RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/plugin/base.rb CHANGED

@@ -185,6 +185,14 @@ class Base < Component::Base
         framework.http
     end
+    def browser_cluster
+        framework.browser_cluster
+    end
+    def with_browser( &block )
+        browser_cluster.with_browser( &block )
+    end
     # Registers the plugin's results to {Data::Plugins}.
     #
     # @param    [Object]    results

data/lib/arachni/processes/instances.rb CHANGED

@@ -68,7 +68,7 @@ class Instances
     #   `rpc_server_address` and `port` instead of `rpc_port`.
     #
     # @return   [RPC::Client::Instance]
-    def spawn( options = {} )
+    def spawn( options = {}, &block )
         token = options.delete(:token) || generate_token
         fork  = options.delete(:fork)
@@ -93,17 +93,24 @@ class Instances
         Manager.spawn( :instance, options: options, token: token, fork: fork )
-        while sleep( 0.1 )
-            begin
-                connect( url, token ).service.alive?
-                break
-            rescue => e
-                # ap e
+        client = connect( url, token )
+        if block_given?
+            client.when_ready do
+                block.call client
+            end
+        else
+            while sleep( 0.1 )
+                begin
+                    client.service.alive?
+                    break
+                rescue => e
+                    # ap "#{e.class}: #{e}"
+                    # ap e.backtrace
+                end
             end
+            client
         end
-        @list[url] = token
-        connect( url )
     end
     # Starts {RPC::Server::Dispatcher} grid and returns a high-performance Instance.
@@ -168,7 +175,14 @@ class Instances
     end
     def kill( url )
-        Manager.kill_many connect( url ).service.consumed_pids
+        service = connect( url ).service
+        service.consumed_pids do |pids|
+            service.shutdown do
+                # Make sure....
+                Manager.kill_many pids
+            end
+        end
         @list.delete url
     end

data/lib/arachni/reporter/manager.rb CHANGED

@@ -29,8 +29,8 @@ class Manager < Arachni::Component::Manager
     # @param  [Hash]            options
     #
     # @see Report
-    def run( name, report, options = {} )
-        exception_jail false do
+    def run( name, report, options = {}, raise = false )
+        exception_jail raise do
             self[name].new( report, prepare_options( name, self[name], options ) ).tap(&:run)
         end
     end

data/lib/arachni/rpc/client/instance.rb CHANGED

@@ -63,6 +63,10 @@ class Instance
         @plugins   = Proxy.new( @client, 'plugins' )
     end
+    def when_ready( &block )
+        self.class.when_ready( url, token, &block )
+    end
     def token
         @token
     end

data/lib/arachni/rpc/server/framework/master.rb CHANGED

@@ -228,7 +228,7 @@ module Master
         # If for some reason we've got pages in the page queue this early,
         # consume them and get it over with.
-        audit_page_queue
+        master_audit_page_queue
         @first_run = true if @first_run.nil?
         next_page = nil
@@ -266,10 +266,10 @@ module Master
                 audit_page( page ) or http.run
             end
-            audit_page_queue
+            master_audit_page_queue
         end
-        audit_page_queue
+        master_audit_page_queue
         @audit_queues_done = true
         true

data/lib/arachni/rpc/server/framework/multi_instance.rb CHANGED

@@ -222,14 +222,6 @@ module MultiInstance
         end
     end
-    def audit_page_queue
-        if master?
-            master_audit_page_queue
-        else
-            super
-        end
-    end
     # @return   [Boolean]
     #   `true` if `token` matches the local privilege token, `false` otherwise.
     def valid_token?( token )

data/lib/arachni/rpc/server/instance.rb CHANGED

@@ -276,12 +276,13 @@ class Instance
         @framework.resume( @rpc_pause_request )
         if !@framework.has_slaves?
+            @rpc_pause_request = nil
             block.call true
             return
         end
         each = proc { |instance, iter| instance.service.resume { iter.next } }
-        each_slave( each, proc { block.call true } )
+        each_slave( each, proc { @rpc_pause_request = nil; block.call true } )
     end
     # @note Don't forget to {#shutdown} the instance once you get the report.

data/lib/arachni/ruby/array.rb CHANGED

@@ -30,6 +30,11 @@ class Array
         map { |v| v.respond_to?( :recode ) ? v.recode : v }
     end
+    def recode!
+        each { |v| v.recode! if v.respond_to?( :recode! ) }
+        self
+    end
     def chunk( pieces = 2 )
         return self if pieces <= 0

data/lib/arachni/ruby/hash.rb CHANGED

@@ -100,6 +100,11 @@ class Hash
         recoded
     end
+    def recode!
+        each { |_, v| v.recode! if v.respond_to?( :recode! ) }
+        self
+    end
     # @return   [Array<Symbol>]
     #   Returns all symbol keys from +self+ and children hashes.
     def find_symbol_keys_recursively

data/lib/arachni/ruby/string.rb CHANGED

@@ -146,9 +146,8 @@ class String
     end
     def recode!
-        force_encoding( 'utf-8' )
-        encode!( 'utf-16be', invalid: :replace, undef: :replace )
-        encode!( 'utf-8' )
+        encode!( 'utf-8', invalid: :replace, undef: :replace )
+        self
     end
     def recode

