RubyGems - arachni - Versions diffs - 1.4 → 1.5 - Mend

arachni 1.4 → 1.5

Files changed (746) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +136 -0
data/Gemfile +3 -1
data/LICENSE.md +1 -1
data/README.md +5 -2
data/Rakefile +1 -1
data/arachni.gemspec +35 -30
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +6 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +12 -0
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +6 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +6 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +15 -75
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +1 -1
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +3 -3
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/substrings/java +4 -0
data/components/checks/active/sql_injection/substrings/oracle +0 -1
data/components/checks/active/sql_injection/substrings/sqlite +1 -0
data/components/checks/active/sql_injection_differential.rb +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +34 -11
data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +52 -27
data/components/checks/active/xss_dom.rb +15 -11
data/components/checks/active/xss_dom_script_context.rb +4 -6
data/components/checks/active/xss_event.rb +45 -33
data/components/checks/active/xss_path.rb +9 -6
data/components/checks/active/xss_script_context.rb +99 -46
data/components/checks/active/xss_tag.rb +39 -14
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +15 -3
data/components/checks/passive/backup_files.rb +39 -6
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +8 -9
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +3 -5
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +5 -5
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +4 -4
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
data/components/checks/passive/grep/x_frame_options.rb +1 -1
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +10 -12
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +3 -5
data/components/path_extractors/areas.rb +3 -4
data/components/path_extractors/comments.rb +4 -5
data/components/path_extractors/data_url.rb +4 -5
data/components/path_extractors/forms.rb +3 -4
data/components/path_extractors/frames.rb +3 -5
data/components/path_extractors/generic.rb +3 -1
data/components/path_extractors/links.rb +3 -4
data/components/path_extractors/meta_refresh.rb +11 -17
data/components/path_extractors/scripts.rb +18 -15
data/components/plugins/autologin.rb +3 -2
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +3 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +26 -9
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +3 -4
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +4 -5
data/components/plugins/login_script.rb +2 -2
data/components/plugins/metrics.rb +41 -15
data/components/plugins/page_dump.rb +60 -0
data/components/plugins/proxy.rb +42 -30
data/components/plugins/proxy/template_scope.rb +6 -1
data/components/plugins/rate_limiter.rb +80 -0
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +3 -3
data/components/plugins/webhook_notify.rb +99 -0
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -3
data/components/reporters/html/default.erb +1 -2
data/components/reporters/html/default/configuration.erb +2 -0
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +3 -2
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +39 -22
data/components/reporters/xml/schema.xsd +28 -13
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +1 -1
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +242 -231
data/lib/arachni/browser/element_locator.rb +9 -5
data/lib/arachni/browser/javascript.rb +103 -168
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +295 -51
data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -8
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +78 -60
data/lib/arachni/browser_cluster/job.rb +9 -2
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +109 -84
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +137 -93
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +3 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +8 -2
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +2 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
data/lib/arachni/element/capabilities/analyzable/signature.rb +39 -17
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/auditable.rb +2 -8
data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +3 -3
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +2 -2
data/lib/arachni/element/cookie.rb +49 -24
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
data/lib/arachni/element/form.rb +21 -32
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +3 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +4 -8
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +11 -30
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +10 -19
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -2
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +11 -11
data/lib/arachni/element/ui_form.rb +5 -6
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +4 -6
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/xml.rb +3 -7
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +6 -1
data/lib/arachni/framework/parts/browser.rb +14 -14
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +2 -2
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +32 -7
data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
data/lib/arachni/http/cookie_jar.rb +13 -8
data/lib/arachni/http/headers.rb +11 -5
data/lib/arachni/http/message.rb +9 -8
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +44 -11
data/lib/arachni/http/proxy_server/connection.rb +113 -80
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +2 -1
data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
data/lib/arachni/http/request.rb +236 -44
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +71 -8
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +42 -14
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +1 -1
data/lib/arachni/option_groups/browser_cluster.rb +6 -2
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +35 -6
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +1 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +13 -1
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +23 -4
data/lib/arachni/page.rb +8 -6
data/lib/arachni/page/dom.rb +46 -54
data/lib/arachni/page/dom/transition.rb +5 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +157 -77
data/lib/arachni/parser/document.rb +34 -0
data/lib/arachni/parser/extractors/base.rb +48 -0
data/lib/arachni/parser/nodes/base.rb +22 -0
data/lib/arachni/parser/nodes/comment.rb +32 -0
data/lib/arachni/parser/nodes/element.rb +48 -0
data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
data/lib/arachni/parser/nodes/text.rb +32 -0
data/lib/arachni/parser/nodes/with_value.rb +29 -0
data/lib/arachni/parser/sax.rb +75 -0
data/lib/arachni/parser/with_children.rb +35 -0
data/lib/arachni/parser/with_children/search.rb +92 -0
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +2 -2
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +8 -5
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/browser.rb +0 -2
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +10 -5
data/lib/arachni/report.rb +8 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +7 -1
data/lib/arachni/rest/server/instance_helpers.rb +1 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +9 -5
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/element.rb +4 -4
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +69 -0
data/lib/arachni/session.rb +32 -13
data/lib/arachni/snapshot.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +2 -2
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +1 -1
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +52 -13
data/lib/arachni/support/signature.rb +18 -6
data/lib/arachni/trainer.rb +55 -39
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri.rb +132 -103
data/lib/arachni/uri/scope.rb +15 -13
data/lib/arachni/utilities.rb +10 -10
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/logs/error-11897.log +2006 -0
data/logs/error-3855.log +382 -0
