RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/support/servers/checks/active/xss_dom.rb CHANGED

@@ -119,7 +119,7 @@ get '/cookie/straight' do
                         var c = ca[i].trim();
                         if( c.indexOf( name ) == 0 ) {
-                            return c.substring( name.length, c.length )
+                            return decodeURI( c.substring( name.length, c.length ) )
                         }
                     }

data/spec/support/servers/checks/active/xss_dom_inputs.rb CHANGED

@@ -6,9 +6,12 @@ EVENTS = Arachni::Browser::Javascript::EVENTS_PER_ELEMENT[:input]
 get '/' do
     html = '<html><body>'
     EVENTS.each do |event|
         html << "<a href='/#{event}'>#{event}</a>"
     end
+    html << "<a href='/with_button'>With button</a>"
     html + '</body></html>'
 end
@@ -33,3 +36,24 @@ EVENTS.each do |event|
         EOHTML
     end
 end
+get '/with_button' do
+    <<-EOHTML
+    <html>
+        <body>
+            <input id="my-input" type="text">
+            <button id="insert">Insert into DOM</button>
+            <div id="container">
+            </div>
+            <script>
+               document.getElementById('insert').addEventListener('click', function() {
+                    document.getElementById("container").innerHTML =
+                        document.getElementById("my-input").value;
+               });
+            </script>
+        </body>
+    </html>
+    EOHTML
+end

data/spec/support/servers/checks/active/xss_dom_script_context.rb CHANGED

@@ -121,7 +121,7 @@ get '/cookie/straight' do
                         var c = ca[i].trim();
                         if( c.indexOf( name ) == 0 ) {
-                            return c.substring( name.length, c.length )
+                            return decodeURIComponent(c.substring( name.length, c.length ))
                         }
                     }

data/spec/support/servers/checks/passive/common_admin_interfaces.rb ADDED

@@ -0,0 +1,6 @@
+require 'sinatra'
+require_relative '../check_server'
+current_check.resources.each { |name| get( "/#{name}" ) { name } }
+get( '/' ) {}

data/spec/support/servers/plugins/autologin.rb CHANGED

@@ -37,6 +37,15 @@ get '/login' do
     HTML
 end
+get '/hidden_login' do
+    <<-HTML
+        <form style='display: none' method='post' name='login_form' action="/login">
+            <input name='username' value='' />
+            <input name='password' type='password' value='' />
+        </form>
+    HTML
+end
 post '/login' do
     if params['username'] == 'john' && params['password'] == 'doe' &&
         params['token'] == 'secret!' && cookies[:preserve] == 'this'

data/spec/support/servers/plugins/restrict_to_dom_state.rb ADDED

@@ -0,0 +1,4 @@
+require 'sinatra'
+get '/' do
+end

data/spec/support/shared/element/base.rb CHANGED

@@ -82,6 +82,48 @@ shared_examples_for 'element' do
         end
     end
+    describe '.too_big?' do
+        context 'when passed an Numeric' do
+            context "equal to #{described_class::MAX_SIZE}" do
+                it 'returns true' do
+                    described_class.too_big?( described_class::MAX_SIZE ).should be_true
+                end
+            end
+            context "larger than #{described_class::MAX_SIZE}" do
+                it 'returns true' do
+                    described_class.too_big?( described_class::MAX_SIZE + 1 ).should be_true
+                end
+            end
+            context "smaller than #{described_class::MAX_SIZE}" do
+                it 'returns false' do
+                    described_class.too_big?( described_class::MAX_SIZE - 1 ).should be_false
+                end
+            end
+        end
+        context 'when passed a String' do
+            context "whose size is equal to #{described_class::MAX_SIZE}" do
+                it 'returns true' do
+                    described_class.too_big?( 'a' * described_class::MAX_SIZE ).should be_true
+                end
+            end
+            context "whose size is larger than #{described_class::MAX_SIZE}" do
+                it 'returns true' do
+                    described_class.too_big?( 'a' * (described_class::MAX_SIZE + 1) ).should be_true
+                end
+            end
+            context "whose size is smaller than #{described_class::MAX_SIZE}" do
+                it 'returns false' do
+                    described_class.too_big?( 'a' * (described_class::MAX_SIZE - 1) ).should be_false
+                end
+            end
+        end
+    end
     describe '#marshal_dump' do
         it 'excludes #page' do
             subject.page = page

