arachni 1.1 → 1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +159 -0
- data/LICENSE.md +126 -196
- data/README.md +32 -24
- data/arachni.gemspec +7 -7
- data/components/checks/active/code_injection_timing.rb +3 -3
- data/components/checks/active/csrf.rb +2 -2
- data/components/checks/active/file_inclusion.rb +6 -7
- data/components/checks/active/os_cmd_injection.rb +3 -3
- data/components/checks/active/path_traversal.rb +7 -7
- data/components/checks/active/response_splitting.rb +9 -4
- data/components/checks/active/session_fixation.rb +7 -3
- data/components/checks/active/source_code_disclosure.rb +5 -5
- data/components/checks/active/unvalidated_redirect.rb +12 -3
- data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
- data/components/checks/active/xss.rb +23 -10
- data/components/checks/active/xss_dom_inputs.rb +113 -11
- data/components/checks/active/xxe.rb +3 -3
- data/components/checks/passive/backdoors.rb +6 -5
- data/components/checks/passive/backup_directories.rb +6 -6
- data/components/checks/passive/backup_files.rb +6 -6
- data/components/checks/passive/common_admin_interfaces.rb +58 -0
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
- data/components/checks/passive/common_directories/directories.txt +0 -16
- data/components/checks/passive/common_files.rb +6 -5
- data/components/checks/passive/common_files/filenames.txt +0 -2
- data/components/checks/passive/directory_listing.rb +6 -6
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
- data/components/checks/passive/grep/hsts.rb +6 -3
- data/components/checks/passive/grep/http_only_cookies.rb +3 -3
- data/components/checks/passive/grep/insecure_cookies.rb +2 -2
- data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
- data/components/checks/passive/grep/x_frame_options.rb +6 -4
- data/components/checks/passive/htaccess_limit.rb +6 -2
- data/components/checks/passive/http_put.rb +8 -4
- data/components/checks/passive/interesting_responses.rb +3 -2
- data/components/checks/passive/localstart_asp.rb +6 -2
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
- data/components/checks/passive/xst.rb +6 -2
- data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
- data/components/fingerprinters/frameworks/cakephp.rb +28 -0
- data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
- data/components/fingerprinters/frameworks/django.rb +33 -0
- data/components/fingerprinters/frameworks/jsf.rb +30 -0
- data/components/fingerprinters/frameworks/rack.rb +5 -7
- data/components/fingerprinters/frameworks/rails.rb +43 -0
- data/components/fingerprinters/languages/aspx.rb +11 -11
- data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
- data/components/fingerprinters/languages/php.rb +6 -6
- data/components/fingerprinters/languages/python.rb +14 -6
- data/components/fingerprinters/languages/ruby.rb +3 -5
- data/components/fingerprinters/servers/apache.rb +5 -4
- data/components/fingerprinters/servers/gunicorn.rb +33 -0
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +11 -4
- data/components/path_extractors/anchors.rb +5 -12
- data/components/path_extractors/areas.rb +5 -13
- data/components/path_extractors/comments.rb +5 -3
- data/components/path_extractors/data_url.rb +21 -0
- data/components/path_extractors/forms.rb +5 -13
- data/components/path_extractors/frames.rb +6 -13
- data/components/path_extractors/generic.rb +3 -12
- data/components/path_extractors/links.rb +5 -13
- data/components/path_extractors/meta_refresh.rb +5 -13
- data/components/path_extractors/scripts.rb +8 -14
- data/components/plugins/autologin.rb +17 -5
- data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
- data/components/plugins/login_script.rb +40 -10
- data/components/plugins/metrics.rb +235 -0
- data/components/plugins/proxy.rb +21 -4
- data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
- data/components/plugins/restrict_to_dom_state.rb +70 -0
- data/components/plugins/vector_feed.rb +38 -9
- data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
- data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
- data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
- data/components/reporters/stdout.rb +4 -2
- data/components/reporters/xml.rb +4 -4
- data/components/reporters/xml/schema.xsd +95 -0
- data/lib/arachni.rb +2 -0
- data/lib/arachni/browser.rb +132 -77
- data/lib/arachni/browser/javascript.rb +173 -45
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
- data/lib/arachni/browser_cluster.rb +41 -15
- data/lib/arachni/browser_cluster/job.rb +4 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
- data/lib/arachni/browser_cluster/worker.rb +8 -5
- data/lib/arachni/check/auditor.rb +20 -8
- data/lib/arachni/check/base.rb +38 -6
