arachni 1.1 → 1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +159 -0
- data/LICENSE.md +126 -196
- data/README.md +32 -24
- data/arachni.gemspec +7 -7
- data/components/checks/active/code_injection_timing.rb +3 -3
- data/components/checks/active/csrf.rb +2 -2
- data/components/checks/active/file_inclusion.rb +6 -7
- data/components/checks/active/os_cmd_injection.rb +3 -3
- data/components/checks/active/path_traversal.rb +7 -7
- data/components/checks/active/response_splitting.rb +9 -4
- data/components/checks/active/session_fixation.rb +7 -3
- data/components/checks/active/source_code_disclosure.rb +5 -5
- data/components/checks/active/unvalidated_redirect.rb +12 -3
- data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
- data/components/checks/active/xss.rb +23 -10
- data/components/checks/active/xss_dom_inputs.rb +113 -11
- data/components/checks/active/xxe.rb +3 -3
- data/components/checks/passive/backdoors.rb +6 -5
- data/components/checks/passive/backup_directories.rb +6 -6
- data/components/checks/passive/backup_files.rb +6 -6
- data/components/checks/passive/common_admin_interfaces.rb +58 -0
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
- data/components/checks/passive/common_directories/directories.txt +0 -16
- data/components/checks/passive/common_files.rb +6 -5
- data/components/checks/passive/common_files/filenames.txt +0 -2
- data/components/checks/passive/directory_listing.rb +6 -6
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
- data/components/checks/passive/grep/hsts.rb +6 -3
- data/components/checks/passive/grep/http_only_cookies.rb +3 -3
- data/components/checks/passive/grep/insecure_cookies.rb +2 -2
- data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
- data/components/checks/passive/grep/x_frame_options.rb +6 -4
- data/components/checks/passive/htaccess_limit.rb +6 -2
- data/components/checks/passive/http_put.rb +8 -4
- data/components/checks/passive/interesting_responses.rb +3 -2
- data/components/checks/passive/localstart_asp.rb +6 -2
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
- data/components/checks/passive/xst.rb +6 -2
- data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
- data/components/fingerprinters/frameworks/cakephp.rb +28 -0
- data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
- data/components/fingerprinters/frameworks/django.rb +33 -0
- data/components/fingerprinters/frameworks/jsf.rb +30 -0
- data/components/fingerprinters/frameworks/rack.rb +5 -7
- data/components/fingerprinters/frameworks/rails.rb +43 -0
- data/components/fingerprinters/languages/aspx.rb +11 -11
- data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
- data/components/fingerprinters/languages/php.rb +6 -6
- data/components/fingerprinters/languages/python.rb +14 -6
- data/components/fingerprinters/languages/ruby.rb +3 -5
- data/components/fingerprinters/servers/apache.rb +5 -4
- data/components/fingerprinters/servers/gunicorn.rb +33 -0
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +11 -4
- data/components/path_extractors/anchors.rb +5 -12
- data/components/path_extractors/areas.rb +5 -13
- data/components/path_extractors/comments.rb +5 -3
- data/components/path_extractors/data_url.rb +21 -0
- data/components/path_extractors/forms.rb +5 -13
- data/components/path_extractors/frames.rb +6 -13
- data/components/path_extractors/generic.rb +3 -12
- data/components/path_extractors/links.rb +5 -13
- data/components/path_extractors/meta_refresh.rb +5 -13
- data/components/path_extractors/scripts.rb +8 -14
- data/components/plugins/autologin.rb +17 -5
- data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
- data/components/plugins/login_script.rb +40 -10
- data/components/plugins/metrics.rb +235 -0
- data/components/plugins/proxy.rb +21 -4
- data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
- data/components/plugins/restrict_to_dom_state.rb +70 -0
- data/components/plugins/vector_feed.rb +38 -9
- data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
- data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
- data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
- data/components/reporters/stdout.rb +4 -2
- data/components/reporters/xml.rb +4 -4
- data/components/reporters/xml/schema.xsd +95 -0
- data/lib/arachni.rb +2 -0
- data/lib/arachni/browser.rb +132 -77
- data/lib/arachni/browser/javascript.rb +173 -45
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
- data/lib/arachni/browser_cluster.rb +41 -15
- data/lib/arachni/browser_cluster/job.rb +4 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
- data/lib/arachni/browser_cluster/worker.rb +8 -5
- data/lib/arachni/check/auditor.rb +20 -8
- data/lib/arachni/check/base.rb +38 -6
- data/lib/arachni/element/base.rb +18 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
- data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
- data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/cookie.rb +37 -23
- data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
- data/lib/arachni/element/cookie/dom.rb +0 -8
- data/lib/arachni/element/form.rb +28 -14
- data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
- data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
- data/lib/arachni/element/form/dom.rb +0 -8
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/json.rb +2 -1
- data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +13 -16
- data/lib/arachni/element/link/dom.rb +1 -14
- data/lib/arachni/element/link_template.rb +3 -2
- data/lib/arachni/element/link_template/dom.rb +0 -16
- data/lib/arachni/element/server.rb +51 -9
- data/lib/arachni/element/xml.rb +1 -0
- data/lib/arachni/ethon/easy.rb +4 -1
- data/lib/arachni/framework/parts/audit.rb +26 -77
- data/lib/arachni/framework/parts/browser.rb +50 -55
- data/lib/arachni/framework/parts/check.rb +4 -3
- data/lib/arachni/framework/parts/data.rb +41 -6
- data/lib/arachni/framework/parts/state.rb +16 -7
- data/lib/arachni/http/client.rb +66 -38
- data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
- data/lib/arachni/http/headers.rb +22 -10
- data/lib/arachni/http/proxy_server.rb +67 -22
- data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
- data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
- data/lib/arachni/http/request.rb +71 -18
- data/lib/arachni/issue.rb +17 -3
- data/lib/arachni/option_groups/browser_cluster.rb +34 -1
- data/lib/arachni/option_groups/http.rb +1 -1
- data/lib/arachni/page.rb +26 -13
- data/lib/arachni/page/dom/transition.rb +2 -2
- data/lib/arachni/parser.rb +28 -11
- data/lib/arachni/platform/fingerprinter.rb +5 -0
- data/lib/arachni/platform/manager.rb +65 -32
