities/{auditable → analyzable}/taint.rb +0 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +37 -0
- data/spec/support/servers/arachni/element/cookie.rb +1 -1
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +21 -0
- data/spec/support/servers/arachni/element/form.rb +6 -22
- data/spec/support/servers/arachni/element/form/form_dom.rb +50 -0
- data/spec/support/servers/arachni/element/header.rb +7 -8
- data/spec/support/servers/arachni/element/link.rb +15 -7
- data/spec/support/servers/arachni/element/link/link_dom.rb +49 -0
- data/spec/support/servers/arachni/element/link_template.rb +11 -0
- data/spec/support/servers/arachni/element/link_template/link_template_dom.rb +43 -0
- data/spec/support/servers/arachni/framework.rb +18 -0
- data/spec/support/servers/arachni/http/client.rb +176 -0
- data/spec/support/servers/arachni/http/proxy_server.rb +9 -0
- data/spec/support/servers/arachni/http/proxy_server_https.rb +25 -0
- data/spec/support/servers/arachni/page/page_dom.rb +83 -0
- data/spec/support/servers/arachni/parser.rb +4 -0
- data/spec/support/servers/arachni/rpc/server/{framework_hpg.rb → framework_multi.rb} +0 -0
- data/spec/support/servers/arachni/session.rb +43 -9
- data/spec/support/servers/arachni/trainer.rb +11 -7
- data/spec/support/servers/checks/active/code_injection.rb +163 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +134 -0
- data/spec/support/servers/{modules/audit → checks/active}/csrf.rb +0 -0
- data/spec/support/servers/checks/active/file_inclusion.rb +228 -0
- data/spec/support/servers/checks/active/ldap_injection.rb +88 -0
- data/spec/support/servers/checks/active/no_sql_injection.rb +134 -0
- data/spec/support/servers/checks/active/no_sql_injection/mongodb +1 -0
- data/spec/support/servers/checks/active/no_sql_injection_differential.rb +61 -0
- data/spec/support/servers/checks/active/os_cmd_injection.rb +172 -0
- data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +118 -0
- data/spec/support/servers/checks/active/path_traversal.rb +219 -0
- data/spec/support/servers/checks/active/response_splitting.rb +138 -0
- data/spec/support/servers/{modules/audit → checks/active}/rfi.rb +0 -0
- data/spec/support/servers/checks/active/session_fixation.rb +111 -0
- data/spec/support/servers/checks/active/source_code_disclosure.rb +118 -0
- data/spec/support/servers/checks/active/sql_injection.rb +133 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/access +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/coldfusion +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/db2 +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/emc +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/firebird +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/frontbase +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/hsqldb +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/informix +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/ingres +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/interbase +0 -0
- data/spec/support/servers/checks/active/sql_injection/jdbc +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/maxdb +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/mssql +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/mysql +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/oracle +0 -0
- data/spec/support/servers/{modules/audit/sqli/postgresql → checks/active/sql_injection/pgsql} +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/sqlite +0 -0
- data/spec/support/servers/{modules/audit/sqli → checks/active/sql_injection}/sybase +0 -0
- data/spec/support/servers/{modules/audit/sqli_blind_rdiff.rb → checks/active/sql_injection_differential.rb} +0 -0
- data/spec/support/servers/checks/active/sql_injection_timing.rb +145 -0
- data/spec/support/servers/{modules/audit/trainer_module.rb → checks/active/trainer_check.rb} +0 -0
- data/spec/support/servers/checks/active/unvalidated_redirect.rb +141 -0
- data/spec/support/servers/checks/active/xpath_injection.rb +121 -0
- data/spec/support/servers/{modules/audit/xpath → checks/active/xpath_injection}/dotnet +0 -0
- data/spec/support/servers/{modules/audit/xpath → checks/active/xpath_injection}/general +0 -0
- data/spec/support/servers/{modules/audit/xpath → checks/active/xpath_injection}/java +0 -0
- data/spec/support/servers/{modules/audit/xpath → checks/active/xpath_injection}/libxml2 +0 -0
- data/spec/support/servers/{modules/audit/xpath → checks/active/xpath_injection}/php +0 -0
- data/spec/support/servers/checks/active/xss.rb +239 -0
- data/spec/support/servers/checks/active/xss_dom.rb +133 -0
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +139 -0
- data/spec/support/servers/checks/active/xss_event.rb +80 -0
- data/spec/support/servers/{modules/audit → checks/active}/xss_path.rb +0 -0
- data/spec/support/servers/checks/active/xss_script_context.rb +90 -0
- data/spec/support/servers/{modules/audit → checks/active}/xss_tag.rb +0 -0
- data/spec/support/servers/checks/check_server.rb +14 -0
- data/spec/support/servers/{modules/recon → checks/passive}/allowed_methods.rb +0 -0
- data/spec/support/servers/checks/passive/backdoors.rb +4 -0
- data/spec/support/servers/checks/passive/backup_directories.rb +15 -0
- data/spec/support/servers/checks/passive/backup_files.rb +15 -0
- data/spec/support/servers/checks/passive/common_directories.rb +6 -0
- data/spec/support/servers/checks/passive/common_files.rb +6 -0
- data/spec/support/servers/checks/passive/directory_listing.rb +30 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/captcha.rb +0 -0
- data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +21 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/credit_card.rb +0 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/cvs_svn_users.rb +0 -0
- data/spec/support/servers/checks/passive/grep/emails.rb +23 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/form_upload.rb +0 -0
- data/spec/support/servers/checks/passive/grep/hsts_https.rb +37 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/html_objects.rb +0 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/http_only_cookies.rb +0 -0
- data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +40 -0
- data/spec/support/servers/checks/passive/grep/mixed_resource_https.rb +69 -0
- data/spec/support/servers/checks/passive/grep/password_autocomplete.rb +33 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/private_ip.rb +0 -0
- data/spec/support/servers/{modules/recon → checks/passive}/grep/ssn.rb +0 -0
- data/spec/support/servers/checks/passive/grep/unencrypted_password_forms.rb +33 -0
- data/spec/support/servers/{modules/recon → checks/passive}/htaccess_limit.rb +0 -0
- data/spec/support/servers/checks/passive/http_put.rb +7 -0
- data/spec/support/servers/checks/passive/interesting_responses.rb +5 -0
- data/spec/support/servers/{modules/recon → checks/passive}/localstart_asp.rb +0 -0
- data/spec/support/servers/checks/passive/origin_spoof_access_restriction_bypass.rb +30 -0
- data/spec/support/servers/checks/passive/webdav.rb +25 -0
- data/spec/support/servers/{modules/recon → checks/passive}/xst.rb +0 -0
- data/spec/support/servers/plugins/meta/remedies/discovery.rb +2 -2
- data/spec/support/servers/plugins/meta/remedies/timing_attacks.rb +2 -0
- data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +36 -0
- data/spec/support/shared/check.rb +198 -0
- data/spec/support/shared/component.rb +15 -4
- data/spec/support/shared/component/options/base.rb +187 -0
- data/spec/support/shared/element/base.rb +131 -0
- data/spec/support/shared/element/capabilities/auditable.rb +371 -604
- data/spec/support/shared/element/capabilities/auditable/dom.rb +303 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +499 -0
- data/spec/support/shared/element/capabilities/mutable.rb +362 -0
- data/spec/support/shared/element/capabilities/refreshable.rb +26 -26
- data/spec/support/shared/element/capabilities/submitable.rb +155 -0
- data/spec/support/shared/element/capabilities/with_auditor.rb +75 -0
- data/spec/support/shared/element/capabilities/with_dom.rb +39 -0
- data/spec/support/shared/element/capabilities/with_node.rb +42 -0
- data/spec/support/shared/element/capabilities/with_scope.rb +22 -0
- data/spec/support/shared/external/wavsep.rb +30 -9
- data/spec/support/shared/http/message.rb +72 -0
- data/spec/support/shared/option_group.rb +98 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/spec/support/shared/plugin.rb +33 -16
- data/spec/support/shared/reporter.rb +41 -0
- data/spec/support/shared/support/cache.rb +341 -0
- data/spec/support/shared/support/lookup.rb +93 -13
- data/ui/cli/framework.rb +466 -0
- data/ui/cli/framework/option_parser.rb +628 -0
- data/ui/cli/option_parser.rb +104 -0
- data/ui/cli/output.rb +377 -0
- data/ui/cli/reporter.rb +52 -0
- data/ui/cli/reporter/option_parser.rb +102 -0
- data/ui/cli/restored_framework.rb +127 -0
- data/ui/cli/restored_framework/option_parser.rb +115 -0
- data/ui/cli/rpc/client/dispatcher_monitor.rb +157 -0
- data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +41 -0
- data/ui/cli/rpc/client/instance.rb +294 -0
- data/ui/cli/rpc/client/local.rb +65 -0
- data/ui/cli/rpc/client/local/option_parser.rb +35 -0
- data/ui/cli/rpc/client/remote.rb +84 -0
- data/ui/cli/rpc/client/remote/option_parser.rb +99 -0
- data/ui/cli/rpc/server/dispatcher.rb +36 -0
- data/ui/cli/rpc/server/dispatcher/option_parser.rb +165 -0
- data/ui/cli/utilities.rb +228 -0
- metadata +1260 -1266
- data/EXPLOITATION.md +0 -431
- data/HACKING.md +0 -120
- data/NOTICE +0 -12
- data/data/crypto/public.pem +0 -9
- data/external/metasploit/LICENSE +0 -24
- data/external/metasploit/plugins/arachni.rb +0 -516
- data/external/metasploit/plugins/arachni/modules/auxiliary/arachni_sqlmap.rb +0 -91
- data/external/metasploit/plugins/arachni/modules/exploits/unix/webapp/arachni_exec.rb +0 -142
- data/external/metasploit/plugins/arachni/modules/exploits/unix/webapp/arachni_path_traversal.rb +0 -113
- data/external/metasploit/plugins/arachni/modules/exploits/unix/webapp/arachni_php_eval.rb +0 -150
- data/external/metasploit/plugins/arachni/modules/exploits/unix/webapp/arachni_php_include.rb +0 -141
- data/fingerprinters/frameworks/rack.rb +0 -41
- data/fingerprinters/languages/asp.rb +0 -42
- data/fingerprinters/languages/aspx.rb +0 -63
- data/fingerprinters/languages/jsp.rb +0 -42
- data/fingerprinters/languages/php.rb +0 -43
- data/fingerprinters/languages/python.rb +0 -40
- data/fingerprinters/languages/ruby.rb +0 -41
- data/fingerprinters/os/bsd.rb +0 -36
- data/fingerprinters/os/linux.rb +0 -42
- data/fingerprinters/os/solaris.rb +0 -41
- data/fingerprinters/os/unix.rb +0 -36
- data/fingerprinters/os/windows.rb +0 -41
- data/fingerprinters/servers/apache.rb +0 -36
- data/fingerprinters/servers/iis.rb +0 -36
- data/fingerprinters/servers/jetty.rb +0 -36
- data/fingerprinters/servers/nginx.rb +0 -36
- data/fingerprinters/servers/tomcat.rb +0 -36
- data/gfx/README.md +0 -18
- data/gfx/compiled/banner.png +0 -0
- data/gfx/compiled/favicon.ico +0 -0
- data/gfx/compiled/icon.png +0 -0
- data/gfx/compiled/logo.png +0 -0
- data/gfx/compiled/spider.png +0 -0
- data/gfx/font/Beneath_the_Surface.ttf +0 -0
- data/gfx/font/bts_readme.txt +0 -14
- data/gfx/source/banner.svg +0 -999
- data/gfx/source/icon.svg +0 -627
- data/gfx/source/logo.svg +0 -672
- data/gfx/source/spider.png +0 -0
- data/gfx/source/spider.svg +0 -277
- data/lib/arachni/audit_store.rb +0 -321
- data/lib/arachni/component/options/enum.rb +0 -51
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +0 -489
- data/lib/arachni/element/capabilities/auditable/taint.rb +0 -238
- data/lib/arachni/element/capabilities/auditable/timeout.rb +0 -469
- data/lib/arachni/mixins/observable.rb +0 -91
- data/lib/arachni/mixins/progress_bar.rb +0 -87
- data/lib/arachni/mixins/terminal.rb +0 -112
- data/lib/arachni/module.rb +0 -20
- data/lib/arachni/module/auditor.rb +0 -618
- data/lib/arachni/module/base.rb +0 -188
- data/lib/arachni/module/manager.rb +0 -255
- data/lib/arachni/module/output.rb +0 -68
- data/lib/arachni/module/utilities.rb +0 -64
- data/lib/arachni/report/base.rb +0 -201
- data/lib/arachni/report/manager.rb +0 -86
- data/lib/arachni/rpc/server/dispatcher/handler.rb +0 -166
- data/lib/arachni/rpc/server/module/manager.rb +0 -46
- data/lib/arachni/rpc/server/spider.rb +0 -404
- data/lib/arachni/ruby/enumerable.rb +0 -29
- data/lib/arachni/spider.rb +0 -477
- data/lib/arachni/support/key_filler.rb +0 -68
- data/lib/arachni/support/queue.rb +0 -18
- data/lib/arachni/support/queue/disk.rb +0 -171
- data/lib/arachni/typhoeus/hydra.rb +0 -56
- data/lib/arachni/typhoeus/request.rb +0 -80
- data/lib/arachni/typhoeus/response.rb +0 -103
- data/lib/arachni/typhoeus/utils.rb +0 -25
- data/lib/arachni/ui/cli/cli.rb +0 -469
- data/lib/arachni/ui/cli/output.rb +0 -391
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +0 -188
- data/lib/arachni/ui/cli/rpc/instance.rb +0 -407
- data/lib/arachni/ui/cli/rpc/local.rb +0 -80
- data/lib/arachni/ui/cli/rpc/remote.rb +0 -134
- data/lib/arachni/ui/cli/utilities.rb +0 -509
- data/modules/audit/code_injection.rb +0 -137
- data/modules/audit/code_injection_php_input_wrapper.rb +0 -109
- data/modules/audit/code_injection_timing.rb +0 -122
- data/modules/audit/csrf.rb +0 -225
- data/modules/audit/file_inclusion.rb +0 -156
- data/modules/audit/ldapi.rb +0 -97
- data/modules/audit/os_cmd_injection.rb +0 -109
- data/modules/audit/os_cmd_injection_timing.rb +0 -98
- data/modules/audit/path_traversal.rb +0 -170
- data/modules/audit/response_splitting.rb +0 -99
- data/modules/audit/rfi.rb +0 -181
- data/modules/audit/session_fixation.rb +0 -117
- data/modules/audit/source_code_disclosure.rb +0 -179
- data/modules/audit/sqli.rb +0 -148
- data/modules/audit/sqli_blind_rdiff.rb +0 -138
- data/modules/audit/sqli_blind_timing.rb +0 -126
- data/modules/audit/trainer.rb +0 -49
- data/modules/audit/unvalidated_redirect.rb +0 -91
- data/modules/audit/xpath.rb +0 -97
- data/modules/audit/xss.rb +0 -154
- data/modules/audit/xss_event.rb +0 -153
- data/modules/audit/xss_path.rb +0 -152
- data/modules/audit/xss_script_tag.rb +0 -137