- data/lib/arachni/element/base.rb +18 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
- data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
- data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/cookie.rb +37 -23
- data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
- data/lib/arachni/element/cookie/dom.rb +0 -8
- data/lib/arachni/element/form.rb +28 -14
- data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
- data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
- data/lib/arachni/element/form/dom.rb +0 -8
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/json.rb +2 -1
- data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +13 -16
- data/lib/arachni/element/link/dom.rb +1 -14
- data/lib/arachni/element/link_template.rb +3 -2
- data/lib/arachni/element/link_template/dom.rb +0 -16
- data/lib/arachni/element/server.rb +51 -9
- data/lib/arachni/element/xml.rb +1 -0
- data/lib/arachni/ethon/easy.rb +4 -1
- data/lib/arachni/framework/parts/audit.rb +26 -77
- data/lib/arachni/framework/parts/browser.rb +50 -55
- data/lib/arachni/framework/parts/check.rb +4 -3
- data/lib/arachni/framework/parts/data.rb +41 -6
- data/lib/arachni/framework/parts/state.rb +16 -7
- data/lib/arachni/http/client.rb +66 -38
- data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
- data/lib/arachni/http/headers.rb +22 -10
- data/lib/arachni/http/proxy_server.rb +67 -22
- data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
- data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
- data/lib/arachni/http/request.rb +71 -18
- data/lib/arachni/issue.rb +17 -3
- data/lib/arachni/option_groups/browser_cluster.rb +34 -1
- data/lib/arachni/option_groups/http.rb +1 -1
- data/lib/arachni/page.rb +26 -13
- data/lib/arachni/page/dom/transition.rb +2 -2
- data/lib/arachni/parser.rb +28 -11
- data/lib/arachni/platform/fingerprinter.rb +5 -0
- data/lib/arachni/platform/manager.rb +65 -32
- data/lib/arachni/plugin/base.rb +8 -0
- data/lib/arachni/processes/instances.rb +25 -11
- data/lib/arachni/reporter/manager.rb +2 -2
- data/lib/arachni/rpc/client/instance.rb +4 -0
- data/lib/arachni/rpc/server/framework/master.rb +3 -3
- data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
- data/lib/arachni/rpc/server/instance.rb +2 -1
- data/lib/arachni/ruby/array.rb +5 -0
- data/lib/arachni/ruby/hash.rb +5 -0
- data/lib/arachni/ruby/string.rb +2 -3
- data/lib/arachni/session.rb +32 -6
- data/lib/arachni/state/framework.rb +6 -2
- data/lib/arachni/support/cache.rb +1 -0
- data/lib/arachni/support/cache/base.rb +12 -8
- data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
- data/lib/arachni/support/cache/least_recently_used.rb +5 -8
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -25
- data/lib/arachni/support/database/queue.rb +21 -8
- data/lib/arachni/support/lookup/base.rb +7 -1
- data/lib/arachni/support/mixins/observable.rb +3 -1
- data/lib/arachni/support/profiler.rb +51 -10
- data/lib/arachni/support/signature.rb +11 -2
- data/lib/arachni/trainer.rb +8 -2
- data/lib/arachni/uri.rb +28 -25
- data/lib/arachni/uri/scope.rb +1 -1
- data/lib/arachni/utilities.rb +8 -0
- data/lib/arachni/watir/element.rb +1 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
- data/spec/arachni/browser/javascript_spec.rb +235 -61
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
- data/spec/arachni/browser_cluster_spec.rb +58 -10
- data/spec/arachni/browser_spec.rb +170 -26
- data/spec/arachni/check/auditor_spec.rb +22 -3
- data/spec/arachni/check/base_spec.rb +84 -0
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
- data/spec/arachni/element/cookie/dom_spec.rb +0 -9
- data/spec/arachni/element/cookie_spec.rb +85 -0
- data/spec/arachni/element/form/dom_spec.rb +0 -9
- data/spec/arachni/element/form_spec.rb +46 -3
- data/spec/arachni/element/json_spec.rb +20 -0
- data/spec/arachni/element/link/dom_spec.rb +0 -9
- data/spec/arachni/element/link_spec.rb +40 -15
- data/spec/arachni/element/link_template/dom_spec.rb +0 -8
- data/spec/arachni/element/link_template_spec.rb +2 -6
- data/spec/arachni/element/server_spec.rb +94 -8
- data/spec/arachni/element/xml_spec.rb +20 -0
- data/spec/arachni/framework/parts/audit_spec.rb +12 -14
- data/spec/arachni/framework/parts/browser_spec.rb +0 -171
- data/spec/arachni/framework/parts/platform_spec.rb +14 -8
- data/spec/arachni/framework/parts/report_spec.rb +1 -1
- data/spec/arachni/framework/parts/state_spec.rb +0 -9
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
- data/spec/arachni/http/client_spec.rb +169 -42
- data/spec/arachni/http/headers_spec.rb +18 -0
- data/spec/arachni/http/request_spec.rb +23 -0
- data/spec/arachni/issue_spec.rb +17 -6
- data/spec/arachni/page_spec.rb +22 -2
- data/spec/arachni/parser_spec.rb +5 -0
