arachni 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +42 -0
- data/README.md +8 -4
- data/bin/arachni_console +1 -1
- data/components/checks/active/no_sql_injection.rb +4 -4
- data/components/checks/passive/common_directories/directories.txt +1 -0
- data/components/checks/passive/common_files/filenames.txt +1 -0
- data/components/plugins/login_script.rb +156 -0
- data/components/reporters/plugin_formatters/html/login_script.rb +48 -0
- data/components/reporters/plugin_formatters/stdout/login_script.rb +23 -0
- data/components/reporters/plugin_formatters/xml/login_script.rb +26 -0
- data/components/reporters/xml/schema.xsd +17 -0
- data/lib/arachni/browser.rb +7 -4
- data/lib/arachni/browser/javascript.rb +40 -4
- data/lib/arachni/browser/javascript/proxy.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +14 -4
- data/lib/arachni/check/auditor.rb +24 -7
- data/lib/arachni/check/manager.rb +6 -0
- data/lib/arachni/framework.rb +54 -6
- data/lib/arachni/http/client.rb +41 -23
- data/lib/arachni/http/headers.rb +5 -1
- data/lib/arachni/http/message.rb +0 -7
- data/lib/arachni/http/request.rb +40 -32
- data/lib/arachni/http/response.rb +8 -1
- data/lib/arachni/platform/manager.rb +7 -0
- data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
- data/lib/arachni/session.rb +88 -58
- data/lib/arachni/state/framework.rb +34 -5
- data/lib/arachni/support/profiler.rb +2 -0
- data/lib/arachni/uri.rb +2 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript_spec.rb +15 -0
- data/spec/arachni/check/manager_spec.rb +17 -0
- data/spec/arachni/framework_spec.rb +4 -2
- data/spec/arachni/http/client_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +80 -37
- data/spec/arachni/state/framework_spec.rb +34 -1
- data/spec/arachni/uri_spec.rb +7 -0
- data/spec/components/plugins/login_script_spec.rb +157 -0
- data/spec/support/servers/plugins/login_script.rb +13 -0
- data/ui/cli/output.rb +26 -9
- metadata +11 -3
data/ui/cli/output.rb
CHANGED
|
@@ -48,6 +48,8 @@ module Output
|
|
|
48
48
|
end
|
|
49
49
|
@@error_fd = nil
|
|
50
50
|
|
|
51
|
+
@@error_buffer = []
|
|
52
|
+
|
|
51
53
|
@@error_logfile = "#{Options.paths.logs}error-#{Process.pid}.log"
|
|
52
54
|
end
|
|
53
55
|
|
|
@@ -112,26 +114,41 @@ module Output
|
|
|
112
114
|
if !@@error_log_written_env
|
|
113
115
|
@@error_log_written_env = true
|
|
114
116
|
|
|
115
|
-
|
|
116
|
-
|
|
117
|
+
['', "#{Time.now} " + ( '-' * 80 )].each do |s|
|
|
118
|
+
error_log_fd.puts s
|
|
119
|
+
@@error_buffer << s
|
|
120
|
+
end
|
|
117
121
|
|
|
118
122
|
begin
|
|
119
123
|
h = {}
|
|
120
124
|
ENV.each { |k, v| h[k] = v }
|
|
121
|
-
error_log_fd.puts 'ENV:'
|
|
122
|
-
error_log_fd.puts h.to_yaml
|
|
123
|
-
|
|
124
|
-
error_log_fd.puts '-' * 80
|
|
125
125
|
|
|
126
|
-
|
|
127
|
-
|
|
126
|
+
options = Arachni::Options.to_rpc_data
|
|
127
|
+
if options['http']['authentication_username']
|
|
128
|
+
options['http']['authentication_username'] = '*****'
|
|
129
|
+
options['http']['authentication_password'] =
|
|
130
|
+
options['http']['authentication_username']
|
|
131
|
+
end
|
|
132
|
+
options = options.to_yaml
|
|
133
|
+
|
|
134
|
+
['ENV:', h.to_yaml, '-' * 80, 'OPTIONS:', options].each do |s|
|
|
135
|
+
error_log_fd.puts s
|
|
136
|
+
@@error_buffer += s.split("\n")
|
|
137
|
+
end
|
|
128
138
|
rescue
|
|
129
139
|
end
|
|
130
140
|
|
|
131
141
|
error_log_fd.puts '-' * 80
|
|
142
|
+
@@error_buffer << '-' * 80
|
|
132
143
|
end
|
|
133
144
|
|
|
134
|
-
|
|
145
|
+
t = "[#{Time.now}]"
|
|
146
|
+
@@error_buffer << "#{t} #{str}"
|
|
147
|
+
print_color( t, 31, str, error_log_fd, true )
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def error_buffer
|
|
151
|
+
@@error_buffer
|
|
135
152
|
end
|
|
136
153
|
|
|
137
154
|
# Used to draw attention to a bad situation which isn't an error.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: arachni
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tasos Laskos
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-11-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -436,6 +436,7 @@ files:
|
|
|
436
436
|
- components/plugins/email_notify.rb
|
|
437
437
|
- components/plugins/form_dicattack.rb
|
|
438
438
|
- components/plugins/http_dicattack.rb
|
|
439
|
+
- components/plugins/login_script.rb
|
|
439
440
|
- components/plugins/proxy.rb
|
|
440
441
|
- components/plugins/proxy/panel/403_forbidden.html.erb
|
|
441
442
|
- components/plugins/proxy/panel/404_not_found.html.erb
|
|
@@ -524,6 +525,7 @@ files:
|
|
|
524
525
|
- components/reporters/plugin_formatters/html/form_dicattack.rb
|
|
525
526
|
- components/reporters/plugin_formatters/html/healthmap.rb
|
|
526
527
|
- components/reporters/plugin_formatters/html/http_dicattack.rb
|
|
528
|
+
- components/reporters/plugin_formatters/html/login_script.rb
|
|
527
529
|
- components/reporters/plugin_formatters/html/uncommon_headers.rb
|
|
528
530
|
- components/reporters/plugin_formatters/html/uniformity.rb
|
|
529
531
|
- components/reporters/plugin_formatters/html/waf_detector.rb
|
|
@@ -533,6 +535,7 @@ files:
|
|
|
533
535
|
- components/reporters/plugin_formatters/stdout/form_dicattack.rb
|
|
534
536
|
- components/reporters/plugin_formatters/stdout/healthmap.rb
|
|
535
537
|
- components/reporters/plugin_formatters/stdout/http_dicattack.rb
|
|
538
|
+
- components/reporters/plugin_formatters/stdout/login_script.rb
|
|
536
539
|
- components/reporters/plugin_formatters/stdout/uncommon_headers.rb
|
|
537
540
|
- components/reporters/plugin_formatters/stdout/uniformity.rb
|
|
538
541
|
- components/reporters/plugin_formatters/stdout/waf_detector.rb
|
|
@@ -542,6 +545,7 @@ files:
|
|
|
542
545
|
- components/reporters/plugin_formatters/xml/form_dicattack.rb
|
|
543
546
|
- components/reporters/plugin_formatters/xml/healthmap.rb
|
|
544
547
|
- components/reporters/plugin_formatters/xml/http_dicattack.rb
|
|
548
|
+
- components/reporters/plugin_formatters/xml/login_script.rb
|
|
545
549
|
- components/reporters/plugin_formatters/xml/uncommon_headers.rb
|
|
546
550
|
- components/reporters/plugin_formatters/xml/uniformity.rb
|
|
547
551
|
- components/reporters/plugin_formatters/xml/waf_detector.rb
|
|
@@ -1024,6 +1028,7 @@ files:
|
|
|
1024
1028
|
- spec/components/plugins/form_dicattack_spec.rb
|
|
1025
1029
|
- spec/components/plugins/healthmap_spec.rb
|
|
1026
1030
|
- spec/components/plugins/http_dicattack_spec.rb
|
|
1031
|
+
- spec/components/plugins/login_script_spec.rb
|
|
1027
1032
|
- spec/components/plugins/meta/remedies/discovery_spec.rb
|
|
1028
1033
|
- spec/components/plugins/meta/remedies/timing_attacks_spec.rb
|
|
1029
1034
|
- spec/components/plugins/meta/uniformity_spec.rb
|
|
@@ -1268,6 +1273,7 @@ files:
|
|
|
1268
1273
|
- spec/support/servers/plugins/http_dicattack.rb
|
|
1269
1274
|
- spec/support/servers/plugins/http_dicattack_secure.rb
|
|
1270
1275
|
- spec/support/servers/plugins/http_dicattack_unprotected.rb
|
|
1276
|
+
- spec/support/servers/plugins/login_script.rb
|
|
1271
1277
|
- spec/support/servers/plugins/meta/remedies/discovery.rb
|
|
1272
1278
|
- spec/support/servers/plugins/meta/remedies/timing_attacks.rb
|
|
1273
1279
|
- spec/support/servers/plugins/uncommon_headers.rb
|
|
@@ -1355,7 +1361,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
1355
1361
|
version: '0'
|
|
1356
1362
|
requirements: []
|
|
1357
1363
|
rubyforge_project:
|
|
1358
|
-
rubygems_version: 2.4.
|
|
1364
|
+
rubygems_version: 2.4.3
|
|
1359
1365
|
signing_key:
|
|
1360
1366
|
specification_version: 4
|
|
1361
1367
|
summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed
|
|
@@ -1424,6 +1430,7 @@ test_files:
|
|
|
1424
1430
|
- spec/support/servers/plugins/http_dicattack_unprotected.rb
|
|
1425
1431
|
- spec/support/servers/plugins/autologin.rb
|
|
1426
1432
|
- spec/support/servers/plugins/uncommon_headers.rb
|
|
1433
|
+
- spec/support/servers/plugins/login_script.rb
|
|
1427
1434
|
- spec/support/servers/plugins/http_dicattack.rb
|
|
1428
1435
|
- spec/support/servers/plugins/meta/remedies/timing_attacks.rb
|
|
1429
1436
|
- spec/support/servers/plugins/meta/remedies/discovery.rb
|
|
@@ -1635,6 +1642,7 @@ test_files:
|
|
|
1635
1642
|
- spec/components/plugins/script_spec.rb
|
|
1636
1643
|
- spec/components/plugins/cookie_collector_spec.rb
|
|
1637
1644
|
- spec/components/plugins/uncommon_headers_spec.rb
|
|
1645
|
+
- spec/components/plugins/login_script_spec.rb
|
|
1638
1646
|
- spec/components/plugins/autologin_spec.rb
|
|
1639
1647
|
- spec/components/plugins/meta/uniformity_spec.rb
|
|
1640
1648
|
- spec/components/plugins/meta/remedies/discovery_spec.rb
|