RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/lib/arachni/support/cache/preference.rb CHANGED

@@ -28,7 +28,7 @@ class Preference < Base
     #   `v`
     def store( k, v )
         prune if capped? && (size > max_size - 1)
-        cache[k.hash] = v
+        cache[make_key( k )] = v
     end
     def prefer( &block )

data/lib/arachni/support/cache/random_replacement.rb CHANGED

@@ -16,34 +16,10 @@ module Support::Cache
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class RandomReplacement < Base
-    # @see Arachni::Cache::Base#initialize
-    def initialize( * )
-        super
-        @keys = []
-    end
-    # @see Arachni::Cache::Base#store
-    def store( k, v )
-        already_in = include?( k )
-        super( k, v )
-    ensure
-        @keys << k if !already_in
-    end
-    def clear
-        super
-        @keys.clear
-    end
     private
-    def prune_candidate
-        @keys.delete_at( rand( size ) )
-    end
     def prune
-        delete( prune_candidate )
+        @cache.delete( @cache.keys.sample )
     end
 end

data/lib/arachni/support/database/queue.rb CHANGED

@@ -80,12 +80,13 @@ class Queue < Base
     def pop( non_block = false )
         synchronize do
             loop do
-                if empty?
+                if internal_empty?
                     raise ThreadError, 'queue empty' if non_block
                     @waiting.push Thread.current
                     @mutex.sleep
                 else
-                    return @buffer.shift || load_and_delete_file( @disk.shift )
+                    return @buffer.shift if !@buffer.empty?
+                    return load_and_delete_file( @disk.shift )
                 end
             end
         end
@@ -100,6 +101,10 @@ class Queue < Base
     end
     alias :length :size
+    def free_buffer_size
+        max_buffer_size - buffer_size
+    end
     def buffer_size
         @buffer.size
     end
@@ -111,17 +116,21 @@ class Queue < Base
     # @return   [Bool]
     #   `true` if the queue if empty, `false` otherwise.
     def empty?
-        @buffer.empty? && @disk.empty?
+        synchronize do
+            internal_empty?
+        end
     end
     # Removes all objects from the queue.
     def clear
-        @buffer.clear
+        synchronize do
+            @buffer.clear
-        while !@disk.empty?
-            path = @disk.pop
-            next if !path
-            delete_file path
+            while !@disk.empty?
+                path = @disk.pop
+                next if !path
+                delete_file path
+            end
         end
     end
@@ -131,6 +140,10 @@ class Queue < Base
     private
+    def internal_empty?
+        @buffer.empty? && @disk.empty?
+    end
     def synchronize( &block )
         @mutex.synchronize( &block )
     end

data/lib/arachni/support/lookup/base.rb CHANGED

@@ -83,7 +83,13 @@ class Base
     end
     def dup
-        deep_clone
+        self.class.new( @options.dup ).tap { |c| c.collection = @collection.dup }
+    end
+    protected
+    def collection=( c )
+        @collection = c
     end
     private

data/lib/arachni/support/mixins/observable.rb CHANGED

@@ -24,7 +24,9 @@ module Mixins
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module Observable
+    include UI::Output
     include Utilities
     include MonitorMixin
     def self.included( base )
@@ -73,7 +75,7 @@ module Observable
     def notify_observers( event, *args )
         synchronize do
             observers_for( event ).each do |block|
-                exception_jail { block.call( *args ) }
+                exception_jail( false ) { block.call( *args ) }
             end
         end

