arachni 1.1 → 1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +159 -0
- data/LICENSE.md +126 -196
- data/README.md +32 -24
- data/arachni.gemspec +7 -7
- data/components/checks/active/code_injection_timing.rb +3 -3
- data/components/checks/active/csrf.rb +2 -2
- data/components/checks/active/file_inclusion.rb +6 -7
- data/components/checks/active/os_cmd_injection.rb +3 -3
- data/components/checks/active/path_traversal.rb +7 -7
- data/components/checks/active/response_splitting.rb +9 -4
- data/components/checks/active/session_fixation.rb +7 -3
- data/components/checks/active/source_code_disclosure.rb +5 -5
- data/components/checks/active/unvalidated_redirect.rb +12 -3
- data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
- data/components/checks/active/xss.rb +23 -10
- data/components/checks/active/xss_dom_inputs.rb +113 -11
- data/components/checks/active/xxe.rb +3 -3
- data/components/checks/passive/backdoors.rb +6 -5
- data/components/checks/passive/backup_directories.rb +6 -6
- data/components/checks/passive/backup_files.rb +6 -6
- data/components/checks/passive/common_admin_interfaces.rb +58 -0
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
- data/components/checks/passive/common_directories/directories.txt +0 -16
- data/components/checks/passive/common_files.rb +6 -5
- data/components/checks/passive/common_files/filenames.txt +0 -2
- data/components/checks/passive/directory_listing.rb +6 -6
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
- data/components/checks/passive/grep/hsts.rb +6 -3
- data/components/checks/passive/grep/http_only_cookies.rb +3 -3
- data/components/checks/passive/grep/insecure_cookies.rb +2 -2
- data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
- data/components/checks/passive/grep/x_frame_options.rb +6 -4
- data/components/checks/passive/htaccess_limit.rb +6 -2
- data/components/checks/passive/http_put.rb +8 -4
- data/components/checks/passive/interesting_responses.rb +3 -2
- data/components/checks/passive/localstart_asp.rb +6 -2
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
- data/components/checks/passive/xst.rb +6 -2
- data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
- data/components/fingerprinters/frameworks/cakephp.rb +28 -0
- data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
- data/components/fingerprinters/frameworks/django.rb +33 -0
- data/components/fingerprinters/frameworks/jsf.rb +30 -0
- data/components/fingerprinters/frameworks/rack.rb +5 -7
- data/components/fingerprinters/frameworks/rails.rb +43 -0
- data/components/fingerprinters/languages/aspx.rb +11 -11
- data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
- data/components/fingerprinters/languages/php.rb +6 -6
- data/components/fingerprinters/languages/python.rb +14 -6
- data/components/fingerprinters/languages/ruby.rb +3 -5
- data/components/fingerprinters/servers/apache.rb +5 -4
- data/components/fingerprinters/servers/gunicorn.rb +33 -0
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +11 -4
- data/components/path_extractors/anchors.rb +5 -12
- data/components/path_extractors/areas.rb +5 -13
- data/components/path_extractors/comments.rb +5 -3
- data/components/path_extractors/data_url.rb +21 -0
- data/components/path_extractors/forms.rb +5 -13
- data/components/path_extractors/frames.rb +6 -13
- data/components/path_extractors/generic.rb +3 -12
- data/components/path_extractors/links.rb +5 -13
- data/components/path_extractors/meta_refresh.rb +5 -13
- data/components/path_extractors/scripts.rb +8 -14
- data/components/plugins/autologin.rb +17 -5
- data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
- data/components/plugins/login_script.rb +40 -10
- data/components/plugins/metrics.rb +235 -0
- data/components/plugins/proxy.rb +21 -4
- data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
- data/components/plugins/restrict_to_dom_state.rb +70 -0
- data/components/plugins/vector_feed.rb +38 -9
- data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
- data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
- data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
- data/components/reporters/stdout.rb +4 -2
- data/components/reporters/xml.rb +4 -4
- data/components/reporters/xml/schema.xsd +95 -0
- data/lib/arachni.rb +2 -0
- data/lib/arachni/browser.rb +132 -77
- data/lib/arachni/browser/javascript.rb +173 -45
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
- data/lib/arachni/browser_cluster.rb +41 -15
- data/lib/arachni/browser_cluster/job.rb +4 -0
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
- data/lib/arachni/browser_cluster/worker.rb +8 -5
- data/lib/arachni/check/auditor.rb +20 -8
- data/lib/arachni/check/base.rb +38 -6
- data/lib/arachni/element/base.rb +18 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