- data/modules/audit/xss_tag.rb +0 -137
- data/modules/recon/allowed_methods.rb +0 -99
- data/modules/recon/backdoors.rb +0 -82
- data/modules/recon/backup_files.rb +0 -100
- data/modules/recon/backup_files/extensions.txt +0 -28
- data/modules/recon/common_directories.rb +0 -87
- data/modules/recon/common_files.rb +0 -78
- data/modules/recon/common_files/filenames.txt +0 -21
- data/modules/recon/directory_listing.rb +0 -133
- data/modules/recon/grep/captcha.rb +0 -74
- data/modules/recon/grep/credit_card.rb +0 -128
- data/modules/recon/grep/cvs_svn_users.rb +0 -81
- data/modules/recon/grep/emails.rb +0 -73
- data/modules/recon/grep/form_upload.rb +0 -86
- data/modules/recon/grep/html_objects.rb +0 -56
- data/modules/recon/grep/http_only_cookies.rb +0 -82
- data/modules/recon/grep/insecure_cookies.rb +0 -82
- data/modules/recon/grep/mixed_resource.rb +0 -113
- data/modules/recon/grep/password_autocomplete.rb +0 -85
- data/modules/recon/grep/private_ip.rb +0 -70
- data/modules/recon/grep/ssn.rb +0 -66
- data/modules/recon/grep/unencrypted_password_forms.rb +0 -103
- data/modules/recon/htaccess_limit.rb +0 -76
- data/modules/recon/http_put.rb +0 -95
- data/modules/recon/interesting_responses.rb +0 -91
- data/modules/recon/localstart_asp.rb +0 -97
- data/modules/recon/webdav.rb +0 -106
- data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +0 -76
- data/modules/recon/xst.rb +0 -103
- data/path_extractors/anchors.rb +0 -37
- data/path_extractors/areas.rb +0 -37
- data/path_extractors/forms.rb +0 -37
- data/path_extractors/frames.rb +0 -37
- data/path_extractors/generic.rb +0 -84
- data/path_extractors/links.rb +0 -37
- data/path_extractors/meta_refresh.rb +0 -58
- data/path_extractors/scripts.rb +0 -38
- data/plugins/autologin.rb +0 -133
- data/plugins/beep_notify.rb +0 -49
- data/plugins/content_types.rb +0 -107
- data/plugins/cookie_collector.rb +0 -85
- data/plugins/defaults/autothrottle.rb +0 -78
- data/plugins/defaults/healthmap.rb +0 -89
- data/plugins/defaults/meta/remedies/discovery.rb +0 -138
- data/plugins/defaults/meta/remedies/timing_attacks.rb +0 -117
- data/plugins/defaults/meta/uniformity.rb +0 -82
- data/plugins/defaults/resolver.rb +0 -60
- data/plugins/email_notify.rb +0 -106
- data/plugins/form_dicattack.rb +0 -123
- data/plugins/http_dicattack.rb +0 -108
- data/plugins/libnotify.rb +0 -82
- data/plugins/profiler.rb +0 -179
- data/plugins/proxy.rb +0 -502
- data/plugins/proxy/panel/page_accordion.html.erb +0 -67
- data/plugins/proxy/panel/panel.html.erb +0 -69
- data/plugins/proxy/panel/verify_login_sequence.html.erb +0 -45
- data/plugins/proxy/server.rb +0 -215
- data/plugins/proxy/template_scope.rb +0 -138
- data/plugins/rescan.rb +0 -59
- data/plugins/script.rb +0 -53
- data/plugins/uncommon_headers.rb +0 -92
- data/plugins/vector_feed.rb +0 -226
- data/plugins/waf_detector.rb +0 -167
- data/profiles/full.afp +0 -48
- data/reports/afr.rb +0 -44
- data/reports/ap.rb +0 -46
- data/reports/html.rb +0 -273
- data/reports/html/default.erb +0 -82
- data/reports/html/default/configuration.erb +0 -126
- data/reports/html/default/css/jquery-ui.css +0 -570
- data/reports/html/default/css/jquery.jqplot.min.css +0 -1
- data/reports/html/default/css/main.css +0 -391
- data/reports/html/default/headers.erb +0 -19
- data/reports/html/default/issue.erb +0 -178
- data/reports/html/default/issues.erb +0 -52
- data/reports/html/default/js/charts.js +0 -147
- data/reports/html/default/js/helpers.js +0 -53
- data/reports/html/default/js/init.js +0 -72
- data/reports/html/default/js/lib/jqplot.barRenderer.min.js +0 -57
- data/reports/html/default/js/lib/jqplot.categoryAxisRenderer.min.js +0 -57
- data/reports/html/default/js/lib/jqplot.cursor.min.js +0 -57
- data/reports/html/default/js/lib/jqplot.pieRenderer.min.js +0 -57
- data/reports/html/default/js/lib/jqplot.pointLabels.min.js +0 -57
- data/reports/html/default/js/lib/jquery-ui.min.js +0 -404
- data/reports/html/default/js/lib/jquery.jqplot.min.js +0 -57
- data/reports/html/default/js/lib/jquery.min.js +0 -167
- data/reports/html/default/plugins.erb +0 -22
- data/reports/html/default/search.erb +0 -8
- data/reports/html/default/sitemap.erb +0 -15
- data/reports/html/default/summary.erb +0 -75
- data/reports/html/default/summary_issue.erb +0 -20
- data/reports/json.rb +0 -52
- data/reports/marshal.rb +0 -46
- data/reports/metareport.rb +0 -104
- data/reports/plugin_formatters/html/autologin.rb +0 -45
- data/reports/plugin_formatters/html/content_types.rb +0 -67
- data/reports/plugin_formatters/html/cookie_collector.rb +0 -52
- data/reports/plugin_formatters/html/discovery.rb +0 -45
- data/reports/plugin_formatters/html/form_dicattack.rb +0 -40
- data/reports/plugin_formatters/html/healthmap.rb +0 -60
- data/reports/plugin_formatters/html/http_dicattack.rb +0 -40
- data/reports/plugin_formatters/html/profiler.rb +0 -36
- data/reports/plugin_formatters/html/profiler/template.erb +0 -84
- data/reports/plugin_formatters/html/resolver.rb +0 -55
- data/reports/plugin_formatters/html/timing_attacks.rb +0 -51
- data/reports/plugin_formatters/html/uncommon_headers.rb +0 -47
- data/reports/plugin_formatters/html/uniformity.rb +0 -54
- data/reports/plugin_formatters/html/waf_detector.rb +0 -38
- data/reports/plugin_formatters/stdout/autologin.rb +0 -38
- data/reports/plugin_formatters/stdout/content_types.rb +0 -51
- data/reports/plugin_formatters/stdout/cookie_collector.rb +0 -43
- data/reports/plugin_formatters/stdout/discovery.rb +0 -37
- data/reports/plugin_formatters/stdout/form_dicattack.rb +0 -34
- data/reports/plugin_formatters/stdout/healthmap.rb +0 -49
- data/reports/plugin_formatters/stdout/http_dicattack.rb +0 -34
- data/reports/plugin_formatters/stdout/profiler.rb +0 -66
- data/reports/plugin_formatters/stdout/resolver.rb +0 -29
- data/reports/plugin_formatters/stdout/timing_attacks.rb +0 -37
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +0 -37
- data/reports/plugin_formatters/stdout/uniformity.rb +0 -48
- data/reports/plugin_formatters/stdout/waf_detector.rb +0 -31
- data/reports/plugin_formatters/xml/autologin.rb +0 -41
- data/reports/plugin_formatters/xml/content_types.rb +0 -61
- data/reports/plugin_formatters/xml/cookie_collector.rb +0 -45
- data/reports/plugin_formatters/xml/discovery.rb +0 -38
- data/reports/plugin_formatters/xml/form_dicattack.rb +0 -34
- data/reports/plugin_formatters/xml/healthmap.rb +0 -58
- data/reports/plugin_formatters/xml/http_dicattack.rb +0 -33
- data/reports/plugin_formatters/xml/profiler.rb +0 -80
- data/reports/plugin_formatters/xml/resolver.rb +0 -33
- data/reports/plugin_formatters/xml/timing_attacks.rb +0 -39
- data/reports/plugin_formatters/xml/uncommon_headers.rb +0 -38
- data/reports/plugin_formatters/xml/uniformity.rb +0 -54
- data/reports/plugin_formatters/xml/waf_detector.rb +0 -34
- data/reports/stdout.rb +0 -203
- data/reports/txt.rb +0 -58
- data/reports/xml.rb +0 -176
- data/reports/xml/buffer.rb +0 -97
- data/reports/yaml.rb +0 -46
- data/spec/arachni/audit_store_spec.rb +0 -239
- data/spec/arachni/component/options/enum_spec.rb +0 -51
- data/spec/arachni/element/base_spec.rb +0 -138
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +0 -134
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +0 -409
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +0 -157
- data/spec/arachni/element/capabilities/mutable_spec.rb +0 -284
- data/spec/arachni/http_spec.rb +0 -962
- data/spec/arachni/mixins/observable_spec.rb +0 -75
- data/spec/arachni/mixins/progress_bar_spec.rb +0 -47
- data/spec/arachni/module/auditor_spec.rb +0 -544
- data/spec/arachni/module/manager_spec.rb +0 -150
- data/spec/arachni/module/utilities_spec.rb +0 -30
- data/spec/arachni/report/base_spec.rb +0 -61
- data/spec/arachni/report/manager_spec.rb +0 -82
- data/spec/arachni/rpc/server/dispatcher/handler_spec.rb +0 -102
- data/spec/arachni/rpc/server/framework_hpg_spec.rb +0 -376
- data/spec/arachni/rpc/server/framework_simple_spec.rb +0 -501
- data/spec/arachni/rpc/server/modules/manager_spec.rb +0 -47
- data/spec/arachni/rpc/server/spider_spec.rb +0 -68
- data/spec/arachni/ruby/enumerable_spec.rb +0 -37
- data/spec/arachni/spider_spec.rb +0 -539
- data/spec/arachni/support/cache/base_spec.rb +0 -282
- data/spec/arachni/support/key_filler.rb +0 -60
- data/spec/arachni/support/queue/disk_spec.rb +0 -116
- data/spec/arachni/typhoeus/requrest_spec.rb +0 -58
- data/spec/arachni/typhoeus/response_spec.rb +0 -171
- data/spec/fingerprinters/frameworks/rack_spec.rb +0 -41
- data/spec/fingerprinters/languages/asp_spec.rb +0 -40
- data/spec/fingerprinters/languages/aspx_spec.rb +0 -78
- data/spec/fingerprinters/languages/jsp_spec.rb +0 -58
- data/spec/fingerprinters/languages/php_spec.rb +0 -61
- data/spec/fingerprinters/languages/python_spec.rb +0 -23
- data/spec/fingerprinters/languages/ruby.rb +0 -34
- data/spec/fingerprinters/os/bsd_spec.rb +0 -26
- data/spec/fingerprinters/os/linux_spec.rb +0 -34
- data/spec/fingerprinters/os/solaris_spec.rb +0 -34
- data/spec/fingerprinters/os/unix_spec.rb +0 -26
- data/spec/fingerprinters/os/windows_spec.rb +0 -34
- data/spec/fingerprinters/servers/apache_spec.rb +0 -26
- data/spec/fingerprinters/servers/iis_spec.rb +0 -28
- data/spec/fingerprinters/servers/jetty_spec.rb +0 -28
- data/spec/fingerprinters/servers/nginx_spec.rb +0 -26
- data/spec/fingerprinters/servers/tomcat_spec.rb +0 -28
- data/spec/modules/audit/code_injection_spec.rb +0 -25
- data/spec/modules/audit/code_injection_timing_spec.rb +0 -24
- data/spec/modules/audit/csrf_spec.rb +0 -45
- data/spec/modules/audit/file_inclusion_spec.rb +0 -25
- data/spec/modules/audit/ldapi_spec.rb +0 -19
- data/spec/modules/audit/os_cmd_injection_spec.rb +0 -24
- data/spec/modules/audit/os_cmd_injection_timing_spec.rb +0 -24
- data/spec/modules/audit/path_traversal_spec.rb +0 -23
- data/spec/modules/audit/response_splitting_spec.rb +0 -19
- data/spec/modules/audit/rfi_spec.rb +0 -19
- data/spec/modules/audit/session_fixation_spec.rb +0 -23
- data/spec/modules/audit/source_code_disclosure_spec.rb +0 -24
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +0 -19
- data/spec/modules/audit/sqli_blind_timing_spec.rb +0 -23
- data/spec/modules/audit/sqli_spec.rb +0 -25
- data/spec/modules/audit/trainer_spec.rb +0 -35
- data/spec/modules/audit/unvalidated_redirect_spec.rb +0 -24
- data/spec/modules/audit/xpath_spec.rb +0 -25
- data/spec/modules/audit/xss_event_spec.rb +0 -19
- data/spec/modules/audit/xss_path_spec.rb +0 -19
- data/spec/modules/audit/xss_script_tag_spec.rb +0 -27
- data/spec/modules/audit/xss_spec.rb +0 -24
- data/spec/modules/audit/xss_tag_spec.rb +0 -19
- data/spec/modules/recon/allowed_methods_spec.rb +0 -19
- data/spec/modules/recon/backdoors_spec.rb +0 -19
- data/spec/modules/recon/backup_files_spec.rb +0 -19
- data/spec/modules/recon/common_directories_spec.rb +0 -19
- data/spec/modules/recon/common_files_spec.rb +0 -19
- data/spec/modules/recon/directory_listing_spec.rb +0 -19
- data/spec/modules/recon/grep/captcha_spec.rb +0 -19
- data/spec/modules/recon/grep/credit_card_spec.rb +0 -19
- data/spec/modules/recon/grep/cvs_svn_users_spec.rb +0 -19
- data/spec/modules/recon/grep/emails_spec.rb +0 -19
- data/spec/modules/recon/grep/form_upload_spec.rb +0 -19
- data/spec/modules/recon/grep/html_objects_spec.rb +0 -19
- data/spec/modules/recon/grep/http_only_cookies_spec.rb +0 -19
- data/spec/modules/recon/grep/insecure_cookies_spec.rb +0 -19
- data/spec/modules/recon/grep/mixed_resource_spec.rb +0 -20
- data/spec/modules/recon/grep/password_autocomplete_spec.rb +0 -19
- data/spec/modules/recon/grep/private_ip_spec.rb +0 -26
- data/spec/modules/recon/grep/ssn_spec.rb +0 -19
- data/spec/modules/recon/grep/unencrypted_password_forms_spec.rb +0 -19
- data/spec/modules/recon/htaccess_limit_spec.rb +0 -19
- data/spec/modules/recon/http_put_spec.rb +0 -19
- data/spec/modules/recon/interesting_responses_spec.rb +0 -30
- data/spec/modules/recon/localstart_asp_spec.rb +0 -19
- data/spec/modules/recon/webdav_spec.rb +0 -19
- data/spec/modules/recon/x_forwarded_for_access_restriction_bypass_spec.rb +0 -19
- data/spec/modules/recon/xst_spec.rb +0 -19
- data/spec/path_extractors/scripts_spec.rb +0 -19
- data/spec/plugins/autologin_spec.rb +0 -94
- data/spec/plugins/autothrottle_spec.rb +0 -45
- data/spec/plugins/content_types_spec.rb +0 -93
- data/spec/plugins/cookie_collector_spec.rb +0 -49
- data/spec/plugins/form_dicattack_spec.rb +0 -60
- data/spec/plugins/healthmap_spec.rb +0 -40
- data/spec/plugins/http_dicattack_spec.rb +0 -40
- data/spec/plugins/meta/remedies/discovery_spec.rb +0 -21
- data/spec/plugins/meta/remedies/timing_attacks_spec.rb +0 -34
- data/spec/plugins/meta/uniformity_spec.rb +0 -83
- data/spec/plugins/profiler_spec.rb +0 -82
- data/spec/plugins/rescan_spec.rb +0 -26
- data/spec/plugins/resolver_spec.rb +0 -16
- data/spec/plugins/script_spec.rb +0 -12
- data/spec/plugins/uncommon_headers_spec.rb +0 -64
- data/spec/plugins/vector_feed_spec.rb +0 -167
- data/spec/plugins/waf_detector_spec.rb +0 -41
- data/spec/reports/afr_spec.rb +0 -13
- data/spec/reports/ap_spec.rb +0 -9
- data/spec/reports/html_spec.rb +0 -13
- data/spec/reports/json_spec.rb +0 -17
- data/spec/reports/marshal_spec.rb +0 -13
- data/spec/reports/stdout_spec.rb +0 -9
- data/spec/reports/txt_spec.rb +0 -8
- data/spec/reports/xml_spec.rb +0 -13
- data/spec/reports/yaml_spec.rb +0 -13
- data/spec/support/fixtures/auditstore.afr +0 -76074
- data/spec/support/fixtures/modules/test.rb +0 -58
- data/spec/support/fixtures/modules/test2.rb +0 -46
- data/spec/support/fixtures/modules/test3.rb +0 -46
- data/spec/support/fixtures/plugins/spider_hook.rb +0 -50
- data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +0 -21
- data/spec/support/fixtures/reports/base_spec/with_formatters.rb +0 -23
- data/spec/support/fixtures/reports/base_spec/with_outfile.rb +0 -24
- data/spec/support/fixtures/reports/base_spec/without_outfile.rb +0 -20
- data/spec/support/fixtures/reports/manager_spec/afr.rb +0 -21
- data/spec/support/fixtures/reports/manager_spec/foo.rb +0 -26
- data/spec/support/fixtures/rpcd_handlers/echo.rb +0 -68
- data/spec/support/fixtures/run_mod/body.rb +0 -58
