arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (287) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +159 -0
  3. data/LICENSE.md +126 -196
  4. data/README.md +32 -24
  5. data/arachni.gemspec +7 -7
  6. data/components/checks/active/code_injection_timing.rb +3 -3
  7. data/components/checks/active/csrf.rb +2 -2
  8. data/components/checks/active/file_inclusion.rb +6 -7
  9. data/components/checks/active/os_cmd_injection.rb +3 -3
  10. data/components/checks/active/path_traversal.rb +7 -7
  11. data/components/checks/active/response_splitting.rb +9 -4
  12. data/components/checks/active/session_fixation.rb +7 -3
  13. data/components/checks/active/source_code_disclosure.rb +5 -5
  14. data/components/checks/active/unvalidated_redirect.rb +12 -3
  15. data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
  16. data/components/checks/active/xss.rb +23 -10
  17. data/components/checks/active/xss_dom_inputs.rb +113 -11
  18. data/components/checks/active/xxe.rb +3 -3
  19. data/components/checks/passive/backdoors.rb +6 -5
  20. data/components/checks/passive/backup_directories.rb +6 -6
  21. data/components/checks/passive/backup_files.rb +6 -6
  22. data/components/checks/passive/common_admin_interfaces.rb +58 -0
  23. data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
  24. data/components/checks/passive/common_directories/directories.txt +0 -16
  25. data/components/checks/passive/common_files.rb +6 -5
  26. data/components/checks/passive/common_files/filenames.txt +0 -2
  27. data/components/checks/passive/directory_listing.rb +6 -6
  28. data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
  29. data/components/checks/passive/grep/hsts.rb +6 -3
  30. data/components/checks/passive/grep/http_only_cookies.rb +3 -3
  31. data/components/checks/passive/grep/insecure_cookies.rb +2 -2
  32. data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
  33. data/components/checks/passive/grep/x_frame_options.rb +6 -4
  34. data/components/checks/passive/htaccess_limit.rb +6 -2
  35. data/components/checks/passive/http_put.rb +8 -4
  36. data/components/checks/passive/interesting_responses.rb +3 -2
  37. data/components/checks/passive/localstart_asp.rb +6 -2
  38. data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
  39. data/components/checks/passive/xst.rb +6 -2
  40. data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
  41. data/components/fingerprinters/frameworks/cakephp.rb +28 -0
  42. data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
  43. data/components/fingerprinters/frameworks/django.rb +33 -0
  44. data/components/fingerprinters/frameworks/jsf.rb +30 -0
  45. data/components/fingerprinters/frameworks/rack.rb +5 -7
  46. data/components/fingerprinters/frameworks/rails.rb +43 -0
  47. data/components/fingerprinters/languages/aspx.rb +11 -11
  48. data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
  49. data/components/fingerprinters/languages/php.rb +6 -6
  50. data/components/fingerprinters/languages/python.rb +14 -6
  51. data/components/fingerprinters/languages/ruby.rb +3 -5
  52. data/components/fingerprinters/servers/apache.rb +5 -4
  53. data/components/fingerprinters/servers/gunicorn.rb +33 -0
  54. data/components/fingerprinters/servers/jetty.rb +1 -1
  55. data/components/fingerprinters/servers/tomcat.rb +11 -4
  56. data/components/path_extractors/anchors.rb +5 -12
  57. data/components/path_extractors/areas.rb +5 -13