- data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
- data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/cookie.rb +37 -23
- data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
- data/lib/arachni/element/cookie/dom.rb +0 -8
- data/lib/arachni/element/form.rb +28 -14
- data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
- data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
- data/lib/arachni/element/form/dom.rb +0 -8
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/json.rb +2 -1
- data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +13 -16
- data/lib/arachni/element/link/dom.rb +1 -14
- data/lib/arachni/element/link_template.rb +3 -2
- data/lib/arachni/element/link_template/dom.rb +0 -16
- data/lib/arachni/element/server.rb +51 -9
- data/lib/arachni/element/xml.rb +1 -0
- data/lib/arachni/ethon/easy.rb +4 -1
- data/lib/arachni/framework/parts/audit.rb +26 -77
- data/lib/arachni/framework/parts/browser.rb +50 -55
- data/lib/arachni/framework/parts/check.rb +4 -3
- data/lib/arachni/framework/parts/data.rb +41 -6
- data/lib/arachni/framework/parts/state.rb +16 -7
- data/lib/arachni/http/client.rb +66 -38
- data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
- data/lib/arachni/http/headers.rb +22 -10
- data/lib/arachni/http/proxy_server.rb +67 -22
- data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
- data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
- data/lib/arachni/http/request.rb +71 -18
- data/lib/arachni/issue.rb +17 -3
- data/lib/arachni/option_groups/browser_cluster.rb +34 -1
- data/lib/arachni/option_groups/http.rb +1 -1
- data/lib/arachni/page.rb +26 -13
- data/lib/arachni/page/dom/transition.rb +2 -2
- data/lib/arachni/parser.rb +28 -11
- data/lib/arachni/platform/fingerprinter.rb +5 -0
- data/lib/arachni/platform/manager.rb +65 -32
- data/lib/arachni/plugin/base.rb +8 -0
- data/lib/arachni/processes/instances.rb +25 -11
- data/lib/arachni/reporter/manager.rb +2 -2
- data/lib/arachni/rpc/client/instance.rb +4 -0
- data/lib/arachni/rpc/server/framework/master.rb +3 -3
- data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
- data/lib/arachni/rpc/server/instance.rb +2 -1
- data/lib/arachni/ruby/array.rb +5 -0
- data/lib/arachni/ruby/hash.rb +5 -0
- data/lib/arachni/ruby/string.rb +2 -3
- data/lib/arachni/session.rb +32 -6
- data/lib/arachni/state/framework.rb +6 -2
- data/lib/arachni/support/cache.rb +1 -0
- data/lib/arachni/support/cache/base.rb +12 -8
- data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
- data/lib/arachni/support/cache/least_recently_used.rb +5 -8
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -25
- data/lib/arachni/support/database/queue.rb +21 -8
- data/lib/arachni/support/lookup/base.rb +7 -1
- data/lib/arachni/support/mixins/observable.rb +3 -1
- data/lib/arachni/support/profiler.rb +51 -10
- data/lib/arachni/support/signature.rb +11 -2
- data/lib/arachni/trainer.rb +8 -2
- data/lib/arachni/uri.rb +28 -25
- data/lib/arachni/uri/scope.rb +1 -1
- data/lib/arachni/utilities.rb +8 -0
- data/lib/arachni/watir/element.rb +1 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
- data/spec/arachni/browser/javascript_spec.rb +235 -61
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
- data/spec/arachni/browser_cluster_spec.rb +58 -10
- data/spec/arachni/browser_spec.rb +170 -26
- data/spec/arachni/check/auditor_spec.rb +22 -3
- data/spec/arachni/check/base_spec.rb +84 -0
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
- data/spec/arachni/element/cookie/dom_spec.rb +0 -9
- data/spec/arachni/element/cookie_spec.rb +85 -0
- data/spec/arachni/element/form/dom_spec.rb +0 -9
- data/spec/arachni/element/form_spec.rb +46 -3
- data/spec/arachni/element/json_spec.rb +20 -0
- data/spec/arachni/element/link/dom_spec.rb +0 -9
- data/spec/arachni/element/link_spec.rb +40 -15
- data/spec/arachni/element/link_template/dom_spec.rb +0 -8
- data/spec/arachni/element/link_template_spec.rb +2 -6
- data/spec/arachni/element/server_spec.rb +94 -8
- data/spec/arachni/element/xml_spec.rb +20 -0
- data/spec/arachni/framework/parts/audit_spec.rb +12 -14
- data/spec/arachni/framework/parts/browser_spec.rb +0 -171
- data/spec/arachni/framework/parts/platform_spec.rb +14 -8
- data/spec/arachni/framework/parts/report_spec.rb +1 -1
- data/spec/arachni/framework/parts/state_spec.rb +0 -9
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
- data/spec/arachni/http/client_spec.rb +169 -42
- data/spec/arachni/http/headers_spec.rb +18 -0
- data/spec/arachni/http/request_spec.rb +23 -0
- data/spec/arachni/issue_spec.rb +17 -6
- data/spec/arachni/page_spec.rb +22 -2
- data/spec/arachni/parser_spec.rb +5 -0
- data/spec/arachni/platform/manager_spec.rb +57 -25
