RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/issue.rb CHANGED

@@ -15,7 +15,7 @@ require Options.paths.lib + 'issue/severity'
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class Issue
-    # Attributes removed from a parent issue (i.e. an issues with variations)
+    # Attributes removed from a parent issue (i.e. an issue with variations)
     # and solely populating variations.
     VARIATION_ATTRIBUTES = Set.new([
         :@page, :@referring_page, :@proof, :@signature, :@remarks, :@trusted
@@ -286,12 +286,23 @@ class Issue
         end
     end
-    [:name, :description, :remedy_guidance, :remedy_code, :proof, :signature].each do |m|
+    [:name, :description, :remedy_guidance, :remedy_code, :proof].each do |m|
         define_method "#{m}=" do |s|
             instance_variable_set( "@#{m}".to_sym, s ? s.to_s.freeze : nil )
         end
     end
+    def signature=( sig )
+        @signature = case sig
+                         when Regexp
+                             sig.source
+                         when String, nil
+                             sig
+                         else
+                             sig.to_s
+                     end
+    end
     # @return   [Hash]
     def to_h
         h = {}
@@ -495,7 +506,10 @@ class Issue
             data['variations'] = data['variations'].map(&:to_rpc_data)
         end
-        data['digest']   = digest
+        if !variation?
+            data['digest'] = digest
+        end
         data['severity'] = data['severity'].to_s
         data

data/lib/arachni/option_groups/browser_cluster.rb CHANGED

@@ -13,6 +13,11 @@ module Arachni::OptionGroups
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class BrowserCluster < Arachni::OptionGroup
+    # @return   [Hash<Regexp,String>]
+    #   When the page URL matched the key `Regexp`, wait until the `String` CSS
+    #   selector in the value matches an element.
+    attr_accessor :wait_for_elements
     # @return   [Integer]
     #   Amount of {BrowserCluster::Worker} to keep in the pool and put to work.
     attr_accessor :pool_size
@@ -38,13 +43,41 @@ class BrowserCluster < Arachni::OptionGroup
     attr_accessor :screen_height
     set_defaults(
+        wait_for_elements:   {},
         pool_size:           6,
-        job_timeout:         15,
+        job_timeout:         25,
         worker_time_to_live: 100,
         ignore_images:       false,
         screen_width:        1600,
         screen_height:       1200
     )
+    def css_to_wait_for( url )
+        wait_for_elements.map do |pattern, css|
+            next if !(url =~ pattern)
+            css
+        end.compact
+    end
+    def wait_for_elements=( rules )
+        return @wait_for_elements = defaults[:wait_for_elements].dup if !rules
+        @wait_for_elements = rules.inject({}) do |h, (regexp, value)|
+            regexp = regexp.is_a?( Regexp ) ? regexp : Regexp.new( regexp.to_s )
+            h.merge!( regexp => value )
+            h
+        end
+    end
+    def to_rpc_data
+        d = super
+        %w(wait_for_elements).each do |k|
+            d[k] = d[k].my_stringify
+        end
+        d
+    end
 end
 end

data/lib/arachni/option_groups/http.rb CHANGED

@@ -242,7 +242,7 @@ class HTTP < Arachni::OptionGroup
         request_timeout:        10_000,
         request_redirect_limit: 5,
         request_concurrency:    20,
-        request_queue_size:     500,
+        request_queue_size:     100,
         request_headers:        {},
         response_max_size:      500_000,
         cookies:                {}

data/lib/arachni/page.rb CHANGED

@@ -379,31 +379,44 @@ class Page
     def has_script?
         return @has_javascript if !@has_javascript.nil?
-        if !response.headers.content_type.to_s.start_with?( 'text/html' ) ||
-            !text? || !document
+        if !response.headers.content_type.to_s.start_with?( 'text/html' ) || !text?
             return @has_javascript = false
         end
+        dbody = body.downcase
         # First check, quick and simple.
-        return @has_javascript = true if document.css( 'script' ).any?
+        if dbody.include?( '<script' ) || dbody.include?( 'javascript:' )
+            return @has_javascript = true
+        end
         # Check for event attributes, if there are any then there's JS to be
         # executed.
         Browser::Javascript.events.flatten.each do |event|
-            return @has_javascript = true if document.xpath( "//*[@#{event}]" ).any?
+            return @has_javascript = true if dbody.include?( "#{event}=" )
         end
-        # If there's 'javascript:' in 'href' and 'action' attributes then
-        # there's JS to be executed.
-        [:action, :href].each do |candidate|
-            document.xpath( "//*[@#{candidate}]" ).each do |attribute|
-                if attribute.attributes[candidate.to_s].to_s.start_with?( 'javascript:' )
-                    return @has_javascript = true
-                end
-            end
+        @has_javascript = false
+    end
+    # @param    [String, Symbol,Array<String, Symbol>]  tags
+    #   Element tag names.
+    #
+    # @return   [Boolean]
+    #   `true` if the page contains any of the given elements, `false` otherwise.
+    def has_elements?( *tags )
+        return if !text?
+        tags.flatten.each do |tag|
+            tag = tag.to_s
+            next if !(body =~ /<\s*#{tag}/i)
+            return false if !document
+            return true  if document.css( tag ).any?
         end
-        @has_javascript = false
+        false
     end
     # @return   [Boolean]