  58. data/components/path_extractors/comments.rb +5 -3
  59. data/components/path_extractors/data_url.rb +21 -0
  60. data/components/path_extractors/forms.rb +5 -13
  61. data/components/path_extractors/frames.rb +6 -13
  62. data/components/path_extractors/generic.rb +3 -12
  63. data/components/path_extractors/links.rb +5 -13
  64. data/components/path_extractors/meta_refresh.rb +5 -13
  65. data/components/path_extractors/scripts.rb +8 -14
  66. data/components/plugins/autologin.rb +17 -5
  67. data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
  68. data/components/plugins/login_script.rb +40 -10
  69. data/components/plugins/metrics.rb +235 -0
  70. data/components/plugins/proxy.rb +21 -4
  71. data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
  72. data/components/plugins/restrict_to_dom_state.rb +70 -0
  73. data/components/plugins/vector_feed.rb +38 -9
  74. data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
  75. data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
  76. data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
  77. data/components/reporters/stdout.rb +4 -2
  78. data/components/reporters/xml.rb +4 -4
  79. data/components/reporters/xml/schema.xsd +95 -0
  80. data/lib/arachni.rb +2 -0
  81. data/lib/arachni/browser.rb +132 -77
  82. data/lib/arachni/browser/javascript.rb +173 -45
  83. data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
  84. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
  85. data/lib/arachni/browser_cluster.rb +41 -15
  86. data/lib/arachni/browser_cluster/job.rb +4 -0
  87. data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
  88. data/lib/arachni/browser_cluster/worker.rb +8 -5
  89. data/lib/arachni/check/auditor.rb +20 -8
  90. data/lib/arachni/check/base.rb +38 -6
  91. data/lib/arachni/element/base.rb +18 -1
  92. data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
  93. data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
  94. data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
  95. data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
  96. data/lib/arachni/element/capabilities/inputtable.rb +6 -2
  97. data/lib/arachni/element/capabilities/submittable.rb +1 -1
  98. data/lib/arachni/element/cookie.rb +37 -23
  99. data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
  100. data/lib/arachni/element/cookie/dom.rb +0 -8
  101. data/lib/arachni/element/form.rb +28 -14
  102. data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
  103. data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
  104. data/lib/arachni/element/form/dom.rb +0 -8
  105. data/lib/arachni/element/generic_dom.rb +1 -1
  106. data/lib/arachni/element/json.rb +2 -1
  107. data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
  108. data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
  109. data/lib/arachni/element/link.rb +13 -16
  110. data/lib/arachni/element/link/dom.rb +1 -14
  111. data/lib/arachni/element/link_template.rb +3 -2
  112. data/lib/arachni/element/link_template/dom.rb +0 -16
  113. data/lib/arachni/element/server.rb +51 -9
  114. data/lib/arachni/element/xml.rb +1 -0
  115. data/lib/arachni/ethon/easy.rb +4 -1
  116. data/lib/arachni/framework/parts/audit.rb +26 -77
  117. data/lib/arachni/framework/parts/browser.rb +50 -55
  118. data/lib/arachni/framework/parts/check.rb +4 -3
  119. data/lib/arachni/framework/parts/data.rb +41 -6
  120. data/lib/arachni/framework/parts/state.rb +16 -7
