RubyGems - arachni - Versions diffs - 1.3.2 → 1.4 - Mend

arachni 1.3.2 → 1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (727) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -0
data/Gemfile +2 -6
data/LICENSE.md +1 -1
data/README.md +34 -16
data/Rakefile +1 -1
data/arachni.gemspec +28 -20
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_rest_server +13 -0
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +8 -10
data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +1 -1
data/components/checks/active/file_inclusion.rb +20 -26
data/components/checks/active/ldap_injection.rb +4 -5
data/components/checks/active/no_sql_injection.rb +11 -20
data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
data/components/checks/active/no_sql_injection_differential.rb +3 -4
data/components/checks/active/os_cmd_injection.rb +5 -9
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +4 -17
data/components/checks/active/response_splitting.rb +8 -2
data/components/checks/active/rfi.rb +4 -5
data/components/checks/active/session_fixation.rb +9 -3
data/components/checks/active/source_code_disclosure.rb +5 -20
data/components/checks/active/sql_injection.rb +30 -18
data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
data/components/checks/active/sql_injection/substrings/access +3 -0
data/components/checks/active/sql_injection/substrings/db2 +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
data/components/checks/active/sql_injection/substrings/ingres +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
data/components/checks/active/sql_injection/substrings/mssql +17 -0
data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
data/components/checks/active/sql_injection/substrings/oracle +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
data/components/checks/active/sql_injection/substrings/sqlite +3 -0
data/components/checks/active/sql_injection/substrings/sybase +1 -0
data/components/checks/active/sql_injection_differential.rb +5 -7
data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +5 -4
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +3 -4
data/components/checks/active/xss.rb +33 -12
data/components/checks/active/xss_dom.rb +7 -4
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +43 -20
data/components/checks/active/xss_path.rb +5 -4
data/components/checks/active/xss_script_context.rb +41 -11
data/components/checks/active/xss_tag.rb +14 -15
data/components/checks/active/xxe.rb +5 -16
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +4 -2
data/components/checks/passive/backup_directories.rb +4 -2
data/components/checks/passive/backup_files.rb +4 -2
data/components/checks/passive/common_admin_interfaces.rb +4 -3
data/components/checks/passive/common_directories.rb +3 -1
data/components/checks/passive/common_files.rb +3 -1
data/components/checks/passive/directory_listing.rb +4 -4
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +5 -7
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +135 -8
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +4 -3
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +6 -3
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -3
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +3 -3
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +16 -24
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +1 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +3 -5
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +47 -22
data/components/plugins/metrics.rb +1 -1
data/components/plugins/proxy.rb +69 -44
data/components/plugins/proxy/panel/help.html.erb +1 -18
data/components/plugins/proxy/panel/inspect.html.erb +4 -3
data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
data/components/plugins/proxy/panel/panel.html.erb +2 -7
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +3 -15
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +3 -11
data/components/plugins/waf_detector.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -2
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +29 -4
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +48 -3
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +601 -358
data/lib/arachni/browser/element_locator.rb +25 -6
data/lib/arachni/browser/javascript.rb +103 -35
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +28 -16
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +10 -14
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +12 -40
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +15 -1
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +5 -5
data/lib/arachni/component/manager.rb +39 -13
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +19 -5
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
data/lib/arachni/element/capabilities/auditable.rb +20 -15
data/lib/arachni/element/capabilities/dom_only.rb +5 -4
data/lib/arachni/element/capabilities/inputtable.rb +62 -12
data/lib/arachni/element/capabilities/mutable.rb +74 -13
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +5 -2
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +2 -2
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +4 -4
data/lib/arachni/element/cookie.rb +57 -34
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -15
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
data/lib/arachni/element/form.rb +33 -14
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
data/lib/arachni/element/form/dom.rb +3 -2
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +16 -4
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
data/lib/arachni/element/json.rb +2 -2
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
data/lib/arachni/element/link.rb +14 -7
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
data/lib/arachni/element/link/dom.rb +2 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +8 -3
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +3 -3
data/lib/arachni/element/ui_form.rb +24 -21
data/lib/arachni/element/ui_form/dom.rb +12 -3
data/lib/arachni/element/ui_input.rb +17 -11
data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
data/lib/arachni/element/xml.rb +3 -3
data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +2 -5
data/lib/arachni/framework/parts/audit.rb +8 -2
data/lib/arachni/framework/parts/browser.rb +8 -9
data/lib/arachni/framework/parts/check.rb +2 -6
data/lib/arachni/framework/parts/data.rb +23 -8
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +2 -8
data/lib/arachni/framework/parts/report.rb +3 -9
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +8 -8
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +72 -68
data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
data/lib/arachni/http/cookie_jar.rb +48 -27
data/lib/arachni/http/headers.rb +4 -3
data/lib/arachni/http/message.rb +17 -3
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +46 -344
data/lib/arachni/http/proxy_server/connection.rb +316 -0
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
data/lib/arachni/http/request.rb +126 -29
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +42 -12
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +2 -2
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +20 -4
data/lib/arachni/option_groups/browser_cluster.rb +8 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +2 -2
data/lib/arachni/option_groups/input.rb +6 -3
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +10 -3
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +35 -6
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page.rb +26 -12
data/lib/arachni/page/dom.rb +29 -22
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +42 -5
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +7 -13
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +2 -2
data/lib/arachni/processes/executables/base.rb +45 -4
data/lib/arachni/processes/executables/browser.rb +91 -0
data/lib/arachni/processes/executables/rest_service.rb +14 -0
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +5 -5
data/lib/arachni/processes/manager.rb +68 -9
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +4 -2
data/lib/arachni/reporter/manager.rb +3 -2
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +231 -0
