RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/components/checks/passive/grep/x_frame_options.rb CHANGED

@@ -17,7 +17,7 @@ class Arachni::Checks::XFrameOptions < Arachni::Check::Base
         log(
             vector: Element::Server.new( page.url ),
-            proof:  page.response.headers_string
+            proof:  page.response.status_line
         )
     end
@@ -54,7 +54,7 @@ embedded into other sites.
                 cwe:         693,
                 severity:    Severity::LOW,
                 remedy_guidance: %q{
-Configure your web server to include an X-Frame-Options header.
+Configure your web server to include an `X-Frame-Options` header.
 }
             }
         }

data/components/checks/passive/http_put.rb CHANGED

@@ -20,7 +20,7 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
     end
     def run
-        path = get_path( page.url ) + 'Arachni-' + random_seed.to_s[0..4].to_s
+        path = "#{get_path( page.url )}Arachni-#{random_seed}"
         return if audited?( path )
         audited( path )
@@ -44,7 +44,6 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
             response: put_response,
             proof:    put_response.status_line
         )
-        print_ok "File has been created: #{response.url}"
     end
     def self.info
@@ -53,7 +52,7 @@ class Arachni::Checks::HttpPut < Arachni::Check::Base
             description: %q{Checks if uploading files is possible using the HTTP PUT method.},
             elements:    [ Element::Server ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.2.2',
+            version:     '0.2.3',
             issue:       {
                 name:            %q{Publicly writable directory},

data/components/path_extractors/comments.rb CHANGED

@@ -9,15 +9,15 @@
 # Extract paths from HTML comments.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.2
+# @version 0.2.1
 class Arachni::Parser::Extractors::Comments < Arachni::Parser::Extractors::Base
     def run
         return [] if !includes?( '<!--' )
         document.xpath( '//comment()' ).map do |comment|
-            comment.text.scan( /(\/[\/a-zA-Z0-9%._-]+)/ )
-        end.flatten.select { |s| s.include? '/' }
+            comment.text.scan( /(^|\s)(\/[\/a-zA-Z0-9%._-]+)/ )
+        end.flatten.select { |s| s.start_with? '/' }
     end
 end

data/components/path_extractors/scripts.rb CHANGED

@@ -19,7 +19,16 @@ class Arachni::Parser::Extractors::Scripts < Arachni::Parser::Extractors::Base
         document.search( '//script[@src]' ).map { |a| a['src'] } |
             document.xpath( '//script' ).map(&:text).join.
                 scan( /[\/a-zA-Z0-9%._-]+/ ).
-                select { |s| s.include?( '.' ) && s.include?( '/' ) }
+                select do |s|
+                    # String looks like a path, but don't get fooled by comments.
+                    s.include?( '.' ) && s.include?( '/' )  &&
+                    !s.include?( '*' ) && !s.start_with?( '//' ) &&
+                    # Require absolute paths, otherwise we may get caught in
+                    # a loop, this context isn't the most reliable for extracting
+                    # real paths.
+                    s.start_with?( '/' )
+                end
     end
 end

