RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/browser_cluster.rb CHANGED

@@ -6,8 +6,6 @@
     web site for more information on licensing and terms of use.
 =end
-require 'monitor'
 module Arachni
 # Real browser driver providing DOM/JS/AJAX support.
@@ -63,10 +61,6 @@ class BrowserCluster
     #   List of crawled URLs with their HTTP codes.
     attr_reader :sitemap
-    # @return   [String]
-    #   Javascript token used to namespace the custom JS environment.
-    attr_reader :javascript_token
     # @return   [Array<Worker>]
     #   Worker pool.
     attr_reader :workers
@@ -87,6 +81,8 @@ class BrowserCluster
     #
     # @raise    ArgumentError   On missing `:handler` option.
     def initialize( options = {} )
+        super()
         {
             pool_size: Options.browser_cluster.pool_size
         }.merge( options ).each do |k, v|
@@ -122,15 +118,16 @@ class BrowserCluster
         @mutex       = Monitor.new
         @done_signal = Queue.new
-        # Javascript token to share across all workers, this needs to be static
-        # because of the browsers' disk-cache which leads to cached responses
-        # being used between runs.
-        @javascript_token = 'arachni_js_namespace'
         @consumed_pids = []
         initialize_workers
     end
+    # @return   [String]
+    #   Javascript token used to namespace the custom JS environment.
+    def javascript_token
+        Browser::Javascript::TOKEN
+    end
     # @note Operates in non-blocking mode.
     #
     # @param    [Block] block
@@ -154,6 +151,8 @@ class BrowserCluster
         synchronize do
             print_debug "Queueing: #{job}"
+            notify_on_queue job
             @pending_job_counter  += 1
             @pending_jobs[job.id] += 1
             @job_callbacks[job.id] = block if block
@@ -168,6 +167,14 @@ class BrowserCluster
         nil
     end
+    # def on_queue( &block )
+        # synchronize { @on_queue << block }
+    # end
+    # def on_job_done( &block )
+        # synchronize { @on_job_done << block }
+    # end
     # @param    [Page, String, HTTP::Response]  resource
     #   Resource to explore, if given a `String` it will be treated it as a URL
     #   and will be loaded.
@@ -206,6 +213,8 @@ class BrowserCluster
         synchronize do
             print_debug "Job done: #{job}"
+            notify_on_job_done job
             if !job.never_ending?
                 @skip_states_per_job.delete job.id
                 @job_callbacks.delete job.id
@@ -299,6 +308,7 @@ class BrowserCluster
     # @private
     def pop
         {} while job_done?( job = @jobs.pop )
+        notify_on_pop job
         job
     end
@@ -365,6 +375,23 @@ class BrowserCluster
     private
+    def notify_on_queue( job )
+        return if !@on_queue
+        @on_queue.call job
+    end
+    def notify_on_job_done( job )
+        return if !@on_job_done
+        @on_job_done.call job
+    end
+    def notify_on_pop( job )
+        return if !@on_pop
+        @on_pop.call job
+    end
     def fail_if_shutdown
         fail Error::AlreadyShutdown, 'Cluster has been shut down.' if @shutdown
     end
@@ -389,10 +416,9 @@ class BrowserCluster
         @workers = []
         pool_size.times do |i|
             worker = Worker.new(
-                javascript_token: @javascript_token,
-                master:           self,
-                width:            Options.browser_cluster.screen_width,
-                height:           Options.browser_cluster.screen_height
+                master: self,
+                width:  Options.browser_cluster.screen_width,
+                height: Options.browser_cluster.screen_height
             )
             @workers << worker
             @consumed_pids << worker.pid

data/lib/arachni/browser_cluster/job.rb CHANGED

@@ -101,6 +101,10 @@ class Job
     # @param    [Hash]  data
     #   Used to initialize the {Result}.
     def save_result( data )
+        # Results coming in after the job has already finished won't have a
+        # browser.
+        return if !browser
         browser.master.handle_job_result(
             self.class::Result.new( data.merge( job: self.clean_copy ) )
         )

