RubyGems - arachni - Versions diffs - 1.3.2 → 1.4 - Mend

arachni 1.3.2 → 1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (727) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -0
data/Gemfile +2 -6
data/LICENSE.md +1 -1
data/README.md +34 -16
data/Rakefile +1 -1
data/arachni.gemspec +28 -20
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_rest_server +13 -0
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +8 -10
data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +1 -1
data/components/checks/active/file_inclusion.rb +20 -26
data/components/checks/active/ldap_injection.rb +4 -5
data/components/checks/active/no_sql_injection.rb +11 -20
data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
data/components/checks/active/no_sql_injection_differential.rb +3 -4
data/components/checks/active/os_cmd_injection.rb +5 -9
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +4 -17
data/components/checks/active/response_splitting.rb +8 -2
data/components/checks/active/rfi.rb +4 -5
data/components/checks/active/session_fixation.rb +9 -3
data/components/checks/active/source_code_disclosure.rb +5 -20
data/components/checks/active/sql_injection.rb +30 -18
data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
data/components/checks/active/sql_injection/substrings/access +3 -0
data/components/checks/active/sql_injection/substrings/db2 +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
data/components/checks/active/sql_injection/substrings/ingres +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
data/components/checks/active/sql_injection/substrings/mssql +17 -0
data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
data/components/checks/active/sql_injection/substrings/oracle +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
data/components/checks/active/sql_injection/substrings/sqlite +3 -0
data/components/checks/active/sql_injection/substrings/sybase +1 -0
data/components/checks/active/sql_injection_differential.rb +5 -7
data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +5 -4
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +3 -4
data/components/checks/active/xss.rb +33 -12
data/components/checks/active/xss_dom.rb +7 -4
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +43 -20
data/components/checks/active/xss_path.rb +5 -4
data/components/checks/active/xss_script_context.rb +41 -11
data/components/checks/active/xss_tag.rb +14 -15
data/components/checks/active/xxe.rb +5 -16
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +4 -2
data/components/checks/passive/backup_directories.rb +4 -2
data/components/checks/passive/backup_files.rb +4 -2
data/components/checks/passive/common_admin_interfaces.rb +4 -3
data/components/checks/passive/common_directories.rb +3 -1
data/components/checks/passive/common_files.rb +3 -1
data/components/checks/passive/directory_listing.rb +4 -4
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +5 -7
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +135 -8
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +4 -3
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +6 -3
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -3
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +3 -3
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +16 -24
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +1 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +3 -5
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +47 -22
data/components/plugins/metrics.rb +1 -1
data/components/plugins/proxy.rb +69 -44
data/components/plugins/proxy/panel/help.html.erb +1 -18
data/components/plugins/proxy/panel/inspect.html.erb +4 -3
data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
data/components/plugins/proxy/panel/panel.html.erb +2 -7
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +3 -15
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +3 -11
data/components/plugins/waf_detector.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -2
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +29 -4
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +48 -3
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +601 -358
data/lib/arachni/browser/element_locator.rb +25 -6
data/lib/arachni/browser/javascript.rb +103 -35
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +28 -16
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +10 -14
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +12 -40
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +15 -1
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +5 -5
data/lib/arachni/component/manager.rb +39 -13
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +19 -5
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
data/lib/arachni/element/capabilities/auditable.rb +20 -15
data/lib/arachni/element/capabilities/dom_only.rb +5 -4
data/lib/arachni/element/capabilities/inputtable.rb +62 -12
data/lib/arachni/element/capabilities/mutable.rb +74 -13
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +5 -2
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +2 -2
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +4 -4
data/lib/arachni/element/cookie.rb +57 -34
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -15
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
data/lib/arachni/element/form.rb +33 -14
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
data/lib/arachni/element/form/dom.rb +3 -2
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +16 -4
