arachni 1.1 → 1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (287) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +159 -0
  3. data/LICENSE.md +126 -196
  4. data/README.md +32 -24
  5. data/arachni.gemspec +7 -7
  6. data/components/checks/active/code_injection_timing.rb +3 -3
  7. data/components/checks/active/csrf.rb +2 -2
  8. data/components/checks/active/file_inclusion.rb +6 -7
  9. data/components/checks/active/os_cmd_injection.rb +3 -3
  10. data/components/checks/active/path_traversal.rb +7 -7
  11. data/components/checks/active/response_splitting.rb +9 -4
  12. data/components/checks/active/session_fixation.rb +7 -3
  13. data/components/checks/active/source_code_disclosure.rb +5 -5
  14. data/components/checks/active/unvalidated_redirect.rb +12 -3
  15. data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
  16. data/components/checks/active/xss.rb +23 -10
  17. data/components/checks/active/xss_dom_inputs.rb +113 -11
  18. data/components/checks/active/xxe.rb +3 -3
  19. data/components/checks/passive/backdoors.rb +6 -5
  20. data/components/checks/passive/backup_directories.rb +6 -6
  21. data/components/checks/passive/backup_files.rb +6 -6
  22. data/components/checks/passive/common_admin_interfaces.rb +58 -0
  23. data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
  24. data/components/checks/passive/common_directories/directories.txt +0 -16
  25. data/components/checks/passive/common_files.rb +6 -5
  26. data/components/checks/passive/common_files/filenames.txt +0 -2
  27. data/components/checks/passive/directory_listing.rb +6 -6
  28. data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
  29. data/components/checks/passive/grep/hsts.rb +6 -3
  30. data/components/checks/passive/grep/http_only_cookies.rb +3 -3
  31. data/components/checks/passive/grep/insecure_cookies.rb +2 -2
  32. data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
  33. data/components/checks/passive/grep/x_frame_options.rb +6 -4
  34. data/components/checks/passive/htaccess_limit.rb +6 -2
  35. data/components/checks/passive/http_put.rb +8 -4
  36. data/components/checks/passive/interesting_responses.rb +3 -2
  37. data/components/checks/passive/localstart_asp.rb +6 -2
  38. data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
  39. data/components/checks/passive/xst.rb +6 -2
  40. data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
  41. data/components/fingerprinters/frameworks/cakephp.rb +28 -0
  42. data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
  43. data/components/fingerprinters/frameworks/django.rb +33 -0
  44. data/components/fingerprinters/frameworks/jsf.rb +30 -0
  45. data/components/fingerprinters/frameworks/rack.rb +5 -7
  46. data/components/fingerprinters/frameworks/rails.rb +43 -0
  47. data/components/fingerprinters/languages/aspx.rb +11 -11
  48. data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
  49. data/components/fingerprinters/languages/php.rb +6 -6
  50. data/components/fingerprinters/languages/python.rb +14 -6
  51. data/components/fingerprinters/languages/ruby.rb +3 -5
  52. data/components/fingerprinters/servers/apache.rb +5 -4
  53. data/components/fingerprinters/servers/gunicorn.rb +33 -0
  54. data/components/fingerprinters/servers/jetty.rb +1 -1
  55. data/components/fingerprinters/servers/tomcat.rb +11 -4
  56. data/components/path_extractors/anchors.rb +5 -12
  57. data/components/path_extractors/areas.rb +5 -13
