RubyGems - arachni - Versions diffs - 1.4 → 1.6.0 - Mend

arachni 1.4 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (748) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +195 -0
data/Gemfile +4 -4
data/LICENSE.md +1 -1
data/README.md +7 -3
data/Rakefile +1 -43
data/arachni.gemspec +35 -30
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +6 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +12 -0
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +6 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +6 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +20 -75
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +3 -3
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +3 -3
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/substrings/java +4 -0
data/components/checks/active/sql_injection/substrings/oracle +0 -1
data/components/checks/active/sql_injection/substrings/sqlite +1 -0
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection_differential.rb +3 -3
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +34 -11
data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +54 -29
data/components/checks/active/xss_dom.rb +15 -11
data/components/checks/active/xss_dom_script_context.rb +4 -6
data/components/checks/active/xss_event.rb +46 -34
data/components/checks/active/xss_path.rb +9 -6
data/components/checks/active/xss_script_context.rb +100 -47
data/components/checks/active/xss_tag.rb +41 -15
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +15 -3
data/components/checks/passive/backup_files.rb +39 -6
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_directories/directories.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +8 -9
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +3 -5
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +5 -5
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +4 -4
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
data/components/checks/passive/grep/x_frame_options.rb +4 -4
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +10 -12
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +3 -5
data/components/path_extractors/areas.rb +3 -4
data/components/path_extractors/comments.rb +4 -5
data/components/path_extractors/data_url.rb +4 -5
data/components/path_extractors/forms.rb +3 -4
data/components/path_extractors/frames.rb +3 -5
data/components/path_extractors/generic.rb +3 -1
data/components/path_extractors/links.rb +3 -4
data/components/path_extractors/meta_refresh.rb +11 -17
data/components/path_extractors/scripts.rb +18 -15
data/components/plugins/autologin.rb +3 -2
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +3 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +26 -9
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +3 -4
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +4 -5
data/components/plugins/login_script.rb +2 -2
data/components/plugins/metrics.rb +44 -18
data/components/plugins/page_dump.rb +60 -0
data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
data/components/plugins/proxy/template_scope.rb +6 -1
data/components/plugins/proxy.rb +44 -31
data/components/plugins/rate_limiter.rb +80 -0
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +3 -3
data/components/plugins/webhook_notify.rb +99 -0
data/components/reporters/ap.rb +1 -1
data/components/reporters/html/default/configuration.erb +2 -0
data/components/reporters/html/default.erb +3 -2
data/components/reporters/html.rb +5 -8
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +3 -2
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml/schema.xsd +29 -13
data/components/reporters/xml.rb +40 -23
data/components/reporters/yaml.rb +1 -1
data/config/write_paths.yml +4 -0
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser/element_locator.rb +9 -5
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +329 -72
data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +81 -25
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript.rb +111 -198
data/lib/arachni/browser.rb +309 -382
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/job.rb +9 -2
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +97 -87
data/lib/arachni/browser_cluster.rb +79 -62
data/lib/arachni/check/auditor.rb +161 -155
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/check.rb +1 -1
data/lib/arachni/component/base.rb +3 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/output.rb +8 -2
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +2 -2
data/lib/arachni/data/framework.rb +3 -2
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
data/lib/arachni/element/capabilities/analyzable/signature.rb +40 -18
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
