RubyGems - arachni - Versions diffs - 1.4 → 1.6.0 - Mend

arachni 1.4 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (748) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +195 -0
data/Gemfile +4 -4
data/LICENSE.md +1 -1
data/README.md +7 -3
data/Rakefile +1 -43
data/arachni.gemspec +35 -30
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +6 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +12 -0
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +6 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +6 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +20 -75
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +3 -3
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +3 -3
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/substrings/java +4 -0
data/components/checks/active/sql_injection/substrings/oracle +0 -1
data/components/checks/active/sql_injection/substrings/sqlite +1 -0
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection_differential.rb +3 -3
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +34 -11
data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +54 -29
data/components/checks/active/xss_dom.rb +15 -11
data/components/checks/active/xss_dom_script_context.rb +4 -6
data/components/checks/active/xss_event.rb +46 -34
data/components/checks/active/xss_path.rb +9 -6
data/components/checks/active/xss_script_context.rb +100 -47
data/components/checks/active/xss_tag.rb +41 -15
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +15 -3
data/components/checks/passive/backup_files.rb +39 -6
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_directories/directories.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +8 -9
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +3 -5
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +5 -5
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +4 -4
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
data/components/checks/passive/grep/x_frame_options.rb +4 -4
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +10 -12
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +3 -5
data/components/path_extractors/areas.rb +3 -4
data/components/path_extractors/comments.rb +4 -5
data/components/path_extractors/data_url.rb +4 -5
data/components/path_extractors/forms.rb +3 -4
data/components/path_extractors/frames.rb +3 -5
data/components/path_extractors/generic.rb +3 -1
data/components/path_extractors/links.rb +3 -4
data/components/path_extractors/meta_refresh.rb +11 -17
data/components/path_extractors/scripts.rb +18 -15
data/components/plugins/autologin.rb +3 -2
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +3 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +26 -9
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +3 -4
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +4 -5
data/components/plugins/login_script.rb +2 -2
data/components/plugins/metrics.rb +44 -18
data/components/plugins/page_dump.rb +60 -0
data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
data/components/plugins/proxy/template_scope.rb +6 -1
data/components/plugins/proxy.rb +44 -31
data/components/plugins/rate_limiter.rb +80 -0
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +3 -3
data/components/plugins/webhook_notify.rb +99 -0
data/components/reporters/ap.rb +1 -1
data/components/reporters/html/default/configuration.erb +2 -0
data/components/reporters/html/default.erb +3 -2
data/components/reporters/html.rb +5 -8
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +3 -2
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml/schema.xsd +29 -13
data/components/reporters/xml.rb +40 -23
data/components/reporters/yaml.rb +1 -1
data/config/write_paths.yml +4 -0
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser/element_locator.rb +9 -5
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +329 -72
data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +81 -25
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript.rb +111 -198
data/lib/arachni/browser.rb +309 -382
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/job.rb +9 -2
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +97 -87
data/lib/arachni/browser_cluster.rb +79 -62
data/lib/arachni/check/auditor.rb +161 -155
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/check.rb +1 -1
data/lib/arachni/component/base.rb +3 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/output.rb +8 -2
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +2 -2
data/lib/arachni/data/framework.rb +3 -2
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
data/lib/arachni/element/capabilities/analyzable/signature.rb +40 -18
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
data/lib/arachni/element/capabilities/auditable.rb +2 -8
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +3 -3
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +2 -2
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/cookie.rb +49 -24
data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/form.rb +21 -32
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/header.rb +3 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +4 -8
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link.rb +11 -30
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -2
data/lib/arachni/element/link_template.rb +10 -19
data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
data/lib/arachni/element/nested_cookie.rb +370 -0
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +11 -11
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_form.rb +5 -6
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +4 -6
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element/xml.rb +3 -7
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +6 -1
