arachni 1.1 → 1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +159 -0
- data/LICENSE.md +126 -196
- data/README.md +32 -24
- data/arachni.gemspec +7 -7
- data/components/checks/active/code_injection_timing.rb +3 -3
- data/components/checks/active/csrf.rb +2 -2
- data/components/checks/active/file_inclusion.rb +6 -7
- data/components/checks/active/os_cmd_injection.rb +3 -3
- data/components/checks/active/path_traversal.rb +7 -7
- data/components/checks/active/response_splitting.rb +9 -4
- data/components/checks/active/session_fixation.rb +7 -3
- data/components/checks/active/source_code_disclosure.rb +5 -5
- data/components/checks/active/unvalidated_redirect.rb +12 -3
- data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
- data/components/checks/active/xss.rb +23 -10
- data/components/checks/active/xss_dom_inputs.rb +113 -11
- data/components/checks/active/xxe.rb +3 -3
- data/components/checks/passive/backdoors.rb +6 -5
- data/components/checks/passive/backup_directories.rb +6 -6
- data/components/checks/passive/backup_files.rb +6 -6
- data/components/checks/passive/common_admin_interfaces.rb +58 -0
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
- data/components/checks/passive/common_directories/directories.txt +0 -16
- data/components/checks/passive/common_files.rb +6 -5
- data/components/checks/passive/common_files/filenames.txt +0 -2
- data/components/checks/passive/directory_listing.rb +6 -6
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
- data/components/checks/passive/grep/hsts.rb +6 -3
- data/components/checks/passive/grep/http_only_cookies.rb +3 -3
- data/components/checks/passive/grep/insecure_cookies.rb +2 -2
- data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
- data/components/checks/passive/grep/x_frame_options.rb +6 -4
- data/components/checks/passive/htaccess_limit.rb +6 -2
- data/components/checks/passive/http_put.rb +8 -4
- data/components/checks/passive/interesting_responses.rb +3 -2
- data/components/checks/passive/localstart_asp.rb +6 -2
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
- data/components/checks/passive/xst.rb +6 -2
- data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
- data/components/fingerprinters/frameworks/cakephp.rb +28 -0
- data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
- data/components/fingerprinters/frameworks/django.rb +33 -0
- data/components/fingerprinters/frameworks/jsf.rb +30 -0
- data/components/fingerprinters/frameworks/rack.rb +5 -7
- data/components/fingerprinters/frameworks/rails.rb +43 -0
- data/components/fingerprinters/languages/aspx.rb +11 -11
- data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
- data/components/fingerprinters/languages/php.rb +6 -6
- data/components/fingerprinters/languages/python.rb +14 -6
- data/components/fingerprinters/languages/ruby.rb +3 -5
- data/components/fingerprinters/servers/apache.rb +5 -4
- data/components/fingerprinters/servers/gunicorn.rb +33 -0
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +11 -4
- data/components/path_extractors/anchors.rb +5 -12
- data/components/path_extractors/areas.rb +5 -13
- data/components/path_extractors/comments.rb +5 -3
- data/components/path_extractors/data_url.rb +21 -0
- data/components/path_extractors/forms.rb +5 -13
- data/components/path_extractors/frames.rb +6 -13
- data/components/path_extractors/generic.rb +3 -12
- data/components/path_extractors/links.rb +5 -13
- data/components/path_extractors/meta_refresh.rb +5 -13
- data/components/path_extractors/scripts.rb +8 -14
- data/components/plugins/autologin.rb +17 -5
- data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
- data/components/plugins/login_script.rb +40 -10
- data/components/plugins/metrics.rb +235 -0
- data/components/plugins/proxy.rb +21 -4
- data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
- data/components/plugins/restrict_to_dom_state.rb +70 -0
- data/components/plugins/vector_feed.rb +38 -9
- data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
- data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
- data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
- data/components/reporters/stdout.rb +4 -2
- data/components/reporters/xml.rb +4 -4
- data/components/reporters/xml/schema.xsd +95 -0
- data/lib/arachni.rb +2 -0
- data/lib/arachni/browser.rb +132 -77
- data/lib/arachni/browser/javascript.rb +173 -45
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
- data/lib/arachni/browser_cluster.rb +41 -15
- data/lib/arachni/browser_cluster/job.rb +4 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
- data/lib/arachni/browser_cluster/worker.rb +8 -5
- data/lib/arachni/check/auditor.rb +20 -8
- data/lib/arachni/check/base.rb +38 -6
- data/lib/arachni/element/base.rb +18 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