data/spec/support/shared/element/capabilities/auditable.rb CHANGED

@@ -460,7 +460,7 @@ shared_examples_for 'auditable' do |options = {}|
                     submitted = nil
-                    modified_seed = 'houa!'
+                    modified_seed = 'houa'
                     each_mutation = proc do |mutation|
                         mutation.affected_input_value = modified_seed
                     end
@@ -484,10 +484,10 @@ shared_examples_for 'auditable' do |options = {}|
                         each_mutation = proc do |mutation|
                             m = mutation.dup
-                            m.affected_input_value = 'houa!'
+                            m.affected_input_value = 'houa'
                             c = mutation.dup
-                            c.affected_input_value = 'houa2!'
+                            c.affected_input_value = 'houa2'
                             [m, c]
                         end
@@ -501,7 +501,7 @@ shared_examples_for 'auditable' do |options = {}|
                         run
                         cnt.should == 3
-                        injected.sort.should == [ seed, 'houa!', 'houa2!'].sort
+                        injected.sort.should == [ seed, 'houa', 'houa2'].sort
                     end
                 end
             end

data/spec/support/shared/element/capabilities/auditable/dom.rb CHANGED

@@ -288,6 +288,32 @@ shared_examples_for 'element_dom' do |options = {}|
         end
     end
+    describe '#encode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            subject.encode( v ).object_id.should == v.object_id
+        end
+    end
+    describe '.encode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            subject.class.encode( v ).object_id.should == v.object_id
+        end
+    end
+    describe '#decode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            subject.decode( v ).object_id.should == v.object_id
+        end
+    end
+    describe '.decode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            subject.class.decode( v ).object_id.should == v.object_id
+        end
+    end
     describe '#dup' do
         it 'preserves the #parent' do
             subject.dup.parent.should == subject.parent

data/spec/support/shared/element/capabilities/inputtable.rb CHANGED

@@ -165,48 +165,53 @@ shared_examples_for 'inputtable' do |options = {}|
     end
     describe '#inputtable_id' do
+        before do
+            described_class.any_instance.stub(:valid_input_name?) { true }
+            described_class.any_instance.stub(:valid_input_value?) { true }
+        end
         it 'takes into account input names' do
             e = subject.dup
-            e.stub(:inputs) { { 1 => 2 } }
+            e.inputs = { 1 => 2 }
             c = subject.dup
-            c.stub(:inputs) { { 1 => 2 } }
+            c.inputs = { 1 => 2 }
             e.inputtable_id.should == c.inputtable_id
             e = subject.dup
-            e.stub(:inputs) { { 1 => 2 } }
+            e.inputs = { 1 => 2 }
             c = subject.dup
-            c.stub(:inputs) { { 2 => 2 } }
+            c.inputs = { 2 => 2 }
             e.inputtable_id.should_not == c.inputtable_id
         end
         it 'takes into account input values' do
             e = subject.dup
-            e.stub(:inputs) { { 1 => 2 } }
+            e.inputs = { 1 => 2 }
             c = subject.dup
-            c.stub(:inputs) { { 1 => 2 } }
+            c.inputs = { 1 => 2 }
             e.inputtable_id.should == c.inputtable_id
             e = subject.dup
-            e.stub(:inputs) { { 1 => 1 } }
+            e.inputs = { 1 => 1 }
             c = subject.dup
-            c.stub(:inputs) { { 1 => 2 } }
+            c.inputs = { 1 => 2 }
             e.inputtable_id.should_not == c.inputtable_id
         end
-        it 'ignores input order' do
+        it 'ignores input order', if: !options[:single_input] do
             e = subject.dup
-            e.stub(:inputs) { { 1 => 2, 3 => 4 } }
+            e.inputs = { 1 => 2, 3 => 4 }
             c = subject.dup
-            c.stub(:inputs) { { 3 => 4, 1 => 2 } }
+            c.inputs = { 3 => 4, 1 => 2 }
             e.inputtable_id.should == c.inputtable_id
         end