  121. data/lib/arachni/http/client.rb +66 -38
  122. data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
  123. data/lib/arachni/http/headers.rb +22 -10
  124. data/lib/arachni/http/proxy_server.rb +67 -22
  125. data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
  126. data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
  127. data/lib/arachni/http/request.rb +71 -18
  128. data/lib/arachni/issue.rb +17 -3
  129. data/lib/arachni/option_groups/browser_cluster.rb +34 -1
  130. data/lib/arachni/option_groups/http.rb +1 -1
  131. data/lib/arachni/page.rb +26 -13
  132. data/lib/arachni/page/dom/transition.rb +2 -2
  133. data/lib/arachni/parser.rb +28 -11
  134. data/lib/arachni/platform/fingerprinter.rb +5 -0
  135. data/lib/arachni/platform/manager.rb +65 -32
  136. data/lib/arachni/plugin/base.rb +8 -0
  137. data/lib/arachni/processes/instances.rb +25 -11
  138. data/lib/arachni/reporter/manager.rb +2 -2
  139. data/lib/arachni/rpc/client/instance.rb +4 -0
  140. data/lib/arachni/rpc/server/framework/master.rb +3 -3
  141. data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
  142. data/lib/arachni/rpc/server/instance.rb +2 -1
  143. data/lib/arachni/ruby/array.rb +5 -0
  144. data/lib/arachni/ruby/hash.rb +5 -0
  145. data/lib/arachni/ruby/string.rb +2 -3
  146. data/lib/arachni/session.rb +32 -6
  147. data/lib/arachni/state/framework.rb +6 -2
  148. data/lib/arachni/support/cache.rb +1 -0
  149. data/lib/arachni/support/cache/base.rb +12 -8
  150. data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
  151. data/lib/arachni/support/cache/least_recently_used.rb +5 -8
  152. data/lib/arachni/support/cache/preference.rb +1 -1
  153. data/lib/arachni/support/cache/random_replacement.rb +1 -25
  154. data/lib/arachni/support/database/queue.rb +21 -8
  155. data/lib/arachni/support/lookup/base.rb +7 -1
  156. data/lib/arachni/support/mixins/observable.rb +3 -1
  157. data/lib/arachni/support/profiler.rb +51 -10
  158. data/lib/arachni/support/signature.rb +11 -2
  159. data/lib/arachni/trainer.rb +8 -2
  160. data/lib/arachni/uri.rb +28 -25
  161. data/lib/arachni/uri/scope.rb +1 -1
  162. data/lib/arachni/utilities.rb +8 -0
  163. data/lib/arachni/watir/element.rb +1 -1
  164. data/lib/version +1 -1
  165. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
  166. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
  167. data/spec/arachni/browser/javascript_spec.rb +235 -61
  168. data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
  169. data/spec/arachni/browser_cluster_spec.rb +58 -10
  170. data/spec/arachni/browser_spec.rb +170 -26
  171. data/spec/arachni/check/auditor_spec.rb +22 -3
  172. data/spec/arachni/check/base_spec.rb +84 -0
  173. data/spec/arachni/element/body_spec.rb +1 -1
  174. data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
  175. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
  176. data/spec/arachni/element/cookie/dom_spec.rb +0 -9
  177. data/spec/arachni/element/cookie_spec.rb +85 -0
  178. data/spec/arachni/element/form/dom_spec.rb +0 -9
  179. data/spec/arachni/element/form_spec.rb +46 -3
  180. data/spec/arachni/element/json_spec.rb +20 -0
  181. data/spec/arachni/element/link/dom_spec.rb +0 -9
  182. data/spec/arachni/element/link_spec.rb +40 -15
  183. data/spec/arachni/element/link_template/dom_spec.rb +0 -8
  184. data/spec/arachni/element/link_template_spec.rb +2 -6
  185. data/spec/arachni/element/server_spec.rb +94 -8