data/lib/arachni/support/profiler.rb CHANGED

@@ -6,6 +6,7 @@
     web site for more information on licensing and terms of use.
 =end
+require 'objspace'
 require 'sys/proctable'
 require 'ruby-mass'
 require 'stackprof'
@@ -79,30 +80,70 @@ class Profiler
     def object_space( options = {} )
         klass       = options[:class]
-        namespaces  = options[:namespaces] || [Arachni]
+        namespaces  = options[:namespaces] || [
+            Arachni,
+            Ethon,
+            Typhoeus,
+            Watir,
+            Selenium,
+            Addressable,
+            Nokogiri,
+            String,
+            Hash,
+            Array,
+            Set,
+            Thread
+        ]
         max_entries = options[:max_entries] || 50
-        object_space    = Hash.new(0)
-        @object_space ||= Hash.new(0)
+        object_space    = {}
+        @object_space ||= {}
         ObjectSpace.each_object do |o|
             next if o.class != klass && !object_within_namespace?( o, namespaces )
-            object_space[o.class] += 1
+            # if o.class == Thread
+            #     ap ObjectSpace.allocation_class_path( o ).to_s
+            #     ap "#{ObjectSpace.allocation_sourcefile( o )}:#{ObjectSpace.allocation_sourceline( o )}"
+            #     ap Utilities.bytes_to_megabytes( ObjectSpace.memsize_of( o ) )
+            #     ap '-' * 120
+            # end
+            object_space[o.class] ||= {
+                memsize: 0,
+                count:   0
+            }
+            object_space[o.class][:memsize] += ObjectSpace.memsize_of(o)
+            object_space[o.class][:count]   += 1
         end
-        object_space = Hash[object_space.sort_by { |_, v| v }.reverse[0..max_entries]]
+        object_space = Hash[object_space.sort_by { |_, v| v[:memsize] }.reverse[0..max_entries]]
+        with_deltas = {}
+        object_space.each do |k, v|
+            @object_space[k] ||= {
+                memsize: 0,
+                count:   0
+            }
-        with_deltas = object_space.dup
-        with_deltas.each do |k, v|
-            if v.is_a? Numeric
-                with_deltas[k] = "#{v} (#{v - @object_space[k].to_i})"
+            if v[:count].is_a? Numeric
+                with_deltas[k] = "#{v[:count]} (#{v[:count] - @object_space[k][:count]})"
+                with_deltas[k] << " -- #{Utilities.bytes_to_megabytes v[:memsize]}"
+                with_deltas[k] << " (#{Utilities.bytes_to_megabytes v[:memsize] - @object_space[k][:memsize]})"
             else
-                with_deltas[k] = v
+                with_deltas[k] = "#{v[:count]} -- #{Utilities.bytes_to_megabytes v[:memsize]}"
             end
         end
         @object_space = object_space.dup
         with_deltas
+    rescue => e
+        ap e
+        ap e.backtrace
+        {}
     end
     def write_object_space( file, options = {} )

data/lib/arachni/support/signature.rb CHANGED

@@ -14,6 +14,10 @@ module Arachni::Support
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class Signature
+    CACHE = {
+        tokens: Cache::LeastRecentlyPushed.new( 100 )
+    }
     attr_reader :tokens
     # @note The string will be tokenized based on whitespace.
@@ -109,14 +113,19 @@ class Signature
     #   hashes, depending on which is smaller in size.
     def tokenize( data )
         return data.tokens if data.is_a? self.class
-        compress data.split( /(?![\w])/ )
+        if CACHE[:tokens][data]
+            CACHE[:tokens][data].dup
+        else
+            CACHE[:tokens][data] = compress( data.split( /(?![\w])/ ) )
+        end
     end
     # Compresses the tokens by only storing unique #hash values.
     # Seems kinda silly but this can actually save us GB of RAM when comparing
     # large signatures, not to mention CPU cycles.
     def compress( tokens )
-        tokens.uniq.map(&:hash)
+        Set.new( tokens.map(&:hash) )
     end
 end

data/lib/arachni/trainer.rb CHANGED

@@ -120,6 +120,7 @@ class Trainer
         # no new cookies have appeared there's no reason to analyze the page
         if incoming_page.body == @page.body && !has_new_elements &&
             @page.url == incoming_page.url
+            incoming_page.clear_cache
             print_debug 'Page hasn\'t changed.'
             return
         end
@@ -140,12 +141,17 @@ class Trainer
             end
         end
+        incoming_page.clear_cache
         print_debug 'Training complete.'
     end
     def has_new?( incoming_page, element_type )
-        count = ElementFilter.send( "update_#{element_type}".to_sym, incoming_page.send( element_type ) )
-        incoming_page.clear_cache
+        count = ElementFilter.send(
+            "update_#{element_type}".to_sym,
+            incoming_page.send( element_type )
+        )
         return if count == 0
         print_info "Found #{count} new #{element_type}."