data/spec/arachni/browser/element_locator_spec.rb +42 -18
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +214 -63
data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -121
data/spec/arachni/browser/javascript_spec.rb +92 -51
data/spec/arachni/browser_cluster/job_spec.rb +23 -8
data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
data/spec/arachni/browser_cluster/worker_spec.rb +31 -57
data/spec/arachni/browser_cluster_spec.rb +124 -43
data/spec/arachni/browser_spec.rb +352 -312
data/spec/arachni/check/auditor_spec.rb +118 -33
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
data/spec/arachni/element/cookie/dom_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +158 -63
data/spec/arachni/element/form/dom_spec.rb +1 -1
data/spec/arachni/element/form_spec.rb +101 -54
data/spec/arachni/element/header_spec.rb +3 -1
data/spec/arachni/element/json_spec.rb +2 -0
data/spec/arachni/element/link/dom_spec.rb +2 -2
data/spec/arachni/element/link_spec.rb +46 -15
data/spec/arachni/element/link_template/dom_spec.rb +1 -1
data/spec/arachni/element/link_template_spec.rb +36 -12
data/spec/arachni/element/server_spec.rb +22 -5
data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
data/spec/arachni/element/xml_spec.rb +5 -3
data/spec/arachni/framework/parts/audit_spec.rb +2 -14
data/spec/arachni/framework/parts/data_spec.rb +0 -6
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
data/spec/arachni/http/client_spec.rb +82 -10
data/spec/arachni/http/headers_spec.rb +59 -12
data/spec/arachni/http/proxy_server_spec.rb +56 -25
data/spec/arachni/http/request_spec.rb +379 -33
data/spec/arachni/http/response_spec.rb +135 -7
data/spec/arachni/issue_spec.rb +20 -1
data/spec/arachni/option_groups/http_spec.rb +15 -0
data/spec/arachni/option_groups/scope_spec.rb +26 -1
data/spec/arachni/options_spec.rb +8 -1
data/spec/arachni/page/dom_spec.rb +20 -6
data/spec/arachni/page_spec.rb +5 -5
data/spec/arachni/parser/document_spec.rb +49 -0
data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
data/spec/arachni/parser/nodes/element_spec.rb +18 -0
data/spec/arachni/parser/nodes/text_spec.rb +24 -0
data/spec/arachni/parser/sax_spec.rb +88 -0
data/spec/arachni/parser/with_children/search_spec.rb +146 -0
data/spec/arachni/parser/with_children_spec.rb +37 -0
data/spec/arachni/parser_spec.rb +166 -26
data/spec/arachni/report_spec.rb +9 -2
data/spec/arachni/rest/server_spec.rb +52 -6
data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
data/spec/arachni/ruby/string_spec.rb +6 -0
data/spec/arachni/session_spec.rb +69 -8
data/spec/arachni/support/signature_spec.rb +58 -0
data/spec/arachni/trainer_spec.rb +102 -21
data/spec/arachni/uri_spec.rb +11 -8
data/spec/arachni/utilities_spec.rb +3 -3
data/spec/components/checks/active/csrf_spec.rb +1 -21
data/spec/components/checks/active/path_traversal_spec.rb +12 -12
data/spec/components/checks/active/sql_injection_spec.rb +10 -1
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -5
data/spec/components/checks/active/xss_dom_spec.rb +2 -2
data/spec/components/checks/active/xss_event_spec.rb +8 -2
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +3 -3
data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
data/spec/components/checks/passive/backup_files_spec.rb +8 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +3 -1
data/spec/components/path_extractors/data_url_spec.rb +6 -2
data/spec/components/path_extractors/links_spec.rb +1 -1
data/spec/components/plugins/autologin_spec.rb +2 -2
data/spec/components/plugins/webhook_notify_spec.rb +69 -0
data/spec/spec_helper.rb +1 -1
data/spec/support/factories/page/dom.rb +6 -0
data/spec/support/factories/scan_report.rb +1 -0
data/spec/support/factories/vector.rb +7 -3
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +2 -2
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +4 -2
data/spec/support/logs/Dispatcher - 1024-31864.log +10 -0
data/spec/support/logs/Dispatcher - 1047-41465.log +10 -0
data/spec/support/logs/Dispatcher - 1274-60799.log +64 -0
data/spec/support/logs/Dispatcher - 1295-1058.log +44 -0
data/spec/support/logs/Dispatcher - 1313-27076.log +40 -0
data/spec/support/logs/Dispatcher - 1332-17127.log +35 -0
data/spec/support/logs/Dispatcher - 1350-7351.log +29 -0
data/spec/support/logs/Dispatcher - 1368-38528.log +22 -0
data/spec/support/logs/Dispatcher - 1386-17419.log +14 -0
data/spec/support/logs/Dispatcher - 31030-26156.log +10 -0
data/spec/support/logs/Dispatcher - 321-27189.log +12 -0
data/spec/support/logs/Dispatcher - 32353-50061.log +20 -0
data/spec/support/logs/Dispatcher - 32450-61574.log +10 -0
data/spec/support/logs/Dispatcher - 32470-53874.log +20 -0
data/spec/support/logs/Dispatcher - 32491-10523.log +18 -0
data/spec/support/logs/Dispatcher - 32509-8583.log +14 -0
data/spec/support/logs/Dispatcher - 32536-21209.log +10 -0
data/spec/support/logs/Dispatcher - 32556-53881.log +10 -0
data/spec/support/logs/Dispatcher - 32579-49083.log +50 -0
data/spec/support/logs/Dispatcher - 32761-20025.log +12 -0
data/spec/support/logs/Dispatcher - 347-17512.log +12 -0
data/spec/support/logs/Dispatcher - 3489-43230.log +24 -0
data/spec/support/logs/Dispatcher - 3524-57459.log +26 -0
data/spec/support/logs/Dispatcher - 3559-21544.log +20 -0
data/spec/support/logs/Dispatcher - 3764-33844.log +25 -0
data/spec/support/logs/Dispatcher - 3798-45350.log +26 -0
data/spec/support/logs/Dispatcher - 382-15725.log +12 -0
data/spec/support/logs/Dispatcher - 3836-6205.log +21 -0
data/spec/support/logs/Dispatcher - 4112-45433.log +22 -0
data/spec/support/logs/Dispatcher - 4148-53510.log +26 -0
data/spec/support/logs/Dispatcher - 415-29873.log +14 -0
data/spec/support/logs/Dispatcher - 4185-29736.log +18 -0
data/spec/support/logs/Dispatcher - 4268-60912.log +25 -0
data/spec/support/logs/Dispatcher - 4303-39372.log +26 -0
data/spec/support/logs/Dispatcher - 4342-42190.log +21 -0
data/spec/support/logs/Dispatcher - 463-55220.log +26 -0
data/spec/support/logs/Dispatcher - 4649-12104.log +22 -0
data/spec/support/logs/Dispatcher - 4683-32355.log +26 -0
data/spec/support/logs/Dispatcher - 4724-41636.log +18 -0
data/spec/support/logs/Dispatcher - 4881-57692.log +22 -0
data/spec/support/logs/Dispatcher - 4961-64665.log +26 -0
data/spec/support/logs/Dispatcher - 502-8742.log +25 -0
data/spec/support/logs/Dispatcher - 5052-61726.log +18 -0
data/spec/support/logs/Dispatcher - 536-15972.log +22 -0
data/spec/support/logs/Dispatcher - 620-2220.log +20 -0
data/spec/support/logs/Dispatcher - 638-17826.log +18 -0
data/spec/support/logs/Dispatcher - 656-23967.log +16 -0
data/spec/support/logs/Dispatcher - 700-15701.log +12 -0
data/spec/support/logs/Dispatcher - 726-6080.log +10 -0
data/spec/support/logs/Dispatcher - 749-56590.log +18 -0
data/spec/support/logs/Dispatcher - 807-19073.log +18 -0
data/spec/support/logs/Dispatcher - 871-8764.log +10 -0
data/spec/support/logs/Dispatcher - 898-21496.log +12 -0
data/spec/support/logs/Dispatcher - 933-64070.log +12 -0
data/spec/support/logs/Instance - 1577-32284.error.log +151 -0
data/spec/support/logs/Instance - 1625-58174.error.log +154 -0
data/spec/support/logs/Instance - 2727-57968.error.log +151 -0
data/spec/support/logs/Instance - 2898-20648.error.log +303 -0
data/spec/support/logs/Instance - 2901-30845.error.log +429 -0
data/spec/support/logs/Instance - 31185-37600.error.log +174 -0
data/spec/support/logs/Instance - 3319-20111.error.log +175 -0
data/spec/support/logs/error-3855.log +5132 -0
data/spec/support/servers/arachni/browser.rb +275 -4
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
data/spec/support/servers/arachni/check/auditor.rb +8 -0
data/spec/support/servers/arachni/element/cookie.rb +34 -0
data/spec/support/servers/arachni/element/form.rb +34 -0
data/spec/support/servers/arachni/element/header.rb +36 -1
data/spec/support/servers/arachni/element/json.rb +33 -0
data/spec/support/servers/arachni/element/link.rb +33 -1
data/spec/support/servers/arachni/element/link_template.rb +37 -5
data/spec/support/servers/arachni/element/xml.rb +33 -0
data/spec/support/servers/arachni/http/client.rb +43 -4
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
data/spec/support/servers/arachni/session.rb +24 -1
data/spec/support/servers/checks/active/csrf.rb +0 -76