  186. data/spec/arachni/element/xml_spec.rb +20 -0
  187. data/spec/arachni/framework/parts/audit_spec.rb +12 -14
  188. data/spec/arachni/framework/parts/browser_spec.rb +0 -171
  189. data/spec/arachni/framework/parts/platform_spec.rb +14 -8
  190. data/spec/arachni/framework/parts/report_spec.rb +1 -1
  191. data/spec/arachni/framework/parts/state_spec.rb +0 -9
  192. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
  193. data/spec/arachni/http/client_spec.rb +169 -42
  194. data/spec/arachni/http/headers_spec.rb +18 -0
  195. data/spec/arachni/http/request_spec.rb +23 -0
  196. data/spec/arachni/issue_spec.rb +17 -6
  197. data/spec/arachni/page_spec.rb +22 -2
  198. data/spec/arachni/parser_spec.rb +5 -0
  199. data/spec/arachni/platform/manager_spec.rb +57 -25
  200. data/spec/arachni/reporter/manager_spec.rb +26 -0
  201. data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
  202. data/spec/arachni/state/framework_spec.rb +2 -8
  203. data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
  204. data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
  205. data/spec/arachni/support/database/queue_spec.rb +7 -0
  206. data/spec/arachni/support/mixins/observable_spec.rb +15 -1
  207. data/spec/arachni/trainer_spec.rb +2 -2
  208. data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
  209. data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
  210. data/spec/components/checks/active/path_traversal_spec.rb +2 -2
  211. data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
  212. data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
  213. data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
  214. data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
  215. data/spec/components/checks/active/xss_spec.rb +5 -5
  216. data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
  217. data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
  218. data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
  219. data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
  220. data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
  221. data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
  222. data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
  223. data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
  224. data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
  225. data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
  226. data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
  227. data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
  228. data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
  229. data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
  230. data/spec/components/fingerprinters/languages/ruby.rb +6 -4
  231. data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
  232. data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
  233. data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
  234. data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
  235. data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
  236. data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
  237. data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
  238. data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
  239. data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
  240. data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