data/lib/arachni/session.rb CHANGED

@@ -43,6 +43,10 @@ class Session
         # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
         class FormNotFound < Error
         end
+        # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+        class FormNotVisible < Error
+        end
     end
     LOGIN_TRIES      = 5
@@ -153,7 +157,8 @@ class Session
                 elsif (url = opts[:url])
                     http_opts = {
                         update_cookies:  true,
-                        follow_location: true
+                        follow_location: true,
+                        performer:       self
                     }
                     if async
@@ -263,14 +268,20 @@ class Session
         http_options = http_options.merge(
             mode:            block_given? ? :async : :sync,
-            follow_location: true
+            follow_location: true,
+            performer:       self
         )
+        print_debug 'Performing login check.'
         bool = nil
         http.get( Options.session.check_url, http_options ) do |response|
             bool = !!response.body.match( Options.session.check_pattern )
+            print_debug "Login check done: #{bool}"
             block.call( bool ) if block
         end
         bool
     end
@@ -335,8 +346,15 @@ class Session
         form.page = page
-        # Use the form DOM to submit if a browser is available.
-        form = form.dom if has_browser?
+        if has_browser?
+            # Use the form DOM to submit if a browser is available.
+            form = form.dom
+            form.browser = browser
+            if !form.element.visible?
+                fail Error::FormNotVisible, 'Login form is not visible in the DOM.'
+            end
+        end
         form.update configuration[:inputs]
         form.auditor = self
@@ -352,14 +370,22 @@ class Session
             page = form.submit(
                 mode:            :sync,
                 follow_location: false,
-                update_cookies:  true
+                update_cookies:  true,
+                performer:       self
             ).to_page
             if page.response.redirection?
                 url  = to_absolute( page.response.headers.location, page.url )
                 print_debug "Redirected to: #{url}"
-                page = Page.from_url( url, precision: 1, http: { update_cookies: true } )
+                page = Page.from_url(
+                    url,
+                    precision: 1,
+                    http: {
+                        performer:      self,
+                        update_cookies: true
+                    }
+                )
             end
         end

data/lib/arachni/state/framework.rb CHANGED

@@ -99,7 +99,6 @@ class Framework
     #   All possible {#status_messages} by type.
     def available_status_messages
         {
-            pausing:                          'Will pause as soon as the current page is audited.',
             suspending:                       'Will suspend as soon as the current page is audited.',
             waiting_for_browser_cluster_jobs: 'Waiting for %i browser cluster jobs to finish.',
             suspending_plugins:               'Suspending plugins.',
@@ -345,7 +344,6 @@ class Framework
         if !paused?
             @status = :pausing
-            set_status_message :pausing
         end
         @pause_signals << caller
@@ -402,6 +400,12 @@ class Framework
         false
     end
+    def force_resume
+        @pause_signals.to_a.each do |ref|
+            resume ref
+        end
+    end
     def dump( directory )
         FileUtils.mkdir_p( directory )

data/lib/arachni/support/cache.rb CHANGED

@@ -8,6 +8,7 @@
 lib = Arachni::Options.paths.support + 'cache/'
 require lib + 'base'
+require lib + 'least_recently_pushed'
 require lib + 'least_recently_used'
 require lib + 'random_replacement'
 require lib + 'least_cost_replacement'

data/lib/arachni/support/cache/base.rb CHANGED

@@ -60,7 +60,7 @@ class Base
     # @return   [Integer]
     #   Number of entries in the cache.
     def size
-        cache.size
+        @cache.size
     end
     # Storage method.
@@ -74,7 +74,7 @@ class Base
     def store( k, v )
         prune while capped? && (size > max_size - 1)
-        cache[k.hash] = v
+        @cache[make_key( k )] = v
     end
     # @see {#store}
@@ -90,7 +90,7 @@ class Base
     # @return   [Object, nil]
     #   Value for key `k`, `nil` if there is no key `k`.
     def []( k )
-        cache[k.hash]
+        @cache[make_key( k )]
     end
     # @note If key `k` exists, its corresponding value will be returned.
@@ -109,13 +109,13 @@ class Base
     # @return   [Bool]
     #   `true` if cache includes an entry for key `k`, false otherwise.
     def include?( k )
-        cache.include?( k.hash )
+        @cache.include?( make_key( k ) )
     end
     # @return   [Bool]
     #   `true` if cache is empty, false otherwise.
     def empty?
-        cache.empty?
+        @cache.empty?
     end
     # @return   [Bool]
@@ -132,12 +132,12 @@ class Base
     # @return   [Object, nil]
     #   Value for key `k`, `nil` if there is no key `k`.
     def delete( k )
-        cache.delete( k.hash )
+        @cache.delete( make_key( k ) )
     end
     # Clears/empties the cache.
     def clear
-        cache.clear
+        @cache.clear
     end
     def ==( other )
@@ -145,7 +145,7 @@ class Base
     end
     def hash
-        cache.hash
+        @cache.hash
     end
     def dup
@@ -154,6 +154,10 @@ class Base
     private
+    def make_key( k )
+        k.hash
+    end
     def cache
         @cache
     end

data/lib/arachni/support/cache/least_recently_pushed.rb ADDED

@@ -0,0 +1,29 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+module Arachni
+module Support::Cache
+# Least Recently Pushed cache implementation.
+#
+# Discards the least recently pushed entries, in order to make room for newer ones.
+#
+# This is the cache with best performance across the board.
+#
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+class LeastRecentlyPushed < Base
+    private
+    def prune
+        @cache.delete( @cache.first.first )
+    end
+end
+end
+end

data/lib/arachni/support/cache/least_recently_used.rb CHANGED

@@ -15,23 +15,20 @@ module Support::Cache
 # Discards the least recently used entries in order to make room for newer ones.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-class LeastRecentlyUsed < Base
+class LeastRecentlyUsed < LeastRecentlyPushed
     # @see Arachni::Cache::Base#[]
     def []( k )
-        super( k )
-    ensure
+        return if !include? k
         renew( k )
+        super( k )
     end
     private
     def renew( k )
-        @cache[k] = @cache.delete( k )
-    end
-    def prune
-        @cache.delete( @cache.first.first )
+        @cache[make_key( k )] = @cache.delete( make_key( k ) )
     end
 end