- data/lib/arachni/plugin/base.rb +8 -0
- data/lib/arachni/processes/instances.rb +25 -11
- data/lib/arachni/reporter/manager.rb +2 -2
- data/lib/arachni/rpc/client/instance.rb +4 -0
- data/lib/arachni/rpc/server/framework/master.rb +3 -3
- data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
- data/lib/arachni/rpc/server/instance.rb +2 -1
- data/lib/arachni/ruby/array.rb +5 -0
- data/lib/arachni/ruby/hash.rb +5 -0
- data/lib/arachni/ruby/string.rb +2 -3
- data/lib/arachni/session.rb +32 -6
- data/lib/arachni/state/framework.rb +6 -2
- data/lib/arachni/support/cache.rb +1 -0
- data/lib/arachni/support/cache/base.rb +12 -8
- data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
- data/lib/arachni/support/cache/least_recently_used.rb +5 -8
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -25
- data/lib/arachni/support/database/queue.rb +21 -8
- data/lib/arachni/support/lookup/base.rb +7 -1
- data/lib/arachni/support/mixins/observable.rb +3 -1
- data/lib/arachni/support/profiler.rb +51 -10
- data/lib/arachni/support/signature.rb +11 -2
- data/lib/arachni/trainer.rb +8 -2
- data/lib/arachni/uri.rb +28 -25
- data/lib/arachni/uri/scope.rb +1 -1
- data/lib/arachni/utilities.rb +8 -0
- data/lib/arachni/watir/element.rb +1 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
- data/spec/arachni/browser/javascript_spec.rb +235 -61
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
- data/spec/arachni/browser_cluster_spec.rb +58 -10
- data/spec/arachni/browser_spec.rb +170 -26
- data/spec/arachni/check/auditor_spec.rb +22 -3
- data/spec/arachni/check/base_spec.rb +84 -0
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
- data/spec/arachni/element/cookie/dom_spec.rb +0 -9
- data/spec/arachni/element/cookie_spec.rb +85 -0
- data/spec/arachni/element/form/dom_spec.rb +0 -9
- data/spec/arachni/element/form_spec.rb +46 -3
- data/spec/arachni/element/json_spec.rb +20 -0
- data/spec/arachni/element/link/dom_spec.rb +0 -9
- data/spec/arachni/element/link_spec.rb +40 -15
- data/spec/arachni/element/link_template/dom_spec.rb +0 -8
- data/spec/arachni/element/link_template_spec.rb +2 -6
- data/spec/arachni/element/server_spec.rb +94 -8
- data/spec/arachni/element/xml_spec.rb +20 -0
- data/spec/arachni/framework/parts/audit_spec.rb +12 -14
- data/spec/arachni/framework/parts/browser_spec.rb +0 -171
- data/spec/arachni/framework/parts/platform_spec.rb +14 -8
- data/spec/arachni/framework/parts/report_spec.rb +1 -1
- data/spec/arachni/framework/parts/state_spec.rb +0 -9
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
- data/spec/arachni/http/client_spec.rb +169 -42
- data/spec/arachni/http/headers_spec.rb +18 -0
- data/spec/arachni/http/request_spec.rb +23 -0
- data/spec/arachni/issue_spec.rb +17 -6
- data/spec/arachni/page_spec.rb +22 -2
- data/spec/arachni/parser_spec.rb +5 -0
- data/spec/arachni/platform/manager_spec.rb +57 -25
- data/spec/arachni/reporter/manager_spec.rb +26 -0
- data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
- data/spec/arachni/state/framework_spec.rb +2 -8
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
- data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
- data/spec/arachni/support/database/queue_spec.rb +7 -0
- data/spec/arachni/support/mixins/observable_spec.rb +15 -1
- data/spec/arachni/trainer_spec.rb +2 -2
- data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
- data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
- data/spec/components/checks/active/path_traversal_spec.rb +2 -2
- data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
- data/spec/components/checks/active/xss_spec.rb +5 -5
- data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
- data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
- data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
- data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
- data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
- data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
- data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
- data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
- data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
- data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
- data/spec/components/fingerprinters/languages/ruby.rb +6 -4
- data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
- data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
- data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
- data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
- data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
- data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
- data/spec/components/path_extractors/data_url_spec.rb +19 -0
- data/spec/components/plugins/autologin_spec.rb +23 -0
- data/spec/components/plugins/login_script_spec.rb +112 -24
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
- data/spec/components/plugins/vector_feed_spec.rb +39 -1
- data/spec/support/factories/page/dom.rb +9 -4
- data/spec/support/factories/page/dom/transition.rb +31 -9
- data/spec/support/factories/scan_report.rb +8 -6
- data/spec/support/fixtures/empty/placeholder +0 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
- data/spec/support/servers/arachni/browser.rb +117 -11
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
- data/spec/support/servers/arachni/check/auditor.rb +4 -0
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
- data/spec/support/servers/arachni/http/client.rb +5 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
- data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
- data/spec/support/servers/checks/active/path_traversal.rb +2 -2
- data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
- data/spec/support/servers/checks/active/trainer_check.rb +9 -10
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
- data/spec/support/servers/checks/active/xss.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom.rb +1 -1
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
- data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
- data/spec/support/servers/plugins/autologin.rb +9 -0
- data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
- data/spec/support/shared/element/base.rb +42 -0
- data/spec/support/shared/element/capabilities/auditable.rb +4 -4
- data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
- data/spec/support/shared/element/capabilities/submitable.rb +7 -2
- data/spec/support/shared/fingerprinter.rb +8 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/ui/cli/framework.rb +3 -3
- data/ui/cli/framework/option_parser.rb +9 -0
- data/ui/cli/output.rb +9 -0