data/components/plugins/defaults/autothrottle.rb CHANGED

@@ -9,20 +9,21 @@
 # Auto adjusts HTTP throughput for maximum network utilization.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.1.5
 class Arachni::Plugins::AutoThrottle < Arachni::Plugin::Base
     is_distributable
     # Will decrease concurrency if the average response time for each burst is
     # above this threshold.
-    THRESHOLD = 0.9
+    #
+    # One second per response does not exactly say healthy server.
+    THRESHOLD = 1
     # Easy on the throttle.
     STEP_UP   = 1
     # Hard on the breaks.
-    STEP_DOWN = -3
+    STEP_DOWN = -2
     # Don't drop bellow this.
     MIN_CONCURRENCY = 2
@@ -30,29 +31,37 @@ class Arachni::Plugins::AutoThrottle < Arachni::Plugin::Base
     def prepare
         http = framework.http
-        # run for each response as it arrives
+        # Run for each response as it arrives
         http.on_complete do
-            # adjust on a per-burst basis
+            # Adjust on a per-burst basis.
             next if http.burst_response_count == 0 ||
                 http.burst_response_count % http.max_concurrency != 0
-            if( http.max_concurrency > MIN_CONCURRENCY &&
-                http.burst_average_response_time > THRESHOLD ) ||
-                http.max_concurrency > framework.options.http.request_concurrency
+            response_time = http.burst_average_response_time
-                step = http.max_concurrency + STEP_DOWN < MIN_CONCURRENCY ?
-                    MIN_CONCURRENCY - http.max_concurrency : STEP_DOWN
+            if http.max_concurrency > MIN_CONCURRENCY &&
+                response_time >= THRESHOLD
-                http.max_concurrency = http.max_concurrency + step
-                print_info "Decreasing HTTP request concurrency to #{http.max_concurrency} (#{step})."
-                print_info "Average response time for this burst: #{http.burst_average_response_time}"
+                # No-matter what, don't fall bellow the minimum concurrency.
+                http.max_concurrency = [
+                    http.max_concurrency + STEP_DOWN,
+                    MIN_CONCURRENCY
+                ].max
-            elsif http.burst_average_response_time < THRESHOLD &&
-                http.max_concurrency < framework.options.http.request_concurrency
+                print_info "Decreasing HTTP request concurrency to #{http.max_concurrency}."
+                print_info "Average response time for this burst: #{response_time}"
+            elsif http.max_concurrency < http.original_max_concurrency &&
+                response_time < THRESHOLD
+                # No-matter what, don't exceed the original maximum concurrency.
+                http.max_concurrency = [
+                    http.max_concurrency + STEP_UP,
+                    http.original_max_concurrency
+                ].min
-                http.max_concurrency = http.max_concurrency + STEP_UP
                 print_info "Increasing HTTP request concurrency to #{http.max_concurrency} (+#{STEP_UP})."
-                print_info "Average response time for this burst: #{http.burst_average_response_time}"
+                print_info "Average response time for this burst: #{response_time}"
             end
         end
     end
@@ -66,7 +75,7 @@ in order to maintain stability and avoid from killing the server.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
             tags:        %w(meta http throttle),
-            version:     '0.1.5'
+            version:     '0.1.6'
         }
     end

data/components/plugins/defaults/meta/remedies/discovery.rb CHANGED

@@ -16,7 +16,6 @@
 # This is a sort of baseline implementation/anomaly detection.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.3.1
 class Arachni::Plugins::Discovery < Arachni::Plugin::Base
     def run
@@ -36,37 +35,35 @@ class Arachni::Plugins::Discovery < Arachni::Plugin::Base
         Data.issues.each do |issue|
             next if !issue.tags.includes_tags?( :discovery )
-            issue.variations.each do |variation|
-                # Skip it if already flagged as untrusted.
-                next if variation.untrusted?
-                processed_issues += 1
-                # We'll do this per path since 404 handlers and such operate per
-                # directory...usually...probably...hopefully.
-                path = File.dirname( uri_parse( variation.vector.action ).path )
-                # Gather total response sizes per path.
-                response_size_per_path[path] ||= 0
-                response_size_per_path[path]  += variation.response.body.size
-                # Categorize issues per path as well.
-                issue_digests_per_path[path] ||= []
-                issue_digests_per_path[path] << variation.digest
-                # Extract the static parts of the responses in order to determine
-                # how much of them doesn't change between requests.
-                #
-                # Large deviations between responses are good because it means that
-                # we're not dealing with some custom not-found response (or something
-                # similar) as these types of responses stay pretty similar.
-                #
-                # On the other hand, valid responses will be dissimilar since the
-                # discovery checks look for different things.
-                diffs_per_path[path] = !diffs_per_path[path] ?
-                    variation.response.body :
-                    diffs_per_path[path].rdiff( variation.response.body )
-            end
+            # Skip it if already flagged as untrusted.
+            next if issue.untrusted?
+            processed_issues += 1
+            # We'll do this per path since 404 handlers and such operate per
+            # directory...usually...probably...hopefully.
+            path = File.dirname( uri_parse( issue.vector.action ).path )
+            # Gather total response sizes per path.
+            response_size_per_path[path] ||= 0
+            response_size_per_path[path]  += issue.response.body.size
+            # Categorize issues per path as well.
+            issue_digests_per_path[path] ||= []
+            issue_digests_per_path[path] << issue.digest
+            # Extract the static parts of the responses in order to determine
+            # how much of them doesn't change between requests.
+            #
+            # Large deviations between responses are good because it means that
+            # we're not dealing with some custom not-found response (or something
+            # similar) as these types of responses stay pretty similar.
+            #
+            # On the other hand, valid responses will be dissimilar since the
+            # discovery checks look for different things.
+            diffs_per_path[path] = !diffs_per_path[path] ?
+                issue.response.body :
+                diffs_per_path[path].rdiff( issue.response.body )
         end
         # Not a lot of sense in comparing a single issue with itself.
@@ -94,7 +91,7 @@ while the server responses were exhibiting an anomalous factor of similarity.
 There's a good chance that these issues are false positives.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.3.1',
+            version:     '0.3.2',
             tags:        %w(anomaly discovery file directories meta)
         }
     end

data/components/plugins/defaults/meta/remedies/timing_attacks.rb CHANGED

@@ -10,8 +10,6 @@
 # pages returned unusually high response times to begin with.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-#
-# @version 0.3
 class Arachni::Plugins::TimingAttacks < Arachni::Plugin::Base
     is_distributable
@@ -61,16 +59,14 @@ class Arachni::Plugins::TimingAttacks < Arachni::Plugin::Base
         @times.each_pair { |url, time| avg[url] = time / @counter[url] }
         Data.issues.each do |issue|
-            issue.variations.each do |variation|
-                response_time = avg[uri_parse( variation.vector.action ).up_to_path.persistent_hash]
-                next if !issue.tags.includes_tags?( TAG ) || !response_time ||
-                    response_time < TIME_THRESHOLD
+            response_time = avg[uri_parse( issue.vector.action ).up_to_path.persistent_hash]
+            next if !issue.tags.includes_tags?( TAG ) || !response_time ||
+                response_time < TIME_THRESHOLD
-                variation.add_remark :meta_analysis, REMARK
+            issue.add_remark :meta_analysis, REMARK
-                # Requires manual verification.
-                variation.trusted = false
-            end
+            # Requires manual verification.
+            issue.trusted = false
         end
     end
@@ -90,7 +86,7 @@ Pages with high response times usually include heavy-duty processing which makes
 them prime targets for Denial-of-Service attacks.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.3',
+            version:     '0.3.1',
             tags:        %w(anomaly timing attacks meta)
         }
     end

data/components/plugins/login_script.rb CHANGED

@@ -14,7 +14,7 @@ class Arachni::Plugins::LoginScript < Arachni::Plugin::Base
     STATUSES  = {
         success:         'Login was successful.',
         failure:         'The script was executed successfully, but the login check failed.',
-        error:           'A runtime error was encountered while executing the login script.',
+        error:           'An error was encountered while executing the login script.',
         missing_browser: 'A browser is required for this operation but is not available.',
         missing_check:   'No session check was provided, either via interface options or the script.'
     }
@@ -43,12 +43,18 @@ class Arachni::Plugins::LoginScript < Arachni::Plugin::Base
         session.record_login_sequence do |browser|
             print_info 'Running the script.'
             @script.call browser ? browser.watir : nil
+            # JS run async so we need to wait for the page to settle after
+            # execution.
+            session.browser.wait_till_ready if javascript?
             print_info 'Execution completed.'
         end
         begin
             session.login( true )
-        rescue => e
+        rescue Exception => e
+            print_exception e
             set_status :error
             return
         end
@@ -171,7 +177,7 @@ in the browser, within the page of the target URL.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.2',
+            version:     '0.2.2',
             options:     [
                 Options::Path.new( :script,
                     required:    true,

data/components/plugins/proxy.rb CHANGED

@@ -78,10 +78,11 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
         end
         wait_while_framework_running
-        @server.shutdown
     end
     def clean_up
+        @server.shutdown
         @pages.each { |p| framework.push_to_page_queue( p, true ) }
         framework_resume
     end
@@ -191,7 +192,7 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
         if shutdown?( url )
             print_status 'Shutting down...'
             set_response_body( res, erb( :shutdown_message ) )
-            @server.shutdown
+            clean_up
             return
         end
@@ -497,7 +498,7 @@ a way to restrict usage enough to avoid users unwittingly interfering with each
 others' sessions.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.3.4',
+            version:     '0.3.5',
             options:     [
                 Options::Port.new( :port,
                     description: 'Port to bind to.',

data/components/reporters/html.rb CHANGED

@@ -271,14 +271,9 @@ access unauthorized pages.
         end
         def issue_id( issue )
-            # Trust evaluation needs to come from variations.
-            untrusted = issue.variation? ?
-                issue.untrusted? : issue.variations.first.untrusted?
+            issue = report.issue_by_digest( issue.digest )
-            # Generic issue data needs to come from the parent.
-            issue = report.issue_by_digest( issue.digest ) if issue.variation?
-            "issues-#{'un' if untrusted}trusted-severity-" <<
+            "issues-#{'un' if issue.untrusted?}trusted-severity-" <<
                 "#{issue.severity}-#{issue.check[:shortname]}-#{issue.digest}"
         end
@@ -367,7 +362,7 @@ access unauthorized pages.
             grouped_issues[:trusted][by_severity.first.severity] =
                 by_name.inject({}) do |h, (name, issues)|
-                    i = issues.select { |i| !i.variations.find(&:untrusted?) }
+                    i = issues.select(&:trusted?)
                     next h if i.empty?
                     h[name] = i
@@ -376,7 +371,7 @@ access unauthorized pages.
             grouped_issues[:untrusted][by_severity.first.severity] =
                 by_name.inject({}) do |h, (name, issues)|
-                    i = issues.select { |i| i.variations.find(&:untrusted?) }
+                    i = issues.select(&:untrusted?)
                     next h if i.empty?
                     h[name] = i
@@ -445,7 +440,7 @@ access unauthorized pages.
             description:  %q{Exports the audit results as a compressed HTML report.},
             content_type: 'application/zip',
             author:       'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:      '0.4.1',
+            version:      '0.4.2',
             options:      [
                 Options.outfile( '.html.zip' ),
                 Options.skip_responses
@@ -501,9 +496,11 @@ access unauthorized pages.
                 Element::Body.type   => 0,
                 Element::Path.type   => 0,
                 Element::Server.type => 0,
-                Element::GenericDOM.type => 0,
-                Element::JSON.type       => 0,
-                Element::XML.type        => 0
+                Element::GenericDOM.type  => 0,
+                Element::JSON.type        => 0,
+                Element::XML.type         => 0,
+                Element::UIInput::DOM.type  => 0,
+                Element::UIForm::DOM.type => 0
             },
             verification:     {
                 'Yes' => 0,
@@ -564,7 +561,7 @@ access unauthorized pages.
             graph_data[:severity_index_for_issue][issue.name] =
                 Issue::Severity::ORDER.reverse.index( issue.severity.to_sym ) + 1
-            if issue.variations.first.trusted?
+            if issue.trusted?
                 has_trusted_issues = true
                 graph_data[:trust]['Trusted'] += 1
                 graph_data[:trusted_severities][issue.severity.to_sym] += 1

data/components/reporters/html/default/issue.erb CHANGED

@@ -17,9 +17,9 @@
                                 <% end.join( ', ') %>
                             <% end %>
-                            <% if issue.variations.first.request %>
+                            <% if issue.request %>
                                 using
-                                <code><%= issue.variations.first.request.method.to_s.upcase %></code>
+                                <code><%= issue.request.method.to_s.upcase %></code>
                             <% end %>
                         </a>
@@ -37,45 +37,20 @@
                 </div>
                 <div class="panel-body">
-                    <% if issue.variations.size == 1 %>
-                            <div class="row">
-                                <div class="col-md-12">
-                                    <%=
-                                        erb 'issue/info.erb',
-                                            issue: issue.variations.first,
-                                            parent_issue: issue,
-                                            id:    issue_id( issue )
-                                    %>
-                                </div>
-                            </div>
-                    <% else %>
-                        <% issue.variations.each.with_index do |v, i| %>
-                                <div class="row">
-                                    <div class="col-md-12">
-                                        <strong>
-                                            <a
-                                            id="<%= issue_id(issue) %>-variation-<%= i %>"
-                                            href="<%= issue_location(issue) %>/variation/<%= i %>">
-                                                Variation <%= i %>
-                                            </a>
-                                        </strong>
-                                        <%=
-                                            erb 'issue/info.erb',
-                                                issue: v,
-                                                parent_issue: issue,
-                                                id:    issue_id( v )
-                                        %>
-                                    </div>
-                                </div>
-                        <% end %>
-                    <% end %>
+                    <div class="row">
+                        <div class="col-md-12">
+                            <%=
+                                erb 'issue/info.erb',
+                                    issue: issue,
+                                    id:    issue_id( issue )
+                            %>
+                        </div>
+                    </div>
                     <%=
                         erb 'issue/details.erb',
-                            issue:        issue.variations.first,
-                            parent_issue: issue,
-                            id:           issue_id( issue )
+                            issue: issue,
+                            id:    issue_id( issue )
                     %>
                 </div>
             </div>