data/spec/support/shared/element/capabilities/submitable.rb CHANGED

@@ -90,6 +90,11 @@ shared_examples_for 'submittable' do
     end
     describe '#id' do
+        before do
+            described_class.any_instance.stub(:valid_input_name?) { true }
+            described_class.any_instance.stub(:valid_input_value?) { true }
+        end
         let(:action) { "#{url}/action" }
         it 'uniquely identifies the element based on #action' do
@@ -124,10 +129,10 @@ shared_examples_for 'submittable' do
         it 'uniquely identifies the element based on #inputs' do
             e = submittable.dup
-            e.stub(:inputs) { {input1: 'stuff' } }
+            e.inputs = { input1: 'stuff' }
             c = submittable.dup
-            c.stub(:inputs) { {input1: 'stuff2' } }
+            c.inputs = { input1: 'stuff2' }
             e.id.should_not == c.id
         end

data/spec/support/shared/fingerprinter.rb CHANGED

@@ -5,8 +5,16 @@ shared_examples_for 'fingerprinter' do
         Arachni::Platform::Manager.reset
     end
+    def check_platforms( page )
+        platforms.each do |p|
+            platforms_for( page ).should include p
+        end
+    end
     def platforms_for( page )
         Arachni::Platform::Manager.reset
+        page.platforms.should be_empty
         described_class.new( page ).run
         page.platforms
     end

data/spec/support/shared/path_extractor.rb CHANGED

@@ -33,7 +33,7 @@ shared_examples_for "path_extractor" do
     end
     def results_for( name )
-        paths = extractors[name].new.run( doc ) || []
+        paths = extractors[name].new( document: doc, html: text ).run || []
         paths.delete( 'http://www.w3.org/TR/REC-html40/loose.dtd' )
         paths.compact.flatten
     end

data/ui/cli/framework.rb CHANGED

@@ -33,7 +33,7 @@ class Framework
         # Reset the framework's HTTP interface so that options will take effect.
         @framework.http.reset
-        # The Trainer needs to setup its hooks again.
         @framework.reset_trainer
         @show_command_screen = nil
@@ -151,7 +151,7 @@ class Framework
     end
     def print_issues( unmute = false )
-        super( Data.issues.summary, unmute )
+        super( Data.issues.all, unmute )
     end
     # Handles Ctrl+C signals.
@@ -333,7 +333,7 @@ class Framework
     end
     def shutdown
-        @timeout_supervisor.kill if @timeout_supervisor
+        @timeout_supervisor.kill if @timeout_supervisor && Thread.current != @timeout_supervisor
         capture_output_options
         print_status 'Aborting...'

data/ui/cli/framework/option_parser.rb CHANGED

@@ -521,6 +521,15 @@ class OptionParser < UI::CLI::OptionParser
         separator ''
         separator 'Browser cluster'
+        on( '--browser-cluster-wait-for-element PATTERN:CSS',
+            'Wait for element matching CSS to appear when visiting a page whose' <<
+            ' URL matches the PATTERN.'
+        ) do |rule|
+            pattern, css = rule.split( ':', 2 )
+            options.browser_cluster.wait_for_elements[ Regexp.new( pattern ) ] =
+                css
+        end
         on( '--browser-cluster-pool-size SIZE', Integer,
             'Amount of browser workers to keep in the pool and put to work.',
             "(Default: #{options.browser_cluster.pool_size})"

data/ui/cli/output.rb CHANGED

@@ -85,6 +85,13 @@ module Output
         end
         @@error_fd
+    # Errno::EMFILE (too many open files) or something, nothing we can do
+    # about it except catch it to avoid a crash.
+    rescue SystemCallError => e
+        print_bad "[#{e.class}] #{e}"
+        e.backtrace.each { |line| print_bad line }
+        nil
     end
     # Prints and logs an error message.
@@ -111,6 +118,8 @@ module Output
     #
     # @param    [String]    str
     def log_error( str = '' )
+        return if !error_log_fd
         if !@@error_log_written_env
             @@error_log_written_env = true