- data/ui/cli/reporter.rb +5 -2
- data/ui/cli/utilities.rb +4 -2
- metadata +76 -17
- data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
- data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
- data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
@@ -6,9 +6,12 @@ EVENTS = Arachni::Browser::Javascript::EVENTS_PER_ELEMENT[:input]
|
|
6
6
|
|
7
7
|
get '/' do
|
8
8
|
html = '<html><body>'
|
9
|
+
|
9
10
|
EVENTS.each do |event|
|
10
11
|
html << "<a href='/#{event}'>#{event}</a>"
|
11
12
|
end
|
13
|
+
|
14
|
+
html << "<a href='/with_button'>With button</a>"
|
12
15
|
html + '</body></html>'
|
13
16
|
end
|
14
17
|
|
@@ -33,3 +36,24 @@ EVENTS.each do |event|
|
|
33
36
|
EOHTML
|
34
37
|
end
|
35
38
|
end
|
39
|
+
|
40
|
+
get '/with_button' do
|
41
|
+
<<-EOHTML
|
42
|
+
<html>
|
43
|
+
<body>
|
44
|
+
<input id="my-input" type="text">
|
45
|
+
<button id="insert">Insert into DOM</button>
|
46
|
+
|
47
|
+
<div id="container">
|
48
|
+
</div>
|
49
|
+
|
50
|
+
<script>
|
51
|
+
document.getElementById('insert').addEventListener('click', function() {
|
52
|
+
document.getElementById("container").innerHTML =
|
53
|
+
document.getElementById("my-input").value;
|
54
|
+
});
|
55
|
+
</script>
|
56
|
+
</body>
|
57
|
+
</html>
|
58
|
+
EOHTML
|
59
|
+
end
|
@@ -37,6 +37,15 @@ get '/login' do
|
|
37
37
|
HTML
|
38
38
|
end
|
39
39
|
|
40
|
+
get '/hidden_login' do
|
41
|
+
<<-HTML
|
42
|
+
<form style='display: none' method='post' name='login_form' action="/login">
|
43
|
+
<input name='username' value='' />
|
44
|
+
<input name='password' type='password' value='' />
|
45
|
+
</form>
|
46
|
+
HTML
|
47
|
+
end
|
48
|
+
|
40
49
|
post '/login' do
|
41
50
|
if params['username'] == 'john' && params['password'] == 'doe' &&
|
42
51
|
params['token'] == 'secret!' && cookies[:preserve] == 'this'
|
@@ -82,6 +82,48 @@ shared_examples_for 'element' do
|
|
82
82
|
end
|
83
83
|
end
|
84
84
|
|
85
|
+
describe '.too_big?' do
|
86
|
+
context 'when passed an Numeric' do
|
87
|
+
context "equal to #{described_class::MAX_SIZE}" do
|
88
|
+
it 'returns true' do
|
89
|
+
described_class.too_big?( described_class::MAX_SIZE ).should be_true
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
context "larger than #{described_class::MAX_SIZE}" do
|
94
|
+
it 'returns true' do
|
95
|
+
described_class.too_big?( described_class::MAX_SIZE + 1 ).should be_true
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
context "smaller than #{described_class::MAX_SIZE}" do
|
100
|
+
it 'returns false' do
|
101
|
+
described_class.too_big?( described_class::MAX_SIZE - 1 ).should be_false
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
context 'when passed a String' do
|
107
|
+
context "whose size is equal to #{described_class::MAX_SIZE}" do
|
108
|
+
it 'returns true' do
|
109
|
+
described_class.too_big?( 'a' * described_class::MAX_SIZE ).should be_true
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
context "whose size is larger than #{described_class::MAX_SIZE}" do
|
114
|
+
it 'returns true' do
|
115
|
+
described_class.too_big?( 'a' * (described_class::MAX_SIZE + 1) ).should be_true
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
context "whose size is smaller than #{described_class::MAX_SIZE}" do
|
120
|
+
it 'returns false' do
|
121
|
+
described_class.too_big?( 'a' * (described_class::MAX_SIZE - 1) ).should be_false
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
85
127
|
describe '#marshal_dump' do
|
86
128
|
it 'excludes #page' do
|
87
129
|
subject.page = page
|
@@ -460,7 +460,7 @@ shared_examples_for 'auditable' do |options = {}|
|
|
460
460
|
|
461
461
|
submitted = nil
|
462
462
|
|
463
|
-
modified_seed = 'houa
|
463
|
+
modified_seed = 'houa'
|
464
464
|
each_mutation = proc do |mutation|
|
465
465
|
mutation.affected_input_value = modified_seed
|
466
466
|
end
|
@@ -484,10 +484,10 @@ shared_examples_for 'auditable' do |options = {}|
|
|
484
484
|
|
485
485
|
each_mutation = proc do |mutation|
|
486
486
|
m = mutation.dup
|
487
|
-
m.affected_input_value = 'houa
|
487
|
+
m.affected_input_value = 'houa'
|
488
488
|
|
489
489
|
c = mutation.dup
|
490
|
-
c.affected_input_value = 'houa2
|
490
|
+
c.affected_input_value = 'houa2'
|
491
491
|
|
492
492
|
[m, c]
|
493
493
|
end
|
@@ -501,7 +501,7 @@ shared_examples_for 'auditable' do |options = {}|
|
|
501
501
|
|
502
502
|
run
|
503
503
|
cnt.should == 3
|
504
|
-
injected.sort.should == [ seed, 'houa
|
504
|
+
injected.sort.should == [ seed, 'houa', 'houa2'].sort
|
505
505
|
end
|
506
506
|
end
|
507
507
|
end
|
@@ -288,6 +288,32 @@ shared_examples_for 'element_dom' do |options = {}|
|
|
288
288
|
end
|
289
289
|
end
|
290
290
|
|
291
|
+
describe '#encode' do
|
292
|
+
it 'returns the string as is' do
|
293
|
+
v = 'blah'
|
294
|
+
subject.encode( v ).object_id.should == v.object_id
|
295
|
+
end
|
296
|
+
end
|
297
|
+
describe '.encode' do
|
298
|
+
it 'returns the string as is' do
|
299
|
+
v = 'blah'
|
300
|
+
subject.class.encode( v ).object_id.should == v.object_id
|
301
|
+
end
|
302
|
+
end
|
303
|
+
|
304
|
+
describe '#decode' do
|
305
|
+
it 'returns the string as is' do
|
306
|
+
v = 'blah'
|
307
|
+
subject.decode( v ).object_id.should == v.object_id
|
308
|
+
end
|
309
|
+
end
|
310
|
+
describe '.decode' do
|
311
|
+
it 'returns the string as is' do
|
312
|
+
v = 'blah'
|
313
|
+
subject.class.decode( v ).object_id.should == v.object_id
|
314
|
+
end
|
315
|
+
end
|
316
|
+
|
291
317
|
describe '#dup' do
|
292
318
|
it 'preserves the #parent' do
|
293
319
|
subject.dup.parent.should == subject.parent
|
@@ -165,48 +165,53 @@ shared_examples_for 'inputtable' do |options = {}|
|
|
165
165
|
end
|
166
166
|
|
167
167
|
describe '#inputtable_id' do
|
168
|
+
before do
|
169
|
+
described_class.any_instance.stub(:valid_input_name?) { true }
|
170
|
+
described_class.any_instance.stub(:valid_input_value?) { true }
|
171
|
+
end
|
172
|
+
|
168
173
|
it 'takes into account input names' do
|
169
174
|
e = subject.dup
|
170
|
-
e.
|
175
|
+
e.inputs = { 1 => 2 }
|
171
176
|
|
172
177
|
c = subject.dup
|
173
|
-
c.
|
178
|
+
c.inputs = { 1 => 2 }
|
174
179
|
|
175
180
|
e.inputtable_id.should == c.inputtable_id
|
176
181
|
|
177
182
|
e = subject.dup
|
178
|
-
e.
|
183
|
+
e.inputs = { 1 => 2 }
|
179
184
|
|
180
185
|
c = subject.dup
|
181
|
-
c.
|
186
|
+
c.inputs = { 2 => 2 }
|
182
187
|
|
183
188
|
e.inputtable_id.should_not == c.inputtable_id
|
184
189
|
end
|
185
190
|
|
186
191
|
it 'takes into account input values' do
|
187
192
|
e = subject.dup
|
188
|
-
e.
|
193
|
+
e.inputs = { 1 => 2 }
|
189
194
|
|
190
195
|
c = subject.dup
|
191
|
-
c.