  241. data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
  242. data/spec/components/path_extractors/data_url_spec.rb +19 -0
  243. data/spec/components/plugins/autologin_spec.rb +23 -0
  244. data/spec/components/plugins/login_script_spec.rb +112 -24
  245. data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
  246. data/spec/components/plugins/vector_feed_spec.rb +39 -1
  247. data/spec/support/factories/page/dom.rb +9 -4
  248. data/spec/support/factories/page/dom/transition.rb +31 -9
  249. data/spec/support/factories/scan_report.rb +8 -6
  250. data/spec/support/fixtures/empty/placeholder +0 -0
  251. data/spec/support/fixtures/report.afr +0 -0
  252. data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
  253. data/spec/support/servers/arachni/browser.rb +117 -11
  254. data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
  255. data/spec/support/servers/arachni/check/auditor.rb +4 -0
  256. data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
  257. data/spec/support/servers/arachni/http/client.rb +5 -0
  258. data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
  259. data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
  260. data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
  261. data/spec/support/servers/checks/active/path_traversal.rb +2 -2
  262. data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
  263. data/spec/support/servers/checks/active/trainer_check.rb +9 -10
  264. data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
  265. data/spec/support/servers/checks/active/xss.rb +35 -0
  266. data/spec/support/servers/checks/active/xss_dom.rb +1 -1
  267. data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
  268. data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
  269. data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
  270. data/spec/support/servers/plugins/autologin.rb +9 -0
  271. data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
  272. data/spec/support/shared/element/base.rb +42 -0
  273. data/spec/support/shared/element/capabilities/auditable.rb +4 -4
  274. data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
  275. data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
  276. data/spec/support/shared/element/capabilities/submitable.rb +7 -2
  277. data/spec/support/shared/fingerprinter.rb +8 -0
  278. data/spec/support/shared/path_extractor.rb +1 -1
  279. data/ui/cli/framework.rb +3 -3
  280. data/ui/cli/framework/option_parser.rb +9 -0
  281. data/ui/cli/output.rb +9 -0
  282. data/ui/cli/reporter.rb +5 -2
  283. data/ui/cli/utilities.rb +4 -2
  284. metadata +76 -17
  285. data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
  286. data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
  287. data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem DELETED
@@ -1,34 +0,0 @@
1
- -----BEGIN CERTIFICATE-----
2
- MIIF1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJHUjEQ
3
- MA4GA1UEChMHQXJhY2huaTEQMA4GA1UEAxMHQXJhY2huaTAeFw0xMjA3MjgyMzIw
4
- MDVaFw0xMzA3MjgyMzIwMDVaMEExCzAJBgNVBAYTAkdSMRAwDgYDVQQKEwdBcmFj
5
- aG5pMSAwHgYDVQQDExdBcmFjaG5pIFNTTCBJbnRlcmNlcHRvcjCCAiIwDQYJKoZI
6
- hvcNAQEBBQADggIPADCCAgoCggIBAJpVHc7umSzXIj1imxuWzgLh0qS6urFqJvsh
7
- znH74wnFd9NkGZ4bKWW3gbDjt9yaqNl0v6x4yCIoWd0ThswOmainSjrT1c+r/VnW
8
- Bk4z4wygCRwMUQrBq2HRA4MU7tgc07kuxbYMxsGBC24geVOiVdz4KpSYLTz1B/ep
9
- OLi8yfYo2+ukebVT2CsW5HqG4MaAXPIxpL6qApqQEUr4yrQO2mMwfaWnX9XoJQCR
10