- data/spec/arachni/reporter/manager_spec.rb +26 -0
- data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
- data/spec/arachni/state/framework_spec.rb +2 -8
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
- data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
- data/spec/arachni/support/database/queue_spec.rb +7 -0
- data/spec/arachni/support/mixins/observable_spec.rb +15 -1
- data/spec/arachni/trainer_spec.rb +2 -2
- data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
- data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
- data/spec/components/checks/active/path_traversal_spec.rb +2 -2
- data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
- data/spec/components/checks/active/xss_spec.rb +5 -5
- data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
- data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
- data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
- data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
- data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
- data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
- data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
- data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
- data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
- data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
- data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
- data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
- data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
- data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
- data/spec/components/fingerprinters/languages/ruby.rb +6 -4
- data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
- data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
- data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
- data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
- data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
- data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
- data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
- data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
- data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
- data/spec/components/path_extractors/data_url_spec.rb +19 -0
- data/spec/components/plugins/autologin_spec.rb +23 -0
- data/spec/components/plugins/login_script_spec.rb +112 -24
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
- data/spec/components/plugins/vector_feed_spec.rb +39 -1
- data/spec/support/factories/page/dom.rb +9 -4
- data/spec/support/factories/page/dom/transition.rb +31 -9
- data/spec/support/factories/scan_report.rb +8 -6
- data/spec/support/fixtures/empty/placeholder +0 -0
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
- data/spec/support/servers/arachni/browser.rb +117 -11
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
- data/spec/support/servers/arachni/check/auditor.rb +4 -0
- data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
- data/spec/support/servers/arachni/http/client.rb +5 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
- data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
- data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
- data/spec/support/servers/checks/active/path_traversal.rb +2 -2
- data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
- data/spec/support/servers/checks/active/trainer_check.rb +9 -10
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
- data/spec/support/servers/checks/active/xss.rb +35 -0
- data/spec/support/servers/checks/active/xss_dom.rb +1 -1
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
- data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
- data/spec/support/servers/plugins/autologin.rb +9 -0
- data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
- data/spec/support/shared/element/base.rb +42 -0
- data/spec/support/shared/element/capabilities/auditable.rb +4 -4
- data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
- data/spec/support/shared/element/capabilities/submitable.rb +7 -2
- data/spec/support/shared/fingerprinter.rb +8 -0
- data/spec/support/shared/path_extractor.rb +1 -1
- data/ui/cli/framework.rb +3 -3
- data/ui/cli/framework/option_parser.rb +9 -0
- data/ui/cli/output.rb +9 -0
- data/ui/cli/reporter.rb +5 -2
- data/ui/cli/utilities.rb +4 -2
- metadata +76 -17
- data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
- data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
- data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56
|
@@ -77,6 +77,7 @@ class Arachni::Plugins::VectorFeed < Arachni::Plugin::Base
|
|
|
77
77
|
pages = pages.values
|
|
78
78
|
pages << page_buffer
|
|
79
79
|
pages.flatten!
|
|
80
|
+
|
|
80
81
|
if !pages.empty?
|
|
81
82
|
print_status 'Pushing the vectors to the audit queue...'