data/lib/arachni/browser_cluster/jobs/resource_exploration.rb CHANGED

@@ -36,15 +36,6 @@ class ResourceExploration < Job
         browser.trigger_events
     end
-    def resource=( resource )
-        # Get a copy of the page with the caches cleared, this way when the
-        # modules (or anything else) lazy-load elements and populate the caches
-        # there won't be any lingering references to them from the more time
-        # consuming browser analysis.
-        resource = resource.dup if resource.is_a? Page
-        @resource = resource
-    end
     def dup
         super.tap { |j| j.resource = resource }
     end

data/lib/arachni/browser_cluster/worker.rb CHANGED

@@ -45,7 +45,6 @@ class Worker < Arachni::Browser
     attr_reader   :time_to_live
     def initialize( options = {} )
-        javascript_token  = options.delete( :javascript_token )
         @master           = options.delete( :master )
         @max_time_to_live = options.delete( :max_time_to_live ) ||
@@ -59,8 +58,6 @@ class Worker < Arachni::Browser
         # as soon as they're logged.
         super options.merge( store_pages: false )
-        @javascript.token = javascript_token
         @done_signal = Queue.new
         start_capture
@@ -90,13 +87,19 @@ class Worker < Arachni::Browser
                 exception_jail false do
                     begin
                         @job.configure_and_run( self )
-                    rescue Selenium::WebDriver::Error::WebDriverError
+                    rescue Selenium::WebDriver::Error::WebDriverError,
+                        Watir::Exception::Error => e
+                        print_debug "Error while processing job: #{@job}"
+                        print_debug
+                        print_debug_exception e
                         browser_respawn
                     end
                 end
             end
         rescue TimeoutError => e
-            print_debug "Job timed-out after #{@job_timeout} seconds: #{@job}"
+            print_bad "Job timed-out after #{@job_timeout} seconds: #{@job}"
             # Could have left us with a broken browser.
             browser_respawn

data/lib/arachni/check/auditor.rb CHANGED

@@ -80,16 +80,21 @@ module Auditor
             #   Element types to check for.
             #
             # @return   [Bool]
-            def self.check?( page, restrict_to_elements = nil )
+            def self.check?( page, restrict_to_elements = nil, ignore_dom_depth = false )
                 return false if issue_limit_reached?
                 return true  if elements.empty?
                 audit                = Arachni::Options.audit
                 restrict_to_elements = [restrict_to_elements].flatten.compact
+                # We use procs to make the decisions to avoid loading the page
+                # element caches unless it's absolutely necessary.
+                #
+                # Also, it's better to audit Form & Cookie DOM elements only
+                # after the page has gone through the browser, because then
+                # we'll have some context in the metadata which can help us
+                # optimize DOM audits.
                 {
-                    # We use procs to make the decision, to avoid loading the page
-                    # element caches unless it's absolutely necessary.
                     Element::Link              =>
                         proc { audit.links?     && !!page.links.find { |e| e.inputs.any? } },
                     Element::Link::DOM         =>
@@ -97,20 +102,22 @@ module Auditor
                     Element::Form              =>
                         proc { audit.forms? && !!page.forms.find { |e| e.inputs.any? } },
                     Element::Form::DOM         =>
-                        proc { audit.form_doms? && page.has_script? && !!page.forms.find(&:dom) },
+                        proc { (ignore_dom_depth || page.dom.depth > 0) &&
+                            audit.form_doms? && page.has_script? && !!page.forms.find(&:dom) },
                     Element::Cookie            =>
                         proc { audit.cookies? && page.cookies.any? },
                     Element::Cookie::DOM       =>
-                        proc { audit.cookie_doms? && page.has_script? && page.cookies.any? },
+                        proc { (ignore_dom_depth || page.dom.depth > 0) &&
+                            audit.cookie_doms? && page.has_script? && page.cookies.any? },
                     Element::Header            =>
                         proc { audit.headers? && page.headers.any? },
                     Element::LinkTemplate      =>
                         proc { audit.link_templates? && page.link_templates.find { |e| e.inputs.any? } },
                     Element::LinkTemplate::DOM =>
                         proc { audit.link_template_doms? && !!page.link_templates.find(&:dom) },
-                    Element::JSON      =>
+                    Element::JSON              =>
                         proc { audit.jsons? && page.jsons.find { |e| e.inputs.any? } },
-                    Element::XML      =>
+                    Element::XML               =>
                         proc { audit.xmls? && page.xmls.find { |e| e.inputs.any? } },
                     Element::Body              => !page.body.empty?,
                     Element::GenericDOM        => page.has_script?,
@@ -348,17 +355,22 @@ module Auditor
     #       If `false`, a message will be printed to stdout containing the status of
     #       the operation.
     #
+    # @return   [Issue]
+    #
     # @see #log_issue
     def log_remote_file( page_or_response, silent = false )
         page = page_or_response.is_a?( Page ) ?
             page_or_response : page_or_response.to_page
-        log_issue(
+        issue = log_issue(
             vector: Element::Server.new( page.url ),
+            proof:  page.response.status_line,
             page:   page
         )
         print_ok( "Found #{page.url}" ) if !silent
+        issue
     end
     alias :log_remote_directory :log_remote_file