data/ui/cli/reporter.rb CHANGED

@@ -16,7 +16,6 @@ module UI::CLI
 # Provides a command line interface to the {Arachni::Report::Manager}.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1
 class Reporter
     include UI::Output
     include Utilities
@@ -36,15 +35,19 @@ class Reporter
         reporters = parser.reporters
         reporters = { 'stdout' => {} } if reporters.empty?
+        errors = false
         begin
             report = Report.load( parser.report_path )
             reporters.each do |name, options|
-                @reporters.run( name, report, options )
+                @reporters.run( name, report, options, true )
             end
         rescue => e
+            errors = true
             print_exception e
         end
+        exit( errors ? 1 : 0 )
     end
 end

data/ui/cli/utilities.rb CHANGED

@@ -19,6 +19,8 @@ module Utilities
     include Support::Mixins::Terminal
     def print_issues( issues, unmute = false, &interceptor )
+        issues = issues.sort_by { |i| [i.severity, i.name]}.reverse
         interceptor ||= proc { |s| s }
         print_line( interceptor.call, unmute )
@@ -26,12 +28,12 @@ module Utilities
         print_line( interceptor.call, unmute )
-        issue_cnt = issues.count
+        issue_cnt = issues.size
         issues.each.with_index do |issue, i|
             meth  = input = ''
             if issue.active?
-                input = " input `#{issue.vector.affected_input_name}`"
+                input = " input `#{issue.affected_input_name}`"
                 meth  = " using #{issue.vector.method.to_s.upcase}"
             elsif issue.vector.respond_to?( :inputs )
                 input = " with inputs `#{issue.vector.inputs.keys.join(', ')}`"

