RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/components/reporters/plugin_formatters/xml/metrics.rb ADDED

@@ -0,0 +1,29 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+class Arachni::Reporters::XML
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+class PluginFormatters::Metrics < Arachni::Plugin::Formatter
+    def run( xml )
+        results.each do |category, data|
+            xml.send( category ) {
+                data.each do |k, v|
+                    if category == 'platforms'
+                        v = v.join( ',' )
+                    end
+                    xml.send k, v
+                end
+            }
+        end
+    end
+end
+end

data/components/reporters/stdout.rb CHANGED

@@ -10,7 +10,7 @@
 # All UIs must have a default report.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.3
+# @version 0.3.1
 class Arachni::Reporters::Stdout < Arachni::Reporter::Base
     def run
@@ -46,6 +46,8 @@ class Arachni::Reporters::Stdout < Arachni::Reporter::Base
         print_info '* Forms'    if report.options[:audit][:forms]
         print_info '* Cookies'  if report.options[:audit][:cookies]
         print_info '* Headers'  if report.options[:audit][:headers]
+        print_info '* XMLs'     if report.options[:audit][:xmls]
+        print_info '* JSONs'    if report.options[:audit][:jsons]
         print_line
         print_status "Checks: #{report.options[:checks].join( ', ' )}"
@@ -223,7 +225,7 @@ class Arachni::Reporters::Stdout < Arachni::Reporter::Base
             name:        'Stdout',
             description: %q{Prints the results to standard output.},
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.3'
+            version:     '0.3.1'
         }
     end

data/components/reporters/xml.rb CHANGED

@@ -11,7 +11,7 @@ require 'nokogiri'
 # Creates an XML report of the audit.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.3.3
+# @version 0.3.4
 class Arachni::Reporters::XML < Arachni::Reporter::Base
     LOCAL_SCHEMA  = File.dirname( __FILE__ ) + '/xml/schema.xsd'
@@ -77,8 +77,8 @@ class Arachni::Reporters::XML < Arachni::Reporter::Base
                                     xml.method_ vector.method
                                 end
-                                if vector.respond_to? :affected_input_name
-                                    xml.affected_input_name vector.affected_input_name
+                                if issue.variations.first.vector.respond_to? :affected_input_name
+                                    xml.affected_input_name issue.variations.first.vector.affected_input_name
                                 end
                                 if vector.respond_to? :inputs
@@ -166,7 +166,7 @@ class Arachni::Reporters::XML < Arachni::Reporter::Base
             description:  %q{Exports the audit results as an XML (.xml) file.},
             content_type: 'text/xml',
             author:       'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:      '0.3.3',
+            version:      '0.3.4',
             options:      [ Options.outfile( '.xml' ), Options.skip_responses ]
         }
     end