|
|
82
83
|
pages.each { |page| framework.push_to_page_queue( page, true ) }
|
|
@@ -105,37 +106,65 @@ class Arachni::Plugins::VectorFeed < Arachni::Plugin::Base
|
|
|
105
106
|
owner = framework.options.url.to_s
|
|
106
107
|
action = vector[:action]
|
|
107
108
|
inputs = vector[:inputs]
|
|
109
|
+
source = vector[:source].to_s
|
|
108
110
|
method = vector[:method] || 'get'
|
|
109
|
-
type = vector[:type]
|
|
111
|
+
type = (vector[:type] || 'link').to_s
|
|
110
112
|
|
|
111
|
-
return if !inputs || inputs.empty?
|
|
113
|
+
return if (!inputs || inputs.empty?) &&
|
|
114
|
+
(!(type == 'xml' || type == 'json') && !source.empty?)
|
|
112
115
|
|
|
113
116
|
e = case type
|
|
114
117
|
when Element::Link.type.to_s
|
|
115
|
-
Link.new(
|
|
118
|
+
Element::Link.new(
|
|
116
119
|
url: owner,
|
|
117
120
|
action: action,
|
|
118
121
|
inputs: inputs,
|
|
122
|
+
source: source
|
|
119
123
|
)
|
|
124
|
+
|
|
120
125
|
when Element::Form.type.to_s
|
|
121
|
-
Form.new(
|
|
126
|
+
Element::Form.new(
|
|
122
127
|
url: owner,
|
|
123
128
|
method: method,
|
|
124
129
|
action: action,
|
|
125
|
-
inputs: inputs
|
|
130
|
+
inputs: inputs,
|
|
131
|
+
source: source
|
|
126
132
|
)
|
|
133
|
+
|
|
127
134
|
when Element::Cookie.type.to_s
|
|
128
|
-
Cookie.new(
|
|
135
|
+
Element::Cookie.new(
|
|
136
|
+
url: action,
|
|
137
|
+
inputs: inputs,
|
|
138
|
+
source: source
|
|
139
|
+
)
|
|
140
|
+
|
|
129
141
|
when Element::Header.type.to_s
|
|
130
142
|
Header.new( url: action, inputs: inputs )
|
|
143
|
+
|
|
144
|
+
when Element::JSON.type.to_s
|
|
145
|
+
Element::JSON.new(
|
|
146
|
+
url: action,
|
|
147
|
+
inputs: inputs,
|
|
148
|
+
source: source
|
|
149
|
+
)
|
|
150
|
+
|
|
151
|
+
when Element::XML.type.to_s
|
|
152
|
+
Element::XML.new(
|
|
153
|
+
url: action,
|
|
154
|
+
inputs: inputs,
|
|
155
|
+
source: source
|
|
156
|
+
)
|
|
157
|
+
|
|
131
158
|
else
|
|
132
|
-
Link.new(
|
|
159
|
+
Element::Link.new(
|
|
133
160
|
url: owner,
|
|
134
161
|
action: action,
|
|
135
162
|
inputs: inputs
|
|
136
163
|
)
|
|
137
|
-
|
|
164
|
+
end
|
|
165
|
+
|
|
138
166
|
(vector[:skip] || []).each { |i| e.immutables << i }
|
|
167
|
+
|
|
139
168
|
e
|
|
140
169
|
end
|
|
141
170
|
|
|
@@ -205,7 +234,7 @@ Example YAML file:
|
|
|
205
234
|
|
|
206
235
|
},
|
|
207
236
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
|
208
|
-
version: '0.
|
|
237
|
+
version: '0.2',
|
|
209
238
|
options: [
|
|
210
239
|
Options::Object.new( :vectors,
|
|
211
240
|
description: ' Vector array (for configuration over RPC).'
|
|
@@ -0,0 +1,290 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
|
3
|
+
|
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
|
6
|
+
web site for more information on licensing and terms of use.