- data/spec/arachni/platform/manager_spec.rb +57 -25
- data/spec/arachni/reporter/manager_spec.rb +26 -0
- data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
- data/spec/arachni/state/framework_spec.rb +2 -8
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
- data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
- data/spec/arachni/support/database/queue_spec.rb +7 -0
- data/spec/arachni/support/mixins/observable_spec.rb +15 -1
- data/spec/arachni/trainer_spec.rb +2 -2
- data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
- data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
- data/spec/components/checks/active/path_traversal_spec.rb +2 -2
- data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
- data/spec/components/checks/active/xss_spec.rb +5 -5
- data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
- data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
- data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
- data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
- data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
- data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
- data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
- data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
- data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
- data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
- data/spec/components/fingerprinters/languages/ruby.rb +6 -4
- data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
- data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
- data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
- data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
- data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
- data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
- data/spec/components/path_extractors/data_url_spec.rb +19 -0
- data/spec/components/plugins/autologin_spec.rb +23 -0
- data/spec/components/plugins/login_script_spec.rb +112 -24
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
- data/spec/components/plugins/vector_feed_spec.rb +39 -1
- data/spec/support/factories/page/dom.rb +9 -4
- data/spec/support/factories/page/dom/transition.rb +31 -9
- data/spec/support/factories/scan_report.rb +8 -6
- data/spec/support/fixtures/empty/placeholder +0 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
- data/spec/support/servers/arachni/browser.rb +117 -11
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
- data/spec/support/servers/arachni/check/auditor.rb +4 -0
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
- data/spec/support/servers/arachni/http/client.rb +5 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
- data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
- data/spec/support/servers/checks/active/path_traversal.rb +2 -2
- data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
- data/spec/support/servers/checks/active/trainer_check.rb +9 -10
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
- data/spec/support/servers/checks/active/xss.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom.rb +1 -1
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
- data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
- data/spec/support/servers/plugins/autologin.rb +9 -0
- data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
- data/spec/support/shared/element/base.rb +42 -0
- data/spec/support/shared/element/capabilities/auditable.rb +4 -4
- data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
- data/spec/support/shared/element/capabilities/submitable.rb +7 -2
- data/spec/support/shared/fingerprinter.rb +8 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/ui/cli/framework.rb +3 -3
- data/ui/cli/framework/option_parser.rb +9 -0
- data/ui/cli/output.rb +9 -0
- data/ui/cli/reporter.rb +5 -2
- data/ui/cli/utilities.rb +4 -2
- metadata +76 -17
- data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
- data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
- data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
5
5
|
<th>Version</th>
|
6
|
-
<td>1.
|
6
|
+
<td>1.2</td>
|
7
7
|
</tr>
|
8
8
|
<tr>
|
9
9
|
<th>Homepage</th>
|
@@ -42,17 +42,16 @@
|
|
42
42
|
</tr>
|
43
43
|
<tr>
|
44
44
|
<th>License</th>
|
45
|
-
<td>
|
45
|
+
<td>Arachni Public Source License v1.0 - (see LICENSE file)</td>
|
46
46
|
</tr>
|
47
47
|
</table>
|
48
48
|
|
49
|
-
![Arachni logo](http://arachni.
|
49
|
+
![Arachni logo](http://www.arachni-scanner.com/large-logo.png)
|
50
50
|
|
51
51
|
## Synopsis
|
52
52
|
|
53
|
-
Arachni is
|
54
|
-
|
55
|
-
of web applications.
|
53
|
+
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards
|
54
|
+
helping penetration testers and administrators evaluate the security of web applications.