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
data/lib/arachni/element/json.rb +2 -2
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
data/lib/arachni/element/link.rb +14 -7
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
data/lib/arachni/element/link/dom.rb +2 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +8 -3
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +3 -3
data/lib/arachni/element/ui_form.rb +24 -21
data/lib/arachni/element/ui_form/dom.rb +12 -3
data/lib/arachni/element/ui_input.rb +17 -11
data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
data/lib/arachni/element/xml.rb +3 -3
data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +2 -5
data/lib/arachni/framework/parts/audit.rb +8 -2
data/lib/arachni/framework/parts/browser.rb +8 -9
data/lib/arachni/framework/parts/check.rb +2 -6
data/lib/arachni/framework/parts/data.rb +23 -8
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +2 -8
data/lib/arachni/framework/parts/report.rb +3 -9
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +8 -8
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +72 -68
data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
data/lib/arachni/http/cookie_jar.rb +48 -27
data/lib/arachni/http/headers.rb +4 -3
data/lib/arachni/http/message.rb +17 -3
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +46 -344
data/lib/arachni/http/proxy_server/connection.rb +316 -0
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
data/lib/arachni/http/request.rb +126 -29
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +42 -12
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +2 -2
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +20 -4
data/lib/arachni/option_groups/browser_cluster.rb +8 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +2 -2
data/lib/arachni/option_groups/input.rb +6 -3
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +10 -3
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +35 -6
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page.rb +26 -12
data/lib/arachni/page/dom.rb +29 -22
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +42 -5
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +7 -13
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +2 -2
data/lib/arachni/processes/executables/base.rb +45 -4
data/lib/arachni/processes/executables/browser.rb +91 -0
data/lib/arachni/processes/executables/rest_service.rb +14 -0
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +5 -5
data/lib/arachni/processes/manager.rb +68 -9
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +4 -2
data/lib/arachni/reporter/manager.rb +3 -2
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +231 -0
data/lib/arachni/rest/server/instance_helpers.rb +37 -0
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +20 -3
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +4 -4
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +3 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -3
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -2
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +15 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +23 -4
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
data/lib/arachni/session.rb +19 -4
data/lib/arachni/snapshot.rb +9 -5
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +2 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +20 -8
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +8 -9
data/lib/arachni/support/cache/preference.rb +7 -20
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +2 -2
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +35 -0
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +12 -10
data/lib/arachni/support/signature.rb +12 -5
data/lib/arachni/trainer.rb +18 -4
data/lib/arachni/ui/foo/output.rb +17 -1
data/lib/arachni/uri.rb +285 -203
data/lib/arachni/uri/scope.rb +13 -2
data/lib/arachni/utilities.rb +22 -5
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -14
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
data/spec/arachni/browser/javascript_spec.rb +92 -65
data/spec/arachni/browser_cluster/job_spec.rb +3 -3
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
data/spec/arachni/browser_cluster_spec.rb +19 -17
data/spec/arachni/browser_spec.rb +506 -183
data/spec/arachni/check/auditor_spec.rb +70 -25
data/spec/arachni/component/manager_spec.rb +19 -20
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/data/issues_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
data/spec/arachni/element/cookie_spec.rb +98 -49
data/spec/arachni/element/form/dom_spec.rb +1 -22
data/spec/arachni/element/form_spec.rb +7 -7
data/spec/arachni/element/header_spec.rb +2 -2
data/spec/arachni/element/json_spec.rb +2 -2
data/spec/arachni/element/link/dom_spec.rb +1 -22
data/spec/arachni/element/link_spec.rb +17 -1
data/spec/arachni/element/link_template/dom_spec.rb +1 -22
data/spec/arachni/element/link_template_spec.rb +3 -3
data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
data/spec/arachni/element/ui_form_spec.rb +1 -0
data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
data/spec/arachni/element/ui_input_spec.rb +1 -0
data/spec/arachni/element/xml_spec.rb +1 -0
data/spec/arachni/framework/parts/audit_spec.rb +7 -5
data/spec/arachni/framework/parts/browser_spec.rb +8 -8
data/spec/arachni/framework/parts/check_spec.rb +1 -1
data/spec/arachni/framework/parts/data_spec.rb +4 -4
data/spec/arachni/framework/parts/scope_spec.rb +2 -2