data/lib/arachni/rest/server/instance_helpers.rb +37 -0
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +20 -3
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +4 -4
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +3 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -3
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -2
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +15 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +23 -4
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
data/lib/arachni/session.rb +19 -4
data/lib/arachni/snapshot.rb +9 -5
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +2 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +20 -8
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +8 -9
data/lib/arachni/support/cache/preference.rb +7 -20
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +2 -2
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +35 -0
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +12 -10
data/lib/arachni/support/signature.rb +12 -5
data/lib/arachni/trainer.rb +18 -4
data/lib/arachni/ui/foo/output.rb +17 -1
data/lib/arachni/uri.rb +285 -203
data/lib/arachni/uri/scope.rb +13 -2
data/lib/arachni/utilities.rb +22 -5
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -14
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
data/spec/arachni/browser/javascript_spec.rb +92 -65
data/spec/arachni/browser_cluster/job_spec.rb +3 -3
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
data/spec/arachni/browser_cluster_spec.rb +19 -17
data/spec/arachni/browser_spec.rb +506 -183
data/spec/arachni/check/auditor_spec.rb +70 -25
data/spec/arachni/component/manager_spec.rb +19 -20
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/data/issues_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
data/spec/arachni/element/cookie_spec.rb +98 -49
data/spec/arachni/element/form/dom_spec.rb +1 -22
data/spec/arachni/element/form_spec.rb +7 -7
data/spec/arachni/element/header_spec.rb +2 -2
data/spec/arachni/element/json_spec.rb +2 -2
data/spec/arachni/element/link/dom_spec.rb +1 -22
data/spec/arachni/element/link_spec.rb +17 -1
data/spec/arachni/element/link_template/dom_spec.rb +1 -22
data/spec/arachni/element/link_template_spec.rb +3 -3
data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
data/spec/arachni/element/ui_form_spec.rb +1 -0
data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
data/spec/arachni/element/ui_input_spec.rb +1 -0
data/spec/arachni/element/xml_spec.rb +1 -0
data/spec/arachni/framework/parts/audit_spec.rb +7 -5
data/spec/arachni/framework/parts/browser_spec.rb +8 -8
data/spec/arachni/framework/parts/check_spec.rb +1 -1
data/spec/arachni/framework/parts/data_spec.rb +4 -4
data/spec/arachni/framework/parts/scope_spec.rb +2 -2
data/spec/arachni/framework_spec.rb +1 -1
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
data/spec/arachni/http/client_spec.rb +80 -45
data/spec/arachni/http/cookie_jar_spec.rb +6 -6
data/spec/arachni/http/proxy_server_spec.rb +69 -66
data/spec/arachni/http/request_spec.rb +147 -23
data/spec/arachni/http/response/scope_spec.rb +12 -12
data/spec/arachni/http/response_spec.rb +62 -4
data/spec/arachni/issue_spec.rb +6 -6
data/spec/arachni/option_groups/audit_spec.rb +25 -8
data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
data/spec/arachni/option_groups/input_spec.rb +9 -9
data/spec/arachni/option_groups/paths_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +32 -16
data/spec/arachni/options_spec.rb +4 -4
data/spec/arachni/page/dom/transition_spec.rb +17 -10
data/spec/arachni/page/dom_spec.rb +19 -0
data/spec/arachni/page/scope_spec.rb +4 -4
data/spec/arachni/page_spec.rb +15 -15
data/spec/arachni/platform/manager_spec.rb +2 -2
data/spec/arachni/plugin/base_spec.rb +1 -0
data/spec/arachni/reporter/base_spec.rb +2 -2
data/spec/arachni/reporter/manager_spec.rb +2 -2
data/spec/arachni/rest/server_spec.rb +495 -0
data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
data/spec/arachni/rpc/server/base_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
data/spec/arachni/rpc/server/framework_spec.rb +4 -4
data/spec/arachni/rpc/server/instance_spec.rb +24 -24
data/spec/arachni/ruby/array_spec.rb +2 -2
data/spec/arachni/ruby/string_spec.rb +52 -0
data/spec/arachni/session_spec.rb +19 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/audit_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
data/spec/arachni/support/glob_spec.rb +75 -0
data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +4 -4
data/spec/arachni/trainer_spec.rb +48 -4
data/spec/arachni/uri/scope_spec.rb +54 -10
data/spec/arachni/uri_spec.rb +110 -89
data/spec/arachni/utilities_spec.rb +8 -8
data/spec/components/checks/active/code_injection_spec.rb +9 -9
data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
data/spec/components/checks/active/path_traversal_spec.rb +11 -11
data/spec/components/checks/active/response_splitting_spec.rb +2 -2
data/spec/components/checks/active/rfi_spec.rb +3 -3
data/spec/components/checks/active/session_fixation_spec.rb +1 -1
data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
data/spec/components/checks/active/sql_injection_spec.rb +58 -59
data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_spec.rb +1 -1
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
data/spec/components/plugins/exec_spec.rb +2 -2
data/spec/components/plugins/login_script_spec.rb +22 -2
data/spec/components/plugins/vector_feed_spec.rb +3 -3
data/spec/spec_helper.rb +10 -4
data/spec/support/factories/browser_cluster/job.rb +1 -0
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/request_helpers.rb +38 -0
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +2 -2
data/spec/support/servers/arachni/browser.rb +182 -15
data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +46 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
data/spec/support/servers/checks/active/code_injection.rb +5 -5
data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/sql_injection.rb +5 -2
data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/trainer_check.rb +6 -6
data/spec/support/servers/checks/passive/backdoors.rb +1 -0
data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
data/spec/support/servers/checks/passive/backup_files.rb +2 -0
data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
data/spec/support/shared/check.rb +28 -0
data/spec/support/shared/element/capabilities/auditable.rb +76 -13
data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
data/spec/support/shared/element/capabilities/mutable.rb +86 -14
data/spec/support/shared/element/capabilities/submittable.rb +12 -0
data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
data/spec/support/shared/element/capabilities/with_node.rb +1 -1
data/spec/support/shared/element/capabilities/with_source.rb +1 -6
data/spec/support/shared/element/dom/locatable.rb +20 -0
data/spec/support/shared/element/dom/submittable.rb +4 -17
data/spec/support/shared/http/message.rb +37 -5
data/spec/support/shared/support/cache.rb +5 -4
data/ui/cli/framework.rb +4 -3
data/ui/cli/framework/option_parser.rb +20 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +40 -4
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +4 -4
data/ui/cli/rest/server.rb +43 -0
data/ui/cli/rest/server/option_parser.rb +115 -0
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +197 -84
data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
data/components/checks/active/sql_injection/patterns/access +0 -3
data/components/checks/active/sql_injection/patterns/db2 +0 -5
data/components/checks/active/sql_injection/patterns/frontbase +0 -1
data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
data/components/checks/active/sql_injection/patterns/ingres +0 -3
data/components/checks/active/sql_injection/patterns/maxdb +0 -2
data/components/checks/active/sql_injection/patterns/mssql +0 -25
data/components/checks/active/sql_injection/patterns/oracle +0 -6
data/components/checks/active/sql_injection/patterns/sqlite +0 -5
data/components/checks/active/sql_injection/patterns/sybase +0 -3
data/lib/arachni/ruby/io.rb +0 -39
data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
data/spec/arachni/ruby/io_spec.rb +0 -26