|
|
7
|
+
=end
|
|
8
|
+
|
|
9
|
+
class Arachni::Reporters::HTML
|
|
10
|
+
|
|
11
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
|
12
|
+
class PluginFormatters::Metrics < Arachni::Plugin::Formatter
|
|
13
|
+
include TemplateUtilities
|
|
14
|
+
|
|
15
|
+
def run
|
|
16
|
+
ERB.new( tpl ).result( binding )
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def tpl
|
|
20
|
+
<<-HTML
|
|
21
|
+
<div class="row">
|
|
22
|
+
<div class="col-md-3">
|
|
23
|
+
|
|
24
|
+
<h3>General</h3>
|
|
25
|
+
<dl class="dl-horizontal">
|
|
26
|
+
<dt>
|
|
27
|
+
Egress traffic
|
|
28
|
+
</dt>
|
|
29
|
+
<dd>
|
|
30
|
+
<%= Arachni::Utilities.bytes_to_megabytes results['general']['egress_traffic'] %>MB
|
|
31
|
+
</dd>
|
|
32
|
+
|
|
33
|
+
<dt>
|
|
34
|
+
Ingress traffic
|
|
35
|
+
</dt>
|
|
36
|
+
<dd>
|
|
37
|
+
<%= Arachni::Utilities.bytes_to_megabytes results['general']['ingress_traffic'] %>MB
|
|
38
|
+
</dd>
|
|
39
|
+
|
|
40
|
+
<dt>
|
|
41
|
+
Uses HTTP
|
|
42
|
+
</dt>
|
|
43
|
+
<dd>
|
|
44
|
+
<%= boolean results['general']['uses_http'] %>
|
|
45
|
+
</dd>
|
|
46
|
+
|
|
47
|
+
<dt>
|
|
48
|
+
Uses HTTPS
|
|
49
|
+
</dt>
|
|
50
|
+
<dd>
|
|
51
|
+
<%= boolean results['general']['uses_https'] %>
|
|
52
|
+
</dd>
|
|
53
|
+
</dl>
|
|
54
|
+
|
|
55
|
+
<h3>Scan</h3>
|
|
56
|
+
<dl class="dl-horizontal">
|
|
57
|
+
<dt>
|
|
58
|
+
Duration
|
|
59
|
+
</dt>
|
|
60
|
+
<dd>
|
|
61
|
+
<%= Arachni::Utilities.seconds_to_hms results['scan']['duration'] %>
|
|
62
|
+
</dd>
|
|
63
|
+
|
|
64
|
+
<dt>
|
|
65
|
+
Authenticated
|
|
66
|
+
</dt>
|
|
67
|
+
<dd>
|
|
68
|
+
<%= boolean results['scan']['authenticated'] %>
|
|
69
|
+
</dd>
|
|
70
|
+
</dl>
|
|
71
|
+
|
|
72
|
+
<h3>HTTP</h3>
|
|
73
|
+
<dl class="dl-horizontal">
|
|
74
|
+
<dt>
|
|
75
|
+
Requests
|
|
76
|
+
</dt>
|
|
77
|
+
<dd>
|
|
78
|
+
<%= results['http']['requests'] %>
|
|
79
|
+
</dd>
|
|
80
|
+
|
|
81
|
+
<dt>
|
|
82
|
+
Minimum response time
|
|
83
|
+
</dt>
|
|
84
|
+
<dd>
|
|
85
|
+
<%= results['http']['response_time_min'].round( 4 ) %>s
|
|
86
|
+
</dd>
|
|
87
|
+
<dt>
|
|
88
|
+
Maximum response time
|
|
89
|
+
</dt>
|
|
90
|
+
<dd>
|
|
91
|
+
<%= results['http']['response_time_max'].round( 4 ) %>s
|
|
92
|
+
</dd>
|
|
93
|
+
<dt>
|
|
94
|
+
Average response time
|
|
95
|
+
</dt>
|
|
96
|
+
<dd>
|
|
97
|
+
<%= results['http']['response_time_average'].round( 4 ) %>s
|
|
98
|
+
</dd>
|
|
99
|
+
|
|
100
|
+
<dt>
|
|
101
|
+
Minimum response size
|
|
102
|
+
</dt>
|
|
103
|
+
<dd>
|
|
104
|
+
<%= Arachni::Utilities.bytes_to_kilobytes results['http']['response_size_min'] %> KB
|
|
105
|
+
</dd>
|
|
106
|
+
<dt>
|
|
107
|
+
Maximum response size
|
|
108
|
+
</dt>
|
|
109
|
+
<dd>
|
|
110
|
+
<%= Arachni::Utilities.bytes_to_kilobytes results['http']['response_size_max'] %> KB
|
|
111
|
+
</dd>
|
|
112
|
+
<dt>
|
|
113
|
+
Average response size
|
|
114
|
+
</dt>
|
|
115
|
+
<dd>
|
|
116
|
+
<%= Arachni::Utilities.bytes_to_kilobytes results['http']['response_size_average'] %> KB
|
|
117
|
+
</dd>
|
|
118
|
+
|
|
119
|
+
<dt>
|
|
120
|
+
Minimum request size
|
|
121
|
+
</dt>
|
|
122
|
+
<dd>
|
|
123
|
+
<%= Arachni::Utilities.bytes_to_kilobytes results['http']['request_size_min'] %> KB
|
|
124
|
+
</dd>
|
|
125
|
+
<dt>
|
|
126
|
+
Maximum request size
|
|
127
|
+
</dt>
|
|
128
|
+
<dd>
|
|
129
|
+
<%= Arachni::Utilities.bytes_to_kilobytes results['http']['request_size_max'] %> KB
|
|
130
|
+
</dd>
|
|
131
|
+
<dt>
|
|
132
|
+
Average request size
|
|
133
|
+
</dt>
|
|
134
|
+
<dd>
|
|
135
|
+
<%= Arachni::Utilities.bytes_to_kilobytes results['http']['request_size_average'] %> KB
|
|
136
|
+
</dd>
|
|
137
|
+
</dl>
|
|
138
|
+
|
|
139
|
+
<h3>Resources</h3>
|
|
140
|
+
<dl class="dl-horizontal">
|
|
141
|
+
<dt>
|
|
142
|
+
Binary
|
|
143
|
+
</dt>
|
|
144
|
+
<dd>
|
|
145
|
+
<%= results['resource']['binary'] %>
|
|
146
|
+
</dd>
|
|
147
|
+
|
|
148
|
+
<dt>
|
|
149
|
+
Without parameters
|
|
150
|
+
</dt>
|
|
151
|
+
<dd>
|
|
152
|
+
<%= results['resource']['without_parameters'] %>
|
|
153
|
+
</dd>
|
|
154
|
+
|
|
155
|
+
<dt>
|
|
156
|
+
With parameters
|
|
157
|
+
</dt>
|
|
158
|
+
<dd>
|
|
159
|
+
<%= results['resource']['with_parameters'] %>
|
|
160
|
+
</dd>
|
|
161
|
+
</dl>
|
|
162
|
+
</div>
|
|
163
|
+
|
|
164
|
+
<div class="col-md-9">
|
|
165
|
+
<h3>Elements</h3>
|
|
166
|
+
<dl class="dl-horizontal">
|
|
167
|
+
<dt>
|
|
168
|
+
Links
|
|
169
|
+
</dt>
|
|
170
|
+
<dd>
|
|
171
|
+
<%= results['element']['links'] %>
|
|
172
|
+
</dd>
|
|
173
|
+
|
|
174
|
+
<dt>
|
|
175
|
+
Forms
|
|
176
|
+
</dt>
|
|
177
|
+
<dd>
|
|
178
|
+
<small>
|
|
179
|
+
<%= results['element']['forms'] %>
|
|
180
|
+
</small>
|
|
181
|
+
</dd>
|
|
182
|
+
<dt>
|
|
183
|
+
<small>
|
|
184
|
+
— with nonces
|
|
185
|
+
</small>
|
|
186
|
+
</dt>
|
|
187
|
+
<dd>
|
|
188
|
+
<small>
|
|
189
|
+
<%= boolean results['element']['has_forms_with_nonces'] %>
|
|
190
|
+
</small>
|
|
191
|
+
</dd>
|
|
192
|
+
<dt>
|
|
193
|
+
<small>
|
|
194
|
+
— with passwords
|
|
195
|
+
</small>
|
|
196
|
+
</dt>
|
|
197
|
+
<dd>
|
|
198
|
+
<small>
|
|
199
|
+
<%= boolean results['element']['has_forms_with_passwords'] %>
|
|
200
|
+
</small>
|
|
201
|
+
</dd>
|
|
202
|
+
|
|
203
|
+
<dt>
|
|
204
|
+
Cookies
|
|
205
|
+
</dt>
|
|
206
|
+
<dd>
|
|
207
|
+
<%= results['element']['cookies'] %>
|
|
208
|
+
</dd>
|
|
209
|
+
|
|
210
|
+
<dt>
|
|
211
|
+
Headers
|
|
212
|
+
</dt>
|
|
213
|
+
<dd>
|
|
214
|
+
<%= results['element']['headers'] %>
|
|
215
|
+
</dd>
|
|
216
|
+
|
|
217
|
+
<dt>
|
|
218
|
+
XMLs
|
|
219
|
+
</dt>
|
|
220
|
+
<dd>
|
|
221
|
+
<%= results['element']['xmls'] %>
|
|
222
|
+
</dd>
|
|
223
|
+
|
|
224
|
+
<dt>
|
|
225
|
+
JSONs
|
|
226
|
+
</dt>
|
|
227
|
+
<dd>
|
|
228
|
+
<%= results['element']['jsons'] %>
|
|
229
|
+
</dd>
|
|
230
|
+
|
|
231
|
+
<dt>
|
|
232
|
+
Total input names
|
|
233
|
+
</dt>
|
|
234
|
+
<dd>
|
|
235
|
+
<%= results['element']['input_names_total'] %>
|
|
236
|
+
</dd>
|
|
237
|
+
|
|
238
|
+
<dt>
|
|
239
|
+
Unique input names
|
|
240
|
+
</dt>
|
|
241
|
+
<dd>
|
|
242
|
+
<%= results['element']['input_names_unique'] %>
|
|
243
|
+
</dd>
|
|
244
|
+
</dl>
|
|
245
|
+
|
|
246
|
+
<h3>DOM</h3>
|
|
247
|
+
<dl class="dl-horizontal">
|
|
248
|
+
<dt>
|
|
249
|
+
Event listeners
|
|
250
|
+
</dt>
|
|
251
|
+
<dd>
|
|
252
|
+
<%= results['dom']['event_listeners'] %>
|
|
253
|
+
</dd>
|
|
254
|
+
|
|
255
|
+
<dt>
|
|
256
|
+
SWF objects
|
|
257
|
+
</dt>
|
|
258
|
+
<dd>
|
|
259
|
+
<%= results['dom']['swf_objects'] %>
|
|
260
|
+
</dd>
|
|
261
|
+
</dl>
|
|
262
|
+
|
|
263
|
+
<h3>Platforms</h3>
|
|
264
|
+
<dl class="dl-horizontal">
|
|
265
|
+
<% results['platforms'].each do |type, platforms|
|
|
266
|
+
next if platforms.empty? %>
|
|
267
|
+
|
|
268
|
+
<dt>
|
|
269
|
+
<%= Arachni::Platform::Manager::TYPES[type.to_sym] %>
|
|
270
|
+
</dt>
|
|
271
|
+
<dd>
|
|
272
|
+
<%= platforms.map { |platform| Arachni::Platform::Manager::PLATFORM_NAMES[platform.to_sym] }.join( ', ' ) %>
|
|
273
|
+
</dd>
|
|
274
|
+
<% end %>
|
|
275
|
+
</dl>
|
|
276
|
+
</div>
|
|
277
|
+
</div>
|
|
278
|
+
|
|
279
|
+
HTML
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
def boolean( b )
|
|
283
|
+
<<-EOHTML
|
|
284
|
+
<i class="fa fa-#{b ? 'check' : 'times'}"></i>
|
|
285
|
+
EOHTML
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
end
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
|
3
|
+
|
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
|
6
|
+
web site for more information on licensing and terms of use.
|
|
7
|
+
=end
|
|
8
|
+
|
|
9
|
+
class Arachni::Reporters::Stdout
|
|
10
|
+
|
|
11
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
|
12
|
+
class PluginFormatters::Metrics < Arachni::Plugin::Formatter
|
|
13
|
+
|
|
14
|
+
def run
|
|
15
|
+
print_ok 'General'
|
|
16
|
+
general = results['general']
|
|
17
|
+
print_info "Egress traffic: #{Arachni::Utilities.bytes_to_megabytes general['egress_traffic']} MB"
|
|
18
|
+
print_info "Ingress traffic: #{Arachni::Utilities.bytes_to_megabytes general['ingress_traffic']} MB"
|
|
19
|
+
print_info "Uses HTTP: #{general['uses_http']}"
|
|
20
|
+
print_info "Uses HTTPS: #{general['uses_https']}"
|
|
21
|
+
print_line
|
|
22
|
+
|
|
23
|
+
print_ok 'Scan'
|
|
24
|
+
scan = results['scan']
|
|
25
|
+
print_info "Duration: #{Arachni::Utilities.seconds_to_hms scan['duration']}"
|
|
26
|
+
print_info "Authenticated: #{scan['authenticated']}"
|
|
27
|
+
print_line
|
|
28
|
+
|
|
29
|
+
print_ok 'HTTP'
|
|
30
|
+
http = results['http']
|
|
31
|
+
print_info "Requests: #{http['requests']}"
|
|
32
|
+
print_info "Minimum response time: #{http['response_time_min'].round( 4 )} seconds"
|
|
33
|
+
print_info "Maximum response time: #{http['response_time_max'].round( 4 )} seconds"
|
|
34
|
+
print_info "Average response time: #{http['response_time_average'].round( 4 )} seconds"
|
|
35
|
+
print_info "Minimum response size: #{Arachni::Utilities.bytes_to_kilobytes http['response_size_min']} KB"
|
|
36
|
+
print_info "Maximum response size: #{Arachni::Utilities.bytes_to_kilobytes http['response_size_max']} KB"
|
|
37
|
+
print_info "Average response size: #{Arachni::Utilities.bytes_to_kilobytes http['response_size_average']} KB"
|
|
38
|
+
print_info "Minimum request size: #{Arachni::Utilities.bytes_to_kilobytes http['request_size_min']} KB"
|
|
39
|
+
print_info "Maximum request size: #{Arachni::Utilities.bytes_to_kilobytes http['request_size_max']} KB"
|
|
40
|
+
print_info "Average request size: #{Arachni::Utilities.bytes_to_kilobytes http['request_size_average']} KB"
|
|
41
|
+
print_line
|
|
42
|
+
|
|
43
|
+
print_ok 'Resources'
|
|
44
|
+
resource = results['resource']
|
|
45
|
+
print_info "Binary: #{resource['binary']}"
|
|
46
|
+
print_info "Without parameters: #{resource['without_parameters']}"
|
|
47
|
+
print_info "With parameters: #{resource['with_parameters']}"
|
|
48
|
+
print_line
|
|
49
|
+
|
|
50
|
+
print_ok 'Elements'
|
|
51
|
+
element = results['element']
|
|
52
|
+
print_info "Links: #{element['links']}"
|
|
53
|
+
print_info "Forms: #{element['forms']}"
|
|
54
|
+
print_info " -- with nonces: #{element['has_forms_with_nonces']}"
|
|
55
|
+
print_info " -- with passwords: #{element['has_forms_with_passwords']}"
|
|
56
|
+
print_info "Cookies: #{element['cookies']}"
|
|
57
|
+
print_info "Headers: #{element['headers']}"
|
|
58
|
+
print_info "XMLs: #{element['xmls']}"
|
|
59
|
+
print_info "JSONs: #{element['jsons']}"
|
|
60
|
+
print_info "Total input names: #{element['input_names_total']}"
|
|
61
|
+
print_info "Unique input names: #{element['input_names_unique']}"
|
|
62
|
+
print_line
|
|
63
|
+
|
|
64
|
+
print_ok 'DOM'
|
|
65
|
+
dom = results['dom']
|
|
66
|
+
print_info "Event listeners: #{dom['event_listeners']}"
|
|
67
|
+
print_info "SWF objects: #{dom['swf_objects']}"
|
|
68
|
+
print_line
|
|
69
|
+
|
|
70
|
+
print_ok 'Platforms'
|
|
71
|
+
results['platforms'].each do |type, platforms|
|
|
72
|
+
next if platforms.empty?
|
|
73
|
+
|
|
74
|
+
platforms = platforms.map { |platform| Arachni::Platform::Manager::PLATFORM_NAMES[platform.to_sym] }
|
|
75
|
+
print_info "#{Arachni::Platform::Manager::TYPES[type.to_sym]}: #{platforms.join( ', ' )}"
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
end
|
|
80
|
+
end
|