- data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
- data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/cookie.rb +37 -23
- data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
- data/lib/arachni/element/cookie/dom.rb +0 -8
- data/lib/arachni/element/form.rb +28 -14
- data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
- data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
- data/lib/arachni/element/form/dom.rb +0 -8
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/json.rb +2 -1
- data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +13 -16
- data/lib/arachni/element/link/dom.rb +1 -14
- data/lib/arachni/element/link_template.rb +3 -2
- data/lib/arachni/element/link_template/dom.rb +0 -16
- data/lib/arachni/element/server.rb +51 -9
- data/lib/arachni/element/xml.rb +1 -0
- data/lib/arachni/ethon/easy.rb +4 -1
- data/lib/arachni/framework/parts/audit.rb +26 -77
- data/lib/arachni/framework/parts/browser.rb +50 -55
- data/lib/arachni/framework/parts/check.rb +4 -3
- data/lib/arachni/framework/parts/data.rb +41 -6
- data/lib/arachni/framework/parts/state.rb +16 -7
- data/lib/arachni/http/client.rb +66 -38
- data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
- data/lib/arachni/http/headers.rb +22 -10
- data/lib/arachni/http/proxy_server.rb +67 -22
- data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
- data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
- data/lib/arachni/http/request.rb +71 -18
- data/lib/arachni/issue.rb +17 -3
- data/lib/arachni/option_groups/browser_cluster.rb +34 -1
- data/lib/arachni/option_groups/http.rb +1 -1
- data/lib/arachni/page.rb +26 -13
- data/lib/arachni/page/dom/transition.rb +2 -2
- data/lib/arachni/parser.rb +28 -11
- data/lib/arachni/platform/fingerprinter.rb +5 -0
- data/lib/arachni/platform/manager.rb +65 -32
- data/lib/arachni/plugin/base.rb +8 -0
- data/lib/arachni/processes/instances.rb +25 -11
- data/lib/arachni/reporter/manager.rb +2 -2
- data/lib/arachni/rpc/client/instance.rb +4 -0
- data/lib/arachni/rpc/server/framework/master.rb +3 -3
- data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
- data/lib/arachni/rpc/server/instance.rb +2 -1
- data/lib/arachni/ruby/array.rb +5 -0
- data/lib/arachni/ruby/hash.rb +5 -0
- data/lib/arachni/ruby/string.rb +2 -3
- data/lib/arachni/session.rb +32 -6
- data/lib/arachni/state/framework.rb +6 -2
- data/lib/arachni/support/cache.rb +1 -0
- data/lib/arachni/support/cache/base.rb +12 -8
- data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
- data/lib/arachni/support/cache/least_recently_used.rb +5 -8
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -25
- data/lib/arachni/support/database/queue.rb +21 -8
- data/lib/arachni/support/lookup/base.rb +7 -1
- data/lib/arachni/support/mixins/observable.rb +3 -1
- data/lib/arachni/support/profiler.rb +51 -10
- data/lib/arachni/support/signature.rb +11 -2
- data/lib/arachni/trainer.rb +8 -2
- data/lib/arachni/uri.rb +28 -25
- data/lib/arachni/uri/scope.rb +1 -1
- data/lib/arachni/utilities.rb +8 -0
- data/lib/arachni/watir/element.rb +1 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
- data/spec/arachni/browser/javascript_spec.rb +235 -61
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
- data/spec/arachni/browser_cluster_spec.rb +58 -10
- data/spec/arachni/browser_spec.rb +170 -26
- data/spec/arachni/check/auditor_spec.rb +22 -3
- data/spec/arachni/check/base_spec.rb +84 -0
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
- data/spec/arachni/element/cookie/dom_spec.rb +0 -9
- data/spec/arachni/element/cookie_spec.rb +85 -0
- data/spec/arachni/element/form/dom_spec.rb +0 -9
- data/spec/arachni/element/form_spec.rb +46 -3
- data/spec/arachni/element/json_spec.rb +20 -0
- data/spec/arachni/element/link/dom_spec.rb +0 -9
- data/spec/arachni/element/link_spec.rb +40 -15
- data/spec/arachni/element/link_template/dom_spec.rb +0 -8
- data/spec/arachni/element/link_template_spec.rb +2 -6
- data/spec/arachni/element/server_spec.rb +94 -8
- data/spec/arachni/element/xml_spec.rb +20 -0
- data/spec/arachni/framework/parts/audit_spec.rb +12 -14
- data/spec/arachni/framework/parts/browser_spec.rb +0 -171
- data/spec/arachni/framework/parts/platform_spec.rb +14 -8
- data/spec/arachni/framework/parts/report_spec.rb +1 -1
- data/spec/arachni/framework/parts/state_spec.rb +0 -9
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
- data/spec/arachni/http/client_spec.rb +169 -42
- data/spec/arachni/http/headers_spec.rb +18 -0
- data/spec/arachni/http/request_spec.rb +23 -0
- data/spec/arachni/issue_spec.rb +17 -6
- data/spec/arachni/page_spec.rb +22 -2
- data/spec/arachni/parser_spec.rb +5 -0
- data/spec/arachni/platform/manager_spec.rb +57 -25
- data/spec/arachni/reporter/manager_spec.rb +26 -0
- data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