data/spec/arachni/session_spec.rb CHANGED

@@ -222,6 +222,23 @@ describe Arachni::Session do
         end
         context 'when a login check is available' do
+            it 'takes into account #check_options' do
+                subject.check_options = {
+                    cookies: {
+                        'custom-cookie' => 'value'
+                    }
+                }
+                Arachni::Options.session.check_url = @url
+                expect(subject.http).to receive(:request).with(
+                    Arachni::Options.session.check_url,
+                    hash_including( subject.check_options )
+                )
+                configured.logged_in?
+            end
             context 'and a valid session is available' do
                 it 'returns true' do
                     configured.login
@@ -365,7 +382,7 @@ describe Arachni::Session do
             end
         end
         context 'when passed an :action' do
-            context Regexp do
+            context 'Regexp' do
                 it 'should use it to match against form actions' do
                     expect(subject.find_login_form(
                         url:    @url + '/multiple',
@@ -373,7 +390,7 @@ describe Arachni::Session do
                     ).coverage_id).to eq(@id)
                 end
             end
-            context String do
+            context 'String' do
                 it 'should use it to match against form actions' do
                     expect(subject.find_login_form(
                         url:    @url + '/multiple',

data/spec/arachni/snapshot_spec.rb CHANGED

@@ -8,7 +8,7 @@ describe Arachni::Snapshot do
     subject { described_class }
     let(:dump_archive) do
-        @dump_archive = "#{Dir.tmpdir}/snapshot-#{Arachni::Utilities.generate_token}.afs"
+        @dump_archive = "#{Arachni.tmpdir}/snapshot-#{Arachni::Utilities.generate_token}.afs"
     end
     describe '.summary' do