data/lib/arachni/element/capabilities/auditable.rb +2 -8
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +3 -3
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +2 -2
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/cookie.rb +49 -24
data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/form.rb +21 -32
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/header.rb +3 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +4 -8
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link.rb +11 -30
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -2
data/lib/arachni/element/link_template.rb +10 -19
data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
data/lib/arachni/element/nested_cookie.rb +370 -0
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +11 -11
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_form.rb +5 -6
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +4 -6
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element/xml.rb +3 -7
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +6 -1
data/lib/arachni/framework/parts/browser.rb +14 -14
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +3 -3
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
data/lib/arachni/http/client.rb +38 -11
data/lib/arachni/http/cookie_jar.rb +13 -8
data/lib/arachni/http/headers.rb +11 -5
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/message.rb +10 -9
data/lib/arachni/http/proxy_server/connection.rb +110 -82
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +8 -6
data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
data/lib/arachni/http/proxy_server.rb +44 -11
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/request.rb +239 -41
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/http/response.rb +73 -10
data/lib/arachni/http.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue.rb +42 -14
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups/audit.rb +11 -2
data/lib/arachni/option_groups/browser_cluster.rb +32 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +39 -10
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +12 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +58 -4
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/options.rb +23 -4
data/lib/arachni/page/dom/transition.rb +5 -2
data/lib/arachni/page/dom.rb +46 -54
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/page.rb +10 -8
data/lib/arachni/parser/document.rb +34 -0
data/lib/arachni/parser/extractors/base.rb +48 -0
data/lib/arachni/parser/nodes/base.rb +22 -0
data/lib/arachni/parser/nodes/comment.rb +32 -0
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
data/lib/arachni/parser/nodes/element.rb +48 -0
data/lib/arachni/parser/nodes/text.rb +32 -0
data/lib/arachni/parser/nodes/with_value.rb +29 -0
data/lib/arachni/parser/sax.rb +76 -0
data/lib/arachni/parser/with_children/search.rb +92 -0
data/lib/arachni/parser/with_children.rb +35 -0
data/lib/arachni/parser.rb +181 -78
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/plugin/base.rb +2 -2
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +8 -5
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/base.rb +2 -1
data/lib/arachni/processes/executables/browser.rb +0 -2
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +18 -9
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/report.rb +8 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -10
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/rest/server/instance_helpers.rb +10 -1
data/lib/arachni/rest/server.rb +13 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +9 -5
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/element.rb +4 -4
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +59 -0
data/lib/arachni/session.rb +32 -13
data/lib/arachni/snapshot.rb +2 -2
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/http.rb +2 -2
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/database/base.rb +16 -10
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/profiler.rb +52 -13
data/lib/arachni/support/signature.rb +18 -6
data/lib/arachni/support.rb +1 -1
data/lib/arachni/trainer.rb +55 -39
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri/scope.rb +15 -13
data/lib/arachni/uri.rb +129 -103
data/lib/arachni/utilities.rb +10 -10
data/lib/arachni/version.rb +1 -1
data/lib/arachni.rb +1 -7
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -18
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +264 -109
data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +43 -118
data/spec/arachni/browser/javascript_spec.rb +95 -60
data/spec/arachni/browser_cluster/job_spec.rb +23 -8
data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
