arachni 1.1 → 1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +159 -0
- data/LICENSE.md +126 -196
- data/README.md +32 -24
- data/arachni.gemspec +7 -7
- data/components/checks/active/code_injection_timing.rb +3 -3
- data/components/checks/active/csrf.rb +2 -2
- data/components/checks/active/file_inclusion.rb +6 -7
- data/components/checks/active/os_cmd_injection.rb +3 -3
- data/components/checks/active/path_traversal.rb +7 -7
- data/components/checks/active/response_splitting.rb +9 -4
- data/components/checks/active/session_fixation.rb +7 -3
- data/components/checks/active/source_code_disclosure.rb +5 -5
- data/components/checks/active/unvalidated_redirect.rb +12 -3
- data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
- data/components/checks/active/xss.rb +23 -10
- data/components/checks/active/xss_dom_inputs.rb +113 -11
- data/components/checks/active/xxe.rb +3 -3
- data/components/checks/passive/backdoors.rb +6 -5
- data/components/checks/passive/backup_directories.rb +6 -6
- data/components/checks/passive/backup_files.rb +6 -6
- data/components/checks/passive/common_admin_interfaces.rb +58 -0
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
- data/components/checks/passive/common_directories/directories.txt +0 -16
- data/components/checks/passive/common_files.rb +6 -5
- data/components/checks/passive/common_files/filenames.txt +0 -2
- data/components/checks/passive/directory_listing.rb +6 -6
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
- data/components/checks/passive/grep/hsts.rb +6 -3
- data/components/checks/passive/grep/http_only_cookies.rb +3 -3
- data/components/checks/passive/grep/insecure_cookies.rb +2 -2
- data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
- data/components/checks/passive/grep/x_frame_options.rb +6 -4
- data/components/checks/passive/htaccess_limit.rb +6 -2
- data/components/checks/passive/http_put.rb +8 -4
- data/components/checks/passive/interesting_responses.rb +3 -2
- data/components/checks/passive/localstart_asp.rb +6 -2
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
- data/components/checks/passive/xst.rb +6 -2
- data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
- data/components/fingerprinters/frameworks/cakephp.rb +28 -0
- data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
- data/components/fingerprinters/frameworks/django.rb +33 -0
- data/components/fingerprinters/frameworks/jsf.rb +30 -0
- data/components/fingerprinters/frameworks/rack.rb +5 -7
- data/components/fingerprinters/frameworks/rails.rb +43 -0
- data/components/fingerprinters/languages/aspx.rb +11 -11
- data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
- data/components/fingerprinters/languages/php.rb +6 -6
- data/components/fingerprinters/languages/python.rb +14 -6
- data/components/fingerprinters/languages/ruby.rb +3 -5
- data/components/fingerprinters/servers/apache.rb +5 -4
- data/components/fingerprinters/servers/gunicorn.rb +33 -0
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +11 -4
- data/components/path_extractors/anchors.rb +5 -12
- data/components/path_extractors/areas.rb +5 -13
- data/components/path_extractors/comments.rb +5 -3
- data/components/path_extractors/data_url.rb +21 -0
- data/components/path_extractors/forms.rb +5 -13
- data/components/path_extractors/frames.rb +6 -13
- data/components/path_extractors/generic.rb +3 -12
- data/components/path_extractors/links.rb +5 -13
- data/components/path_extractors/meta_refresh.rb +5 -13
- data/components/path_extractors/scripts.rb +8 -14
- data/components/plugins/autologin.rb +17 -5
- data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
- data/components/plugins/login_script.rb +40 -10
- data/components/plugins/metrics.rb +235 -0
- data/components/plugins/proxy.rb +21 -4
- data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
- data/components/plugins/restrict_to_dom_state.rb +70 -0
- data/components/plugins/vector_feed.rb +38 -9
- data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
- data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
- data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
- data/components/reporters/stdout.rb +4 -2
- data/components/reporters/xml.rb +4 -4
- data/components/reporters/xml/schema.xsd +95 -0
- data/lib/arachni.rb +2 -0
- data/lib/arachni/browser.rb +132 -77
- data/lib/arachni/browser/javascript.rb +173 -45
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
- data/lib/arachni/browser_cluster.rb +41 -15
- data/lib/arachni/browser_cluster/job.rb +4 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
- data/lib/arachni/browser_cluster/worker.rb +8 -5
- data/lib/arachni/check/auditor.rb +20 -8
- data/lib/arachni/check/base.rb +38 -6
- data/lib/arachni/element/base.rb +18 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
- data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
- data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/cookie.rb +37 -23
- data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
- data/lib/arachni/element/cookie/dom.rb +0 -8
- data/lib/arachni/element/form.rb +28 -14
- data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
- data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
- data/lib/arachni/element/form/dom.rb +0 -8
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/json.rb +2 -1
- data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +13 -16
- data/lib/arachni/element/link/dom.rb +1 -14
- data/lib/arachni/element/link_template.rb +3 -2
- data/lib/arachni/element/link_template/dom.rb +0 -16
- data/lib/arachni/element/server.rb +51 -9
- data/lib/arachni/element/xml.rb +1 -0
- data/lib/arachni/ethon/easy.rb +4 -1
- data/lib/arachni/framework/parts/audit.rb +26 -77
- data/lib/arachni/framework/parts/browser.rb +50 -55
- data/lib/arachni/framework/parts/check.rb +4 -3
- data/lib/arachni/framework/parts/data.rb +41 -6
- data/lib/arachni/framework/parts/state.rb +16 -7
- data/lib/arachni/http/client.rb +66 -38
- data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
- data/lib/arachni/http/headers.rb +22 -10
- data/lib/arachni/http/proxy_server.rb +67 -22
- data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
- data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
- data/lib/arachni/http/request.rb +71 -18
- data/lib/arachni/issue.rb +17 -3
- data/lib/arachni/option_groups/browser_cluster.rb +34 -1
- data/lib/arachni/option_groups/http.rb +1 -1
- data/lib/arachni/page.rb +26 -13
- data/lib/arachni/page/dom/transition.rb +2 -2
- data/lib/arachni/parser.rb +28 -11
- data/lib/arachni/platform/fingerprinter.rb +5 -0
- data/lib/arachni/platform/manager.rb +65 -32
- data/lib/arachni/plugin/base.rb +8 -0
- data/lib/arachni/processes/instances.rb +25 -11
- data/lib/arachni/reporter/manager.rb +2 -2
- data/lib/arachni/rpc/client/instance.rb +4 -0
- data/lib/arachni/rpc/server/framework/master.rb +3 -3
- data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
- data/lib/arachni/rpc/server/instance.rb +2 -1
- data/lib/arachni/ruby/array.rb +5 -0
- data/lib/arachni/ruby/hash.rb +5 -0
- data/lib/arachni/ruby/string.rb +2 -3
- data/lib/arachni/session.rb +32 -6
- data/lib/arachni/state/framework.rb +6 -2
- data/lib/arachni/support/cache.rb +1 -0
- data/lib/arachni/support/cache/base.rb +12 -8
- data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
- data/lib/arachni/support/cache/least_recently_used.rb +5 -8
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -25
- data/lib/arachni/support/database/queue.rb +21 -8
- data/lib/arachni/support/lookup/base.rb +7 -1
- data/lib/arachni/support/mixins/observable.rb +3 -1
- data/lib/arachni/support/profiler.rb +51 -10
- data/lib/arachni/support/signature.rb +11 -2
- data/lib/arachni/trainer.rb +8 -2
- data/lib/arachni/uri.rb +28 -25
- data/lib/arachni/uri/scope.rb +1 -1
- data/lib/arachni/utilities.rb +8 -0
- data/lib/arachni/watir/element.rb +1 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
- data/spec/arachni/browser/javascript_spec.rb +235 -61
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
- data/spec/arachni/browser_cluster_spec.rb +58 -10
- data/spec/arachni/browser_spec.rb +170 -26
- data/spec/arachni/check/auditor_spec.rb +22 -3
- data/spec/arachni/check/base_spec.rb +84 -0
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
- data/spec/arachni/element/cookie/dom_spec.rb +0 -9
- data/spec/arachni/element/cookie_spec.rb +85 -0
- data/spec/arachni/element/form/dom_spec.rb +0 -9
- data/spec/arachni/element/form_spec.rb +46 -3
- data/spec/arachni/element/json_spec.rb +20 -0
- data/spec/arachni/element/link/dom_spec.rb +0 -9
- data/spec/arachni/element/link_spec.rb +40 -15
- data/spec/arachni/element/link_template/dom_spec.rb +0 -8
- data/spec/arachni/element/link_template_spec.rb +2 -6
- data/spec/arachni/element/server_spec.rb +94 -8
- data/spec/arachni/element/xml_spec.rb +20 -0
- data/spec/arachni/framework/parts/audit_spec.rb +12 -14
- data/spec/arachni/framework/parts/browser_spec.rb +0 -171
- data/spec/arachni/framework/parts/platform_spec.rb +14 -8
- data/spec/arachni/framework/parts/report_spec.rb +1 -1
- data/spec/arachni/framework/parts/state_spec.rb +0 -9
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
- data/spec/arachni/http/client_spec.rb +169 -42
- data/spec/arachni/http/headers_spec.rb +18 -0
- data/spec/arachni/http/request_spec.rb +23 -0
- data/spec/arachni/issue_spec.rb +17 -6
- data/spec/arachni/page_spec.rb +22 -2
- data/spec/arachni/parser_spec.rb +5 -0
- data/spec/arachni/platform/manager_spec.rb +57 -25
- data/spec/arachni/reporter/manager_spec.rb +26 -0
- data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
- data/spec/arachni/state/framework_spec.rb +2 -8
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
- data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
- data/spec/arachni/support/database/queue_spec.rb +7 -0
- data/spec/arachni/support/mixins/observable_spec.rb +15 -1
- data/spec/arachni/trainer_spec.rb +2 -2
- data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
- data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
- data/spec/components/checks/active/path_traversal_spec.rb +2 -2
- data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
- data/spec/components/checks/active/xss_spec.rb +5 -5
- data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
- data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
- data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
- data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
- data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
- data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
- data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
- data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
- data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
- data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
- data/spec/components/fingerprinters/languages/ruby.rb +6 -4
- data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
- data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
- data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
- data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
- data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
- data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
- data/spec/components/path_extractors/data_url_spec.rb +19 -0
- data/spec/components/plugins/autologin_spec.rb +23 -0
- data/spec/components/plugins/login_script_spec.rb +112 -24
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
- data/spec/components/plugins/vector_feed_spec.rb +39 -1
- data/spec/support/factories/page/dom.rb +9 -4
- data/spec/support/factories/page/dom/transition.rb +31 -9
- data/spec/support/factories/scan_report.rb +8 -6
- data/spec/support/fixtures/empty/placeholder +0 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
- data/spec/support/servers/arachni/browser.rb +117 -11
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
- data/spec/support/servers/arachni/check/auditor.rb +4 -0
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
- data/spec/support/servers/arachni/http/client.rb +5 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
- data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
- data/spec/support/servers/checks/active/path_traversal.rb +2 -2
- data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
- data/spec/support/servers/checks/active/trainer_check.rb +9 -10
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
- data/spec/support/servers/checks/active/xss.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom.rb +1 -1
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
- data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
- data/spec/support/servers/plugins/autologin.rb +9 -0
- data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
- data/spec/support/shared/element/base.rb +42 -0
- data/spec/support/shared/element/capabilities/auditable.rb +4 -4
- data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
- data/spec/support/shared/element/capabilities/submitable.rb +7 -2
- data/spec/support/shared/fingerprinter.rb +8 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/ui/cli/framework.rb +3 -3
- data/ui/cli/framework/option_parser.rb +9 -0
- data/ui/cli/output.rb +9 -0
- data/ui/cli/reporter.rb +5 -2
- data/ui/cli/utilities.rb +4 -2
- metadata +76 -17
- data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
- data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
- data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
@@ -0,0 +1,49 @@
|
|
1
|
+
.admin
|
2
|
+
.adm
|
3
|
+
adm
|
4
|
+
admin
|
5
|
+
admin-login
|
6
|
+
admin.asp
|
7
|
+
admin.aspx
|
8
|
+
admin.cfm
|
9
|
+
admin.cgi
|
10
|
+
admin.do
|
11
|
+
admin.htm
|
12
|
+
admin.html
|
13
|
+
admin.jsp
|
14
|
+
admin.php
|
15
|
+
admin.php3
|
16
|
+
admin2
|
17
|
+
admin_
|
18
|
+
admin_login
|
19
|
+
admin_logon
|
20
|
+
administracion
|
21
|
+
administrador
|
22
|
+
administrateur
|
23
|
+
administration
|
24
|
+
administrator
|
25
|
+
administrator
|
26
|
+
administrator-login
|
27
|
+
adminlogon
|
28
|
+
authadmin
|
29
|
+
console
|
30
|
+
fpadmin
|
31
|
+
iisadmin
|
32
|
+
manage
|
33
|
+
manager
|
34
|
+
operador
|
35
|
+
operator
|
36
|
+
ops
|
37
|
+
phpmyadmin
|
38
|
+
portal
|
39
|
+
siteadmin
|
40
|
+
staff
|
41
|
+
user
|
42
|
+
users
|
43
|
+
usuario
|
44
|
+
usuarios
|
45
|
+
vpn
|
46
|
+
webadmin
|
47
|
+
wp-admin/install.php
|
48
|
+
wp-admin/setup-config.php
|
49
|
+
~admin
|
@@ -4,7 +4,6 @@ cgi-bin
|
|
4
4
|
cgi-sys
|
5
5
|
mailman
|
6
6
|
iishelp
|
7
|
-
iisadmin
|
8
7
|
uploader
|
9
8
|
uploads
|
10
9
|
tsweb
|
@@ -28,14 +27,9 @@ feedback
|
|
28
27
|
global
|
29
28
|
globals
|
30
29
|
guestbook
|
31
|
-
admin_
|
32
|
-
admin_login
|
33
|
-
admin_logon
|
34
|
-
adminlogon
|
35
30
|
client
|
36
31
|
clients
|
37
32
|
cmd
|
38
|
-
INSTALL_admin
|
39
33
|
incomming
|
40
34
|
upload
|
41
35
|
backend
|
@@ -57,9 +51,6 @@ pics
|
|
57
51
|
_logs
|
58
52
|
_errors
|
59
53
|
_tests
|
60
|
-
.adm
|
61
|
-
.admin
|
62
|
-
~admin
|
63
54
|
secret
|
64
55
|
owa
|
65
56
|
db2
|
@@ -121,7 +112,6 @@ bug
|
|
121
112
|
bugs
|
122
113
|
buy
|
123
114
|
auth
|
124
|
-
authadmin
|
125
115
|
import
|
126
116
|
apps
|
127
117
|
application
|
@@ -184,11 +174,8 @@ install
|
|
184
174
|
installer
|
185
175
|
shop
|
186
176
|
private
|
187
|
-
fpadmin
|
188
|
-
administrator
|
189
177
|
intranet
|
190
178
|
inventory
|
191
|
-
webadmin
|
192
179
|
employees
|
193
180
|
accounting
|
194
181
|
tree
|
@@ -212,7 +199,6 @@ jrun
|
|
212
199
|
job
|
213
200
|
zipfiles
|
214
201
|
pw
|
215
|
-
admin
|
216
202
|
new
|
217
203
|
adm
|
218
204
|
oracle
|
@@ -241,7 +227,6 @@ stats
|
|
241
227
|
sitestats
|
242
228
|
www
|
243
229
|
errors
|
244
|
-
siteadmin
|
245
230
|
backups
|
246
231
|
testing
|
247
232
|
internal
|
@@ -258,7 +243,6 @@ network
|
|
258
243
|
xamp
|
259
244
|
xampp
|
260
245
|
lamp
|
261
|
-
phpmyadmin
|
262
246
|
AD
|
263
247
|
AE
|
264
248
|
AF
|
@@ -25,11 +25,12 @@ class Arachni::Checks::CommonFiles < Arachni::Check::Base
|
|
25
25
|
|
26
26
|
def self.info
|
27
27
|
{
|
28
|
-
name:
|
29
|
-
description:
|
30
|
-
elements:
|
31
|
-
author:
|
32
|
-
version:
|
28
|
+
name: 'Common files',
|
29
|
+
description: %q{Tries to find common sensitive files on the server.},
|
30
|
+
elements: [ Element::Server ],
|
31
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
32
|
+
version: '0.2.4',
|
33
|
+
exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
|
33
34
|
|
34
35
|
issue: {
|
35
36
|
name: %q{Common sensitive file},
|
@@ -76,11 +76,12 @@ class Arachni::Checks::DirectoryListing < Arachni::Check::Base
|
|
76
76
|
|
77
77
|
def self.info
|
78
78
|
{
|
79
|
-
name:
|
80
|
-
description:
|
81
|
-
elements:
|
82
|
-
author:
|
83
|
-
version:
|
79
|
+
name: 'Directory listing',
|
80
|
+
description: %q{Tries to force directory listings.},
|
81
|
+
elements: [ Element::Server ],
|
82
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
83
|
+
version: '0.1.6',
|
84
|
+
exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
|
84
85
|
|
85
86
|
issue: {
|
86
87
|
name: %q{Directory listing},
|
@@ -98,7 +99,6 @@ application is structured.
|
|
98
99
|
Arachni discovered that the affected page permits directory listing.
|
99
100
|
},
|
100
101
|
references: {
|
101
|
-
'CWE' => 'http://cwe.mitre.org/data/definitions/548.html',
|
102
102
|
'WASC' => 'http://projects.webappsec.org/w/page/13246922/Directory%20Indexing'
|
103
103
|
},
|
104
104
|
tags: %w(path directory listing index),
|
@@ -7,7 +7,7 @@
|
|
7
7
|
=end
|
8
8
|
|
9
9
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
10
|
-
# @version 0.1.
|
10
|
+
# @version 0.1.2
|
11
11
|
class Arachni::Checks::CookieSetForParentDomain < Arachni::Check::Base
|
12
12
|
|
13
13
|
def run
|
@@ -16,7 +16,7 @@ class Arachni::Checks::CookieSetForParentDomain < Arachni::Check::Base
|
|
16
16
|
page.parser.cookies.each do |cookie|
|
17
17
|
next if !cookie.domain.start_with?( '.' ) || audited?( cookie.name )
|
18
18
|
|
19
|
-
log( vector: cookie )
|
19
|
+
log( vector: cookie, proof: cookie.domain )
|
20
20
|
audited( cookie.name )
|
21
21
|
end
|
22
22
|
end
|
@@ -27,7 +27,7 @@ class Arachni::Checks::CookieSetForParentDomain < Arachni::Check::Base
|
|
27
27
|
description: %q{Logs cookies that are accessible by all subdomains.},
|
28
28
|
elements: [ Element::Cookie ],
|
29
29
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
30
|
-
version: '0.1.
|
30
|
+
version: '0.1.2',
|
31
31
|
|
32
32
|
issue: {
|
33
33
|
name: %q{Cookie set for parent domain},
|
@@ -7,7 +7,7 @@
|
|
7
7
|
=end
|
8
8
|
|
9
9
|
# @author Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
10
|
-
# @version 0.1
|
10
|
+
# @version 0.1.1
|
11
11
|
class Arachni::Checks::Hsts < Arachni::Check::Base
|
12
12
|
|
13
13
|
def run
|
@@ -17,7 +17,10 @@ class Arachni::Checks::Hsts < Arachni::Check::Base
|
|
17
17
|
|
18
18
|
audited( page.parsed_url.host )
|
19
19
|
|
20
|
-
log(
|
20
|
+
log(
|
21
|
+
vector: Element::Server.new( page.url ),
|
22
|
+
proof: page.response.headers_string
|
23
|
+
)
|
21
24
|
end
|
22
25
|
|
23
26
|
def self.info
|
@@ -25,7 +28,7 @@ class Arachni::Checks::Hsts < Arachni::Check::Base
|
|
25
28
|
name: 'HTTP Strict Transport Security',
|
26
29
|
description: %q{Checks HTTPS pages for missing `Strict-Transport-Security` headers.},
|
27
30
|
author: 'Tasos Laskos <tasos.laskos@arachni-scanner.com>',
|
28
|
-
version: '0.1',
|
31
|
+
version: '0.1.1',
|
29
32
|
elements: [ Element::Server ],
|
30
33
|
|
31
34
|
issue: {
|
@@ -9,14 +9,14 @@
|
|
9
9
|
# Logs cookies that are accessible via JavaScript.
|
10
10
|
#
|
11
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
-
# @version 0.1.
|
12
|
+
# @version 0.1.3
|
13
13
|
class Arachni::Checks::HttpOnlyCookies < Arachni::Check::Base
|
14
14
|
|
15
15
|
def run
|
16
16
|
page.cookies.each do |cookie|
|
17
17
|
next if cookie.http_only? || audited?( cookie.name )
|
18
18
|
|
19
|
-
log( vector: cookie )
|
19
|
+
log( vector: cookie, proof: cookie.source )
|
20
20
|
audited( cookie.name )
|
21
21
|
end
|
22
22
|
end
|
@@ -27,7 +27,7 @@ class Arachni::Checks::HttpOnlyCookies < Arachni::Check::Base
|
|
27
27
|
description: %q{Logs cookies that are accessible via JavaScript.},
|
28
28
|
elements: [ Element::Cookie ],
|
29
29
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
30
|
-
version: '0.1.
|
30
|
+
version: '0.1.3',
|
31
31
|
|
32
32
|
issue: {
|
33
33
|
name: %q{HttpOnly cookie},
|
@@ -15,7 +15,7 @@ class Arachni::Checks::InsecureCookies < Arachni::Check::Base
|
|
15
15
|
page.cookies.each do |cookie|
|
16
16
|
next if cookie.secure? || audited?( cookie.name )
|
17
17
|
|
18
|
-
log( vector: cookie )
|
18
|
+
log( vector: cookie, proof: cookie.source )
|
19
19
|
audited( cookie.name )
|
20
20
|
end
|
21
21
|
end
|
@@ -29,7 +29,7 @@ Logs cookies that are served over an encrypted channel but without having the
|
|
29
29
|
},
|
30
30
|
elements: [ Element::Cookie ],
|
31
31
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
32
|
-
version: '0.1.
|
32
|
+
version: '0.1.3',
|
33
33
|
|
34
34
|
issue: {
|
35
35
|
name: %q{Insecure cookie},
|
@@ -7,16 +7,18 @@
|
|
7
7
|
=end
|
8
8
|
|
9
9
|
# @author Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
10
|
-
# @version 0.1
|
10
|
+
# @version 0.1.1
|
11
11
|
class Arachni::Checks::InsecureCORSPolicy < Arachni::Check::Base
|
12
12
|
|
13
13
|
def run
|
14
14
|
return if audited?( page.parsed_url.host ) ||
|
15
15
|
page.response.headers['Access-Control-Allow-Origin'] != '*'
|
16
|
-
|
17
16
|
audited( page.parsed_url.host )
|
18
17
|
|
19
|
-
log(
|
18
|
+
log(
|
19
|
+
vector: Element::Server.new( page.url ),
|
20
|
+
proof: page.response.headers_string[/Access-Control-Allow-Origin.*$/i]
|
21
|
+
)
|
20
22
|
end
|
21
23
|
|
22
24
|
def self.info
|
@@ -24,7 +26,7 @@ class Arachni::Checks::InsecureCORSPolicy < Arachni::Check::Base
|
|
24
26
|
name: 'Insecure CORS policy',
|
25
27
|
description: %q{Checks the host for a wildcard (`*`) `Access-Control-Allow-Origin` header.},
|
26
28
|
author: 'Tasos Laskos <tasos.laskos@arachni-scanner.com>',
|
27
|
-
version: '0.1',
|
29
|
+
version: '0.1.1',
|
28
30
|
elements: [ Element::Server ],
|
29
31
|
|
30
32
|
issue: {
|
@@ -7,16 +7,18 @@
|
|
7
7
|
=end
|
8
8
|
|
9
9
|
# @author Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
10
|
-
# @version 0.1
|
10
|
+
# @version 0.1.1
|
11
11
|
class Arachni::Checks::XFrameOptions < Arachni::Check::Base
|
12
12
|
|
13
13
|
def run
|
14
14
|
return if audited?( page.parsed_url.host ) ||
|
15
15
|
page.response.headers['X-Frame-Options']
|
16
|
-
|
17
16
|
audited( page.parsed_url.host )
|
18
17
|
|
19
|
-
log(
|
18
|
+
log(
|
19
|
+
vector: Element::Server.new( page.url ),
|
20
|
+
proof: page.response.headers_string
|
21
|
+
)
|
20
22
|
end
|
21
23
|
|
22
24
|
def self.info
|
@@ -24,7 +26,7 @@ class Arachni::Checks::XFrameOptions < Arachni::Check::Base
|
|
24
26
|
name: 'Missing X-Frame-Options header',
|
25
27
|
description: %q{Checks the host for a missing `X-Frame-Options` header.},
|
26
28
|
author: 'Tasos Laskos <tasos.laskos@arachni-scanner.com>',
|
27
|
-
version: '0.1',
|
29
|
+
version: '0.1.1',
|
28
30
|
elements: [ Element::Server ],
|
29
31
|
|
30
32
|
issue: {
|
@@ -20,7 +20,11 @@ class Arachni::Checks::HtaccessLimit < Arachni::Check::Base
|
|
20
20
|
def check_and_log( response )
|
21
21
|
return if response.code != 200
|
22
22
|
|
23
|
-
log
|
23
|
+
log(
|
24
|
+
vector: Element::Server.new( response.url ),
|
25
|
+
response: response,
|
26
|
+
proof: response.status_line
|
27
|
+
)
|
24
28
|
print_ok "Request was accepted: #{response.url}"
|
25
29
|
end
|
26
30
|
|
@@ -31,7 +35,7 @@ class Arachni::Checks::HtaccessLimit < Arachni::Check::Base
|
|
31
35
|
GET requests but allows POST.},
|
32
36
|
elements: [ Element::Server ],
|
33
37
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
34
|
-
version: '0.1.
|
38
|
+
version: '0.1.7',
|
35
39
|
|
36
40
|
issue: {
|
37
41
|
name: %q{Misconfiguration in LIMIT directive of .htaccess file},
|
@@ -28,7 +28,7 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
|
|
28
28
|
next if res.code != 201
|
29
29
|
|
30
30
|
http.get( path ) do |c_res|
|
31
|
-
check_and_log( c_res )
|
31
|
+
check_and_log( c_res, res )
|
32
32
|
|
33
33
|
# Try to DELETE the PUT file.
|
34
34
|
http.request( path, method: :delete ){}
|
@@ -36,10 +36,14 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
|
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
-
def check_and_log( response )
|
39
|
+
def check_and_log( response, put_response )
|
40
40
|
return if !response.body.to_s.include?( self.class.substring )
|
41
41
|
|
42
|
-
log
|
42
|
+
log(
|
43
|
+
vector: Element::Server.new( response.url ),
|
44
|
+
response: put_response,
|
45
|
+
proof: put_response.status_line
|
46
|
+
)
|
43
47
|
print_ok "File has been created: #{response.url}"
|
44
48
|
end
|
45
49
|
|
@@ -49,7 +53,7 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
|
|
49
53
|
description: %q{Checks if uploading files is possible using the HTTP PUT method.},
|
50
54
|
elements: [ Element::Server ],
|
51
55
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
52
|
-
version: '0.2.
|
56
|
+
version: '0.2.2',
|
53
57
|
|
54
58
|
issue: {
|
55
59
|
name: %q{Publicly writable directory},
|
@@ -34,7 +34,8 @@ class Arachni::Checks::InterestingResponses < Arachni::Check::Base
|
|
34
34
|
|
35
35
|
def check_and_log( response )
|
36
36
|
return if IGNORE_CODES.include?( response.code ) ||
|
37
|
-
response.body.to_s.empty? || issue_limit_reached?
|
37
|
+
response.body.to_s.empty? || issue_limit_reached? ||
|
38
|
+
response.scope.out?
|
38
39
|
|
39
40
|
path = uri_parse( response.url ).path
|
40
41
|
|
@@ -57,7 +58,7 @@ class Arachni::Checks::InterestingResponses < Arachni::Check::Base
|
|
57
58
|
description: %q{Logs all non 200 (OK) server responses.},
|
58
59
|
elements: [ Element::Server ],
|
59
60
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
60
|
-
version: '0.2',
|
61
|
+
version: '0.2.1',
|
61
62
|
|
62
63
|
issue: {
|
63
64
|
name: %q{Interesting response},
|
@@ -31,7 +31,11 @@ class Arachni::Checks::LocalstartAsp < Arachni::Check::Base
|
|
31
31
|
def check_and_log( response )
|
32
32
|
return if response.code != 401
|
33
33
|
|
34
|
-
log
|
34
|
+
log(
|
35
|
+
vector: Element::Server.new( response.url ),
|
36
|
+
response: response,
|
37
|
+
proof: response.status_line
|
38
|
+
)
|
35
39
|
end
|
36
40
|
|
37
41
|
def self.info
|
@@ -40,7 +44,7 @@ class Arachni::Checks::LocalstartAsp < Arachni::Check::Base
|
|
40
44
|
description: %q{Checks for localstart.asp.},
|
41
45
|
elements: [ Element::Server ],
|
42
46
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
43
|
-
version: '0.1.
|
47
|
+
version: '0.1.3',
|
44
48
|
|
45
49
|
issue: {
|
46
50
|
name: %q{Exposed localstart.asp page},
|
@@ -34,7 +34,11 @@ class Arachni::Checks::OriginSpoofAccessRestrictionBypass < Arachni::Check::Base
|
|
34
34
|
def check_and_log( response )
|
35
35
|
return if response.code != 200
|
36
36
|
|
37
|
-
log
|
37
|
+
log(
|
38
|
+
vector: Element::Server.new( response.url ),
|
39
|
+
response: response,
|
40
|
+
proof: response.status_line
|
41
|
+
)
|
38
42
|
print_ok "Request was accepted: #{response.url}"
|
39
43
|
end
|
40
44
|
|