- data/spec/arachni/state/framework_spec.rb +2 -8
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
- data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
- data/spec/arachni/support/database/queue_spec.rb +7 -0
- data/spec/arachni/support/mixins/observable_spec.rb +15 -1
- data/spec/arachni/trainer_spec.rb +2 -2
- data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
- data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
- data/spec/components/checks/active/path_traversal_spec.rb +2 -2
- data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
- data/spec/components/checks/active/xss_spec.rb +5 -5
- data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
- data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
- data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
- data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
- data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
- data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
- data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
- data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
- data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
- data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
- data/spec/components/fingerprinters/languages/ruby.rb +6 -4
- data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
- data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
- data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
- data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
- data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
- data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
- data/spec/components/path_extractors/data_url_spec.rb +19 -0
- data/spec/components/plugins/autologin_spec.rb +23 -0
- data/spec/components/plugins/login_script_spec.rb +112 -24
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
- data/spec/components/plugins/vector_feed_spec.rb +39 -1
- data/spec/support/factories/page/dom.rb +9 -4
- data/spec/support/factories/page/dom/transition.rb +31 -9
- data/spec/support/factories/scan_report.rb +8 -6
- data/spec/support/fixtures/empty/placeholder +0 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
- data/spec/support/servers/arachni/browser.rb +117 -11
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
- data/spec/support/servers/arachni/check/auditor.rb +4 -0
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
- data/spec/support/servers/arachni/http/client.rb +5 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
- data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
- data/spec/support/servers/checks/active/path_traversal.rb +2 -2
- data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
- data/spec/support/servers/checks/active/trainer_check.rb +9 -10
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
- data/spec/support/servers/checks/active/xss.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom.rb +1 -1
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
- data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
- data/spec/support/servers/plugins/autologin.rb +9 -0
- data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
- data/spec/support/shared/element/base.rb +42 -0
- data/spec/support/shared/element/capabilities/auditable.rb +4 -4
- data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
- data/spec/support/shared/element/capabilities/submitable.rb +7 -2
- data/spec/support/shared/fingerprinter.rb +8 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/ui/cli/framework.rb +3 -3
- data/ui/cli/framework/option_parser.rb +9 -0
- data/ui/cli/output.rb +9 -0
- data/ui/cli/reporter.rb +5 -2
- data/ui/cli/utilities.rb +4 -2
- metadata +76 -17
- data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
- data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
- data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
@@ -1,5 +1,7 @@
|
|
1
1
|
require 'sinatra'
|
2
2
|
|
3
|
+
@@erratic = 0
|
4
|
+
|
3
5
|
def handler_response_1
|
4
6
|
"Random #{rand( 999 ).to_s} bits #{rand( 999 ).to_s} go #{rand( 999 ).to_s} here #{rand( 999 ).to_s}"
|
5
7
|
end
|
@@ -21,6 +23,17 @@ get '/static/*' do
|
|
21
23
|
'This is a custom 404, try to catch it. ;)'
|
22
24
|
end
|
23
25
|
|
26
|
+
get '/dynamic/erratic/*' do
|
27
|
+
if @@erratic > 3
|
28
|
+
return 500
|
29
|
+
end
|
30
|
+
|
31
|
+
@@erratic += 1
|
32
|
+
|
33
|
+
'This is a custom 404 which includes the requested resource, try to catch it. ;)' +
|
34
|
+
'<br/>You asked for "' + params[:splat].first.to_s + '", which could not be found.'
|
35
|
+
end
|
36
|
+
|
24
37
|
get '/dynamic/*' do
|
25
38
|
'This is a custom 404 which includes the requested resource, try to catch it. ;)' +
|
26
39
|
'<br/>You asked for "' + params[:splat].first.to_s + '", which could not be found.'