|
196
|
+
c.inputs = { 1 => 2 }
|
192
197
|
|
193
198
|
e.inputtable_id.should == c.inputtable_id
|
194
199
|
|
195
200
|
e = subject.dup
|
196
|
-
e.
|
201
|
+
e.inputs = { 1 => 1 }
|
197
202
|
|
198
203
|
c = subject.dup
|
199
|
-
c.
|
204
|
+
c.inputs = { 1 => 2 }
|
200
205
|
|
201
206
|
e.inputtable_id.should_not == c.inputtable_id
|
202
207
|
end
|
203
208
|
|
204
|
-
it 'ignores input order' do
|
209
|
+
it 'ignores input order', if: !options[:single_input] do
|
205
210
|
e = subject.dup
|
206
|
-
e.
|
211
|
+
e.inputs = { 1 => 2, 3 => 4 }
|
207
212
|
|
208
213
|
c = subject.dup
|
209
|
-
c.
|
214
|
+
c.inputs = { 3 => 4, 1 => 2 }
|
210
215
|
|
211
216
|
e.inputtable_id.should == c.inputtable_id
|
212
217
|
end
|
@@ -90,6 +90,11 @@ shared_examples_for 'submittable' do
|
|
90
90
|
end
|
91
91
|
|
92
92
|
describe '#id' do
|
93
|
+
before do
|
94
|
+
described_class.any_instance.stub(:valid_input_name?) { true }
|
95
|
+
described_class.any_instance.stub(:valid_input_value?) { true }
|
96
|
+
end
|
97
|
+
|
93
98
|
let(:action) { "#{url}/action" }
|
94
99
|
|
95
100
|
it 'uniquely identifies the element based on #action' do
|
@@ -124,10 +129,10 @@ shared_examples_for 'submittable' do
|
|
124
129
|
|
125
130
|
it 'uniquely identifies the element based on #inputs' do
|
126
131
|
e = submittable.dup
|
127
|
-
e.
|
132
|
+
e.inputs = { input1: 'stuff' }
|
128
133
|
|
129
134
|
c = submittable.dup
|
130
|
-
c.
|
135
|
+
c.inputs = { input1: 'stuff2' }
|
131
136
|
|
132
137
|
e.id.should_not == c.id
|
133
138
|
end
|
@@ -5,8 +5,16 @@ shared_examples_for 'fingerprinter' do
|
|
5
5
|
Arachni::Platform::Manager.reset
|
6
6
|
end
|
7
7
|
|
8
|
+
def check_platforms( page )
|
9
|
+
platforms.each do |p|
|
10
|
+
platforms_for( page ).should include p
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
8
14
|
def platforms_for( page )
|
9
15
|
Arachni::Platform::Manager.reset
|
16
|
+
page.platforms.should be_empty
|
17
|
+
|
10
18
|
described_class.new( page ).run
|
11
19
|
page.platforms
|
12
20
|
end
|
@@ -33,7 +33,7 @@ shared_examples_for "path_extractor" do
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def results_for( name )
|
36
|
-
paths = extractors[name].new
|
36
|
+
paths = extractors[name].new( document: doc, html: text ).run || []
|
37
37
|
paths.delete( 'http://www.w3.org/TR/REC-html40/loose.dtd' )
|
38
38
|
paths.compact.flatten
|
39
39
|
end
|
data/ui/cli/framework.rb
CHANGED
@@ -33,7 +33,7 @@ class Framework
|
|
33
33
|
|
34
34
|
# Reset the framework's HTTP interface so that options will take effect.
|
35
35
|
@framework.http.reset
|
36
|
-
|
36
|
+
|
37
37
|
@framework.reset_trainer
|
38
38
|
|
39
39
|
@show_command_screen = nil
|
@@ -151,7 +151,7 @@ class Framework
|
|
151
151
|
end
|
152
152
|
|
153
153
|
def print_issues( unmute = false )
|
154
|
-
super( Data.issues.
|
154
|
+
super( Data.issues.all, unmute )
|
155
155
|
end
|
156
156
|
|
157
157
|
# Handles Ctrl+C signals.
|
@@ -333,7 +333,7 @@ class Framework
|
|
333
333
|
end
|
334
334
|
|
335
335
|
def shutdown
|
336
|
-
@timeout_supervisor.kill if @timeout_supervisor
|
336
|
+
@timeout_supervisor.kill if @timeout_supervisor && Thread.current != @timeout_supervisor
|
337
337
|
capture_output_options
|
338
338
|
|
339
339
|
print_status 'Aborting...'
|
@@ -521,6 +521,15 @@ class OptionParser < UI::CLI::OptionParser
|
|
521
521
|
separator ''
|
522
522
|
separator 'Browser cluster'
|
523
523
|
|
524
|
+
on( '--browser-cluster-wait-for-element PATTERN:CSS',
|
525
|
+
'Wait for element matching CSS to appear when visiting a page whose' <<
|
526
|
+
' URL matches the PATTERN.'
|
527
|
+
) do |rule|
|
528
|
+
pattern, css = rule.split( ':', 2 )
|
529
|
+
options.browser_cluster.wait_for_elements[ Regexp.new( pattern ) ] =
|
530
|
+
css
|
531
|
+
end
|
532
|
+
|
524
533
|
on( '--browser-cluster-pool-size SIZE', Integer,
|
525
534
|
'Amount of browser workers to keep in the pool and put to work.',
|
526
535
|
"(Default: #{options.browser_cluster.pool_size})"
|
data/ui/cli/output.rb
CHANGED
@@ -85,6 +85,13 @@ module Output
|
|
85
85
|
end
|
86
86
|
|
87
87
|
@@error_fd
|
88
|
+
|
89
|
+
# Errno::EMFILE (too many open files) or something, nothing we can do
|
90
|
+
# about it except catch it to avoid a crash.
|
91
|
+
rescue SystemCallError => e
|
92
|
+
print_bad "[#{e.class}] #{e}"
|
93
|
+
e.backtrace.each { |line| print_bad line }
|
94
|
+
nil
|
88
95
|
end
|
89
96
|
|
90
97
|
# Prints and logs an error message.
|
@@ -111,6 +118,8 @@ module Output
|
|
111
118
|
#
|
112
119
|
# @param [String] str
|
113
120
|
def log_error( str = '' )
|
121
|
+
return if !error_log_fd
|
122
|
+
|
114
123
|
if !@@error_log_written_env
|
115
124
|
@@error_log_written_env = true
|
116
125
|
|
data/ui/cli/reporter.rb
CHANGED
@@ -16,7 +16,6 @@ module UI::CLI
|
|
16
16
|
# Provides a command line interface to the {Arachni::Report::Manager}.
|
17
17
|
#
|
18
18
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
19
|
-
# @version 0.1
|
20
19
|
class Reporter
|
21
20
|
include UI::Output
|
22
21
|
include Utilities
|
@@ -36,15 +35,19 @@ class Reporter
|
|
36
35
|
reporters = parser.reporters
|
37
36
|
reporters = { 'stdout' => {} } if reporters.empty?