- data/spec/support/fixtures/run_mod/cookies.rb +0 -58
- data/spec/support/fixtures/run_mod/empty.rb +0 -58
- data/spec/support/fixtures/run_mod/flch.rb +0 -63
- data/spec/support/fixtures/run_mod/forms.rb +0 -58
- data/spec/support/fixtures/run_mod/headers.rb +0 -58
- data/spec/support/fixtures/run_mod/links.rb +0 -58
- data/spec/support/fixtures/run_mod/nil.rb +0 -57
- data/spec/support/fixtures/run_mod/path.rb +0 -58
- data/spec/support/fixtures/run_mod/server.rb +0 -58
- data/spec/support/fixtures/taint_module/taint.rb +0 -48
- data/spec/support/fixtures/wait_module/wait.rb +0 -48
- data/spec/support/logs/Dispatcher - 1332-56847.log +0 -9
- data/spec/support/logs/Dispatcher - 1361-63434.log +0 -21
- data/spec/support/logs/Dispatcher - 1545-55308.log +0 -9
- data/spec/support/logs/Dispatcher - 1559-18938.log +0 -19
- data/spec/support/logs/Dispatcher - 1568-25013.log +0 -17
- data/spec/support/logs/Dispatcher - 1577-55689.log +0 -13
- data/spec/support/logs/Dispatcher - 1586-18577.log +0 -9
- data/spec/support/logs/Dispatcher - 1595-49353.log +0 -9
- data/spec/support/logs/Dispatcher - 1604-27831.log +0 -11
- data/spec/support/logs/Dispatcher - 1617-57444.log +0 -11
- data/spec/support/logs/Dispatcher - 1631-28737.log +0 -11
- data/spec/support/logs/Dispatcher - 1644-21815.log +0 -33
- data/spec/support/logs/Dispatcher - 1738-53470.log +0 -21
- data/spec/support/logs/Dispatcher - 1747-64173.log +0 -21
- data/spec/support/logs/Dispatcher - 1756-11866.log +0 -23
- data/spec/support/logs/Dispatcher - 1798-12175.log +0 -19
- data/spec/support/logs/Dispatcher - 1807-22790.log +0 -17
- data/spec/support/logs/Dispatcher - 1816-57823.log +0 -15
- data/spec/support/logs/Dispatcher - 1831-64825.log +0 -11
- data/spec/support/logs/Dispatcher - 1845-27623.log +0 -9
- data/spec/support/logs/Dispatcher - 1854-26066.log +0 -9
- data/spec/support/logs/Dispatcher - 1863-37486.log +0 -9
- data/spec/support/logs/Dispatcher - 1874-22463.log +0 -9
- data/spec/support/logs/Dispatcher - 1883-41263.log +0 -11
- data/spec/support/logs/Dispatcher - 1900-53660.log +0 -9
- data/spec/support/logs/Dispatcher - 1909-44423.log +0 -9
- data/spec/support/logs/Dispatcher - 1921-58931.log +0 -9
- data/spec/support/logs/Dispatcher - 1993-6448.log +0 -63
- data/spec/support/logs/Dispatcher - 2002-19206.log +0 -43
- data/spec/support/logs/Dispatcher - 2011-11852.log +0 -39
- data/spec/support/logs/Dispatcher - 2020-65055.log +0 -34
- data/spec/support/logs/Dispatcher - 2029-48445.log +0 -28
- data/spec/support/logs/Dispatcher - 2038-55271.log +0 -21
- data/spec/support/logs/Dispatcher - 2047-45722.log +0 -13
- data/spec/support/logs/Dispatcher - 2057-48194.log +0 -9
- data/spec/support/logs/Dispatcher - 2189-39843.log +0 -19
- data/spec/support/logs/Dispatcher - 2199-15985.log +0 -21
- data/spec/support/logs/Dispatcher - 2208-22080.log +0 -15
- data/spec/support/logs/Dispatcher - 2221-37690.log +0 -19
- data/spec/support/logs/Dispatcher - 2230-47867.log +0 -21
- data/spec/support/logs/Dispatcher - 2239-27060.log +0 -15
- data/spec/support/logs/Dispatcher - 2358-8967.log +0 -17
- data/spec/support/logs/Dispatcher - 2367-27103.log +0 -21
- data/spec/support/logs/Dispatcher - 2376-16287.log +0 -13
- data/spec/support/logs/Dispatcher - 2389-9109.log +0 -19
- data/spec/support/logs/Dispatcher - 2398-62926.log +0 -21
- data/spec/support/logs/Dispatcher - 2407-48685.log +0 -15
- data/spec/support/logs/Dispatcher - 2459-62480.log +0 -17
- data/spec/support/logs/Dispatcher - 2470-57894.log +0 -21
- data/spec/support/logs/Dispatcher - 2479-51883.log +0 -13
- data/spec/support/logs/Dispatcher - 2493-36944.log +0 -17
- data/spec/support/logs/Dispatcher - 2503-59143.log +0 -21
- data/spec/support/logs/Dispatcher - 2513-33084.log +0 -13
- data/spec/support/logs/Dispatcher - 25430-46306.log +0 -9
- data/spec/support/logs/Dispatcher - 25457-10711.log +0 -23
- data/spec/support/logs/Dispatcher - 25603-48892.log +0 -9
- data/spec/support/logs/Dispatcher - 25613-24775.log +0 -19
- data/spec/support/logs/Dispatcher - 25622-59684.log +0 -17
- data/spec/support/logs/Dispatcher - 25631-23195.log +0 -13
- data/spec/support/logs/Dispatcher - 25640-9810.log +0 -9
- data/spec/support/logs/Dispatcher - 25649-52757.log +0 -9
- data/spec/support/logs/Dispatcher - 25658-58550.log +0 -11
- data/spec/support/logs/Dispatcher - 25671-30871.log +0 -11
- data/spec/support/logs/Dispatcher - 25684-48620.log +0 -11
- data/spec/support/logs/Dispatcher - 25697-18124.log +0 -37
- data/spec/support/logs/Dispatcher - 25762-35321.log +0 -21
- data/spec/support/logs/Dispatcher - 25771-64633.log +0 -21
- data/spec/support/logs/Dispatcher - 25780-43558.log +0 -23
- data/spec/support/logs/Dispatcher - 25821-43561.log +0 -19
- data/spec/support/logs/Dispatcher - 25830-39112.log +0 -17
- data/spec/support/logs/Dispatcher - 25839-44093.log +0 -15
- data/spec/support/logs/Dispatcher - 25852-12057.log +0 -11
- data/spec/support/logs/Dispatcher - 25866-49029.log +0 -9
- data/spec/support/logs/Dispatcher - 25875-32179.log +0 -9
- data/spec/support/logs/Dispatcher - 25884-62703.log +0 -9
- data/spec/support/logs/Dispatcher - 25894-4228.log +0 -9
- data/spec/support/logs/Dispatcher - 25903-6709.log +0 -11
- data/spec/support/logs/Dispatcher - 25917-29651.log +0 -9
- data/spec/support/logs/Dispatcher - 25926-12708.log +0 -9
- data/spec/support/logs/Dispatcher - 25935-54092.log +0 -9
- data/spec/support/logs/Dispatcher - 25990-26756.log +0 -63
- data/spec/support/logs/Dispatcher - 25999-4016.log +0 -43
- data/spec/support/logs/Dispatcher - 26008-52076.log +0 -39
- data/spec/support/logs/Dispatcher - 26017-48497.log +0 -34
- data/spec/support/logs/Dispatcher - 26026-28839.log +0 -28
- data/spec/support/logs/Dispatcher - 26035-54215.log +0 -21
- data/spec/support/logs/Dispatcher - 26044-27216.log +0 -13
- data/spec/support/logs/Dispatcher - 26054-53464.log +0 -9
- data/spec/support/logs/Dispatcher - 26163-65271.log +0 -19
- data/spec/support/logs/Dispatcher - 26173-58105.log +0 -21
- data/spec/support/logs/Dispatcher - 26182-40848.log +0 -15
- data/spec/support/logs/Dispatcher - 26195-2855.log +0 -19
- data/spec/support/logs/Dispatcher - 26204-35297.log +0 -21
- data/spec/support/logs/Dispatcher - 26213-59588.log +0 -15
- data/spec/support/logs/Dispatcher - 26333-40774.log +0 -17
- data/spec/support/logs/Dispatcher - 26342-45541.log +0 -21
- data/spec/support/logs/Dispatcher - 26351-3349.log +0 -13
- data/spec/support/logs/Dispatcher - 26364-37456.log +0 -19
- data/spec/support/logs/Dispatcher - 26373-37340.log +0 -21
- data/spec/support/logs/Dispatcher - 26382-54864.log +0 -15
- data/spec/support/logs/Dispatcher - 26434-3070.log +0 -17
- data/spec/support/logs/Dispatcher - 26448-14295.log +0 -21
- data/spec/support/logs/Dispatcher - 26474-30587.log +0 -13
- data/spec/support/logs/Dispatcher - 26500-32529.log +0 -17
- data/spec/support/logs/Dispatcher - 26509-16952.log +0 -21
- data/spec/support/logs/Dispatcher - 26519-43332.log +0 -13
- data/spec/support/logs/Dispatcher - 26750-61867.log +0 -19
- data/spec/support/logs/Dispatcher - 26759-22532.log +0 -21
- data/spec/support/logs/Dispatcher - 26768-18231.log +0 -15
- data/spec/support/logs/Dispatcher - 26792-41661.log +0 -21
- data/spec/support/logs/Dispatcher - 26801-14384.log +0 -25
- data/spec/support/logs/Dispatcher - 26810-2591.log +0 -15
- data/spec/support/logs/Dispatcher - 26846-14591.log +0 -17
- data/spec/support/logs/Dispatcher - 26855-15708.log +0 -21
- data/spec/support/logs/Dispatcher - 26864-2062.log +0 -13
- data/spec/support/logs/Dispatcher - 26877-14471.log +0 -21
- data/spec/support/logs/Dispatcher - 26886-49795.log +0 -25
- data/spec/support/logs/Dispatcher - 26895-21093.log +0 -15
- data/spec/support/logs/Dispatcher - 26931-30049.log +0 -17
- data/spec/support/logs/Dispatcher - 26940-34273.log +0 -21
- data/spec/support/logs/Dispatcher - 26949-30040.log +0 -13
- data/spec/support/logs/Dispatcher - 26962-8152.log +0 -17
- data/spec/support/logs/Dispatcher - 26971-53062.log +0 -21
- data/spec/support/logs/Dispatcher - 26980-7548.log +0 -13
- data/spec/support/logs/Dispatcher - 2737-20989.log +0 -19
- data/spec/support/logs/Dispatcher - 2746-5423.log +0 -21
- data/spec/support/logs/Dispatcher - 2755-53393.log +0 -15
- data/spec/support/logs/Dispatcher - 27615-41812.log +0 -19
- data/spec/support/logs/Dispatcher - 27624-43683.log +0 -21
- data/spec/support/logs/Dispatcher - 27633-11593.log +0 -15
- data/spec/support/logs/Dispatcher - 27658-12186.log +0 -21
- data/spec/support/logs/Dispatcher - 27667-15575.log +0 -25
- data/spec/support/logs/Dispatcher - 27676-17207.log +0 -15
- data/spec/support/logs/Dispatcher - 27712-2233.log +0 -17
- data/spec/support/logs/Dispatcher - 27721-3842.log +0 -21
- data/spec/support/logs/Dispatcher - 27730-22695.log +0 -13
- data/spec/support/logs/Dispatcher - 27743-8364.log +0 -21
- data/spec/support/logs/Dispatcher - 27752-6140.log +0 -25
- data/spec/support/logs/Dispatcher - 27761-25015.log +0 -15
- data/spec/support/logs/Dispatcher - 27797-9270.log +0 -17
- data/spec/support/logs/Dispatcher - 2780-58168.log +0 -21
- data/spec/support/logs/Dispatcher - 27806-48623.log +0 -21
- data/spec/support/logs/Dispatcher - 27815-58778.log +0 -13
- data/spec/support/logs/Dispatcher - 27828-29742.log +0 -17
- data/spec/support/logs/Dispatcher - 27837-46211.log +0 -21
- data/spec/support/logs/Dispatcher - 27846-16143.log +0 -13
- data/spec/support/logs/Dispatcher - 2789-29375.log +0 -25
- data/spec/support/logs/Dispatcher - 2798-10983.log +0 -15
- data/spec/support/logs/Dispatcher - 2836-2354.log +0 -17
- data/spec/support/logs/Dispatcher - 2845-65341.log +0 -21
- data/spec/support/logs/Dispatcher - 2854-18936.log +0 -13
- data/spec/support/logs/Dispatcher - 2867-51979.log +0 -21
- data/spec/support/logs/Dispatcher - 2876-21086.log +0 -25
- data/spec/support/logs/Dispatcher - 2887-17393.log +0 -15
- data/spec/support/logs/Dispatcher - 2930-37394.log +0 -17
- data/spec/support/logs/Dispatcher - 2943-46737.log +0 -21
- data/spec/support/logs/Dispatcher - 2956-37866.log +0 -13
- data/spec/support/logs/Dispatcher - 2976-21012.log +0 -17
- data/spec/support/logs/Dispatcher - 2990-48082.log +0 -21
- data/spec/support/logs/Dispatcher - 2999-16391.log +0 -13
- data/spec/support/logs/Instance - 2204-45164.error.log +0 -356
- data/spec/support/logs/Instance - 2475-49789.error.log +0 -356
- data/spec/support/logs/Instance - 2509-39450.error.log +0 -455
- data/spec/support/logs/Instance - 2533-5785.error.log +0 -354
- data/spec/support/logs/Instance - 2539-42941.error.log +0 -356
- data/spec/support/logs/Instance - 26178-57631.error.log +0 -324
- data/spec/support/logs/Instance - 26458-60253.error.log +0 -326
- data/spec/support/logs/Instance - 26514-44685.error.log +0 -423
- data/spec/support/logs/Instance - 26538-43093.error.log +0 -322
- data/spec/support/logs/Instance - 26544-52217.error.log +0 -328
- data/spec/support/logs/Instance - 26682-37056.error.log +0 -345
- data/spec/support/logs/Instance - 2669-56818.error.log +0 -354
- data/spec/support/logs/Instance - 27547-3928.error.log +0 -309
- data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +0 -162
- data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +0 -34
- data/spec/support/servers/arachni/http.rb +0 -127
- data/spec/support/servers/arachni/http_auth.rb +0 -9
- data/spec/support/servers/arachni/module/auditor.rb +0 -136
- data/spec/support/servers/arachni/rpc/server/framework_simple.rb +0 -30
- data/spec/support/servers/arachni/spider.rb +0 -234
- data/spec/support/servers/arachni/spider_https.rb +0 -58
- data/spec/support/servers/modules/audit/code_injection.rb +0 -139
- data/spec/support/servers/modules/audit/code_injection_timing.rb +0 -110
- data/spec/support/servers/modules/audit/file_inclusion.rb +0 -202
- data/spec/support/servers/modules/audit/ldapi.rb +0 -73
- data/spec/support/servers/modules/audit/os_cmd_injection.rb +0 -140
- data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +0 -103
- data/spec/support/servers/modules/audit/path_traversal.rb +0 -197
- data/spec/support/servers/modules/audit/response_splitting.rb +0 -114
- data/spec/support/servers/modules/audit/session_fixation.rb +0 -87
- data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -95
- data/spec/support/servers/modules/audit/sqli.rb +0 -118
- data/spec/support/servers/modules/audit/sqli_blind_timing.rb +0 -121
- data/spec/support/servers/modules/audit/unvalidated_redirect.rb +0 -115
- data/spec/support/servers/modules/audit/xpath.rb +0 -111
- data/spec/support/servers/modules/audit/xss.rb +0 -152
- data/spec/support/servers/modules/audit/xss_event.rb +0 -80
- data/spec/support/servers/modules/audit/xss_script_tag.rb +0 -73
- data/spec/support/servers/modules/module_server.rb +0 -14
- data/spec/support/servers/modules/recon/backdoors.rb +0 -4
- data/spec/support/servers/modules/recon/backup_files.rb +0 -28
- data/spec/support/servers/modules/recon/common_directories.rb +0 -6
- data/spec/support/servers/modules/recon/common_files.rb +0 -6
- data/spec/support/servers/modules/recon/directory_listing.rb +0 -30
- data/spec/support/servers/modules/recon/grep/emails.rb +0 -21
- data/spec/support/servers/modules/recon/grep/insecure_cookies.rb +0 -21
- data/spec/support/servers/modules/recon/grep/mixed_resource.rb +0 -83
- data/spec/support/servers/modules/recon/grep/password_autocomplete.rb +0 -33
- data/spec/support/servers/modules/recon/grep/unencrypted_password_forms.rb +0 -33
- data/spec/support/servers/modules/recon/http_put.rb +0 -7
- data/spec/support/servers/modules/recon/interesting_responses.rb +0 -5
- data/spec/support/servers/modules/recon/webdav.rb +0 -25
- data/spec/support/servers/modules/recon/x_forwarded_for_access_restriction_bypass.rb +0 -16
- data/spec/support/servers/plugins/profiler.rb +0 -82
- data/spec/support/servers/plugins/rescan.rb +0 -31
- data/spec/support/shared/module.rb +0 -162
- data/spec/support/shared/reports.rb +0 -47
@@ -0,0 +1,22 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
3
|
+
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
|
+
web site for more information on licensing and terms of use.