data/lib/arachni/framework/parts/browser.rb +14 -14
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +3 -3
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
data/lib/arachni/http/client.rb +38 -11
data/lib/arachni/http/cookie_jar.rb +13 -8
data/lib/arachni/http/headers.rb +11 -5
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/message.rb +10 -9
data/lib/arachni/http/proxy_server/connection.rb +110 -82
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +8 -6
data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
data/lib/arachni/http/proxy_server.rb +44 -11
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/request.rb +239 -41
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/http/response.rb +73 -10
data/lib/arachni/http.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue.rb +42 -14
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups/audit.rb +11 -2
data/lib/arachni/option_groups/browser_cluster.rb +32 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +39 -10
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +12 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +58 -4
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/options.rb +23 -4
data/lib/arachni/page/dom/transition.rb +5 -2
data/lib/arachni/page/dom.rb +46 -54
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/page.rb +10 -8
data/lib/arachni/parser/document.rb +34 -0
data/lib/arachni/parser/extractors/base.rb +48 -0
data/lib/arachni/parser/nodes/base.rb +22 -0
data/lib/arachni/parser/nodes/comment.rb +32 -0
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
data/lib/arachni/parser/nodes/element.rb +48 -0
data/lib/arachni/parser/nodes/text.rb +32 -0
data/lib/arachni/parser/nodes/with_value.rb +29 -0
data/lib/arachni/parser/sax.rb +76 -0
data/lib/arachni/parser/with_children/search.rb +92 -0
data/lib/arachni/parser/with_children.rb +35 -0
data/lib/arachni/parser.rb +181 -78
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/plugin/base.rb +2 -2
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +8 -5
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/base.rb +2 -1
data/lib/arachni/processes/executables/browser.rb +0 -2
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +18 -9
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/report.rb +8 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -10
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/rest/server/instance_helpers.rb +10 -1
data/lib/arachni/rest/server.rb +13 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +9 -5
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/element.rb +4 -4
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +59 -0
data/lib/arachni/session.rb +32 -13
data/lib/arachni/snapshot.rb +2 -2
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/http.rb +2 -2
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/database/base.rb +16 -10
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/profiler.rb +52 -13
data/lib/arachni/support/signature.rb +18 -6
data/lib/arachni/support.rb +1 -1
data/lib/arachni/trainer.rb +55 -39
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri/scope.rb +15 -13
data/lib/arachni/uri.rb +129 -103
data/lib/arachni/utilities.rb +10 -10
data/lib/arachni/version.rb +1 -1
data/lib/arachni.rb +1 -7
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -18
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +264 -109
data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +43 -118
data/spec/arachni/browser/javascript_spec.rb +95 -60
data/spec/arachni/browser_cluster/job_spec.rb +23 -8
data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
data/spec/arachni/browser_cluster/worker_spec.rb +29 -87
data/spec/arachni/browser_cluster_spec.rb +124 -43
data/spec/arachni/browser_spec.rb +463 -421
data/spec/arachni/check/auditor_spec.rb +162 -198
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
data/spec/arachni/element/cookie/dom_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +159 -64
data/spec/arachni/element/form/dom_spec.rb +1 -1
data/spec/arachni/element/form_spec.rb +101 -54
data/spec/arachni/element/header_spec.rb +3 -1
data/spec/arachni/element/json_spec.rb +2 -0
data/spec/arachni/element/link/dom_spec.rb +2 -2
data/spec/arachni/element/link_spec.rb +46 -15
data/spec/arachni/element/link_template/dom_spec.rb +1 -1
data/spec/arachni/element/link_template_spec.rb +36 -12
data/spec/arachni/element/nested_cookie_spec.rb +687 -0
data/spec/arachni/element/server_spec.rb +22 -5
data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
data/spec/arachni/element/ui_form_spec.rb +2 -2
data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
data/spec/arachni/element/ui_input_spec.rb +1 -1
data/spec/arachni/element/xml_spec.rb +5 -3
data/spec/arachni/framework/parts/audit_spec.rb +2 -14
data/spec/arachni/framework/parts/data_spec.rb +0 -6
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
data/spec/arachni/http/client_spec.rb +96 -36
data/spec/arachni/http/cookie_jar_spec.rb +2 -2
data/spec/arachni/http/headers_spec.rb +59 -12
data/spec/arachni/http/proxy_server_spec.rb +58 -25
data/spec/arachni/http/request_spec.rb +382 -35
data/spec/arachni/http/response_spec.rb +135 -7
data/spec/arachni/issue_spec.rb +21 -2
data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
data/spec/arachni/option_groups/http_spec.rb +21 -6
data/spec/arachni/option_groups/paths_spec.rb +23 -1
data/spec/arachni/option_groups/scope_spec.rb +27 -7
data/spec/arachni/options_spec.rb +8 -1
data/spec/arachni/page/dom_spec.rb +20 -6
data/spec/arachni/page_spec.rb +8 -7
data/spec/arachni/parser/document_spec.rb +49 -0
data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
data/spec/arachni/parser/nodes/element_spec.rb +18 -0
data/spec/arachni/parser/nodes/text_spec.rb +24 -0