data/spec/arachni/state/audit_spec.rb CHANGED

@@ -37,7 +37,7 @@ describe Arachni::State::Audit do
         context 'when an operation is not included' do
             it 'returns false' do
                 subject << audit_id
-                expect(subject).not_to include "#{audit_id}2"
+                expect(subject.include?( "#{audit_id}2")).to be_falsey
             end
         end
     end

data/spec/arachni/state/framework_spec.rb CHANGED

@@ -40,7 +40,7 @@ describe Arachni::State::Framework do
     describe '#add_status_message' do
         context 'when given a message of type' do
-            context String do
+            context 'String' do
                 it 'pushes it to #status_messages' do
                     message = 'Hey!'
                     subject.add_status_message message
@@ -49,7 +49,7 @@ describe Arachni::State::Framework do
                 end
             end
-            context Symbol do
+            context 'Symbol' do
                 context 'and it exists in #available_status_messages' do
                     it 'pushes the associated message to #status_messages' do
                         subject.add_status_message :suspending

data/spec/arachni/support/cache/least_recently_used_spec.rb CHANGED

@@ -14,8 +14,6 @@ describe Arachni::Support::Cache::LeastRecentlyUsed do
         expect(subject.size).to eq(3)
-        ap subject
         expect(subject[:k]).to be_truthy
         expect(subject[:k4]).to be_truthy
         expect(subject[:k3]).to be_truthy

data/spec/arachni/support/glob_spec.rb ADDED

@@ -0,0 +1,75 @@
+require 'spec_helper'
+describe Arachni::Support::Glob do
+    let(:conversions) do
+        {
+            '*'      => /^.*?$/i,
+            'test*'  => /^test.*?$/i,
+            '*test*' => /^.*?test.*?$/i,
+            '*/*'    => /^.*?\/.*?$/i
+        }
+    end
+    let(:matches) do
+        [
+            ['*',       '',                 true],
+            ['*',       'stuff',            true],
+            ['test*',   'stuff',            false],
+            ['test*',   'teststuff',        true],
+            ['test*',   'tEsTstuff',        true],
+            ['test*',   'stuffteststuff',   false],
+            ['*test*',  'stuffteststuff',   true],
+            ['*test*',  'stufftEsTstuff',   true],
+            ['*test*',  'stuff',            false],
+            ['*test*',  'teststuff',        true],
+            ['*test*',  'stufftest',        true],
+            ['*/*',     'test',             false],
+            ['*/*',     'test/',            true],
+            ['*/*',     'test/stuff',       true]
+        ]
+    end
+    describe '.to_regexp' do
+        it 'converts a glog to a regexp' do
+            conversions.each do |glob, regexp|
+                expect(described_class.to_regexp( glob )).to eq regexp
+            end
+        end
+    end
+    describe '#regexp' do
+        it 'returns the glob as a regexp' do
+            conversions.each do |glob, regexp|
+                expect(described_class.new( glob ).regexp).to eq regexp
+            end
+        end
+    end
+    describe '#match?' do
+        it 'checks whether or not the glob matches the string' do
+            matches.each do |glob, string, result|
+                expect(described_class.new( glob ).match?( string )).to eq result
+            end
+        end
+    end
+    describe '#matches?' do
+        it 'checks whether or not the glob matches the string' do
+            matches.each do |glob, string, result|
+                expect(described_class.new( glob ).matches?( string )).to eq result
+            end
+        end
+    end
+    describe '=~' do
+        it 'checks whether or not the glob matches the string' do
+            matches.each do |glob, string, result|
+                expect(described_class.new( glob ) =~ string ).to eq result
+            end
+        end
+    end
+end

data/spec/arachni/support/lookup/hash_set_spec.rb CHANGED

@@ -25,7 +25,7 @@ describe Arachni::Support::LookUp::HashSet do
             subject.replace new
             expect(subject).to include 'test2'
-            expect(subject).not_to include 'test'
+            expect(subject.include?( 'test' )).to be_falsey
         end
     end

data/spec/arachni/support/lookup/moolb_spec.rb CHANGED

@@ -4,7 +4,7 @@ describe Arachni::Support::LookUp::Moolb do
     it_behaves_like 'lookup'
     describe '#initialize' do
-        describe :strategy do
+        describe ':strategy' do
             it 'sets the strategy for the internal cache' do
                 options = {
                     strategy: Arachni::Support::Cache::LeastRecentlyUsed,
@@ -24,7 +24,7 @@ describe Arachni::Support::LookUp::Moolb do
                 end
             end
         end
-        describe :max_size do
+        describe ':max_size' do
             it 'sets the maximum size of the cache' do
                 options = { max_size: 3 }

