RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/browser_cluster.rb CHANGED

@@ -6,8 +6,6 @@
     web site for more information on licensing and terms of use.
 =end
-require 'monitor'
 module Arachni
 # Real browser driver providing DOM/JS/AJAX support.
@@ -63,10 +61,6 @@ class BrowserCluster
     #   List of crawled URLs with their HTTP codes.
     attr_reader :sitemap
-    # @return   [String]
-    #   Javascript token used to namespace the custom JS environment.
-    attr_reader :javascript_token
     # @return   [Array<Worker>]
     #   Worker pool.
     attr_reader :workers
@@ -87,6 +81,8 @@ class BrowserCluster
     #
     # @raise    ArgumentError   On missing `:handler` option.
     def initialize( options = {} )
+        super()
         {
             pool_size: Options.browser_cluster.pool_size
         }.merge( options ).each do |k, v|
@@ -122,15 +118,16 @@ class BrowserCluster
         @mutex       = Monitor.new
         @done_signal = Queue.new
-        # Javascript token to share across all workers, this needs to be static
-        # because of the browsers' disk-cache which leads to cached responses
-        # being used between runs.
-        @javascript_token = 'arachni_js_namespace'
         @consumed_pids = []
         initialize_workers
     end
+    # @return   [String]
+    #   Javascript token used to namespace the custom JS environment.
+    def javascript_token
+        Browser::Javascript::TOKEN
+    end
     # @note Operates in non-blocking mode.
     #
     # @param    [Block] block
@@ -154,6 +151,8 @@ class BrowserCluster
         synchronize do
             print_debug "Queueing: #{job}"
+            notify_on_queue job
             @pending_job_counter  += 1
             @pending_jobs[job.id] += 1
             @job_callbacks[job.id] = block if block
@@ -168,6 +167,14 @@ class BrowserCluster
         nil
     end
+    # def on_queue( &block )
+        # synchronize { @on_queue << block }
+    # end
+    # def on_job_done( &block )
+        # synchronize { @on_job_done << block }
+    # end
     # @param    [Page, String, HTTP::Response]  resource
     #   Resource to explore, if given a `String` it will be treated it as a URL
     #   and will be loaded.
@@ -206,6 +213,8 @@ class BrowserCluster
         synchronize do
             print_debug "Job done: #{job}"
+            notify_on_job_done job
             if !job.never_ending?
                 @skip_states_per_job.delete job.id
                 @job_callbacks.delete job.id
@@ -299,6 +308,7 @@ class BrowserCluster
     # @private
     def pop
         {} while job_done?( job = @jobs.pop )
+        notify_on_pop job
         job
     end
@@ -365,6 +375,23 @@ class BrowserCluster
     private
+    def notify_on_queue( job )
+        return if !@on_queue
+        @on_queue.call job
+    end
+    def notify_on_job_done( job )
+        return if !@on_job_done
+        @on_job_done.call job
+    end
+    def notify_on_pop( job )
+        return if !@on_pop
+        @on_pop.call job
+    end
     def fail_if_shutdown
         fail Error::AlreadyShutdown, 'Cluster has been shut down.' if @shutdown
     end
@@ -389,10 +416,9 @@ class BrowserCluster
         @workers = []
         pool_size.times do |i|
             worker = Worker.new(
-                javascript_token: @javascript_token,
-                master:           self,
-                width:            Options.browser_cluster.screen_width,
-                height:           Options.browser_cluster.screen_height
+                master: self,
+                width:  Options.browser_cluster.screen_width,
+                height: Options.browser_cluster.screen_height
             )
             @workers << worker
             @consumed_pids << worker.pid

data/lib/arachni/browser_cluster/job.rb CHANGED

@@ -101,6 +101,10 @@ class Job
     # @param    [Hash]  data
     #   Used to initialize the {Result}.
     def save_result( data )
+        # Results coming in after the job has already finished won't have a
+        # browser.
+        return if !browser
         browser.master.handle_job_result(
             self.class::Result.new( data.merge( job: self.clean_copy ) )
         )