|
38
37
|
|
38
|
+
errors = false
|
39
39
|
begin
|
40
40
|
report = Report.load( parser.report_path )
|
41
41
|
|
42
42
|
reporters.each do |name, options|
|
43
|
-
@reporters.run( name, report, options )
|
43
|
+
@reporters.run( name, report, options, true )
|
44
44
|
end
|
45
45
|
rescue => e
|
46
|
+
errors = true
|
46
47
|
print_exception e
|
47
48
|
end
|
49
|
+
|
50
|
+
exit( errors ? 1 : 0 )
|
48
51
|
end
|
49
52
|
|
50
53
|
end
|
data/ui/cli/utilities.rb
CHANGED
@@ -19,6 +19,8 @@ module Utilities
|
|
19
19
|
include Support::Mixins::Terminal
|
20
20
|
|
21
21
|
def print_issues( issues, unmute = false, &interceptor )
|
22
|
+
issues = issues.sort_by { |i| [i.severity, i.name]}.reverse
|
23
|
+
|
22
24
|
interceptor ||= proc { |s| s }
|
23
25
|
|
24
26
|
print_line( interceptor.call, unmute )
|
@@ -26,12 +28,12 @@ module Utilities
|
|
26
28
|
|
27
29
|
print_line( interceptor.call, unmute )
|
28
30
|
|
29
|
-
issue_cnt = issues.
|
31
|
+
issue_cnt = issues.size
|
30
32
|
issues.each.with_index do |issue, i|
|
31
33
|
meth = input = ''
|
32
34
|
|
33
35
|
if issue.active?
|
34
|
-
input = " input `#{issue.
|
36
|
+
input = " input `#{issue.affected_input_name}`"
|
35
37
|
meth = " using #{issue.vector.method.to_s.upcase}"
|
36
38
|
elsif issue.vector.respond_to?( :inputs )
|
37
39
|
input = " with inputs `#{issue.vector.inputs.keys.join(', ')}`"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arachni
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '1.
|
4
|
+
version: '1.2'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tasos Laskos
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-07-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -165,19 +165,33 @@ dependencies:
|
|
165
165
|
- !ruby/object:Gem::Version
|
166
166
|
version: 1.2.0
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
|
-
name:
|
168
|
+
name: oj
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
170
170
|
requirements:
|
171
171
|
- - "~>"
|
172
172
|
- !ruby/object:Gem::Version
|
173
|
-
version:
|
173
|
+
version: 2.12.9
|
174
174
|
type: :runtime
|
175
175
|
prerelease: false
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
177
177
|
requirements:
|
178
178
|
- - "~>"
|
179
179
|
- !ruby/object:Gem::Version
|
180
|
-
version:
|
180
|
+
version: 2.12.9
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: oj_mimic_json
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - ">="
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '0'
|
188
|
+
type: :runtime
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - ">="
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '0'
|
181
195
|
- !ruby/object:Gem::Dependency
|
182
196
|
name: rb-readline
|
183
197
|
requirement: !ruby/object:Gem::Requirement
|
@@ -263,9 +277,8 @@ dependencies:
|
|
263
277
|
- !ruby/object:Gem::Version
|
264
278
|
version: 2.0.0
|
265
279
|
description: |
|
266
|
-
Arachni is
|
267
|
-
|
268
|
-
of web applications.
|
280
|
+
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards
|
281
|
+
helping penetration testers and administrators evaluate the security of web applications.
|
269
282
|
|
270
283
|
It is smart, it trains itself by monitoring and learning from the web application's
|
271
284
|
behavior during the scan process and is able to perform meta-analysis using a number of
|
@@ -386,6 +399,8 @@ files:
|
|
386
399
|
- components/checks/passive/backup_directories/formats.txt
|
387
400
|
- components/checks/passive/backup_files.rb
|
388
401
|
- components/checks/passive/backup_files/formats.txt
|
402
|
+
- components/checks/passive/common_admin_interfaces.rb
|
403
|
+
- components/checks/passive/common_admin_interfaces/admin-panels.txt
|
389
404
|
- components/checks/passive/common_directories.rb
|
390
405
|
- components/checks/passive/common_directories/directories.txt
|
391
406
|
- components/checks/passive/common_files.rb
|
@@ -418,10 +433,16 @@ files:
|
|
418
433
|
- components/checks/passive/origin_spoof_access_restriction_bypass.rb
|
419
434
|
- components/checks/passive/webdav.rb
|
420
435
|
- components/checks/passive/xst.rb
|
436
|
+
- components/fingerprinters/frameworks/aspx_mvc.rb
|
437
|
+
- components/fingerprinters/frameworks/cakephp.rb
|
438
|
+
- components/fingerprinters/frameworks/cherrypy.rb
|
439
|
+
- components/fingerprinters/frameworks/django.rb
|
440
|
+
- components/fingerprinters/frameworks/jsf.rb
|
421
441
|
- components/fingerprinters/frameworks/rack.rb
|
442
|
+
- components/fingerprinters/frameworks/rails.rb
|
422
443
|
- components/fingerprinters/languages/asp.rb
|
423
444
|
- components/fingerprinters/languages/aspx.rb
|
424
|
-
- components/fingerprinters/languages/
|
445
|
+
- components/fingerprinters/languages/java.rb
|
425
446
|
- components/fingerprinters/languages/php.rb
|
426
447
|
- components/fingerprinters/languages/python.rb
|
427
448
|
- components/fingerprinters/languages/ruby.rb
|
@@ -431,6 +452,7 @@ files:
|
|
431
452
|
- components/fingerprinters/os/unix.rb
|
432
453
|
- components/fingerprinters/os/windows.rb
|
433
454
|
- components/fingerprinters/servers/apache.rb
|
455
|
+
- components/fingerprinters/servers/gunicorn.rb
|
434
456
|
- components/fingerprinters/servers/iis.rb
|
435
457
|
- components/fingerprinters/servers/jetty.rb
|
436
458
|