|
7
|
+
=end
|
8
|
+
|
9
|
+
module Arachni::OptionGroups
|
10
|
+
|
11
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
+
class Snapshot < Arachni::OptionGroup
|
13
|
+
|
14
|
+
# @return [String]
|
15
|
+
# Directory or file path where to store the scan snapshot.
|
16
|
+
#
|
17
|
+
# @see Framework#suspend
|
18
|
+
attr_accessor :save_path
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
data/lib/arachni/options.rb
CHANGED
@@ -1,1590 +1,390 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-2014 Tasos Laskos <tasos.laskos@
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
3
3
|
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
Unless required by applicable law or agreed to in writing, software
|
11
|
-
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
See the License for the specific language governing permissions and
|
14
|
-
limitations under the License.
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
|
+
web site for more information on licensing and terms of use.
|
15
7
|
=end
|
16
8
|
|
17
|
-
require 'rubygems'
|
18
|
-
require 'bundler/setup'
|
19
|
-
|
20
|
-
require 'base64'
|
21
|
-
|
22
9
|
require 'yaml'
|
23
|
-
|
24
10
|
require 'singleton'
|
25
|
-
require 'getoptlong'
|
26
11
|
|
27
12
|
require_relative 'error'
|
13
|
+
require_relative 'utilities'
|
28
14
|
|
29
15
|
module Arachni
|
30
16
|
|
17
|
+
# Provides access to all of {Arachni}'s runtime options.
|
31
18
|
#
|
32
|
-
#
|
19
|
+
# To make management of options for different subsystems easier, some options
|
20
|
+
# are {OptionGroups grouped together}.
|
33
21
|
#
|
34
|
-
#
|
22
|
+
# {OptionGroups Option groups} are initialized and added as attribute readers
|
23
|
+
# to this class dynamically. Their attribute readers are named after the group's
|
24
|
+
# filename and can be accessed, like so:
|
35
25
|
#
|
36
|
-
#
|
26
|
+
# Arachni::Options.scope.page_limit = 10
|
37
27
|
#
|
28
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
29
|
+
# @see OptionGroups
|
38
30
|
class Options
|
39
31
|
include Singleton
|
40
32
|
|
41
|
-
#
|
42
33
|
# {Options} error namespace.
|
43
34
|
#
|
44
35
|
# All {Options} errors inherit from and live under it.
|
45
36
|
#
|
46
|
-
# @author Tasos "Zapotek" Laskos <tasos.laskos@
|
47
|
-
#
|
37
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
48
38
|
class Error < Arachni::Error
|
49
39
|
|
50
|
-
#
|
51
40
|
# Raised when a provided {Options#url= URL} is invalid.
|
52
41
|
#
|
53
|
-
# @author Tasos "Zapotek" Laskos <tasos.laskos@
|
54
|
-
#
|
42
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
55
43
|
class InvalidURL < Error
|
56
44
|
end
|
57
|
-
end
|
58
45
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
46
|
+
# Raised when a provided 'localhost' or '127.0.0.1' {Options#url= URL}.
|
47
|
+
#
|
48
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
49
|
+
class ReservedHostname < Error
|
50
|
+
end
|
51
|
+
end
|
65
52
|
|
66
|
-
|
53
|
+
class <<self
|
67
54
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
# @return [Hash]
|
76
|
-
#
|
77
|
-
attr_reader :datastore
|
55
|
+
def method_missing( sym, *args, &block )
|
56
|
+
if instance.respond_to?( sym )
|
57
|
+
instance.send( sym, *args, &block )
|
58
|
+
else
|
59
|
+
super( sym, *args, &block )
|
60
|
+
end
|
61
|
+
end
|
78
62
|
|
79
|
-
|
80
|
-
|
63
|
+
def respond_to?( *args )
|
64
|
+
super || instance.respond_to?( *args )
|
65
|
+
end
|
81
66
|
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
attr_accessor :neighbour
|
67
|
+
# Ruby 2.0 doesn't like my class-level method_missing for some reason.
|
68
|
+
# @private
|
69
|
+
public :allocate
|
86
70
|
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
71
|
+
# @return [Hash<Symbol,OptionGroup>]
|
72
|
+
# {OptionGroups Option group} classes by name.
|
73
|
+
def group_classes
|
74
|
+
@group_classes ||= {}
|
75
|
+
end
|
91
76
|
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
77
|
+
# Should be called by {OptionGroup.inherited}.
|
78
|
+
# @private
|
79
|
+
def register_group( group )
|
80
|
+
name = Utilities.caller_name
|
96
81
|
|
97
|
-
|
98
|
-
|
99
|
-
#
|
100
|
-
attr_accessor :pipe_id
|
82
|
+
# Prepare an attribute reader for this group...
|
83
|
+
attr_reader name
|
101
84
|
|
102
|
-
|
103
|
-
|
104
|
-
#
|
105
|
-
attr_accessor :weight
|
85
|
+
# ... and initialize it.
|
86
|
+
instance_variable_set "@#{name}".to_sym, group.new
|
106
87
|
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
attr_accessor :nickname
|
88
|
+
group_classes[name.to_sym] = group
|
89
|
+
end
|
90
|
+
end
|
111
91
|
|
112
|
-
#
|
113
|
-
|
114
|
-
#
|
115
|
-
# @return [Hash]
|
116
|
-
#
|
117
|
-
attr_accessor :dir
|
92
|
+
# Load all {OptionGroups}.
|
93
|
+
require_relative 'option_groups'
|
118
94
|
|
119
|
-
#
|
120
|
-
# The URL to audit
|
121
|
-
#
|
122
95
|
# @return [String]
|
123
|
-
#
|
96
|
+
# The URL to audit.
|
124
97
|
attr_reader :url
|
125
98
|
|
99
|
+
# @return [Array<String, Symbol>]
|
100
|
+
# Checks to load, by name.
|
126
101
|
#
|
127
|
-
#
|
128
|
-
#
|
129
|
-
# @
|
130
|
-
|
131
|
-
attr_accessor :help
|
132
|
-
|
133
|
-
#
|
134
|
-
# Output only positive results during the audit?
|
135
|
-
#
|
136
|
-
# @return [Bool]
|
137
|
-
#
|
138
|
-
attr_accessor :only_positives
|
139
|
-
|
140
|
-
#
|
141
|
-
# Be verbose?
|
142
|
-
#
|
143
|
-
# @return [Bool]
|
144
|
-
#
|
145
|
-
attr_accessor :arachni_verbose
|
146
|
-
|
147
|
-
#
|
148
|
-
# Output debugging messages?
|
149
|
-
#
|
150
|
-
# @return [Bool]
|
151
|
-
#
|
152
|
-
attr_accessor :debug
|
102
|
+
# @see Checks
|
103
|
+
# @see Check::Base
|
104
|
+
# @see Check::Manager
|
105
|
+
attr_accessor :checks
|
153
106
|
|
107
|
+
# @return [Array<Symbol>]
|
108
|
+
# Platforms to use instead of (or in addition to, depending on the
|
109
|
+
# {#no_fingerprinting option}) fingerprinting.
|
154
110
|
#
|
155
|
-
#
|
156
|
-
#
|
157
|
-
# @
|
158
|
-
|
159
|
-
attr_accessor :redundant
|
111
|
+
# @see Platform
|
112
|
+
# @see Platform::List
|
113
|
+
# @see Platform::Manager
|
114
|
+
attr_accessor :platforms
|
160
115
|
|
116
|
+
# @return [Hash{<String, Symbol> => Hash{String => String}}]
|
117
|
+
# Plugins to load, by name, as keys and their options as values.
|
161
118
|
#
|
162
|
-
#
|
163
|
-
#
|
164
|
-
# @
|
165
|
-
|
166
|
-
attr_accessor :obey_robots_txt
|
119
|
+
# @see Plugins
|
120
|
+
# @see Plugin::Base
|
121
|
+
# @see Plugin::Manager
|
122
|
+
attr_accessor :plugins
|
167
123
|
|
124
|
+
# @return [String]
|
125
|
+
# E-mail address of the person that authorized the scan. It will be added
|
126
|
+
# to the HTTP `From` headers.
|
168
127
|
#
|
169
|
-
#
|
170
|
-
|
171
|
-
#
|
172
|
-
# @return [Integer]
|
173
|
-
#
|
174
|
-
attr_accessor :depth_limit
|
128
|
+
# @see HTTP::Client#headers
|
129
|
+
attr_accessor :authorized_by
|
175
130
|
|
131
|
+
# @return [Bool]
|
132
|
+
# Disable platform fingeprinting.
|
176
133
|
#
|
177
|
-
#
|
178
|
-
#
|
179
|
-
#
|
180
|
-
# @
|
181
|
-
|
182
|
-
attr_accessor :link_count_limit
|
134
|
+
# @see Platform::Fingerprinter
|
135
|
+
# @see Platform::Fingerprinters
|
136
|
+
# @see Platform::List
|
137
|
+
# @see Platform::Manager
|
138
|
+
attr_accessor :no_fingerprinting
|
183
139
|
|
140
|
+
# @return [Integer]
|
141
|
+
# Amount of child {RPC::Server::Instance}s to spawn when performing
|
142
|
+
# multi-{RPC::Server::Instance} scans.
|
184
143
|
#
|
185
|
-
#
|
186
|
-
|
187
|
-
#
|
188
|
-
# @return [Integer]
|
189
|
-
#
|
190
|
-
attr_accessor :redirect_limit
|
144
|
+
# @see UI::CLI::RPC::Instance#scan
|
145
|
+
attr_accessor :spawns
|
191
146
|
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
# @return [Array<Regexp>]
|
196
|
-
#
|
197
|
-
attr_accessor :lsmod
|
147
|
+
def initialize
|
148
|
+
reset
|
149
|
+
end
|
198
150
|
|
151
|
+
# Restores everything to their default values.
|
199
152
|
#
|
200
|
-
#
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
attr_accessor :lsrep
|
153
|
+
# @return [Options] `self`
|
154
|
+
def reset
|
155
|
+
# nil everything out.
|
156
|
+
instance_variables.each { |var| instance_variable_set( var.to_s, nil ) }
|
205
157
|
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
#
|
211
|
-
attr_accessor :http_req_limit
|
158
|
+
# Set fresh option groups.
|
159
|
+
group_classes.each do |name, klass|
|
160
|
+
instance_variable_set "@#{name}".to_sym, klass.new
|
161
|
+
end
|
212
162
|
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
#
|
218
|
-
# @return [Integer]
|
219
|
-
attr_accessor :http_queue_size
|
163
|
+
@checks = []
|
164
|
+
@platforms = []
|
165
|
+
@plugins = {}
|
166
|
+
@spawns = 0
|
220
167
|
|
221
|
-
|
222
|
-
|
223
|
-
#
|
224
|
-
# @return [Bool]
|
225
|
-
#
|
226
|
-
attr_accessor :audit_links
|
168
|
+
@no_fingerprinting = false
|
169
|
+
@authorized_by = nil
|
227
170
|
|
228
|
-
|
229
|
-
|
230
|
-
#
|
231
|
-
# @return [Bool]
|
232
|
-
#
|
233
|
-
attr_accessor :audit_forms
|
171
|
+
self
|
172
|
+
end
|
234
173
|
|
174
|
+
# @param [Integer] spawns
|
235
175
|
#
|
236
|
-
#
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
attr_accessor :audit_cookies
|
241
|
-
|
242
|
-
attr_accessor :audit_cookies_extensively
|
243
|
-
alias :audit_cookies_extensively? :audit_cookies_extensively
|
176
|
+
# @see #spawns
|
177
|
+
def spawns=( spawns )
|
178
|
+
@spawns = spawns.to_i
|
179
|
+
end
|
244
180
|
|
245
|
-
#
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
#
|
250
|
-
attr_accessor :audit_headers
|
181
|
+
# Disables platform fingerprinting.
|
182
|
+
def do_not_fingerprint
|
183
|
+
self.no_fingerprinting = true
|
184
|
+
end
|
251
185
|
|
252
|
-
#
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
#
|
257
|
-
attr_accessor :mods
|
186
|
+
# Enables platform fingerprinting.
|
187
|
+
def fingerprint
|
188
|
+
self.no_fingerprinting = false
|
189
|
+
end
|
258
190
|
|
259
|
-
#
|
260
|
-
#
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
attr_accessor :reports
|
191
|
+
# @return [Bool]
|
192
|
+
# `true` if platform fingerprinting is enabled, `false` otherwise.
|
193
|
+
def fingerprint?
|
194
|
+
!@no_fingerprinting
|
195
|
+
end
|
265
196
|
|
197
|
+
# Normalizes and sets `url` as the target URL.
|
266
198
|
#
|
267
|
-
#
|
199
|
+
# @param [String] url
|
200
|
+
# Absolute URL of the targeted web app.
|
268
201
|
#
|
269
|
-
# @return
|
202
|
+
# @return [String]
|
203
|
+
# Normalized `url`
|
270
204
|
#
|
271
|
-
|
205
|
+
# @raise [Error::InvalidURL]
|
206
|
+
# If the given `url` is not valid.
|
207
|
+
def url=( url )
|
208
|
+
return @url = nil if !url
|
272
209
|
|
273
|
-
|
274
|
-
# Where to save the Arachni Framework Profile (.afp) file
|
275
|
-
#
|
276
|
-
# @return [String]
|
277
|
-
#
|
278
|
-
attr_accessor :save_profile
|
210
|
+
parsed = Arachni::URI( url.to_s )
|
279
211
|
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
212
|
+
if parsed.to_s.empty? || !parsed.absolute?
|
213
|
+
fail Error::InvalidURL,
|
214
|
+
'Invalid URL argument, please provide a full absolute URL and try again.'
|
215
|
+
elsif %w(localhost 127.0.0.1).include? parsed.host
|
216
|
+
fail Error::ReservedHostname, "'#{parsed.host}' is reserved, please use a different hostname."
|
217
|
+
else
|
218
|
+
if scope.https_only? && parsed.scheme != 'https'
|
219
|
+
fail Error::InvalidURL,
|
220
|
+
"Invalid URL argument, the 'https-only' option requires"+
|
221
|
+
' an HTTPS URL.'