data/spec/arachni/support/signature_spec.rb CHANGED

@@ -19,7 +19,7 @@ describe Arachni::Support::Signature do
     describe '#initialize' do
         describe 'option' do
-            describe :threshold do
+            describe ':threshold' do
                 it 'sets the maximum difference ratio when performing comparisons' do
                     seed1 = 'test this here 1'
                     seed2 = 'test that here 2'
@@ -98,12 +98,12 @@ describe Arachni::Support::Signature do
             signature3 = described_class.new( different_string_with_noise )
             signature4 = described_class.new( different_string_with_noise )
-            expect(signature1.differences( signature2 ).round(3)).to eq(0.348)
+            expect(signature1.differences( signature2 ).round(3)).to eq(0.4)
             expect(signature2.differences( signature2 )).to eq(0)
-            expect(signature3.differences( signature4 )).to eq(0.2)
+            expect(signature3.differences( signature4 ).round(3)).to eq(0.286)
             expect(signature4.differences( signature4 )).to eq(0)
-            expect(signature1.differences( signature3 ).round(3)).to eq(0.667)
+            expect(signature1.differences( signature3 ).round(3)).to eq(0.778)
         end
     end

data/spec/arachni/trainer_spec.rb CHANGED

@@ -84,7 +84,7 @@ describe Arachni::Trainer do
                 expect(@framework.pages.size).to eq(0)
             end
         end
-        describe false do
+        describe 'false' do
             it 'skips the Trainer' do
                 expect(@framework.pages.size).to eq(0)
@@ -94,7 +94,7 @@ describe Arachni::Trainer do
                 expect(@framework.pages.size).to eq(0)
             end
         end
-        describe true do
+        describe 'true' do
             it 'passes the response to the Trainer' do
                 expect(@framework.pages.size).to eq(0)
@@ -213,6 +213,50 @@ describe Arachni::Trainer do
             end
         end
+        context 'when the response has already been seen' do
+            before do
+                @trainer.page = @page
+                r = request( @url )
+                expect(@trainer).to receive(:analyze).with(r)
+                expect(@trainer.push( r )).to be_truthy
+            end
+            it 'returns nil' do
+                r = request( @url )
+                expect(@trainer).to_not receive(:analyze)
+                expect(@trainer.push( r )).to be_nil
+            end
+            context 'but URL param names are different' do
+                it 'returns true' do
+                    r = request( "#{@url}/?stuff=1" )
+                    expect(@trainer).to receive(:analyze).with(r)
+                    expect(@trainer.push( r )).to be_truthy
+                end
+            end
+            context 'but cookie names are different' do
+                it 'returns true' do
+                    r = request( @url )
+                    r.headers['set-cookie'] = 'name=val'
+                    expect(@trainer).to receive(:analyze).with(r)
+                    expect(@trainer.push( r )).to be_truthy
+                end
+            end
+            context 'but the body is different' do
+                it 'returns true' do
+                    r = request( @url )
+                    r.body = '1'
+                    expect(@trainer).to receive(:analyze).with(r)
+                    expect(@trainer.push( r )).to be_truthy
+                end
+            end
+        end
         context 'when the resource is out-of-scope' do
             it 'returns false' do
                 @trainer.page = @page
@@ -309,7 +353,7 @@ describe Arachni::Trainer do
             let(:subject) { TrainerMockFramework.new.trainer }
-            context true do
+            context 'true' do
                 before { allow_any_instance_of(TrainerMockFramework).to receive(:accepts_more_pages?){ true } }
                 it 'processes pages' do
@@ -322,7 +366,7 @@ describe Arachni::Trainer do
                 end
             end
-            context false do
+            context 'false' do
                 before { allow_any_instance_of(TrainerMockFramework).to receive(:accepts_more_pages?){ false } }
                 it 'does not process the page' do