  58. data/components/path_extractors/comments.rb +5 -3
  59. data/components/path_extractors/data_url.rb +21 -0
  60. data/components/path_extractors/forms.rb +5 -13
  61. data/components/path_extractors/frames.rb +6 -13
  62. data/components/path_extractors/generic.rb +3 -12
  63. data/components/path_extractors/links.rb +5 -13
  64. data/components/path_extractors/meta_refresh.rb +5 -13
  65. data/components/path_extractors/scripts.rb +8 -14
  66. data/components/plugins/autologin.rb +17 -5
  67. data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
  68. data/components/plugins/login_script.rb +40 -10
  69. data/components/plugins/metrics.rb +235 -0
  70. data/components/plugins/proxy.rb +21 -4
  71. data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
  72. data/components/plugins/restrict_to_dom_state.rb +70 -0
  73. data/components/plugins/vector_feed.rb +38 -9
  74. data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
  75. data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
  76. data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
  77. data/components/reporters/stdout.rb +4 -2
  78. data/components/reporters/xml.rb +4 -4
  79. data/components/reporters/xml/schema.xsd +95 -0
  80. data/lib/arachni.rb +2 -0
  81. data/lib/arachni/browser.rb +132 -77
  82. data/lib/arachni/browser/javascript.rb +173 -45
  83. data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
  84. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
  85. data/lib/arachni/browser_cluster.rb +41 -15
  86. data/lib/arachni/browser_cluster/job.rb +4 -0
  87. data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
  88. data/lib/arachni/browser_cluster/worker.rb +8 -5
  89. data/lib/arachni/check/auditor.rb +20 -8
  90. data/lib/arachni/check/base.rb +38 -6
  91. data/lib/arachni/element/base.rb +18 -1
  92. data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
  93. data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
  94. data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
  95. data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
  96. data/lib/arachni/element/capabilities/inputtable.rb +6 -2
  97. data/lib/arachni/element/capabilities/submittable.rb +1 -1
  98. data/lib/arachni/element/cookie.rb +37 -23
  99. data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
  100. data/lib/arachni/element/cookie/dom.rb +0 -8
  101. data/lib/arachni/element/form.rb +28 -14
  102. data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
  103. data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
  104. data/lib/arachni/element/form/dom.rb +0 -8
  105. data/lib/arachni/element/generic_dom.rb +1 -1
  106. data/lib/arachni/element/json.rb +2 -1
  107. data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
  108. data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
  109. data/lib/arachni/element/link.rb +13 -16
  110. data/lib/arachni/element/link/dom.rb +1 -14
  111. data/lib/arachni/element/link_template.rb +3 -2
  112. data/lib/arachni/element/link_template/dom.rb +0 -16
  113. data/lib/arachni/element/server.rb +51 -9
  114. data/lib/arachni/element/xml.rb +1 -0
  115. data/lib/arachni/ethon/easy.rb +4 -1
  116. data/lib/arachni/framework/parts/audit.rb +26 -77
  117. data/lib/arachni/framework/parts/browser.rb +50 -55
  118. data/lib/arachni/framework/parts/check.rb +4 -3
  119. data/lib/arachni/framework/parts/data.rb +41 -6
  120. data/lib/arachni/framework/parts/state.rb +16 -7