data/lib/arachni/page/dom/transition.rb CHANGED

@@ -270,13 +270,13 @@ class Transition
                         when 'element'
                             if value.is_a? String
-                                value.to_sym
+                                data['event'].to_s == 'request' ? value : value.to_sym
                             else
                                 Browser::ElementLocator.from_rpc_data( value )
                             end
                         when 'options'
-                            value.my_symbolize_keys
+                            value.my_symbolize_keys(false)
                         else
                             value

data/lib/arachni/parser.rb CHANGED

@@ -31,14 +31,26 @@ class Parser
         # @abstract
         class Base
+            attr_reader :html
+            attr_reader :document
+            attr_reader :downcased_html
+            def initialize( options = {} )
+                @html           = options[:html]
+                @downcased_html = @html.downcase
+                @document       = options[:document]
+            end
             # This method must be implemented by all checks and must return an
             # array of paths as plain strings
             #
-            # @param    [Nokogiri]  document   Nokogiri document
-            #
             # @return   [Array<String>]  paths
             # @abstract
-            def run( document )
+            def run
+            end
+            def includes?( string_or_regexp )
+                !!@downcased_html[string_or_regexp]
             end
         end
@@ -125,9 +137,8 @@ class Parser
         @document = Nokogiri::HTML( body ) if text? rescue nil
     end
-    # @note It's more of a placeholder method, it doesn't actually analyze anything.
-    #   It's a long shot that any of these will be vulnerable but better be safe
-    #   than sorry.
+    # @note It will include common request headers as well headers from the HTTP
+    #   request.
     #
     # @return    [Hash]
     #   List of valid auditable HTTP header fields.
@@ -141,14 +152,15 @@ class Parser
             'User-Agent'      => @options.http.user_agent || '',
             'Referer'         => @url,
             'Pragma'          => 'no-cache'
-        }.map { |k, v| Header.new( url: @url, inputs: { k => v } ) }.freeze
+        }.merge( response.request.headers ).
+            map { |k, v| Header.new( url: @url, inputs: { k => v } ) }.freeze
     end
     # @return [Array<Element::Form>]
     #   Forms from {#document}.
     def forms
         return @forms.freeze if @forms
-        return [] if !text?
+        return [] if !text? || !(body =~ /<\s*form/i)
         f = Form.from_document( @url, document )
         return f if !@secondary_responses
@@ -199,7 +211,7 @@ class Parser
     #   Links in {#document}.
     def links
         return @links.freeze if @links
-        return @links = [link].compact if !text?
+        return @links = [link].compact if !text? || !(body =~ /\?.*=/)
         @links = [link].compact | Link.from_document( @url, document )
     end
@@ -227,7 +239,7 @@ class Parser
     # @return   [Hash]
     #   Parameters found in {#url}.
     def link_vars
-        return {} if (!parsed = uri_parse( @url ))
+        return {} if !(parsed = uri_parse( @url ))
         @link_vars ||= parsed.rewrite.query_parameters.freeze
     end
@@ -309,7 +321,12 @@ class Parser
     def run_extractors
         begin
             self.class.extractors.available.map do |name|
-                exception_jail( false ){ self.class.extractors[name].new.run( document ) }
+                exception_jail false do
+                    self.class.extractors[name].new(
+                        document: document,
+                        html:     body
+                    ).run
+                end
             end.flatten.uniq.compact.
                 map { |path| to_absolute( path ) }.compact.uniq.
                 reject { |path| skip?( path ) }

data/lib/arachni/platform/fingerprinter.rb CHANGED

@@ -36,6 +36,11 @@ class Fingerprinter
     def run
     end
+    def html?
+        @is_html ||= page.response.headers['content-type'].to_s.
+            downcase.include?( 'text/html' )
+    end
     # @param    [String]    string
     #
     # @return   [Boolean]

