RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/components/fingerprinters/frameworks/rails_spec.rb ADDED

@@ -0,0 +1,53 @@
+require 'spec_helper'
+describe Arachni::Platform::Fingerprinters::Rails do
+    include_examples 'fingerprinter'
+    def platforms
+        [:ruby, :rack, :rails]
+    end
+    context 'when there is an Server header' do
+        context 'and it contains Rails' do
+            it 'identifies it as Ruby' do
+                check_platforms Arachni::Page.from_data(
+                    url:     'http://stuff.com/blah',
+                    response: { headers: { 'Server' => 'Rails' } }
+                )
+            end
+        end
+    end
+    context 'when there is a X-Powered-By header' do
+        context 'and it contains X-Powered-By' do
+            it 'identifies it as Rails' do
+                check_platforms Arachni::Page.from_data(
+                    url:     'http://stuff.com/blah',
+                    response: { headers: { 'X-Powered-By' => 'Rails' } }
+                )
+            end
+        end
+    end
+    context 'when there are X-Rails headers' do
+        it 'identifies it as Rails' do
+            check_platforms Arachni::Page.from_data(
+                url: 'http://stuff.com/blah',
+                response: { headers: { 'X-Rails-Stuff' => 'Blah' } }
+            )
+        end
+    end
+    context 'when there is a _rails_admin_session cookie' do
+        it 'identifies it as Rails' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                cookies: [Arachni::Cookie.new(
+                              url:    'http://stuff.com/blah',
+                              inputs: { '_rails_admin_session' => 'stuff' } )]
+            )
+        end
+    end
+end

data/spec/components/fingerprinters/languages/asp_spec.rb CHANGED

@@ -3,35 +3,33 @@ require 'spec_helper'
 describe Arachni::Platform::Fingerprinters::ASP do
     include_examples 'fingerprinter'
+    def platforms
+        [:asp, :windows]
+    end
     context 'when the page has a .asp extension' do
         it 'identifies it as ASP' do
-            page = Arachni::Page.from_data( url: 'http://stuff.com/blah.asp' )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :windows
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.asp' )
         end
     end
     context 'when there is a ASPSESSIONID query parameter' do
         it 'identifies it as ASP' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url: 'http://stuff.com/blah?ASPSESSIONID=stuff'
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :windows
         end
     end
     context 'when there is a ASPSESSIONID cookie' do
         it 'identifies it as ASP' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 cookies: [Arachni::Cookie.new(
                               url:    'http://stuff.com/blah',
                               inputs: { 'ASPSESSIONID' => 'stuff' } )]
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :windows
         end
     end

data/spec/components/fingerprinters/languages/aspx_spec.rb CHANGED

@@ -3,76 +3,62 @@ require 'spec_helper'
 describe Arachni::Platform::Fingerprinters::ASPX do
     include_examples 'fingerprinter'
+    def platforms
+        [:asp, :aspx, :windows]
+    end
     context 'when the page has a .aspx extension' do
         it 'identifies it as ASPX' do
-            page = Arachni::Page.from_data( url: 'http://stuff.com/blah.aspx' )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :aspx
-            platforms_for( page ).should include :windows
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.aspx' )
         end
     end
     context 'when there is a session ID in the path' do
         it 'identifies it as ASPX' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:        'http://blah.com/(S(yn5cby55lgzstcen0ng2b4iq))/stuff'
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :aspx
-            platforms_for( page ).should include :windows
         end
     end
     context 'when there is a ASP.NET_SessionId cookie' do
         it 'identifies it as ASPX' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 cookies: [Arachni::Cookie.new(
                               url:  'http://stuff.com/blah',
                               inputs: { 'ASP.NET_SessionId' => 'stuff' } )]
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :aspx
-            platforms_for( page ).should include :windows
         end
     end
     context 'when there is an X-Powered-By header' do
         it 'identifies it as ASPX' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 response: { headers: { 'X-Powered-By' => 'ASP.NET'  } }
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :aspx
-            platforms_for( page ).should include :windows
         end
     end
     context 'when there is an X-AspNet-Version header' do
         it 'identifies it as ASPX' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 response: { headers: { 'X-AspNet-Version' => '4.0.30319' } }
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :aspx
-            platforms_for( page ).should include :windows
         end
     end
     context 'when there is an X-AspNetMvc-Version header' do
         it 'identifies it as ASPX' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 response: { headers: { 'X-AspNetMvc-Version' => '2.0' } }
             )
-            platforms_for( page ).should include :asp
-            platforms_for( page ).should include :aspx
-            platforms_for( page ).should include :windows
         end
     end

data/spec/components/fingerprinters/languages/java_spec.rb ADDED

@@ -0,0 +1,88 @@
+require 'spec_helper'
+describe Arachni::Platform::Fingerprinters::Java do
+    include_examples 'fingerprinter'
+    def platforms
+        [:java]
+    end
+    context 'when the page has a .jsp extension' do
+        it 'identifies it as JSP' do
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.jsp' )
+        end
+    end
+    context 'when there is a JSESSIONID query parameter' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url: 'http://stuff.com/blah?JSESSIONID=stuff'
+            )
+        end
+    end
+    context 'when there is a JSESSIONID cookie' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                cookies: [Arachni::Cookie.new(
+                              url: 'http://stuff.com/blah',
+                              inputs: { 'JSESSIONID' => 'stuff' } )]
+            )
+        end
+    end
+    context 'when there is an X-Powered-By header with Servlet' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                response: { headers:  { 'X-Powered-By' => 'Servlet/2.4' } }
+            )
+        end
+    end
+    context 'when there is an X-Powered-By header with JSP' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                response: { headers:  { 'X-Powered-By' => 'JSP/2.1' } }
+            )
+        end
+    end
+    context 'when there is an X-Powered-By header with JBoss' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                response: { headers:  { 'X-Powered-By' => 'JBossWeb-2.1' } }
+            )
+        end
+    end
+    context 'when there is an X-Powered-By header with GlassFish' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                response: { headers:  { 'X-Powered-By' => 'GlassFish Server' } }
+            )
+        end
+    end
+    context 'when there is an X-Powered-By header with Java' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                response: { headers:  { 'X-Powered-By' => 'Java' } }
+            )
+        end
+    end
+    context 'when there is an X-Powered-By header with Oracle' do
+        it 'identifies it as Java' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                response: { headers:  { 'X-Powered-By' => 'Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server' } }
+            )
+        end
+    end
+end

data/spec/components/fingerprinters/languages/php_spec.rb CHANGED

@@ -3,56 +3,63 @@ require 'spec_helper'
 describe Arachni::Platform::Fingerprinters::PHP do
     include_examples 'fingerprinter'
+    def platforms
+        [:php]
+    end
     context 'when the page has a .php extension' do
         it 'identifies it as PHP' do
-            page = Arachni::Page.from_data( url: 'http://stuff.com/blah.php' )
-            platforms_for( page ).should include :php
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.php' )
         end
     end
     context 'when the page has a .php/ rewrite' do
         it 'identifies it as PHP' do
-            page = Arachni::Page.from_data( url: 'http://stuff.com/blah.php/Stuff/1' )
-            platforms_for( page ).should include :php
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.php/Stuff/1' )
         end
     end
     context 'when the page has a .php5 (or similarly numbered) extension' do
         it 'identifies it as PHP' do
-            page = Arachni::Page.from_data( url: 'http://stuff.com/blah.php5' )
-            platforms_for( page ).should include :php
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.php5' )
         end
     end
     context 'when there is a PHPSESSID query parameter' do
         it 'identifies it as PHP' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url: 'http://stuff.com/blah?PHPSESSID=stuff'
             )
-            platforms_for( page ).should include :php
         end
     end
     context 'when there is a PHPSESSID cookie' do
         it 'identifies it as PHP' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 cookies: [Arachni::Cookie.new(
                               url: 'http://stuff.com/blah',
                               inputs: { 'PHPSESSID' => 'stuff' } )]
             )
-            platforms_for( page ).should include :php
         end
     end
     context 'when there is an X-Powered-By header' do
         it 'identifies it as PHP' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url: 'http://stuff.com/blah',
                 response: { headers: { 'X-Powered-By' => 'PHP/5.1.2' } }
             )
-            platforms_for( page ).should include :php
+        end
+    end
+    context 'when there is an X-PHP-PID header' do
+        it 'identifies it as PHP' do
+            check_platforms Arachni::Page.from_data(
+                url: 'http://stuff.com/blah',
+                response: { headers: { 'X-PHP-PID' => '2212' } }
+            )
         end
     end

data/spec/components/fingerprinters/languages/python_spec.rb CHANGED

@@ -3,20 +3,33 @@ require 'spec_helper'
 describe Arachni::Platform::Fingerprinters::Python do
     include_examples 'fingerprinter'
+    def platforms
+        [:python]
+    end
     context 'when the page has a .py extension' do
         it 'identifies it as Python' do
-            page = Arachni::Page.from_data( url: 'http://stuff.com/blah.py' )
-            platforms_for( page ).should include :python
+            check_platforms Arachni::Page.from_data( url: 'http://stuff.com/blah.py' )
         end
     end
-    context 'when there is an X-Powered-By header' do
-        it 'identifies it as Python' do
-            page = Arachni::Page.from_data(
-                url:     'http://stuff.com/blah',
-                response: { headers: { 'X-Powered-By' => 'Python/stuff' } }
-            )
-            platforms_for( page ).should include :python
+    described_class::IDS.each do |id|
+        context "when there is an X-Powered-By header with #{id}" do
+            it 'identifies it as Python' do
+                check_platforms Arachni::Page.from_data(
+                    url:     'http://stuff.com/blah',
+                    response: { headers: { 'X-Powered-By' => "#{id}/stuff" } }
+                )
+            end
+        end
+        context "when there is a Server header with #{id}" do
+            it 'identifies it as Python' do
+                check_platforms Arachni::Page.from_data(
+                    url:     'http://stuff.com/blah',
+                    response: { headers: { 'Server' => "#{id}/stuff" } }
+                )
+            end
         end
     end

data/spec/components/fingerprinters/languages/ruby.rb CHANGED

@@ -3,15 +3,18 @@ require 'spec_helper'
 describe Arachni::Platform::Fingerprinters::Ruby do
     include_examples 'fingerprinter'
+    def platforms
+        [:ruby]
+    end
     context 'when there is an Server header' do
         described_class::IDs.each do |id|
             context "and it contains #{id}" do
                 it 'identifies it as Ruby' do
-                    page = Arachni::Page.from_data(
+                    check_platforms Arachni::Page.from_data(
                         url:     'http://stuff.com/blah',
                         response: { headers: { 'Server' => "Apache/2.2.21 (#{id})" } }
                     )
-                    platforms_for( page ).should include :ruby
                 end
             end
         end
@@ -21,11 +24,10 @@ describe Arachni::Platform::Fingerprinters::Ruby do
         described_class::IDs.each do |id|
             context "and it contains #{id}" do
                 it 'identifies it as Ruby' do
-                    page = Arachni::Page.from_data(
+                    check_platforms Arachni::Page.from_data(
                         url:     'http://stuff.com/blah',
                         response: { headers: { 'X-Powered-By' => "Apache/2.2.21 (#{id})" } }
                     )
-                    platforms_for( page ).should include :ruby
                 end
             end
         end

data/spec/components/fingerprinters/os/bsd_spec.rb CHANGED

@@ -3,23 +3,25 @@ require 'spec_helper'
 describe Arachni::Platform::Fingerprinters::BSD do
     include_examples 'fingerprinter'
+    def platforms
+        [:bsd]
+    end
     context 'when there is an Server header' do
         it 'identifies it as BSD' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 response: { headers: { 'Server' => 'Apache/2.2.21 (FreeBSD)' } }
             )
-            platforms_for( page ).should include :bsd
         end
     end
     context 'when there is a X-Powered-By header' do
         it 'identifies it as BSD' do
-            page = Arachni::Page.from_data(
+            check_platforms Arachni::Page.from_data(
                 url:     'http://stuff.com/blah',
                 response: { headers: { 'X-Powered-By' => 'Stuf/0.4 (FreeBSD)' } }
             )
-            platforms_for( page ).should include :bsd
         end
     end