data/lib/arachni/browser_cluster/jobs/resource_exploration.rb CHANGED

@@ -36,15 +36,6 @@ class ResourceExploration < Job
         browser.trigger_events
     end
-    def resource=( resource )
-        # Get a copy of the page with the caches cleared, this way when the
-        # modules (or anything else) lazy-load elements and populate the caches
-        # there won't be any lingering references to them from the more time
-        # consuming browser analysis.
-        resource = resource.dup if resource.is_a? Page
-        @resource = resource
-    end
     def dup
         super.tap { |j| j.resource = resource }
     end

data/lib/arachni/browser_cluster/worker.rb CHANGED

@@ -45,7 +45,6 @@ class Worker < Arachni::Browser
     attr_reader   :time_to_live
     def initialize( options = {} )
-        javascript_token  = options.delete( :javascript_token )
         @master           = options.delete( :master )
         @max_time_to_live = options.delete( :max_time_to_live ) ||
@@ -59,8 +58,6 @@ class Worker < Arachni::Browser
         # as soon as they're logged.
         super options.merge( store_pages: false )
-        @javascript.token = javascript_token
         @done_signal = Queue.new
         start_capture
@@ -90,13 +87,19 @@ class Worker < Arachni::Browser
                 exception_jail false do
                     begin
                         @job.configure_and_run( self )
-                    rescue Selenium::WebDriver::Error::WebDriverError
+                    rescue Selenium::WebDriver::Error::WebDriverError,
+                        Watir::Exception::Error => e
+                        print_debug "Error while processing job: #{@job}"
+                        print_debug
+                        print_debug_exception e
                         browser_respawn
                     end
                 end
             end
         rescue TimeoutError => e
-            print_debug "Job timed-out after #{@job_timeout} seconds: #{@job}"
+            print_bad "Job timed-out after #{@job_timeout} seconds: #{@job}"
             # Could have left us with a broken browser.
             browser_respawn

data/lib/arachni/check/auditor.rb CHANGED

@@ -80,16 +80,21 @@ module Auditor
             #   Element types to check for.
             #
             # @return   [Bool]
-            def self.check?( page, restrict_to_elements = nil )
+            def self.check?( page, restrict_to_elements = nil, ignore_dom_depth = false )
                 return false if issue_limit_reached?
                 return true  if elements.empty?
                 audit                = Arachni::Options.audit
                 restrict_to_elements = [restrict_to_elements].flatten.compact
+                # We use procs to make the decisions to avoid loading the page
+                # element caches unless it's absolutely necessary.
+                #
+                # Also, it's better to audit Form & Cookie DOM elements only
+                # after the page has gone through the browser, because then
+                # we'll have some context in the metadata which can help us
+                # optimize DOM audits.
                 {
-                    # We use procs to make the decision, to avoid loading the page
-                    # element caches unless it's absolutely necessary.
                     Element::Link              =>
                         proc { audit.links?     && !!page.links.find { |e| e.inputs.any? } },
                     Element::Link::DOM         =>
@@ -97,20 +102,22 @@ module Auditor
                     Element::Form              =>
                         proc { audit.forms? && !!page.forms.find { |e| e.inputs.any? } },
                     Element::Form::DOM         =>
-                        proc { audit.form_doms? && page.has_script? && !!page.forms.find(&:dom) },
+                        proc { (ignore_dom_depth || page.dom.depth > 0) &&
+                            audit.form_doms? && page.has_script? && !!page.forms.find(&:dom) },
                     Element::Cookie            =>
                         proc { audit.cookies? && page.cookies.any? },
                     Element::Cookie::DOM       =>
-                        proc { audit.cookie_doms? && page.has_script? && page.cookies.any? },
+                        proc { (ignore_dom_depth || page.dom.depth > 0) &&
+                            audit.cookie_doms? && page.has_script? && page.cookies.any? },
                     Element::Header            =>
                         proc { audit.headers? && page.headers.any? },
                     Element::LinkTemplate      =>
                         proc { audit.link_templates? && page.link_templates.find { |e| e.inputs.any? } },
                     Element::LinkTemplate::DOM =>
                         proc { audit.link_template_doms? && !!page.link_templates.find(&:dom) },
-                    Element::JSON      =>
+                    Element::JSON              =>
                         proc { audit.jsons? && page.jsons.find { |e| e.inputs.any? } },
-                    Element::XML      =>
+                    Element::XML               =>
                         proc { audit.xmls? && page.xmls.find { |e| e.inputs.any? } },
                     Element::Body              => !page.body.empty?,
                     Element::GenericDOM        => page.has_script?,
@@ -348,17 +355,22 @@ module Auditor
     #       If `false`, a message will be printed to stdout containing the status of
     #       the operation.
     #
+    # @return   [Issue]
+    #
     # @see #log_issue
     def log_remote_file( page_or_response, silent = false )
         page = page_or_response.is_a?( Page ) ?
             page_or_response : page_or_response.to_page
-        log_issue(
+        issue = log_issue(
             vector: Element::Server.new( page.url ),
+            proof:  page.response.status_line,
             page:   page
         )
         print_ok( "Found #{page.url}" ) if !silent
+        issue
     end
     alias :log_remote_directory :log_remote_file