data/spec/arachni/framework_spec.rb +1 -1
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
data/spec/arachni/http/client_spec.rb +80 -45
data/spec/arachni/http/cookie_jar_spec.rb +6 -6
data/spec/arachni/http/proxy_server_spec.rb +69 -66
data/spec/arachni/http/request_spec.rb +147 -23
data/spec/arachni/http/response/scope_spec.rb +12 -12
data/spec/arachni/http/response_spec.rb +62 -4
data/spec/arachni/issue_spec.rb +6 -6
data/spec/arachni/option_groups/audit_spec.rb +25 -8
data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
data/spec/arachni/option_groups/input_spec.rb +9 -9
data/spec/arachni/option_groups/paths_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +32 -16
data/spec/arachni/options_spec.rb +4 -4
data/spec/arachni/page/dom/transition_spec.rb +17 -10
data/spec/arachni/page/dom_spec.rb +19 -0
data/spec/arachni/page/scope_spec.rb +4 -4
data/spec/arachni/page_spec.rb +15 -15
data/spec/arachni/platform/manager_spec.rb +2 -2
data/spec/arachni/plugin/base_spec.rb +1 -0
data/spec/arachni/reporter/base_spec.rb +2 -2
data/spec/arachni/reporter/manager_spec.rb +2 -2
data/spec/arachni/rest/server_spec.rb +495 -0
data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
data/spec/arachni/rpc/server/base_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
data/spec/arachni/rpc/server/framework_spec.rb +4 -4
data/spec/arachni/rpc/server/instance_spec.rb +24 -24
data/spec/arachni/ruby/array_spec.rb +2 -2
data/spec/arachni/ruby/string_spec.rb +52 -0
data/spec/arachni/session_spec.rb +19 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/audit_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
data/spec/arachni/support/glob_spec.rb +75 -0
data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +4 -4
data/spec/arachni/trainer_spec.rb +48 -4
data/spec/arachni/uri/scope_spec.rb +54 -10
data/spec/arachni/uri_spec.rb +110 -89
data/spec/arachni/utilities_spec.rb +8 -8
data/spec/components/checks/active/code_injection_spec.rb +9 -9
data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
data/spec/components/checks/active/path_traversal_spec.rb +11 -11
data/spec/components/checks/active/response_splitting_spec.rb +2 -2
data/spec/components/checks/active/rfi_spec.rb +3 -3
data/spec/components/checks/active/session_fixation_spec.rb +1 -1
data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
data/spec/components/checks/active/sql_injection_spec.rb +58 -59
data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_spec.rb +1 -1
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
data/spec/components/plugins/exec_spec.rb +2 -2
data/spec/components/plugins/login_script_spec.rb +22 -2
data/spec/components/plugins/vector_feed_spec.rb +3 -3
data/spec/spec_helper.rb +10 -4
data/spec/support/factories/browser_cluster/job.rb +1 -0
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/request_helpers.rb +38 -0
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +2 -2
data/spec/support/servers/arachni/browser.rb +182 -15
data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +46 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
data/spec/support/servers/checks/active/code_injection.rb +5 -5
data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/sql_injection.rb +5 -2
data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/trainer_check.rb +6 -6
data/spec/support/servers/checks/passive/backdoors.rb +1 -0
data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
data/spec/support/servers/checks/passive/backup_files.rb +2 -0
data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
data/spec/support/shared/check.rb +28 -0
data/spec/support/shared/element/capabilities/auditable.rb +76 -13
data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
data/spec/support/shared/element/capabilities/mutable.rb +86 -14
data/spec/support/shared/element/capabilities/submittable.rb +12 -0
data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
data/spec/support/shared/element/capabilities/with_node.rb +1 -1
data/spec/support/shared/element/capabilities/with_source.rb +1 -6
data/spec/support/shared/element/dom/locatable.rb +20 -0
data/spec/support/shared/element/dom/submittable.rb +4 -17
data/spec/support/shared/http/message.rb +37 -5
data/spec/support/shared/support/cache.rb +5 -4
data/ui/cli/framework.rb +4 -3
data/ui/cli/framework/option_parser.rb +20 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +40 -4
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +4 -4
data/ui/cli/rest/server.rb +43 -0
data/ui/cli/rest/server/option_parser.rb +115 -0
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +197 -84
data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
data/components/checks/active/sql_injection/patterns/access +0 -3
data/components/checks/active/sql_injection/patterns/db2 +0 -5
data/components/checks/active/sql_injection/patterns/frontbase +0 -1
data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
data/components/checks/active/sql_injection/patterns/ingres +0 -3
data/components/checks/active/sql_injection/patterns/maxdb +0 -2
data/components/checks/active/sql_injection/patterns/mssql +0 -25
data/components/checks/active/sql_injection/patterns/oracle +0 -6
data/components/checks/active/sql_injection/patterns/sqlite +0 -5
data/components/checks/active/sql_injection/patterns/sybase +0 -3
data/lib/arachni/ruby/io.rb +0 -39
data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
data/spec/arachni/ruby/io_spec.rb +0 -26