|
56
55
|
|
57
56
|
It is smart, it trains itself by monitoring and learning from the web application's
|
58
57
|
behavior during the scan process and is able to perform meta-analysis using a number of
|
@@ -325,15 +324,22 @@ Currently, the following platforms can be identified:
|
|
325
324
|
- Nginx
|
326
325
|
- Tomcat
|
327
326
|
- Jetty
|
327
|
+
- Gunicorn
|
328
328
|
- Programming languages
|
329
329
|
- PHP
|
330
330
|
- ASP
|
331
331
|
- ASPX
|
332
|
-
-
|
332
|
+
- Java
|
333
333
|
- Python
|
334
334
|
- Ruby
|
335
335
|
- Frameworks
|
336
336
|
- Rack
|
337
|
+
- CakePHP
|
338
|
+
- Rails
|
339
|
+
- Django
|
340
|
+
- ASP.NET MVC
|
341
|
+
- JSF
|
342
|
+
- CherryPy
|
337
343
|
|
338
344
|
The user also has the option of specifying extra platforms (like a DB server)
|
339
345
|
in order to help the system be as efficient as possible. Alternatively, fingerprinting
|
@@ -380,23 +386,23 @@ Active checks engage the web application via its inputs.
|
|
380
386
|
- PHP
|
381
387
|
- Ruby
|
382
388
|
- Python
|
383
|
-
-
|
384
|
-
- ASP
|
389
|
+
- Java
|
390
|
+
- ASP
|
385
391
|
- Blind code injection using timing attacks (`code_injection_timing`).
|
386
392
|
- PHP
|
387
393
|
- Ruby
|
388
394
|
- Python
|
389
|
-
-
|
390
|
-
- ASP
|
395
|
+
- Java
|
396
|
+
- ASP
|
391
397
|
- LDAP injection (`ldap_injection`).
|
392
398
|
- Path traversal (`path_traversal`).
|
393
399
|
- *nix
|
394
400
|
- Windows
|
395
|
-
-
|
401
|
+
- Java
|
396
402
|
- File inclusion (`file_inclusion`).
|
397
403
|
- *nix
|
398
404
|
- Windows
|
399
|
-
-
|
405
|
+
- Java
|
400
406
|
- PHP
|
401
407
|
- Perl
|
402
408
|
- Response splitting (`response_splitting`).
|
@@ -441,6 +447,7 @@ Passive checks look for the existence of files, folders and signatures.
|
|
441
447
|
- Allowed HTTP methods (`allowed_methods`).
|
442
448
|
- Back-up files (`backup_files`).
|
443
449
|
- Backup directories (`backup_directories`)
|
450
|
+
- Common administration interfaces (`common_admin_interfaces`).
|
444
451
|
- Common directories (`common_directories`).
|
445
452
|
- Common files (`common_files`).
|
446
453
|
- HTTP PUT (`http_put`).
|
@@ -475,14 +482,14 @@ Passive checks look for the existence of files, folders and signatures.
|
|
475
482
|
#### Reporters
|
476
483
|
|
477
484
|
- Standard output
|
478
|
-
- [HTML](http://
|
479
|
-
([zip](http://
|
480
|
-
- [XML](http://
|
481
|
-
- [Text](http://
|
482
|
-
- [JSON](http://
|
483
|
-
- [Marshal](http://
|
484
|
-
- [YAML](http://
|
485
|
-
- [AFR](http://
|
485
|
+
- [HTML](http://www.arachni-scanner.com/reports/report.html/)
|
486
|
+
([zip](http://www.arachni-scanner.com/reports/report.html.zip)) (`html`).
|
487
|
+
- [XML](http://www.arachni-scanner.com/reports/report.xml) (`xml`).
|
488
|
+
- [Text](http://www.arachni-scanner.com/reports/report.txt) (`text`).
|
489
|
+
- [JSON](http://www.arachni-scanner.com/reports/report.json) (`json`)
|
490
|
+
- [Marshal](http://www.arachni-scanner.com/reports/report.marshal) (`marshal`)
|
491
|
+
- [YAML](http://www.arachni-scanner.com/reports/report.yml) (`yaml`)
|
492
|
+
- [AFR](http://www.arachni-scanner.com/reports/report.afr) (`afr`)
|
486
493
|
- The default Arachni Framework Report format.
|
487
494
|
|
488
495
|
#### Plugins
|
@@ -514,6 +521,9 @@ core remains lean and makes it easy for anyone to add arbitrary functionality.
|
|
514
521
|
which are within the scan scope.
|
515
522
|
- Headers collector (`headers_collector`) -- Collects response headers based on specified criteria.
|
516
523
|
- Exec (`exec`) -- Calls external executables at different scan stages.
|
524
|
+
- Metrics (`metrics`) -- Captures metrics about multiple aspects of the scan and the web application.