data/spec/arachni/browser_cluster/worker_spec.rb +29 -87
data/spec/arachni/browser_cluster_spec.rb +124 -43
data/spec/arachni/browser_spec.rb +463 -421
data/spec/arachni/check/auditor_spec.rb +162 -198
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
data/spec/arachni/element/cookie/dom_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +159 -64
data/spec/arachni/element/form/dom_spec.rb +1 -1
data/spec/arachni/element/form_spec.rb +101 -54
data/spec/arachni/element/header_spec.rb +3 -1
data/spec/arachni/element/json_spec.rb +2 -0
data/spec/arachni/element/link/dom_spec.rb +2 -2
data/spec/arachni/element/link_spec.rb +46 -15
data/spec/arachni/element/link_template/dom_spec.rb +1 -1
data/spec/arachni/element/link_template_spec.rb +36 -12
data/spec/arachni/element/nested_cookie_spec.rb +687 -0
data/spec/arachni/element/server_spec.rb +22 -5
data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
data/spec/arachni/element/ui_form_spec.rb +2 -2
data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
data/spec/arachni/element/ui_input_spec.rb +1 -1
data/spec/arachni/element/xml_spec.rb +5 -3
data/spec/arachni/framework/parts/audit_spec.rb +2 -14
data/spec/arachni/framework/parts/data_spec.rb +0 -6
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
data/spec/arachni/http/client_spec.rb +96 -36
data/spec/arachni/http/cookie_jar_spec.rb +2 -2
data/spec/arachni/http/headers_spec.rb +59 -12
data/spec/arachni/http/proxy_server_spec.rb +58 -25
data/spec/arachni/http/request_spec.rb +382 -35
data/spec/arachni/http/response_spec.rb +135 -7
data/spec/arachni/issue_spec.rb +21 -2
data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
data/spec/arachni/option_groups/http_spec.rb +21 -6
data/spec/arachni/option_groups/paths_spec.rb +23 -1
data/spec/arachni/option_groups/scope_spec.rb +27 -7
data/spec/arachni/options_spec.rb +8 -1
data/spec/arachni/page/dom_spec.rb +20 -6
data/spec/arachni/page_spec.rb +8 -7
data/spec/arachni/parser/document_spec.rb +49 -0
data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
data/spec/arachni/parser/nodes/element_spec.rb +18 -0
data/spec/arachni/parser/nodes/text_spec.rb +24 -0
data/spec/arachni/parser/sax_spec.rb +88 -0
data/spec/arachni/parser/with_children/search_spec.rb +146 -0
data/spec/arachni/parser/with_children_spec.rb +37 -0
data/spec/arachni/parser_spec.rb +211 -27
data/spec/arachni/platform/list_spec.rb +1 -2
data/spec/arachni/report_spec.rb +9 -2
data/spec/arachni/reporter/options_spec.rb +0 -14
data/spec/arachni/rest/server_spec.rb +91 -8
data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
data/spec/arachni/ruby/string_spec.rb +6 -0
data/spec/arachni/session_spec.rb +69 -8
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +58 -0
data/spec/arachni/trainer_spec.rb +102 -21
data/spec/arachni/uri_spec.rb +11 -8
data/spec/arachni/utilities_spec.rb +3 -3
data/spec/components/checks/active/code_injection_spec.rb +12 -7
data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/csrf_spec.rb +1 -21
data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/path_traversal_spec.rb +18 -15
data/spec/components/checks/active/response_splitting_spec.rb +5 -4
data/spec/components/checks/active/rfi_spec.rb +9 -8
data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +61 -35
data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
data/spec/components/checks/active/xss_dom_script_context_spec.rb +6 -10
data/spec/components/checks/active/xss_dom_spec.rb +2 -2
data/spec/components/checks/active/xss_event_spec.rb +11 -3
data/spec/components/checks/active/xss_script_context_spec.rb +8 -7
data/spec/components/checks/active/xss_spec.rb +7 -6
data/spec/components/checks/active/xss_tag_spec.rb +11 -3
data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
data/spec/components/checks/passive/backup_files_spec.rb +4 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
data/spec/components/path_extractors/comments_spec.rb +3 -1
data/spec/components/path_extractors/data_url_spec.rb +6 -2
data/spec/components/path_extractors/links_spec.rb +1 -1
data/spec/components/plugins/autologin_spec.rb +2 -2
data/spec/components/plugins/webhook_notify_spec.rb +69 -0
data/spec/spec_helper.rb +2 -1
data/spec/support/factories/http/response.rb +1 -1
data/spec/support/factories/issue.rb +1 -2
data/spec/support/factories/page/dom.rb +6 -0
data/spec/support/factories/scan_report.rb +1 -0
data/spec/support/factories/vector.rb +7 -3
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +4 -4
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +2 -2
data/spec/support/fixtures/executables/node.rb +2 -3
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/nested_cookies.txt +11 -0