|
@@ -8,7 +8,7 @@ REGEXP = {
|
|
8
8
|
perl: 'sleep\s?\((\d+)\/(\d+)\s?\);',
|
9
9
|
python: 'import time;time.sleep\s?\((\d+)\/(\d+)\s?\);',
|
10
10
|
asp: 'Thread\.Sleep\s?\((\d+)\s?\);',
|
11
|
-
|
11
|
+
java: 'Thread\.sleep\s?\((\d+)\s?\);',
|
12
12
|
ruby: 'sleep\s?\((\d+)\/(\d+)\s?\)'
|
13
13
|
}
|
14
14
|
|
@@ -13,7 +13,7 @@ FILE_TO_PLATFORM = {
|
|
13
13
|
'/winnt/win.ini' => :windows,
|
14
14
|
'/etc/passwd' => :unix,
|
15
15
|
'/proc/self/environ' => :unix,
|
16
|
-
'/WEB-INF/web.xml' => :
|
16
|
+
'/WEB-INF/web.xml' => :java
|
17
17
|
}
|
18
18
|
|
19
19
|
OUT = {
|
@@ -43,7 +43,7 @@ CMCDLLNAME32=mapi32.dll
|
|
43
43
|
CMCDLLNAME=mapi.dll
|
44
44
|
MAPIX=1
|
45
45
|
',
|
46
|
-
|
46
|
+
java: '<?xml version="1.0" encoding="UTF-8"?>
|
47
47
|
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
|
48
48
|
<display-name>VulnerabilityDetectionChallenge</display-name>
|
49
49
|
<welcome-file-list>
|
@@ -13,7 +13,7 @@ FILE_TO_PLATFORM = {
|
|
13
13
|
'/winnt/win.ini' => :windows,
|
14
14
|
'/etc/passwd' => :unix,
|
15
15
|
'/proc/self/environ' => :unix,
|
16
|
-
'/WEB-INF/web.xml' => :
|
16
|
+
'/WEB-INF/web.xml' => :java
|
17
17
|
}
|
18
18
|
|
19
19
|
OUT = {
|
@@ -43,7 +43,7 @@ CMCDLLNAME32=mapi32.dll
|
|
43
43
|
CMCDLLNAME=mapi.dll
|
44
44
|
MAPIX=1
|
45
45
|
',
|
46
|
-
|
46
|
+
java: '<?xml version="1.0" encoding="UTF-8"?>
|
47
47
|
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
|
48
48
|
<display-name>VulnerabilityDetectionChallenge</display-name>
|
49
49
|
<welcome-file-list>
|
@@ -5,18 +5,24 @@ require 'sinatra'
|
|
5
5
|
require 'sinatra/contrib'
|
6
6
|
|
7
7
|
def default
|
8
|
-
|
8
|
+
'default.html'
|
9
9
|
end
|
10
10
|
|
11
11
|
OUT = {
|
12
|
-
php:
|
12
|
+
php: '<?php
|
13
13
|
$q = $_GET["q"];',
|
14
|
-
|
15
|
-
asp:
|
14
|
+
java: 'response.setIntHeader( "test" )',
|
15
|
+
asp: 'Response.Write "stuff"'
|
16
|
+
}
|
17
|
+
|
18
|
+
EXTENSIONS = {
|
19
|
+
php: 'php',
|
20
|
+
java: 'jsp',
|
21
|
+
asp: 'asp'
|
16
22
|
}
|
17
23
|
|
18
24
|
def get_variations( language, str )
|
19
|
-
return if !str.to_s.end_with? ".#{language}"
|
25
|
+
return if !str.to_s.end_with? ".#{EXTENSIONS[language]}"
|
20
26
|
OUT[language]
|
21
27
|
end
|
22
28
|
|
@@ -36,6 +42,7 @@ before do
|
|
36
42
|
end
|
37
43
|
|
38
44
|
OUT.keys.each do |language|
|
45
|
+
ext = EXTENSIONS[language]
|
39
46
|
|
40
47
|
get "/#{language}" do
|
41
48
|
cookies['cookie'] ||= default
|
@@ -53,29 +60,29 @@ OUT.keys.each do |language|
|
|
53
60
|
|
54
61
|
get "/#{language}/link" do
|
55
62
|
<<-EOHTML
|
56
|
-
<a href="/#{language}/link/straight.#{
|
57
|
-
<a href="/#{language}/link/with_null.#{
|
63
|
+
<a href="/#{language}/link/straight.#{ext}?input=#{default}">Link</a>
|
64
|
+
<a href="/#{language}/link/with_null.#{ext}?input=#{default}">Link</a>
|
58
65
|
EOHTML
|
59
66
|
end
|
60
67
|
|
61
|
-
get "/#{language}/link/straight.#{
|
68
|
+
get "/#{language}/link/straight.#{ext}" do
|
62
69
|
return if params['input'].include?( "\0" )
|
63
70
|
get_variations( language, params['input'] )
|
64
71
|
end
|
65
72
|
|
66
|
-
get "/#{language}/link/with_null.#{
|
73
|
+
get "/#{language}/link/with_null.#{ext}" do
|
67
74
|
return if !params['input'].end_with?( "\00.html" )
|
68
75
|
get_variations( language, params['input'].split( "\0.html" ).first )
|
69
76
|
end
|
70
77
|
|
71
78
|
get "/#{language}/link-template" do
