arachni 1.2 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b7b04bebb490a564d756ded63b03da429d3f96cb
-  data.tar.gz: d8b634d80fb6db78621fb574b6c52954da0cb201
+  metadata.gz: d17c2d7494c0ec0cbaf825b7f55ce71a90fb48ba
+  data.tar.gz: 3343cc7e23ed519a1b5e7e059aa3e88cf777ba32
 SHA512:
-  metadata.gz: 84acf5244c5bb7e1c3dd05e1fe85f27087bbfa447c45dea559a4496fa7947bac87c75dd3c7e5550be5f1c87ed42ca69ffb825b62d3e59a1c789ac55148d8985b
-  data.tar.gz: c2c0d02d9194befc03fc37d1b38a036f4ef448336f3c6b3e8ff5ac23140f4fc035e09b698a347a5c47738ec5c6aa25b42692e4979b951756920175fa6e587db9
+  metadata.gz: 697804e1e14595b202beada64a5b2b0296d33fb4b61714091084c4d2ef813af467470a31bb04f571aed438c18b4f1cef8c91ea1bf299f46580556372108ae1bc
+  data.tar.gz: 245fd98a16d683a668eddf41deb0783de006679352308b2c4e268a48a5f2bcfdd159431624a80d3d82f46633bcc4cf0d4ad2971afaff42a942a35d4939f608a4

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # ChangeLog
 
+## 1.2.1 _(July 25, 2015)_
+
+- HTTP
+    - `ProxyServer`
+        - Updated SSL interception to use different interceptors for each host.
+        - Shutdown on framework abort, instead of waiting for the user to shutdown
+            the proxy manually.
+- Checks
+    - Passive
+        - `backdoors` -- Updated exempt platforms to all Framework platforms.
+- Fingerprinters
+    - Added
+        - Frameworks
+            - Nette
+            - Symphony
+
 ## 1.2 _(July 16, 2015)_
 
 - Switched to Arachni Public Source License v1.0.

data/README.md

@@ -3,7 +3,7 @@
 <table>
     <tr>
         <th>Version</th>
-        <td>1.2</td>
+        <td>1.2.1</td>
     </tr>
     <tr>
         <th>Homepage</th>
@@ -340,6 +340,8 @@ Currently, the following platforms can be identified:
     - ASP.NET MVC
     - JSF
     - CherryPy
+    - Nette
+    - Symfony
 
 The user also has the option of specifying extra platforms (like a DB server)
 in order to help the system be as efficient as possible. Alternatively, fingerprinting

data/components/checks/passive/backdoors.rb

@@ -29,8 +29,8 @@ class Arachni::Checks::Backdoors < Arachni::Check::Base
             description:      %q{Tries to find common backdoors on the server.},
             elements:         [Element::Server],
             author:           'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
-            version:          '0.2.4',
-            exempt_platforms: [ :ruby, :aspx_mvc, :django, :cakephp ],
+            version:          '0.2.5',
+            exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
 
             issue:       {
                 name:            %q{A backdoor file exists on the server},

data/components/fingerprinters/frameworks/nette.rb

@@ -0,0 +1,29 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+
+module Arachni
+module Platform::Fingerprinters
+
+# Identifies Nette Framework cookies.
+#
+# @author Tomas Dobrotka <tomas@dobrotka.sk>
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+# @version 0.1
+class Nette < Platform::Fingerprinter
+
+    def run
+        return if !server_or_powered_by_include?( 'Nette' ) &&
+            !cookies.include?( 'nette-browser' )
+
+        platforms << :php << :nette
+    end
+
+end
+
+end
+end

data/components/fingerprinters/frameworks/symfony.rb

@@ -0,0 +1,28 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+
+module Arachni
+module Platform::Fingerprinters
+
+# Identifies Default Symfony Framework cookie.
+#
+# @author Tomas Dobrotka <tomas@dobrotka.sk>
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+# @version 0.1
+class Symfony < Platform::Fingerprinter
+
+    def run
+        return if !cookies.include?( 'symfony' )
+
+        platforms << :php << :symfony
+    end
+
+end
+
+end
+end

data/components/plugins/proxy.rb

@@ -15,8 +15,6 @@ require 'ostruct'
 # data to {Arachni::Framework#push_to_page_queue} to be audited.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-#
-# @version 0.3.2
 class Arachni::Plugins::Proxy < Arachni::Plugin::Base
 
     BASEDIR  = "#{File.dirname( __FILE__ )}/proxy/"
@@ -74,7 +72,13 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
         print_info
 
         TemplateScope.get.set :params, {}
-        @server.start
+
+        Thread.new do
+            @server.start
+        end
+
+        wait_while_framework_running
+        @server.shutdown
     end
 
     def clean_up
@@ -493,7 +497,7 @@ a way to restrict usage enough to avoid users unwittingly interfering with each
 others' sessions.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.3.3',
+            version:     '0.3.4',
             options:     [
                 Options::Port.new( :port,
                     description: 'Port to bind to.',

data/lib/arachni/http/proxy_server.rb

@@ -63,6 +63,9 @@ class ProxyServer < WEBrick::HTTPProxyServer
         # Will force the proxy to stfu.
         @logger.close
 
+        @interceptor_ports = {}
+        @interceptors      = {}
+
         super(
             BindAddress:        @options[:address],
             Port:               @options[:port],
@@ -111,6 +114,14 @@ class ProxyServer < WEBrick::HTTPProxyServer
         @tokens.max - @tokens.size
     end
 
+    def shutdown
+        @interceptors.each do |_, interceptor|
+            interceptor.shutdown
+        end
+
+        super
+    end
+
     private
 
     # Performs a GET request.
@@ -176,7 +187,7 @@ class ProxyServer < WEBrick::HTTPProxyServer
     def do_CONNECT( req, res )
         host = req.unparsed_uri.split(':').first
 
-        req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port}" )
+        req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port( host )}" )
 
         start_ssl_interceptor( host )
 
@@ -211,7 +222,7 @@ class ProxyServer < WEBrick::HTTPProxyServer
     #
     # The interceptor will listen on {#interceptor_port}.
     def start_ssl_interceptor( host )
-        return @interceptor if @interceptor
+        return @interceptors[host] if @interceptors[host]
 
         ca     = OpenSSL::X509::Certificate.new( File.read( INTERCEPTOR_CA_CERTIFICATE ) )
         ca_key = OpenSSL::PKey::RSA.new( File.read( INTERCEPTOR_CA_KEY ) )
@@ -253,25 +264,25 @@ class ProxyServer < WEBrick::HTTPProxyServer
 
         # The interceptor is only used for SSL decryption/encryption, the actual
         # proxy functionality is forwarded to the plain proxy server.
-        @interceptor = self.class.new(
+        @interceptors[host] = interceptor = self.class.new(
             address:        '127.0.0.1',
-            port:            interceptor_port,
+            port:            interceptor_port( host ),
             ssl_certificate: cert,
             ssl_private_key: keypair,
             service_handler: method( :proxy_service )
         )
 
-        def @interceptor.service( request, response )
+        def interceptor.service( request, response )
             @options[:service_handler].call( request, response )
         end
 
-        @interceptor.start_async
+        interceptor.start_async
     end
 
     # @return    [Integer]
     #   Picks and stores an available port number for the interceptor.
-    def interceptor_port
-        @interceptor_port ||= Utilities.available_port
+    def interceptor_port( host )
+        @interceptor_ports[host] ||= Utilities.available_port
     end
 
     # Communicates with the endpoint webapp and forwards its responses to the

data/lib/arachni/platform/manager.rb

@@ -108,6 +108,8 @@ class Manager
         :rack,
         :rails,
         :cakephp,
+        :symfony,
+        :nette,
         :django,
         :aspx_mvc,
         :jsf,
@@ -165,6 +167,8 @@ class Manager
         rack:     'Rack',
         django:   'Django',
         cakephp:  'CakePHP',
+        nette:  'Nette Framework',
+        symfony:  'Symfony',
         rails:    'Ruby on Rails',
         aspx_mvc: 'ASP.NET MVC',
         jsf:      'JavaServer Faces',

data/lib/version

@@ -1 +1 @@
-1.2
+1.2.1

data/spec/arachni/framework/parts/platform_spec.rb

@@ -59,7 +59,9 @@ describe Arachni::Framework::Parts::Platform do
                     aspx_mvc: 'ASP.NET MVC',
                     jsf:      'JavaServer Faces',
                     cherrypy: 'CherryPy',
-                    cakephp:  'CakePHP'
+                    cakephp:  'CakePHP',
+                    symfony:  'Symfony',
+                    nette:  'Nette Framework'
                 }
             }
         end

data/spec/arachni/platform/manager_spec.rb

@@ -420,7 +420,7 @@ describe Arachni::Platform::Manager do
                  :tomcat, :asp, :aspx, :java, :perl, :php, :python, :ruby, :rack,
                  :sybase, :frontbase, :ingres, :hsqldb, :access, :jetty, :mongodb,
                  :aix, :sql, :nosql, :aspx_mvc, :rails, :django, :gunicorn, :cakephp,
-                 :cherrypy, :jsf].sort
+                 :cherrypy, :jsf, :symfony, :nette].sort
         end
     end
 

data/spec/components/fingerprinters/frameworks/nette_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe Arachni::Platform::Fingerprinters::Nette do
+    include_examples 'fingerprinter'
+
+    def platforms
+        [:php, :nette]
+    end
+
+    context 'when there is a Server header' do
+        it 'identifies it as Nette' do
+            check_platforms Arachni::Page.from_data(
+                url: 'http://stuff.com/blah',
+                response: { headers: { 'Server' => 'Nette/0.1' } }
+            )
+        end
+    end
+
+    context 'when there is an X-Powered-By header' do
+        it 'identifies it as Nette' do
+            check_platforms Arachni::Page.from_data(
+                url: 'http://stuff.com/blah',
+                response: { headers: { 'X-Powered-By' => 'Nette/0.1' } }
+            )
+        end
+    end
+
+    context 'when there is a nette-browser cookie' do
+        it 'identifies it as Nette' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                cookies: [Arachni::Cookie.new(
+                              url:    'http://stuff.com/blah',
+                              inputs: { 'nette-browser' => 'stuff' } )]
+
+            )
+        end
+    end
+
+end

data/spec/components/fingerprinters/frameworks/symphony_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe Arachni::Platform::Fingerprinters::Symfony do
+    include_examples 'fingerprinter'
+
+    def platforms
+        [:php, :symfony]
+    end
+
+    context 'when there is a symfony cookie' do
+        it 'identifies it as Symfony' do
+            check_platforms Arachni::Page.from_data(
+                url:     'http://stuff.com/blah',
+                cookies: [Arachni::Cookie.new(
+                              url:    'http://stuff.com/blah',
+                              inputs: { 'symfony' => 'stuff' } )]
+
+            )
+        end
+    end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arachni
 version: !ruby/object:Gem::Version
-  version: '1.2'
+  version: 1.2.1
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-16 00:00:00.000000000 Z
+date: 2015-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -438,8 +438,10 @@ files:
 - components/fingerprinters/frameworks/cherrypy.rb
 - components/fingerprinters/frameworks/django.rb
 - components/fingerprinters/frameworks/jsf.rb
+- components/fingerprinters/frameworks/nette.rb
 - components/fingerprinters/frameworks/rack.rb
 - components/fingerprinters/frameworks/rails.rb
+- components/fingerprinters/frameworks/symfony.rb
 - components/fingerprinters/languages/asp.rb
 - components/fingerprinters/languages/aspx.rb
 - components/fingerprinters/languages/java.rb
@@ -1111,8 +1113,10 @@ files:
 - spec/components/fingerprinters/frameworks/cherrypy_spec.rb
 - spec/components/fingerprinters/frameworks/django_spec.rb
 - spec/components/fingerprinters/frameworks/jsf_spec.rb
+- spec/components/fingerprinters/frameworks/nette_spec.rb
 - spec/components/fingerprinters/frameworks/rack_spec.rb
 - spec/components/fingerprinters/frameworks/rails_spec.rb
+- spec/components/fingerprinters/frameworks/symphony_spec.rb
 - spec/components/fingerprinters/languages/asp_spec.rb
 - spec/components/fingerprinters/languages/aspx_spec.rb
 - spec/components/fingerprinters/languages/java_spec.rb
@@ -1910,9 +1914,11 @@ test_files:
 - spec/components/fingerprinters/languages/asp_spec.rb
 - spec/components/fingerprinters/frameworks/rails_spec.rb
 - spec/components/fingerprinters/frameworks/django_spec.rb
+- spec/components/fingerprinters/frameworks/symphony_spec.rb
 - spec/components/fingerprinters/frameworks/rack_spec.rb
 - spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb
 - spec/components/fingerprinters/frameworks/cakephp_spec.rb
+- spec/components/fingerprinters/frameworks/nette_spec.rb
 - spec/components/fingerprinters/frameworks/jsf_spec.rb
 - spec/components/fingerprinters/frameworks/cherrypy_spec.rb
 - spec/spec_helper.rb