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +4 -2
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
data/spec/support/servers/arachni/browser.rb +275 -4
data/spec/support/servers/arachni/check/auditor.rb +9 -0
data/spec/support/servers/arachni/element/cookie.rb +34 -0
data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
data/spec/support/servers/arachni/element/form.rb +36 -2
data/spec/support/servers/arachni/element/header.rb +36 -1
data/spec/support/servers/arachni/element/json.rb +33 -0
data/spec/support/servers/arachni/element/link.rb +33 -1
data/spec/support/servers/arachni/element/link_template.rb +37 -5
data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
data/spec/support/servers/arachni/element/xml.rb +33 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
data/spec/support/servers/arachni/http/client.rb +43 -4
data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
data/spec/support/servers/arachni/parser.rb +6 -0
data/spec/support/servers/arachni/session.rb +24 -1
data/spec/support/servers/checks/active/code_injection.rb +18 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
data/spec/support/servers/checks/active/csrf.rb +0 -76
data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
data/spec/support/servers/checks/active/path_traversal.rb +30 -3
data/spec/support/servers/checks/active/response_splitting.rb +30 -1
data/spec/support/servers/checks/active/rfi.rb +30 -2
data/spec/support/servers/checks/active/session_fixation.rb +1 -3
data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
data/spec/support/servers/checks/active/sql_injection/java +2 -0
data/spec/support/servers/checks/active/sql_injection.rb +27 -0
data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
data/spec/support/servers/checks/active/unvalidated_redirect.rb +121 -1
data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
data/spec/support/servers/checks/active/xss.rb +40 -0
data/spec/support/servers/checks/active/xss_event.rb +23 -2
data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
data/spec/support/servers/checks/active/xss_tag.rb +40 -0
data/spec/support/servers/checks/passive/backup_files.rb +20 -1
data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
data/spec/support/servers/plugins/autologin.rb +17 -1
data/spec/support/servers/plugins/webhook_notify.rb +9 -0
data/spec/support/shared/check.rb +1 -0
data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
data/spec/support/shared/element/capabilities/auditable.rb +28 -34
data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
data/spec/support/shared/element/capabilities/with_node.rb +2 -2
data/spec/support/shared/element/dom/submittable.rb +10 -10
data/spec/support/shared/path_extractor.rb +17 -5
data/ui/cli/framework/option_parser.rb +78 -13
data/ui/cli/framework.rb +29 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +10 -3
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reproduce/option_parser.rb +90 -0
data/ui/cli/reproduce.rb +228 -0
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
data/ui/cli/rpc/client/instance.rb +7 -4
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +178 -79
data/ACKNOWLEDGMENTS.md +0 -21
data/AUTHORS.md +0 -3
data/CONTRIBUTORS.md +0 -22

data/lib/arachni/element/link/capabilities/auditable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link/capabilities/submittable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link/capabilities/with_dom.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link/dom/capabilities/submittable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link/dom.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -32,6 +32,9 @@ class Link < Base
     include Capabilities::Submittable
     include Capabilities::Auditable
+    include Arachni::Element::Capabilities::Auditable::Buffered
+    include Arachni::Element::Capabilities::Auditable::LineBuffered
     DECODE_CACHE = Arachni::Support::Cache::LeastRecentlyPushed.new( 1_000 )
     # @param    [Hash]    options
@@ -65,17 +68,11 @@ class Link < Base
         uri.to_s
     end
-    # @param   (see .encode)
-    # @return  (see .encode)
-    #
     # @see .encode
     def encode( *args )
         self.class.encode( *args )
     end
-    # @param   (see .decode)
-    # @return  (see .decode)
-    #
     # @see .decode
     def decode( *args )
         self.class.decode( *args )
@@ -100,42 +97,26 @@ class Link < Base
         # @return   [Array<Link>]
         def from_response( response )
             url = response.url
-            [new( url: url )] | from_document( url, response.body )
+            [new( url: url )] | from_parser( Arachni::Parser.new( response ) )
         end
-        # Extracts links from a document.