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arachni
 version: !ruby/object:Gem::Version
-  version: '1.1'
+  version: '1.2'
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-05-01 00:00:00.000000000 Z
+date: 2015-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -165,19 +165,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.2.0
 - !ruby/object:Gem::Dependency
-  name: json
+  name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: 2.12.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: 2.12.9
+- !ruby/object:Gem::Dependency
+  name: oj_mimic_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rb-readline
   requirement: !ruby/object:Gem::Requirement
@@ -263,9 +277,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.0.0
 description: |
-  Arachni is an Open Source, feature-full, modular, high-performance Ruby framework
-  aimed towards helping penetration testers and administrators evaluate the security
-  of web applications.
+  Arachni is a feature-full, modular, high-performance Ruby framework aimed towards
+  helping penetration testers and administrators evaluate the security of web applications.
   It is smart, it trains itself by monitoring and learning from the web application's
   behavior during the scan process and is able to perform meta-analysis using a number of
@@ -386,6 +399,8 @@ files:
 - components/checks/passive/backup_directories/formats.txt
 - components/checks/passive/backup_files.rb
 - components/checks/passive/backup_files/formats.txt
+- components/checks/passive/common_admin_interfaces.rb
+- components/checks/passive/common_admin_interfaces/admin-panels.txt
 - components/checks/passive/common_directories.rb
 - components/checks/passive/common_directories/directories.txt
 - components/checks/passive/common_files.rb
@@ -418,10 +433,16 @@ files:
 - components/checks/passive/origin_spoof_access_restriction_bypass.rb
 - components/checks/passive/webdav.rb
 - components/checks/passive/xst.rb
+- components/fingerprinters/frameworks/aspx_mvc.rb
+- components/fingerprinters/frameworks/cakephp.rb
+- components/fingerprinters/frameworks/cherrypy.rb
+- components/fingerprinters/frameworks/django.rb
+- components/fingerprinters/frameworks/jsf.rb
 - components/fingerprinters/frameworks/rack.rb
+- components/fingerprinters/frameworks/rails.rb
 - components/fingerprinters/languages/asp.rb
 - components/fingerprinters/languages/aspx.rb
-- components/fingerprinters/languages/jsp.rb
+- components/fingerprinters/languages/java.rb
 - components/fingerprinters/languages/php.rb
 - components/fingerprinters/languages/python.rb
 - components/fingerprinters/languages/ruby.rb
@@ -431,6 +452,7 @@ files:
 - components/fingerprinters/os/unix.rb
 - components/fingerprinters/os/windows.rb
 - components/fingerprinters/servers/apache.rb
+- components/fingerprinters/servers/gunicorn.rb
 - components/fingerprinters/servers/iis.rb
 - components/fingerprinters/servers/jetty.rb
 - components/fingerprinters/servers/nginx.rb
@@ -438,6 +460,7 @@ files:
 - components/path_extractors/anchors.rb
 - components/path_extractors/areas.rb
 - components/path_extractors/comments.rb
+- components/path_extractors/data_url.rb
 - components/path_extractors/forms.rb
 - components/path_extractors/frames.rb
 - components/path_extractors/generic.rb
@@ -459,6 +482,7 @@ files:
 - components/plugins/headers_collector.rb
 - components/plugins/http_dicattack.rb
 - components/plugins/login_script.rb
+- components/plugins/metrics.rb
 - components/plugins/proxy.rb
 - components/plugins/proxy/panel/403_forbidden.html.erb
 - components/plugins/proxy/panel/404_not_found.html.erb
@@ -484,6 +508,7 @@ files:
 - components/plugins/proxy/panel/verify_login_final.html.erb
 - components/plugins/proxy/panel/verify_login_sequence.html.erb
 - components/plugins/proxy/template_scope.rb
+- components/plugins/restrict_to_dom_state.rb
 - components/plugins/script.rb
 - components/plugins/uncommon_headers.rb
 - components/plugins/vector_collector.rb
@@ -552,6 +577,7 @@ files:
 - components/reporters/plugin_formatters/html/healthmap.rb