data/spec/arachni/element/ui_input_spec.rb CHANGED

@@ -3,6 +3,7 @@ require 'spec_helper'
 describe Arachni::Element::UIInput do
     html = '<input type=password name="my_first_input" value="my_first_value"" />'
+    it_should_behave_like 'with_auditor'
     it_should_behave_like 'dom_only', html
     def new_element( html )

data/spec/arachni/element/xml_spec.rb CHANGED

@@ -11,6 +11,7 @@ describe Arachni::Element::XML do
     it_should_behave_like 'submittable'
     it_should_behave_like 'inputtable'
     it_should_behave_like 'mutable',
+                          supports_nulls: false,
                           inputs: described_class.parse_inputs( inputtable_source )
     it_should_behave_like 'auditable'

data/spec/arachni/framework/parts/audit_spec.rb CHANGED

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe Arachni::Framework::Parts::Audit do
     include_examples 'framework'
-    describe Arachni::OptionGroups::Scope do
+    describe 'Arachni::OptionGroups::Scope' do
         describe '#exclude_binaries' do
             it 'excludes binary pages from the scan' do
                 audited = []
@@ -169,8 +169,8 @@ describe Arachni::Framework::Parts::Audit do
             expect(subject.sitemap).to include @url + '/link/#/stuff'
         end
-        it "runs #{Arachni::Check::Manager}#without_platforms before #{Arachni::Check::Manager}#with_platforms" do
-            @options.paths.checks  = fixtures_path + '/checks/'
+        it "runs checks without platforms before ones with platforms" do
+            @options.paths.checks = fixtures_path + '/checks/'
             Arachni::Framework.new do |f|
                 f.checks.load_all
@@ -184,10 +184,12 @@ describe Arachni::Framework::Parts::Audit do
                 f.audit_page page
-                expect(responses).to eq(
+                expect(responses.sort).to eq(
                     %w(http://localhost/test3 http://localhost/test
-                        http://localhost/test2)
+                        http://localhost/test2).sort
                 )
+                expect(responses.last).to eq 'http://localhost/test2'
             end
         end

data/spec/arachni/framework/parts/browser_spec.rb CHANGED

@@ -5,7 +5,7 @@ describe Arachni::Framework::Parts::Browser do
     describe '#browser_cluster' do
         context 'when #use_browsers? is' do
-            context true do
+            context 'true' do
                 before do
                     allow(subject).to receive(:use_browsers?) { true }
                 end
@@ -15,7 +15,7 @@ describe Arachni::Framework::Parts::Browser do
                 end
             end
-            context false do
+            context 'false' do
                 before do
                     allow(subject).to receive(:use_browsers?) { false }
                 end
@@ -29,7 +29,7 @@ describe Arachni::Framework::Parts::Browser do
     describe '#use_browsers?' do
         context "when #{Arachni::OptionGroups::BrowserCluster}#pool_size is" do
-            context 0 do
+            context '0' do
                 before do
                     subject.options.browser_cluster.pool_size = 0
                 end
@@ -51,7 +51,7 @@ describe Arachni::Framework::Parts::Browser do
         end
         context "when #{Arachni::OptionGroups::Scope}#dom_depth_limit is" do
-            context 0 do
+            context '0' do
                 before do
                     subject.options.scope.dom_depth_limit = 0
                 end
@@ -73,7 +73,7 @@ describe Arachni::Framework::Parts::Browser do
         end
         context 'when #host_has_browser? is' do
-            context true do
+            context 'true' do
                 before do
                     allow(subject).to receive(:use_browsers?) { true }
                 end
@@ -83,7 +83,7 @@ describe Arachni::Framework::Parts::Browser do
                 end
             end
-            context false do
+            context 'false' do
                 before do
                     allow(subject).to receive(:host_has_browser?) { false }
                 end
@@ -97,7 +97,7 @@ describe Arachni::Framework::Parts::Browser do
     describe '#host_has_browser?' do
         context "when #{Arachni::Browser}.has_executable? is" do
-            context true do
+            context 'true' do
                 before do
                     allow(Arachni::Browser).to receive(:has_executable?) { true }
                 end
@@ -107,7 +107,7 @@ describe Arachni::Framework::Parts::Browser do
                 end
             end
-            context false do
+            context 'false' do
                 before do
                     allow(Arachni::Browser).to receive(:has_executable?) { false }
                 end

data/spec/arachni/framework/parts/check_spec.rb CHANGED

@@ -11,7 +11,7 @@ describe Arachni::Framework::Parts::Check do
     end
     describe '#list_checks' do
-        context 'when a pattern is given' do
+        context 'when a glob is given' do
             it 'uses it to filter out checks that do not match it' do
                 subject.list_checks( 'boo' ).size == 0