|
525
|
+
- Restrict to DOM state (`restrict_to_dom_state`) -- Restricts the audit to a single page's DOM
|
526
|
+
state, based on a URL fragment.
|
517
527
|
|
518
528
|
##### Defaults
|
519
529
|
|
@@ -522,7 +532,6 @@ Default plugins will run for every scan and are placed under `/plugins/defaults/
|
|
522
532
|
- AutoThrottle (`autothrottle`) -- Dynamically adjusts HTTP throughput during the scan for
|
523
533
|
maximum bandwidth utilization.
|
524
534
|
- Healthmap (`healthmap`) -- Generates sitemap showing the health of each crawled/audited URL
|
525
|
-
- Resolver (`resolver`) -- Resolves vulnerable hostnames to IP addresses.
|
526
535
|
|
527
536
|
###### Meta
|
528
537
|
|
@@ -594,5 +603,4 @@ need to follow in order to contribute code:
|
|
594
603
|
|
595
604
|
## License
|
596
605
|
|
597
|
-
|
598
|
-
for more information.
|
606
|
+
Arachni Public Source License v1.0 -- please see the _LICENSE_ file for more information.
|
data/arachni.gemspec
CHANGED
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
|
|
22
22
|
s.homepage = 'https://www.arachni-scanner.com'
|
23
23
|
s.email = 'tasos.laskos@arachni-scanner.com'
|
24
24
|
s.authors = [ 'Tasos Laskos' ]
|
25
|
-
s.licenses = ['
|
25
|
+
s.licenses = ['Arachni Public Source License v1.0']
|
26
26
|
|
27
27
|
s.files += Dir.glob( 'config/**/**' )
|
28
28
|
s.files += Dir.glob( 'gfx/**/**' )
|
@@ -78,8 +78,9 @@ Gem::Specification.new do |s|
|
|
78
78
|
# Printing complex objects.
|
79
79
|
s.add_dependency 'awesome_print', '~> 1.2.0'
|
80
80
|
|
81
|
-
# JSON
|
82
|
-
s.add_dependency '
|
81
|
+
# Optimized JSON.
|
82
|
+
s.add_dependency 'oj', '~> 2.12.9'
|
83
|
+
s.add_dependency 'oj_mimic_json'
|
83
84
|
|
84
85
|
# For the Arachni console (arachni_console).
|
85
86
|
s.add_dependency 'rb-readline', '0.5.1'
|
@@ -111,7 +112,7 @@ Documentation - http://arachni-scanner.com/wiki
|
|
111
112
|
Support - http://support.arachni-scanner.com
|
112
113
|
GitHub page - http://github.com/Arachni/arachni
|
113
114
|
Code Documentation - http://rubydoc.info/github/Arachni/arachni
|
114
|
-
License -
|
115
|
+
License - Arachni Public Source License v1.0
|
115
116
|
(https://github.com/Arachni/arachni/blob/master/LICENSE.md)
|
116
117
|
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
|
117
118
|
Twitter - http://twitter.com/ArachniScanner
|
@@ -123,9 +124,8 @@ or report a bug (via GitHub Issues) if you come across any problem.
|
|
123
124
|
MSG
|
124
125
|
|
125
126
|
s.description = <<DESCRIPTION
|
126
|
-
Arachni is
|
127
|
-
|
128
|
-
of web applications.
|
127
|
+
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards
|
128
|
+
helping penetration testers and administrators evaluate the security of web applications.
|
129
129
|
|
130
130
|
It is smart, it trains itself by monitoring and learning from the web application's
|
131
131
|
behavior during the scan process and is able to perform meta-analysis using a number of
|
@@ -14,7 +14,7 @@
|
|
14
14
|
#
|
15
15
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
16
16
|
#
|
17
|
-
# @version 0.3.
|
17
|
+
# @version 0.3.2
|
18
18
|
#
|
19
19
|
# @see http://cwe.mitre.org/data/definitions/94.html
|
20
20
|
# @see http://php.net/manual/en/function.eval.php
|
@@ -32,7 +32,7 @@ class Arachni::Checks::CodeInjectionTiming < Arachni::Check::Base
|
|
32
32
|
php: 'sleep(__TIME__/1000);',
|
33
33
|
perl: 'sleep(__TIME__/1000);',
|
34
34
|
python: 'import time;time.sleep(__TIME__/1000);',
|
35
|
-
|
35
|
+
java: 'Thread.sleep(__TIME__);',
|
36
36
|
asp: 'Thread.Sleep(__TIME__);',
|
37
37
|
}.inject({}) do |h, (platform, payload)|
|
38
38
|
h[platform] = [ ' %s', ';%s', "\";%s#", "';%s#" ].map { |s| s % payload }
|
@@ -53,7 +53,7 @@ a time delay.