data/spec/arachni/uri/scope_spec.rb CHANGED

@@ -199,6 +199,50 @@ describe Arachni::URI::Scope do
                 expect(subject.exclude?).to be_falsey
             end
         end
+        context 'when #exclude_file_extension?' do
+            context 'is true' do
+                before do
+                    expect(subject).to receive(:exclude_file_extension?).and_return( true )
+                end
+                it 'returns true' do
+                    expect(subject.exclude?).to be_truthy
+                end
+            end
+        end
+        context 'when #exclude_file_extension?' do
+            context 'is false' do
+                before do
+                    expect(subject).to receive(:exclude_file_extension?).and_return( false )
+                end
+                it 'returns false' do
+                    expect(subject.exclude?).to be_falsey
+                end
+            end
+        end
+    end
+    describe '#exclude_file_extension?' do
+        subject { Arachni::URI.parse( 'http://test.com/exclude.gif' ).scope }
+        context 'when self matches the provided exclude rules' do
+            it 'returns true' do
+                scope.exclude_file_extensions = [ 'gif' ]
+                expect(subject.exclude?).to be_truthy
+            end
+        end
+        context 'when self does not match the provided exclude rules' do
+            it 'returns false' do
+                scope.exclude_file_extensions = [ 'gi' ]
+                expect(subject.exclude?).to be_falsey
+            end
+        end
     end
     describe '#include?' do
@@ -231,7 +275,7 @@ describe Arachni::URI::Scope do
         let(:without_subdomain) { Arachni::URI.parse( url_without_subdomain ).scope }
         context "when #{Arachni::OptionGroups::Scope}#include_subdomains is" do
-            context true do
+            context 'true' do
                 before :each do
                     scope.include_subdomains = true
                 end
@@ -281,7 +325,7 @@ describe Arachni::URI::Scope do
                 end
             end
-            context false do
+            context 'false' do
                 before :each do
                     scope.include_subdomains = false
                 end
@@ -347,14 +391,14 @@ describe Arachni::URI::Scope do
                 context 'and the checked URL uses' do
                     context 'HTTPS' do
                         context 'and Options#scope_https_only is' do
-                            context true do
+                            context 'true' do
                                 it 'returns true' do
                                     scope.https_only = true
                                     expect(https.follow_protocol?).to be_truthy
                                 end
                             end
-                            context false do
+                            context 'false' do
                                 it 'returns true' do
                                     scope.https_only = false
                                     expect(https.follow_protocol?).to be_truthy
@@ -365,14 +409,14 @@ describe Arachni::URI::Scope do
                     context 'HTTP' do
                         context 'and Options#scope_https_only is' do
-                            context true do
+                            context 'true' do
                                 it 'returns false' do
                                     scope.https_only = true
                                     expect(http.follow_protocol?).to be_falsey
                                 end
                             end
-                            context false do
+                            context 'false' do
                                 it 'returns true' do
                                     scope.https_only = false
                                     expect(http.follow_protocol?).to be_truthy
@@ -391,14 +435,14 @@ describe Arachni::URI::Scope do
                 context 'and the checked URL uses' do
                     context 'HTTPS' do
                         context 'and Options#scope_https_only is' do
-                            context true do
+                            context 'true' do
                                 it 'returns true' do
                                     scope.https_only = true
                                     expect(https.follow_protocol?).to be_truthy
                                 end
                             end
-                            context false do
+                            context 'false' do
                                 it 'returns true' do
                                     scope.https_only = false
                                     expect(https.follow_protocol?).to be_truthy
@@ -408,14 +452,14 @@ describe Arachni::URI::Scope do
                     end
                     context 'HTTP' do
                         context 'and Options#scope_https_only is' do
-                            context true do
+                            context 'true' do
                                 it 'returns true' do
                                     scope.https_only = true
                                     expect(http.follow_protocol?).to be_truthy
                                 end
                             end
-                            context false do
+                            context 'false' do
                                 it 'returns true' do
                                     scope.https_only = false
                                     expect(http.follow_protocol?).to be_truthy