data/lib/arachni/platform/manager.rb CHANGED

@@ -89,12 +89,13 @@ class Manager
         :nginx,
         :tomcat,
         :iis,
-        :jetty
+        :jetty,
+        :gunicorn
     ]
     LANGUAGES = [
         :php,
-        :jsp,
+        :java,
         :python,
         :ruby,
         :asp,
@@ -104,7 +105,13 @@ class Manager
     # WebApp frameworks.
     FRAMEWORKS = [
-        :rack
+        :rack,
+        :rails,
+        :cakephp,
+        :django,
+        :aspx_mvc,
+        :jsf,
+        :cherrypy
     ]
     PLATFORM_NAMES = {
@@ -143,10 +150,11 @@ class Manager
         tomcat:     'TomCat',
         iis:        'IIS',
         jetty:      'Jetty',
+        gunicorn:   'Gunicorn',
         # Programming languages
         php:    'PHP',
-        jsp:    'JSP',
+        java:   'Java',
         python: 'Python',
         ruby:   'Ruby',
         asp:    'ASP',
@@ -154,7 +162,13 @@ class Manager
         perl:   'Perl',
         # Web frameworks
-        rack:   'Rack'
+        rack:     'Rack',
+        django:   'Django',
+        cakephp:  'CakePHP',
+        rails:    'Ruby on Rails',
+        aspx_mvc: 'ASP.NET MVC',
+        jsf:      'JavaServer Faces',
+        cherrypy: 'CherryPy'
     }
     # Amount of
@@ -194,7 +208,7 @@ class Manager
     # Sets global platforms fingerprints
     # @private
     def self.set( platforms )
-        @platforms = Support::Cache::RandomReplacement.new( PLATFORM_CACHE_SIZE )
+        @platforms = Support::Cache::LeastRecentlyPushed.new( PLATFORM_CACHE_SIZE )
         platforms.each { |k, v| @platforms[k] = v }
         @platforms
     end
@@ -228,8 +242,8 @@ class Manager
     # @return   [Bool]
     #   `true` if the resource should be fingerprinted, `false` otherwise.
     def self.fingerprint?( resource )
-        !(!Options.fingerprint? || !resource.text? ||
-        include?( resource.url ) || resource.scope.out?)
+        !(!Options.fingerprint? || resource.code != 200 || !resource.text? ||
+            include?( resource.url ) || resource.scope.out?)
     end
     # Runs all fingerprinters against the given `page`.
@@ -240,14 +254,40 @@ class Manager
     # @return   [Manager]
     #   Updated `self`.
     def self.fingerprint( page )
-        return page if !fingerprint? page
+        synchronize do
+            return page if !fingerprint? page
-        fingerprinters.available.each do |name|
-            exception_jail( false ) do
-                fingerprinters[name].new( page ).run
+            fingerprinters.available.each do |name|
+                exception_jail( false ) do
+                    fingerprinters[name].new( page ).run
+                end
             end
+            # We do this to flag the resource as checked even if no platforms
+            # were identified. We don't want to keep checking a resource that
+            # yields nothing over and over.
+            update( page.url, [] )
         end
-        page
+        # Fingerprinting will have resulted in element parsing, clear the element
+        # caches to keep RAM consumption down.
+        page.clear_cache
+    end
+    # @param    [String, URI]   uri
+    #
+    # @return   [Manager]
+    #   Platform for the given `uri`
+    def self.[]( uri )
+        # If fingerprinting is disabled there's no point in filling the cache
+        # with the same object over and over, create an identical one for all
+        # URLs and return that always.
+        if !Options.fingerprint?
+            return @default ||= new_from_options
+        end
+        return new_from_options if !(key = make_key( uri ))
+        synchronize { @platforms[key] ||= new_from_options }
     end
     # Sets platform manager for the given `uri`.
@@ -260,11 +300,16 @@ class Manager
     # @raise    [Error::Invalid]
     #   On {#invalid?} platforms.
     def self.[]=( uri, platforms )
-        return new( platforms ) if !(key = make_key( uri ))
+        # For some reason we failed to make a key, try to salvage the situation.
+        if !(key = make_key( uri ))
+            return new_from_options( platforms )
+        end
         synchronize do
             @platforms[key] =
-                platforms.is_a?( self ) ? platforms : new( platforms )
+                platforms.is_a?( self ) ?
+                    platforms :
+                    new_from_options( platforms )
         end
     end
@@ -293,22 +338,6 @@ class Manager
         end
     end
-    # @param    [String, URI]   uri
-    #
-    # @return   [Manager]
-    #   Platform for the given `uri`
-    def self.[]( uri )
-        # If fingerprinting is disabled there's no point in filling the cache
-        # with the same object over and over, create an identical one for all
-        # URLs and return that always.
-        if !Options.fingerprint?
-            return @default ||= new( Options.platforms )
-        end
-        return new if !(key = make_key( uri ))
-        synchronize { @platforms[key] ||= new }
-    end
     # @return   [Boolean]
     #   `true` if there are no platforms fingerprints, `false` otherwise.
     def self.empty?
@@ -326,6 +355,10 @@ class Manager
         parsed.without_query
     end
+    def self.new_from_options( platforms = [] )
+        new( platforms | Options.platforms )
+    end
     # @param    [Array<String, Symbol>] platforms
     #   Platforms with which to initialize the lists.
     def initialize( platforms = [] )
@@ -335,7 +368,7 @@ class Manager
                 List.new( self.class.const_get( type.to_s.upcase.to_sym ) )
         end
-        update [platforms | Options.platforms].flatten.compact
+        update platforms
     end
     # @!method os