data/lib/arachni/uri.rb CHANGED

@@ -50,21 +50,21 @@ class URI
     end
     CACHE_SIZES = {
-        parse:       600,
-        ruby_parse:  600,
-        fast_parse:  600,
+        parse:       1000,
+        ruby_parse:  1000,
+        fast_parse:  1000,
+        encode:      1000,
+        decode:      1000,
         normalize:   1000,
         to_absolute: 1000
     }
     CACHE = {
-        parser:      ::URI::Parser.new,
-        ruby_parse:  Support::Cache::RandomReplacement.new( CACHE_SIZES[:ruby_parse] ),
-        parse:       Support::Cache::RandomReplacement.new( CACHE_SIZES[:parse] ),
-        fast_parse:  Support::Cache::RandomReplacement.new( CACHE_SIZES[:fast_parse] ),
-        normalize:   Support::Cache::RandomReplacement.new( CACHE_SIZES[:normalize] ),
-        to_absolute: Support::Cache::RandomReplacement.new( CACHE_SIZES[:to_absolute] )
+        parser: ::URI::Parser.new
     }
+    CACHE_SIZES.each do |name, size|
+        CACHE[name] = Support::Cache::LeastRecentlyPushed.new( size )
+    end
     class <<self
@@ -76,14 +76,15 @@ class URI
         # URL encodes a string.
         #
         # @param [String] string
-        # @param [String, Regexp] bad_characters
-        #   Class of characters to encode -- if {String} is passed, it should
+        # @param [String, Regexp] good_characters
+        #   Class of characters to allow -- if {String} is passed, it should
         #   formatted as a regexp (for `Regexp.new`).
         #
         # @return   [String]
         #   Encoded string.
-        def encode( string, bad_characters = nil )
-            Addressable::URI.encode_component( *[string, bad_characters].compact )
+        def encode( string, good_characters = nil )
+            CACHE[__method__][[string, good_characters]] ||=
+                Addressable::URI.encode_component( *[string, good_characters].compact )
         end
         # URL decodes a string.
@@ -92,7 +93,7 @@ class URI
         #
         # @return   [String]
         def decode( string )
-            Addressable::URI.unencode( string )
+            CACHE[__method__][string] ||= Addressable::URI.unencode( string )
         end
         # @note This method's results are cached for performance reasons.
@@ -176,8 +177,11 @@ class URI
             url = url.to_s.dup
             # Remove the fragment if there is one.
-            url   = url.split( '#', 2 )[0...-1].join if url.include?( '#' )
-            c_url = url.to_s.dup
+            if url.include?( '#' )
+                url = url.split( '#', 2 )[0...-1].join
+            end
+            c_url = url.dup
             components = {
                 scheme:   nil,
@@ -204,7 +208,7 @@ class URI
                     return cache[c_url] = addressable_parse( c_url ).freeze
                 end
-                url = url.recode
+                url = url.recode!
                 url = html_decode( url )
                 dupped_url = url.dup
@@ -282,9 +286,8 @@ class URI
                         !(query = dupped_url.split( '?', 2 ).last).empty?
                         components[:query] = (query.split( '&', -1 ).map do |pair|
-                            Addressable::URI.normalize_component( pair,
-                                Addressable::URI::CharacterClasses::QUERY.sub( '\\&', '' )
-                            )
+                            encode( decode( pair ),
+                                    Addressable::URI::CharacterClasses::QUERY.sub( '\\&', '' ) )
                         end).join( '&' )
                     end
                 end
@@ -300,7 +303,7 @@ class URI
                     print_debug "Error: #{e}"
                     print_debug_backtrace( e )
-                    cache[c_url] = addressable_parse( c_url.recode ).freeze
+                    cache[c_url] = addressable_parse( c_url.recode! ).freeze
                 rescue => ex
                     print_debug "Failed to parse '#{c_url}'."
                     print_debug "Error: #{ex}"
@@ -405,8 +408,8 @@ class URI
             cache = CACHE[__method__]
-            url   = url.to_s.strip.dup
-            c_url = url.to_s.strip.dup
+            url   = url.to_s.strip
+            c_url = url.dup
             begin
                 if (v = cache[url]) && v == :err
@@ -494,13 +497,13 @@ class URI
                               self.class.ruby_parse( url )
                           when ::URI
-                              url.dup
+                              url
                           when Hash
                               ::URI::Generic.build( url )
                           when Arachni::URI
-                              self.parsed_url = url.parsed_url.dup
+                              self.parsed_url = url.parsed_url
                           else
                               to_string = url.to_s rescue ''

data/lib/arachni/uri/scope.rb CHANGED

@@ -80,7 +80,7 @@ class Scope < Arachni::Scope
         check_scheme = @url.scheme.to_s
-        return false if !%(http https).include?( check_scheme )
+        return false if check_scheme != 'http' && check_scheme != 'https'
         parsed_ref = Arachni::URI( Options.url )
         return false if !parsed_ref

data/lib/arachni/utilities.rb CHANGED

@@ -391,6 +391,14 @@ module Utilities
         0
     end
+    def bytes_to_megabytes( bytes )
+        (bytes / 1024.0 / 1024.0).round( 3 )
+    end
+    def bytes_to_kilobytes( bytes )
+        (bytes / 1024.0 ).round( 3 )
+    end
     # Wraps the `block` in exception handling code and runs it.
     #
     # @param    [Bool]  raise_exception