 - components/reporters/plugin_formatters/html/http_dicattack.rb
 - components/reporters/plugin_formatters/html/login_script.rb
+- components/reporters/plugin_formatters/html/metrics.rb
 - components/reporters/plugin_formatters/html/uncommon_headers.rb
 - components/reporters/plugin_formatters/html/uniformity.rb
 - components/reporters/plugin_formatters/html/vector_collector.rb
@@ -564,6 +590,7 @@ files:
 - components/reporters/plugin_formatters/stdout/healthmap.rb
 - components/reporters/plugin_formatters/stdout/http_dicattack.rb
 - components/reporters/plugin_formatters/stdout/login_script.rb
+- components/reporters/plugin_formatters/stdout/metrics.rb
 - components/reporters/plugin_formatters/stdout/uncommon_headers.rb
 - components/reporters/plugin_formatters/stdout/uniformity.rb
 - components/reporters/plugin_formatters/stdout/vector_collector.rb
@@ -576,6 +603,7 @@ files:
 - components/reporters/plugin_formatters/xml/healthmap.rb
 - components/reporters/plugin_formatters/xml/http_dicattack.rb
 - components/reporters/plugin_formatters/xml/login_script.rb
+- components/reporters/plugin_formatters/xml/metrics.rb
 - components/reporters/plugin_formatters/xml/uncommon_headers.rb
 - components/reporters/plugin_formatters/xml/uniformity.rb
 - components/reporters/plugin_formatters/xml/vector_collector.rb
@@ -714,8 +742,8 @@ files:
 - lib/arachni/http/message.rb
 - lib/arachni/http/message/scope.rb
 - lib/arachni/http/proxy_server.rb
-- lib/arachni/http/proxy_server/ssl-interceptor-cert.pem
-- lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem
+- lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem
+- lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem
 - lib/arachni/http/request.rb
 - lib/arachni/http/request/scope.rb
 - lib/arachni/http/response.rb
@@ -818,6 +846,7 @@ files:
 - lib/arachni/support/cache.rb
 - lib/arachni/support/cache/base.rb
 - lib/arachni/support/cache/least_cost_replacement.rb
+- lib/arachni/support/cache/least_recently_pushed.rb
 - lib/arachni/support/cache/least_recently_used.rb
 - lib/arachni/support/cache/preference.rb
 - lib/arachni/support/cache/random_replacement.rb
@@ -996,6 +1025,7 @@ files:
 - spec/arachni/support/buffer/autoflush_spec.rb
 - spec/arachni/support/buffer/base_spec.rb
 - spec/arachni/support/cache/least_cost_replacement_spec.rb
+- spec/arachni/support/cache/least_recently_pushed_spec.rb
 - spec/arachni/support/cache/least_recently_used_spec.rb
 - spec/arachni/support/cache/preference_spec.rb
 - spec/arachni/support/cache/random_replacement_spec.rb
@@ -1045,6 +1075,7 @@ files:
 - spec/components/checks/passive/backdoors_spec.rb
 - spec/components/checks/passive/backup_directories_spec.rb
 - spec/components/checks/passive/backup_files_spec.rb
+- spec/components/checks/passive/common_admin_interfaces_spec.rb
 - spec/components/checks/passive/common_directories_spec.rb
 - spec/components/checks/passive/common_files_spec.rb
 - spec/components/checks/passive/directory_listing_spec.rb
@@ -1075,10 +1106,16 @@ files:
 - spec/components/checks/passive/origin_spoof_access_restriction_bypass_spec.rb
 - spec/components/checks/passive/webdav_spec.rb
 - spec/components/checks/passive/xst_spec.rb
+- spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb
+- spec/components/fingerprinters/frameworks/cakephp_spec.rb
+- spec/components/fingerprinters/frameworks/cherrypy_spec.rb
+- spec/components/fingerprinters/frameworks/django_spec.rb
+- spec/components/fingerprinters/frameworks/jsf_spec.rb
 - spec/components/fingerprinters/frameworks/rack_spec.rb
+- spec/components/fingerprinters/frameworks/rails_spec.rb
 - spec/components/fingerprinters/languages/asp_spec.rb
 - spec/components/fingerprinters/languages/aspx_spec.rb
-- spec/components/fingerprinters/languages/jsp_spec.rb
+- spec/components/fingerprinters/languages/java_spec.rb
 - spec/components/fingerprinters/languages/php_spec.rb
 - spec/components/fingerprinters/languages/python_spec.rb
 - spec/components/fingerprinters/languages/ruby.rb
@@ -1088,6 +1125,7 @@ files:
 - spec/components/fingerprinters/os/unix_spec.rb
 - spec/components/fingerprinters/os/windows_spec.rb