data/lib/arachni/check/base.rb CHANGED

@@ -152,18 +152,50 @@ class Base < Component::Base
             @platforms ||= [info[:platforms]].flatten.compact
         end
-        # @param    [Array<Symbol, String>]     platforms
+        # @return   [Bool]
+        #   `true` if the check has specified platforms for which it does not apply.
+        #
+        # @see .platforms
+        def has_exempt_platforms?
+            exempt_platforms.any?
+        end
+        # @return   [Array<Symbol>]
+        #   Platforms not applicable to this check.
+        #
+        # @see .info
+        def exempt_platforms
+            @exempt_platforms ||= [info[:exempt_platforms]].flatten.compact
+        end
+        # @param    [Array<Symbol, String>]     resource_platforms
         #   List of platforms to check for support.
         #
         # @return   [Boolean]
         #   `true` if any of the given platforms are supported, `false` otherwise.
-        def supports_platforms?( platforms )
-            return true if platforms.empty? || !has_platforms?
+        def supports_platforms?( resource_platforms )
+            if resource_platforms.any? && has_exempt_platforms?
+                manager = Platform::Manager.new( exempt_platforms )
+                resource_platforms.each do |p|
+                    # When we check for exempt platforms we're looking for info
+                    # from the same type.
+                    ptype = Platform::Manager.find_type( p )
+                    type_manager = manager.send( ptype )
+                    return false if type_manager.pick( p => true ).any?
+                end
+            end
+            return true if resource_platforms.empty? || !has_platforms?
             # Determine if we've got anything for the given platforms, the same
             # way payloads are picked.
-            foo_data = self.platforms.inject({}) { |h, platform| h.merge!( platform => true ) }
-            Platform::Manager.new( platforms ).pick( foo_data ).any?
+            foo_data = self.platforms.
+                inject({}) { |h, platform| h.merge!( platform => true ) }
+            Platform::Manager.new( resource_platforms ).pick( foo_data ).any?
         end
         # @return   [Array<Symbol>]
@@ -193,7 +225,7 @@ class Base < Component::Base
         # @private
         def clear_info_cache
-            @elements = @platforms = nil
+            @elements = @exempt_platforms = @platforms = nil
         end
     end

data/lib/arachni/element/base.rb CHANGED

@@ -38,6 +38,19 @@ class Base
     include Capabilities::WithScope
+    # Maximum element size in bytes.
+    # Anything larger than this should be exempt from parse and storage or have
+    # its value ignored.
+    #
+    # During the audit, thousands of copies will be generated and the same
+    # amount of HTP requests will be stored in the HTTP::Client queue.
+    # Thus, elements with inputs of excessive size will lead to excessive RAM
+    # consumption.
+    #
+    # This will almost never be necessary, but there have been cases of
+    # buggy `_VIEWSTATE` inputs that grow infinitely.
+    MAX_SIZE = 10_000
     # @return     [Page]
     #   Page this element belongs to.
     attr_accessor :page
@@ -124,7 +137,7 @@ class Base
     # @return   [Symbol]
     #   Element type.
     def self.type
-        name.split( ':' ).last.downcase.to_sym
+        @type ||= name.split( ':' ).last.downcase.to_sym
     end
     def dup
@@ -189,6 +202,10 @@ class Base
         instance
     end
+    def self.too_big?( element )
+        (element.is_a?( Numeric ) ? element : element.to_s.size) >= MAX_SIZE
+    end
 end
 end
 end