  121. data/lib/arachni/http/client.rb +66 -38
  122. data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
  123. data/lib/arachni/http/headers.rb +22 -10
  124. data/lib/arachni/http/proxy_server.rb +67 -22
  125. data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
  126. data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
  127. data/lib/arachni/http/request.rb +71 -18
  128. data/lib/arachni/issue.rb +17 -3
  129. data/lib/arachni/option_groups/browser_cluster.rb +34 -1
  130. data/lib/arachni/option_groups/http.rb +1 -1
  131. data/lib/arachni/page.rb +26 -13
  132. data/lib/arachni/page/dom/transition.rb +2 -2
  133. data/lib/arachni/parser.rb +28 -11
  134. data/lib/arachni/platform/fingerprinter.rb +5 -0
  135. data/lib/arachni/platform/manager.rb +65 -32
  136. data/lib/arachni/plugin/base.rb +8 -0
  137. data/lib/arachni/processes/instances.rb +25 -11
  138. data/lib/arachni/reporter/manager.rb +2 -2
  139. data/lib/arachni/rpc/client/instance.rb +4 -0
  140. data/lib/arachni/rpc/server/framework/master.rb +3 -3
  141. data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
  142. data/lib/arachni/rpc/server/instance.rb +2 -1
  143. data/lib/arachni/ruby/array.rb +5 -0
  144. data/lib/arachni/ruby/hash.rb +5 -0
  145. data/lib/arachni/ruby/string.rb +2 -3
  146. data/lib/arachni/session.rb +32 -6
  147. data/lib/arachni/state/framework.rb +6 -2
  148. data/lib/arachni/support/cache.rb +1 -0
  149. data/lib/arachni/support/cache/base.rb +12 -8
  150. data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
  151. data/lib/arachni/support/cache/least_recently_used.rb +5 -8
  152. data/lib/arachni/support/cache/preference.rb +1 -1
  153. data/lib/arachni/support/cache/random_replacement.rb +1 -25
  154. data/lib/arachni/support/database/queue.rb +21 -8
  155. data/lib/arachni/support/lookup/base.rb +7 -1
  156. data/lib/arachni/support/mixins/observable.rb +3 -1
  157. data/lib/arachni/support/profiler.rb +51 -10
  158. data/lib/arachni/support/signature.rb +11 -2
  159. data/lib/arachni/trainer.rb +8 -2
  160. data/lib/arachni/uri.rb +28 -25
  161. data/lib/arachni/uri/scope.rb +1 -1
  162. data/lib/arachni/utilities.rb +8 -0
  163. data/lib/arachni/watir/element.rb +1 -1
  164. data/lib/version +1 -1
  165. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
  166. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
  167. data/spec/arachni/browser/javascript_spec.rb +235 -61
  168. data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
  169. data/spec/arachni/browser_cluster_spec.rb +58 -10
  170. data/spec/arachni/browser_spec.rb +170 -26
  171. data/spec/arachni/check/auditor_spec.rb +22 -3
  172. data/spec/arachni/check/base_spec.rb +84 -0
  173. data/spec/arachni/element/body_spec.rb +1 -1
  174. data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
  175. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
  176. data/spec/arachni/element/cookie/dom_spec.rb +0 -9
  177. data/spec/arachni/element/cookie_spec.rb +85 -0
  178. data/spec/arachni/element/form/dom_spec.rb +0 -9
  179. data/spec/arachni/element/form_spec.rb +46 -3
  180. data/spec/arachni/element/json_spec.rb +20 -0
  181. data/spec/arachni/element/link/dom_spec.rb +0 -9
  182. data/spec/arachni/element/link_spec.rb +40 -15
  183. data/spec/arachni/element/link_template/dom_spec.rb +0 -8
  184. data/spec/arachni/element/link_template_spec.rb +2 -6