|
72
79
|
<<-EOHTML
|
73
|
-
<a href="/#{language}/link-template/straight/input/default/stuff.#{
|
74
|
-
<a href="/#{language}/link-template/append/input/default/stuff.#{
|
80
|
+
<a href="/#{language}/link-template/straight/input/default/stuff.#{ext}">Link</a>
|
81
|
+
<a href="/#{language}/link-template/append/input/default/stuff.#{ext}">Link</a>
|
75
82
|
EOHTML
|
76
83
|
end
|
77
84
|
|
78
|
-
get "/#{language}/link-template/straight/input/*/stuff.#{
|
85
|
+
get "/#{language}/link-template/straight/input/*/stuff.#{ext}" do
|
79
86
|
val = params[:splat].first
|
80
87
|
default = 'default'
|
81
88
|
return if val.start_with?( default )
|
@@ -83,7 +90,7 @@ OUT.keys.each do |language|
|
|
83
90
|
get_variations( language, val.split( default ).last )
|
84
91
|
end
|
85
92
|
|
86
|
-
get "/#{language}/link-template/with_null/input/*/stuff.#{
|
93
|
+
get "/#{language}/link-template/with_null/input/*/stuff.#{ext}" do
|
87
94
|
val = params[:splat].first
|
88
95
|
return if !val.end_with?( "\00.html" )
|
89
96
|
get_variations( language, val.split( "\0.html" ).first )
|
@@ -91,44 +98,44 @@ OUT.keys.each do |language|
|
|
91
98
|
|
92
99
|
get "/#{language}/form" do
|
93
100
|
<<-EOHTML
|
94
|
-
<form action="/#{language}/form/straight.#{
|
101
|
+
<form action="/#{language}/form/straight.#{ext}" method='post'>
|
95
102
|
<input name='input' value='#{default}' />
|
96
103
|
</form>
|
97
104
|
|
98
|
-
<form action="/#{language}/form/with_null.#{
|
105
|
+
<form action="/#{language}/form/with_null.#{ext}" method='post'>
|
99
106
|
<input name='input' value='#{default}' />
|
100
107
|
</form>
|
101
108
|
|
102
109
|
EOHTML
|
103
110
|
end
|
104
111
|
|
105
|
-
post "/#{language}/form/straight.#{
|
112
|
+
post "/#{language}/form/straight.#{ext}" do
|
106
113
|
return if params['input'].include?( "\0" )
|
107
114
|
get_variations( language, params['input'] )
|
108
115
|
end
|
109
116
|
|
110
|
-
post "/#{language}/form/with_null.#{
|
117
|
+
post "/#{language}/form/with_null.#{ext}" do
|
111
118
|
return if !params['input'].end_with?( "\00.html" )
|
112
119
|
get_variations( language, params['input'].split( "\0.html" ).first )
|
113
120
|
end
|
114
121
|
|
115
122
|
get "/#{language}/cookie" do
|
116
123
|
<<-HTML
|
117
|
-
<a href="/#{language}/cookie/straight.#{
|
124
|
+
<a href="/#{language}/cookie/straight.#{ext}">Cookie</a>
|
118
125
|
HTML
|
119
126
|
end
|
120
127
|
|
121
|
-
get "/#{language}/cookie/straight.#{
|
128
|
+
get "/#{language}/cookie/straight.#{ext}" do
|
122
129
|
get_variations( language, cookies['cookie'] )
|
123
130
|
end
|
124
131
|
|
125
132
|
get "/#{language}/header" do
|
126
133
|
<<-EOHTML
|
127
|
-
<a href="/#{language}/header/straight.#{
|
134
|
+
<a href="/#{language}/header/straight.#{ext}">Header</a>
|
128
135
|
EOHTML
|
129
136
|
end
|
130
137
|
|
131
|
-
get "/#{language}/header/straight.#{
|
138
|
+
get "/#{language}/header/straight.#{ext}" do
|
132
139
|
default = 'arachni_user'
|
133
140
|
return if env['HTTP_USER_AGENT'].start_with?( default ) || env['HTTP_USER_AGENT'].include?( "\0" )
|
134
141
|
|
@@ -139,23 +146,23 @@ OUT.keys.each do |language|
|
|
139
146
|
<<-EOHTML
|
140
147
|
<script type="application/javascript">
|
141
148
|
http_request = new XMLHttpRequest();
|
142
|
-
http_request.open( "POST", "/#{language}/json/straight.#{
|
149
|
+