data/lib/arachni/check/base.rb CHANGED

@@ -152,18 +152,50 @@ class Base < Component::Base
             @platforms ||= [info[:platforms]].flatten.compact
         end
-        # @param    [Array<Symbol, String>]     platforms
+        # @return   [Bool]
+        #   `true` if the check has specified platforms for which it does not apply.
+        #
+        # @see .platforms
+        def has_exempt_platforms?
+            exempt_platforms.any?
+        end
+        # @return   [Array<Symbol>]
+        #   Platforms not applicable to this check.
+        #
+        # @see .info
+        def exempt_platforms
+            @exempt_platforms ||= [info[:exempt_platforms]].flatten.compact
+        end
+        # @param    [Array<Symbol, String>]     resource_platforms
         #   List of platforms to check for support.
         #
         # @return   [Boolean]
         #   `true` if any of the given platforms are supported, `false` otherwise.
-        def supports_platforms?( platforms )
-            return true if platforms.empty? || !has_platforms?
+        def supports_platforms?( resource_platforms )
+            if resource_platforms.any? && has_exempt_platforms?
+                manager = Platform::Manager.new( exempt_platforms )
+                resource_platforms.each do |p|
+                    # When we check for exempt platforms we're looking for info
+                    # from the same type.
+                    ptype = Platform::Manager.find_type( p )
+                    type_manager = manager.send( ptype )
+                    return false if type_manager.pick( p => true ).any?
+                end
+            end
+            return true if resource_platforms.empty? || !has_platforms?
             # Determine if we've got anything for the given platforms, the same
             # way payloads are picked.
-            foo_data = self.platforms.inject({}) { |h, platform| h.merge!( platform => true ) }
-            Platform::Manager.new( platforms ).pick( foo_data ).any?
+            foo_data = self.platforms.
+                inject({}) { |h, platform| h.merge!( platform => true ) }
+            Platform::Manager.new( resource_platforms ).pick( foo_data ).any?
         end
         # @return   [Array<Symbol>]
@@ -193,7 +225,7 @@ class Base < Component::Base
         # @private
         def clear_info_cache
-            @elements = @platforms = nil
+            @elements = @exempt_platforms = @platforms = nil
         end
     end

data/lib/arachni/element/base.rb CHANGED

@@ -38,6 +38,19 @@ class Base
     include Capabilities::WithScope
+    # Maximum element size in bytes.
+    # Anything larger than this should be exempt from parse and storage or have
+    # its value ignored.
+    #
+    # During the audit, thousands of copies will be generated and the same
+    # amount of HTP requests will be stored in the HTTP::Client queue.
+    # Thus, elements with inputs of excessive size will lead to excessive RAM
+    # consumption.
+    #
+    # This will almost never be necessary, but there have been cases of
+    # buggy `_VIEWSTATE` inputs that grow infinitely.
+    MAX_SIZE = 10_000
     # @return     [Page]
     #   Page this element belongs to.
     attr_accessor :page
@@ -124,7 +137,7 @@ class Base
     # @return   [Symbol]
     #   Element type.
     def self.type
-        name.split( ':' ).last.downcase.to_sym
+        @type ||= name.split( ':' ).last.downcase.to_sym
     end
     def dup
@@ -189,6 +202,10 @@ class Base
         instance
     end
+    def self.too_big?( element )
+        (element.is_a?( Numeric ) ? element : element.to_s.size) >= MAX_SIZE
+    end
 end
 end
 end

data/lib/arachni/element/capabilities/analyzable/differential.rb CHANGED

@@ -28,7 +28,6 @@ module Differential
     end
     DIFFERENTIAL_OPTIONS =  {
-        # Append our seeds to the default values.
         format:         [Mutable::Format::STRAIGHT],
         # Amount of refinement operations to remove context-irrelevant dynamic

data/lib/arachni/element/capabilities/analyzable/taint.rb CHANGED

@@ -15,6 +15,10 @@ module Analyzable
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module Taint
+    TAINT_CACHE = {
+        match: Support::Cache::LeastRecentlyPushed.new( 10_000 )
+    }
     TAINT_OPTIONS = {
         # The regular expression to match against the response body.
         #
@@ -99,28 +103,38 @@ module Taint
     end
     def match_patterns( patterns, matcher, response, opts )
+        k = [patterns, response.body]
+        return if TAINT_CACHE[:match][k] == false
         if opts[:longest_word_optimization]
             opts[:downcased_body] = response.body.downcase
         end
         case patterns
             when Regexp, String, Array
-                [patterns].flatten.compact.
-                    each { |pattern| matcher.call( pattern, response, opts ) }
+                [patterns].flatten.compact.each do |pattern|
+                    res = matcher.call( pattern, response, opts )
+                    TAINT_CACHE[:match][k] ||= !!res
+                end
             when Hash
                 if opts[:platform] && patterns[opts[:platform]]
                     [patterns[opts[:platform]]].flatten.compact.each do |p|
-                        [p].flatten.compact.
-                            each { |pattern| matcher.call( pattern, response, opts ) }
+                        [p].flatten.compact.each do |pattern|
+                            res = matcher.call( pattern, response, opts )
+                            TAINT_CACHE[:match][k] ||= !!res
+                        end
                     end
                 else
                     patterns.each do |platform, p|
                         dopts = opts.dup
                         dopts[:platform] = platform
-                        [p].flatten.compact.
-                            each { |pattern| matcher.call( pattern, response, dopts ) }
+                        [p].flatten.compact.each do |pattern|
+                            res = matcher.call( pattern, response, dopts )
+                            TAINT_CACHE[:match][k] ||= !!res
+                        end
                     end
                 end
@@ -133,15 +147,22 @@ module Taint
                         dopts = opts.dup
                         dopts[:platform] = platform
-                        [p].flatten.compact.
-                            each { |pattern| matcher.call( pattern, response, dopts ) }
+                        [p].flatten.compact.each do |pattern|
+                            res = matcher.call( pattern, response, dopts )
+                            TAINT_CACHE[:match][k] ||= !!res
+                        end
                     end
         end
     end
     def match_substring_and_log( substring, response, opts )
         return if substring.to_s.empty?
-        return if !response.body.include?( substring ) || ignore?( response, opts )
+        k = [substring, response.body]
+        return if TAINT_CACHE[:match][k] == false
+        TAINT_CACHE[:match][k] = includes = response.body.include?( substring )
+        return if !includes || ignore?( response, opts )
         @candidate_issues << {
             response:  response,
@@ -151,9 +172,14 @@ module Taint
             vector:    response.request.performer
         }
         setup_verification_callbacks
+        true
     end
     def match_regexp_and_log( regexp, response, opts )
+        k = [regexp, response.body]
+        return if TAINT_CACHE[:match][k] == false
         regexp = regexp.is_a?( Regexp ) ? regexp :
             Regexp.new( regexp.to_s, Regexp::IGNORECASE )
@@ -166,7 +192,9 @@ module Taint
         match_data = match_data[0].to_s
-        return if match_data.to_s.empty? || ignore?( response, opts )
+        TAINT_CACHE[:match][k] = !match_data.empty?
+        return if match_data.empty? || ignore?( response, opts )
         @candidate_issues << {
             response:  response,
@@ -176,6 +204,8 @@ module Taint
             vector:    response.request.performer
         }
         setup_verification_callbacks
+        true
     end
     def ignore?( res, opts )