  185. data/spec/arachni/element/server_spec.rb +94 -8
  186. data/spec/arachni/element/xml_spec.rb +20 -0
  187. data/spec/arachni/framework/parts/audit_spec.rb +12 -14
  188. data/spec/arachni/framework/parts/browser_spec.rb +0 -171
  189. data/spec/arachni/framework/parts/platform_spec.rb +14 -8
  190. data/spec/arachni/framework/parts/report_spec.rb +1 -1
  191. data/spec/arachni/framework/parts/state_spec.rb +0 -9
  192. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
  193. data/spec/arachni/http/client_spec.rb +169 -42
  194. data/spec/arachni/http/headers_spec.rb +18 -0
  195. data/spec/arachni/http/request_spec.rb +23 -0
  196. data/spec/arachni/issue_spec.rb +17 -6
  197. data/spec/arachni/page_spec.rb +22 -2
  198. data/spec/arachni/parser_spec.rb +5 -0
  199. data/spec/arachni/platform/manager_spec.rb +57 -25
  200. data/spec/arachni/reporter/manager_spec.rb +26 -0
  201. data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
  202. data/spec/arachni/state/framework_spec.rb +2 -8
  203. data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
  204. data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
  205. data/spec/arachni/support/database/queue_spec.rb +7 -0
  206. data/spec/arachni/support/mixins/observable_spec.rb +15 -1
  207. data/spec/arachni/trainer_spec.rb +2 -2
  208. data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
  209. data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
  210. data/spec/components/checks/active/path_traversal_spec.rb +2 -2
  211. data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
  212. data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
  213. data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
  214. data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
  215. data/spec/components/checks/active/xss_spec.rb +5 -5
  216. data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
  217. data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
  218. data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
  219. data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
  220. data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
  221. data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
  222. data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
  223. data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
  224. data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
  225. data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
  226. data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
  227. data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
  228. data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
  229. data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
  230. data/spec/components/fingerprinters/languages/ruby.rb +6 -4
  231. data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
  232. data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
  233. data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
  234. data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
  235. data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
  236. data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
  237. data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
  238. data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
  239. data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
  240. data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