data/spec/arachni/parser/sax_spec.rb +88 -0
data/spec/arachni/parser/with_children/search_spec.rb +146 -0
data/spec/arachni/parser/with_children_spec.rb +37 -0
data/spec/arachni/parser_spec.rb +211 -27
data/spec/arachni/platform/list_spec.rb +1 -2
data/spec/arachni/report_spec.rb +9 -2
data/spec/arachni/reporter/options_spec.rb +0 -14
data/spec/arachni/rest/server_spec.rb +91 -8
data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
data/spec/arachni/ruby/string_spec.rb +6 -0
data/spec/arachni/session_spec.rb +69 -8
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +58 -0
data/spec/arachni/trainer_spec.rb +102 -21
data/spec/arachni/uri_spec.rb +11 -8
data/spec/arachni/utilities_spec.rb +3 -3
data/spec/components/checks/active/code_injection_spec.rb +12 -7
data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/csrf_spec.rb +1 -21
data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/path_traversal_spec.rb +18 -15
data/spec/components/checks/active/response_splitting_spec.rb +5 -4
data/spec/components/checks/active/rfi_spec.rb +9 -8
data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +61 -35
data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
data/spec/components/checks/active/xss_dom_script_context_spec.rb +6 -10
data/spec/components/checks/active/xss_dom_spec.rb +2 -2
data/spec/components/checks/active/xss_event_spec.rb +11 -3
data/spec/components/checks/active/xss_script_context_spec.rb +8 -7
data/spec/components/checks/active/xss_spec.rb +7 -6
data/spec/components/checks/active/xss_tag_spec.rb +11 -3
data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
data/spec/components/checks/passive/backup_files_spec.rb +4 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
data/spec/components/path_extractors/comments_spec.rb +3 -1
data/spec/components/path_extractors/data_url_spec.rb +6 -2
data/spec/components/path_extractors/links_spec.rb +1 -1
data/spec/components/plugins/autologin_spec.rb +2 -2
data/spec/components/plugins/webhook_notify_spec.rb +69 -0
data/spec/spec_helper.rb +2 -1
data/spec/support/factories/http/response.rb +1 -1
data/spec/support/factories/issue.rb +1 -2
data/spec/support/factories/page/dom.rb +6 -0
data/spec/support/factories/scan_report.rb +1 -0
data/spec/support/factories/vector.rb +7 -3
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +4 -4
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +2 -2
data/spec/support/fixtures/executables/node.rb +2 -3
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/nested_cookies.txt +11 -0
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +4 -2
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
data/spec/support/servers/arachni/browser.rb +275 -4
data/spec/support/servers/arachni/check/auditor.rb +9 -0
data/spec/support/servers/arachni/element/cookie.rb +34 -0
data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
data/spec/support/servers/arachni/element/form.rb +36 -2
data/spec/support/servers/arachni/element/header.rb +36 -1
data/spec/support/servers/arachni/element/json.rb +33 -0
data/spec/support/servers/arachni/element/link.rb +33 -1
data/spec/support/servers/arachni/element/link_template.rb +37 -5
data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
data/spec/support/servers/arachni/element/xml.rb +33 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
data/spec/support/servers/arachni/http/client.rb +43 -4
data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
data/spec/support/servers/arachni/parser.rb +6 -0
data/spec/support/servers/arachni/session.rb +24 -1
data/spec/support/servers/checks/active/code_injection.rb +18 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
data/spec/support/servers/checks/active/csrf.rb +0 -76
data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
data/spec/support/servers/checks/active/path_traversal.rb +30 -3
data/spec/support/servers/checks/active/response_splitting.rb +30 -1
data/spec/support/servers/checks/active/rfi.rb +30 -2
data/spec/support/servers/checks/active/session_fixation.rb +1 -3
data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
data/spec/support/servers/checks/active/sql_injection/java +2 -0
data/spec/support/servers/checks/active/sql_injection.rb +27 -0
data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
data/spec/support/servers/checks/active/unvalidated_redirect.rb +121 -1
data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
data/spec/support/servers/checks/active/xss.rb +40 -0
data/spec/support/servers/checks/active/xss_event.rb +23 -2
data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
data/spec/support/servers/checks/active/xss_tag.rb +40 -0
data/spec/support/servers/checks/passive/backup_files.rb +20 -1
data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
data/spec/support/servers/plugins/autologin.rb +17 -1
data/spec/support/servers/plugins/webhook_notify.rb +9 -0
data/spec/support/shared/check.rb +1 -0
data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
data/spec/support/shared/element/capabilities/auditable.rb +28 -34
data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
data/spec/support/shared/element/capabilities/with_node.rb +2 -2
data/spec/support/shared/element/dom/submittable.rb +10 -10
data/spec/support/shared/path_extractor.rb +17 -5
data/ui/cli/framework/option_parser.rb +78 -13
data/ui/cli/framework.rb +29 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +10 -3
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reproduce/option_parser.rb +90 -0
data/ui/cli/reproduce.rb +228 -0
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
data/ui/cli/rpc/client/instance.rb +7 -4
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +178 -79
data/ACKNOWLEDGMENTS.md +0 -21
data/AUTHORS.md +0 -3
data/CONTRIBUTORS.md +0 -22