-        #
-        # @param    [String]    url
-        #   URL of the document -- used for path normalization purposes.
-        # @param    [String, Nokogiri::HTML::Document]    document
+        # @param    [Parser]    parser
         #
         # @return   [Array<Link>]
-        def from_document( url, document )
-            if !document.is_a?( Nokogiri::HTML::Document )
-                document = document.to_s
-                return [] if !in_html?( document )
-                document = Arachni::Parser.parse( document )
-            end
-            base_url =  begin
-                document.search( '//base[@href]' )[0]['href']
-            rescue
-                url
-            end
+        def from_parser( parser )
+            return [] if parser.body && !in_html?( parser.body )
-            document.search( '//a' ).map do |link|
+            parser.document.nodes_by_name( :a ).map do |link|
                 next if too_big?( link['href'] )
-                href = to_absolute( link['href'], base_url )
+                href = to_absolute( link['href'], parser.base )
                 next if !href
                 next if !(parsed_url = Arachni::URI( href )) ||
                     parsed_url.scope.out?
                 new(
-                    url:    url.freeze,
+                    url:    parser.url,
                     action: href.freeze,
                     source: link.to_html.freeze
                 )

data/lib/arachni/element/link_template/capabilities/auditable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link_template/capabilities/inputtable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link_template/capabilities/with_dom.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link_template/dom/capabilities/submittable.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/element/link_template/dom.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -91,7 +91,7 @@ class DOM < DOM
     end
     def self.data_from_node( node )
-        href = node.attributes['href'].to_s
+        href = node['href'].to_s
         return if !href.include? '#'
         fragment = Link.decode( href.split( '#', 2 ).last.to_s )

data/lib/arachni/element/link_template.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -32,6 +32,9 @@ class LinkTemplate < Base
     include Capabilities::Inputtable
     include Capabilities::Auditable
+    include Arachni::Element::Capabilities::Auditable::Buffered
+    include Arachni::Element::Capabilities::Auditable::LineBuffered
     # @return   [Regexp]
     #   Regular expressions with named captures, serving as templates used to
     #   identify and manipulate inputs in {#action}.
@@ -134,7 +137,7 @@ class LinkTemplate < Base
         def from_response( response, templates = Arachni::Options.audit.link_templates )
             url = response.url
-            links = from_document( url, response.body, templates )
+            links = from_parser( Arachni::Parser.new( response ) , templates )
             template, inputs = extract_inputs( url, templates )
             if template
@@ -153,28 +156,16 @@ class LinkTemplate < Base
         # {Arachni::OptionGroups::Audit#link_templates templates} from a
         # document.
         #
-        # @param    [String]    url
-        #   URL of the document -- used for path normalization purposes.
-        # @param    [String, Nokogiri::HTML::Document]    document
+        # @param    [Arachni::Parser]    parser
         # @param    [Array<Regexp>]    templates
         #
         # @return   [Array<LinkTemplate>]
-        def from_document( url, document, templates = Arachni::Options.audit.link_templates )
+        def from_parser( parser, templates = Arachni::Options.audit.link_templates )
             return [] if templates.empty?