http_request.open( "POST", "/#{language}/json/straight.#{ext}", true);
|
143
150
|
http_request.send( '{"input": "#{default}"}' );
|
144
151
|
|
145
152
|
http_request = new XMLHttpRequest();
|
146
|
-
http_request.open( "POST", "/#{language}/json/with_null.#{
|
153
|
+
http_request.open( "POST", "/#{language}/json/with_null.#{ext}", true);
|
147
154
|
http_request.send( '{"input": "#{default}"}' );
|
148
155
|
</script>
|
149
156
|
EOHTML
|
150
157
|
end
|
151
158
|
|
152
|
-
post "/#{language}/json/straight.#{
|
159
|
+
post "/#{language}/json/straight.#{ext}" do
|
153
160
|
return if !@json
|
154
161
|
return if @json['input'].include?( "\0" )
|
155
162
|
get_variations( language, @json['input'] )
|
156
163
|
end
|
157
164
|
|
158
|
-
post "/#{language}/json/with_null.#{
|
165
|
+
post "/#{language}/json/with_null.#{ext}" do
|
159
166
|
return if !@json
|
160
167
|
return if !@json['input'].end_with?( "\00.html" )
|
161
168
|
|
@@ -166,25 +173,25 @@ OUT.keys.each do |language|
|
|
166
173
|
<<-EOHTML
|
167
174
|
<script type="application/javascript">
|
168
175
|
http_request = new XMLHttpRequest();
|
169
|
-
http_request.open( "POST", "/#{language}/xml/text/straight.#{
|
176
|
+
http_request.open( "POST", "/#{language}/xml/text/straight.#{ext}", true);
|
170
177
|
http_request.send( '<input>#{default}</input>' );
|
171
178
|
|
172
179
|
http_request = new XMLHttpRequest();
|
173
|
-
http_request.open( "POST", "/#{language}/xml/text/with_null.#{
|
180
|
+
http_request.open( "POST", "/#{language}/xml/text/with_null.#{ext}", true);
|
174
181
|
http_request.send( '<input>#{default}</input>' );
|
175
182
|
|
176
183
|
http_request = new XMLHttpRequest();
|
177
|
-
http_request.open( "POST", "/#{language}/xml/attribute/straight.#{
|
184
|
+
http_request.open( "POST", "/#{language}/xml/attribute/straight.#{ext}", true);
|
178
185
|
http_request.send( '<input my-attribute="#{default}">stuff</input>' );
|
179
186
|
|
180
187
|
http_request = new XMLHttpRequest();
|
181
|
-
http_request.open( "POST", "/#{language}/xml/attribute/with_null.#{
|
188
|
+
http_request.open( "POST", "/#{language}/xml/attribute/with_null.#{ext}", true);
|
182
189
|
http_request.send( '<input my-attribute="#{default}">stuff</input>' );
|
183
190
|
</script>
|
184
191
|
EOHTML
|
185
192
|
end
|
186
193
|
|
187
|
-
post "/#{language}/xml/text/straight.#{
|
194
|
+
post "/#{language}/xml/text/straight.#{ext}" do
|
188
195
|
return if !@xml
|
189
196
|
|
190
197
|
input = @xml.css('input').first.content
|
@@ -194,7 +201,7 @@ OUT.keys.each do |language|
|
|
194
201
|
get_variations( language, input )
|
195
202
|
end
|
196
203
|
|
197
|
-
post "/#{language}/xml/text/with_null.#{
|
204
|
+
post "/#{language}/xml/text/with_null.#{ext}" do
|
198
205
|
return if !@xml
|
199
206
|
|
200
207
|
input = @xml.css('input').first.content
|
@@ -204,7 +211,7 @@ OUT.keys.each do |language|
|
|
204
211
|
get_variations( language, input.split( "\00.html" ).last )
|
205
212
|
end
|
206
213
|
|
207
|
-
post "/#{language}/xml/attribute/straight.#{
|
214
|
+
post "/#{language}/xml/attribute/straight.#{ext}" do
|
208
215
|
return if !@xml
|
209
216
|
|
210
217
|
input = @xml.css('input').first['my-attribute']
|
@@ -214,7 +221,7 @@ OUT.keys.each do |language|
|
|
214
221
|
get_variations( language, input )
|
215
222
|
end
|
216
223
|
|
217
|
-
post "/#{language}/xml/attribute/with_null.#{
|
224
|
+