data/components/checks/active/csrf.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -24,8 +24,8 @@
 #   * Extract forms.
 # * Check forms that appear *only* when logged-in for CSRF.
 #
-# In order for the check to give meaningful results, a valid cookie-jar of a logged-in
-# user must be supplied to the framework.
+# In order for the check to give meaningful results, a valid session of a
+# logged-in user must be supplied to the framework.
 #
 # However, as Arachni goes through the system it will gather
 # cookies just like a user would, so if there are forms that only appear
@@ -40,6 +40,11 @@
 class Arachni::Checks::CSRF < Arachni::Check::Base
     def run
+        # TODO:
+        #   Check forms that were created dynamically via JS.
+        #   Maybe add a csrf_dom check?
+        return if page.dom.transitions.any?
         print_status 'Looking for CSRF candidates...'
         print_status 'Simulating logged-out user.'
@@ -50,86 +55,26 @@ class Arachni::Checks::CSRF < Arachni::Check::Base
             print_status "Found #{logged_out.size} context irrelevant forms."
-            # get forms that are worthy of testing for CSRF i.e. appear only when the user is logged-in
+            # get forms that are worthy of testing for CSRF i.e. appear only
+            # when the user is logged-in
             candidates = page.forms - logged_out
             print_status "Found #{candidates.size} CSRF candidates."
-            candidates.each { |form| _log( form ) if unsafe?( form ) }
-        end
-    end
-    # Tries to detect if a form is protected using an anti-CSRF token.
-    #
-    # @param    [Arachni::Element::Form]  form
-    #
-    # @return   [Bool]
-    #   `true` if the form has no anti-CSRF token, `false` otherwise
-    def unsafe?( form )
-        # If a form has a nonce then we're cool, bail out early
-        return false if form.has_nonce?
-        # If the form has no source then it was dynamically provided by some
-        # component, so skip them.
-        return false if !form.source
-        #
-        # Nobody says that tokens must be in a +value+ attribute, they can
-        # just as well be in +name+ -- so we check them both...
-        #
-        found_token = (form.inputs || []).map do |k, v|
-            csrf_token?( v ) || csrf_token?( k )
-        end.include?( true )
-        return false if found_token
-        link_vars = uri_parse_query( form.action )
-        if link_vars.any?
-            # and we also need to check for a token in the form action.
-            found_token = link_vars.to_a.flatten.
-                map { |val| csrf_token?( val ) }.include?( true )
-        end
-        !found_token
-    end
-    # Checks if the str is an anti-CSRF token of base10/16/32/64.
-    #
-    # @param  [String]  str
-    def csrf_token?( str )
-        return false if !str
-        return true if str.to_s.include?( 'csrf' )
-        # we could use regexps but i kinda like lcamtuf's (Michal's) way
-        base16_len_min    = 8
-        base16_digit_num  = 2
+            candidates.each do |form|
+                # If the form has no source then it was dynamically provided by
+                # some component, so skip it.
+                next if !form.source
-        base64_len_min    = 6
-        base64_digit_num  = 1
-        base64_case       = 2
-        base64_digit_num2 = 3
-        base64_slash_cnt  = 2
+                # If a form has a nonce then we're cool.
+                next if form.has_nonce?
-        len = str.size
-        digit_cnt = str.scan( /[0-9]+/ ).join.size
-        if len >= base16_len_min && digit_cnt >= base16_digit_num
-            return true
+                log_form( form )
+            end
         end
-        upper_cnt = str.scan( /[A-Z]+/ ).join.size
-        slash_cnt = str.scan( /\/+/ ).join.size
-        if len >= base64_len_min && slash_cnt <= base64_slash_cnt &&
-            ((digit_cnt >= base64_digit_num && upper_cnt >= base64_case ) ||
-                digit_cnt >= base64_digit_num2)
-            return true
-        end
-        false
     end
-    def _log( form )
+    def log_form( form )
         url  = form.action
         name = form.name_or_id
@@ -155,7 +100,7 @@ checks them for lack of anti-CSRF tokens.
 },
             elements:    [ Element::Form ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
-            version:     '0.3.5',
+            version:     '0.4.1',
             issue:       {
                 name:            %q{Cross-Site Request Forgery},