data/components/reporters/xml/schema.xsd CHANGED

@@ -35,9 +35,104 @@
             <xs:element name="waf_detector" type="plugin_waf_detector" maxOccurs="1"/>
             <xs:element name="vector_collector" type="plugin_vector_collector" maxOccurs="1"/>
             <xs:element name="exec" type="plugin_exec" maxOccurs="1"/>
+            <xs:element name="metrics" type="plugin_metrics" maxOccurs="1"/>
         </xs:choice>
     </xs:complexType>
+    <xs:complexType name="plugin_metrics">
+        <xs:all>
+            <xs:element name="name" type="xs:string"/>
+            <xs:element name="description" type="xs:string"/>
+            <xs:element name="results" type="plugin_metrics_results"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results">
+        <xs:all>
+            <xs:element name="general" type="plugin_metrics_results_general"/>
+            <xs:element name="scan" type="plugin_metrics_results_scan"/>
+            <xs:element name="http" type="plugin_metrics_results_http"/>
+            <xs:element name="resource" type="plugin_metrics_results_resource"/>
+            <xs:element name="element" type="plugin_metrics_results_element"/>
+            <xs:element name="dom" type="plugin_metrics_results_dom"/>
+            <xs:element name="platforms" type="plugin_metrics_results_platforms"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_general">
+        <xs:all>
+            <xs:element name="egress_traffic" type="xs:integer"/>
+            <xs:element name="ingress_traffic" type="xs:integer"/>
+            <xs:element name="uses_http" type="xs:boolean"/>
+            <xs:element name="uses_https" type="xs:boolean"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_scan">
+        <xs:all>
+            <xs:element name="duration" type="xs:float"/>
+            <xs:element name="authenticated" type="xs:boolean"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_http">
+        <xs:all>
+            <xs:element name="requests" type="xs:integer"/>
+            <xs:element name="response_time_min" type="xs:float"/>
+            <xs:element name="response_time_max" type="xs:float"/>
+            <xs:element name="response_time_average" type="xs:float"/>
+            <xs:element name="response_size_min" type="xs:float"/>
+            <xs:element name="response_size_max" type="xs:float"/>
+            <xs:element name="response_size_average" type="xs:float"/>
+            <xs:element name="request_size_min" type="xs:float"/>
+            <xs:element name="request_size_max" type="xs:float"/>
+            <xs:element name="request_size_average" type="xs:float"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_resource">
+        <xs:all>
+            <xs:element name="binary" type="xs:integer"/>
+            <xs:element name="without_parameters" type="xs:integer"/>
+            <xs:element name="with_parameters" type="xs:integer"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_element">
+        <xs:all>
+            <xs:element name="links" type="xs:integer"/>
+            <xs:element name="forms" type="xs:integer"/>
+            <xs:element name="has_forms_with_nonces" type="xs:boolean"/>
+            <xs:element name="has_forms_with_passwords" type="xs:boolean"/>
+            <xs:element name="cookies" type="xs:integer"/>
+            <xs:element name="headers" type="xs:integer"/>
+            <xs:element name="xmls" type="xs:integer"/>
+            <xs:element name="jsons" type="xs:integer"/>
+            <xs:element name="input_names_total" type="xs:integer"/>
+            <xs:element name="input_names_unique" type="xs:integer"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_dom">
+        <xs:all>
+            <xs:element name="event_listeners" type="xs:integer"/>
+            <xs:element name="swf_objects" type="xs:integer"/>
+        </xs:all>
+    </xs:complexType>
+    <xs:complexType name="plugin_metrics_results_platforms">
+        <xs:all>
+            <!-- CSV platform names for values in these fields. -->
+            <xs:element name="os" type="xs:string"/>
+            <xs:element name="db" type="xs:string"/>
+            <xs:element name="servers" type="xs:string"/>
+            <xs:element name="languages" type="xs:string"/>
+            <xs:element name="frameworks" type="xs:string"/>
+        </xs:all>
+    </xs:complexType>
     <xs:complexType name="plugin_exec">
         <xs:all>
             <xs:element name="name" type="xs:string"/>

data/lib/arachni.rb CHANGED

@@ -9,6 +9,8 @@
 require 'rubygems'
 require 'bundler/setup'
+require 'oj_mimic_json'
 def ap( obj )
     super obj, raw: true
 end

data/lib/arachni/browser.rb CHANGED

@@ -70,7 +70,16 @@ class Browser
     # Let the browser take as long as it needs to complete an operation.
     WATIR_COM_TIMEOUT = 3600 # 1 hour.
-    HTML_IDENTIFIERS = ['<!doctype html', '<html', '<head', '<body', '<title', '<script']
+    ASSET_EXTENSIONS = Set.new(
+        ['css', 'js', 'jpg', 'jpeg', 'png', 'gif', 'woff', 'json']
+    )
+    ASSET_EXTRACTORS = [
+        /<\s*link.*?href=['"](.*?)['"].*?>/im,
+        /<\s*script.*?src=['"](.*?)['"].*?>/im,
+        /<\s*img.*?src=['"](.*?)['"].*?>/im,
+        /<\s*input.*?src=['"](.*?)['"].*?>/im,
+    ]
     # @return   [Array<Page::DOM::Transition>]
     attr_reader :transitions
@@ -107,6 +116,10 @@ class Browser
     # @return   [Integer]
     attr_reader :pid
+    attr_reader :last_url
+    attr_reader :last_dom_url
     # @return   [Bool]
     #   `true` if a supported browser is in the OS PATH, `false` otherwise.
     def self.has_executable?
@@ -119,6 +132,19 @@ class Browser
         Selenium::WebDriver::PhantomJS.path
     end
+    def self.asset_domains
+        @asset_domains ||= Set.new
+    end
+    asset_domains
+    def self.add_asset_domain( url )
+        return if url.to_s.empty?
+        return if !(curl = Arachni::URI( url ))
+        return if !(domain = curl.domain)
+        asset_domains << domain
+    end
     # @param    [Hash]  options
     # @option options   [Integer]    :concurrency
     #   Maximum number of concurrent connections.
@@ -313,7 +339,8 @@ class Browser
             @add_request_transitions = false
         end
-        @last_url = url
+        @last_url = Arachni::URI( url ).to_s
+        self.class.add_asset_domain @last_url
         ensure_open_window
@@ -326,9 +353,23 @@ class Browser
             watir.goto url
             @javascript.wait_till_ready
+            wait_for_pending_requests
             wait_for_timers
-            wait_for_pending_requests
+            url = watir.url
+            Options.browser_cluster.css_to_wait_for( url ).each do |css|
+                print_info "Waiting for #{css.inspect} to appear for: #{url}"
+                begin
+                    watir.element( css: css ).
+                        wait_until_present( Options.browser_cluster.job_timeout )
+                    print_info "#{css.inspect} appeared for: #{url}"
+                rescue Watir::Wait::TimeoutError
+                    print_bad "#{css.inspect} did not appeared for: #{url}"
+                end
+            end
             javascript.set_element_ids
         end
@@ -771,32 +812,35 @@ class Browser
         # them if no events are associated with it.
         #
         # This can save **A LOT** of time during the audit.
-        if Options.audit.form_doms? && @javascript.supported?
-            page.forms.each do |form|
-                next if !form.node || !form.dom
+        if @javascript.supported?
+            if Options.audit.form_doms?
+                page.forms.each do |form|
+                    next if !form.node || !form.dom
-                action = form.node['action'].to_s
-                form.dom.browser = self
+                    action = form.node['action'].to_s
+                    form.dom.browser = self
-                next if action.downcase.start_with?( 'javascript:' ) ||
-                    form.dom.locate.events.any?
+                    next if action.downcase.start_with?( 'javascript:' ) ||
+                        form.dom.locate.events.any?
+                    form.skip_dom = true
+                end
-                form.skip_dom = true
+                page.update_metadata
+                page.clear_cache
             end
-            page.update_metadata
-        end
+            if Options.audit.cookie_doms?
+                sinks = @javascript.taint_tracer.data_flow_sinks
+                page.cookies.each do |cookie|
+                    next if sinks.include?( cookie.name ) ||
+                        sinks.include?( cookie.value )
-        if Options.audit.cookie_doms? && @javascript.supported?
-            sinks = @javascript.taint_tracer.data_flow_sinks
-            page.cookies.each do |cookie|
-                next if sinks.include?( cookie.name ) ||
-                    sinks.include?( cookie.value )
+                    cookie.skip_dom = true
+                end
-                cookie.skip_dom = true
+                page.update_metadata
             end
-            page.update_metadata
         end
         page
@@ -890,7 +934,7 @@ class Browser
             c[:path]     = '/' if c[:path] == '//'
             c[:name]     = Cookie.decode( c[:name].to_s )
-            c[:value]    = Cookie.decode( c[:value].to_s )
+            c[:value]    = Cookie.value_to_v0( c[:value].to_s )
             c[:httponly] = !js_cookies.include?( original_name )
             Cookie.new c.merge( url: @last_url || url )
@@ -1090,11 +1134,12 @@ class Browser
                         buff = ''
                         # Wait for PhantomJS to initialize.
                          while !buff.include?( 'running on port' )
-                             # It's silly to use #getc but it works consistently
-                             # across MRI, Rubinius and JRuby.
-                             buff << (out.getc rescue '').to_s
+                             # This can be problematic on something other than
+                             # MRI.
+                             buff << (out.readline rescue '').to_s
                          end
+                        buff = nil
                         print_debug 'Boot-up complete.'
                         done = true
                     end
@@ -1106,6 +1151,7 @@ class Browser
             if @process.io.stdout
                 last_attempt_output = IO.read( @process.io.stdout )
                 print_debug last_attempt_output
+                @process.io.stdout.close!
             end
             if done
@@ -1286,7 +1332,17 @@ class Browser
         request.performer = self
         return if request.headers['X-Arachni-Browser-Auth'] != auth_token
-        request.headers.delete( 'X-Arachni-Browser-Auth' )
+        request.headers.delete 'X-Arachni-Browser-Auth'
+        # We can't have 304 page responses in the framework, we need full request
+        # and response data, the browser cache doesn't help us here.
+        #
+        # Still, it's a nice feature to have when requesting assets or anything
+        # else.
+        if request.url == @last_url
+            request.headers.delete 'If-None-Match'
+            request.headers.delete 'If-Modified-Since'
+        end
         return if @javascript.serve( request, response )
@@ -1300,21 +1356,29 @@ class Browser
         # Signal the proxy to not actually perform the request if we have a
         # preloaded or cached response for it.
-        return if from_preloads( request, response ) || from_cache( request, response )
-        begin
-            # Capture the request as elements of pages -- let's us grab AJAX and
-            # other browser requests and convert them into elements we can analyze
-            # and audit.
-            capture( request )
-        rescue => e
-            print_debug "Could not capture: #{request.url}"
-            print_debug request.body.to_s
-            print_debug_exception e
+        if from_preloads( request, response ) || from_cache( request, response )
+            # There may be taints or custom JS code that need to be updated.
+            javascript.inject response
+            return
         end
+        # Capture the request as elements of pages -- let's us grab AJAX and
+        # other browser requests and convert them into elements we can analyze
+        # and audit.
+        capture( request )
         request.headers['user-agent'] = Options.http.user_agent
+        # The proxy has an unlimited response_max_size so if we're not requesting
+        # an asset remove the response_max_size option so that it'll end up using
+        # the system settings.
+        #
+        # However, this is not foolproof, a lot of assets don't have the expected
+        # extension.
+        if !request_for_asset?( request )
+            request.response_max_size = nil
+        end
         # Signal the proxy to continue with its request to the origin server.
         true
     end
@@ -1327,63 +1391,50 @@ class Browser
             transition.complete
         end
+        javascript.inject response
+        # Don't store assets, the browsers will cache them accordingly.
+        return if request_for_asset?( request ) || !response.text?
         # No-matter the scope, don't store resources for external domains.
         return if !response.scope.in_domain?
         return if enforce_scope? && response.scope.out?
-        intercept response
+        whitelist_asset_domains( response )
         save_response response
         nil
     end
-    def intercept( response )
-        return if !intercept?( response )
-        @javascript.inject( response )
-    end
+    def ignore_request?( request )
+        return if !enforce_scope?
-    def intercept?( response )
-        return false if response.body.empty?
+        return false if request_for_asset?( request )
-        # We only care about HTML.
-        return false if !response.headers.content_type.to_s.downcase.start_with?( 'text/html' )
+        return true if !request.scope.follow_protocol?
-        # Let's check that the response at least looks like it contains HTML
-        # code of interest.
-        body = response.body.downcase
-        return false if !HTML_IDENTIFIERS.find { |tag| body.include? tag.downcase }
+        return true if !request.scope.in_domain? &&
+            !self.class.asset_domains.include?( request.parsed_url.domain )
-        # The last check isn't fool-proof, so don't do it when loading the page
-        # for the first time, but only when the page loads stuff via AJAX and whatnot.
-        #
-        # Well, we can be pretty sure that the root page will be HTML anyways.
-        return true if @last_url == response.url
+        return true if request.scope.too_deep?
+        return true if !request.scope.include?
+        return true if request.scope.exclude?
+        return true if request.scope.redundant?
-        # Finally, verify that we're really working with markup (hopefully HTML)
-        # and that the previous checks weren't just flukes matching some other
-        # kind of document.
-        #
-        # For example, it may have been JSON with the wrong content-type that
-        # includes HTML -- it happens.
-        begin
-            return false if Nokogiri::XML( response.body ).children.empty?
-        rescue => e
-            print_debug "Javascript injection failed for: #{response.url}"
-            print_debug "\n#{response.body}"
-            print_debug_exception e
-            return false
-        end
-        true
+        false
     end
-    def ignore_request?( request )
-        return if !enforce_scope?
+    def request_for_asset?( request )
+        ASSET_EXTENSIONS.include?( request.parsed_url.resource_extension.to_s.downcase )
+    end
-        # Only allow CSS and JS resources to be loaded from out-of-scope domains.
-        !['css', 'js'].include?( request.parsed_url.resource_extension ) &&
-            (request.scope.out? || request.scope.redundant?)
+    def whitelist_asset_domains( response )
+        ASSET_EXTRACTORS.each do |regexp|
+            response.body.scan( regexp ).flatten.compact.each do |url|
+                self.class.add_asset_domain url
+            end
+        end
     end
     def capture( request )
@@ -1452,6 +1503,10 @@ class Browser
         @captured_pages << page if store_pages?
         notify_on_new_page( page )
+    rescue => e
+        print_debug "Could not capture: #{request.url}"
+        print_debug request.body.to_s
+        print_debug_exception e
     end
     def from_preloads( request, response )
@@ -1478,7 +1533,7 @@ class Browser
             destination.send "#{m}=", source.send( m )
         end
-        intercept destination
+        javascript.inject destination
         nil
     end