  241. data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
  242. data/spec/components/path_extractors/data_url_spec.rb +19 -0
  243. data/spec/components/plugins/autologin_spec.rb +23 -0
  244. data/spec/components/plugins/login_script_spec.rb +112 -24
  245. data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
  246. data/spec/components/plugins/vector_feed_spec.rb +39 -1
  247. data/spec/support/factories/page/dom.rb +9 -4
  248. data/spec/support/factories/page/dom/transition.rb +31 -9
  249. data/spec/support/factories/scan_report.rb +8 -6
  250. data/spec/support/fixtures/empty/placeholder +0 -0
  251. data/spec/support/fixtures/report.afr +0 -0
  252. data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
  253. data/spec/support/servers/arachni/browser.rb +117 -11
  254. data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
  255. data/spec/support/servers/arachni/check/auditor.rb +4 -0
  256. data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
  257. data/spec/support/servers/arachni/http/client.rb +5 -0
  258. data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
  259. data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
  260. data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
  261. data/spec/support/servers/checks/active/path_traversal.rb +2 -2
  262. data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
  263. data/spec/support/servers/checks/active/trainer_check.rb +9 -10
  264. data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
  265. data/spec/support/servers/checks/active/xss.rb +35 -0
  266. data/spec/support/servers/checks/active/xss_dom.rb +1 -1
  267. data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
  268. data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
  269. data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
  270. data/spec/support/servers/plugins/autologin.rb +9 -0
  271. data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
  272. data/spec/support/shared/element/base.rb +42 -0
  273. data/spec/support/shared/element/capabilities/auditable.rb +4 -4
  274. data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
  275. data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
  276. data/spec/support/shared/element/capabilities/submitable.rb +7 -2
  277. data/spec/support/shared/fingerprinter.rb +8 -0
  278. data/spec/support/shared/path_extractor.rb +1 -1
  279. data/ui/cli/framework.rb +3 -3
  280. data/ui/cli/framework/option_parser.rb +9 -0
  281. data/ui/cli/output.rb +9 -0
  282. data/ui/cli/reporter.rb +5 -2
  283. data/ui/cli/utilities.rb +4 -2
  284. metadata +76 -17
  285. data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
  286. data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
  287. data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem DELETED
@@ -1,34 +0,0 @@
1
- -----BEGIN CERTIFICATE-----
2
- MIIF1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJHUjEQ
3
- MA4GA1UEChMHQXJhY2huaTEQMA4GA1UEAxMHQXJhY2huaTAeFw0xMjA3MjgyMzIw
4
- MDVaFw0xMzA3MjgyMzIwMDVaMEExCzAJBgNVBAYTAkdSMRAwDgYDVQQKEwdBcmFj
5
- aG5pMSAwHgYDVQQDExdBcmFjaG5pIFNTTCBJbnRlcmNlcHRvcjCCAiIwDQYJKoZI
6
- hvcNAQEBBQADggIPADCCAgoCggIBAJpVHc7umSzXIj1imxuWzgLh0qS6urFqJvsh
7
- znH74wnFd9NkGZ4bKWW3gbDjt9yaqNl0v6x4yCIoWd0ThswOmainSjrT1c+r/VnW
8
- Bk4z4wygCRwMUQrBq2HRA4MU7tgc07kuxbYMxsGBC24geVOiVdz4KpSYLTz1B/ep
9
- OLi8yfYo2+ukebVT2CsW5HqG4MaAXPIxpL6qApqQEUr4yrQO2mMwfaWnX9XoJQCR
10