data/components/checks/active/file_inclusion.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/ldap_injection.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/no_sql_injection.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/no_sql_injection_differential.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -37,9 +37,9 @@ It uses differential analysis to determine how different inputs affect the behav
 of the web application and checks if the displayed behavior is consistent with
 that of a vulnerable application.
 },
-            elements:    [ Element::Link, Element::Form, Element::Cookie ],
+            elements:    [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.2',
+            version:     '0.1.3',
             platforms:   [ :nosql ],
             issue:       {

data/components/checks/active/os_cmd_injection.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/os_cmd_injection_timing.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/path_traversal.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -16,7 +16,7 @@
 class Arachni::Checks::PathTraversal < Arachni::Check::Base
     MINIMUM_TRAVERSALS = 0
-    MAXIMUM_TRAVERSALS = 6
+    MAXIMUM_TRAVERSALS = 8
     def self.options
         @options ||= {
@@ -98,7 +98,7 @@ of relevant content in the HTML responses.
 },
             elements:    ELEMENTS_WITH_INPUTS,
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
-            version:     '0.4.7',
+            version:     '0.4.8',
             platforms:   payloads.keys,
             issue:       {

data/components/checks/active/response_splitting.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/rfi.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/session_fixation.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/source_code_disclosure.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/sql_injection/regexps/hsqldb.yaml ADDED Viewed

	@@ -0,0 +1 @@
1	+ Unexpected token: Unexpected token.*in statement \[

data/components/checks/active/sql_injection/substrings/hsqldb CHANGED Viewed

	@@ -1 +1,2 @@
1 1	org.hsqldb.jdbc
2	+ Unexpected end of command in statement [

data/components/checks/active/sql_injection/substrings/java ADDED Viewed

@@ -0,0 +1,4 @@
+org.hibernate.QueryException: unexpected char:
+org.hibernate.QueryException: expecting '
+java.sql.SQLSyntaxErrorException
+java.sql.SQLException

data/components/checks/active/sql_injection/substrings/oracle CHANGED Viewed

	@@ -1,2 +1 @@
1	- java.sql.SQLException
2 1	Oracle error

data/components/checks/active/sql_injection/substrings/sqlite CHANGED Viewed

@@ -1,3 +1,4 @@
 SQLite/JDBCDriver
 SQLite.Exception
 System.Data.SQLite.SQLiteException
+SQLITE_ERROR