data/spec/arachni/framework/parts/data_spec.rb CHANGED

@@ -81,14 +81,14 @@ describe Arachni::Framework::Parts::Data do
         end
         context 'when #accepts_more_pages?' do
-            context false do
+            context 'false' do
                 it 'returns false' do
                     allow(subject).to receive(:accepts_more_pages?) { false }
                     expect(subject.push_to_page_queue( page )).to be_falsey
                 end
             end
-            context true do
+            context 'true' do
                 it 'returns true' do
                     allow(subject).to receive(:accepts_more_pages?) { true }
                     expect(subject.push_to_page_queue( page )).to be_truthy
@@ -147,14 +147,14 @@ describe Arachni::Framework::Parts::Data do
         end
         context 'when #accepts_more_pages?' do
-            context false do
+            context 'false' do
                 it 'returns false' do
                     allow(subject).to receive(:accepts_more_pages?) { false }
                     expect(subject.push_to_url_queue( @url )).to be_falsey
                 end
             end
-            context true do
+            context 'true' do
                 it 'returns true' do
                     allow(subject).to receive(:accepts_more_pages?) { true }
                     expect(subject.push_to_url_queue( @url )).to be_truthy

data/spec/arachni/framework/parts/scope_spec.rb CHANGED

@@ -65,7 +65,7 @@ describe Arachni::Framework::Parts::Scope do
         end
         context 'when #page_limit_reached?' do
-            context true do
+            context 'true' do
                 it 'returns false' do
                     allow(subject).to receive(:page_limit_reached?) { true }
                     expect(subject.accepts_more_pages?).to be_falsey
@@ -74,7 +74,7 @@ describe Arachni::Framework::Parts::Scope do
         end
         context 'when #crawl?' do
-            context false do
+            context 'false' do
                 it 'returns false' do
                     allow(subject).to receive(:crawl?) { false }
                     expect(subject.accepts_more_pages?).to be_falsey

data/spec/arachni/framework_spec.rb CHANGED

@@ -184,7 +184,7 @@ describe Arachni::Framework do
             end
         end
-        describe :runtime do
+        describe ':runtime' do
             context 'when the scan has been running' do
                 it 'returns the runtime in seconds' do
                     subject.run

data/spec/arachni/http/client/dynamic_404_handlers_spec.rb CHANGED

@@ -42,7 +42,19 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
         context 'when dealing with a dynamic handler' do
             context 'which at any point returns non-200' do
                 it 'aborts the check' do
-                    response = client.get( url + 'dynamic/erratic', mode: :sync )
+                    response = client.get( url + 'dynamic/erratic/code/test', mode: :sync )
+                    check = nil
+                    subject._404?( response ) { |bool| check = bool }
+                    client.run
+                    expect(check).to be_nil
+                end
+            end
+            context 'which is too erratic' do
+                it 'aborts the check' do
+                    response = client.get( url + 'dynamic/erratic/body/test', mode: :sync )
                     check = nil
                     subject._404?( response ) { |bool| check = bool }
@@ -57,18 +69,19 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                     res = nil
                     client.get( url + 'dynamic/crap' ) { |c_res| res = c_res }
                     client.run
-                    bool = false
+                    bool = nil
                     subject._404?( res ) { |c_bool| bool = c_bool }
                     client.run
                     expect(bool).to be_truthy
                 end
             end
             context 'which includes constantly changing text in the response' do
                 it 'returns true' do
                     res = nil
                     client.get( url + 'random/crap' ) { |c_res| res = c_res }
                     client.run
-                    bool = false
+                    bool = nil
                     subject._404?( res ) { |c_bool| bool = c_bool }
                     client.run
                     expect(bool).to be_truthy
@@ -79,7 +92,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                     res = nil
                     client.get( url + 'combo/crap' ) { |c_res| res = c_res }
                     client.run
-                    bool = false
+                    bool = nil
                     subject._404?( res ) { |c_bool| bool = c_bool }
                     client.run
                     expect(bool).to be_truthy
@@ -93,7 +106,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                         client.get( url + 'advanced/sensitive-ext/blah.html2' ) { |c_res| res = c_res }
                         client.run
-                        bool = false
+                        bool = nil
                         subject._404?( res ) { |c_bool| bool = c_bool }
                         client.run
@@ -115,7 +128,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                 client.get( url + 'static/crap' ) { |c_res| res = c_res }
                 client.run
-                bool = false
+                bool = nil
                 subject._404?( res ) { |c_bool| bool = c_bool }
                 client.run
                 expect(bool).to be_truthy
@@ -135,7 +148,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                     overhead += 1
                 end
-                bool = false
+                bool = nil
                 subject._404?( res ) { |c_bool| bool = c_bool }
                 client.run
                 expect(bool).to be_truthy
@@ -231,7 +244,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
     describe 'needs_check?' do
         context 'when #checked?' do
-            context false do
+            context 'false' do
                 before(:each) { allow(subject).to receive(:checked?) { false } }
                 it 'returns true' do
@@ -239,7 +252,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                 end
                 context 'and #checked_and_static?' do
-                    context false do
+                    context 'false' do
                         before(:each) { allow(subject).to receive(:checked_and_static?) { false } }
                         it 'returns true' do
@@ -247,7 +260,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                         end
                     end
-                    context true do
+                    context 'true' do
                         before(:each) { allow(subject).to receive(:checked_and_static?) { true } }
                         it 'returns true' do
@@ -257,7 +270,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                 end
             end
-            context true do
+            context 'true' do
                 before(:each) { allow(subject).to receive(:checked?) { true } }
                 it 'returns true' do
@@ -265,7 +278,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                 end
                 context 'and #checked_and_static?' do
-                    context true do
+                    context 'true' do
                         before(:each) { allow(subject).to receive(:checked_and_static?) { true } }
                         it 'returns false' do
@@ -273,7 +286,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
                         end
                     end
-                    context false do
+                    context 'false' do
                         before(:each) { allow(subject).to receive(:checked_and_static?) { false } }
                         it 'returns true' do