-            if !document.is_a?( Nokogiri::HTML::Document )
-                document = Arachni::Parser.parse( document.to_s )
-            end
-            base_url = begin
-                document.search( '//base[@href]' )[0]['href']
-            rescue
-                url
-            end
-            document.search( '//a' ).map do |link|
+            parser.document.nodes_by_name( :a ).map do |link|
                 next if too_big?( link['href'] )
-                next if !(href = to_absolute( link['href'], base_url ))
+                next if !(href = to_absolute( link['href'], parser.base ))
                 template, inputs = extract_inputs( href, templates )
                 next if !template && !self::DOM.data_from_node( link )
@@ -184,7 +175,7 @@ class LinkTemplate < Base
                 end
                 new(
-                    url:      url.freeze,
+                    url:      parser.url,
                     action:   href.freeze,
                     inputs:   inputs || {},
                     template: template,

data/lib/arachni/element/nested_cookie/capabilities/submittable.rb ADDED Viewed

@@ -0,0 +1,35 @@
+=begin
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+module Arachni::Element
+class NestedCookie
+module Capabilities
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+module Submittable
+    include Arachni::Element::Capabilities::Submittable
+    def submit( options = {}, &block )
+        options                   = options.dup
+        options[:raw_cookies]     = [self]
+        options[:follow_location] = true if !options.include?( :follow_location )
+        @auditor ||= options.delete( :auditor )
+        options[:performer] ||= self
+        options[:raw_parameters] ||= raw_inputs
+        http_request( options, &block )
+    end
+end
+end
+end
+end

data/lib/arachni/element/nested_cookie.rb ADDED Viewed

@@ -0,0 +1,370 @@
+=begin
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+require_relative 'cookie'
+module Arachni::Element
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+class NestedCookie < Base
+    # Load and include all cookie-specific capability overrides.
+    lib = "#{File.dirname( __FILE__ )}/#{File.basename(__FILE__, '.rb')}/capabilities/**/*.rb"
+    Dir.glob( lib ).each { |f| require f }
+    include Arachni::Element::Capabilities::Inputtable
+    include Arachni::Element::Capabilities::Mutable
+    include Arachni::Element::Capabilities::Auditable
+    include Arachni::Element::Capabilities::Auditable::Buffered
+    include Arachni::Element::Capabilities::Auditable::LineBuffered
+    include Arachni::Element::Capabilities::Analyzable
+    include Arachni::Element::Capabilities::WithSource
+    include Capabilities::Submittable
+    # Default cookie values
+    DEFAULT = Cookie::DEFAULT
+    attr_reader :data
+    # @param    [Hash]  options
+    #   For options see {DEFAULT}, with the following extras:
+    # @option   options [String]    :url
+    #   URL of the page which created the cookie -- **required**.
+    # @option   options [String]     :action
+    #   URL of the page to submit the cookie -- defaults to `:url`.
+    # @option   options [Hash]     :inputs
+    #   Allows you to pass cookie data as a `name => value` pair instead of the
+    #   more complex {DEFAULT} structure.
+    def initialize( options )
+        @data = {}
+        super( options )
+        if options[:name] && options[:value]
+            options[:name]  = options[:name].to_s.recode
+            options[:value] = options[:value].to_s.recode
+            self.inputs = self.class.parse_inputs( options[:value] )
+            @data.merge!( options )
+        else
+            self.inputs = (options[:inputs] || {}).dup
+        end
+        @data.merge!( DEFAULT.merge( @data ) )
+        @data[:value] = decode( @data[:value].to_s ) rescue @data[:value].to_s
+        parsed_uri = uri_parse( action )
+        if !@data[:path]
+            path = parsed_uri.path
+            path = !path.empty? ? path : '/'
+            @data[:path] = path
+        end
+        if @data[:expires] && !@data[:expires].is_a?( Time )
+            @data[:expires] = Time.parse( @data[:expires].to_s ) rescue nil
+        end
+        @data[:domain] ||= parsed_uri.host
+        @default_inputs = self.inputs.dup.freeze
+    end
+    # Indicates whether the cookie must be only sent over an encrypted channel.
+    #
+    # @return   [Bool]
+    def secure?
+        @data[:secure] == true
+    end
+    # Indicates whether the cookie is safe from modification from client-side code.
+    #
+    # @return   [Bool]
+    def http_only?
+        @data[:httponly] == true
+    end
+    # Indicates whether the cookie is to be discarded at the end of the session.
+    #
+    # Doesn't play a role during the scan but it can provide useful info to checks and such.
+    #
+    # @return   [Bool]
+    def session?
+        @data[:expires].nil?