data/components/checks/active/sql_injection.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/sql_injection_differential.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -55,9 +55,9 @@ It uses differential analysis to determine how different inputs affect behavior
 of the web application and checks if the displayed behavior is consistent with
 that of a vulnerable application.
 },
-            elements:    [ Element::Link, Element::Form, Element::Cookie ],
+            elements:    [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.4.4',
+            version:     '0.4.5',
             platforms:   [ :sql ],
             issue:       {

data/components/checks/active/sql_injection_timing.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/trainer.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/unvalidated_redirect.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -29,7 +29,7 @@ class Arachni::Checks::UnvalidatedRedirect < Arachni::Check::Base
         (@set_payloads ||= Set.new( payloads )).include? Arachni::URI( url ).to_s
     end
     def payload?( url )
-        self.class.payload? url
+        self.class.payload? url.to_s.split( '?' ).first
     end
     def self.options
@@ -37,7 +37,24 @@ class Arachni::Checks::UnvalidatedRedirect < Arachni::Check::Base
             format: [ Format::STRAIGHT ],
             submit: {
                 follow_location: false
-            }
+            },
+            # Add one more mutation (on the fly) which will include the original
+            # value.
+            each_mutation: proc do |mutation|
+                next if !mutation.affected_input_value
+                m = mutation.dup
+                # Figure out the extension of the default value, if it has one.
+                original_value = m.default_inputs[m.affected_input_name]
+                # Null-terminate the injected value and append the ext.
+                m.affected_input_value += "/?#{original_value}"
+                # Pass our new mutation back to be audited.
+                m
+            end
         }
     end
@@ -58,16 +75,22 @@ class Arachni::Checks::UnvalidatedRedirect < Arachni::Check::Base
             # a JS redirect.
             next if !response.body.include?( element.seed )
-            with_browser do |browser|
-                browser.load( response )
-                if payload? browser.url
-                    log vector: element, response: response
-                end
-            end
+            with_browser( element, response, page, self.class.check_browser_result_cb )
         end
     end
+    def self.check_browser_result( browser, element, response, referring_page )
+        browser.load( response )
+        return if !payload? browser.url
+        log vector: element, response: response, referring_page: referring_page
+    end
+    def self.check_browser_result_cb
+        @check_browser_result_cb ||= method(:check_browser_result)
+    end
     def self.info
         {
             name:        'Unvalidated redirect',
@@ -77,7 +100,7 @@ URL to determine whether the attack was successful.
 },
             elements:    ELEMENTS_WITH_INPUTS - [Element::LinkTemplate],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.2.4',
+            version:     '0.2.5',
             issue:       {
                 name:            %q{Unvalidated redirect},

data/components/checks/active/unvalidated_redirect_dom.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -39,11 +39,11 @@ class Arachni::Checks::UnvalidatedRedirectDOM < Arachni::Check::Base
     def run
         each_candidate_dom_element do |element|
-            element.audit( self.class.payloads, self.class.options, &method(:check_and_log) )
+            element.audit( self.class.payloads, self.class.options )
         end
     end
-    def check_and_log( page, element )
+    def self.check_and_log( page, element )
         return if !payload? page.url
         log vector: element, page: page
     end
@@ -59,7 +59,7 @@ Injects URLs and checks the browser URL to determine whether the attack was succ
                 Element::UIInput::DOM
             ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.2',
+            version:     '0.1.3',
             issue:       {
                 name:            %q{Unvalidated DOM redirect},