|
|
53
53
|
},
|
54
54
|
elements: ELEMENTS_WITH_INPUTS,
|
55
55
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
56
|
-
version: '0.3.
|
56
|
+
version: '0.3.2',
|
57
57
|
platforms: payloads.keys,
|
58
58
|
|
59
59
|
issue: {
|
@@ -140,7 +140,7 @@ class Arachni::Checks::CSRF < Arachni::Check::Base
|
|
140
140
|
|
141
141
|
audited( "#{url}::#{name}" )
|
142
142
|
|
143
|
-
log( vector: form )
|
143
|
+
log( vector: form, proof: form.source )
|
144
144
|
print_ok "Found unprotected form with name '#{name}' at '#{page.url}'"
|
145
145
|
end
|
146
146
|
|
@@ -155,7 +155,7 @@ checks them for lack of anti-CSRF tokens.
|
|
155
155
|
},
|
156
156
|
elements: [ Element::Form ],
|
157
157
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
158
|
-
version: '0.3.
|
158
|
+
version: '0.3.5',
|
159
159
|
|
160
160
|
issue: {
|
161
161
|
name: %q{Cross-Site Request Forgery},
|
@@ -9,7 +9,7 @@
|
|
9
9
|
# File inclusion check.
|
10
10
|
#
|
11
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
-
# @version 0.1.
|
12
|
+
# @version 0.1.6
|
13
13
|
#
|
14
14
|
# @see http://cwe.mitre.org/data/definitions/98.html
|
15
15
|
# @see https://www.owasp.org/index.php/PHP_File_Inclusion
|
@@ -21,22 +21,21 @@ class Arachni::Checks::FileInclusion < Arachni::Check::Base
|
|
21
21
|
regexp: {
|
22
22
|
unix: [
|
23
23
|
/DOCUMENT_ROOT.*HTTP_USER_AGENT/,
|
24
|
-
|
24
|
+
/:.+:\d+:\d+:.+:[0-9a-zA-Z\/]+/im
|
25
25
|
],
|
26
26
|
windows: [
|
27
27
|
/\[boot loader\].*\[operating systems\]/im,
|
28
28
|
/\[fonts\].*\[extensions\]/im
|
29
29
|
],
|
30
|
-
|
30
|
+
java: [
|
31
31
|
/<web\-app/im
|
32
32
|
],
|
33
|
-
|
34
33
|
# Generic PHP errors.
|
35
34
|
php: [
|
36
35
|
/An error occurred in script/,
|
37
36
|
/Failed opening '.*?' for inclusion/,
|
38
37
|
/Failed opening required/,
|
39
|
-
/failed to open stream
|
38
|
+
/failed to open stream:/,
|
40
39
|
/<b>Warning<\/b>:\s+file/,
|
41
40
|
/<b>Warning<\/b>:\s+read_file/,
|
42
41
|
/<b>Warning<\/b>:\s+highlight_file/,
|
@@ -81,7 +80,7 @@ class Arachni::Checks::FileInclusion < Arachni::Check::Base
|
|
81
80
|
'/windows/win.ini',
|
82
81
|
'/winnt/win.ini'
|
83
82
|
].map { |p| [p, "c:#{p}", "#{p}#{'.'* 700}", p.gsub( '/', '\\' ) ] }.flatten,
|
84
|
-
|
83
|
+
java: [ '/WEB-INF/web.xml', '\WEB-INF\web.xml' ]
|
85
84
|
}.inject({}) do |h, (platform, payloads)|
|
86
85
|
h.merge platform => payloads.map { |p| [p, "file://#{p}" ] }.flatten
|
87
86
|
end
|
@@ -101,7 +100,7 @@ content or errors in the HTTP response body.
|
|
101
100
|
},
|
102
101
|
elements: ELEMENTS_WITH_INPUTS,
|
103
102
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
104
|
-
version: '0.1.