|
222
|
+
elsif !%w(http https).include?( parsed.scheme )
|
223
|
+
fail Error::InvalidURL,
|
224
|
+
'Invalid URL scheme, please provide an HTTP or HTTPS URL and try again.'
|
225
|
+
end
|
226
|
+
end
|
286
227
|
|
228
|
+
@url = parsed.to_s
|
229
|
+
end
|
287
230
|
|
288
|
-
|
231
|
+
# Configures options via a Hash object.
|
232
|
+
#
|
233
|
+
# @example Configuring direct and {OptionGroups} attributes.
|
234
|
+
#
|
235
|
+
# {
|
236
|
+
# # Direct Options#url attribute.
|
237
|
+
# url: 'http://test.com/',
|
238
|
+
# # Options#audit attribute pointing to an OptionGroups::Audit instance.
|
239
|
+
# audit: {
|
240
|
+
# # Works due to the OptionGroups::Audit#elements= helper method.
|
241
|
+
# elements: [ :links, :forms, :cookies ]
|
242
|
+
# },
|
243
|
+
# # Direct Options#checks attribute.
|
244
|
+
# checks: [ :xss, 'sql_injection*' ],
|
245
|
+
# # Options#scope attribute pointing to an OptionGroups::Scope instance.
|
246
|
+
# scope: {
|
247
|
+
# # OptionGroups::Scope#page_limit
|
248
|
+
# page_limit: 10,
|
249
|
+
# # OptionGroups::Scope#directory_depth_limit
|
250
|
+
# directory_depth_limit: 3
|
251
|
+
# },
|
252
|
+
# # Options#http attribute pointing to an OptionGroups::HTTP instance.
|
253
|
+
# http: {
|
254
|
+
# # OptionGroups::HTTP#request_concurrency
|
255
|
+
# request_concurrency: 25,
|
256
|
+
# # OptionGroups::HTTP#request_timeout
|
257
|
+
# request_timeout: 10_000
|
258
|
+
# }
|
259
|
+
# }
|
260
|
+
#
|
261
|
+
# @param [Hash] options
|
262
|
+
# If the key refers to a class attribute, the attribute will be assigned
|
263
|
+
# the given value, if it refers to one of the {OptionGroups} the value
|
264
|
+
# should be a hash with data to update that {OptionGroup group} using
|
265
|
+
# {OptionGroup#update}.
|
266
|
+
#
|
267
|
+
# @return [Options]
|
268
|
+
#
|
269
|
+
# @see OptionGroups
|
270
|
+
def update( options )
|
271
|
+
options.each do |k, v|
|
272
|
+
k = k.to_sym
|
273
|
+
if group_classes.include? k
|
274
|
+
send( k ).update v
|
275
|
+
else
|
276
|
+
send( "#{k.to_s}=", v )
|
277
|
+
end
|
278
|
+
end
|
289
279
|
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
#
|
294
|
-
# @return [String]
|
295
|
-
#
|
296
|
-
attr_accessor :authed_by
|
280
|
+
self
|
281
|
+
end
|
282
|
+
alias :set :update
|
297
283
|
|
298
|
-
#
|
299
|
-
#
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
284
|
+
# @return [Hash]
|
285
|
+
# Hash of errors with the name of the invalid options/groups as the keys.
|
286
|
+
def validate
|
287
|
+
errors = {}
|
288
|
+
group_classes.keys.each do |name|
|
289
|
+
next if (group_errors = send(name).validate).empty?
|
290
|
+
errors[name] = group_errors
|
291
|
+
end
|
292
|
+
errors
|
293
|
+
end
|
304
294
|
|
305
|
-
#
|
306
|
-
#
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
295
|
+
# @param [String] file
|
296
|
+
# Saves `self` to `file` using YAML.
|
297
|
+
def save( file )
|
298
|
+
File.open( file, 'w' ) do |f|
|
299
|
+
f.write to_save_data
|
300
|
+
f.path
|
301
|
+
end
|
302
|
+
end
|
311
303
|
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
# @return [String]
|
316
|
-
#
|
317
|
-
attr_accessor :proxy_password
|
304
|
+
def to_save_data
|
305
|
+
to_rpc_data.to_yaml
|
306
|
+
end
|
318
307
|
|
308
|
+
# Loads a file created by {#save}.
|
319
309
|
#
|
320
|
-
#
|
321
|
-
#
|
322
|
-
# @return [String]
|
310
|
+
# @param [String] filepath
|
311
|
+
# Path to the file created by {#save}.
|
323
312
|
#
|
324
|
-
|
313
|
+
# @return [Arachni::Options]
|
314
|
+
def load( filepath )
|
315
|
+
update( YAML.load_file( filepath ) )
|
316
|
+
end
|
325
317
|
|
326
|
-
#
|
327
|
-
#
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
attr_accessor :proxy_type
|
318
|
+
# @return [Hash]
|
319
|
+
# `self` converted to a Hash suitable for RPC transmission.
|
320
|
+
def to_rpc_data
|
321
|
+
ignore = Set.new([:instance, :rpc, :dispatcher, :paths, :spawns,
|
322
|
+
:snapshot, :output])
|
332
323
|
|
333
|
-
|
334
|
-
|
324
|
+
hash = {}
|
325
|
+
instance_variables.each do |var|
|
326
|
+
val = instance_variable_get( var )
|
327
|
+
var = normalize_name( var )
|
335
328
|
|
336
|
-
|
337
|
-
# To be populated by the framework
|
338
|
-
#
|
339
|
-
# Parsed cookiejar cookies
|
340
|
-
#
|
341
|
-
# @return [Hash] name=>value pairs
|
342
|
-
#
|
343
|
-
attr_accessor :cookies
|
329
|
+
next if ignore.include?( var )
|
344
330
|
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
# @return [String]
|
349
|
-
#
|
350
|
-
attr_accessor :cookie_jar
|
331
|
+
hash[var.to_s] = (val.is_a? OptionGroup) ? val.to_rpc_data : val
|
332
|
+
end
|
333
|
+
hash = hash.deep_clone
|
351
334
|
|
352
|
-
|
353
|
-
# @return [String] cookies in the form of "name=value; name2=value2"
|
354
|
-
#
|
355
|
-
attr_accessor :cookie_string
|
335
|
+
hash.delete( 'url' ) if !hash['url']
|
356
336
|
|
357
|
-
|
358
|
-
|
359
|
-
#
|
360
|
-
# @return [String]
|
361
|
-
#
|
362
|
-
attr_accessor :user_agent
|
337
|
+
hash
|
338
|
+
end
|
363
339
|
|
364
|
-
#
|
365
|
-
#
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
attr_accessor :exclude
|
340
|
+
# @return [Hash]
|
341
|
+
# `self` converted to a Hash.
|
342
|
+
def to_hash
|
343
|
+
hash = {}
|
344
|
+
instance_variables.each do |var|
|
345
|
+
val = instance_variable_get( var )
|
346
|
+
next if (var = normalize_name( var )) == :instance
|
372
347
|
|
373
|
-
|
374
|
-
|
375
|
-
#
|
376
|
-
# @return [Array]
|
377
|
-
#
|
378
|
-
attr_accessor :exclude_pages
|
348
|
+
hash[var] = (val.is_a? OptionGroup) ? val.to_h : val
|
349
|
+
end
|
379
350
|
|
380
|
-
|
381
|
-
|
382
|
-
#
|
383
|
-
# @return [Array]
|
384
|
-
#
|
385
|
-
attr_accessor :exclude_cookies
|
351
|
+
hash.delete( :url ) if !hash[:url]
|
352
|
+
hash.delete(:paths)
|
386
353
|
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
# @return [Array]
|
391
|
-
#
|
392
|
-
attr_accessor :exclude_vectors
|
354
|
+
hash.deep_clone
|
355
|
+
end
|
356
|
+
alias :to_h :to_hash
|
393
357
|
|
358
|
+
# @param [Hash] hash
|
359
|
+
# Hash to convert into {#to_hash} format.
|
394
360
|
#
|
395
|
-
#
|
396
|
-
#
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
#
|
401
|
-
attr_accessor :include
|
361
|
+
# @return [Hash]
|
362
|
+
# `hash` in {#to_hash} format.
|
363
|
+
def rpc_data_to_hash( hash )
|
364
|
+
self.class.allocate.reset.update( hash ).to_hash
|
365
|
+
end
|
402
366
|
|
367
|
+
# @param [Hash] hash
|
368
|
+
# Hash to convert into {#to_rpc_data} format.
|
403
369
|
#
|
404
|
-
#
|
405
|
-
#
|
406
|
-
|
407
|
-
|
408
|
-
|
409
|
-
|
410
|
-
# @return [Time] to be populated by the framework
|
411
|
-
attr_accessor :start_datetime
|
412
|
-
|
413
|
-
# @return [Time] to be populated by the framework
|
414
|
-
attr_accessor :finish_datetime
|
415
|
-
|
416
|
-
# @return [Integer] to be populated by the framework
|
417
|
-
attr_accessor :delta_time
|
418
|
-
|
419
|
-
# @return [Array<Regexp>] regexps to use to select which plugins to list
|
420
|
-
attr_accessor :lsplug
|
421
|
-
|
422
|
-
# @return [Array<String>] plugins to load, by name
|
423
|
-
attr_accessor :plugins
|
424
|
-
|
425
|
-
# @return [String] Path to the UNIX socket to use.
|
426
|
-
attr_accessor :rpc_socket
|
427
|
-
|
428
|
-
# @return [Integer] port for the RPC server to listen to.
|
429
|
-
attr_accessor :rpc_port
|
430
|
-
|
431
|
-
# @return [String] Hostname or IP address for the RPC server to bind to.
|
432
|
-
attr_accessor :rpc_address
|
433
|
-
|
434
|
-
# @return [String] External (hostname or IP) address for the RPC server to bind to.
|
435
|
-
attr_accessor :rpc_external_address
|
436
|
-
|
437
|
-
# @return [Array<Integer>]
|
438
|
-
# Range of ports to use when spawning instances,
|
439
|
-
# first element should be the lowest port number, last the max port number.
|
440
|
-
attr_accessor :rpc_instance_port_range
|
441
|
-
|
442
|
-
# @return [Bool] `true` if SSL should be enabled, `false` otherwise.
|
443
|
-
attr_accessor :ssl
|
444
|
-
|
445
|
-
# @return [String] path to a PEM private key
|
446
|
-
attr_accessor :ssl_pkey
|
447
|
-
|
448
|
-
# @return [String] path to a PEM certificate
|
449
|
-
attr_accessor :ssl_cert
|
450
|
-
|
451
|
-
# @return [String] path to a PEM CA file
|
452
|
-
attr_accessor :ssl_ca
|
453
|
-
|
454
|
-
# @return [String] path to a client PEM private key for the grid nodes
|
455
|
-
attr_accessor :node_ssl_pkey
|
456
|
-
|
457
|
-
# @return [String] path to a client PEM certificate key for the grid nodes
|
458
|
-
attr_accessor :node_ssl_cert
|
459
|
-
|
460
|
-
# @return [String] URL of an RPC dispatcher (used by the CLI RPC client interface)
|
461
|
-
attr_accessor :server
|
462
|
-
|
463
|
-
# @return [Bool] `true` if the output of the RPC instances should be
|
464
|
-
# redirected to a file, `false` otherwise
|
465
|
-
attr_accessor :reroute_to_logfile
|
466
|
-
|
467
|
-
# @return [Integer] amount of Instances to keep in the pool
|
468
|
-
attr_accessor :pool_size
|
469
|
-
|
470
|
-
# @return [Hash<String, String>] custom HTTP headers to be included
|
471
|
-
# for every HTTP Request
|
472
|
-
attr_accessor :custom_headers
|
473
|
-
|
474
|
-
# @return [Array<String>] paths to use instead of crawling the webapp
|
475
|
-
attr_accessor :restrict_paths
|
476
|
-
|
477
|
-
# @return [String] path to file containing {#restrict_paths}
|
478
|
-
attr_accessor :restrict_paths_filepath
|
479
|
-
|
480
|
-
# @return [Array<String>] paths to use in addition to crawling the webapp
|
481
|
-
attr_accessor :extend_paths
|
482
|
-
|
483
|
-
# @return [String] path to file containing {#extend_paths}
|
484
|
-
attr_accessor :extend_paths_filepath
|
370
|
+
# @return [Hash]
|
371
|
+
# `hash` in {#to_rpc_data} format.
|
372
|
+
def hash_to_rpc_data( hash )
|
373
|
+
self.class.allocate.reset.update( hash ).to_rpc_data
|
374
|
+
end
|
485
375
|
|
486
|
-
|
487
|
-
|
376
|
+
def hash_to_save_data( hash )
|
377
|
+
self.class.allocate.reset.update( hash ).to_save_data
|
378
|
+
end
|
488
379
|
|
489
|
-
|
490
|
-
attr_accessor :max_slaves
|
380
|
+
private
|
491
381
|
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
attr_accessor :fuzz_methods
|
496
|
-
|
497
|
-
attr_accessor :exclude_binaries
|
498
|
-
|
499
|
-
# @return [Bool] configure the {Spider}'s auto-redundant feature
|
500
|
-
attr_accessor :auto_redundant
|
501
|
-
|
502
|
-
attr_accessor :login_check_url
|
503
|
-
attr_accessor :login_check_pattern
|
504
|
-
|
505
|
-
# @return [Integer] HTTP request timeout in milliseconds
|
506
|
-
attr_accessor :http_timeout
|
507
|
-
|
508
|
-
# @return [Integer] HTTP auth username.
|
509
|
-
attr_accessor :http_username
|
510
|
-
|
511
|
-
# @return [Integer] HTTP auth password.
|
512
|
-
attr_accessor :http_password
|
513
|
-
|
514
|
-
# @return [Bool] Only follow HTTPS links.
|
515
|
-
attr_accessor :https_only
|
516
|
-
|
517
|
-
# @return [nil, Symbol]
|
518
|
-
# Grid mode to use, available modes are:
|
519
|
-
#
|
520
|
-
# * `nil` -- No grid.
|
521
|
-
# * `:balance` -- Default load balancing across available Dispatchers.
|
522
|
-
# * `:aggregate` -- Default load balancing **with** line aggregation.
|
523
|
-
# Will only request Instances from Grid members with different
|
524
|
-
# {#pipe_id Pipe-IDs}.
|
525
|
-
attr_accessor :grid_mode
|
526
|
-
|
527
|
-
# @return [Bool] Disable platform fingeprinting.
|
528
|
-
attr_accessor :no_fingerprinting
|
529
|
-
|
530
|
-
# @return [Array<Symbol>]
|
531
|
-
# User supplied platforms to use instead of (or in addition to --
|
532
|
-
# depending on the {#no_fingerprinting option}) fingerprinting.
|
533
|
-
attr_accessor :platforms
|
534
|
-
|
535
|
-
attr_accessor :lsplat
|
536
|
-
|
537
|
-
# @return [Bool] Display version info and quit?
|
538
|
-
attr_accessor :version
|
539
|
-
|
540
|
-
def initialize
|
541
|
-
reset
|
542
|
-
end
|
543
|
-
|
544
|
-
def reset
|
545
|
-
# nil everything out
|
546
|
-
self.instance_variables.each { |var| instance_variable_set( var.to_s, nil ) }
|
547
|
-
|
548
|
-
@dir = {}
|
549
|
-
@dir['root'] = root_path
|
550
|
-
@dir['gfx'] = @dir['root'] + 'gfx/'
|
551
|
-
@dir['conf'] = @dir['root'] + 'conf/'
|
552
|
-
|
553
|
-
@dir['logs'] = ENV['ARACHNI_FRAMEWORK_LOGDIR'] ?