+    end
+    # @return   [Time, NilClass]
+    #   Expiration `Time` of the cookie or `nil` if it doesn't have one
+    #   (i.e. is a session cookie).
+    def expires_at
+        @data[:expires]
+    end
+    # Indicates whether or not the cookie has expired.
+    #
+    # @param    [Time]    time
+    #   To compare against.
+    #
+    # @return [Boolean]
+    def expired?( time = Time.now )
+        expires_at != nil && time > expires_at
+    end
+    # @return   [Hash]
+    #   Simple representation of the cookie as a hash -- with the cookie name as
+    #   `key` and the cookie value as `value`.
+    def simple
+        self.inputs.dup
+    end
+    # Uses the method name as a key to cookie attributes in {DEFAULT}.
+    def method_missing( sym, *args, &block )
+        return @data[sym] if @data.include? sym
+        super( sym, *args, &block )
+    end
+    # Used by {#method_missing} to determine if it should process the call.
+    #
+    # @return   [Bool]
+    #
+    def respond_to?( *args )
+        (@data && @data.include?( args.first )) || super
+    end
+    def value
+        self.inputs.map { |n, v| "#{encode( n )}=#{encode( v )}" }.join( '&' )
+    end
+    # @return   [String]
+    #   To be used in a `Cookie` HTTP request header.
+    def to_s
+        # Only do encoding if we're dealing with updated inputs, otherwise pass
+        # along the raw data as set in order to deal with server-side decoding
+        # quirks.
+        if updated? || !(raw_name || raw_value )
+            "#{encode( name )}=#{value}"
+        else
+            "#{raw_name}=#{raw_value}"
+        end
+    end
+    # @return   [String]
+    #   Converts self to a `Set-Cookie` string.
+    def to_set_cookie
+        set_cookie = "#{self.to_s}"
+        @data.each do |k, v|
+            next if !v || !Cookie.keep_for_set_cookie.include?( k )
+            set_cookie << "; #{k.capitalize}=#{v}"
+        end
+        set_cookie << '; Secure'   if secure?
+        set_cookie << '; HttpOnly' if http_only?
+        # If we want to set a cookie for only the domain that responded to the
+        # request, Set-Cookie should not specify a domain.
+        #
+        # If we want the cookie to apply to all subdomains, we need to either
+        # specify a dot-prefixed domain or a domain, the browser client will
+        # prefix the dot anyways.
+        #
+        # http://stackoverflow.com/questions/1062963/how-do-browser-cookie-domains-work/1063760#1063760
+        set_cookie << "; Domain=#{domain}" if domain.start_with?( '.' )
+        set_cookie
+    end
+    # @see .encode
+    def encode( *args )
+        self.class.encode( *args )
+    end
+    # @see .decode
+    def decode( str )
+        self.class.decode( str )
+    end
+    def to_rpc_data
+        h = super
+        if h['initialization_options']['expires']
+            h['initialization_options']['expires'] =
+                h['initialization_options']['expires'].to_s
+        end
+        h['data'] = h['data'].my_stringify_keys(false)
+        if h['data']['expires']
+            h['data']['expires'] = h['data']['expires'].to_s
+        end
+        h
+    end
+    class <<self
+        def type
+            :nested_cookie
+        end
+        def from_rpc_data( data )
+            if data['initialization_options']['expires']
+                data['initialization_options']['expires'] =
+                    Time.parse( data['initialization_options']['expires'] )
+            end
+            if data['data']['expires']
+                data['data']['expires'] = Time.parse( data['data']['expires'] )
+            end
+            data['data'] = data['data'].my_symbolize_keys(false)
+            super data
+        end
+        # Parses a Netscape Cookie-jar into an Array of {Cookie}.
+        #
+        # @param   [String]    url
+        #   {HTTP::Request} URL.
+        # @param   [String]    filepath
+        #   Netscape HTTP cookiejar file.
+        #
+        # @return   [Array<NestedCookie>]
+        #
+        # @see http://curl.haxx.se/rfc/cookie_spec.html
+        def from_file( url, filepath )
+            from_cookies( Cookie.from_file( url, filepath ) )
+        end
+        # Extracts cookies from an HTTP {Arachni::HTTP::Response response}.
+        #
+        # @param   [Arachni::HTTP::Response]    response
+        #
+        # @return   [Array<NestedCookie>]
+        #
+        # @see .from_parser
+        # @see .from_headers
+        def from_response( response )
+            from_parser( Arachni::Parser.new( response ) ) +
+                from_headers( response.url, response.headers )
+        end
+        # Extracts cookies from a document based on `Set-Cookie` `http-equiv`
+        # meta tags.
+        #
+        # @param    [Arachni::Parser]    parser
+        #
+        # @return   [Array<NestedCookie>]
+        #
+        # @see .parse_set_cookie
+        def from_parser( parser )
+            from_cookies( Cookie.from_parser( parser ) )
+        end
+        def in_html?( html )
+            html =~ /set-cookie.*&/i
+        end
+        # Extracts cookies from the `Set-Cookie` HTTP response header field.
+        #
+        # @param    [String]    url
+        #   {HTTP::Request} URL.
+        # @param    [Hash]      headers
+        #
+        # @return   [Array<NestedCookie>]
+        #
+        # @see .forms_set_cookie
+        def from_headers( url, headers )
+            from_cookies( Cookie.from_headers( url, headers ) )
+        end
+        # Parses the `Set-Cookie` header value into cookie elements.
+        #
+        # @param    [String]    url
+        #   {HTTP::Request} URL.
+        # @param    [Hash]      str
+        #   `Set-Cookie` string
+        #
+        # @return   [Array<NestedCookie>]
+        def from_set_cookie( url, str )
+            from_cookies( Cookie.from_set_cookie( url, str ) )
+        end
+        alias :parse_set_cookie :from_set_cookie
+        # Parses a string formatted for the `Cookie` HTTP request header field
+        # into cookie elements.
+        #
+        # @param    [String]    url
+        #   {HTTP::Request} URL.
+        # @param    [Hash]      string
+        #   `Cookie` string.
+        #
+        # @return   [Array<NestedCookie>]
+        def from_string( url, string )
+            from_cookies( Cookie.from_string( url, string ) )
+        end
+        def from_cookies( cookies )
+            [cookies].flatten.compact.map do |cookie|
+                next if !cookie.value.include?( '=' )
+                inputs = parse_inputs( cookie.value )
+                next if inputs.empty?
+                new({
+                    url:    cookie.url,
+                    action: cookie.action,
+                    method: cookie.method,
+                    inputs: inputs,
+                    source: cookie.source
+                }.merge( cookie.data ))
+            end.compact
+        end
+        def parse_inputs( value )
+            value.to_s.split( '&' ).inject( {} ) do |h, pair|
+                name, value = pair.split( '=', 2 )
+                h[decode( name.to_s )] = decode( value.to_s )
+                h
+            end
+        end
+        # Encodes a {String}'s reserved characters in order to prepare it for
+        # the `Cookie` header field.
+        #
+        # @param    [String]    str
+        #
+        # @return   [String]
+        def encode( str )
+            Cookie.encode( str )
+        end
+        # Decodes a {String} encoded for the `Cookie` header field.
+        #
+        # @param    [String]    str
+        #
+        # @return   [String]
+        def decode( str )
+            Cookie.decode( str )
+        end
+    end
+    private
+    def http_request( opts = {}, &block )
+        opts[:cookies] = opts.delete( :parameters )
+        self.method == :get ?
+            http.get( self.action, opts, &block ) :
+            http.post( self.action, opts, &block )
+    end
+end
+end
+Arachni::NestedCookie = Arachni::Element::NestedCookie

data/lib/arachni/element/path.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework