RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

@@ -15,7 +15,7 @@ require Options.paths.lib + 'issue/severity'
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class Issue
-    # Attributes removed from a parent issue (i.e. an issues with variations)
+    # Attributes removed from a parent issue (i.e. an issue with variations)
     # and solely populating variations.
     VARIATION_ATTRIBUTES = Set.new([
         :@page, :@referring_page, :@proof, :@signature, :@remarks, :@trusted
@@ -286,12 +286,23 @@ class Issue
         end
     end
-    [:name, :description, :remedy_guidance, :remedy_code, :proof, :signature].each do |m|
+    [:name, :description, :remedy_guidance, :remedy_code, :proof].each do |m|
         define_method "#{m}=" do |s|
             instance_variable_set( "@#{m}".to_sym, s ? s.to_s.freeze : nil )
         end
     end
+    def signature=( sig )
+        @signature = case sig
+                         when Regexp
+                             sig.source
+                         when String, nil
+                             sig
+                         else
+                             sig.to_s
+                     end
+    end
     # @return   [Hash]
     def to_h
         h = {}
@@ -495,7 +506,10 @@ class Issue
             data['variations'] = data['variations'].map(&:to_rpc_data)
         end
-        data['digest']   = digest
+        if !variation?
+            data['digest'] = digest
+        end
         data['severity'] = data['severity'].to_s
         data

data/lib/arachni/option_groups/browser_cluster.rb CHANGED

@@ -13,6 +13,11 @@ module Arachni::OptionGroups
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class BrowserCluster < Arachni::OptionGroup
+    # @return   [Hash<Regexp,String>]
+    #   When the page URL matched the key `Regexp`, wait until the `String` CSS
+    #   selector in the value matches an element.
+    attr_accessor :wait_for_elements
     # @return   [Integer]
     #   Amount of {BrowserCluster::Worker} to keep in the pool and put to work.
     attr_accessor :pool_size
@@ -38,13 +43,41 @@ class BrowserCluster < Arachni::OptionGroup
     attr_accessor :screen_height
     set_defaults(
+        wait_for_elements:   {},
         pool_size:           6,
-        job_timeout:         15,
+        job_timeout:         25,
         worker_time_to_live: 100,
         ignore_images:       false,
         screen_width:        1600,
         screen_height:       1200
     )
+    def css_to_wait_for( url )
+        wait_for_elements.map do |pattern, css|
+            next if !(url =~ pattern)
+            css
+        end.compact
+    end
+    def wait_for_elements=( rules )
+        return @wait_for_elements = defaults[:wait_for_elements].dup if !rules
+        @wait_for_elements = rules.inject({}) do |h, (regexp, value)|
+            regexp = regexp.is_a?( Regexp ) ? regexp : Regexp.new( regexp.to_s )
+            h.merge!( regexp => value )
+            h
+        end
+    end
+    def to_rpc_data
+        d = super
+        %w(wait_for_elements).each do |k|
+            d[k] = d[k].my_stringify
+        end
+        d
+    end
 end
 end

data/lib/arachni/option_groups/http.rb CHANGED

@@ -242,7 +242,7 @@ class HTTP < Arachni::OptionGroup
         request_timeout:        10_000,
         request_redirect_limit: 5,
         request_concurrency:    20,
-        request_queue_size:     500,
+        request_queue_size:     100,
         request_headers:        {},
         response_max_size:      500_000,
         cookies:                {}

data/lib/arachni/page.rb CHANGED

@@ -379,31 +379,44 @@ class Page
     def has_script?
         return @has_javascript if !@has_javascript.nil?
-        if !response.headers.content_type.to_s.start_with?( 'text/html' ) ||
-            !text? || !document
+        if !response.headers.content_type.to_s.start_with?( 'text/html' ) || !text?
             return @has_javascript = false
         end
+        dbody = body.downcase
         # First check, quick and simple.
-        return @has_javascript = true if document.css( 'script' ).any?
+        if dbody.include?( '<script' ) || dbody.include?( 'javascript:' )
+            return @has_javascript = true
+        end
         # Check for event attributes, if there are any then there's JS to be
         # executed.
         Browser::Javascript.events.flatten.each do |event|
-            return @has_javascript = true if document.xpath( "//*[@#{event}]" ).any?
+            return @has_javascript = true if dbody.include?( "#{event}=" )
         end
-        # If there's 'javascript:' in 'href' and 'action' attributes then
-        # there's JS to be executed.
-        [:action, :href].each do |candidate|
-            document.xpath( "//*[@#{candidate}]" ).each do |attribute|
-                if attribute.attributes[candidate.to_s].to_s.start_with?( 'javascript:' )
-                    return @has_javascript = true
-                end
-            end
+        @has_javascript = false
+    end
+    # @param    [String, Symbol,Array<String, Symbol>]  tags
+    #   Element tag names.
+    #
+    # @return   [Boolean]
+    #   `true` if the page contains any of the given elements, `false` otherwise.
+    def has_elements?( *tags )
+        return if !text?
+        tags.flatten.each do |tag|
+            tag = tag.to_s
+            next if !(body =~ /<\s*#{tag}/i)
+            return false if !document
+            return true  if document.css( tag ).any?
         end
-        @has_javascript = false
+        false
     end
     # @return   [Boolean]

data/lib/arachni/page/dom/transition.rb CHANGED

@@ -270,13 +270,13 @@ class Transition
                         when 'element'
                             if value.is_a? String
-                                value.to_sym
+                                data['event'].to_s == 'request' ? value : value.to_sym
                             else
                                 Browser::ElementLocator.from_rpc_data( value )
                             end
                         when 'options'
-                            value.my_symbolize_keys
+                            value.my_symbolize_keys(false)
                         else
                             value

data/lib/arachni/parser.rb CHANGED

@@ -31,14 +31,26 @@ class Parser
         # @abstract
         class Base
+            attr_reader :html
+            attr_reader :document
+            attr_reader :downcased_html
+            def initialize( options = {} )
+                @html           = options[:html]
+                @downcased_html = @html.downcase
+                @document       = options[:document]
+            end
             # This method must be implemented by all checks and must return an
             # array of paths as plain strings
             #
-            # @param    [Nokogiri]  document   Nokogiri document
-            #
             # @return   [Array<String>]  paths
             # @abstract
-            def run( document )
+            def run
+            end
+            def includes?( string_or_regexp )
+                !!@downcased_html[string_or_regexp]
             end
         end
@@ -125,9 +137,8 @@ class Parser
         @document = Nokogiri::HTML( body ) if text? rescue nil
     end
-    # @note It's more of a placeholder method, it doesn't actually analyze anything.
-    #   It's a long shot that any of these will be vulnerable but better be safe
-    #   than sorry.
+    # @note It will include common request headers as well headers from the HTTP
+    #   request.
     #
     # @return    [Hash]
     #   List of valid auditable HTTP header fields.
@@ -141,14 +152,15 @@ class Parser
             'User-Agent'      => @options.http.user_agent || '',
             'Referer'         => @url,
             'Pragma'          => 'no-cache'
-        }.map { |k, v| Header.new( url: @url, inputs: { k => v } ) }.freeze
+        }.merge( response.request.headers ).
+            map { |k, v| Header.new( url: @url, inputs: { k => v } ) }.freeze
     end
     # @return [Array<Element::Form>]
     #   Forms from {#document}.
     def forms
         return @forms.freeze if @forms
-        return [] if !text?
+        return [] if !text? || !(body =~ /<\s*form/i)
         f = Form.from_document( @url, document )
         return f if !@secondary_responses
@@ -199,7 +211,7 @@ class Parser
     #   Links in {#document}.
     def links
         return @links.freeze if @links
-        return @links = [link].compact if !text?
+        return @links = [link].compact if !text? || !(body =~ /\?.*=/)
         @links = [link].compact | Link.from_document( @url, document )
     end
@@ -227,7 +239,7 @@ class Parser
     # @return   [Hash]
     #   Parameters found in {#url}.
     def link_vars
-        return {} if (!parsed = uri_parse( @url ))
+        return {} if !(parsed = uri_parse( @url ))
         @link_vars ||= parsed.rewrite.query_parameters.freeze
     end
@@ -309,7 +321,12 @@ class Parser
     def run_extractors
         begin
             self.class.extractors.available.map do |name|
-                exception_jail( false ){ self.class.extractors[name].new.run( document ) }
+                exception_jail false do
+                    self.class.extractors[name].new(
+                        document: document,
+                        html:     body
+                    ).run
+                end
             end.flatten.uniq.compact.
                 map { |path| to_absolute( path ) }.compact.uniq.
                 reject { |path| skip?( path ) }

data/lib/arachni/platform/fingerprinter.rb CHANGED

@@ -36,6 +36,11 @@ class Fingerprinter
     def run
     end
+    def html?
+        @is_html ||= page.response.headers['content-type'].to_s.
+            downcase.include?( 'text/html' )
+    end
     # @param    [String]    string
     #
     # @return   [Boolean]

data/lib/arachni/platform/manager.rb CHANGED

@@ -89,12 +89,13 @@ class Manager
         :nginx,
         :tomcat,
         :iis,
-        :jetty
+        :jetty,
+        :gunicorn
     ]
     LANGUAGES = [
         :php,
-        :jsp,
+        :java,
         :python,
         :ruby,
         :asp,
@@ -104,7 +105,13 @@ class Manager
     # WebApp frameworks.
     FRAMEWORKS = [
-        :rack
+        :rack,
+        :rails,
+        :cakephp,
+        :django,
+        :aspx_mvc,
+        :jsf,
+        :cherrypy
     ]
     PLATFORM_NAMES = {
@@ -143,10 +150,11 @@ class Manager
         tomcat:     'TomCat',
         iis:        'IIS',
         jetty:      'Jetty',
+        gunicorn:   'Gunicorn',
         # Programming languages
         php:    'PHP',
-        jsp:    'JSP',
+        java:   'Java',
         python: 'Python',
         ruby:   'Ruby',
         asp:    'ASP',
@@ -154,7 +162,13 @@ class Manager
         perl:   'Perl',
         # Web frameworks
-        rack:   'Rack'
+        rack:     'Rack',
+        django:   'Django',
+        cakephp:  'CakePHP',
+        rails:    'Ruby on Rails',
+        aspx_mvc: 'ASP.NET MVC',
+        jsf:      'JavaServer Faces',
+        cherrypy: 'CherryPy'
     }
     # Amount of
@@ -194,7 +208,7 @@ class Manager
     # Sets global platforms fingerprints
     # @private
     def self.set( platforms )
-        @platforms = Support::Cache::RandomReplacement.new( PLATFORM_CACHE_SIZE )
+        @platforms = Support::Cache::LeastRecentlyPushed.new( PLATFORM_CACHE_SIZE )
         platforms.each { |k, v| @platforms[k] = v }
         @platforms
     end
@@ -228,8 +242,8 @@ class Manager
     # @return   [Bool]
     #   `true` if the resource should be fingerprinted, `false` otherwise.
     def self.fingerprint?( resource )
-        !(!Options.fingerprint? || !resource.text? ||
-        include?( resource.url ) || resource.scope.out?)
+        !(!Options.fingerprint? || resource.code != 200 || !resource.text? ||
+            include?( resource.url ) || resource.scope.out?)
     end
     # Runs all fingerprinters against the given `page`.
@@ -240,14 +254,40 @@ class Manager
     # @return   [Manager]
     #   Updated `self`.
     def self.fingerprint( page )
-        return page if !fingerprint? page
+        synchronize do
+            return page if !fingerprint? page
-        fingerprinters.available.each do |name|
-            exception_jail( false ) do
-                fingerprinters[name].new( page ).run
+            fingerprinters.available.each do |name|
+                exception_jail( false ) do
+                    fingerprinters[name].new( page ).run
+                end
             end
+            # We do this to flag the resource as checked even if no platforms
+            # were identified. We don't want to keep checking a resource that
+            # yields nothing over and over.
+            update( page.url, [] )
         end
-        page
+        # Fingerprinting will have resulted in element parsing, clear the element
+        # caches to keep RAM consumption down.
+        page.clear_cache
+    end
+    # @param    [String, URI]   uri
+    #
+    # @return   [Manager]
+    #   Platform for the given `uri`
+    def self.[]( uri )
+        # If fingerprinting is disabled there's no point in filling the cache
+        # with the same object over and over, create an identical one for all
+        # URLs and return that always.
+        if !Options.fingerprint?
+            return @default ||= new_from_options
+        end
+        return new_from_options if !(key = make_key( uri ))
+        synchronize { @platforms[key] ||= new_from_options }
     end
     # Sets platform manager for the given `uri`.
@@ -260,11 +300,16 @@ class Manager
     # @raise    [Error::Invalid]
     #   On {#invalid?} platforms.
     def self.[]=( uri, platforms )
-        return new( platforms ) if !(key = make_key( uri ))
+        # For some reason we failed to make a key, try to salvage the situation.
+        if !(key = make_key( uri ))
+            return new_from_options( platforms )
+        end
         synchronize do
             @platforms[key] =
-                platforms.is_a?( self ) ? platforms : new( platforms )
+                platforms.is_a?( self ) ?
+                    platforms :
+                    new_from_options( platforms )
         end
     end
@@ -293,22 +338,6 @@ class Manager
         end
     end
-    # @param    [String, URI]   uri
-    #
-    # @return   [Manager]
-    #   Platform for the given `uri`
-    def self.[]( uri )
-        # If fingerprinting is disabled there's no point in filling the cache
-        # with the same object over and over, create an identical one for all
-        # URLs and return that always.
-        if !Options.fingerprint?
-            return @default ||= new( Options.platforms )
-        end
-        return new if !(key = make_key( uri ))
-        synchronize { @platforms[key] ||= new }
-    end
     # @return   [Boolean]
     #   `true` if there are no platforms fingerprints, `false` otherwise.
     def self.empty?
@@ -326,6 +355,10 @@ class Manager
         parsed.without_query
     end
+    def self.new_from_options( platforms = [] )
+        new( platforms | Options.platforms )
+    end
     # @param    [Array<String, Symbol>] platforms
     #   Platforms with which to initialize the lists.
     def initialize( platforms = [] )
@@ -335,7 +368,7 @@ class Manager
                 List.new( self.class.const_get( type.to_s.upcase.to_sym ) )
         end
-        update [platforms | Options.platforms].flatten.compact
+        update platforms
     end
     # @!method os