- oiHKZWtU/rJf36gBjvtffTkLZaim4x7OU1P/ZCDFBSnPPQMlXndSevlYrSvwqdLY
11
- /WHZg0HP0TBy67SUaEub5cmbFKarwVLrhoztMVMUzVHez1jlEWlm/DUhQ40x7roR
12
- cOhG+2BvO0kavSFSzfqWVLLNeKA993BTVRRIeK+gDhFC7JeIvN9CeMFNjTLa7X2r
13
- oFvy4HkRqA4NavoUK5bSjegvSngfq3eaTXnc+/jF7nRaQwql5Humeo6T3Fd+8Xda
14
- oDNu1YRb45yJLYnNSs5+eDG7QIUQXu2PJaeGDYcds9q7Dunw+yvMagy6eXPtNagl
15
- 9WIkhj9ZN7b61TnEHG8+SYpeGw8SKGJjunXiZoueNOGh5wIUth0bOID2/UIUhOoH
16
- 0ZptlJIuF4w27UqCYD9Y0RnPZ7rNintGHzCPdQpjSVYvMaPnp0MEZEpEwxQGP3Gl
17
- GF2sCtVvAgMBAAGjgeYwgeMwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
18
- KwYJYIZIAYb4QgENBB4WHFRpbnlDQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
19
- VR0OBBYEFFy1CgyDIn3PjQk/bbaW6TvTS/fFMGEGA1UdIwRaMFiAFD1zqztJOqjt
20
- tOthKH7x5saCDy0IoTWkMzAxMQswCQYDVQQGEwJHUjEQMA4GA1UEChMHQXJhY2hu
21
- aTEQMA4GA1UEAxMHQXJhY2huaYIJALNwlBEnwXuDMAkGA1UdEgQCMAAwCQYDVR0R
22
- BAIwADANBgkqhkiG9w0BAQUFAAOCAgEAHUc6Ewdd9ZS4XulHj1n3zE/5KlNaWcBt
23
- PootN8TbhaoHA9pCMAMy6lmyNN7PzvmXddJTEb6gkHwVOgVvKMF938KN4s3YHCXB
24
- lwVNfd4L4jBMQmUgjx6qsG95oD3L2dCjTH21+pRo/Ssl49b3Er33sOlO2R76E1zp
25
- Sm0ix4QD6YKPCTj5Qd8aprwOcRGL2+L08UFAtnbkQqDKraxYuxXiizZFp9J76yE3
26
- n5f2PrnNjoRJfersDg0rSRICOMaDVxK2TLasdKZjfhDv63gmAETLevcEWDrDaZKE
27
- x7rFZ695jAgEyuJFlTj/hX95p8+qmuvflOHNFgAnVMupEico9MhyoS37MKIBCEpm
28
- 4Mt3BG6VXCS7wJ71HhM58afkZJ9P1pCFcW+pUrzx7thGH02SkPVwWxFW8bVrNEfF
29
- oidfbCELR+hl+R4b2XIyW1rp66v3gQ90o5btNX4NQRMjrUxdrpo2DKEizdGiNFNO
30
- lIZcFhOoAEd3kOOZ1r1NIoH7kxDOaejeAJEo98MqnL1PZiotJ1MAS60nEqK8Kt6q
31
- Cw+uzxfvmK1p5rytWhx4S42IkRztXjBEMCveXSVgmUu5QEPzoFRoNFUTOoY8L8m9
32
- 14dwgSQC+AfUnosf/pfnTkUYrLzLOE2gwHLljEBYdpcGG/doF7CVldDfqUJe1OC+
33
- JTp2DYPsxXU=
34
- -----END CERTIFICATE-----
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem DELETED
@@ -1,51 +0,0 @@
1
- -----BEGIN RSA PRIVATE KEY-----
2
- MIIJKQIBAAKCAgEAmlUdzu6ZLNciPWKbG5bOAuHSpLq6sWom+yHOcfvjCcV302QZ
3
- nhspZbeBsOO33Jqo2XS/rHjIIihZ3ROGzA6ZqKdKOtPVz6v9WdYGTjPjDKAJHAxR
4
- CsGrYdEDgxTu2BzTuS7FtgzGwYELbiB5U6JV3PgqlJgtPPUH96k4uLzJ9ijb66R5
5
- tVPYKxbkeobgxoBc8jGkvqoCmpARSvjKtA7aYzB9padf1eglAJGiIcpla1T+sl/f
6
- qAGO+199OQtlqKbjHs5TU/9kIMUFKc89AyVed1J6+VitK/Cp0tj9YdmDQc/RMHLr
7
- tJRoS5vlyZsUpqvBUuuGjO0xUxTNUd7PWOURaWb8NSFDjTHuuhFw6Eb7YG87SRq9
8
- IVLN+pZUss14oD33cFNVFEh4r6AOEULsl4i830J4wU2NMtrtfaugW/LgeRGoDg1q
9
- +hQrltKN6C9KeB+rd5pNedz7+MXudFpDCqXke6Z6jpPcV37xd1qgM27VhFvjnIkt
10
- ic1Kzn54MbtAhRBe7Y8lp4YNhx2z2rsO6fD7K8xqDLp5c+01qCX1YiSGP1k3tvrV
11
- OcQcbz5Jil4bDxIoYmO6deJmi5404aHnAhS2HRs4gPb9QhSE6gfRmm2Uki4XjDbt
12
- SoJgP1jRGc9nus2Ke0YfMI91CmNJVi8xo+enQwRkSkTDFAY/caUYXawK1W8CAwEA
13
- AQKCAgAl2j6HZIn5L4LcX3T/nUtF9bE+afYkUY7iBXanCkqzONWc6W5HEw5iPlH2
14
- 2sNbvisvuqzQVodvqUnxKTrkjagub2mLaC2G0/49rHq7b4p+rDnPwU2XP80THrqn
15
- ydiS9O8Q+mHPtu6Aw2/UQO7BDo3UtqFq9LATxV2A5uZcmSFH2NmnwB2B1eCtIN5F
16
- FxPGW/FwDbEEeppM4oz7QG4nH4V80oXevWCKDHgW3aFQfF3Hp38YrN8kS82P5enG
17
- tf7nEJegFKbncTpTtz7+9C9YuC+lQHuc8Jz4q/xbFJGBEGJbH+eE5IrfLY8vDDud
18
- 6QV1o6a0+cN0iTCR2gZJ0EY23WgZeoGZprYH6bzZlaC6+rZYXPXfEBOasJ84OAuz
19
- qnmaKUJHeXL0iQ4A+vZXwxRgxVsTYTQgomyuE8d/elZM9CNTjbnFpjshPUBgLi3p
20
- MUWvlvrOobPKAX400LrvWr920BVkTsVn+E6gGg+uNP5PAyz4C5Znwq3YnDouAQJr
21
- jJEFQU/v1UW4p6KSewWno+XPGKPYb6fn5k7K0+XAwn6pBnOK7kNWFZqholC+yIye
22
- SPucPUZ2o4Cf1/mn3SkfSu/hPr+5NIEDImRX865759ikpNYWCuY2WBxW3qhtDUwQ
23
- GHSbz/rUUt1EAJ9mt0OAnrC/QXQI7WEzxoqf+OzmKIq/Z7ub0QKCAQEAx53KC2wf
24
- IDUMOcHQJG4pKAfcmYXvMhfpY7Ky3HroMjgwZLYNfu8Sms4iiXaVSE6xTzFcSznb
25
- Sov5+6+u89upS3r5DKBXawVJ0+aZabZm7/af0GkiUVjzGf97m+987oygnwVBlNEl
26
- zlGUXZVx1DmWf1jKAkbr04e/fFI/qDTtVnMGYXS0B9jae9JUhPxxVYOLz5gKhUA1
27
- YFNSaO2jv4GhvcBfogOF6eIjTA1jjQFvvVspsv0KC0y5Jy88ft527QIZmMcD0PHK
28
- RYj73s1dMv+7RUuZ+Swy9o/Zo85EUjmHkj2pas59Eyv9hHTzOIFmCKp2HyLYmye9
29
- MI0lrWWFB+IYQwKCAQEAxezcaYYJUqkoiAwYLPpr8RFHA9U0auXE4/U8RH0WcYqN
30
- wKajuaqUkGzFAbNcBEuDFowy7YljV5gnUS6TqpKoEaVV+4YAVVnxaNEsELyaFB2c
31
- 0jsMs/2jW/y7DMQ5N92RINlvDSUdnJ/h5Qx56Wm1umu+mgzyesjaJVa0AnkKlOvq
32
- qbuPKtPncFkOjD4PxeFLha+VPInoumyY0PKJmNVTAutf/vOKz6WG8tmFvn/yEgb4
33
- wznpdSluuJ90VmzH86wdbxrzbVbjwcIf0DPZ43wLSpSRBY4k2D1m27G/JumFf2w4
34
- vujAg9gMKLlw6XrLMr1P2en9b6kPPLG0xZR1qtUBZQKCAQEAnfxPNZ0cQWRaybeQ
35
- YdTiM/GM8eDkAFSWfjangwKvlVeNTZgctFLI+cad5Qf6fKDzikb50fv3iFeiwUU5
36
- hX1bzwaD6C9bILOty80drGIVtGQP9mXPKGzq8q+WiEMSMMcSNOl3Dy486r78Wtj1
37
- n074ws9mCklRSjiNH/sEsL86/InLCgTQm8lQmmFMTXhyxoh3dhTSdsXruNIZTjyO
38
- tfoGJeUEi3iYWxSEdSO/n5D8e/ST2zqT4X+WpuGm0o6Ft21LDvSsG4nSWhhhp+QH
39
- mF54PA7qzR/jMeuGCDQvNJidqOuuk37b1PmjC1t4SEd5lvA6zsfIgXwBK1T69fJ8
40
- SFH0ewKCAQEAv5YNrR+PurH/h+GdLTyia9E7mpwwhyEuuzJRSkKDDRj/KfKkHT7f
41
- XAXNlV3WvlmR5KuFSKVqwgmIVW7uhXg8tAgE+Nm3TOcpZTrEmtbVlo8rk9yQ6VGl
42
- ZY94SF1QvaD9sHyIoILC7S9ebGbtQ2GOBYvyDhBmTzBI6UfKK3KbKZhLqEzjwqMo
43
- LnomON6CShtRDXDu1pDv9DTWn7uGMaidGABbBeEdBu7FeCHS8pnK6mRRPDi8oSqg
44
- AJpo9JeL3XVHcJr382jeQln0jYcDbM5P57tzvZrgU2jsPdEKpVH6ZWOOck2+vGDP
45
- NER85aR1OQJDXz6+ke1l0Gx7/Z09YUWaeQKCAQAJJaYm+PM0aFvxZKtwKBrG205v
46
- BQICVDcZ8M08FwsZUmfQ0LnCBqBzUfeJ5afPr3/DkrjxLYXFxn9d3bEoQJrXJle4
47
- pZ43O9mhfoJ4KvBkHTK/S26LxekJX8pX7Cb2kj6yDE4UB/q26wm1EGNZINWrGLa5
48
- XSw99IBdYyvl1BBhfLxLLDPeXfDLzFsGtOtO4ub23IDWDHwQCKYo6ayY8gamzn4y
49
- FE0lVaAHaNzDYyw432/QfDrLcjkFqADX7ZwNngwRlJMFMdJ6rvL+6w/bKSMD4YGH
50
- olUyUpIWwKCTbLcPJQ4kCyNK6TsA3cYkwqA+0x2wJDrXquM5pLY8Zom70/2G
51
- -----END RSA PRIVATE KEY-----
data/spec/components/fingerprinters/languages/jsp_spec.rb DELETED
@@ -1,56 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe Arachni::Platform::Fingerprinters::JSP do
4
- include_examples 'fingerprinter'
5
-
6
- context 'when the page has a .jsp extension' do
7
- it 'identifies it as JSP' do
8
- page = Arachni::Page.from_data( url: 'http://stuff.com/blah.jsp' )
9
- platforms_for( page ).should include :jsp
10
- end
11
- end
12
-
13
- context 'when there is a JSESSIONID query parameter' do
14
- it 'identifies it as JSP' do
15
- page = Arachni::Page.from_data(
16
- url: 'http://stuff.com/blah?JSESSIONID=stuff'
17
- )
18
- platforms_for( page ).should include :jsp
19
- end
20
- end
21
-
22
- context 'when there is a JSESSIONID cookie' do
23
- it 'identifies it as JSP' do
24
- page = Arachni::Page.from_data(
25
- url: 'http://stuff.com/blah',
26
- cookies: [Arachni::Cookie.new(
27
- url: 'http://stuff.com/blah',
28
- inputs: { 'JSESSIONID' => 'stuff' } )]
29
-
30
- )
31
- platforms_for( page ).should include :jsp
32
- end
33
- end
34
-
35
- context 'when there is an X-Powered-By header with Servlet' do
36
- it 'identifies it as JSP' do
37
- page = Arachni::Page.from_data(
38
- url: 'http://stuff.com/blah',
39
- response: { headers: { 'X-Powered-By' => 'Servlet/2.4' } }
40
-
41
- )
42
- platforms_for( page ).should include :jsp
43
- end
44
- end
45
-
46
- context 'when there is an X-Powered-By header with JSP' do
47
- it 'identifies it as JSP' do
48
- page = Arachni::Page.from_data(
49
- url: 'http://stuff.com/blah',
50
- response: { headers: { 'X-Powered-By' => 'JSP/2.1' } }
51
-
52
- )
53
- platforms_for( page ).should include :jsp
54
- end
55
- end
56
- end