arachni 1.1 → 1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +159 -0
- data/LICENSE.md +126 -196
- data/README.md +32 -24
- data/arachni.gemspec +7 -7
- data/components/checks/active/code_injection_timing.rb +3 -3
- data/components/checks/active/csrf.rb +2 -2
- data/components/checks/active/file_inclusion.rb +6 -7
- data/components/checks/active/os_cmd_injection.rb +3 -3
- data/components/checks/active/path_traversal.rb +7 -7
- data/components/checks/active/response_splitting.rb +9 -4
- data/components/checks/active/session_fixation.rb +7 -3
- data/components/checks/active/source_code_disclosure.rb +5 -5
- data/components/checks/active/unvalidated_redirect.rb +12 -3
- data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
- data/components/checks/active/xss.rb +23 -10
- data/components/checks/active/xss_dom_inputs.rb +113 -11
- data/components/checks/active/xxe.rb +3 -3
- data/components/checks/passive/backdoors.rb +6 -5
- data/components/checks/passive/backup_directories.rb +6 -6
- data/components/checks/passive/backup_files.rb +6 -6
- data/components/checks/passive/common_admin_interfaces.rb +58 -0
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
- data/components/checks/passive/common_directories/directories.txt +0 -16
- data/components/checks/passive/common_files.rb +6 -5
- data/components/checks/passive/common_files/filenames.txt +0 -2
- data/components/checks/passive/directory_listing.rb +6 -6
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
- data/components/checks/passive/grep/hsts.rb +6 -3
- data/components/checks/passive/grep/http_only_cookies.rb +3 -3
- data/components/checks/passive/grep/insecure_cookies.rb +2 -2
- data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
- data/components/checks/passive/grep/x_frame_options.rb +6 -4
- data/components/checks/passive/htaccess_limit.rb +6 -2
- data/components/checks/passive/http_put.rb +8 -4
- data/components/checks/passive/interesting_responses.rb +3 -2
- data/components/checks/passive/localstart_asp.rb +6 -2
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
- data/components/checks/passive/xst.rb +6 -2
- data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
- data/components/fingerprinters/frameworks/cakephp.rb +28 -0
- data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
- data/components/fingerprinters/frameworks/django.rb +33 -0
- data/components/fingerprinters/frameworks/jsf.rb +30 -0
- data/components/fingerprinters/frameworks/rack.rb +5 -7
- data/components/fingerprinters/frameworks/rails.rb +43 -0
- data/components/fingerprinters/languages/aspx.rb +11 -11
- data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
- data/components/fingerprinters/languages/php.rb +6 -6
- data/components/fingerprinters/languages/python.rb +14 -6
- data/components/fingerprinters/languages/ruby.rb +3 -5
- data/components/fingerprinters/servers/apache.rb +5 -4
- data/components/fingerprinters/servers/gunicorn.rb +33 -0
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +11 -4
- data/components/path_extractors/anchors.rb +5 -12
- data/components/path_extractors/areas.rb +5 -13
- data/components/path_extractors/comments.rb +5 -3
- data/components/path_extractors/data_url.rb +21 -0
- data/components/path_extractors/forms.rb +5 -13
- data/components/path_extractors/frames.rb +6 -13
- data/components/path_extractors/generic.rb +3 -12
- data/components/path_extractors/links.rb +5 -13
- data/components/path_extractors/meta_refresh.rb +5 -13
- data/components/path_extractors/scripts.rb +8 -14
- data/components/plugins/autologin.rb +17 -5
- data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
- data/components/plugins/login_script.rb +40 -10
- data/components/plugins/metrics.rb +235 -0
- data/components/plugins/proxy.rb +21 -4
- data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
- data/components/plugins/restrict_to_dom_state.rb +70 -0
- data/components/plugins/vector_feed.rb +38 -9
- data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
- data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
- data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
- data/components/reporters/stdout.rb +4 -2
- data/components/reporters/xml.rb +4 -4
- data/components/reporters/xml/schema.xsd +95 -0
- data/lib/arachni.rb +2 -0
- data/lib/arachni/browser.rb +132 -77
- data/lib/arachni/browser/javascript.rb +173 -45
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
- data/lib/arachni/browser_cluster.rb +41 -15
- data/lib/arachni/browser_cluster/job.rb +4 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
- data/lib/arachni/browser_cluster/worker.rb +8 -5
- data/lib/arachni/check/auditor.rb +20 -8
- data/lib/arachni/check/base.rb +38 -6
- data/lib/arachni/element/base.rb +18 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
- data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
- data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/cookie.rb +37 -23
- data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
- data/lib/arachni/element/cookie/dom.rb +0 -8
- data/lib/arachni/element/form.rb +28 -14
- data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
- data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
- data/lib/arachni/element/form/dom.rb +0 -8
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/json.rb +2 -1
- data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +13 -16
- data/lib/arachni/element/link/dom.rb +1 -14
- data/lib/arachni/element/link_template.rb +3 -2
- data/lib/arachni/element/link_template/dom.rb +0 -16
- data/lib/arachni/element/server.rb +51 -9
- data/lib/arachni/element/xml.rb +1 -0
- data/lib/arachni/ethon/easy.rb +4 -1
- data/lib/arachni/framework/parts/audit.rb +26 -77
- data/lib/arachni/framework/parts/browser.rb +50 -55
- data/lib/arachni/framework/parts/check.rb +4 -3
- data/lib/arachni/framework/parts/data.rb +41 -6
- data/lib/arachni/framework/parts/state.rb +16 -7
- data/lib/arachni/http/client.rb +66 -38
- data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
- data/lib/arachni/http/headers.rb +22 -10
- data/lib/arachni/http/proxy_server.rb +67 -22
- data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
- data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
- data/lib/arachni/http/request.rb +71 -18
- data/lib/arachni/issue.rb +17 -3
- data/lib/arachni/option_groups/browser_cluster.rb +34 -1
- data/lib/arachni/option_groups/http.rb +1 -1
- data/lib/arachni/page.rb +26 -13
- data/lib/arachni/page/dom/transition.rb +2 -2
- data/lib/arachni/parser.rb +28 -11
- data/lib/arachni/platform/fingerprinter.rb +5 -0
- data/lib/arachni/platform/manager.rb +65 -32
- data/lib/arachni/plugin/base.rb +8 -0
- data/lib/arachni/processes/instances.rb +25 -11
- data/lib/arachni/reporter/manager.rb +2 -2
- data/lib/arachni/rpc/client/instance.rb +4 -0
- data/lib/arachni/rpc/server/framework/master.rb +3 -3
- data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
- data/lib/arachni/rpc/server/instance.rb +2 -1
- data/lib/arachni/ruby/array.rb +5 -0
- data/lib/arachni/ruby/hash.rb +5 -0
- data/lib/arachni/ruby/string.rb +2 -3
- data/lib/arachni/session.rb +32 -6
- data/lib/arachni/state/framework.rb +6 -2
- data/lib/arachni/support/cache.rb +1 -0
- data/lib/arachni/support/cache/base.rb +12 -8
- data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
- data/lib/arachni/support/cache/least_recently_used.rb +5 -8
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -25
- data/lib/arachni/support/database/queue.rb +21 -8
- data/lib/arachni/support/lookup/base.rb +7 -1
- data/lib/arachni/support/mixins/observable.rb +3 -1
- data/lib/arachni/support/profiler.rb +51 -10
- data/lib/arachni/support/signature.rb +11 -2
- data/lib/arachni/trainer.rb +8 -2
- data/lib/arachni/uri.rb +28 -25
- data/lib/arachni/uri/scope.rb +1 -1
- data/lib/arachni/utilities.rb +8 -0
- data/lib/arachni/watir/element.rb +1 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
- data/spec/arachni/browser/javascript_spec.rb +235 -61
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
- data/spec/arachni/browser_cluster_spec.rb +58 -10
- data/spec/arachni/browser_spec.rb +170 -26
- data/spec/arachni/check/auditor_spec.rb +22 -3
- data/spec/arachni/check/base_spec.rb +84 -0
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
- data/spec/arachni/element/cookie/dom_spec.rb +0 -9
- data/spec/arachni/element/cookie_spec.rb +85 -0
- data/spec/arachni/element/form/dom_spec.rb +0 -9
- data/spec/arachni/element/form_spec.rb +46 -3
- data/spec/arachni/element/json_spec.rb +20 -0
- data/spec/arachni/element/link/dom_spec.rb +0 -9
- data/spec/arachni/element/link_spec.rb +40 -15
- data/spec/arachni/element/link_template/dom_spec.rb +0 -8
- data/spec/arachni/element/link_template_spec.rb +2 -6
- data/spec/arachni/element/server_spec.rb +94 -8
- data/spec/arachni/element/xml_spec.rb +20 -0
- data/spec/arachni/framework/parts/audit_spec.rb +12 -14
- data/spec/arachni/framework/parts/browser_spec.rb +0 -171
- data/spec/arachni/framework/parts/platform_spec.rb +14 -8
- data/spec/arachni/framework/parts/report_spec.rb +1 -1
- data/spec/arachni/framework/parts/state_spec.rb +0 -9
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
- data/spec/arachni/http/client_spec.rb +169 -42
- data/spec/arachni/http/headers_spec.rb +18 -0
- data/spec/arachni/http/request_spec.rb +23 -0
- data/spec/arachni/issue_spec.rb +17 -6
- data/spec/arachni/page_spec.rb +22 -2
- data/spec/arachni/parser_spec.rb +5 -0
- data/spec/arachni/platform/manager_spec.rb +57 -25
- data/spec/arachni/reporter/manager_spec.rb +26 -0
- data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
- data/spec/arachni/state/framework_spec.rb +2 -8
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
- data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
- data/spec/arachni/support/database/queue_spec.rb +7 -0
- data/spec/arachni/support/mixins/observable_spec.rb +15 -1
- data/spec/arachni/trainer_spec.rb +2 -2
- data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
- data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
- data/spec/components/checks/active/path_traversal_spec.rb +2 -2
- data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
- data/spec/components/checks/active/xss_spec.rb +5 -5
- data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
- data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
- data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
- data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
- data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
- data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
- data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
- data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
- data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
- data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
- data/spec/components/fingerprinters/languages/ruby.rb +6 -4
- data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
- data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
- data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
- data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
- data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
- data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
- data/spec/components/path_extractors/data_url_spec.rb +19 -0
- data/spec/components/plugins/autologin_spec.rb +23 -0
- data/spec/components/plugins/login_script_spec.rb +112 -24
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
- data/spec/components/plugins/vector_feed_spec.rb +39 -1
- data/spec/support/factories/page/dom.rb +9 -4
- data/spec/support/factories/page/dom/transition.rb +31 -9
- data/spec/support/factories/scan_report.rb +8 -6
- data/spec/support/fixtures/empty/placeholder +0 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
- data/spec/support/servers/arachni/browser.rb +117 -11
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
- data/spec/support/servers/arachni/check/auditor.rb +4 -0
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
- data/spec/support/servers/arachni/http/client.rb +5 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
- data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
- data/spec/support/servers/checks/active/path_traversal.rb +2 -2
- data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
- data/spec/support/servers/checks/active/trainer_check.rb +9 -10
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
- data/spec/support/servers/checks/active/xss.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom.rb +1 -1
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
- data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
- data/spec/support/servers/plugins/autologin.rb +9 -0
- data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
- data/spec/support/shared/element/base.rb +42 -0
- data/spec/support/shared/element/capabilities/auditable.rb +4 -4
- data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
- data/spec/support/shared/element/capabilities/submitable.rb +7 -2
- data/spec/support/shared/fingerprinter.rb +8 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/ui/cli/framework.rb +3 -3
- data/ui/cli/framework/option_parser.rb +9 -0
- data/ui/cli/output.rb +9 -0
- data/ui/cli/reporter.rb +5 -2
- data/ui/cli/utilities.rb +4 -2
- metadata +76 -17
- data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
- data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
- data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
@@ -0,0 +1,33 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
3
|
+
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
|
+
web site for more information on licensing and terms of use.
|
7
|
+
=end
|
8
|
+
|
9
|
+
module Arachni
|
10
|
+
module Platform::Fingerprinters
|
11
|
+
|
12
|
+
# Identifies Gunicorn resources.
|
13
|
+
#
|
14
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
15
|
+
# @version 0.1
|
16
|
+
class Gunicorn < Platform::Fingerprinter
|
17
|
+
|
18
|
+
def run
|
19
|
+
return update_platforms if server_or_powered_by_include?( 'gunicorn' )
|
20
|
+
|
21
|
+
headers.keys.each do |header|
|
22
|
+
return update_platforms if header.start_with?( 'x-gunicorn')
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def update_platforms
|
27
|
+
platforms << :python << :gunicorn
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
@@ -9,17 +9,24 @@
|
|
9
9
|
module Arachni
|
10
10
|
module Platform::Fingerprinters
|
11
11
|
|
12
|
-
#
|
13
12
|
# Identifies Tomcat web servers.
|
14
13
|
#
|
15
14
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
16
|
-
#
|
17
15
|
# @version 0.1
|
18
|
-
#
|
19
16
|
class Tomcat < Platform::Fingerprinter
|
20
17
|
|
18
|
+
IDS = %w(coyote tomcat)
|
19
|
+
|
21
20
|
def run
|
22
|
-
|
21
|
+
IDS.each do |id|
|
22
|
+
next if !server_or_powered_by_include? id
|
23
|
+
|
24
|
+
return update_platforms
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def update_platforms
|
29
|
+
platforms << :java << :tomcat
|
23
30
|
end
|
24
31
|
|
25
32
|
end
|
@@ -6,24 +6,17 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
#
|
10
9
|
# Extracts paths from anchor elements.
|
11
10
|
#
|
12
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
12
|
#
|
14
|
-
# @version 0.
|
15
|
-
#
|
13
|
+
# @version 0.2
|
16
14
|
class Arachni::Parser::Extractors::Anchors < Arachni::Parser::Extractors::Base
|
17
15
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
#
|
23
|
-
# @return [Array<String>] paths
|
24
|
-
#
|
25
|
-
def run( doc )
|
26
|
-
doc.search( '//a[@href]' ).map { |a| a['href'] }
|
16
|
+
def run
|
17
|
+
return [] if !includes?( 'href' )
|
18
|
+
|
19
|
+
document.search( '//a[@href]' ).map { |a| a['href'] }
|
27
20
|
end
|
28
21
|
|
29
22
|
end
|
@@ -6,24 +6,16 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
#
|
10
9
|
# Extracts paths from anchor elements.
|
11
10
|
#
|
12
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
|
-
#
|
14
|
-
# @version 0.1.1
|
15
|
-
#
|
12
|
+
# @version 0.2
|
16
13
|
class Arachni::Parser::Extractors::Areas < Arachni::Parser::Extractors::Base
|
17
14
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
#
|
23
|
-
# @return [Array<String>] paths
|
24
|
-
#
|
25
|
-
def run( doc )
|
26
|
-
doc.search( '//area[@href]' ).map { |a| a['href'] }
|
15
|
+
def run
|
16
|
+
return [] if !includes?( 'area' ) || !includes?( 'href' )
|
17
|
+
|
18
|
+
document.search( '//area[@href]' ).map { |a| a['href'] }
|
27
19
|
end
|
28
20
|
|
29
21
|
end
|
@@ -9,11 +9,13 @@
|
|
9
9
|
# Extract paths from HTML comments.
|
10
10
|
#
|
11
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
-
# @version 0.
|
12
|
+
# @version 0.2
|
13
13
|
class Arachni::Parser::Extractors::Comments < Arachni::Parser::Extractors::Base
|
14
14
|
|
15
|
-
def run
|
16
|
-
|
15
|
+
def run
|
16
|
+
return [] if !includes?( '<!--' )
|
17
|
+
|
18
|
+
document.xpath( '//comment()' ).map do |comment|
|
17
19
|
comment.text.scan( /(\/[\/a-zA-Z0-9%._-]+)/ )
|
18
20
|
end.flatten.select { |s| s.include? '/' }
|
19
21
|
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
3
|
+
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
|
+
web site for more information on licensing and terms of use.
|
7
|
+
=end
|
8
|
+
|
9
|
+
# Extracts paths from anchor elements.
|
10
|
+
#
|
11
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
12
|
+
# @version 0.2
|
13
|
+
class Arachni::Parser::Extractors::DataURL < Arachni::Parser::Extractors::Base
|
14
|
+
|
15
|
+
def run
|
16
|
+
return [] if !includes?( 'data-url' )
|
17
|
+
|
18
|
+
document.search( '//a[@data-url]' ).map { |a| a['data-url'] }
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
@@ -6,24 +6,16 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
#
|
10
9
|
# Extracts paths from "form" HTML elements.
|
11
10
|
#
|
12
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
|
-
#
|
14
|
-
# @version 0.1.1
|
15
|
-
#
|
12
|
+
# @version 0.2
|
16
13
|
class Arachni::Parser::Extractors::Forms < Arachni::Parser::Extractors::Base
|
17
14
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
#
|
23
|
-
# @return [Array<String>] paths
|
24
|
-
#
|
25
|
-
def run( doc )
|
26
|
-
doc.search( '//form[@action]' ).map { |a| a['action'] }
|
15
|
+
def run
|
16
|
+
return [] if !includes?( 'action' )
|
17
|
+
|
18
|
+
document.search( '//form[@action]' ).map { |a| a['action'] }
|
27
19
|
end
|
28
20
|
|
29
21
|
end
|
@@ -6,24 +6,17 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
#
|
10
9
|
# Extracts paths from frames.
|
11
10
|
#
|
12
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
|
-
#
|
14
|
-
# @version 0.1.1
|
15
|
-
#
|
12
|
+
# @version 0.2
|
16
13
|
class Arachni::Parser::Extractors::Frames < Arachni::Parser::Extractors::Base
|
17
14
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
# @return [Array<String>] paths
|
24
|
-
#
|
25
|
-
def run( doc )
|
26
|
-
doc.css( 'frame', 'iframe' ).map { |a| a.attributes['src'].content rescue next }
|
15
|
+
def run
|
16
|
+
return [] if !includes?( 'frame' )
|
17
|
+
|
18
|
+
document.css( 'frame', 'iframe' ).
|
19
|
+
map { |a| a.attributes['src'].content rescue next }
|
27
20
|
end
|
28
21
|
|
29
22
|
end
|
@@ -8,7 +8,6 @@
|
|
8
8
|
|
9
9
|
require 'uri'
|
10
10
|
|
11
|
-
#
|
12
11
|
# Extract URLs from arbitrary text.
|
13
12
|
#
|
14
13
|
# You might think that this renders the rest path extractors redundant
|
@@ -17,19 +16,11 @@ require 'uri'
|
|
17
16
|
#
|
18
17
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
19
18
|
#
|
20
|
-
# @version 0.
|
21
|
-
#
|
19
|
+
# @version 0.3
|
22
20
|
class Arachni::Parser::Extractors::Generic < Arachni::Parser::Extractors::Base
|
23
21
|
|
24
|
-
|
25
|
-
|
26
|
-
#
|
27
|
-
# @param [Nokogiri] doc Nokogiri document
|
28
|
-
#
|
29
|
-
# @return [Array<String>] paths
|
30
|
-
#
|
31
|
-
def run( doc )
|
32
|
-
URI.extract( doc.to_s, %w(http https) ).map do |u|
|
22
|
+
def run
|
23
|
+
URI.extract( html, %w(http https) ).map do |u|
|
33
24
|
#
|
34
25
|
# This extractor needs to be a tiny bit intelligent because
|
35
26
|
# due to its generic nature it'll inevitably match some garbage.
|
@@ -6,24 +6,16 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
#
|
10
9
|
# Extracts paths from "link" HTML elements.
|
11
10
|
#
|
12
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
|
-
#
|
14
|
-
# @version 0.1.1
|
15
|
-
#
|
12
|
+
# @version 0.2
|
16
13
|
class Arachni::Parser::Extractors::Links < Arachni::Parser::Extractors::Base
|
17
14
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
#
|
23
|
-
# @return [Array<String>] paths
|
24
|
-
#
|
25
|
-
def run( doc )
|
26
|
-
doc.search( "//link[@href]" ).map { |a| a['href'] }
|
15
|
+
def run
|
16
|
+
return [] if !includes?( 'link' )
|
17
|
+
|
18
|
+
document.search( '//link[@href]' ).map { |a| a['href'] }
|
27
19
|
end
|
28
20
|
|
29
21
|
end
|
@@ -6,24 +6,16 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
#
|
10
9
|
# Extracts meta refresh URLs.
|
11
10
|
#
|
12
11
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
|
-
#
|
14
|
-
# @version 0.1.2
|
15
|
-
#
|
12
|
+
# @version 0.2
|
16
13
|
class Arachni::Parser::Extractors::MetaRefresh < Arachni::Parser::Extractors::Base
|
17
14
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
#
|
23
|
-
# @return [Array<String>] paths
|
24
|
-
#
|
25
|
-
def run( doc )
|
26
|
-
doc.search( "//meta[
|
15
|
+
def run
|
16
|
+
return [] if !includes?( 'http-equiv' )
|
17
|
+
|
18
|
+
document.search( "//meta[
|
27
19
|
translate(
|
28
20
|
@http-equiv,
|
29
21
|
'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
|
@@ -6,24 +6,18 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
# Extracts paths from
|
10
|
-
# Both from
|
9
|
+
# Extracts paths from `script` HTML elements.
|
10
|
+
# Both from `src` and the text inside the scripts.
|
11
11
|
#
|
12
12
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
13
|
-
#
|
14
|
-
# @version 0.1.2
|
13
|
+
# @version 0.2
|
15
14
|
class Arachni::Parser::Extractors::Scripts < Arachni::Parser::Extractors::Base
|
16
15
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
# @return [Array<String>] paths
|
23
|
-
#
|
24
|
-
def run( doc )
|
25
|
-
doc.search( '//script[@src]' ).map { |a| a['src'] } |
|
26
|
-
doc.xpath( '//script' ).map(&:text).join.
|
16
|
+
def run
|
17
|
+
return [] if !includes?( 'script' )
|
18
|
+
|
19
|
+
document.search( '//script[@src]' ).map { |a| a['src'] } |
|
20
|
+
document.xpath( '//script' ).map(&:text).join.
|
27
21
|
scan( /[\/a-zA-Z0-9%._-]+/ ).
|
28
22
|
select { |s| s.include?( '.' ) && s.include?( '/' ) }
|
29
23
|
end
|
@@ -13,14 +13,15 @@
|
|
13
13
|
# framework-wide cookies.
|
14
14
|
#
|
15
15
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
16
|
-
#
|
17
|
-
# @version 0.2
|
16
|
+
# @version 0.2.1
|
18
17
|
class Arachni::Plugins::AutoLogin < Arachni::Plugin::Base
|
19
18
|
|
20
19
|
STATUSES = {
|
21
|
-
ok:
|
22
|
-
form_not_found:
|
23
|
-
|
20
|
+
ok: 'Form submitted successfully.',
|
21
|
+
form_not_found: 'Could not find a form suiting the provided parameters.',
|
22
|
+
form_not_visible: 'The form was located but its DOM element is not ' <<
|
23
|
+
'visible and thus cannot be submitted.',
|
24
|
+
check_failed: 'Form submitted but the response did not match the verifier.'
|
24
25
|
}
|
25
26
|
|
26
27
|
def prepare
|
@@ -46,6 +47,14 @@ class Arachni::Plugins::AutoLogin < Arachni::Plugin::Base
|
|
46
47
|
print_error STATUSES[:form_not_found]
|
47
48
|
@errored = true
|
48
49
|
return
|
50
|
+
rescue Arachni::Session::Error::FormNotVisible
|
51
|
+
register_results(
|
52
|
+
'status' => 'form_not_visible',
|
53
|
+
'message' => STATUSES[:form_not_visible]
|
54
|
+
)
|
55
|
+
print_error STATUSES[:form_not_visible]
|
56
|
+
@errored = true
|
57
|
+
return
|
49
58
|
end
|
50
59
|
|
51
60
|
framework.options.session.check_url ||= response.url
|
@@ -93,6 +102,9 @@ class Arachni::Plugins::AutoLogin < Arachni::Plugin::Base
|
|
93
102
|
It looks for the login form in the user provided URL, merges its input fields
|
94
103
|
with the user supplied parameters and sets the cookies of the response and
|
95
104
|
request as framework-wide cookies.
|
105
|
+
|
106
|
+
**NOTICE**: If the login form is by default hidden and requires a sequence of DOM
|
107
|
+
interactions in order to become visible, this plugin will not be able to submit it.
|
96
108
|
},
|
97
109
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
98
110
|
version: '0.2',
|
@@ -6,32 +6,19 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
# Catches custom
|
10
|
-
# checks.
|
9
|
+
# Catches custom-404s that somehow slipped past the {HTTP::Client::Dynamic404Handler}
|
10
|
+
# (or similar server behavior) that can confuse discovery checks.
|
11
11
|
#
|
12
12
|
# This is relatively easy to determine since valid responses to discovery checks
|
13
|
-
# should vary wildly while custom
|
13
|
+
# should vary wildly, while custom-404 responses will have many commonalities
|
14
14
|
# every time.
|
15
15
|
#
|
16
16
|
# This is a sort of baseline implementation/anomaly detection.
|
17
17
|
#
|
18
18
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
19
|
-
#
|
20
|
-
# @version 0.3
|
19
|
+
# @version 0.3.1
|
21
20
|
class Arachni::Plugins::Discovery < Arachni::Plugin::Base
|
22
21
|
|
23
|
-
# Valid responses to discovery checks should vary *wildly* especially
|
24
|
-
# considering the types of directories and files that these checks look for.
|
25
|
-
#
|
26
|
-
# On the other hand custom 404 or such responses will have many things in
|
27
|
-
# common which makes it possible to spot them without much bother.
|
28
|
-
SIMILARITY_TOLERANCE = 0.25
|
29
|
-
|
30
|
-
REMARK = 'This issue was logged by a discovery check but ' +
|
31
|
-
'the response for the resource it identified is very similar to responses ' +
|
32
|
-
'for other resources of similar type. This is a strong indication that ' +
|
33
|
-
'the logged issue is a false positive.'
|
34
|
-
|
35
22
|
def run
|
36
23
|
wait_while_framework_running
|
37
24
|
|
@@ -50,6 +37,9 @@ class Arachni::Plugins::Discovery < Arachni::Plugin::Base
|
|
50
37
|
next if !issue.tags.includes_tags?( :discovery )
|
51
38
|
|
52
39
|
issue.variations.each do |variation|
|
40
|
+
# Skip it if already flagged as untrusted.
|
41
|
+
next if variation.untrusted?
|
42
|
+
|
53
43
|
processed_issues += 1
|
54
44
|
|
55
45
|
# We'll do this per path since 404 handlers and such operate per
|
@@ -87,17 +77,9 @@ class Arachni::Plugins::Discovery < Arachni::Plugin::Base
|
|
87
77
|
similarity = Float( diff.size * issue_digests_per_path[path].size ) /
|
88
78
|
response_size_per_path[path]
|
89
79
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
issue_digests_per_path[path].each do |digest|
|
94
|
-
Data.issues[digest].variations.each do |issue|
|
95
|
-
issue.add_remark :meta_analysis, REMARK
|
96
|
-
|
97
|
-
# Requires manual verification.
|
98
|
-
issue.trusted = false
|
99
|
-
end
|
100
|
-
end
|
80
|
+
Arachni::Element::Server.flag_issues_if_untrusted(
|
81
|
+
similarity, issue_digests_per_path[path]
|
82
|
+
)
|
101
83
|
end
|
102
84
|
end
|
103
85
|
|
@@ -112,7 +94,7 @@ while the server responses were exhibiting an anomalous factor of similarity.
|
|
112
94
|
There's a good chance that these issues are false positives.
|
113
95
|
},
|
114
96
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
115
|
-
version: '0.3',
|
97
|
+
version: '0.3.1',
|
116
98
|
tags: %w(anomaly discovery file directories meta)
|
117
99
|
}
|
118
100
|
end
|