|
103
|
+
version: '0.1.6',
|
105
104
|
platforms: options[:regexp].keys,
|
106
105
|
|
107
106
|
issue: {
|
@@ -9,7 +9,7 @@
|
|
9
9
|
# Simple OS command injection check.
|
10
10
|
#
|
11
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
-
# @version 0.2.
|
12
|
+
# @version 0.2.5
|
13
13
|
#
|
14
14
|
# @see http://cwe.mitre.org/data/definitions/78.html
|
15
15
|
# @see https://www.owasp.org/index.php/OS_Command_Injection
|
@@ -19,7 +19,7 @@ class Arachni::Checks::OsCmdInjection < Arachni::Check::Base
|
|
19
19
|
@options ||= {
|
20
20
|
regexp: {
|
21
21
|
unix: [
|
22
|
-
|
22
|
+
/:.+:\d+:\d+:.+:[0-9a-zA-Z\/]+/im
|
23
23
|
],
|
24
24
|
windows: [
|
25
25
|
/\[boot loader\].*\[operating systems\]/im,
|
@@ -73,7 +73,7 @@ Tries to find Operating System command injections.
|
|
73
73
|
},
|
74
74
|
elements: ELEMENTS_WITH_INPUTS,
|
75
75
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
76
|
-
version: '0.2.
|
76
|
+
version: '0.2.5',
|
77
77
|
platforms: payloads.keys,
|
78
78
|
|
79
79
|
issue: {
|
@@ -9,7 +9,7 @@
|
|
9
9
|
# Path Traversal check.
|
10
10
|
#
|
11
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
-
# @version 0.4.
|
12
|
+
# @version 0.4.6
|
13
13
|
#
|
14
14
|
# @see http://cwe.mitre.org/data/definitions/22.html
|
15
15
|
# @see https://www.owasp.org/index.php/Path_Traversal
|
@@ -25,13 +25,13 @@ class Arachni::Checks::PathTraversal < Arachni::Check::Base
|
|
25
25
|
regexp: {
|
26
26
|
unix: [
|
27
27
|
/DOCUMENT_ROOT.*HTTP_USER_AGENT/,
|
28
|
-
|
28
|
+
/:.+:\d+:\d+:.+:[0-9a-zA-Z\/]+/im
|
29
29
|
],
|
30
30
|
windows: [
|
31
31
|
/\[boot loader\].*\[operating systems\]/im,
|
32
32
|
/\[fonts\].*\[extensions\]/im
|
33
33
|
],
|
34
|
-
|
34
|
+
java: [
|
35
35
|
/<web\-app/im
|
36
36
|
]
|
37
37
|
},
|
@@ -58,9 +58,9 @@ class Arachni::Checks::PathTraversal < Arachni::Check::Base
|
|
58
58
|
end,
|
59
59
|
|
60
60
|
skip_like: proc do |m|
|
61
|
-
#
|
61
|
+
# Java payloads begin with a traversal which won't be preserved
|
62
62
|
# via LinkTemplate injections so don't bother.
|
63
|
-
m.is_a?( LinkTemplate ) && m.audit_options[:platform] == :
|
63
|
+
m.is_a?( LinkTemplate ) && m.audit_options[:platform] == :java
|
64
64
|
end
|
65
65
|
}
|
66
66
|
end
|
@@ -90,7 +90,7 @@ class Arachni::Checks::PathTraversal < Arachni::Check::Base
|
|
90
90
|
h
|
91
91
|
end
|
92
92
|
|
93
|
-
@payloads[:
|
93
|
+
@payloads[:java] = [ '/../../', '../../', ].map do |trv|
|
94
94
|
[ "#{trv}WEB-INF/web.xml", "file://#{trv}WEB-INF/web.xml" ]
|
95
95
|
end.flatten
|
96
96
|
|
@@ -111,7 +111,7 @@ of relevant content in the HTML responses.
|
|
111
111
|
},
|
112
112
|
elements: ELEMENTS_WITH_INPUTS,
|
113
113
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
114
|
-
version: '0.4.
|
114
|
+
version: '0.4.6',
|
115
115
|
platforms: payloads.keys,
|
116
116
|
|
117
117
|
issue: {
|
@@ -9,7 +9,7 @@
|
|
9
9
|
# HTTP Response Splitting check.
|
10
10
|
#
|
11
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
-
# @version 0.2.
|
12
|
+
# @version 0.2.3
|
13
13
|
#
|
14
14
|
# @see http://cwe.mitre.org/data/definitions/20.html
|
15
15
|
# @see https://www.owasp.org/index.php/HTTP_Response_Splitting
|
@@ -30,7 +30,12 @@ class Arachni::Checks::ResponseSplitting < Arachni::Check::Base
|
|
30
30
|
# and pass a block that will check for a positive result
|
31
31
|
audit( header, submit: { follow_location: false } ) do |response, element|
|
32
32
|
next if response.headers[header_name].to_s.downcase != 'no'
|
33
|
-
|
33
|
+
|
34
|
+
log(
|
35
|
+
vector: element,
|
36
|
+
response: response,
|
37
|
+
proof: response.headers_string[/#{header_name}.*$/i]
|
38
|
+
)
|
34
39
|
end
|
35
40
|
end
|
36
41
|
|
@@ -42,7 +47,7 @@ Injects arbitrary and checks if any of them end up in the response header.