|
554
|
-
"#{ENV['ARACHNI_FRAMEWORK_LOGDIR']}/" : @dir['root'] + 'logs/'
|
555
|
-
|
556
|
-
@dir['data'] = @dir['root'] + 'data/'
|
557
|
-
@dir['modules'] = @dir['root'] + 'modules/'
|
558
|
-
@dir['reports'] = @dir['root'] + 'reports/'
|
559
|
-
@dir['plugins'] = @dir['root'] + 'plugins/'
|
560
|
-
@dir['rpcd_handlers'] = @dir['root'] + 'rpcd_handlers/'
|
561
|
-
@dir['path_extractors'] = @dir['root'] + 'path_extractors/'
|
562
|
-
@dir['fingerprinters'] = @dir['root'] + 'fingerprinters/'
|
563
|
-
|
564
|
-
@dir['lib'] = @dir['root'] + 'lib/arachni/'
|
565
|
-
@dir['support'] = @dir['lib'] + 'support/'
|
566
|
-
@dir['mixins'] = @dir['lib'] + 'mixins/'
|
567
|
-
@dir['arachni'] = @dir['lib'][0...-1]
|
568
|
-
|
569
|
-
# we must add default values for everything because that can serve
|
570
|
-
# both as a default configuration and as an inexpensive way to declare
|
571
|
-
# their data types for later verification
|
572
|
-
|
573
|
-
@user_agent = USER_AGENT
|
574
|
-
@http_timeout = 50000
|
575
|
-
|
576
|
-
@datastore = {}
|
577
|
-
@redundant = {}
|
578
|
-
|
579
|
-
@grid_mode = nil
|
580
|
-
|
581
|
-
@https_only = false
|
582
|
-
@obey_robots_txt = false
|
583
|
-
@fuzz_methods = false
|
584
|
-
@audit_cookies_extensively = false
|
585
|
-
@exclude_binaries = false
|
586
|
-
@auto_redundant = nil
|
587
|
-
|
588
|
-
@depth_limit = nil
|
589
|
-
@link_count_limit = nil
|
590
|
-
@redirect_limit = 20
|
591
|
-
|
592
|
-
@lsmod = []
|
593
|
-
@lsrep = []
|
594
|
-
|
595
|
-
@http_req_limit = 20
|
596
|
-
@http_queue_size = 500
|
597
|
-
@http_username = nil
|
598
|
-
@http_password = nil
|
599
|
-
|
600
|
-
@mods = []
|
601
|
-
|
602
|
-
@reports = {}
|
603
|
-
|
604
|
-
@exclude = []
|
605
|
-
@exclude_pages = []
|
606
|
-
@exclude_cookies = []
|
607
|
-
@exclude_vectors = []
|
608
|
-
|
609
|
-
@include = []
|
610
|
-
|
611
|
-
@lsplug = []
|
612
|
-
@plugins = {}
|
613
|
-
|
614
|
-
@rpc_instance_port_range = [1025, 65535]
|
615
|
-
|
616
|
-
@load_profile = []
|
617
|
-
@restrict_paths = []
|
618
|
-
@extend_paths = []
|
619
|
-
@custom_headers = {}
|
620
|
-
|
621
|
-
@min_pages_per_instance = 30
|
622
|
-
@max_slaves = 10
|
623
|
-
|
624
|
-
@no_fingerprinting = false
|
625
|
-
@platforms = []
|
626
|
-
|
627
|
-
@spawns = 0
|
628
|
-
self
|
629
|
-
end
|
630
|
-
|
631
|
-
# @return [Bool] `true` if the Grid should be used, `false` otherwise.
|
632
|
-
def grid?
|
633
|
-
!!@grid_mode
|
382
|
+
def group_classes
|
383
|
+
self.class.group_classes
|
634
384
|
end
|
635
385
|
|
636
|
-
# @param [Bool] bool
|
637
|
-
# `true` to use the Grid, `false` otherwise. Serves as a shorthand to
|
638
|
-
# setting {#grid_mode} to `:balance`.
|
639
|
-
def grid=( bool )
|
640
|
-
@grid_mode = bool ? :balance : nil
|
641
|
-
end
|
642
|
-
|
643
|
-
# @param [String, Symbol] mode
|
644
|
-
# Grid mode to use, available modes are:
|
645
|
-
#
|
646
|
-
# * `nil` -- No grid.
|
647
|
-
# * `:balance` -- Default load balancing across available Dispatchers.
|
648
|
-
# * `:aggregate` -- Default load balancing **with** line aggregation.
|
649
|
-
# Will only request Instances from Grid members with different
|
650
|
-
# {#pipe_id Pipe-IDs}.
|
651
|
-
#
|
652
|
-
# @raise ArgumentError On invalid mode.
|
653
|
-
def grid_mode=( mode )
|
654
|
-
if mode
|
655
|
-
mode = mode.to_sym
|
656
|
-
if ![:balance, :aggregate].include?( mode )
|
657
|
-
fail ArgumentError, "Unknown grid mode: #{mode}"
|
658
|
-
end
|
659
|
-
|
660
|
-
@grid_mode = mode
|
661
|
-
else
|
662
|
-
@grid_mode = nil
|
663
|
-
end
|
664
|
-
end
|
665
|
-
|
666
|
-
# @return [Bool]
|
667
|
-
# `true` if the grid mode is in line-aggregation mode, `false` otherwise.
|
668
|
-
def grid_aggregate?
|
669
|
-
@grid_mode == :aggregate
|
670
|
-
end
|
671
|
-
|
672
|
-
# @return [Bool]
|
673
|
-
# `true` if the grid mode is in load-balancing mode, `false` otherwise.
|
674
|
-
def grid_balance?
|
675
|
-
@grid_mode == :balance
|
676
|
-
end
|
677
|
-
|
678
|
-
# Disables platform fingerprinting.
|
679
|
-
def do_not_fingerprint
|
680
|
-
self.no_fingerprinting = true
|
681
|
-
end
|
682
|
-
|
683
|
-
# Enables platform fingerprinting.
|
684
|
-
def fingerprint
|
685
|
-
self.no_fingerprinting = false
|
686
|
-
end
|
687
|
-
|
688
|
-
# @return [Bool]
|
689
|
-
# `true` if platform fingerprinting is enabled, `false` otherwise.
|
690
|
-
def fingerprint?
|
691
|
-
!@no_fingerprinting
|
692
|
-
end
|
693
|
-
|
694
|
-
def show_version?
|
695
|
-
!!@version
|
696
|
-
end
|
697
|
-
|
698
|
-
def https_only?
|
699
|
-
!!@https_only
|
700
|
-
end
|
701
|
-
|
702
|
-
def min_pages_per_instance=( page_count )
|
703
|
-
@min_pages_per_instance = page_count.to_i
|
704
|
-
end
|
705
|
-
|
706
|
-
def max_slaves=( slave_count )
|
707
|
-
@max_slaves = slave_count.to_i
|
708
|
-
end
|
709
|
-
|
710
|
-
#
|
711
|
-
# Checks is the provided URL matches a redundant filter
|
712
|
-
# and decreases its counter if so.
|
713
|
-
#
|
714
|
-
# If a filter's counter has reached 0 the method returns true.
|
715
|
-
#
|
716
|
-
# @param [String] url
|
717
|
-
# @param [Block] block to be called for each match and be passed
|
718
|
-
# the count, regexp and url
|
719
|
-
#
|
720
|
-
# @return [Bool] true if the url is redundant, false otherwise
|
721
|
-
#
|
722
|
-
# @see #redundant
|
723
|
-
#
|
724
|
-
def redundant?( url, &block )
|
725
|
-
redundant.each do |regexp, count|
|
726
|
-
next if !(url =~ regexp)
|
727
|
-
return true if count == 0
|
728
|
-
|
729
|
-
block.call( count, regexp, url ) if block_given?
|
730
|
-
|
731
|
-
redundant[regexp] -= 1
|
732
|
-
end
|
733
|
-
false
|
734
|
-
end
|
735
|
-
|
736
|
-
#
|
737
|
-
# Checks if the given string matches one of the configured {#exclude_pages} patterns.
|
738
|
-
#
|
739
|
-
# @param [String] body
|
740
|
-
#
|
741
|
-
# @return [Bool]
|
742
|
-
# `true` if `body` matches an {#exclude_pages} pattern, `false` otherwise.
|
743
|
-
#
|
744
|
-
# @see #exclude_pages
|
745
|
-
#
|
746
|
-
def exclude_page?( body )
|
747
|
-
Options.exclude_pages.each { |i| return true if body.to_s =~ i }
|
748
|
-
false
|
749
|
-
end
|
750
|
-
|
751
|
-
def exclude_binaries?
|
752
|
-
self.exclude_binaries
|
753
|
-
end
|
754
|
-
|
755
|
-
def auto_redundant?
|
756
|
-
!!@auto_redundant
|
757
|
-
end
|
758
|
-
|
759
|
-
def fuzz_methods?
|
760
|
-
self.fuzz_methods
|
761
|
-
end
|
762
|
-
|
763
|
-
def do_not_crawl
|
764
|
-
self.link_count_limit = 0
|
765
|
-
end
|
766
|
-
|
767
|
-
def crawl
|
768
|
-
self.link_count_limit = nil
|
769
|
-
end
|
770
|
-
|
771
|
-
def crawl?
|
772
|
-
!link_count_limit || link_count_limit != 0
|
773
|
-
end
|
774
|
-
|
775
|
-
def link_count_limit_reached?( count )
|
776
|
-
link_count_limit && link_count_limit.to_i > 0 && count >= link_count_limit
|
777
|
-
end
|
778
|
-
|
779
|
-
#
|
780
|
-
# Normalizes and sets `url` as the target URL.
|
781
|
-
#
|
782
|
-
# @param [String] url absolute URL of the targeted web app
|
783
|
-
#
|
784
|
-
# @return [String] normalized `url`
|
785
|
-
#
|
786
|
-
# @raise [Error::InvalidURL] If the given `url` is not valid.
|
787
|
-
#
|
788
|
-
def url=( url )
|
789
|
-
return if !url
|
790
|
-
|
791
|
-
require @dir['lib'] + 'ruby'
|
792
|
-
require @dir['lib'] + 'support'
|
793
|
-
require @dir['lib'] + 'utilities'
|
794
|
-
|
795
|
-
parsed = Utilities.uri_parse( url.to_s )
|
796
|
-
if !parsed || !parsed.absolute?
|
797
|
-
fail Error::InvalidURL,
|
798
|
-
"Invalid URL argument, please provide a full absolute URL and try again."
|
799
|
-
else
|
800
|
-
if !no_protocol_for_url?
|
801
|
-
if https_only? && parsed.scheme != 'https'
|
802
|
-
fail Error::InvalidURL,
|
803
|
-
"Invalid URL argument, the 'https-only' option requires"+
|
804
|
-
" an HTTPS URL."
|
805
|
-
elsif !%w(http https).include?( parsed.scheme )
|
806
|
-
fail Error::InvalidURL,
|
807
|
-
"Invalid URL scheme, please provide an HTTP or HTTPS URL and try again."
|
808
|
-
end
|
809
|
-
end
|
810
|
-
end
|
811
|
-
|
812
|
-
@url = parsed.to_s
|
813
|
-
end
|
814
|
-
|
815
|
-
#
|
816
|
-
# Enables auditing of element types.
|
817
|
-
#
|
818
|
-
# @param [String, Symbol, Array] element_types [Allowed: links, forms, cookies, headers]
|
819
|
-
#
|
820
|
-
def audit( *element_types )
|
821
|
-
element_types.flatten.compact.each do |type|
|
822
|
-
begin
|
823
|
-
self.send( "audit_#{type}=", true )
|
824
|
-
rescue
|
825
|
-
begin
|
826
|
-
self.send( "audit_#{type}s=", true )
|
827
|
-
rescue
|
828
|
-
end
|
829
|
-
end
|
830
|
-
end
|
831
|
-
true
|
832
|
-
end
|
833
|
-
alias :audit= :audit
|
834
|
-
|
835
|
-
#
|
836
|
-
# Disables auditing of element types.
|
837
|
-
#
|
838
|
-
# @param [String, Symbol, Array] element_types [Allowed: links, forms, cookies, headers]
|
839
|
-
#
|
840
|
-
def dont_audit( *element_types )
|
841
|
-
element_types.flatten.compact.each do |type|
|
842
|
-
begin
|
843
|
-
self.send( "audit_#{type}=", false )
|
844
|
-
rescue
|
845
|
-
begin
|
846
|
-
self.send( "audit_#{type}s=", false )
|
847
|
-
rescue
|
848
|
-
end
|
849
|
-
end
|
850
|
-
end
|
851
|
-
true
|
852
|
-
end
|
853
|
-
|
854
|
-
|
855
|
-
#
|
856
|
-
# Get audit settings for the given element types.
|
857
|
-
#
|
858
|
-
# @param [String, Symbol, Array] element_types [Allowed: links, forms, cookies, headers]
|
859
|
-
#
|
860
|
-
# @return [Bool]
|
861
|
-
#
|
862
|
-
def audit?( *element_types )
|
863
|
-
!element_types.flatten.compact.map do |type|
|
864
|
-
!!begin
|
865
|
-
self.send( "audit_#{type}" )
|
866
|
-
rescue
|
867
|
-
begin
|
868
|
-
self.send( "audit_#{type}s" )
|
869
|
-
rescue
|
870
|
-
end
|
871
|
-
end
|
872
|
-
end.uniq.include?( false )
|
873
|
-
end
|
874
|
-
|
875
|
-
#
|
876
|
-
# Configures options via a Hash object
|
877
|
-
#
|
878
|
-
# @param [Hash] options options to set
|
879
|
-
#
|
880
|
-
# @return [TrueClass]
|
881
|
-
#
|
882
|
-
def set( options )
|
883
|
-
options.each do |k, v|
|
884
|
-
begin
|
885
|
-
send( "#{k.to_s}=", v )
|
886
|
-
rescue => e
|
887
|
-
#ap e
|
888
|
-
#ap e.backtrace
|
889
|
-
end
|
890
|
-
end
|
891
|
-
true
|
892
|
-
end
|
893
|
-
|
894
|
-
# @param [Hash] data
|
895
|
-
def datastore=( data )
|
896
|
-
@datastore = Hash[data]
|
897
|
-
end
|
898
|
-
|
899
|
-
#
|
900
|
-
# Sets the redundancy filters.
|
901
|
-
#
|
902
|
-
# Filter example:
|
903
|
-
# {
|
904
|
-
# # regexp counter
|
905
|
-
# /calendar\.php/ => 5
|
906
|
-
# 'gallery\.php' => '3'
|
907
|
-
# }
|
908
|
-
#
|
909
|
-
# @param [Hash] filters
|
910
|
-
#
|
911
|
-
def redundant=( filters )
|
912
|
-
@redundant = if filters.is_a?( Array ) ||
|
913
|
-
(filters.is_a?( Hash ) && (filters.keys & %w(regexp count)).size == 2)
|
914
|
-
[filters].flatten.inject({}) do |h, filter|
|
915
|
-
regexp = filter['regexp'].is_a?( Regexp ) ?