data/spec/arachni/http/client_spec.rb CHANGED

@@ -35,6 +35,41 @@ describe Arachni::HTTP::Client do
         expect(YAML.load( body )).to eq({ 'stuff' => "=stuf \00 here==" })
     end
+    describe '#reset_options' do
+        it 'resets #max_concurrency' do
+            Arachni::Options.http.request_concurrency = 10
+            subject.max_concurrency = 1
+            subject.reset_options
+            expect(subject.max_concurrency).to eq 10
+        end
+        it 'resets User-Agent headers' do
+            Arachni::Options.http.user_agent = 'Stuff'
+            subject.headers['User-Agent'] = 'Other stuff'
+            subject.reset_options
+            expect(subject.headers['User-Agent']).to eq 'Stuff'
+        end
+        it 'resets custom headers' do
+            Arachni::Options.http.request_headers = {
+                'X-Stuff' => '1'
+            }
+            subject.headers['X-Stuff'] = '2'
+            subject.reset_options
+            expect(subject.headers['X-Stuff']).to eq '1'
+        end
+        it 'clears custom headers' do
+            subject.headers['X-Stuff'] = '2'
+            subject.reset_options
+            expect(subject.headers).to_not include 'X-Stuff'
+        end
+    end
     describe '#statistics' do
         let(:statistics) { subject.statistics }
@@ -61,8 +96,7 @@ describe Arachni::HTTP::Client do
                     expect(code).to eq(401)
                     url = Arachni::Utilities.uri_parse( "#{@opts.url}auth/simple-chars" )
-                    url.user = 'username'
-                    url.password = 'password'
+                    url.userinfo = 'username:password'
                     @opts.url = url.to_s
                     body = nil
@@ -74,7 +108,7 @@ describe Arachni::HTTP::Client do
         end
         describe '#fingerprint?' do
-            context true do
+            context 'true' do
                 it 'performs platform fingerprinting on the response' do
                     Arachni::Options.fingerprint
@@ -86,7 +120,7 @@ describe Arachni::HTTP::Client do
                 end
             end
-            context false do
+            context 'false' do
                 it 'does not fingerprint the response' do
                     Arachni::Platform::Manager.clear
                     Arachni::Options.do_not_fingerprint
@@ -103,7 +137,7 @@ describe Arachni::HTTP::Client do
     describe Arachni::OptionGroups::HTTP do
         describe '#request_concurrency' do
-            context Integer do
+            context 'Integer' do
                 it 'uses it as a max_concurrency' do
                     @opts.http.request_concurrency = 34
                     subject.reset
@@ -140,7 +174,7 @@ describe Arachni::HTTP::Client do
         end
         describe '#request_timeout' do
-            context Integer do
+            context 'Integer' do
                 it 'uses it as an HTTP timeout' do
                     @opts.http.request_timeout = 10000000000
                     timed_out = false
@@ -198,7 +232,7 @@ describe Arachni::HTTP::Client do
                 expect(body).to eq(@opts.http.user_agent)
                 expect(@opts.http.user_agent).to eq(Arachni::OptionGroups::HTTP.defaults[:user_agent])
             end
-            context String do
+            context 'String' do
                 it 'uses it as a user-agent' do
                     ua = 'my user agent'
                     @opts.http.user_agent = ua.dup
@@ -213,7 +247,7 @@ describe Arachni::HTTP::Client do
         end
         describe '#request_redirect_limit' do
-            context Integer do
+            context 'Integer' do
                 it 'should not exceed that amount of redirects' do
                     @opts.http.request_redirect_limit = 2
                     code = nil
@@ -579,7 +613,8 @@ describe Arachni::HTTP::Client do
             expect(subject.request( @url, mode: :sync ).request.headers_string).to eq(
                 "GET / HTTP/1.1\r\nHost: #{host}\r\nAccept-Encoding: gzip, " +
                     "deflate\r\nUser-Agent: Arachni/v#{Arachni::VERSION}\r\nAccept: text/html," +
-                    "application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n\r\n"
+                    "application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
+                    "Accept-Language: en-US,en;q=0.8,he;q=0.6\r\n\r\n"
             )
         end
@@ -594,7 +629,7 @@ describe Arachni::HTTP::Client do
             ).request.effective_body).to eq("1=%202&%203=4")
         end
-        describe :fingerprint do
+        describe ':fingerprint' do
             before do
                 Arachni::Platform::Manager.clear
             end
@@ -609,7 +644,7 @@ describe Arachni::HTTP::Client do
                 end
             end
-            context true do
+            context 'true' do
                 it 'performs platform fingerprinting on the response' do
                     res = nil
                     subject.request( @url + '/fingerprint.php', fingerprint: true ) { |c_res| res = c_res }
@@ -619,7 +654,7 @@ describe Arachni::HTTP::Client do
                 end
             end
-            context false do
+            context 'false' do
                 it 'does not fingerprint the response' do
                     res = nil
                     subject.request( @url + '/fingerprint.php', fingerprint: false ) { |c_res| res = c_res }
@@ -630,7 +665,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :response_max_size do
+        describe ':response_max_size' do
             context 'when not specified' do
                 context "and #{Arachni::OptionGroups::HTTP}#response_max_size is specified" do
                     context 'when response bodies are larger that its value' do
@@ -774,8 +809,8 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :no_cookie_jar do
-            context true do
+        describe ':no_cookie_jar' do
+            context 'true' do
                 it 'skips the cookie-jar' do
                     body = nil
                     subject.request( @url + '/cookies', no_cookie_jar: true ) { |res| body = res.body }
@@ -783,9 +818,9 @@ describe Arachni::HTTP::Client do
                     expect(YAML.load( body )).to eq({})
                 end
             end
-            context false do
-                it 'uses the cookie_jar' do
-                    @opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
+            context 'false' do
+                it 'uses the raw data from the cookie jar' do
+                    @opts.http.cookie_string = 'my_cookie_name="val1";"blah_name"=val2;another_name=another_val'
                     expect(subject.cookie_jar.cookies).to be_empty
                     subject.reset
@@ -794,8 +829,8 @@ describe Arachni::HTTP::Client do
                     subject.request( @url + '/cookies', no_cookie_jar: false ) { |res| body = res.body }
                     subject.run
                     expect(YAML.load( body )).to eq({
-                        'my_cookie_name' => 'val1',
-                        'blah_name' => 'val2',
+                        'my_cookie_name' => '"val1"',
+                        '"blah_name"' => 'val2',
                         'another_name' => 'another_val'
                     })
                 end
@@ -822,24 +857,24 @@ describe Arachni::HTTP::Client do
             end
             context 'nil' do
                 it 'defaults to false' do
-                    @opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
+                    @opts.http.cookie_string = 'my_cookie_name="val1";"blah_name"=val2;another_name=another_val'
                     expect(subject.cookie_jar.cookies).to be_empty
                     subject.reset
                     body = nil
-                    subject.request( @url + '/cookies' ) { |res| body = res.body }
+                    subject.request( @url + '/cookies', no_cookie_jar: false ) { |res| body = res.body }
                     subject.run
                     expect(YAML.load( body )).to eq({
-                        'my_cookie_name' => 'val1',
-                        'blah_name' => 'val2',
+                        'my_cookie_name' => '"val1"',
+                        '"blah_name"' => 'val2',
                         'another_name' => 'another_val'
                     })
                 end
             end
         end
-        describe :body do
+        describe ':body' do
             it 'uses its value as a request body' do
                 req_body = 'heyaya'
                 body = nil
@@ -849,7 +884,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :method do
+        describe ':method' do
             describe 'nil' do
                 it 'performs a GET HTTP request' do
                     body = nil
@@ -858,7 +893,7 @@ describe Arachni::HTTP::Client do
                     expect(body).to eq('GET')
                 end
             end
-            describe :get do
+            describe ':get' do
                 it 'performs a GET HTTP request' do
                     body = nil
                     subject.request( @url, method: :get ) { |res| body = res.body }
@@ -880,7 +915,7 @@ describe Arachni::HTTP::Client do
                     end
                 end
             end
-            describe :post do
+            describe ':post' do
                 it 'performs a POST HTTP request' do
                     body = nil
                     subject.request( @url, method: :post ) { |res| body = res.body }
@@ -888,7 +923,7 @@ describe Arachni::HTTP::Client do
                     expect(body).to eq('POST')
                 end
             end
-            describe :put do
+            describe ':put' do
                 it 'performs a PUT HTTP request' do
                     body = nil
                     subject.request( @url, method: :put ) { |res| body = res.body }
@@ -896,7 +931,7 @@ describe Arachni::HTTP::Client do
                     expect(body).to eq('PUT')
                 end
             end
-            describe :options do
+            describe ':options' do
                 it 'performs a OPTIONS HTTP request' do
                     body = nil
                     subject.request( @url, method: :options ) { |res| body = res.body }
@@ -904,7 +939,7 @@ describe Arachni::HTTP::Client do
                     expect(body).to eq('OPTIONS')
                 end
             end
-            describe :delete do
+            describe ':delete' do
                 it 'performs a POST HTTP request' do
                     body = nil
                     subject.request( @url, method: :delete ) { |res| body = res.body }
@@ -914,7 +949,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :parameters do
+        describe ':parameters' do
             it 'specifies the query params as a hash' do
                 body = nil
                 params = { 'param' => 'value' }
@@ -932,7 +967,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :body do
+        describe ':body' do
             it 'properly encodes special characters' do
                 body = nil
                 params = { '% param\ +=&;' => '% value\ +=&;', 'nil' => nil }
@@ -950,7 +985,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :timeout do
+        describe ':timeout' do
             describe 'nil' do
                 it 'runs without a timeout' do
                     timed_out = false
@@ -993,7 +1028,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :cookies do
+        describe ':cookies' do
             it 'preserves nullbytess' do
                 cookies = { "name\0" => "val\0" }
                 body = nil
@@ -1087,7 +1122,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :mode do
+        describe ':mode' do
             describe 'nil' do
                 it 'performs the request asynchronously' do
                     performed = false
@@ -1096,7 +1131,7 @@ describe Arachni::HTTP::Client do
                     expect(performed).to be_truthy
                 end
             end
-            describe :async do
+            describe ':async' do
                 it 'performs the request asynchronously' do
                     performed = false
                     subject.request( @url, mode: :sync ) { performed = true }
@@ -1104,7 +1139,7 @@ describe Arachni::HTTP::Client do
                     expect(performed).to be_truthy
                 end
             end
-            describe :sync do
+            describe ':sync' do
                 it 'performs the request synchronously and returns the response' do
                     expect(subject.request( @url, mode: :sync )).to be_kind_of Arachni::HTTP::Response
                 end
@@ -1127,7 +1162,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :headers do
+        describe ':headers' do
             describe 'nil' do
                 it 'uses the default headers' do
                     body = nil
@@ -1150,7 +1185,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :update_cookies do
+        describe ':update_cookies' do
             describe 'nil' do
                 it 'skips the cookie_jar' do
                     cookies = []
@@ -1165,7 +1200,7 @@ describe Arachni::HTTP::Client do
                 end
             end
-            describe false do
+            describe 'false' do
                 it 'skips the cookie_jar' do
                     cookies = []
                     cookies << Arachni::Element::Cookie.new(
@@ -1179,7 +1214,7 @@ describe Arachni::HTTP::Client do
                 end
             end
-            describe true do
+            describe 'true' do
                 it 'updates the cookie_jar' do
                     cookies = []
                     cookies << Arachni::Element::Cookie.new(
@@ -1196,7 +1231,7 @@ describe Arachni::HTTP::Client do
             end
         end
-        describe :follow_location do
+        describe ':follow_location' do
             describe 'nil' do
                 it 'ignores redirects' do
                     res = nil
@@ -1206,7 +1241,7 @@ describe Arachni::HTTP::Client do
                     expect(res.body).to eq('')
                 end
             end
-            describe false do
+            describe 'false' do
                 it 'ignores redirects' do
                     res = nil
                     subject.request( @url + '/follow_location', follow_location: false ) { |c_res| res = c_res }
@@ -1215,7 +1250,7 @@ describe Arachni::HTTP::Client do
                     expect(res.body).to eq('')
                 end
             end
-            describe true do
+            describe 'true' do
                 it 'follows redirects' do
                     res = nil
                     subject.request( @url + '/follow_location', follow_location: true ) { |c_res| res = c_res }