data/spec/support/servers/checks/active/sql_injection/java +2 -0
data/spec/support/servers/checks/active/unvalidated_redirect.rb +81 -0
data/spec/support/servers/checks/active/xss_event.rb +1 -1
data/spec/support/servers/checks/passive/backup_files.rb +20 -1
data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
data/spec/support/servers/plugins/autologin.rb +17 -1
data/spec/support/servers/plugins/webhook_notify.rb +9 -0
data/spec/support/shared/element/capabilities/auditable.rb +26 -32
data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
data/spec/support/shared/element/capabilities/with_node.rb +2 -2
data/spec/support/shared/element/dom/submittable.rb +10 -10
data/spec/support/shared/path_extractor.rb +17 -5
data/ui/cli/framework.rb +24 -4
data/ui/cli/framework/option_parser.rb +35 -6
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +10 -3
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reproduce.rb +228 -0
data/ui/cli/reproduce/option_parser.rb +90 -0
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +253 -49
data/ACKNOWLEDGMENTS.md +0 -21
data/AUTHORS.md +0 -3
data/CONTRIBUTORS.md +0 -22

data/spec/arachni/browser_cluster_spec.rb CHANGED

@@ -3,9 +3,11 @@ require 'spec_helper'
 describe Arachni::BrowserCluster do
     let(:url) { Arachni::Utilities.normalize_url( web_server_url_for( :browser ) ) }
+    let(:args) { [] }
     let(:job) do
         Arachni::BrowserCluster::Jobs::DOMExploration.new(
-            resource: Arachni::HTTP::Client.get( url + 'explore', mode: :sync )
+            resource: Arachni::HTTP::Client.get( url + 'explore', mode: :sync ),
+            args:     args
         )
     end
     let(:custom_job) { Factory[:custom_job] }
@@ -56,7 +58,7 @@ describe Arachni::BrowserCluster do
                 cj = nil
                 @cluster = described_class.new(
                     on_pop: proc do |j|
-                        cj = j
+                        cj ||= j
                     end
                 )
@@ -72,7 +74,7 @@ describe Arachni::BrowserCluster do
                 cj = nil
                 @cluster = described_class.new(
                     on_queue: proc do |j|
-                        cj = j
+                        cj ||= j
                     end
                 )
@@ -88,7 +90,7 @@ describe Arachni::BrowserCluster do
                 cj = nil
                 @cluster = described_class.new(
                     on_job_done: proc do |j|
-                        cj = j
+                        cj ||= j
                     end
                 )
@@ -137,6 +139,27 @@ describe Arachni::BrowserCluster do
             expect(worker).to be_kind_of described_class::Worker
         end
+        context 'when arguments have been provided' do
+            it 'passes them to the callback' do
+                worker = nil
+                @cluster = described_class.new
+                aa, bb, cc = nil
+                @cluster.with_browser 1, 2, 3 do |browser, a, b, c|
+                    worker = browser
+                    aa = a
+                    bb = b
+                    cc = c
+                end
+                @cluster.wait
+                expect(aa).to eq 1
+                expect(bb).to eq 2
+                expect(cc).to eq 3
+                expect(worker).to be_kind_of described_class::Worker
+            end
+        end
     end
     describe '#javascript_token' do
@@ -179,7 +202,19 @@ describe Arachni::BrowserCluster do
             @cluster = described_class.new
             @cluster.queue( job ) do |result|
-                expect(result.job.id).to eq(job.id)
+                pages << result.page
+            end
+            @cluster.wait
+            browser_explore_check_pages pages
+        end
+        it 'passes self to the callback' do
+            pages = []
+            @cluster = described_class.new
+            @cluster.queue( job ) do |result, cluster|
+                expect(cluster).to eq(@cluster)
                 pages << result.page
             end
             @cluster.wait
@@ -208,6 +243,42 @@ describe Arachni::BrowserCluster do
             expect(result.job.id).to eq(custom_job.id)
         end
+        context 'when a callback argument is given' do
+            it 'sets it as a callback' do
+                pages = []
+                @cluster = described_class.new
+                m = proc do |result, cluster|
+                    expect(cluster).to eq(@cluster)
+                    pages << result.page
+                end
+                @cluster.queue( job, m )
+                @cluster.wait
+                browser_explore_check_pages pages
+            end
+        end
+        context 'when Job#args have been set' do
+            let(:args) { [1, 2] }
+            it 'passes them to the callback' do
+                pages = []
+                @cluster = described_class.new
+                @cluster.queue( job ) do |result, a, b|
+                    expect(a).to eq args[0]
+                    expect(b).to eq args[1]
+                    pages << result.page
+                end
+                @cluster.wait
+                browser_explore_check_pages pages
+            end
+        end
         context 'when no callback has been provided' do
             it 'raises ArgumentError' do
                 @cluster = described_class.new
@@ -262,6 +333,20 @@ describe Arachni::BrowserCluster do
             Arachni::Utilities.normalize_url( web_server_url_for( :browser ) ) + 'explore'
         end
+        context 'when a callback argument is given' do
+            it 'sets it as a callback' do
+                pages = []
+                m = proc do |result|
+                    pages << result.page
+                end
+                @cluster.explore( url, {}, m )
+                @cluster.wait
+                browser_explore_check_pages pages
+            end
+        end
         context 'when the resource is a' do
             context 'String' do
                 it 'loads the URL and explores the DOM' do
@@ -314,6 +399,20 @@ describe Arachni::BrowserCluster do
                     "/data_trace/user-defined-global-functions?taint=#{taint}"
             end
+            context 'when a callback argument is given' do
+                it 'sets it as a callback' do
+                    pages = []
+                    m = proc do |result|
+                        pages << result.page
+                    end
+                    @cluster.trace_taint( url, { taint: taint }, m )
+                    @cluster.wait
+                    browser_cluster_job_taint_tracer_data_flow_check_pages  pages
+                end
+            end
             context 'and the resource is a' do
                 context 'String' do
                     it 'loads the URL and traces the taint' do
@@ -465,30 +564,37 @@ describe Arachni::BrowserCluster do
             @cluster.wait
             expect(calls).to be > 1
+            expect(@cluster.job_done?( job )).to eq(true)
+        end
+        it 'gets called after each job is done' do
+            @cluster = described_class.new
-            @cluster.shutdown
+            expect(@cluster).to receive(:job_done).with(job)
+            q = Queue.new
+            @cluster.queue( job ){ q << nil }
+            q.pop
+        end
+        it 'increments the .completed_job_count' do
+            pre = described_class.completed_job_count
-            calls = 0
             @cluster = described_class.new
-            @cluster.queue( job ) do
-                @cluster.job_done( job )
-                calls += 1
-            end
+            @cluster.queue( job ){}
             @cluster.wait
-            expect(calls).to eq(1)
+            expect(described_class.completed_job_count).to be > pre
         end
-        it 'returns true' do
-            return_val = nil
+        it 'adds the job time to the .total_job_time' do
+            pre = described_class.total_job_time
             @cluster = described_class.new
-            @cluster.queue( job ) do
-                return_val = @cluster.job_done( job )
-            end
+            @cluster.queue( job ){}
             @cluster.wait