data/spec/arachni/uri_spec.rb CHANGED

@@ -35,7 +35,8 @@ describe Arachni::URI do
             'http://testfire.net/bank/queryxpath.aspx?__EVENTVALIDATION=%2FwEWAwLNx%2B2YBwKw59eKCgKcjoPABw%3D%3D&__VIEWSTATE=%2FwEPDwUKMTEzMDczNTAxOWRk&_ctl0%3A_ctl0%3AContent%3AMain%3AButton1=Query&_ctl0%3A_ctl0%3AContent%3AMain%3ATextBox1=Enter+title+%28e.g.+IBM%29%27%3Becho+287630581954%2B4196403186331128%3B%23',
             'http://192.168.0.232/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000%23%5E%28%24%21%40%24%29%28%28%29%29%29%2A%2A%2A%2A%2A%2A&_arachni_trainer_c987fdb6d3955bd60191449bc465bb5ca760f60661fa4bcdf28736ae04aa2a1e=c987fdb6d3955bd60191449bc465bb5ca760f60661fa4bcdf28736ae04aa2a1e',
             'http://foo.com/user/login?user%5Bname%5D=bar&user%5Bpass%5D=asdasd%26asdihbasd',
-            'http://stuff.host.fdfd/web/seguros/auto;jsessionid=6CB5A6A4597FFFA80C4D23B235072588.000?test=tet'
+            'http://stuff.host.fdfd/web/seguros/auto;jsessionid=6CB5A6A4597FFFA80C4D23B235072588.000?test=tet',
+            'http://127.0.0.2:51453/link-template/append/input/default%23%5E($!@$)(()))******/stuff'
         ]
         @normalized = {
@@ -84,7 +85,9 @@ describe Arachni::URI do
            "http://foo.com/user/login?user%5Bname%5D=bar&user%5Bpass%5D=asdasd%26asdihbasd"=>
                "http://foo.com/user/login?user%5Bname%5D=bar&user%5Bpass%5D=asdasd%26asdihbasd",
            "http://stuff.host.fdfd/web/seguros/auto;jsessionid=6CB5A6A4597FFFA80C4D23B235072588.000?test=tet"=>
-               "http://stuff.host.fdfd/web/seguros/auto?test=tet"
+               "http://stuff.host.fdfd/web/seguros/auto?test=tet",
+            'http://127.0.0.2:51453/link-template/append/input/default%23%5E($!@$)(()))******/stuff' =>
+                'http://127.0.0.2:51453/link-template/append/input/default%23%5E($!@$)(()))******/stuff'
         }
         @ref_normalizer = proc do |p|
@@ -208,28 +211,6 @@ describe Arachni::URI do
         end
     end
-    describe '.ruby_parse' do
-        it 'cleans the URL' do
-            @urls.each do |url|
-                expect(described_class.ruby_parse( url ).to_s).to eq(@ref_normalizer.call( url ))
-            end
-        end
-        it 'ignores javascript: URLs' do
-            expect(described_class.ruby_parse( 'javascript:stuff()' )).to be_nil
-            expect(described_class.ruby_parse( 'jAvaScRipT:stuff()' )).to be_nil
-        end
-        context 'when an error occurs' do
-            it 'returns nil' do
-                allow(described_class).to receive(:fast_parse){ raise }
-                allow(described_class).to receive(:normalize){ raise }
-                expect(described_class.ruby_parse( 'http://test.com/222' )).to be_nil
-            end
-        end
-    end
     describe '.fast_parse' do
         it 'parses a URI and return its components as a hash' do
             scheme   = 'http'
@@ -268,19 +249,59 @@ describe Arachni::URI do
         it 'ignores javascript: URLs' do
             expect(described_class.fast_parse( 'javascript:stuff()' )).to be_nil
         end
+        it 'ignores fragment-only URLs' do
+            expect(described_class.fast_parse( '#/stuff/here?blah=1' )).to be_nil
+        end
     end
     describe '.to_absolute' do
+        let(:reference) do
+            'http://test.com/blah/ha?name=val#/!/stuff/?fname=fval'
+        end
+        let(:sanitized_reference) do
+            'http://test.com/blah/ha?name=val'
+        end
         it 'converts a relative path to absolute using the reference URL' do
-            abs  = 'http://test.com/blah/ha'
+            abs  = reference
+            expect(described_class.to_absolute( '', abs )).to eq('http://test.com/blah/ha?name=val')
             rel  = '/test'
+            expect(described_class.to_absolute( rel, abs )).to eq('http://test.com/test')
+            rel  = '/test?name2=val2'
+            expect(described_class.to_absolute( rel, abs )).to eq('http://test.com/test?name2=val2')
+            rel  = '?name2=val2'
+            expect(described_class.to_absolute( rel, abs )).to eq('http://test.com/blah/ha?name2=val2')
             rel2 = 'test2'
-            expect(described_class.to_absolute( rel, abs )).to eq("http://test.com" + rel)
-            expect(described_class.to_absolute( rel2, abs )).to eq("http://test.com/blah/" + rel2)
-            expect(described_class.to_absolute( rel2, abs + '/' )).to eq("http://test.com/blah/ha/" + rel2)
+            expect(described_class.to_absolute( rel2, abs )).to eq('http://test.com/blah/test2')
+            abs  = 'http://test.com/blah/ha/?name=val#/!/stuff/?fname=fval'
+            expect(described_class.to_absolute( rel2, abs )).to eq('http://test.com/blah/ha/test2')
             rel = '//domain-name.com/stuff'
-            expect(described_class.to_absolute( rel, abs )).to eq("http:" + rel)
+            expect(described_class.to_absolute( rel, abs )).to eq('http://domain-name.com/stuff')
+            rel = '//domain-name.com'
+            expect(described_class.to_absolute( rel, abs )).to eq('http://domain-name.com/')
+        end
+        context 'when the URL starts with javascript:' do
+            it 'returns the sanitized reference URL' do
+                rel = 'javascript:stuff()'
+                expect(described_class.to_absolute( rel, reference )).to eq(sanitized_reference)
+            end
+        end
+        context 'when the URL only has fragment data' do
+            it 'returns the sanitized reference URL' do
+                rel = '#/stuff/here?blah=1'
+                expect(described_class.to_absolute( rel, reference )).to eq(sanitized_reference)
+            end
         end
     end
@@ -315,74 +336,68 @@ describe Arachni::URI do
     end
     describe '#initialize' do
-        context String do
-            it 'normalizes and parse the string' do
-                @urls.each do |url|