data/components/checks/active/xpath_injection.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/components/checks/active/xss.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -13,7 +13,6 @@
 # {BrowserCluster} for evaluation and {#trace_taint taint-tracing}.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.4.4
 #
 # @see http://cwe.mitre.org/data/definitions/79.html
 # @see http://ha.ckers.org/xss.html
@@ -21,7 +20,7 @@
 class Arachni::Checks::Xss < Arachni::Check::Base
     def self.tag_name
-        "some_dangerous_input_#{random_seed}"
+        "#{shortname}_#{random_seed}"
     end
     def self.tag
@@ -43,7 +42,7 @@ class Arachni::Checks::Xss < Arachni::Check::Base
     def self.options
         @options ||= {
-            format: [Format::APPEND],
+            format: [Format::APPEND]
         }
     end
@@ -56,14 +55,16 @@ class Arachni::Checks::Xss < Arachni::Check::Base
     def run
         audit( self.class.strings, self.class.options ) do |response, element|
+            next if !response.html?
             # If there's no vuln responses will usually be identical, so bail
             # out early.
             # If responses aren't identical due to noise, well, we're not losing
             # much.
-            next if optimization_cache[response.body.hash] == :checked
+            k = "#{response.url.hash}-#{response.body.hash}".hash
+            next if optimization_cache[k] == :checked
-            optimization_cache[response.body.hash] =
-                check_and_log( response, element )
+            optimization_cache[k] = check_and_log( response, element )
         end
     end
@@ -77,7 +78,7 @@ class Arachni::Checks::Xss < Arachni::Check::Base
         end
         # See if we managed to successfully inject our element in the doc tree.
-        if find_proof( response )
+        if self.class.find_proof( response )
             log vector: element, proof: self.class.tag, response: response
             return :checked
         end
@@ -85,41 +86,65 @@ class Arachni::Checks::Xss < Arachni::Check::Base
         # No idea what was returned, but we can't work with it.
         return :checked if !response.to_page.has_script?
-        with_browser_cluster do
+        with_browser_cluster do |cluster|
             print_info 'Progressing to deferred browser evaluation of response.'
             # Pass the response to the BrowserCluster for evaluation and see if the
             # element appears in the doc tree now.
-            trace_taint( response, taint: self.class.tag ) do |page|
-                # At this point further checks will be body based, identical
-                # bodies will yield identical results.
-                next if optimization_cache["traced-#{page.body.hash}".hash] == :traced
-                optimization_cache["traced-#{page.body.hash}".hash] = :traced
+            cluster.trace_taint(
+                response,
+                {
+                    taint: self.class.tag,
+                    args:  [element, page]
+                },
+                self.class.check_browser_result_cb
+            )
+        end
+    end
-                print_info 'Checking results of deferred taint analysis.'
+    def self.check_browser_result( result, element, referring_page, cluster )
+        page = result.page
-                next if !(proof = find_proof( page ))
+        # At this point further checks will be body based, identical
+        # bodies will yield identical results.
+        key = "traced-#{page.body.hash}".hash
+        return if optimization_cache[key] == :traced
+        optimization_cache[key] = :traced
-                log vector: element, proof: proof, page: page
-            end
-        end
+        print_info 'Checking results of deferred taint analysis.'
+        return if !(proof = find_proof( page ))
+        log(
+            vector:         element,
+            proof:          proof,
+            page:           page,
+            referring_page: referring_page
+        )
     end
-    def find_proof( resource )
-        return if !resource.body.has_html_tag?( self.class.tag_name )
+    def self.check_browser_result_cb
+        @check_browser_result_cb ||= method(:check_browser_result)
+    end
+    def self.find_proof( resource )
+        return if !resource.body.has_html_tag?( self.tag_name )
+        proof_nodes = Arachni::Parser.parse(
+            resource.body,
+            whitelist:     [self.tag_name, 'textarea'],
+            stop_on_first: [self.tag_name]
+        ).nodes_by_name( self.tag_name )
-        proof_nodes = Arachni::Parser.parse( resource.body ).css( self.class.tag_name )
         return if proof_nodes.empty?
-        proof = nil
-        proof_nodes.each do |e|
-            next if e.parent.name =='textarea'
-            proof = e.to_s
+        proof = proof_nodes.find do |e|
+            e.parent.name != :textarea
         end
         return if !proof
-        proof
+        proof.to_html
     end
     def self.info
@@ -130,9 +155,9 @@ Injects an HTML element into page inputs and then parses the HTML markup of
 tainted responses to look for proof of vulnerability.
 },
             elements:    [Element::Form, Element::Link, Element::Cookie,
-                          Element::Header, Element::LinkTemplate],
+                 Element::NestedCookie, Element::Header, Element::LinkTemplate],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
-            version:     '0.4.6',
+            version:     '0.4.10',
             issue:       {
                 name:            %q{Cross-Site Scripting (XSS)},