-            expect(return_val).to eq(true)
+            expect(described_class.total_job_time).to be > pre
         end
     end
@@ -524,14 +630,6 @@ describe Arachni::BrowserCluster do
             end
         end
-        context 'when a job has been marked as done' do
-            it 'returns true' do
-                @cluster = described_class.new
-                @cluster.job_done( job )
-                expect(@cluster.job_done?( job )).to eq(true)
-            end
-        end
         context 'when the job has not been queued' do
             it "raises #{described_class::Error::JobNotFound}" do
                 @cluster = described_class.new
@@ -598,21 +696,4 @@ describe Arachni::BrowserCluster do
         end
     end
-    describe '#sitemap' do
-        it 'returns the sitemap as covered by the browser jobs' do
-            @cluster = described_class.new
-            @cluster.queue( job ) {}
-            @cluster.wait
-            expect(@cluster.sitemap.
-                reject { |k, v| k.start_with? Arachni::Browser::Javascript::SCRIPT_BASE_URL }).
-                to eq({
-                    "#{url}explore"   => 200,
-                    "#{url}post-ajax" => 404,
-                    "#{url}href-ajax" => 200,
-                    "#{url}get-ajax?ajax-token=my-token" => 200
-                })
-        end
-    end
 end

data/spec/arachni/browser_spec.rb CHANGED

@@ -20,7 +20,7 @@ describe Arachni::Browser do
     end
     let(:subject) { @browser }
-    let(:ua) { Arachni::Options.http.user_agent }
+    let(:ua) { described_class::USER_AGENT }
     def transitions_from_array( transitions )
         transitions.map do |t|
@@ -314,7 +314,7 @@ describe Arachni::Browser do
                 time = Time.now
                 subject.wait_for_timers
-                expect(Time.now - time).to be < 0.2
+                expect(Time.now - time).to be < 0.3
             end
         end
     end
@@ -442,13 +442,25 @@ describe Arachni::Browser do
             end
             it 'pushes it to the existing transitions' do
-                transition = { stuff: :here }
-                captured = subject.capture_snapshot( stuff: :here )
+                transition = Arachni::Page::DOM::Transition.new(
+                    :page, :load
+                )
+                captured = subject.capture_snapshot( transition )
                 expect(captured.first.dom.transitions).to include transition
             end
         end
+        context 'when a page has the same transitions but different states' do
+            it 'only captures the first state' do
+                subject.load( "#{@url}/ever-changing-dom", take_snapshot: false )
+                expect(subject.capture_snapshot).to be_any
+                subject.load( "#{@url}/ever-changing-dom", take_snapshot: false )
+                expect(subject.capture_snapshot).to be_empty
+            end
+        end
         context 'when there are multiple windows open' do
             it 'captures snapshots from all windows' do
@@ -588,20 +600,6 @@ describe Arachni::Browser do
             end
         end
-        context 'when a response is cached' do
-            it 'is passed each response' do
-                responses = []
-                @browser.on_response { |response| responses << response }
-                @browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
-                @browser.goto @url
-                response = responses.first
-                expect(response).to be_kind_of Arachni::HTTP::Response
-                expect(response.url).to eq(@url)
-            end
-        end
         context 'when a request is performed by the browser' do
             it 'is passed each response' do
                 responses = []
@@ -655,7 +653,6 @@ describe Arachni::Browser do
                             }
                         } => :click
                     },
-                    { "#{@url}level4" => :request },
                     { "#{@url}level4" => :request }
                 ],
                 [
@@ -693,7 +690,6 @@ describe Arachni::Browser do
                         } => :click
                     },
                     { "#{@url}level4" => :request },
-                    { "#{@url}level4" => :request },
                     {
                         {
                             tag_name: 'div',
@@ -745,7 +741,6 @@ describe Arachni::Browser do
                                 }
                             } => :click
                         },
-                        { "#{@url}level4" => :request },
                         { "#{@url}level4" => :request }
                     ]
                 ].map { |transitions| transitions_from_array( transitions ) })
@@ -781,16 +776,15 @@ describe Arachni::Browser do
             entry = doms[0].execution_flow_sinks[0]
             expect(entry.data).to eq([1])
-            expect(entry.trace.size).to eq(3)
             expect(entry.trace[0].function.name).to eq('onClick')
             expect(entry.trace[0].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
             expect(entry.trace[0].function.arguments).to eq([1, 2])
             expect(entry.trace[1].function.name).to eq('onClick2')
             expect(entry.trace[1].function.source).to start_with 'function onClick2'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
             expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
             expect(entry.trace[2].function.name).to eq('onmouseover')
@@ -805,21 +799,20 @@ describe Arachni::Browser do
             entry = doms[0].execution_flow_sinks[1]
             expect(entry.data).to eq([1])
-            expect(entry.trace.size).to eq(4)
             expect(entry.trace[0].function.name).to eq('onClick3')
             expect(entry.trace[0].function.source).to start_with 'function onClick3'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
             expect(entry.trace[0].function.arguments).to be_empty
             expect(entry.trace[1].function.name).to eq('onClick')
             expect(entry.trace[1].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3'
             expect(entry.trace[1].function.arguments).to eq([1, 2])
             expect(entry.trace[2].function.name).to eq('onClick2')
             expect(entry.trace[2].function.source).to start_with 'function onClick2'
-            expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
+            expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick'
             expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
             expect(entry.trace[3].function.name).to eq('onmouseover')
@@ -850,16 +843,15 @@ describe Arachni::Browser do
             entry = doms[1].execution_flow_sinks[0]
             expect(entry.data).to eq([1])
-            expect(entry.trace.size).to eq(2)
             expect(entry.trace[0].function.name).to eq('onClick')
             expect(entry.trace[0].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
             expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
             expect(entry.trace[1].function.name).to eq('onsubmit')
             expect(entry.trace[1].function.source).to start_with 'function onsubmit'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
             event = entry.trace[1].function.arguments.first
@@ -870,21 +862,20 @@ describe Arachni::Browser do
             entry = doms[1].execution_flow_sinks[1]
             expect(entry.data).to eq([1])
-            expect(entry.trace.size).to eq(3)
             expect(entry.trace[0].function.name).to eq('onClick3')
             expect(entry.trace[0].function.source).to start_with 'function onClick3'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
             expect(entry.trace[0].function.arguments).to be_empty
             expect(entry.trace[1].function.name).to eq('onClick')
             expect(entry.trace[1].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3()'
             expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
             expect(entry.trace[2].function.name).to eq('onsubmit')
             expect(entry.trace[2].function.source).to start_with 'function onsubmit'