 - spec/components/fingerprinters/servers/apache_spec.rb
+- spec/components/fingerprinters/servers/gunicorn_spec.rb
 - spec/components/fingerprinters/servers/iis_spec.rb
 - spec/components/fingerprinters/servers/jetty_spec.rb
 - spec/components/fingerprinters/servers/nginx_spec.rb
@@ -1095,6 +1133,7 @@ files:
 - spec/components/path_extractors/anchors_spec.rb
 - spec/components/path_extractors/areas_spec.rb
 - spec/components/path_extractors/comments_spec.rb
+- spec/components/path_extractors/data_url_spec.rb
 - spec/components/path_extractors/forms_spec.rb
 - spec/components/path_extractors/frames_spec.rb
 - spec/components/path_extractors/generic_spec.rb
@@ -1114,6 +1153,7 @@ files:
 - spec/components/plugins/meta/remedies/discovery_spec.rb
 - spec/components/plugins/meta/remedies/timing_attacks_spec.rb
 - spec/components/plugins/meta/uniformity_spec.rb
+- spec/components/plugins/restrict_to_dom_state_spec.rb
 - spec/components/plugins/script_spec.rb
 - spec/components/plugins/uncommon_headers_spec.rb
 - spec/components/plugins/vector_collector_spec.rb
@@ -1170,6 +1210,7 @@ files:
 - spec/support/fixtures/checks/test2.rb
 - spec/support/fixtures/checks/test3.rb
 - spec/support/fixtures/cookies.txt
+- spec/support/fixtures/empty/placeholder
 - spec/support/fixtures/executables/node.rb
 - spec/support/fixtures/fingerprinters/test.rb
 - spec/support/fixtures/option_groups/input.yml
@@ -1195,6 +1236,7 @@ files:
 - spec/support/fixtures/reporters/base_spec/with_outfile.rb
 - spec/support/fixtures/reporters/base_spec/without_outfile.rb
 - spec/support/fixtures/reporters/manager_spec/afr.rb
+- spec/support/fixtures/reporters/manager_spec/error.rb
 - spec/support/fixtures/reporters/manager_spec/foo.rb
 - spec/support/fixtures/rescan.afr.tpl
 - spec/support/fixtures/run_check/body.rb
@@ -1330,6 +1372,7 @@ files:
 - spec/support/servers/checks/passive/backdoors.rb
 - spec/support/servers/checks/passive/backup_directories.rb
 - spec/support/servers/checks/passive/backup_files.rb
+- spec/support/servers/checks/passive/common_admin_interfaces.rb
 - spec/support/servers/checks/passive/common_directories.rb
 - spec/support/servers/checks/passive/common_files.rb
 - spec/support/servers/checks/passive/directory_listing.rb
@@ -1373,6 +1416,7 @@ files:
 - spec/support/servers/plugins/login_script.rb
 - spec/support/servers/plugins/meta/remedies/discovery.rb
 - spec/support/servers/plugins/meta/remedies/timing_attacks.rb
+- spec/support/servers/plugins/restrict_to_dom_state.rb
 - spec/support/servers/plugins/uncommon_headers.rb
 - spec/support/servers/plugins/vector_collector.rb
 - spec/support/servers/plugins/waf_detector.rb
@@ -1422,8 +1466,7 @@ files:
 - ui/cli/utilities.rb
 homepage: https://www.arachni-scanner.com
 licenses:
-- Apache-2.0
-- Proprietary
+- Arachni Public Source License v1.0
 metadata: {}
 post_install_message: |2+
@@ -1436,7 +1479,7 @@ post_install_message: |2+
   Support            - http://support.arachni-scanner.com
   GitHub page        - http://github.com/Arachni/arachni
   Code Documentation - http://rubydoc.info/github/Arachni/arachni
-  License            - Apache License v2.0/Proprietary
+  License            - Arachni Public Source License v1.0
                           (https://github.com/Arachni/arachni/blob/master/LICENSE.md)
   Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
   Twitter            - http://twitter.com/ArachniScanner
@@ -1461,7 +1504,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.6
+rubygems_version: 2.4.7
 signing_key:
 specification_version: 4
 summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed
@@ -1487,11 +1530,13 @@ test_files:
 - spec/support/fixtures/services/echo.rb
 - spec/support/fixtures/report.afr
 - spec/support/fixtures/script_plugin.rb
+- spec/support/fixtures/empty/placeholder
 - spec/support/fixtures/wait_check/wait.rb
 - spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb
 - spec/support/fixtures/reporters/base_spec/with_formatters.rb
 - spec/support/fixtures/reporters/base_spec/without_outfile.rb
 - spec/support/fixtures/reporters/base_spec/with_outfile.rb