post "/#{language}/xml/attribute/with_null.#{ext}" do
|
218
225
|
return if !@xml
|
219
226
|
|
220
227
|
input = @xml.css('input').first['my-attribute']
|
@@ -1,8 +1,7 @@
|
|
1
|
+
require 'ap'
|
1
2
|
require 'sinatra'
|
2
3
|
require 'sinatra/contrib'
|
3
4
|
|
4
|
-
require 'ap'
|
5
|
-
|
6
5
|
get '/' do
|
7
6
|
<<-EOHTML
|
8
7
|
<a href="/link?input=default">Link</a>
|
@@ -24,12 +23,12 @@ get "/link/straight" do
|
|
24
23
|
return if params['input'].start_with?( default ) ||
|
25
24
|
!params['input'].include?( '_arachni_trainer_' )
|
26
25
|
|
27
|
-
redirect "/link/straight/
|
26
|
+
redirect "/link/straight/redir"
|
28
27
|
end
|
29
28
|
|
30
|
-
get "/link/straight/
|
29
|
+
get "/link/straight/redir" do
|
31
30
|
<<-EOHTML
|
32
|
-
<a href="
|
31
|
+
<a href="trained">Stuff</a>
|
33
32
|
EOHTML
|
34
33
|
end
|
35
34
|
|
@@ -38,12 +37,12 @@ get "/link/append" do
|
|
38
37
|
return if !params['input'].start_with?( default ) ||
|
39
38
|
!params['input'].include?( '_arachni_trainer_' )
|
40
39
|
|
41
|
-
redirect "/link/append/
|
40
|
+
redirect "/link/append/redir"
|
42
41
|
end
|
43
42
|
|
44
|
-
get "/link/append/
|
43
|
+
get "/link/append/redir" do
|
45
44
|
<<-EOHTML
|
46
|
-
<a href="
|
45
|
+
<a href="trained">Stuff</a>
|
47
46
|
EOHTML
|
48
47
|
end
|
49
48
|
|
@@ -68,7 +67,7 @@ end
|
|
68
67
|
|
69
68
|
get "/form/straight/trained" do
|
70
69
|
<<-EOHTML
|
71
|
-
<form action="?
|
70
|
+
<form action="?new_stuff"/>Stuff</form>
|
72
71
|
EOHTML
|
73
72
|
end
|
74
73
|
|
@@ -81,7 +80,7 @@ end
|
|
81
80
|
|
82
81
|
get "/form/append/trained" do
|
83
82
|
<<-EOHTML
|
84
|
-
<form action="?
|
83
|
+
<form action="?more_new_stuff"/>Stuff</form>
|
85
84
|
EOHTML
|
86
85
|
end
|
87
86
|
|
@@ -77,7 +77,7 @@ get '/form/straight' do
|
|
77
77
|
end
|
78
78
|
|
79
79
|
get '/cookie' do
|
80
|
-
headers 'Set-Cookie' => 'input=
|
80
|
+
headers 'Set-Cookie' => 'input=default'
|
81
81
|
|
82
82
|
<<-EOHTML
|
83
83
|
<a href="/cookie/straight">Form</a>
|
@@ -99,7 +99,7 @@ get '/cookie/straight' do
|
|
99
99
|
var c = ca[i].trim();
|
100
100
|
|
101
101
|
if( c.indexOf( name ) == 0 ) {
|
102
|
-
return c.substring( name.length, c.length )
|
102
|
+
return decodeURIComponent( c.substring( name.length, c.length ) )
|
103
103
|
}
|
104
104
|
}
|
105
105
|
|
@@ -107,8 +107,11 @@ get '/cookie/straight' do
|
|
107
107
|
}
|
108
108
|
|
109
109
|
url = getCookie('input');
|
110
|
-
|
111
|
-
|
110
|
+
|
111
|
+
if( url != 'default' ) {
|
112
|
+
if( url.indexOf( 'http' ) != 0 ) url = 'http://' + url;
|
113
|
+
window.location = url;
|
114
|
+
}
|
112
115
|
</script>
|
113
116
|
</body>
|
114
117
|
EOHTML
|
@@ -52,6 +52,7 @@ get '/link' do
|
|
52
52
|
<a href="/link/in_comment?input=default">Link</a>
|
53
53
|
<a href="/link/in_textfield?input=default">Link</a>
|
54
54
|
<a href="/link/straight?input=default">Link</a>
|
55
|
+
<a href="/link/double_encoded?input=default">Link</a>
|
55
56
|
<a href="/link/append?input=default">Link</a>
|
56
57
|
<a href="/link/dom?input=default">Link</a>
|
57
58
|
EOHTML
|
@@ -76,6 +77,10 @@ get '/link/straight' do
|
|
76
77
|
get_variations( params['input'].split( default ).last )
|
77
78
|
end
|
78
79
|
|
80
|
+
get '/link/double_encoded' do
|
81
|
+
get_variations( URI.decode( params['input'] ) )
|
82
|
+
end
|
83
|
+
|
79
84
|
get '/link/append' do
|
80
85
|
default = 'default'
|
81
86
|