- oiHKZWtU/rJf36gBjvtffTkLZaim4x7OU1P/ZCDFBSnPPQMlXndSevlYrSvwqdLY
11
- /WHZg0HP0TBy67SUaEub5cmbFKarwVLrhoztMVMUzVHez1jlEWlm/DUhQ40x7roR
12
- cOhG+2BvO0kavSFSzfqWVLLNeKA993BTVRRIeK+gDhFC7JeIvN9CeMFNjTLa7X2r
13
- oFvy4HkRqA4NavoUK5bSjegvSngfq3eaTXnc+/jF7nRaQwql5Humeo6T3Fd+8Xda
14
- oDNu1YRb45yJLYnNSs5+eDG7QIUQXu2PJaeGDYcds9q7Dunw+yvMagy6eXPtNagl
15
- 9WIkhj9ZN7b61TnEHG8+SYpeGw8SKGJjunXiZoueNOGh5wIUth0bOID2/UIUhOoH
16
- 0ZptlJIuF4w27UqCYD9Y0RnPZ7rNintGHzCPdQpjSVYvMaPnp0MEZEpEwxQGP3Gl
17
- GF2sCtVvAgMBAAGjgeYwgeMwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
18
- KwYJYIZIAYb4QgENBB4WHFRpbnlDQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
19
- VR0OBBYEFFy1CgyDIn3PjQk/bbaW6TvTS/fFMGEGA1UdIwRaMFiAFD1zqztJOqjt
20
- tOthKH7x5saCDy0IoTWkMzAxMQswCQYDVQQGEwJHUjEQMA4GA1UEChMHQXJhY2hu
21
- aTEQMA4GA1UEAxMHQXJhY2huaYIJALNwlBEnwXuDMAkGA1UdEgQCMAAwCQYDVR0R
22
- BAIwADANBgkqhkiG9w0BAQUFAAOCAgEAHUc6Ewdd9ZS4XulHj1n3zE/5KlNaWcBt
23
- PootN8TbhaoHA9pCMAMy6lmyNN7PzvmXddJTEb6gkHwVOgVvKMF938KN4s3YHCXB
24
- lwVNfd4L4jBMQmUgjx6qsG95oD3L2dCjTH21+pRo/Ssl49b3Er33sOlO2R76E1zp
25
- Sm0ix4QD6YKPCTj5Qd8aprwOcRGL2+L08UFAtnbkQqDKraxYuxXiizZFp9J76yE3
26
- n5f2PrnNjoRJfersDg0rSRICOMaDVxK2TLasdKZjfhDv63gmAETLevcEWDrDaZKE
27
- x7rFZ695jAgEyuJFlTj/hX95p8+qmuvflOHNFgAnVMupEico9MhyoS37MKIBCEpm
28
- 4Mt3BG6VXCS7wJ71HhM58afkZJ9P1pCFcW+pUrzx7thGH02SkPVwWxFW8bVrNEfF
29
- oidfbCELR+hl+R4b2XIyW1rp66v3gQ90o5btNX4NQRMjrUxdrpo2DKEizdGiNFNO
30
- lIZcFhOoAEd3kOOZ1r1NIoH7kxDOaejeAJEo98MqnL1PZiotJ1MAS60nEqK8Kt6q
31
- Cw+uzxfvmK1p5rytWhx4S42IkRztXjBEMCveXSVgmUu5QEPzoFRoNFUTOoY8L8m9
32
- 14dwgSQC+AfUnosf/pfnTkUYrLzLOE2gwHLljEBYdpcGG/doF7CVldDfqUJe1OC+
33
- JTp2DYPsxXU=
34
- -----END CERTIFICATE-----
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem DELETED
@@ -1,51 +0,0 @@
1
- -----BEGIN RSA PRIVATE KEY-----
2
- MIIJKQIBAAKCAgEAmlUdzu6ZLNciPWKbG5bOAuHSpLq6sWom+yHOcfvjCcV302QZ
3
- nhspZbeBsOO33Jqo2XS/rHjIIihZ3ROGzA6ZqKdKOtPVz6v9WdYGTjPjDKAJHAxR
4
- CsGrYdEDgxTu2BzTuS7FtgzGwYELbiB5U6JV3PgqlJgtPPUH96k4uLzJ9ijb66R5
5
- tVPYKxbkeobgxoBc8jGkvqoCmpARSvjKtA7aYzB9padf1eglAJGiIcpla1T+sl/f
6
- qAGO+199OQtlqKbjHs5TU/9kIMUFKc89AyVed1J6+VitK/Cp0tj9YdmDQc/RMHLr
7
- tJRoS5vlyZsUpqvBUuuGjO0xUxTNUd7PWOURaWb8NSFDjTHuuhFw6Eb7YG87SRq9
8
- IVLN+pZUss14oD33cFNVFEh4r6AOEULsl4i830J4wU2NMtrtfaugW/LgeRGoDg1q
9
- +hQrltKN6C9KeB+rd5pNedz7+MXudFpDCqXke6Z6jpPcV37xd1qgM27VhFvjnIkt
10
- ic1Kzn54MbtAhRBe7Y8lp4YNhx2z2rsO6fD7K8xqDLp5c+01qCX1YiSGP1k3tvrV
11
- OcQcbz5Jil4bDxIoYmO6deJmi5404aHnAhS2HRs4gPb9QhSE6gfRmm2Uki4XjDbt
12
- SoJgP1jRGc9nus2Ke0YfMI91CmNJVi8xo+enQwRkSkTDFAY/caUYXawK1W8CAwEA
13
- AQKCAgAl2j6HZIn5L4LcX3T/nUtF9bE+afYkUY7iBXanCkqzONWc6W5HEw5iPlH2
14
- 2sNbvisvuqzQVodvqUnxKTrkjagub2mLaC2G0/49rHq7b4p+rDnPwU2XP80THrqn
15
- ydiS9O8Q+mHPtu6Aw2/UQO7BDo3UtqFq9LATxV2A5uZcmSFH2NmnwB2B1eCtIN5F
16
- FxPGW/FwDbEEeppM4oz7QG4nH4V80oXevWCKDHgW3aFQfF3Hp38YrN8kS82P5enG
17
- tf7nEJegFKbncTpTtz7+9C9YuC+lQHuc8Jz4q/xbFJGBEGJbH+eE5IrfLY8vDDud
18
- 6QV1o6a0+cN0iTCR2gZJ0EY23WgZeoGZprYH6bzZlaC6+rZYXPXfEBOasJ84OAuz
19
- qnmaKUJHeXL0iQ4A+vZXwxRgxVsTYTQgomyuE8d/elZM9CNTjbnFpjshPUBgLi3p
20
- MUWvlvrOobPKAX400LrvWr920BVkTsVn+E6gGg+uNP5PAyz4C5Znwq3YnDouAQJr
21
- jJEFQU/v1UW4p6KSewWno+XPGKPYb6fn5k7K0+XAwn6pBnOK7kNWFZqholC+yIye
22
- SPucPUZ2o4Cf1/mn3SkfSu/hPr+5NIEDImRX865759ikpNYWCuY2WBxW3qhtDUwQ
23
- GHSbz/rUUt1EAJ9mt0OAnrC/QXQI7WEzxoqf+OzmKIq/Z7ub0QKCAQEAx53KC2wf
24
- IDUMOcHQJG4pKAfcmYXvMhfpY7Ky3HroMjgwZLYNfu8Sms4iiXaVSE6xTzFcSznb
25
- Sov5+6+u89upS3r5DKBXawVJ0+aZabZm7/af0GkiUVjzGf97m+987oygnwVBlNEl
26