|
|
42
47
|
},
|
43
48
|
elements: ELEMENTS_WITH_INPUTS,
|
44
49
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
45
|
-
version: '0.2.
|
50
|
+
version: '0.2.3',
|
46
51
|
|
47
52
|
issue: {
|
48
53
|
name: %q{Response Splitting},
|
@@ -68,7 +73,7 @@ other attacks.
|
|
68
73
|
},
|
69
74
|
tags: %w(response splitting injection header),
|
70
75
|
cwe: 20,
|
71
|
-
severity: Severity::
|
76
|
+
severity: Severity::HIGH,
|
72
77
|
remedy_guidance: %q{
|
73
78
|
It is recommended that untrusted data is never used to form the contents of the
|
74
79
|
response header.
|
@@ -20,7 +20,7 @@
|
|
20
20
|
#
|
21
21
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
22
22
|
#
|
23
|
-
# @version 0.1.
|
23
|
+
# @version 0.1.2
|
24
24
|
class Arachni::Checks::SessionFixation < Arachni::Check::Base
|
25
25
|
|
26
26
|
def token
|
@@ -48,7 +48,11 @@ class Arachni::Checks::SessionFixation < Arachni::Check::Base
|
|
48
48
|
select { |c| c.name == name }.first
|
49
49
|
next if !cookie || !cookie.value.include?( token )
|
50
50
|
|
51
|
-
log
|
51
|
+
log(
|
52
|
+
vector: element,
|
53
|
+
response: response,
|
54
|
+
proof: cookie.source
|
55
|
+
)
|
52
56
|
end
|
53
57
|
end
|
54
58
|
end
|
@@ -62,7 +66,7 @@ Checks whether or not the session cookie can be set to an arbitrary value.
|
|
62
66
|
},
|
63
67
|
elements: [ Element::Form, Element::Link, Element::LinkTemplate ],
|
64
68
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
65
|
-
version: '0.1.
|
69
|
+
version: '0.1.2',
|
66
70
|
|
67
71
|
issue: {
|
68
72
|
name: %q{Session fixation},
|
@@ -11,7 +11,7 @@
|
|
11
11
|
# source code.
|
12
12
|
#
|
13
13
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
14
|
-
# @version 0.2.
|
14
|
+
# @version 0.2.3
|
15
15
|
#
|
16
16
|
# @see http://cwe.mitre.org/data/definitions/540.html
|
17
17
|
class Arachni::Checks::SourceCodeDisclosure < Arachni::Check::Base
|
@@ -20,15 +20,15 @@ class Arachni::Checks::SourceCodeDisclosure < Arachni::Check::Base
|
|
20
20
|
@options ||= {
|
21
21
|
format: [Format::STRAIGHT],
|
22
22
|
regexp: {
|
23
|
-
php:
|
23
|
+
php: [
|
24
24
|
/<\?php/
|
25
25
|
],
|
26
|
-
|
26
|
+
java: [
|
27
27
|
/<%|<%=|<%@\s+page|<%@\s+include|<%--|import\s+javax.servlet|
|
28
28
|
import\s+java.io|import=['"]java.io|request\.getParameterValues\(|
|
29
29
|
response\.setHeader|response\.setIntHeader\(/m
|
30
30
|
],
|
31
|
-
asp:
|
31
|
+
asp: [
|
32
32
|
/<%|Response\.Write|Request\.Form|Request\.QueryString|
|
33
33
|
Response\.Flush|Session\.SessionID|Session\.Timeout|
|
34
34
|
Server\.CreateObject|Server\.MapPath/im
|
@@ -121,7 +121,7 @@ source code.
|
|
121
121
|
},
|
122
122
|
elements: ELEMENTS_WITH_INPUTS,
|
123
123
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
124
|
-
version: '0.2.
|
124
|
+
version: '0.2.3',
|
125
125
|
platforms: options[:regexp].keys,
|
126
126
|
|
127
127
|
issue: {
|