return if !params['input'].start_with?( default )
|
@@ -91,6 +96,7 @@ get '/link-template' do
|
|
91
96
|
<<-EOHTML
|
92
97
|
<a href="/link-template/in_comment/input/default/stuff">Link</a>
|
93
98
|
<a href="/link-template/straight/input/default/stuff">Link</a>
|
99
|
+
<a href="/link-template/double_encoded/input/default/stuff">Link</a>
|
94
100
|
<a href="/link-template/append/input/default/stuff">Link</a>
|
95
101
|
<a href="/link-template/dom/input/default/stuff">Link</a>
|
96
102
|
EOHTML
|
@@ -112,6 +118,11 @@ get '/link-template/straight/input/*/stuff' do
|
|
112
118
|
get_variations( val.split( default ).last )
|
113
119
|
end
|
114
120
|
|
121
|
+
get '/link-template/double_encoded/input/*/stuff' do
|
122
|
+
val = params[:splat].first
|
123
|
+
get_variations( URI.decode( val ) )
|
124
|
+
end
|
125
|
+
|
115
126
|
get '/link-template/append/input/*/stuff' do
|
116
127
|
val = params[:splat].first
|
117
128
|
default = 'default'
|
@@ -135,6 +146,10 @@ get '/form' do
|
|
135
146
|
<input name='input' value='default' />
|
136
147
|
</form>
|
137
148
|
|
149
|
+
<form action="/form/double_encoded">
|
150
|
+
<input name='input' value='default' />
|
151
|
+
</form>
|
152
|
+
|
138
153
|
<form action="/form/append">
|
139
154
|
<input name='input' value='default' />
|
140
155
|
</form>
|
@@ -162,6 +177,10 @@ get '/form/straight' do
|
|
162
177
|
get_variations( params['input'].split( default ).last )
|
163
178
|
end
|
164
179
|
|
180
|
+
get '/form/double_encoded' do
|
181
|
+
get_variations( URI.decode( params['input'].to_s ) )
|
182
|
+
end
|
183
|
+
|
165
184
|
get '/form/append' do
|
166
185
|
default = 'default'
|
167
186
|
return if !params['input'] || !params['input'].start_with?( default )
|
@@ -174,6 +193,7 @@ get '/cookie' do
|
|
174
193
|
<<-EOHTML
|
175
194
|
<a href="/cookie/in_comment">Cookie</a>
|
176
195
|
<a href="/cookie/straight">Cookie</a>
|
196
|
+
<a href="/cookie/double_encoded">Cookie</a>
|
177
197
|
<a href="/cookie/append">Cookie</a>
|
178
198
|
<a href="/cookie/dom">Cookie</a>
|
179
199
|
EOHTML
|
@@ -204,6 +224,13 @@ get '/cookie/straight' do
|
|
204
224
|
get_variations( cookies['cookie'].split( default ).last )
|
205
225
|
end
|
206
226
|
|
227
|
+
get '/cookie/double_encoded' do
|
228
|
+
default = 'cookie value'
|
229
|
+
cookies['cookie'] ||= default
|
230
|
+
|
231
|
+
get_variations( URI.decode( cookies['cookie'] ) )
|
232
|
+
end
|
233
|
+
|
207
234
|
get '/cookie/append' do
|
208
235
|
default = 'cookie value'
|
209
236
|
cookies['cookie2'] ||= default
|
@@ -216,6 +243,7 @@ get '/header' do
|
|
216
243
|
<<-EOHTML
|
217
244
|
<a href="/header/straight">Header</a>
|
218
245
|
<a href="/header/append">Header</a>
|
246
|
+
<a href="/header/double_encoded">Header</a>
|
219
247
|
<a href="/header/dom">Header</a>
|
220
248
|
EOHTML
|
221
249
|
end
|
@@ -231,6 +259,13 @@ get '/header/straight' do
|
|
231
259
|
get_variations( env['HTTP_USER_AGENT'].split( default ).last )
|
232
260
|
end
|
233
261
|
|
262
|
+
get '/header/double_encoded' do
|
263
|
+
default = 'arachni_user'
|
264
|
+
return if !env['HTTP_USER_AGENT']
|
265
|
+
|
266
|
+
get_variations( URI.decode( env['HTTP_USER_AGENT'] ) )
|
267
|
+
end
|
268
|
+
|
234
269
|
get '/header/append' do
|
235
270
|
default = 'arachni_user'
|
236
271
|
return if !env['HTTP_USER_AGENT'] || !env['HTTP_USER_AGENT'].start_with?( default )
|