RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/components/plugins/login_script.rb CHANGED

@@ -12,18 +12,31 @@
 class Arachni::Plugins::LoginScript < Arachni::Plugin::Base
     STATUSES  = {
-        success:       'Login was successful.',
-        failure:       'The script was executed successfully, but the login check failed.',
-        error:         'A runtime error was encountered while executing the login script.',
-        missing_check: 'No session check was provided, either via interface options or the script.'
+        success:         'Login was successful.',
+        failure:         'The script was executed successfully, but the login check failed.',
+        error:           'A runtime error was encountered while executing the login script.',
+        missing_browser: 'A browser is required for this operation but is not available.',
+        missing_check:   'No session check was provided, either via interface options or the script.'
     }
     def prepare
-        script = IO.read( @options[:script] )
-        @script = proc { |browser| eval script }
+        script    = IO.read( @options[:script] )
+        @script   = proc do |browser|
+            if javascript?
+                browser.goto @framework.options.url
+                browser.execute_script script
+            else
+                eval script
+            end
+        end
     end
     def run
+        if javascript? && !session.has_browser?
+            set_status :missing_browser, :error
+            return
+        end
         framework_pause
         print_info 'System paused.'
@@ -71,6 +84,10 @@ class Arachni::Plugins::LoginScript < Arachni::Plugin::Base
         framework_resume
     end
+    def javascript?
+        @options[:script].split( '.' ).last == 'js'
+    end
     def set_status( status, type = nil, extra = {} )
         type ||= status
@@ -96,7 +113,9 @@ The script needn't necessarily perform an actual login operation. If another
 process is used to manage sessions, the script can be used to communicate with
 that process and, for example, load and set cookies from a shared cookie-jar.
-**With browser (slow):**
+# Ruby
+## With browser (slow)
 If a [browser](http://watirwebdriver.com/) is available, it will be exposed to
 the script via the `browser` variable. Otherwise, that variable will have a
@@ -115,7 +134,7 @@ value of `nil`.
     framework.options.session.check_url     = browser.url
     framework.options.session.check_pattern = /Sign Off|MY ACCOUNT/
-**Without browser (fast):**
+## Without browser (fast)
 If a real browser environment is not required for the login operation, then
 using the system-wide HTTP interface is preferable, as it will be much faster
@@ -133,15 +152,26 @@ and consume much less resources.
     framework.options.session.check_url     = to_absolute( response.headers.location, response.url )
     framework.options.session.check_pattern = /Sign Off|MY ACCOUNT/
-**From cookie-jar:**
+## From cookie-jar
 If an external process is used to manage sessions, you can keep Arachni in sync
 by loading cookies from a shared Netscape-style cookie-jar file.
     http.cookie_jar.load 'cookies.txt'
+# Javascript
+When the given script has a `.js` file extension, it will be loaded and executed
+in the browser, within the page of the target URL.
+    document.getElementById( 'uid' ).value   = 'jsmith';
+    document.getElementById( 'passw' ).value = 'Demo1234';
+    document.getElementById( 'login' ).submit();
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1',
+            version:     '0.2',
             options:     [
                 Options::Path.new( :script,
                     required:    true,