data/lib/arachni/element/capabilities/analyzable/differential.rb CHANGED

@@ -28,7 +28,6 @@ module Differential
     end
     DIFFERENTIAL_OPTIONS =  {
-        # Append our seeds to the default values.
         format:         [Mutable::Format::STRAIGHT],
         # Amount of refinement operations to remove context-irrelevant dynamic

data/lib/arachni/element/capabilities/analyzable/taint.rb CHANGED

@@ -15,6 +15,10 @@ module Analyzable
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module Taint
+    TAINT_CACHE = {
+        match: Support::Cache::LeastRecentlyPushed.new( 10_000 )
+    }
     TAINT_OPTIONS = {
         # The regular expression to match against the response body.
         #
@@ -99,28 +103,38 @@ module Taint
     end
     def match_patterns( patterns, matcher, response, opts )
+        k = [patterns, response.body]
+        return if TAINT_CACHE[:match][k] == false
         if opts[:longest_word_optimization]
             opts[:downcased_body] = response.body.downcase
         end
         case patterns
             when Regexp, String, Array
-                [patterns].flatten.compact.
-                    each { |pattern| matcher.call( pattern, response, opts ) }
+                [patterns].flatten.compact.each do |pattern|
+                    res = matcher.call( pattern, response, opts )
+                    TAINT_CACHE[:match][k] ||= !!res
+                end
             when Hash
                 if opts[:platform] && patterns[opts[:platform]]
                     [patterns[opts[:platform]]].flatten.compact.each do |p|
-                        [p].flatten.compact.
-                            each { |pattern| matcher.call( pattern, response, opts ) }
+                        [p].flatten.compact.each do |pattern|
+                            res = matcher.call( pattern, response, opts )
+                            TAINT_CACHE[:match][k] ||= !!res
+                        end
                     end
                 else
                     patterns.each do |platform, p|
                         dopts = opts.dup
                         dopts[:platform] = platform
-                        [p].flatten.compact.
-                            each { |pattern| matcher.call( pattern, response, dopts ) }
+                        [p].flatten.compact.each do |pattern|
+                            res = matcher.call( pattern, response, dopts )
+                            TAINT_CACHE[:match][k] ||= !!res
+                        end
                     end
                 end
@@ -133,15 +147,22 @@ module Taint
                         dopts = opts.dup
                         dopts[:platform] = platform
-                        [p].flatten.compact.
-                            each { |pattern| matcher.call( pattern, response, dopts ) }
+                        [p].flatten.compact.each do |pattern|
+                            res = matcher.call( pattern, response, dopts )
+                            TAINT_CACHE[:match][k] ||= !!res
+                        end
                     end
         end
     end
     def match_substring_and_log( substring, response, opts )
         return if substring.to_s.empty?
-        return if !response.body.include?( substring ) || ignore?( response, opts )
+        k = [substring, response.body]
+        return if TAINT_CACHE[:match][k] == false
+        TAINT_CACHE[:match][k] = includes = response.body.include?( substring )
+        return if !includes || ignore?( response, opts )
         @candidate_issues << {
             response:  response,
@@ -151,9 +172,14 @@ module Taint
             vector:    response.request.performer
         }
         setup_verification_callbacks
+        true
     end
     def match_regexp_and_log( regexp, response, opts )
+        k = [regexp, response.body]
+        return if TAINT_CACHE[:match][k] == false
         regexp = regexp.is_a?( Regexp ) ? regexp :
             Regexp.new( regexp.to_s, Regexp::IGNORECASE )
@@ -166,7 +192,9 @@ module Taint
         match_data = match_data[0].to_s
-        return if match_data.to_s.empty? || ignore?( response, opts )
+        TAINT_CACHE[:match][k] = !match_data.empty?
+        return if match_data.empty? || ignore?( response, opts )
         @candidate_issues << {
             response:  response,
@@ -176,6 +204,8 @@ module Taint
             vector:    response.request.performer
         }
         setup_verification_callbacks
+        true
     end
     def ignore?( res, opts )