+- spec/support/fixtures/reporters/manager_spec/error.rb
 - spec/support/fixtures/reporters/manager_spec/foo.rb
 - spec/support/fixtures/reporters/manager_spec/afr.rb
 - spec/support/fixtures/checks/test3.rb
@@ -1537,6 +1582,7 @@ test_files:
 - spec/support/servers/plugins/meta/remedies/timing_attacks.rb
 - spec/support/servers/plugins/meta/remedies/discovery.rb
 - spec/support/servers/plugins/http_dicattack_secure.rb
+- spec/support/servers/plugins/restrict_to_dom_state.rb
 - spec/support/servers/plugins/autothrottle.rb
 - spec/support/servers/checks/check_server.rb
 - spec/support/servers/checks/active/csrf.rb
@@ -1625,6 +1671,7 @@ test_files:
 - spec/support/servers/checks/passive/htaccess_limit.rb
 - spec/support/servers/checks/passive/backdoors.rb
 - spec/support/servers/checks/passive/directory_listing.rb
+- spec/support/servers/checks/passive/common_admin_interfaces.rb
 - spec/support/servers/checks/passive/xst.rb
 - spec/support/servers/checks/passive/insecure_cross_domain_policy_headers.rb
 - spec/support/servers/arachni/browser/javascript/dom_monitor.rb
@@ -1744,6 +1791,7 @@ test_files:
 - spec/external/wavsep/active/unvalidated_redirect_spec.rb
 - spec/components/path_extractors/anchors_spec.rb
 - spec/components/path_extractors/meta_refresh_spec.rb
+- spec/components/path_extractors/data_url_spec.rb
 - spec/components/path_extractors/frames_spec.rb
 - spec/components/path_extractors/forms_spec.rb
 - spec/components/path_extractors/generic_spec.rb
@@ -1753,6 +1801,7 @@ test_files:
 - spec/components/path_extractors/links_spec.rb
 - spec/components/plugins/exec_spec.rb
 - spec/components/plugins/autothrottle_spec.rb
+- spec/components/plugins/restrict_to_dom_state_spec.rb
 - spec/components/plugins/healthmap_spec.rb
 - spec/components/plugins/vector_feed_spec.rb
 - spec/components/plugins/http_dicattack_spec.rb
@@ -1814,6 +1863,7 @@ test_files:
 - spec/components/checks/passive/htaccess_limit_spec.rb
 - spec/components/checks/passive/common_files_spec.rb
 - spec/components/checks/passive/allowed_methods_spec.rb
+- spec/components/checks/passive/common_admin_interfaces_spec.rb
 - spec/components/checks/passive/xst_spec.rb
 - spec/components/checks/passive/backup_files_spec.rb
 - spec/components/checks/passive/insecure_cross_domain_policy_headers_spec.rb
@@ -1850,14 +1900,21 @@ test_files:
 - spec/components/fingerprinters/servers/jetty_spec.rb
 - spec/components/fingerprinters/servers/iis_spec.rb
 - spec/components/fingerprinters/servers/tomcat_spec.rb
+- spec/components/fingerprinters/servers/gunicorn_spec.rb
 - spec/components/fingerprinters/servers/apache_spec.rb
 - spec/components/fingerprinters/languages/aspx_spec.rb
 - spec/components/fingerprinters/languages/php_spec.rb
 - spec/components/fingerprinters/languages/python_spec.rb
 - spec/components/fingerprinters/languages/ruby.rb
-- spec/components/fingerprinters/languages/jsp_spec.rb
+- spec/components/fingerprinters/languages/java_spec.rb
 - spec/components/fingerprinters/languages/asp_spec.rb
+- spec/components/fingerprinters/frameworks/rails_spec.rb
+- spec/components/fingerprinters/frameworks/django_spec.rb
 - spec/components/fingerprinters/frameworks/rack_spec.rb
+- spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb
+- spec/components/fingerprinters/frameworks/cakephp_spec.rb
+- spec/components/fingerprinters/frameworks/jsf_spec.rb
+- spec/components/fingerprinters/frameworks/cherrypy_spec.rb
 - spec/spec_helper.rb
 - spec/arachni/session_spec.rb
 - spec/arachni/browser/javascript/dom_monitor_spec.rb
@@ -1925,6 +1982,7 @@ test_files:
 - spec/arachni/support/cache/least_cost_replacement_spec.rb
 - spec/arachni/support/cache/preference_spec.rb
 - spec/arachni/support/cache/random_replacement_spec.rb
+- spec/arachni/support/cache/least_recently_pushed_spec.rb
 - spec/arachni/support/lookup/moolb_spec.rb
 - spec/arachni/support/lookup/hash_set_spec.rb
 - spec/arachni/support/signature_spec.rb
@@ -2024,3 +2082,4 @@ test_files:
 - spec/arachni/issue/severity/base_spec.rb
 - spec/arachni/issue/severity_spec.rb
 - spec/arachni/data_spec.rb
+has_rdoc: