arachni 1.1 → 1.2

data/components/checks/passive/common_admin_interfaces/admin-panels.txt

@@ -0,0 +1,49 @@
+.admin
+.adm
+adm
+admin
+admin-login
+admin.asp
+admin.aspx
+admin.cfm
+admin.cgi
+admin.do
+admin.htm
+admin.html
+admin.jsp
+admin.php
+admin.php3
+admin2
+admin_
+admin_login
+admin_logon
+administracion
+administrador
+administrateur
+administration
+administrator
+administrator
+administrator-login
+adminlogon
+authadmin
+console
+fpadmin
+iisadmin
+manage
+manager
+operador
+operator
+ops
+phpmyadmin
+portal
+siteadmin
+staff
+user
+users
+usuario
+usuarios
+vpn
+webadmin
+wp-admin/install.php
+wp-admin/setup-config.php
+~admin

data/components/checks/passive/common_directories/directories.txt

@@ -4,7 +4,6 @@ cgi-bin
 cgi-sys
 mailman
 iishelp
-iisadmin
 uploader
 uploads
 tsweb
@@ -28,14 +27,9 @@ feedback
 global
 globals
 guestbook
-admin_
-admin_login
-admin_logon
-adminlogon
 client
 clients
 cmd
-INSTALL_admin
 incomming
 upload
 backend
@@ -57,9 +51,6 @@ pics
 _logs
 _errors
 _tests
-.adm
-.admin
-~admin
 secret
 owa
 db2
@@ -121,7 +112,6 @@ bug
 bugs
 buy
 auth
-authadmin
 import
 apps
 application
@@ -184,11 +174,8 @@ install
 installer
 shop
 private
-fpadmin
-administrator
 intranet
 inventory
-webadmin
 employees
 accounting
 tree
@@ -212,7 +199,6 @@ jrun
 job
 zipfiles
 pw
-admin
 new
 adm
 oracle
@@ -241,7 +227,6 @@ stats
 sitestats
 www
 errors
-siteadmin
 backups
 testing
 internal
@@ -258,7 +243,6 @@ network
 xamp
 xampp
 lamp
-phpmyadmin
 AD
 AE
 AF

data/components/checks/passive/common_files.rb

@@ -25,11 +25,12 @@ class Arachni::Checks::CommonFiles < Arachni::Check::Base
 
     def self.info
         {
-            name:        'Common files',
-            description: %q{Tries to find common sensitive files on the server.},
-            elements:    [ Element::Server ],
-            author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
-            version:     '0.2.3',
+            name:             'Common files',
+            description:      %q{Tries to find common sensitive files on the server.},
+            elements:         [ Element::Server ],
+            author:           'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
+            version:          '0.2.4',
+            exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
 
             issue:       {
                 name:            %q{Common sensitive file},

data/components/checks/passive/common_files/filenames.txt

@@ -14,8 +14,6 @@ _mmDBScripts/MMHTTPDB.php
 _mmDBScripts/MMHTTPDB.asp
 config/database.yml
 install.php
-wp-admin/install.php
-wp-admin/setup-config.php
 config.php
 php.ini
 error_log

data/components/checks/passive/directory_listing.rb

@@ -76,11 +76,12 @@ class Arachni::Checks::DirectoryListing < Arachni::Check::Base
 
     def self.info
         {
-            name:        'Directory listing',
-            description: %q{Tries to force directory listings.},
-            elements:    [ Element::Server ],
-            author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.5',
+            name:             'Directory listing',
+            description:      %q{Tries to force directory listings.},
+            elements:         [ Element::Server ],
+            author:           'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
+            version:          '0.1.6',
+            exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
 
             issue:       {
                 name:        %q{Directory listing},
@@ -98,7 +99,6 @@ application is structured.
 Arachni discovered that the affected page permits directory listing.
 },
                 references: {
-                    'CWE'  => 'http://cwe.mitre.org/data/definitions/548.html',
                     'WASC' => 'http://projects.webappsec.org/w/page/13246922/Directory%20Indexing'
                 },
                 tags:        %w(path directory listing index),

data/components/checks/passive/grep/cookie_set_for_parent_domain.rb

@@ -7,7 +7,7 @@
 =end
 
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1.1
+# @version 0.1.2
 class Arachni::Checks::CookieSetForParentDomain < Arachni::Check::Base
 
     def run
@@ -16,7 +16,7 @@ class Arachni::Checks::CookieSetForParentDomain < Arachni::Check::Base
         page.parser.cookies.each do |cookie|
             next if !cookie.domain.start_with?( '.' ) || audited?( cookie.name )
 
-            log( vector: cookie )
+            log( vector: cookie, proof: cookie.domain )
             audited( cookie.name )
         end
     end
@@ -27,7 +27,7 @@ class Arachni::Checks::CookieSetForParentDomain < Arachni::Check::Base
             description: %q{Logs cookies that are accessible by all subdomains.},
             elements:    [ Element::Cookie ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.1',
+            version:     '0.1.2',
 
             issue:       {
                 name:        %q{Cookie set for parent domain},

data/components/checks/passive/grep/hsts.rb

@@ -7,7 +7,7 @@
 =end
 
 # @author  Tasos Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1
+# @version 0.1.1
 class Arachni::Checks::Hsts < Arachni::Check::Base
 
     def run
@@ -17,7 +17,10 @@ class Arachni::Checks::Hsts < Arachni::Check::Base
 
         audited( page.parsed_url.host )
 
-        log( vector: Element::Server.new( page.url ) )
+        log(
+            vector: Element::Server.new( page.url ),
+            proof:  page.response.headers_string
+        )
     end
 
     def self.info
@@ -25,7 +28,7 @@ class Arachni::Checks::Hsts < Arachni::Check::Base
             name:        'HTTP Strict Transport Security',
             description: %q{Checks HTTPS pages for missing `Strict-Transport-Security` headers.},
             author:      'Tasos Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1',
+            version:     '0.1.1',
             elements:    [ Element::Server ],
 
             issue:       {

data/components/checks/passive/grep/http_only_cookies.rb

@@ -9,14 +9,14 @@
 # Logs cookies that are accessible via JavaScript.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1.2
+# @version 0.1.3
 class Arachni::Checks::HttpOnlyCookies < Arachni::Check::Base
 
     def run
         page.cookies.each do |cookie|
             next if cookie.http_only? || audited?( cookie.name )
 
-            log( vector: cookie )
+            log( vector: cookie, proof: cookie.source )
             audited( cookie.name )
         end
     end
@@ -27,7 +27,7 @@ class Arachni::Checks::HttpOnlyCookies < Arachni::Check::Base
             description: %q{Logs cookies that are accessible via JavaScript.},
             elements:    [ Element::Cookie ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.2',
+            version:     '0.1.3',
 
             issue:       {
                 name:            %q{HttpOnly cookie},

data/components/checks/passive/grep/insecure_cookies.rb

@@ -15,7 +15,7 @@ class Arachni::Checks::InsecureCookies < Arachni::Check::Base
         page.cookies.each do |cookie|
             next if cookie.secure? || audited?( cookie.name )
 
-            log( vector: cookie )
+            log( vector: cookie, proof: cookie.source )
             audited( cookie.name )
         end
     end
@@ -29,7 +29,7 @@ Logs cookies that are served over an encrypted channel but without having the
 },
             elements:    [ Element::Cookie ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.2',
+            version:     '0.1.3',
 
             issue:       {
                 name:            %q{Insecure cookie},

data/components/checks/passive/grep/insecure_cors_policy.rb

@@ -7,16 +7,18 @@
 =end
 
 # @author  Tasos Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1
+# @version 0.1.1
 class Arachni::Checks::InsecureCORSPolicy < Arachni::Check::Base
 
     def run
         return if audited?( page.parsed_url.host ) ||
             page.response.headers['Access-Control-Allow-Origin'] != '*'
-
         audited( page.parsed_url.host )
 
-        log( vector: Element::Server.new( page.url ) )
+        log(
+            vector: Element::Server.new( page.url ),
+            proof:  page.response.headers_string[/Access-Control-Allow-Origin.*$/i]
+        )
     end
 
     def self.info
@@ -24,7 +26,7 @@ class Arachni::Checks::InsecureCORSPolicy < Arachni::Check::Base
             name:        'Insecure CORS policy',
             description: %q{Checks the host for a wildcard (`*`) `Access-Control-Allow-Origin` header.},
             author:      'Tasos Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1',
+            version:     '0.1.1',
             elements:    [ Element::Server ],
 
             issue:       {

data/components/checks/passive/grep/x_frame_options.rb

@@ -7,16 +7,18 @@
 =end
 
 # @author  Tasos Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1
+# @version 0.1.1
 class Arachni::Checks::XFrameOptions < Arachni::Check::Base
 
     def run
         return if audited?( page.parsed_url.host ) ||
             page.response.headers['X-Frame-Options']
-
         audited( page.parsed_url.host )
 
-        log( vector: Element::Server.new( page.url ) )
+        log(
+            vector: Element::Server.new( page.url ),
+            proof:  page.response.headers_string
+        )
     end
 
     def self.info
@@ -24,7 +26,7 @@ class Arachni::Checks::XFrameOptions < Arachni::Check::Base
             name:        'Missing X-Frame-Options header',
             description: %q{Checks the host for a missing `X-Frame-Options` header.},
             author:      'Tasos Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1',
+            version:     '0.1.1',
             elements:    [ Element::Server ],
 
             issue:       {

data/components/checks/passive/htaccess_limit.rb

@@ -20,7 +20,11 @@ class Arachni::Checks::HtaccessLimit < Arachni::Check::Base
     def check_and_log( response )
         return if response.code != 200
 
-        log vector: Element::Server.new( response.url ), response: response
+        log(
+            vector:   Element::Server.new( response.url ),
+            response: response,
+            proof:    response.status_line
+        )
         print_ok "Request was accepted: #{response.url}"
     end
 
@@ -31,7 +35,7 @@ class Arachni::Checks::HtaccessLimit < Arachni::Check::Base
                 GET requests but allows POST.},
             elements:    [ Element::Server ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.6',
+            version:     '0.1.7',
 
             issue:       {
                 name:        %q{Misconfiguration in LIMIT directive of .htaccess file},

data/components/checks/passive/http_put.rb

@@ -28,7 +28,7 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
             next if res.code != 201
 
             http.get( path ) do |c_res|
-                check_and_log( c_res )
+                check_and_log( c_res, res )
 
                 # Try to DELETE the PUT file.
                 http.request( path, method: :delete ){}
@@ -36,10 +36,14 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
         end
     end
 
-    def check_and_log( response )
+    def check_and_log( response, put_response )
         return if !response.body.to_s.include?( self.class.substring )
 
-        log vector: Element::Server.new( response.url ), response: response
+        log(
+            vector:   Element::Server.new( response.url ),
+            response: put_response,
+            proof:    put_response.status_line
+        )
         print_ok "File has been created: #{response.url}"
     end
 
@@ -49,7 +53,7 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
             description: %q{Checks if uploading files is possible using the HTTP PUT method.},
             elements:    [ Element::Server ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.2.1',
+            version:     '0.2.2',
 
             issue:       {
                 name:            %q{Publicly writable directory},

data/components/checks/passive/interesting_responses.rb

@@ -34,7 +34,8 @@ class Arachni::Checks::InterestingResponses < Arachni::Check::Base
 
     def check_and_log( response )
         return if IGNORE_CODES.include?( response.code ) ||
-            response.body.to_s.empty? || issue_limit_reached?
+            response.body.to_s.empty? || issue_limit_reached? ||
+            response.scope.out?
 
         path = uri_parse( response.url ).path
 
@@ -57,7 +58,7 @@ class Arachni::Checks::InterestingResponses < Arachni::Check::Base
             description: %q{Logs all non 200 (OK) server responses.},
             elements:    [ Element::Server ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.2',
+            version:     '0.2.1',
 
             issue:       {
                 name:        %q{Interesting response},

data/components/checks/passive/localstart_asp.rb

@@ -31,7 +31,11 @@ class Arachni::Checks::LocalstartAsp < Arachni::Check::Base
     def check_and_log( response )
         return if response.code != 401
 
-        log vector: Element::Server.new( response.url ), response: response
+        log(
+            vector:   Element::Server.new( response.url ),
+            response: response,
+            proof:    response.status_line
+        )
     end
 
     def self.info
@@ -40,7 +44,7 @@ class Arachni::Checks::LocalstartAsp < Arachni::Check::Base
             description: %q{Checks for localstart.asp.},
             elements:    [ Element::Server ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.2',
+            version:     '0.1.3',
 
             issue:       {
                 name:            %q{Exposed localstart.asp page},

data/components/checks/passive/origin_spoof_access_restriction_bypass.rb

@@ -34,7 +34,11 @@ class Arachni::Checks::OriginSpoofAccessRestrictionBypass < Arachni::Check::Base
     def check_and_log( response )
         return if response.code != 200
 
-        log vector: Element::Server.new( response.url ), response: response
+        log(
+            vector:   Element::Server.new( response.url ),
+            response: response,
+            proof:    response.status_line
+        )
         print_ok "Request was accepted: #{response.url}"
     end