|
916
|
-
filter['regexp'] : Regexp.new( filter['regexp'].to_s )
|
917
|
-
|
918
|
-
h.merge!( regexp => Integer( filter['count'] ) )
|
919
|
-
h
|
920
|
-
end
|
921
|
-
else
|
922
|
-
filters.inject({}) do |h, (regexp, counter)|
|
923
|
-
regexp = regexp.is_a?( Regexp ) ? regexp : Regexp.new( regexp.to_s )
|
924
|
-
h.merge!( regexp => Integer( counter ) )
|
925
|
-
h
|
926
|
-
end
|
927
|
-
end
|
928
|
-
end
|
929
|
-
|
930
|
-
# these options need to contain Array<String>
|
931
|
-
[ :exclude_cookies, :exclude_vectors, :mods, :restrict_paths,
|
932
|
-
:extend_paths ].each do |m|
|
933
|
-
define_method( "#{m}=".to_sym ) do |arg|
|
934
|
-
arg = [arg].flatten.map { |s| s.to_s }
|
935
|
-
instance_variable_set( "@#{m}".to_sym, arg )
|
936
|
-
end
|
937
|
-
end
|
938
|
-
alias :modules :mods
|
939
|
-
alias :modules= :mods=
|
940
|
-
|
941
|
-
# these options need to contain Array<Regexp>
|
942
|
-
[ :exclude_pages, :include, :exclude, :lsmod, :lsplat, :lsrep, :lsplug ].each do |m|
|
943
|
-
define_method( "#{m}=".to_sym ) do |arg|
|
944
|
-
arg = [arg].flatten.map { |s| s.is_a?( Regexp ) ? s : Regexp.new( s.to_s ) }
|
945
|
-
instance_variable_set( "@#{m}".to_sym, arg )
|
946
|
-
end
|
947
|
-
end
|
948
|
-
|
949
|
-
def parse( require_url = true )
|
950
|
-
# Construct getops struct
|
951
|
-
opts = GetoptLong.new(
|
952
|
-
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
|
953
|
-
[ '--verbosity', '-v', GetoptLong::NO_ARGUMENT ],
|
954
|
-
[ '--only-positives', '-k', GetoptLong::NO_ARGUMENT ],
|
955
|
-
[ '--lsmod', GetoptLong::OPTIONAL_ARGUMENT ],
|
956
|
-
[ '--lsrep', GetoptLong::OPTIONAL_ARGUMENT ],
|
957
|
-
[ '--lsplat', GetoptLong::NO_ARGUMENT ],
|
958
|
-
[ '--audit-links', '-g', GetoptLong::NO_ARGUMENT ],
|
959
|
-
[ '--audit-forms', '-p', GetoptLong::NO_ARGUMENT ],
|
960
|
-
[ '--audit-cookies', '-c', GetoptLong::NO_ARGUMENT ],
|
961
|
-
[ '--audit-cookie-jar', GetoptLong::NO_ARGUMENT ],
|
962
|
-
[ '--audit-headers', GetoptLong::NO_ARGUMENT ],
|
963
|
-
[ '--spider-first', GetoptLong::NO_ARGUMENT ],
|
964
|
-
[ '--obey-robots-txt', '-o', GetoptLong::NO_ARGUMENT ],
|
965
|
-
[ '--redundant', GetoptLong::REQUIRED_ARGUMENT ],
|
966
|
-
[ '--depth', '-d', GetoptLong::REQUIRED_ARGUMENT ],
|
967
|
-
[ '--redirect-limit', '-q', GetoptLong::REQUIRED_ARGUMENT ],
|
968
|
-
[ '--link-count', '-u', GetoptLong::REQUIRED_ARGUMENT ],
|
969
|
-
[ '--mods', '-m', GetoptLong::REQUIRED_ARGUMENT ],
|
970
|
-
[ '--modules', GetoptLong::REQUIRED_ARGUMENT ],
|
971
|
-
[ '--report', GetoptLong::REQUIRED_ARGUMENT ],
|
972
|
-
[ '--repload', GetoptLong::REQUIRED_ARGUMENT ],
|
973
|
-
[ '--authed-by', GetoptLong::REQUIRED_ARGUMENT ],
|
974
|
-
[ '--load-profile', GetoptLong::REQUIRED_ARGUMENT ],
|
975
|
-
[ '--save-profile', GetoptLong::REQUIRED_ARGUMENT ],
|
976
|
-
[ '--show-profile', GetoptLong::NO_ARGUMENT ],
|
977
|
-
[ '--proxy', '-z', GetoptLong::REQUIRED_ARGUMENT ],
|
978
|
-
[ '--proxy-auth', '-x', GetoptLong::REQUIRED_ARGUMENT ],
|
979
|
-
[ '--proxy-type', '-y', GetoptLong::REQUIRED_ARGUMENT ],
|
980
|
-
[ '--cookie-jar', '-j', GetoptLong::REQUIRED_ARGUMENT ],
|
981
|
-
[ '--cookie-string' , GetoptLong::REQUIRED_ARGUMENT ],
|
982
|
-
[ '--user-agent', '-b', GetoptLong::REQUIRED_ARGUMENT ],
|
983
|
-
[ '--exclude', '-e', GetoptLong::REQUIRED_ARGUMENT ],
|
984
|
-
[ '--exclude-page', GetoptLong::REQUIRED_ARGUMENT ],
|
985
|
-
[ '--exclude-cookie', GetoptLong::REQUIRED_ARGUMENT ],
|
986
|
-
[ '--exclude-vector', GetoptLong::REQUIRED_ARGUMENT ],
|
987
|
-
[ '--include', '-i', GetoptLong::REQUIRED_ARGUMENT ],
|
988
|
-
[ '--http-req-limit', GetoptLong::REQUIRED_ARGUMENT ],
|
989
|
-
[ '--http-queue-size', GetoptLong::REQUIRED_ARGUMENT ],
|
990
|
-
[ '--http-timeout', GetoptLong::REQUIRED_ARGUMENT ],
|
991
|
-
[ '--follow-subdomains', '-f', GetoptLong::NO_ARGUMENT ],
|
992
|
-
[ '--debug', '-w', GetoptLong::NO_ARGUMENT ],
|
993
|
-
[ '--server', GetoptLong::REQUIRED_ARGUMENT ],
|
994
|
-
[ '--plugin', GetoptLong::OPTIONAL_ARGUMENT ],
|
995
|
-
[ '--lsplug', GetoptLong::OPTIONAL_ARGUMENT ],
|
996
|
-
[ '--serialized-opts', GetoptLong::REQUIRED_ARGUMENT ],
|
997
|
-
[ '--ssl', GetoptLong::NO_ARGUMENT ],
|
998
|
-
[ '--ssl-pkey', GetoptLong::REQUIRED_ARGUMENT ],
|
999
|
-
[ '--ssl-cert', GetoptLong::REQUIRED_ARGUMENT ],
|
1000
|
-
[ '--node-ssl-pkey', GetoptLong::REQUIRED_ARGUMENT ],
|
1001
|
-
[ '--node-ssl-cert', GetoptLong::REQUIRED_ARGUMENT ],
|
1002
|
-
[ '--ssl-ca', GetoptLong::REQUIRED_ARGUMENT ],
|
1003
|
-
[ '--address', GetoptLong::REQUIRED_ARGUMENT ],
|
1004
|
-
[ '--external-address', GetoptLong::REQUIRED_ARGUMENT ],
|
1005
|
-
[ '--reroute-to-logfile', GetoptLong::NO_ARGUMENT ],
|
1006
|
-
[ '--pool-size', GetoptLong::REQUIRED_ARGUMENT ],
|
1007
|
-
[ '--neighbour', GetoptLong::REQUIRED_ARGUMENT ],
|
1008
|
-
[ '--weight', GetoptLong::REQUIRED_ARGUMENT ],
|
1009
|
-
[ '--cost', GetoptLong::REQUIRED_ARGUMENT ],
|
1010
|
-
[ '--pipe-id', GetoptLong::REQUIRED_ARGUMENT ],
|
1011
|
-
[ '--nickname', GetoptLong::REQUIRED_ARGUMENT ],
|
1012
|
-
[ '--username', GetoptLong::REQUIRED_ARGUMENT ],
|
1013
|
-
[ '--password', GetoptLong::REQUIRED_ARGUMENT ],
|
1014
|
-
[ '--port', GetoptLong::REQUIRED_ARGUMENT ],
|
1015
|
-
[ '--host', GetoptLong::REQUIRED_ARGUMENT ],
|
1016
|
-
[ '--custom-header', GetoptLong::REQUIRED_ARGUMENT ],
|
1017
|
-
[ '--restrict-paths', GetoptLong::REQUIRED_ARGUMENT ],
|
1018
|
-
[ '--extend-paths', GetoptLong::REQUIRED_ARGUMENT ],
|
1019
|
-
[ '--port-range', GetoptLong::REQUIRED_ARGUMENT ],
|
1020
|
-
[ '--http-harvest-last', GetoptLong::NO_ARGUMENT ],
|
1021
|
-
[ '--fuzz-methods', GetoptLong::NO_ARGUMENT ],
|
1022
|
-
[ '--audit-cookies-extensively', GetoptLong::NO_ARGUMENT ],
|
1023
|
-
[ '--exclude-binaries', GetoptLong::NO_ARGUMENT ],
|
1024
|
-
[ '--auto-redundant', GetoptLong::OPTIONAL_ARGUMENT ],
|
1025
|
-
[ '--login-check-url', GetoptLong::REQUIRED_ARGUMENT ],
|
1026
|
-
[ '--login-check-pattern', GetoptLong::REQUIRED_ARGUMENT ],
|
1027
|
-
[ '--spawns', GetoptLong::REQUIRED_ARGUMENT ],
|
1028
|
-
[ '--grid', GetoptLong::NO_ARGUMENT ],
|
1029
|
-
[ '--grid-mode', GetoptLong::REQUIRED_ARGUMENT ],
|
1030
|
-
[ '--http-username', GetoptLong::REQUIRED_ARGUMENT ],
|
1031
|
-
[ '--http-password', GetoptLong::REQUIRED_ARGUMENT ],
|
1032
|
-
[ '--https-only', GetoptLong::NO_ARGUMENT ],
|
1033
|
-
[ '--no-fingerprinting', GetoptLong::NO_ARGUMENT ],
|
1034
|
-
[ '--platforms', GetoptLong::REQUIRED_ARGUMENT ],
|
1035
|
-
[ '--version', GetoptLong::NO_ARGUMENT ]
|
1036
|
-
)
|
1037
|
-
|
1038
|
-
opts.quiet = true
|
1039
|
-
|
1040
|
-
begin
|
1041
|
-
opts.each do |opt, arg|
|
1042
|
-
|
1043
|
-
case opt
|
1044
|
-
|
1045
|
-
when '--help'
|
1046
|
-
@help = true
|
1047
|
-
|
1048
|
-
when '--version'
|
1049
|
-
@version = true
|
1050
|
-
|
1051
|
-
when '--no-fingerprinting'
|
1052
|
-
@no_fingerprinting = true
|
1053
|
-
|
1054
|
-
when '--platforms'
|
1055
|
-
@platforms = arg.to_s.split( ',' )
|
1056
|
-
|
1057
|
-
when '--serialized-opts'
|
1058
|
-
merge!( unserialize( arg ) )
|
1059
|
-
|
1060
|
-
when '--only-positives'
|
1061
|
-
@only_positives = true
|
1062
|
-
|
1063
|
-
when '--verbosity'
|
1064
|
-
@arachni_verbose = true
|
1065
|
-
|
1066
|
-
when '--debug'
|
1067
|
-
@debug = true
|
1068
|
-
|
1069
|
-
when '--plugin'
|
1070
|
-
plugin, opt_str = arg.split( ':', 2 )
|
1071
|
-
|
1072
|
-
opts = {}
|
1073
|
-
if opt_str
|
1074
|
-
opt_arr = opt_str.split( ',' )
|
1075
|
-
opt_arr.each {
|
1076
|
-
|c_opt|
|
1077
|
-
name, val = c_opt.split( '=', 2 )
|
1078
|
-
opts[name] = val
|
1079
|
-
}
|
1080
|
-
end
|
1081
|
-
|
1082
|
-
@plugins[plugin] = opts
|
1083
|
-
|
1084
|
-
when '--redundant'
|
1085
|
-
regexp, counter = arg.to_s.split( ':', 2 )
|
1086
|
-
@redundant[ Regexp.new( regexp ) ] = Integer( counter )
|
1087
|
-
|
1088
|
-
when '--port-range'
|
1089
|
-
first, last = arg.to_s.split( '-' )
|
1090
|
-
@rpc_instance_port_range = [ Integer( first ), Integer( last ) ]
|
1091
|
-
|
1092
|
-
when '--custom-header'
|
1093
|
-
header, val = arg.to_s.split( /=/, 2 )
|
1094
|
-
@custom_headers[header] = val
|
1095
|
-
|
1096
|
-
when '--restrict-paths'
|
1097
|
-
@restrict_paths |= paths_from_file( arg )
|
1098
|
-
@restrict_paths_filepath = arg
|
1099
|
-
|
1100
|
-
when '--extend-paths'
|
1101
|
-
@extend_paths |= paths_from_file( arg )
|
1102
|
-
@extend_paths_filepath = arg
|
1103
|
-
|
1104
|
-
when '--obey_robots_txt'
|
1105
|
-
@obey_robots_txt = true
|
1106
|
-
|
1107
|
-
when '--depth'
|
1108
|
-
@depth_limit = arg.to_i
|
1109
|
-
|
1110
|
-
when '--link-count'
|
1111
|
-
@link_count_limit = arg.to_i
|
1112
|
-
|
1113
|
-
when '--redirect-limit'
|
1114
|
-
@redirect_limit = arg.to_i
|
1115
|
-
|
1116
|
-
when '--lsmod'
|
1117
|
-
@lsmod << Regexp.new( arg.to_s )
|
1118
|
-
|
1119
|
-
when '--lsplug'
|
1120
|
-
@lsplug << Regexp.new( arg.to_s )
|
1121
|
-
|
1122
|
-
when '--lsrep'
|
1123
|
-
@lsrep << Regexp.new( arg.to_s )
|
1124
|
-
|
1125
|
-
when '--lsplat'
|
1126
|
-
@lsplat = true
|
1127
|
-
|
1128
|
-
when '--http-req-limit'
|
1129
|
-
@http_req_limit = arg.to_i
|
1130
|
-
|
1131
|
-
when '--http-queue-size'
|
1132
|
-
@http_queue_size = arg.to_i
|
1133
|
-
|
1134
|
-
when '--http-timeout'
|
1135
|
-
@http_timeout = arg.to_i
|
1136
|
-
|
1137
|
-
when '--audit-links'
|
1138
|
-
@audit_links = true
|
1139
|
-
|
1140
|
-
when '--audit-forms'
|
1141
|
-
@audit_forms = true
|
1142
|
-
|
1143
|
-
when '--audit-cookies'
|
1144
|
-
@audit_cookies = true
|
1145
|
-
|
1146
|
-
when '--audit-cookie-jar'
|
1147
|
-
@audit_cookie_jar = true
|
1148
|
-
|
1149
|
-
when '--audit-headers'
|
1150
|
-
@audit_headers = true
|
1151
|
-
|
1152
|
-
when '--mods', '--modules'
|
1153
|
-
@mods = arg.to_s.split( ',' )
|
1154
|
-
|
1155
|
-
when '--report'
|
1156
|
-
report, opt_str = arg.split( ':' )
|
1157
|
-
|
1158
|
-
opts = {}
|
1159
|
-
if opt_str
|
1160
|
-
opt_arr = opt_str.split( ',' )
|
1161
|
-
opt_arr.each {
|
1162
|
-
|c_opt|
|
1163
|
-
name, val = c_opt.split( '=' )
|
1164
|
-
opts[name] = val
|
1165
|
-
}
|
1166
|
-
end
|
1167
|
-
|
1168
|
-
@reports[report] = opts
|
1169
|
-
|
1170
|
-
when '--repload'
|
1171
|
-
@repload = arg
|
1172
|
-
|
1173
|
-
when '--save-profile'
|
1174
|
-
@save_profile = arg
|
1175
|
-
|
1176
|
-
when '--load-profile'
|
1177
|
-
@load_profile << arg
|
1178
|
-
|
1179
|
-
when '--show-profile'
|
1180
|
-
@show_profile = true
|
1181
|
-
|
1182
|
-
when '--authed-by'
|
1183
|
-
@authed_by = arg
|
1184
|
-
|
1185
|
-
when '--proxy'
|
1186
|
-
@proxy_host, @proxy_port =
|
1187
|
-
arg.to_s.split( /:/ )
|
1188
|
-
|
1189
|
-
@proxy_port = @proxy_port.to_i
|
1190
|
-
|
1191
|
-
when '--proxy-auth'
|
1192
|
-
@proxy_username, @proxy_password =
|
1193
|
-
arg.to_s.split( /:/ )
|
1194
|
-
|
1195
|
-
when '--proxy-type'
|
1196
|
-
@proxy_type = arg.to_s
|
1197
|
-
|
1198
|
-
when '--cookie-jar'
|
1199
|
-
@cookie_jar = arg.to_s
|
1200
|
-
|
1201
|
-
when '--cookie-string'
|
1202
|
-
@cookie_string = arg.to_s
|
1203
|
-
|
1204
|
-
when '--user-agent'
|
1205
|
-
@user_agent = arg.to_s
|
1206
|
-
|
1207
|
-
when '--exclude'
|
1208
|
-
@exclude << Regexp.new( arg )
|
1209
|
-
|
1210
|
-
when '--exclude-page'
|
1211
|
-
@exclude_pages << Regexp.new( arg )
|
1212
|
-
|
1213
|
-
when '--exclude-cookie'
|
1214
|
-
@exclude_cookies << arg
|
1215
|
-
|
1216
|
-
when '--exclude-vector'
|
1217
|
-
@exclude_vectors << arg
|
1218
|
-
|
1219
|
-
when '--include'
|
1220
|
-
@include << Regexp.new( arg )
|
1221
|
-
|
1222
|
-
when '--follow-subdomains'
|
1223
|
-
@follow_subdomains = true
|
1224
|
-
|
1225
|
-
when '--http-harvest-last'
|
1226
|
-
puts 'The http-harvest-last option has been removed.'
|
1227
|
-
puts 'Please adjust your command-line arguments and try again.'
|
1228
|
-
exit
|
1229
|
-
|
1230
|
-
when '--ssl'
|
1231
|
-
@ssl = true
|
1232
|
-
|
1233
|
-
when '--ssl-pkey'
|
1234
|
-
@ssl_pkey = arg.to_s
|
1235
|
-
|
1236
|
-
when '--ssl-cert'
|
1237
|
-
@ssl_cert = arg.to_s
|
1238
|
-
|
1239
|
-
when '--ssl-ca'
|
1240
|
-
@ssl_ca = arg.to_s
|
1241
|
-
|
1242
|
-
when '--server'
|
1243
|
-
@server = arg.to_s
|
1244
|
-
|
1245
|
-
when '--reroute-to-logfile'
|
1246
|
-
@reroute_to_logfile = true
|
1247
|
-
|
1248
|
-
when '--port'
|
1249
|
-
@rpc_port = arg.to_i
|
1250
|
-
|
1251
|
-
when '--address'
|
1252
|
-
@rpc_address = arg.to_s
|
1253
|
-
|
1254
|
-
when '--external-address'
|
1255
|
-
@rpc_external_address = arg.to_s
|
1256
|
-
|
1257
|
-
when '--pool-size'
|
1258
|
-
@pool_size = arg.to_i
|
1259
|
-
|
1260
|
-
when '--neighbour'
|
1261
|
-
@neighbour = arg.to_s
|
1262
|
-
|
1263
|
-
when '--cost'
|
1264
|
-
@cost = arg.to_s
|
1265
|
-
|
1266
|
-
when '--weight'
|
1267
|
-
@weight = arg.to_s
|
1268
|
-
|
1269
|
-
when '--pipe-id'
|
1270
|
-
@pipe_id = arg.to_s
|
1271
|
-
|
1272
|
-
when '--nickname'
|
1273
|
-
@nickname = arg.to_s
|
1274
|
-
|
1275
|
-
when '--host'
|
1276
|
-
@server = arg.to_s
|
1277
|
-
|
1278
|
-
when '--fuzz-methods'
|
1279
|
-
@fuzz_methods = true
|
1280
|
-
|
1281
|
-
when '--audit-cookies-extensively'
|
1282
|
-
@audit_cookies_extensively = true
|
1283
|
-
|
1284
|
-
when '--exclude-binaries'
|
1285
|
-
@exclude_binaries = true
|
1286
|
-
|
1287
|
-
when '--auto-redundant'
|
1288
|
-
@auto_redundant = arg.empty? ? 10 : arg.to_i
|
1289
|
-
|
1290
|
-
when '--login-check-url'
|
1291
|
-
@login_check_url = arg
|
1292
|
-
|
1293
|
-
when '--login-check-pattern'
|
1294
|
-
@login_check_pattern = arg
|
1295
|
-
|
1296
|
-
when '--spawns'
|
1297
|
-
@spawns = arg.to_i
|
1298
|
-
|
1299
|
-
when '--grid'
|
1300
|
-
self.grid = true
|
1301
|
-
|
1302
|
-
when '--grid-mode'
|
1303
|
-
self.grid_mode = arg
|
1304
|
-
|
1305
|
-
when '--https-only'
|
1306
|
-
@https_only = true
|
1307
|
-
|
1308
|
-
when '--http-username'
|
1309
|
-
@http_username = arg
|
1310
|
-
|
1311
|
-
when '--http-password'
|
1312
|
-
@http_password = arg
|
1313
|
-
end
|
1314
|
-
end
|
1315
|
-
|
1316
|
-
if (!@login_check_url && @login_check_pattern) ||
|
1317
|
-
(@login_check_url && !@login_check_pattern)
|
1318
|
-
fail Error, "Both '--login-check-url' and " +
|
1319
|
-
"'--login-check-pattern' options are required."
|
1320
|
-
end
|
1321
|
-
|
1322
|
-
rescue => e
|
1323
|
-
puts BANNER
|
1324
|
-
puts
|
1325
|
-
puts e
|
1326
|
-
exit
|
1327
|
-
end
|
1328
|
-
|
1329
|
-
self.url = ARGV.shift if require_url
|
1330
|
-
end
|
1331
|
-
|
1332
|
-
def no_protocol_for_url
|
1333
|
-
@no_protocol_for_url = true
|
1334
|
-
end
|
1335
|
-
|
1336
|
-
def no_protocol_for_url?
|
1337
|
-
!!@no_protocol_for_url
|
1338
|
-
end
|
1339
|
-
|
1340
|
-
# @return [String] root path of the framework
|
1341
|
-
def root_path
|
1342
|
-
File.dirname( File.dirname( File.dirname( File.expand_path( File.expand_path( __FILE__ ) ) ) ) ) + '/'
|
1343
|
-
end
|
1344
|
-
|
1345
|
-
#
|
1346
|
-
# @return [String] Single-line, Base64 encoded serialized version of self.
|
1347
|
-
#
|
1348
|
-
# @see #unserialize
|
1349
|
-
#
|
1350
|
-
def serialize
|
1351
|
-
Base64.encode64( to_yaml ).split( "\n" ).join
|
1352
|
-
end
|
1353
|
-
|
1354
|
-
#
|
1355
|
-
# Unserializes what is returned by {#serialize}.
|
1356
|
-
#
|
1357
|
-
# @param [String] str return value of {#serialize}
|
1358
|
-
#
|
1359
|
-
# @return [Arachni::Options]
|
1360
|
-
#
|
1361
|
-
# @see #serialize
|
1362
|
-
#
|
1363
|
-
def unserialize( str )
|
1364
|
-
YAML.load( Base64.decode64( str ) )
|
1365
|
-
end
|
1366
|
-
|
1367
|
-
#
|
1368
|
-
# Saves 'self' to `file`
|
1369
|
-
#
|
1370
|
-
# @param [String] file
|
1371
|
-
#
|
1372
|
-
def save( file )
|
1373
|
-
|
1374
|
-
dir = @dir.clone
|
1375
|
-
|
1376
|
-
load_profile = []
|
1377
|
-
save_profile = nil
|
1378
|
-
authed_by = nil
|
1379
|
-
restrict_paths = []
|
1380
|
-
extend_paths = []
|
1381
|
-
|
1382
|
-
load_profile = @load_profile.clone if @load_profile
|
1383
|
-
save_profile = @save_profile.clone if @save_profile
|
1384
|
-
authed_by = @authed_by.clone if @authed_by
|
1385
|
-
restrict_paths = @restrict_paths.clone if @restrict_paths
|
1386
|
-
extend_paths = @extend_paths.clone if @extend_paths
|
1387
|
-
|
1388
|
-
@dir = nil
|
1389
|
-
@load_profile = []
|
1390
|
-
@save_profile = nil
|
1391
|
-
@authed_by = nil
|
1392
|
-
@restrict_paths = []
|
1393
|
-
@extend_paths = []
|
1394
|
-
|
1395
|
-
begin
|
1396
|
-
f = File.open( file, 'w' )
|
1397
|
-
YAML.dump( self, f )
|
1398
|
-
rescue
|
1399
|
-
return
|
1400
|
-
ensure
|
1401
|
-
f.close
|
1402
|
-
|
1403
|
-
@dir = dir
|
1404
|
-
@load_profile = load_profile
|
1405
|
-
@save_profile = save_profile
|
1406
|
-
@authed_by = authed_by
|
1407
|
-
|
1408
|
-
@restrict_paths = restrict_paths
|
1409
|
-
@extend_paths = extend_paths
|
1410
|
-
end
|
1411
|
-
|
1412
|
-
f.path
|
1413
|
-
end
|
1414
|
-
|
1415
|
-
#
|
1416
|
-
# Loads a file created by {#save}.
|
1417
|
-
#
|
1418
|
-
# @param [String] filepath path to the file created by {#save}
|
1419
|
-
#
|
1420
|
-
# @return [Arachni::Options]
|
1421
|
-
#
|
1422
|
-
def load( filepath )
|
1423
|
-
opts = YAML::load( IO.read( filepath ) )
|
1424
|
-
opts = self.deep_clone.merge!( opts ) if opts.is_a? Hash
|
1425
|
-
|
1426
|
-
if opts.restrict_paths_filepath
|
1427
|
-
opts.restrict_paths = paths_from_file( opts.restrict_paths_filepath )
|
1428
|
-
end
|
1429
|
-
|
1430
|
-
if opts.extend_paths_filepath
|
1431
|
-
opts.extend_paths = paths_from_file( opts.extend_paths_filepath )
|
1432
|
-
end
|
1433
|
-
|
1434
|
-
opts
|
1435
|
-
end
|
1436
|
-
|
1437
|
-
#
|
1438
|
-
# Converts the Options object to hash
|
1439
|
-
#
|
1440
|
-
# @return [Hash]
|
1441
|
-
#
|
1442
|
-
def to_h
|
1443
|
-
hash = {}
|
1444
|
-
self.instance_variables.each do |var|
|
1445
|
-
hash[normalize_name( var )] = self.instance_variable_get( var )
|
1446
|
-
end
|
1447
|
-
hash
|
1448
|
-
end
|
1449
|
-
alias :to_hash :to_h
|
1450
|
-
|
1451
|
-
#
|
1452
|
-
# Compares 2 {Arachni::Options} objects.
|
1453
|
-
#
|
1454
|
-
# @param [Arachni::Options] other
|
1455
|
-
#
|
1456
|
-
# @return [Bool] `true` if `self == other` `false` otherwise
|
1457
|
-
#
|
1458
|
-
def ==( other )
|
1459
|
-
to_hash == other.to_hash
|
1460
|
-
end
|
1461
|
-
|
1462
|
-
#
|
1463
|
-
# Merges `self` with the object in `options` skipping `nils` and empty
|
1464
|
-
# `Array`s or `Hash`es.
|
1465
|
-
#
|
1466
|
-
# @param [Arachni::Options, #to_hash] options
|
1467
|
-
#
|
1468
|
-
# @return [Arachni::Options] Updated `self`.
|
1469
|
-
#
|
1470
|
-
def merge!( options )
|
1471
|
-
options.to_hash.each_pair do |k, v|
|
1472
|
-
next if !v
|
1473
|
-
next if ( v.is_a?( Array ) || v.is_a?( Hash ) ) && v.empty?
|
1474
|
-
send( "#{k.to_s}=", v ) rescue NoMethodError
|
1475
|
-
end
|
1476
|
-
self
|
1477
|
-
end
|
1478
|
-
|
1479
|
-
def to_args
|
1480
|
-
' ' + to_hash.map { |key, val| to_arg( key ) if val }.compact.join( ' ' ) + " #{self.url}"
|
1481
|
-
end
|
1482
|
-
|
1483
|
-
def to_arg( key )
|
1484
|
-
|
1485
|
-
do_not_parse = %w(show_profile url dir)
|
1486
|
-
|
1487
|
-
var = self.instance_variable_get( "@#{key}" )
|
1488
|
-
|
1489
|
-
return if !var
|
1490
|
-
return if ( var.is_a?( Array ) || var.is_a?( Hash ) ) && var.empty?
|
1491
|
-
return if do_not_parse.include?( key )
|
1492
|
-
return if key == 'include' && var == [/.*/]
|
1493
|
-
return if key == 'reports' && var.keys == %w(stdout)
|
1494
|
-
|
1495
|
-
key = 'exclude_cookie' if key == 'exclude_cookies'
|
1496
|
-
key = 'exclude_vector' if key == 'exclude_vectors'
|
1497
|
-
key = 'report' if key == 'reports'
|
1498
|
-
|
1499
|
-
key = key.gsub( '_', '-' )
|
1500
|
-
|
1501
|
-
arg = ''
|
1502
|
-
|
1503
|
-
case key
|
1504
|
-
|
1505
|
-
when 'mods'
|
1506
|
-
var = var.join( ',' )
|
1507
|
-
|
1508
|
-
when 'restrict-paths'
|
1509
|
-
var = @restrict_paths_filepath
|
1510
|
-
|
1511
|
-
when 'extend-paths'
|
1512
|
-
var = @extend_paths_filepath
|
1513
|
-
|
1514
|
-
when 'rpc-instance-port-range'
|
1515
|
-
var = var.join( '-' )
|
1516
|
-
|
1517
|
-
when 'arachni-verbose'
|
1518
|
-
key = 'verbosity'
|
1519
|
-
|
1520
|
-
when 'redundant'
|
1521
|
-
var.each do |rule|
|
1522
|
-
arg += " --#{key}=#{rule['regexp'].source}:#{rule['count']}"
|
1523
|
-
end
|
1524
|
-
return arg
|
1525
|
-
|
1526
|
-
when 'plugins','report'
|
1527
|
-
arg = ''
|
1528
|
-
var.each do |opt, val|
|
1529
|
-
arg += " --#{key.chomp( 's' )}=#{opt}"
|
1530
|
-
arg += ':' if !val.empty?
|
1531
|
-
|
1532
|
-
val.each {
|
1533
|
-
|k, v|
|
1534
|
-
arg += "#{k}=#{v},"
|
1535
|
-
}
|
1536
|
-
|
1537
|
-
arg.chomp!( ',' )
|
1538
|
-
end
|
1539
|
-
return arg
|
1540
|
-
|
1541
|
-
when 'proxy-port'
|
1542
|
-
return
|
1543
|
-
|
1544
|
-
when 'proxy-addr'
|
1545
|
-
return "--proxy=#{self.proxy_host}:#{self.proxy_port}"
|
1546
|
-
end
|
1547
|
-
|
1548
|
-
if var.is_a?( TrueClass )
|
1549
|
-
arg = "--#{key}"
|
1550
|
-
elsif var.is_a?( String ) || var.is_a?( Fixnum )
|
1551
|
-
arg = "--#{key}=#{var.to_s}"
|
1552
|
-
elsif var.is_a?( Array )
|
1553
|
-
var.each do |i|
|
1554
|
-
i = i.source if i.is_a?( Regexp )
|
1555
|
-
arg += " --#{key}=#{i}"
|
1556
|
-
end
|
1557
|
-
end
|
1558
|
-
|
1559
|
-
arg
|
1560
|
-
end
|
1561
|
-
|
1562
|
-
def paths_from_file( file )
|
1563
|
-
IO.read( file ).lines.map { |p| p.strip }
|
1564
|
-
end
|
1565
|
-
|
1566
|
-
def self.method_missing( sym, *args, &block )
|
1567
|
-
if instance.respond_to?( sym )
|
1568
|
-
instance.send( sym, *args, &block )
|
1569
|
-
elsif
|
1570
|
-
super( sym, *args, &block )
|
1571
|
-
end
|
1572
|
-
end
|
1573
|
-
|
1574
|
-
def self.respond_to?( m )
|
1575
|
-
super( m ) || instance.respond_to?( m )
|
1576
|
-
end
|
1577
|
-
|
1578
|
-
|
1579
|
-
# Ruby 2.0 or YAML doesn't like my class-level method_missing for some reason
|
1580
|
-
class <<self
|
1581
|
-
public :allocate
|
1582
|
-
end
|
1583
|
-
|
1584
|
-
private
|
1585
|
-
|
1586
386
|
def normalize_name( name )
|
1587
|
-
name.to_s.gsub( '@', '' )
|
387
|
+
name.to_s.gsub( '@', '' ).to_sym
|
1588
388
|
end
|
1589
389
|
|
1590
390
|
end
|