- zlGUXZVx1DmWf1jKAkbr04e/fFI/qDTtVnMGYXS0B9jae9JUhPxxVYOLz5gKhUA1
27
- YFNSaO2jv4GhvcBfogOF6eIjTA1jjQFvvVspsv0KC0y5Jy88ft527QIZmMcD0PHK
28
- RYj73s1dMv+7RUuZ+Swy9o/Zo85EUjmHkj2pas59Eyv9hHTzOIFmCKp2HyLYmye9
29
- MI0lrWWFB+IYQwKCAQEAxezcaYYJUqkoiAwYLPpr8RFHA9U0auXE4/U8RH0WcYqN
30
- wKajuaqUkGzFAbNcBEuDFowy7YljV5gnUS6TqpKoEaVV+4YAVVnxaNEsELyaFB2c
31
- 0jsMs/2jW/y7DMQ5N92RINlvDSUdnJ/h5Qx56Wm1umu+mgzyesjaJVa0AnkKlOvq
32
- qbuPKtPncFkOjD4PxeFLha+VPInoumyY0PKJmNVTAutf/vOKz6WG8tmFvn/yEgb4
33
- wznpdSluuJ90VmzH86wdbxrzbVbjwcIf0DPZ43wLSpSRBY4k2D1m27G/JumFf2w4
34
- vujAg9gMKLlw6XrLMr1P2en9b6kPPLG0xZR1qtUBZQKCAQEAnfxPNZ0cQWRaybeQ
35
- YdTiM/GM8eDkAFSWfjangwKvlVeNTZgctFLI+cad5Qf6fKDzikb50fv3iFeiwUU5
36
- hX1bzwaD6C9bILOty80drGIVtGQP9mXPKGzq8q+WiEMSMMcSNOl3Dy486r78Wtj1
37
- n074ws9mCklRSjiNH/sEsL86/InLCgTQm8lQmmFMTXhyxoh3dhTSdsXruNIZTjyO
38
- tfoGJeUEi3iYWxSEdSO/n5D8e/ST2zqT4X+WpuGm0o6Ft21LDvSsG4nSWhhhp+QH
39
- mF54PA7qzR/jMeuGCDQvNJidqOuuk37b1PmjC1t4SEd5lvA6zsfIgXwBK1T69fJ8
40
- SFH0ewKCAQEAv5YNrR+PurH/h+GdLTyia9E7mpwwhyEuuzJRSkKDDRj/KfKkHT7f
41
- XAXNlV3WvlmR5KuFSKVqwgmIVW7uhXg8tAgE+Nm3TOcpZTrEmtbVlo8rk9yQ6VGl
42
- ZY94SF1QvaD9sHyIoILC7S9ebGbtQ2GOBYvyDhBmTzBI6UfKK3KbKZhLqEzjwqMo
43
- LnomON6CShtRDXDu1pDv9DTWn7uGMaidGABbBeEdBu7FeCHS8pnK6mRRPDi8oSqg
44
- AJpo9JeL3XVHcJr382jeQln0jYcDbM5P57tzvZrgU2jsPdEKpVH6ZWOOck2+vGDP
45
- NER85aR1OQJDXz6+ke1l0Gx7/Z09YUWaeQKCAQAJJaYm+PM0aFvxZKtwKBrG205v
46
- BQICVDcZ8M08FwsZUmfQ0LnCBqBzUfeJ5afPr3/DkrjxLYXFxn9d3bEoQJrXJle4
47
- pZ43O9mhfoJ4KvBkHTK/S26LxekJX8pX7Cb2kj6yDE4UB/q26wm1EGNZINWrGLa5
48
- XSw99IBdYyvl1BBhfLxLLDPeXfDLzFsGtOtO4ub23IDWDHwQCKYo6ayY8gamzn4y
49
- FE0lVaAHaNzDYyw432/QfDrLcjkFqADX7ZwNngwRlJMFMdJ6rvL+6w/bKSMD4YGH
50
- olUyUpIWwKCTbLcPJQ4kCyNK6TsA3cYkwqA+0x2wJDrXquM5pLY8Zom70/2G
51
- -----END RSA PRIVATE KEY-----
data/spec/components/fingerprinters/languages/jsp_spec.rb DELETED
@@ -1,56 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe Arachni::Platform::Fingerprinters::JSP do
4
- include_examples 'fingerprinter'
5
-
6
- context 'when the page has a .jsp extension' do
7
- it 'identifies it as JSP' do
8
- page = Arachni::Page.from_data( url: 'http://stuff.com/blah.jsp' )
9
- platforms_for( page ).should include :jsp
10
- end
11
- end
12
-
13
- context 'when there is a JSESSIONID query parameter' do
14
- it 'identifies it as JSP' do
15
- page = Arachni::Page.from_data(
16
- url: 'http://stuff.com/blah?JSESSIONID=stuff'
17
- )
18
- platforms_for( page ).should include :jsp
19
- end
20
- end
21
-
22
- context 'when there is a JSESSIONID cookie' do
23
- it 'identifies it as JSP' do
24
- page = Arachni::Page.from_data(
25
- url: 'http://stuff.com/blah',
26
- cookies: [Arachni::Cookie.new(
27
- url: 'http://stuff.com/blah',
28
- inputs: { 'JSESSIONID' => 'stuff' } )]
29
-
30
- )
31
- platforms_for( page ).should include :jsp
32
- end
33
- end
34
-
35
- context 'when there is an X-Powered-By header with Servlet' do
36
- it 'identifies it as JSP' do
37
- page = Arachni::Page.from_data(
38
- url: 'http://stuff.com/blah',
39
- response: { headers: { 'X-Powered-By' => 'Servlet/2.4' } }
40
-
41
- )
42
- platforms_for( page ).should include :jsp
43
- end
44
- end
45
-
46
- context 'when there is an X-Powered-By header with JSP' do
47
- it 'identifies it as JSP' do
48
- page = Arachni::Page.from_data(
49
- url: 'http://stuff.com/blah',
50
- response: { headers: { 'X-Powered-By' => 'JSP/2.1' } }
51
-
52
- )
53
- platforms_for( page ).should include :jsp
54
- end
55
- end
56
- end