- components/fingerprinters/servers/nginx.rb
|
@@ -438,6 +460,7 @@ files:
|
|
438
460
|
- components/path_extractors/anchors.rb
|
439
461
|
- components/path_extractors/areas.rb
|
440
462
|
- components/path_extractors/comments.rb
|
463
|
+
- components/path_extractors/data_url.rb
|
441
464
|
- components/path_extractors/forms.rb
|
442
465
|
- components/path_extractors/frames.rb
|
443
466
|
- components/path_extractors/generic.rb
|
@@ -459,6 +482,7 @@ files:
|
|
459
482
|
- components/plugins/headers_collector.rb
|
460
483
|
- components/plugins/http_dicattack.rb
|
461
484
|
- components/plugins/login_script.rb
|
485
|
+
- components/plugins/metrics.rb
|
462
486
|
- components/plugins/proxy.rb
|
463
487
|
- components/plugins/proxy/panel/403_forbidden.html.erb
|
464
488
|
- components/plugins/proxy/panel/404_not_found.html.erb
|
@@ -484,6 +508,7 @@ files:
|
|
484
508
|
- components/plugins/proxy/panel/verify_login_final.html.erb
|
485
509
|
- components/plugins/proxy/panel/verify_login_sequence.html.erb
|
486
510
|
- components/plugins/proxy/template_scope.rb
|
511
|
+
- components/plugins/restrict_to_dom_state.rb
|
487
512
|
- components/plugins/script.rb
|
488
513
|
- components/plugins/uncommon_headers.rb
|
489
514
|
- components/plugins/vector_collector.rb
|
@@ -552,6 +577,7 @@ files:
|
|
552
577
|
- components/reporters/plugin_formatters/html/healthmap.rb
|
553
578
|
- components/reporters/plugin_formatters/html/http_dicattack.rb
|
554
579
|
- components/reporters/plugin_formatters/html/login_script.rb
|
580
|
+
- components/reporters/plugin_formatters/html/metrics.rb
|
555
581
|
- components/reporters/plugin_formatters/html/uncommon_headers.rb
|
556
582
|
- components/reporters/plugin_formatters/html/uniformity.rb
|
557
583
|
- components/reporters/plugin_formatters/html/vector_collector.rb
|
@@ -564,6 +590,7 @@ files:
|
|
564
590
|
- components/reporters/plugin_formatters/stdout/healthmap.rb
|
565
591
|
- components/reporters/plugin_formatters/stdout/http_dicattack.rb
|
566
592
|
- components/reporters/plugin_formatters/stdout/login_script.rb
|
593
|
+
- components/reporters/plugin_formatters/stdout/metrics.rb
|
567
594
|
- components/reporters/plugin_formatters/stdout/uncommon_headers.rb
|
568
595
|
- components/reporters/plugin_formatters/stdout/uniformity.rb
|
569
596
|
- components/reporters/plugin_formatters/stdout/vector_collector.rb
|
@@ -576,6 +603,7 @@ files:
|
|
576
603
|
- components/reporters/plugin_formatters/xml/healthmap.rb
|
577
604
|
- components/reporters/plugin_formatters/xml/http_dicattack.rb
|
578
605
|
- components/reporters/plugin_formatters/xml/login_script.rb
|
606
|
+
- components/reporters/plugin_formatters/xml/metrics.rb
|
579
607
|
- components/reporters/plugin_formatters/xml/uncommon_headers.rb
|
580
608
|
- components/reporters/plugin_formatters/xml/uniformity.rb
|
581
609
|
- components/reporters/plugin_formatters/xml/vector_collector.rb
|
@@ -714,8 +742,8 @@ files:
|
|
714
742
|
- lib/arachni/http/message.rb
|
715
743
|
- lib/arachni/http/message/scope.rb
|
716
744
|
- lib/arachni/http/proxy_server.rb
|
717
|
-
- lib/arachni/http/proxy_server/ssl-interceptor-
|
718
|
-
- lib/arachni/http/proxy_server/ssl-interceptor-
|
745
|
+
- lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem
|
746
|
+
- lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem
|
719
747
|
- lib/arachni/http/request.rb
|
720
748
|
- lib/arachni/http/request/scope.rb
|
721
749
|
- lib/arachni/http/response.rb
|
@@ -818,6 +846,7 @@ files:
|
|
818
846
|
- lib/arachni/support/cache.rb
|
819
847
|
- lib/arachni/support/cache/base.rb
|
820
848
|
- lib/arachni/support/cache/least_cost_replacement.rb
|
849
|
+
- lib/arachni/support/cache/least_recently_pushed.rb
|
821
850
|
- lib/arachni/support/cache/least_recently_used.rb
|
822
851
|
- lib/arachni/support/cache/preference.rb
|
823
852
|
- lib/arachni/support/cache/random_replacement.rb
|
@@ -996,6 +1025,7 @@ files:
|
|
996
1025
|
- spec/arachni/support/buffer/autoflush_spec.rb
|
997
1026
|
- spec/arachni/support/buffer/base_spec.rb
|
998
1027
|
- spec/arachni/support/cache/least_cost_replacement_spec.rb
|
1028
|
+
- spec/arachni/support/cache/least_recently_pushed_spec.rb
|
999
1029
|
- spec/arachni/support/cache/least_recently_used_spec.rb
|
1000
1030
|
- spec/arachni/support/cache/preference_spec.rb
|
1001
1031
|
- spec/arachni/support/cache/random_replacement_spec.rb
|
@@ -1045,6 +1075,7 @@ files:
|
|
1045
1075
|
- spec/components/checks/passive/backdoors_spec.rb
|
1046
1076
|
- spec/components/checks/passive/backup_directories_spec.rb
|
1047
1077
|
- spec/components/checks/passive/backup_files_spec.rb
|
1078
|
+
- spec/components/checks/passive/common_admin_interfaces_spec.rb
|
1048
1079
|
- spec/components/checks/passive/common_directories_spec.rb
|
1049
1080
|
- spec/components/checks/passive/common_files_spec.rb
|
1050
1081
|
- spec/components/checks/passive/directory_listing_spec.rb
|
@@ -1075,10 +1106,16 @@ files:
|
|
1075
1106
|
- spec/components/checks/passive/origin_spoof_access_restriction_bypass_spec.rb
|
1076
1107
|
- spec/components/checks/passive/webdav_spec.rb
|
1077
1108
|
- spec/components/checks/passive/xst_spec.rb
|
1109
|
+
- spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb
|
1110
|
+
- spec/components/fingerprinters/frameworks/cakephp_spec.rb
|
1111
|
+
- spec/components/fingerprinters/frameworks/cherrypy_spec.rb
|
1112
|
+
- spec/components/fingerprinters/frameworks/django_spec.rb
|
1113
|
+
- spec/components/fingerprinters/frameworks/jsf_spec.rb
|
1078
1114
|
- spec/components/fingerprinters/frameworks/rack_spec.rb
|
1115
|
+
- spec/components/fingerprinters/frameworks/rails_spec.rb
|
1079
1116
|
- spec/components/fingerprinters/languages/asp_spec.rb
|
1080
1117
|
- spec/components/fingerprinters/languages/aspx_spec.rb
|
1081
|
-
- spec/components/fingerprinters/languages/
|
1118
|
+
- spec/components/fingerprinters/languages/java_spec.rb
|
1082
1119
|
- spec/components/fingerprinters/languages/php_spec.rb
|
1083
1120
|
- spec/components/fingerprinters/languages/python_spec.rb
|
1084
1121
|
- spec/components/fingerprinters/languages/ruby.rb
|
@@ -1088,6 +1125,7 @@ files:
|
|
1088
1125
|
- spec/components/fingerprinters/os/unix_spec.rb
|
1089
1126
|
- spec/components/fingerprinters/os/windows_spec.rb
|
1090
1127
|
- spec/components/fingerprinters/servers/apache_spec.rb
|
1128
|
+
- spec/components/fingerprinters/servers/gunicorn_spec.rb
|
1091
1129
|
- spec/components/fingerprinters/servers/iis_spec.rb
|
1092
1130
|
- spec/components/fingerprinters/servers/jetty_spec.rb
|
1093
1131
|
- spec/components/fingerprinters/servers/nginx_spec.rb
|
@@ -1095,6 +1133,7 @@ files:
|
|
1095
1133
|
- spec/components/path_extractors/anchors_spec.rb
|
1096
1134
|
- spec/components/path_extractors/areas_spec.rb
|
1097
1135
|
- spec/components/path_extractors/comments_spec.rb
|
1136
|
+
- spec/components/path_extractors/data_url_spec.rb
|
1098
1137
|
- spec/components/path_extractors/forms_spec.rb
|
1099
1138
|
- spec/components/path_extractors/frames_spec.rb
|
1100
1139
|
- spec/components/path_extractors/generic_spec.rb
|
@@ -1114,6 +1153,7 @@ files:
|
|
1114
1153
|
- spec/components/plugins/meta/remedies/discovery_spec.rb
|
1115
1154
|
- spec/components/plugins/meta/remedies/timing_attacks_spec.rb
|
1116
1155
|
- spec/components/plugins/meta/uniformity_spec.rb
|
1156
|
+
- spec/components/plugins/restrict_to_dom_state_spec.rb
|
1117
1157
|
- spec/components/plugins/script_spec.rb
|
1118
1158
|
- spec/components/plugins/uncommon_headers_spec.rb
|
1119
1159
|
- spec/components/plugins/vector_collector_spec.rb
|
@@ -1170,6 +1210,7 @@ files:
|
|
1170
1210
|
- spec/support/fixtures/checks/test2.rb
|
1171
1211
|
- spec/support/fixtures/checks/test3.rb
|
1172
1212
|
- spec/support/fixtures/cookies.txt
|
1213
|
+
- spec/support/fixtures/empty/placeholder
|
1173
1214
|
- spec/support/fixtures/executables/node.rb
|
1174
1215
|
- spec/support/fixtures/fingerprinters/test.rb
|
1175
1216
|
- spec/support/fixtures/option_groups/input.yml
|
@@ -1195,6 +1236,7 @@ files:
|
|
1195
1236
|
- spec/support/fixtures/reporters/base_spec/with_outfile.rb
|
1196
1237
|
- spec/support/fixtures/reporters/base_spec/without_outfile.rb
|
1197
1238
|
- spec/support/fixtures/reporters/manager_spec/afr.rb
|
1239
|
+
- spec/support/fixtures/reporters/manager_spec/error.rb
|
1198
1240
|
- spec/support/fixtures/reporters/manager_spec/foo.rb
|
1199
1241
|
- spec/support/fixtures/rescan.afr.tpl
|
1200
1242
|
- spec/support/fixtures/run_check/body.rb
|
@@ -1330,6 +1372,7 @@ files:
|
|
1330
1372
|
- spec/support/servers/checks/passive/backdoors.rb
|
1331
1373
|
- spec/support/servers/checks/passive/backup_directories.rb
|
1332
1374
|
- spec/support/servers/checks/passive/backup_files.rb
|
1375
|
+
- spec/support/servers/checks/passive/common_admin_interfaces.rb
|
1333
1376
|
- spec/support/servers/checks/passive/common_directories.rb
|
1334
1377
|
- spec/support/servers/checks/passive/common_files.rb
|
1335
1378
|
- spec/support/servers/checks/passive/directory_listing.rb
|
@@ -1373,6 +1416,7 @@ files:
|
|
1373
1416
|
- spec/support/servers/plugins/login_script.rb
|
1374
1417
|
- spec/support/servers/plugins/meta/remedies/discovery.rb
|
1375
1418
|
- spec/support/servers/plugins/meta/remedies/timing_attacks.rb
|
1419
|
+
- spec/support/servers/plugins/restrict_to_dom_state.rb
|
1376
1420
|
- spec/support/servers/plugins/uncommon_headers.rb
|
1377
1421
|
- spec/support/servers/plugins/vector_collector.rb
|
1378
1422
|
- spec/support/servers/plugins/waf_detector.rb
|
@@ -1422,8 +1466,7 @@ files:
|
|
1422
1466
|
- ui/cli/utilities.rb
|
1423
1467
|
homepage: https://www.arachni-scanner.com
|
1424
1468
|
licenses:
|
1425
|
-
-
|
1426
|
-
- Proprietary
|
1469
|
+
- Arachni Public Source License v1.0
|
1427
1470
|
metadata: {}
|
1428
1471
|
post_install_message: |2+
|
1429
1472
|
|
@@ -1436,7 +1479,7 @@ post_install_message: |2+
|
|
1436
1479
|
Support - http://support.arachni-scanner.com
|
1437
1480
|
GitHub page - http://github.com/Arachni/arachni
|
1438
1481
|
Code Documentation - http://rubydoc.info/github/Arachni/arachni
|
1439
|
-
License -
|
1482
|
+
License - Arachni Public Source License v1.0
|
1440
1483
|
(https://github.com/Arachni/arachni/blob/master/LICENSE.md)
|
1441
1484
|
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
|
1442
1485
|
Twitter - http://twitter.com/ArachniScanner
|
@@ -1461,7 +1504,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1461
1504
|
version: '0'
|
1462
1505
|
requirements: []
|
1463
1506
|
rubyforge_project:
|
1464
|
-
rubygems_version: 2.4.
|
1507
|
+
rubygems_version: 2.4.7
|
1465
1508
|
signing_key:
|
1466
1509
|
specification_version: 4
|
1467
1510
|
summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed
|
@@ -1487,11 +1530,13 @@ test_files:
|
|
1487
1530
|
- spec/support/fixtures/services/echo.rb
|
1488
1531
|
- spec/support/fixtures/report.afr
|
1489
1532
|
- spec/support/fixtures/script_plugin.rb
|
1533
|
+
- spec/support/fixtures/empty/placeholder
|
1490
1534
|
- spec/support/fixtures/wait_check/wait.rb
|
1491
1535
|
- spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb
|
1492
1536
|
- spec/support/fixtures/reporters/base_spec/with_formatters.rb
|
1493
1537
|
- spec/support/fixtures/reporters/base_spec/without_outfile.rb
|
1494
1538
|
- spec/support/fixtures/reporters/base_spec/with_outfile.rb
|
1539
|
+
- spec/support/fixtures/reporters/manager_spec/error.rb
|
1495
1540
|
- spec/support/fixtures/reporters/manager_spec/foo.rb
|
1496
1541
|
- spec/support/fixtures/reporters/manager_spec/afr.rb
|
1497
1542
|
- spec/support/fixtures/checks/test3.rb
|
@@ -1537,6 +1582,7 @@ test_files:
|
|
1537
1582
|
- spec/support/servers/plugins/meta/remedies/timing_attacks.rb
|
1538
1583
|
- spec/support/servers/plugins/meta/remedies/discovery.rb
|
1539
1584
|
- spec/support/servers/plugins/http_dicattack_secure.rb
|
1585
|
+
- spec/support/servers/plugins/restrict_to_dom_state.rb
|
1540
1586
|
- spec/support/servers/plugins/autothrottle.rb
|
1541
1587
|
- spec/support/servers/checks/check_server.rb
|
1542
1588
|
- spec/support/servers/checks/active/csrf.rb
|
@@ -1625,6 +1671,7 @@ test_files:
|
|
1625
1671
|
- spec/support/servers/checks/passive/htaccess_limit.rb
|
1626
1672
|
- spec/support/servers/checks/passive/backdoors.rb
|
1627
1673
|
- spec/support/servers/checks/passive/directory_listing.rb
|
1674
|
+
- spec/support/servers/checks/passive/common_admin_interfaces.rb
|
1628
1675
|
- spec/support/servers/checks/passive/xst.rb
|
1629
1676
|
- spec/support/servers/checks/passive/insecure_cross_domain_policy_headers.rb
|
1630
1677
|
- spec/support/servers/arachni/browser/javascript/dom_monitor.rb
|
@@ -1744,6 +1791,7 @@ test_files:
|
|
1744
1791
|
- spec/external/wavsep/active/unvalidated_redirect_spec.rb
|
1745
1792
|
- spec/components/path_extractors/anchors_spec.rb
|
1746
1793
|
- spec/components/path_extractors/meta_refresh_spec.rb
|
1794
|
+
- spec/components/path_extractors/data_url_spec.rb
|
1747
1795
|
- spec/components/path_extractors/frames_spec.rb
|
1748
1796
|
- spec/components/path_extractors/forms_spec.rb
|
1749
1797
|
- spec/components/path_extractors/generic_spec.rb
|
@@ -1753,6 +1801,7 @@ test_files:
|
|
1753
1801
|
- spec/components/path_extractors/links_spec.rb
|
1754
1802
|
- spec/components/plugins/exec_spec.rb
|
1755
1803
|
- spec/components/plugins/autothrottle_spec.rb
|
1804
|
+
- spec/components/plugins/restrict_to_dom_state_spec.rb
|
1756
1805
|
- spec/components/plugins/healthmap_spec.rb
|
1757
1806
|
- spec/components/plugins/vector_feed_spec.rb
|
1758
1807
|
- spec/components/plugins/http_dicattack_spec.rb
|
@@ -1814,6 +1863,7 @@ test_files:
|
|
1814
1863
|
- spec/components/checks/passive/htaccess_limit_spec.rb
|
1815
1864
|
- spec/components/checks/passive/common_files_spec.rb
|
1816
1865
|
- spec/components/checks/passive/allowed_methods_spec.rb
|
1866
|
+
- spec/components/checks/passive/common_admin_interfaces_spec.rb
|
1817
1867
|
- spec/components/checks/passive/xst_spec.rb
|
1818
1868
|
- spec/components/checks/passive/backup_files_spec.rb
|
1819
1869
|
- spec/components/checks/passive/insecure_cross_domain_policy_headers_spec.rb
|
@@ -1850,14 +1900,21 @@ test_files:
|
|
1850
1900
|
- spec/components/fingerprinters/servers/jetty_spec.rb
|
1851
1901
|
- spec/components/fingerprinters/servers/iis_spec.rb
|
1852
1902
|
- spec/components/fingerprinters/servers/tomcat_spec.rb
|
1903
|
+
- spec/components/fingerprinters/servers/gunicorn_spec.rb
|
1853
1904
|
- spec/components/fingerprinters/servers/apache_spec.rb
|
1854
1905
|
- spec/components/fingerprinters/languages/aspx_spec.rb
|
1855
1906
|
- spec/components/fingerprinters/languages/php_spec.rb
|
1856
1907
|
- spec/components/fingerprinters/languages/python_spec.rb
|
1857
1908
|
- spec/components/fingerprinters/languages/ruby.rb
|
1858
|
-
- spec/components/fingerprinters/languages/
|
1909
|
+
- spec/components/fingerprinters/languages/java_spec.rb
|
1859
1910
|
- spec/components/fingerprinters/languages/asp_spec.rb
|
1911
|
+
- spec/components/fingerprinters/frameworks/rails_spec.rb
|
1912
|
+
- spec/components/fingerprinters/frameworks/django_spec.rb
|
1860
1913
|
- spec/components/fingerprinters/frameworks/rack_spec.rb
|
1914
|
+
- spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb
|
1915
|
+
- spec/components/fingerprinters/frameworks/cakephp_spec.rb
|
1916
|
+
- spec/components/fingerprinters/frameworks/jsf_spec.rb
|
1917
|
+
- spec/components/fingerprinters/frameworks/cherrypy_spec.rb
|
1861
1918
|
- spec/spec_helper.rb
|
1862
1919
|
- spec/arachni/session_spec.rb
|
1863
1920
|
- spec/arachni/browser/javascript/dom_monitor_spec.rb
|
@@ -1925,6 +1982,7 @@ test_files:
|
|
1925
1982
|
- spec/arachni/support/cache/least_cost_replacement_spec.rb
|
1926
1983
|
- spec/arachni/support/cache/preference_spec.rb
|
1927
1984
|
- spec/arachni/support/cache/random_replacement_spec.rb
|
1985
|
+
- spec/arachni/support/cache/least_recently_pushed_spec.rb
|
1928
1986
|
- spec/arachni/support/lookup/moolb_spec.rb
|
1929
1987
|
- spec/arachni/support/lookup/hash_set_spec.rb
|
1930
1988
|
- spec/arachni/support/signature_spec.rb
|
@@ -2024,3 +2082,4 @@ test_files:
|
|
2024
2082
|
- spec/arachni/issue/severity/base_spec.rb
|
2025
2083
|
- spec/arachni/issue/severity_spec.rb
|
2026
2084
|
- spec/arachni/data_spec.rb
|
2085
|
+
has_rdoc:
|