-                    uri = described_class.new( url )
-                    expect(uri.is_a?( Arachni::URI )).to be_truthy
-                    expect(uri.to_s).to eq(@ref_normalizer.call( url ))
-                end
+        it 'normalizes and parses the string' do
+            @urls.each do |url|
+                uri = described_class.new( url )
+                expect(uri.is_a?( Arachni::URI )).to be_truthy
+                expect(uri.to_s).to eq(@ref_normalizer.call( url ))
             end
         end
+    end
-        context Hash do
-            it 'normalizes and construct a URI from a Hash of components' do
-                @urls.each do |url|
-                    uri = described_class.new( described_class.fast_parse( url ) )
-                    expect(uri.is_a?( Arachni::URI )).to be_truthy
-                    expect(uri.to_s).to eq(@ref_normalizer.call( url ))
-                end
+    describe '#==' do
+        it 'converts both objects to strings and compare them' do
+            @urls.each do |url|
+                normalized_str = described_class.normalize( url )
+                a_uri = described_class.new( url )
+                expect(a_uri.is_a?( Arachni::URI )).to be_truthy
+                expect(a_uri).to eq(normalized_str)
+                expect(a_uri).to eq(a_uri)
             end
         end
+    end
-        context URI do
-            it 'normalizes and construct a URI from a Hash of components' do
-                @urls.each do |url|
-                    uri = ::URI.parse( described_class.normalize( url ) )
-                    expect(uri.is_a?( ::URI )).to be_truthy
+    describe '#seed_in_host?' do
+        let(:parsed) { described_class.new( url ) }
-                    a_uri = described_class.new( url )
-                    expect(a_uri.is_a?( Arachni::URI )).to be_truthy
-                    expect(a_uri.to_s).to eq(@ref_normalizer.call( url ))
-                end
+        context 'when the seed is in the domain' do
+            let(:url) { "http://www.#{Arachni::Utilities.random_seed}.com/stuff" }
+            it 'returns true' do
+                expect(parsed.seed_in_host?).to be_truthy
             end
         end
-        context Arachni::URI do
-            it 'normalizes and construct a URI from a Hash of components' do
-                @urls.each do |url|
-                    uri = described_class.new( url )
-                    a_uri = described_class.new( uri )
-                    expect(a_uri.is_a?( Arachni::URI )).to be_truthy
-                    expect(a_uri).to eq(uri)
-                end
+        context 'when the seed is in the subdomain' do
+            let(:url) { "http://#{Arachni::Utilities.random_seed}.test.com" }
+            it 'returns true' do
+                expect(parsed.seed_in_host?).to be_truthy
             end
         end
-        context 'else' do
-            it 'raises a ArgumentError' do
-                expect { described_class.new( [] ) }.to raise_error ArgumentError
+        context 'when the seed is in the TLD' do
+            let(:url) { "http://test.#{Arachni::Utilities.random_seed}" }
+            it 'returns true' do
+                expect(parsed.seed_in_host?).to be_truthy
             end
         end
-    end
-    describe '#==' do
-        it 'converts both objects to strings and compare them' do
-            @urls.each do |url|
-                normalized_str = described_class.normalize( url )
-                uri = ::URI.parse( normalized_str )
-                expect(uri.is_a?( ::URI )).to be_truthy
+        context 'when the seed is not in the host' do
+            let(:url) { "http://test.com" }
-                a_uri = described_class.new( url )
-                expect(a_uri.is_a?( Arachni::URI )).to be_truthy
-                expect(a_uri).to eq(uri)
-                expect(a_uri).to eq(normalized_str)
-                expect(a_uri).to eq(a_uri)
+            it 'returns false' do
+                expect(parsed.seed_in_host?).to be_falsey
             end
         end
     end
+    describe '#relative?'
+    describe '#absolute?'
     describe '#query=' do
         subject { described_class.new( 'http://test.com/?my=val' ) }
@@ -463,6 +478,25 @@ describe Arachni::URI do
         end
     end
+    describe '#up_to_port' do
+        it 'returns the URL up to its port' do
+            url = 'http://test.com/path/goes/here.php?query=goes&here=.!#frag'
+            expect(described_class.parse( url ).up_to_port).to eq('http://test.com')
+            url = 'http://test.com:80/path/goes/here/?query=goes&here=.!#frag'
+            expect(described_class.parse( url ).up_to_port).to eq('http://test.com')
+            url = 'http://test.com:23/path/goes/here?query=goes&here=.!#frag'
+            expect(described_class.parse( url ).up_to_port).to eq('http://test.com:23')
+            url = 'https://test.com:443/'
+            expect(described_class.parse( url ).up_to_port).to eq('https://test.com')
+            url = 'https://test.com:54/'
+            expect(described_class.parse( url ).up_to_port).to eq('https://test.com:54')
+        end
+    end
     describe '#domain' do
         it 'removes the deepest subdomain from the host' do
             url = 'http://test.com/'
@@ -568,19 +602,6 @@ describe Arachni::URI do
         end
     end
-    describe '#mailto?' do
-        context 'when the URI has a mailto scheme' do
-            it 'returns true' do
-                expect(described_class.new( 'mailto:stuff@blah.com' ).mailto?).to be_truthy
-            end
-        end
-        context 'when the URI does not have a mailto scheme' do
-            it 'returns false' do
-                expect(described_class.new( 'blah.com' ).mailto?).to be_falsey
-            end
-        end
-    end
     describe '#hash' do
         it 'returns a hash uniquely identifying the URI' do
             uri = described_class.new( 'http://stuff/' )