data/components/plugins/metrics.rb ADDED

@@ -0,0 +1,235 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+# @version 0.1
+class Arachni::Plugins::Metrics < Arachni::Plugin::Base
+    def prepare
+        @metrics = {
+            'general'   => {
+                'egress_traffic'  => 0,
+                # Approximation, may differ from the real value depending on
+                # compression and other factors.
+                'ingress_traffic' => 0,
+                'uses_http'       => false,
+                'uses_https'      => false
+            },
+            'scan'      => {
+                'duration'      => 0,
+                'authenticated' => false
+            },
+            'http'      => {
+                'requests'              => 0,
+                'response_time_min'     => 0,
+                'response_time_max'     => 0,
+                'response_time_average' => 0,
+                'request_size_min'      => 0,
+                'request_size_max'      => 0,
+                'request_size_average'  => 0,
+                'response_size_min'     => 0,
+                'response_size_max'     => 0,
+                'response_size_average' => 0
+            },
+            'resource'  => {
+                'binary'            => Arachni::Support::LookUp::HashSet.new,
+                'without_parameters' => Arachni::Support::LookUp::HashSet.new,
+                'with_parameters'    => Arachni::Support::LookUp::HashSet.new
+            },
+            'element'   => {
+                'links'                    => 0,
+                'forms'                    => 0,
+                'cookies'                  => 0,
+                'jsons'                    => 0,
+                'xmls'                     => 0,
+                'headers'                  => 0,
+                'has_forms_with_nonces'    => false,
+                'has_forms_with_passwords' => false,
+                'input_names_total'        => 0,
+                'input_names_unique'       => Arachni::Support::LookUp::HashSet.new
+            },
+            'dom'       => {
+                'event_listeners' => Arachni::Support::LookUp::HashSet.new,
+                'swf_objects'     => Arachni::Support::LookUp::HashSet.new
+            },
+            'platforms' => Arachni::Platform::Manager::TYPES.keys.
+                inject({}) { |h, t| h[t.to_s] = Set.new; h }
+        }
+    end
+    def run
+        http_response_time_total = 0
+        http.on_complete do |response|
+            response.platforms.to_a.each do |platform|
+                @metrics['platforms'][Arachni::Platform::Manager.find_type( platform ).to_s] << platform.to_s
+            end
+            @metrics['general']['egress_traffic']  += response.request.to_s.size
+            @metrics['general']['ingress_traffic'] += response.to_s.size
+            if @metrics['http']['response_time_min'].is_a?( Integer ) ||
+                response.time < @metrics['http']['response_time_min']
+                @metrics['http']['response_time_min'] = response.time
+            end
+            if response.time > @metrics['http']['response_time_max']
+                @metrics['http']['response_time_max'] = response.time
+            end
+            response_size = response.to_s.size
+            if @metrics['http']['response_size_min'].is_a?( Integer ) ||
+                response_size < @metrics['http']['response_size_min']
+                @metrics['http']['response_size_min'] = response_size
+            end
+            if response_size > @metrics['http']['response_size_max']
+                @metrics['http']['response_size_max'] = response_size
+            end
+            request_size = response.request.to_s.size
+            if @metrics['http']['request_size_min'].is_a?( Integer ) ||
+                request_size < @metrics['http']['request_size_min']
+                @metrics['http']['request_size_min'] = request_size
+            end
+            if request_size > @metrics['http']['request_size_max']
+                @metrics['http']['request_size_max'] = request_size
+            end
+            # Only track OK codes, otherwise discovery checks will muck with the
+            # data.
+            if response.code == 200
+                if response.request.body.is_a?( Hash ) ||
+                    response.request.parameters.any? ||
+                    response.request.url.include?( '?' )
+                    if response.request.body.is_a? Hash
+                        body = response.request.body.keys.sort
+                    else
+                        body = nil
+                    end
+                    @metrics['resource']['with_parameters'] <<
+                        "#{response.parsed_url.up_to_path}#{response.request.parameters.keys.sort}:#{body}"
+                else
+                    @metrics['resource']['without_parameters'] << response.url
+                end
+            end
+            @metrics['general']['uses_http']  ||=
+                (response.parsed_url.scheme == 'http')
+            @metrics['general']['uses_https'] ||=
+                (response.parsed_url.scheme == 'https')
+            if !response.text?
+                @metrics['resource']['binary'] << response.url
+            end
+            http_response_time_total += response.time
+        end
+        framework.on_page_audit do |page|
+            %w(links forms cookies headers jsons xmls).each do |type|
+                page.send( type ).each do |e|
+                    next if e.inputs.empty?
+                    @metrics['element'][type]                += 1
+                    @metrics['element']['input_names_total'] += e.inputs.size
+                    e.inputs.keys.each do |name|
+                        @metrics['element']['input_names_unique'] << name
+                    end
+                    if e.is_a? Arachni::Element::Form
+                        # Probably not a real form, just a request with inputs
+                        # captured by the browsers and fed back to the system.
+                        if !e.source
+                            @metrics['element'][type] -= 1
+                        end
+                        @metrics['element']['has_forms_with_nonces']    ||= !!e.has_nonce?
+                        @metrics['element']['has_forms_with_passwords'] ||= !!e.requires_password?
+                    end
+                end
+            end
+            if (swf = find_swf( page ))
+                @metrics['dom']['swf_objects'] << swf
+            end
+            if Arachni::Options.scope.dom_depth_limit.to_i < page.dom.depth + 1 &&
+                browser_cluster && page.has_script?
+                with_browser do |browser|
+                    browser.load( page ).each_element_with_events do |locator, event_data|
+                        event_data.each do |data|
+                            @metrics['dom']['event_listeners'] << "#{locator}:#{data}"
+                        end
+                    end
+                end
+            end
+        end
+        wait_while_framework_running
+        @metrics = process( @metrics )
+        @metrics['http']['requests'] = framework.statistics[:http][:response_count]
+        @metrics['http']['response_time_average'] =
+            http_response_time_total / @metrics['http']['requests']
+        @metrics['http']['response_size_average'] =
+            @metrics['general']['ingress_traffic'] / @metrics['http']['requests']
+        @metrics['http']['request_size_average'] =
+            @metrics['general']['egress_traffic'] / @metrics['http']['requests']
+        @metrics['scan']['duration']      = framework.statistics[:runtime]
+        @metrics['scan']['authenticated'] = !!Arachni::Options.session.check_url
+        register_results @metrics
+    end
+    def find_swf( page )
+        page.body.scan( /(?:data|src)=['"]?(.*)\.swf['"]?>/ )[0]
+    end
+    def process( hash )
+        h = {}
+        hash.each do |k, v|
+            case v
+                when Hash
+                    v = process( v )
+                when Set
+                    v = v.to_a
+                when Arachni::Support::LookUp::HashSet
+                    v = v.size
+            end
+            h[k] = v
+        end
+        h
+    end
+    def self.info
+        {
+            name:        'Metrics',
+            description: %q{
+Captures metrics about multiple aspects of the scan and the web application.
+},
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
+            version:     '0.1'
+        }
+    end
+end

data/components/plugins/proxy.rb CHANGED

@@ -60,7 +60,13 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
         print_info "Control panel URL: #{url_for( :panel )}"
         print_info "Shutdown URL:      #{url_for( :shutdown )}"
         print_info 'The scan will resume once you visit the shutdown URL.'
+        print_info
+        print_info 'When browsing HTTPS sites, please accept the Arachni SSL certificate' +
+            ' or install the CA certificate manually from:'
+        print_info "    #{Arachni::HTTP::ProxyServer::INTERCEPTOR_CA_CERTIFICATE}"
+        print_info
+        print_bad '**DO NOT** forget to revoke it after using the proxy, as it' +
+            ' can be used by anyone to impersonate 3rd party servers.'
         print_info
         print_info '*' * 82
         print_info '* You need to clear your browser\'s cookies for this site before using the proxy! *'
@@ -77,7 +83,12 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
     end
     def prepare_pages_for_inspection
-        @pages.select { |p| (p.forms.any? || p.links.any? || p.cookies.any?) && p.text? }
+        (@pages.select do |p|
+            next if !p.text?
+            p.forms.any? || p.links.any? || p.cookies.any? || p.jsons.any? ||
+                p.xmls.any?
+        end).to_a
     end
     def vectors_yaml
@@ -86,12 +97,18 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
             page.elements.each do |element|
                 next if element.inputs.empty?
-                vectors << {
+                data = {
                     type:   element.type,
                     method: element.method,
                     action: element.action,
                     inputs: element.inputs
                 }
+                if element.respond_to? :source
+                    data[:source] = element.source
+                end
+                vectors << data
             end
         end
         vectors.to_yaml
@@ -476,7 +493,7 @@ a way to restrict usage enough to avoid users unwittingly interfering with each
 others' sessions.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.3.2',
+            version:     '0.3.3',
             options:     [
                 Options::Port.new( :port,
                     description: 'Port to bind to.',

data/components/plugins/proxy/panel/page_accordion.html.erb CHANGED

@@ -7,9 +7,13 @@
                     <%= html_encode page.title %>
                     -
                     <%= page.forms.size %> forms,
-                    <%= page.links.size %> links and
-                    <%= page.cookies.size %> cookies
+                    <%= page.links.size %> links,
+                    <%= page.cookies.size %> cookies,
+                    <%= page.jsons.size %> JSONs and
+                    <%= page.xmls.size %> XMLs.
                     <br/>
                     (<%= page.url %>)
                 </p>
             </div>
@@ -60,6 +64,34 @@
                             <hr />
                         <% end %>
                     </div>
+                    <div class="well links">
+                        <h2>JSONs</h2>
+                        <% page.jsons.each do |json| %>
+                            <p>
+                                <b>Action: <%= html_encode json.action %></b>
+                            <ul>
+                                <% json.inputs.each do |k, v| %>
+                                    <li><%= k.inspect %> = <%= v.inspect %></li>
+                                <% end %>
+                            </ul>
+                            </p>
+                            <hr />
+                        <% end %>
+                    </div>
+                    <div class="well links">
+                        <h2>XMLs</h2>
+                        <% page.xmls.each do |xml| %>
+                            <p>
+                                <b>Action: <%= html_encode xml.action %></b>
+                            <ul>
+                                <% xml.inputs.each do |k, v| %>
+                                    <li><%= k.inspect %> = <%= v.inspect %></li>
+                                <% end %>
+                            </ul>
+                            </p>
+                            <hr />
+                        <% end %>
+                    </div>
                 </div>
             </div>
         </div>

data/components/plugins/restrict_to_dom_state.rb ADDED

@@ -0,0 +1,70 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+# @version 0.1
+class Arachni::Plugins::RestrictToDOMState < Arachni::Plugin::Base
+    def prepare
+        print_status 'Sending pause signal...'
+        @pause_id = framework.pause( false )
+        print_status '...done.'
+        # Disable any operations that can lead to a crawl, we only want the
+        # system to audit the page snapshot we give it.
+        framework.options.scope.do_not_crawl
+        @fragment = options[:fragment]
+        @url      = "#{framework.options.url}##{@fragment}"
+        print_info "Full URL set to: #{@url}"
+    end
+    def run
+        print_status 'Initialising browser...'
+        browser = Arachni::Browser.new( store_pages: false )
+        print_status '...done.'
+        print_status 'Loading page...'
+        page = browser.load( @url ).to_page
+        print_info '  Transitions:'
+        page.dom.print_transitions( method(:print_info), '    ' )
+        framework.push_to_page_queue page, true
+        print_status 'Pushed to page queue.'
+    ensure
+        return if !browser
+        print_status 'Shutting down browser...'
+        browser.shutdown
+        print_status '...done.'
+    end
+    def clean_up
+        print_status 'Resuming scan...'
+        framework.resume @pause_id
+        print_status '...done.'
+    end
+    def self.info
+        {
+            name:        'Restrict to DOM state',
+            description: %q{Restricts the scan to a single page's DOM state.},
+            author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
+            version:     '0.1',
+            options:     [
+                Options::String.new( :fragment,
+                    required:    true,
+                    description: 'URL fragment for the desired state.'
+                )
+            ],
+            priority:    0 # run before any other plugin
+        }
+    end
+end