-            expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
+            expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick('
             event = entry.trace[2].function.arguments.first
@@ -908,16 +899,15 @@ describe Arachni::Browser do
             entry = doms[0].data_flow_sinks[0]
             expect(entry.function).to eq('blah')
-            expect(entry.trace.size).to eq(3)
             expect(entry.trace[0].function.name).to eq('onClick')
             expect(entry.trace[0].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
             expect(entry.trace[0].function.arguments).to eq([1, 2])
             expect(entry.trace[1].function.name).to eq('onClick2')
             expect(entry.trace[1].function.source).to start_with 'function onClick2'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
             expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
             expect(entry.trace[2].function.name).to eq('onmouseover')
@@ -932,21 +922,20 @@ describe Arachni::Browser do
             entry = doms[0].data_flow_sinks[1]
             expect(entry.function).to eq('blah')
-            expect(entry.trace.size).to eq(4)
             expect(entry.trace[0].function.name).to eq('onClick3')
             expect(entry.trace[0].function.source).to start_with 'function onClick3'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
             expect(entry.trace[0].function.arguments).to be_empty
             expect(entry.trace[1].function.name).to eq('onClick')
             expect(entry.trace[1].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3'
             expect(entry.trace[1].function.arguments).to eq([1, 2])
             expect(entry.trace[2].function.name).to eq('onClick2')
             expect(entry.trace[2].function.source).to start_with 'function onClick2'
-            expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
+            expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick'
             expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
             expect(entry.trace[3].function.name).to eq('onmouseover')
@@ -963,16 +952,15 @@ describe Arachni::Browser do
             entry = doms[1].data_flow_sinks[0]
             expect(entry.function).to eq('blah')
-            expect(entry.trace.size).to eq(2)
             expect(entry.trace[0].function.name).to eq('onClick')
             expect(entry.trace[0].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
             expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
             expect(entry.trace[1].function.name).to eq('onsubmit')
             expect(entry.trace[1].function.source).to start_with 'function onsubmit'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
             event = entry.trace[1].function.arguments.first
@@ -983,21 +971,20 @@ describe Arachni::Browser do
             entry = doms[1].data_flow_sinks[1]
             expect(entry.function).to eq('blah')
-            expect(entry.trace.size).to eq(3)
             expect(entry.trace[0].function.name).to eq('onClick3')
             expect(entry.trace[0].function.source).to start_with 'function onClick3'
-            expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
+            expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
             expect(entry.trace[0].function.arguments).to be_empty
             expect(entry.trace[1].function.name).to eq('onClick')
             expect(entry.trace[1].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
+            expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3()'
             expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
             expect(entry.trace[2].function.name).to eq('onsubmit')
             expect(entry.trace[2].function.source).to start_with 'function onsubmit'
-            expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
+            expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick('
             event = entry.trace[2].function.arguments.first
@@ -1097,8 +1084,6 @@ describe Arachni::Browser do
     describe '#to_page' do
         it "converts the working window to an #{Arachni::Page}" do
-            ua = Arachni::Options.http.user_agent
             @browser.load( @url )
             page = @browser.to_page
@@ -1111,14 +1096,16 @@ describe Arachni::Browser do
         it "assigns the proper #{Arachni::Page::DOM}#digest" do
             @browser.load( @url )
-            expect(@browser.to_page.dom.instance_variable_get(:@digest)).to eq(
-                '<HTML><HEAD><SCRIPT src=http://' <<
-                'javascript.browser.arachni/polyfills.js><SCRIPT src=http://' <<
-                'javascript.browser.arachni/' <<
-                'taint_tracer.js><SCRIPT src=http://javascript.' <<
-                'browser.arachni/dom_monitor.js><SCRIPT><TITLE><BODY><' <<
-                'DIV><SCRIPT type=text/javascript><SCRIPT type=text/javascript>'
-            )
+            expect(@browser.to_page.dom.digest).to eq(32000153)
+            # expect(@browser.to_page.dom.instance_variable_get(:@digest)).to eq(
+            #     '<HTML><HEAD><SCRIPT src=http://' <<
+            #     'javascript.browser.arachni/polyfills.js><SCRIPT src=http://' <<
+            #     'javascript.browser.arachni/' <<
+            #     'taint_tracer.js><SCRIPT src=http://javascript.' <<
+            #     'browser.arachni/dom_monitor.js><SCRIPT><TITLE><BODY><' <<
+            #     'DIV><SCRIPT type=text/javascript><SCRIPT type=text/javascript>'
+            # )
         end
         it "assigns the proper #{Arachni::Page::DOM}#transitions" do
@@ -1140,6 +1127,12 @@ describe Arachni::Browser do
             expect(page.dom.skip_states).to be_subset @browser.skip_states
         end
+        it "assigns the proper #{Arachni::Page::DOM}#cookies" do
+            @browser.load "#{@url}/dom-cookies-names"
+            expect(@browser.to_page.dom.cookies).to eq @browser.cookies
+        end
         it "assigns the proper #{Arachni::Page::DOM} sink data" do
             @browser.load "#{web_server_url_for( :taint_tracer )}/debug" <<
                               "?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}"
@@ -1152,16 +1145,15 @@ describe Arachni::Browser do
             expect(sink_data).to eq([first_entry])
             expect(first_entry.data).to eq([1])
-            expect(first_entry.trace.size).to eq(2)
             expect(first_entry.trace[0].function.name).to eq('onClick')
             expect(first_entry.trace[0].function.source).to start_with 'function onClick'
-            expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
+            expect(@browser.source.split("\n")[first_entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
             expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
             expect(first_entry.trace[1].function.name).to eq('onsubmit')
             expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
-            expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
+            expect(@browser.source.split("\n")[first_entry.trace[1].line - 1]).to include 'onClick('
             expect(first_entry.trace[1].function.arguments.size).to eq(1)
             event = first_entry.trace[1].function.arguments.first
@@ -1252,7 +1244,7 @@ describe Arachni::Browser do
                                     expect(input.action).to eq @browser.url
                                     expect(input.source).to eq '<input oninput="handleOnInput();" id="my-input" name="my-input" value="1">'
-                                    expect(input.method).to eq :oninput
+                                    expect(input.method).to eq :input
                                 end
                             end
@@ -1273,7 +1265,7 @@ describe Arachni::Browser do
                                     expect(input.action).to eq @browser.url
                                     expect(input.source).to eq '<textarea oninput="handleOnInput();" id="my-input" name="my-input">'
-                                    expect(input.method).to eq :oninput
+                                    expect(input.method).to eq :input
                                 end
                             end
@@ -1406,6 +1398,24 @@ describe Arachni::Browser do
                                 end
                             end
                         end
+                        context 'when taints are not exact matches' do
+                            context 'names' do
+                                let(:page) { 'dom-cookies-names-substring' }
+                                it 'does not set #skip_dom' do
+                                    expect(cookies.find { |c| c.name == 'js_cookie3' }.skip_dom).to be_truthy
+                                end
+                            end
+                            context 'values' do
+                                let(:page) { 'dom-cookies-values-substring' }
+                                it 'does not set #skip_dom' do
+                                    expect(cookies.find { |c| c.name == 'js_cookie3' }.skip_dom).to be_truthy
+                                end
+                            end
+                        end
                     end
                     context 'false' do
@@ -1461,7 +1471,7 @@ describe Arachni::Browser do
         it 'accepts events without the "on" prefix' do
             pages_should_not_have_form_with_input [@browser.to_page], 'by-ajax'
-            @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :onclick
+            @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
             pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
             @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
@@ -1479,6 +1489,18 @@ describe Arachni::Browser do
             pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
         end
+        context 'when new elements are introduced' do
+            let(:url) { "#{@url}/trigger_events/with_new_elements" }
+            it 'sets element IDs' do
+                expect(@browser.selenium.find_elements( :css, 'a' )).to be_empty
+                @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
+                expect(@browser.selenium.find_elements( :css, 'a' ).first.opening_tag).to eq '<a href="#blah" data-arachni-id="2073105">'
+            end
+        end
         context 'when new timers are introduced' do
             let(:url) { "#{@url}/trigger_events/with_new_timers/3000" }
@@ -1560,13 +1582,75 @@ describe Arachni::Browser do
             context ':submit' do
                 let(:url) { "#{@url}/fire_event/form/onsubmit" }
-                context 'when option' do
-                    describe ':inputs' do
+                def element
+                    @browser.selenium.find_element(:tag_name, :form)
+                end
-                        def element
-                            @browser.selenium.find_element(:tag_name, :form)
-                        end
+                context 'when there is a submit button' do
+                    let(:url) { "#{@url}/fire_event/form/submit_button" }
+                    let(:inputs) do
+                        {
+                            name:  'The Dude',
+                            email: 'the.dude@abides.com'
+                        }
+                    end
+                    it 'clicks it' do
+                        @browser.fire_event element, :submit, inputs: inputs
+                        expect(@browser.watir.div( id: 'container-name' ).text).to eq(
+                           inputs[:name]
+                        )
+                        expect(@browser.watir.div( id: 'container-email' ).text).to eq(
+                            inputs[:email]
+                        )
+                    end
+                end
+                context 'when there is a submit input' do
+                    let(:url) { "#{@url}/fire_event/form/submit_input" }
+                    let(:inputs) do
+                        {
+                            name:  'The Dude',
+                            email: 'the.dude@abides.com'
+                        }
+                    end
+                    it 'clicks it' do
+                        @browser.fire_event element, :submit, inputs: inputs
+                        expect(@browser.watir.div( id: 'container-name' ).text).to eq(
+                            inputs[:name]
+                        )
+                        expect(@browser.watir.div( id: 'container-email' ).text).to eq(
+                            inputs[:email]
+                        )
+                    end
+                end
+                context 'when there is no submit button or input' do
+                    let(:url) { "#{@url}/fire_event/form/onsubmit" }
+                    let(:inputs) do
+                        {
+                            name:  'The Dude',
+                            email: 'the.dude@abides.com'
+                        }
+                    end
+                    it 'triggers the submit event' do
+                        @browser.fire_event element, :submit, inputs: inputs
+                        expect(@browser.watir.div( id: 'container-name' ).text).to eq(
+                            inputs[:name]
+                        )
+                        expect(@browser.watir.div( id: 'container-email' ).text).to eq(
+                            inputs[:email]
+                        )
+                    end
+                end
+                context 'when option' do
+                    describe ':inputs' do
                         context 'is given' do
                             let(:inputs) do
                                 {
@@ -1760,6 +1844,59 @@ describe Arachni::Browser do
                 end
             end
+            context ':fill' do
+                before(:each) do
+                    @browser.load url
+                end
+                let(:url) { "#{@url}/fire_event/form/onsubmit" }
+                let(:inputs) do
+                    {
+                        name:  "The Dude",
+                        email: "the.dude@abides.com"
+                    }
+                end
+                def element
+                    @browser.selenium.find_element(:tag_name, :form)
+                end
+                it 'fills in the form inputs' do
+                    @browser.fire_event element, :fill, inputs: inputs
+                    expect(@browser.watir.textarea( name: 'name' ).value).to eq(
+                        inputs[:name]
+                    )
+                    expect(@browser.watir.input( id: 'email' ).value).to eq(
+                        inputs[:email]
+                    )
+                    expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
+                    expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
+                end
+                it 'returns a playable transition' do
+                    @browser.load url
+                    transition = @browser.fire_event element, :fill, inputs: inputs
+                    @browser.load url
+                    expect(@browser.watir.textarea( name: 'name' ).value).to be_empty
+                    expect(@browser.watir.input( id: 'email' ).value).to be_empty
+                    transition.play @browser
+                    expect(@browser.watir.textarea( name: 'name' ).value).to eq(
+                        inputs[:name]
+                    )
+                    expect(@browser.watir.input( id: 'email' ).value).to eq(
+                        inputs[:email]
+                    )
+                end
+            end
             context 'image button' do
                 context ':click' do
                     before( :each ) { @browser.start_capture }
@@ -1800,7 +1937,16 @@ describe Arachni::Browser do
         end
         context 'input' do
-            described_class::Javascript::EVENTS_PER_ELEMENT[:input].each do |event|
+            [
+                :onselect,
+                :onchange,
+                :onfocus,
+                :onblur,
+                :onkeydown,
+                :onkeypress,
+                :onkeyup,
+                :oninput
+            ].each do |event|
                 calculate_expectation = proc do |string|
                     [:onkeypress, :onkeydown].include?( event ) ?
                         string[0...-1] : string
@@ -1894,44 +2040,6 @@ describe Arachni::Browser do
         end
     end
-    describe '#elements_with_events' do
-        before :each do
-            @browser.load url
-        end
-        let(:elements_with_events) do
-            elements_with_events = {}
-            @browser.each_element_with_events do |locator, events|
-                elements_with_events[locator] = events
-            end
-            elements_with_events
-        end
-        let(:url) { @url + '/trigger_events' }
-        it 'returns all elements with associated events' do
-            expect(subject.elements_with_events.to_s).to eq elements_with_events.to_s
-        end
-        it 'caches results' do
-            expect(subject).to receive(:each_element_with_events)
-            subject.elements_with_events
-            expect(subject).to_not receive(:each_element_with_events)
-            subject.elements_with_events
-        end
-        context 'when passed true' do
-            it 'clears the cache' do
-                expect(subject).to receive(:each_element_with_events)
-                subject.elements_with_events
-                expect(subject).to receive(:each_element_with_events)
-                subject.elements_with_events( true )
-            end
-        end
-    end
     describe '#each_element_with_events' do
         before :each do
             @browser.load url
@@ -1952,14 +2060,14 @@ describe Arachni::Browser do
                         tag_name:   'body',
                         attributes: { 'onmouseover' => 'makePOST();' }
                     ),
-                    { onmouseover: ['makePOST();'] }
+                    { mouseover: ['makePOST();'] }
                 ],
                 [
                     described_class::ElementLocator.new(
                         tag_name:   'div',
                         attributes: { 'id' => 'my-div', 'onclick' => 'addForm();' }
                     ),
-                    { onclick: ['addForm();']}
+                    { click: ['addForm();']}
                 ]
             ])
         end
@@ -2074,7 +2182,7 @@ describe Arachni::Browser do
             end
             locators.each do |element|
-                @browser.javascript.class.events.each do |e|
+                described_class::Javascript::EVENTS.each do |e|
                     begin
                         @browser.trigger_event @browser.to_page, element, e
                     rescue
@@ -2089,6 +2197,7 @@ describe Arachni::Browser do
     end
     describe '#trigger_events' do
         it 'returns self' do
             expect(@browser.load( @url + '/explore' ).trigger_events).to eq(@browser)
         end
@@ -2142,7 +2251,6 @@ describe Arachni::Browser do
                             }
                         } => :click
                     },
-                    { "#{@url}href-ajax" => :request },
                     { "#{@url}post-ajax" => :request },
                     { "#{@url}href-ajax" => :request }
                 ]
@@ -2173,15 +2281,33 @@ describe Arachni::Browser do
                 pages_should_have_form_with_input @browser.captured_pages, 'myImageButton.y'
             end
         end
+        context 'when OptionGroups::Scope#dom_event_limit' do
+            context 'has been set' do
+                it 'only triggers that amount of events' do
+                    Arachni::Options.scope.dom_event_limit = 1
+                    @browser.load( "#{@url}form-with-image-button" ).start_capture.trigger_events
+                    expect(@browser.flush_pages.size).to eq 1
+                end
+            end
+            context 'has not been set' do
+                it 'triggers all events' do
+                    Arachni::Options.scope.dom_event_limit = nil
+                    @browser.load( "#{@url}form-with-image-button" ).start_capture.trigger_events
+                    expect(@browser.flush_pages.size).to eq 2
+                end
+            end
+        end
     end
     describe '#source' do
         it 'returns the evaluated HTML source' do
             @browser.load @url
-            ua = Arachni::Options.http.user_agent
-            expect(ua).not_to be_empty
             expect(@browser.source).to include( ua )
         end
     end
@@ -2201,10 +2327,6 @@ describe Arachni::Browser do
     describe '#goto' do
         it 'loads the given URL' do
             @browser.goto @url
-            ua = Arachni::Options.http.user_agent
-            expect(ua).not_to be_empty
             expect(@browser.source).to include( ua )
         end
@@ -2215,8 +2337,6 @@ describe Arachni::Browser do
             @browser = described_class.new
             transition.play( @browser )
-            ua = Arachni::Options.http.user_agent
-            expect(ua).not_to be_empty
             expect(@browser.source).to include( ua )
         end
@@ -2226,7 +2346,37 @@ describe Arachni::Browser do
             expect(described_class.asset_domains).to include Arachni::URI( @url ).domain
         end
+        it 'does not receive a Content-Security-Policy header' do
+            subject.goto "#{@url}/Content-Security-Policy"
+            expect(subject.response.code).to eq(200)
+            expect(subject.response.headers).not_to include 'Content-Security-Policy'
+        end
         context 'when requesting the page URL' do
+            it 'does not receive a Date header' do
+                subject.goto "#{@url}/Date"
+                expect(subject.response.code).to eq(200)
+                expect(subject.response.headers).not_to include 'Date'
+            end
+            it 'does not receive an Etag header' do
+                subject.goto "#{@url}/Etag"
+                expect(subject.response.code).to eq(200)
+                expect(subject.response.headers).not_to include 'Etag'
+            end
+            it 'does not receive a Cache-Control header' do
+                subject.goto "#{@url}/Cache-Control"
+                expect(subject.response.code).to eq(200)
+                expect(subject.response.headers).not_to include 'Cache-Control'
+            end
+            it 'does not receive a Last-Modified header' do
+                subject.goto "#{@url}/Last-Modified"
+                expect(subject.response.code).to eq(200)
+                expect(subject.response.headers).not_to include 'Last-Modified'
+            end
             it 'does not send If-None-Match request headers' do
                 subject.goto "#{@url}/If-None-Match"
                 expect(subject.response.code).to eq(200)
@@ -2249,6 +2399,66 @@ describe Arachni::Browser do
         end
         context 'when requesting something other than the page URL' do
+            it 'receives a Date header' do
+                url = "#{@url}Date"
+                response = nil
+                subject.on_response do |r|
+                    next if r.url == url
+                    response = r
+                end
+                subject.goto url
+                expect(response.code).to eq(200)
+                expect(response.headers).to include 'Date'
+            end
+            it 'receives an Etag header' do
+                url = "#{@url}Etag"
+                response = nil
+                subject.on_response do |r|
+                    next if r.url == url
+                    response = r
+                end
+                subject.goto url
+                expect(response.code).to eq(200)
+                expect(response.headers).to include 'Etag'
+            end
+            it 'receives a Cache-Control header' do
+                url = "#{@url}Cache-Control"
+                response = nil
+                subject.on_response do |r|
+                    next if r.url == url
+                    response = r
+                end
+                subject.goto url
+                expect(response.code).to eq(200)
+                expect(response.headers).to include 'Cache-Control'
+            end
+            it 'receives a Last-Modified header' do
+                url = "#{@url}Last-Modified"
+                response = nil
+                subject.on_response do |r|
+                    next if r.url == url
+                    response = r
+                end
+                subject.goto url
+                expect(response.code).to eq(200)
+                expect(response.headers).to include 'Last-Modified'
+            end
             it 'sends If-None-Match request headers' do
                 url = "#{@url}If-None-Match"
@@ -2819,78 +3029,6 @@ describe Arachni::Browser do
         end
     end
-    describe '#cache' do
-        it 'keeps entries after they are used' do
-            @browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
-            clear_hit_count
-            expect(hit_count).to eq(0)
-            @browser.load @url
-            expect(@browser.source).to include( ua )
-            expect(@browser.cache).to include( @url )
-            expect(hit_count).to eq(0)
-            2.times do
-                @browser.load @url
-                expect(@browser.source).to include( ua )
-            end
-            expect(@browser.cache).to include( @url )
-            expect(hit_count).to eq(0)
-        end
-        it 'returns the URL of the resource' do
-            response = Arachni::HTTP::Client.get( @url, mode: :sync )
-            expect(@browser.cache( response )).to eq(response.url)
-            @browser.load response.url
-            expect(@browser.source).to include( ua )
-            expect(@browser.cache).to include( response.url )
-        end
-        context 'when given a' do
-            describe 'Arachni::HTTP::Response' do
-                it 'caches it' do
-                    @browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
-                    clear_hit_count
-                    expect(hit_count).to eq(0)
-                    @browser.load @url
-                    expect(@browser.source).to include( ua )
-                    expect(@browser.cache).to include( @url )
-                    expect(hit_count).to eq(0)
-                end
-            end
-            describe 'Arachni::Page' do
-                it 'caches it' do
-                    @browser.cache Arachni::Page.from_url( @url )
-                    clear_hit_count
-                    expect(hit_count).to eq(0)
-                    @browser.load @url
-                    expect(@browser.source).to include( ua )
-                    expect(@browser.cache).to include( @url )
-                    expect(hit_count).to eq(0)
-                end
-            end
-            describe 'other' do
-                it 'raises Arachni::Browser::Error::Load' do
-                    expect { @browser.cache [] }.to raise_error Arachni::Browser::Error::Load
-                end
-            end
-        end
-    end
     describe '#start_capture' do
         before(:each) { @browser.start_capture }
@@ -2948,6 +3086,23 @@ describe Arachni::Browser do
         end
         context 'when a POST request is performed' do
+            context 'with query parameters' do
+                it "is added as an #{Arachni::Element::Form} to the page" do
+                    @browser.load @url + '/with-ajax'
+                    pages = @browser.captured_pages
+                    expect(pages.size).to eq(2)
+                    form = find_page_with_form_with_input( pages, 'post-name' ).
+                        forms.find { |form| form.inputs.include? 'post-query' }
+                    expect(form.url).to eq(@url + 'with-ajax')
+                    expect(form.action).to eq(@url + 'post-ajax')
+                    expect(form.inputs).to eq({ 'post-query' => 'blah' })
+                    expect(form.method).to eq(:get)
+                end
+            end
             context 'with form data' do
                 it "is added as an #{Arachni::Element::Form} to the page" do
                     @browser.load @url + '/with-ajax'
@@ -2959,7 +3114,7 @@ describe Arachni::Browser do
                         forms.find { |form| form.inputs.include? 'post-name' }
                     expect(form.url).to eq(@url + 'with-ajax')
-                    expect(form.action).to eq(@url + 'post-ajax')
+                    expect(form.action).to eq(@url + 'post-ajax?post-query=blah')
                     expect(form.inputs).to eq({ 'post-name' => 'post-value' })
                     expect(form.method).to eq(:post)
                 end
@@ -3074,7 +3229,7 @@ describe Arachni::Browser do
             cookie = cookies.find { |c| c.name == 'include_subdomains' }
             expect(cookie.name).to  eq 'include_subdomains'
             expect(cookie.value).to eq 'bar1'
-            expect(cookie.domain).to eq '.127.0.0.2'
+            expect(cookie.domain).to eq ".#{Arachni::URI( @url ).host}"
         end
         it 'ignores cookies for other domains' do
@@ -3130,119 +3285,4 @@ describe Arachni::Browser do
         end
     end
-    describe '#snapshot_id' do
-        before(:each) do
-            Arachni::Options.url = @url
-            @empty_snapshot_id ||= @browser.load( empty_snapshot_id_url ).snapshot_id
-            @snapshot_id = @browser.load( url ).snapshot_id
-        end
-        let(:empty_snapshot_id_url) { @url + '/snapshot_id/default' }
-        let(:empty_snapshot_id) do
-            @empty_snapshot_id
-        end
-        let(:snapshot_id) do
-            @snapshot_id
-        end
-        let(:url) { @url + '/trigger_events' }
-        it 'returns a DOM digest' do
-            expect(snapshot_id).to eq(@browser.load( url ).snapshot_id)
-        end
-        context 'when there are new cookies' do
-            let(:url) { @url + '/each_element_with_events/set-cookie' }
-            it 'takes them into account' do
-                @browser.fire_event described_class::ElementLocator.new(
-                    tag_name: :button,
-                    attributes: {
-                        onclick: 'setCookie()'
-                    }
-                ), :click
-                expect(@browser.snapshot_id).not_to eq(snapshot_id)
-            end
-        end
-        context ':a' do
-            context 'and the href is not empty' do
-                context 'and it starts with javascript:' do
-                    let(:url) { @url + '/each_element_with_events/a/href/javascript' }
-                    it 'takes it into account' do
-                        expect(snapshot_id).not_to eq(empty_snapshot_id)
-                    end
-                end
-                context 'and it does not start with javascript:' do
-                    let(:url) { @url + '/each_element_with_events/a/href/regular' }
-                    it 'takes it into account' do
-                        expect(snapshot_id).not_to eq(empty_snapshot_id)
-                    end
-                end
-                context 'and is out of scope' do
-                    let(:url) { @url + '/each_element_with_events/a/href/out-of-scope' }
-                    it 'is ignored' do
-                        expect(snapshot_id).to eq(empty_snapshot_id)
-                    end
-                end
-            end
-            context 'and the href is empty' do
-                let(:url) { @url + '/each_element_with_events/a/href/empty' }
-                it 'takes it into account' do
-                    expect(snapshot_id).not_to eq(empty_snapshot_id)
-                end
-            end
-        end
-        context ':form' do
-            let(:empty_snapshot_id_url) { @url + '/snapshot_id/form/default' }
-            context ':input' do
-                context 'of type "image"' do
-                    let(:url) { @url + '/each_element_with_events/form/input/image' }
-                    it 'takes it into account' do
-                        expect(snapshot_id).not_to eq(empty_snapshot_id)
-                    end
-                end
-            end
-            context 'and the action is not empty' do
-                context 'and it starts with javascript:' do
-                    let(:url) { @url + '/each_element_with_events/form/action/javascript' }
-                    it 'takes it into account' do
-                        expect(snapshot_id).not_to eq(empty_snapshot_id)
-                    end
-                end
-                context 'and it does not start with javascript:' do
-                    let(:url) { @url + '/each_element_with_events/form/action/regular' }
-                    it 'takes it into account' do
-                        expect(snapshot_id).not_to eq(empty_snapshot_id)
-                    end
-                end
-                context 'and is out of scope' do
-                    let(:url) { @url + '/each_element_with_events/form/action/out-of-scope' }
-                    it 'is ignored' do
-                        expect(snapshot_id).to eq(empty_snapshot_id)
-                    end
-                end
-            end
-        end
-    end
 end