arachni 1.5.1 → 1.6.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (648) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +56 -0
  3. data/Gemfile +2 -4
  4. data/LICENSE.md +1 -1
  5. data/README.md +116 -110
  6. data/Rakefile +1 -1
  7. data/arachni.gemspec +26 -26
  8. data/bin/arachni +1 -1
  9. data/bin/arachni_console +1 -1
  10. data/bin/arachni_multi +1 -1
  11. data/bin/arachni_reporter +1 -1
  12. data/bin/arachni_reproduce +1 -1
  13. data/bin/arachni_rest_server +1 -1
  14. data/bin/arachni_restore +1 -1
  15. data/bin/arachni_rpc +1 -1
  16. data/bin/arachni_rpcd +1 -1
  17. data/bin/arachni_rpcd_monitor +1 -1
  18. data/bin/arachni_script +1 -1
  19. data/components/checks/active/code_injection.rb +1 -1
  20. data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
  21. data/components/checks/active/code_injection_timing.rb +1 -1
  22. data/components/checks/active/csrf.rb +7 -2
  23. data/components/checks/active/file_inclusion.rb +1 -1
  24. data/components/checks/active/ldap_injection.rb +1 -1
  25. data/components/checks/active/no_sql_injection.rb +1 -1
  26. data/components/checks/active/no_sql_injection_differential.rb +3 -3
  27. data/components/checks/active/os_cmd_injection.rb +1 -1
  28. data/components/checks/active/os_cmd_injection_timing.rb +1 -1
  29. data/components/checks/active/path_traversal.rb +1 -1
  30. data/components/checks/active/response_splitting.rb +1 -1
  31. data/components/checks/active/rfi.rb +1 -1
  32. data/components/checks/active/session_fixation.rb +1 -1
  33. data/components/checks/active/source_code_disclosure.rb +1 -1
  34. data/components/checks/active/sql_injection.rb +1 -1
  35. data/components/checks/active/sql_injection_differential.rb +3 -3
  36. data/components/checks/active/sql_injection_timing.rb +1 -1
  37. data/components/checks/active/trainer.rb +1 -1
  38. data/components/checks/active/unvalidated_redirect.rb +1 -1
  39. data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
  40. data/components/checks/active/xpath_injection.rb +1 -1
  41. data/components/checks/active/xss.rb +4 -4
  42. data/components/checks/active/xss_dom.rb +1 -1
  43. data/components/checks/active/xss_dom_script_context.rb +1 -1
  44. data/components/checks/active/xss_event.rb +3 -3
  45. data/components/checks/active/xss_path.rb +1 -1
  46. data/components/checks/active/xss_script_context.rb +3 -3
  47. data/components/checks/active/xss_tag.rb +4 -3
  48. data/components/checks/active/xxe.rb +1 -1
  49. data/components/checks/passive/allowed_methods.rb +1 -1
  50. data/components/checks/passive/backdoors.rb +1 -1
  51. data/components/checks/passive/backup_directories.rb +1 -1
  52. data/components/checks/passive/backup_files.rb +2 -2
  53. data/components/checks/passive/common_admin_interfaces.rb +1 -1
  54. data/components/checks/passive/common_directories/directories.txt +1 -0
  55. data/components/checks/passive/common_directories.rb +1 -1
  56. data/components/checks/passive/common_files.rb +1 -1
  57. data/components/checks/passive/directory_listing.rb +1 -1
  58. data/components/checks/passive/grep/captcha.rb +1 -1
  59. data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
  60. data/components/checks/passive/grep/credit_card.rb +1 -1
  61. data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
  62. data/components/checks/passive/grep/emails.rb +1 -1
  63. data/components/checks/passive/grep/form_upload.rb +1 -1
  64. data/components/checks/passive/grep/hsts.rb +1 -1
  65. data/components/checks/passive/grep/html_objects.rb +1 -1
  66. data/components/checks/passive/grep/http_only_cookies.rb +1 -1
  67. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  68. data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
  69. data/components/checks/passive/grep/mixed_resource.rb +1 -1
  70. data/components/checks/passive/grep/password_autocomplete.rb +1 -1
  71. data/components/checks/passive/grep/private_ip.rb +1 -1
  72. data/components/checks/passive/grep/ssn.rb +1 -1
  73. data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
  74. data/components/checks/passive/grep/x_frame_options.rb +4 -4
  75. data/components/checks/passive/htaccess_limit.rb +1 -1
  76. data/components/checks/passive/http_put.rb +1 -1
  77. data/components/checks/passive/insecure_client_access_policy.rb +1 -1
  78. data/components/checks/passive/insecure_cross_domain_policy_access.rb +1 -1
  79. data/components/checks/passive/insecure_cross_domain_policy_headers.rb +1 -1
  80. data/components/checks/passive/interesting_responses.rb +1 -1
  81. data/components/checks/passive/localstart_asp.rb +1 -1
  82. data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
  83. data/components/checks/passive/webdav.rb +1 -1
  84. data/components/checks/passive/xst.rb +1 -1
  85. data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
  86. data/components/fingerprinters/frameworks/cakephp.rb +1 -1
  87. data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
  88. data/components/fingerprinters/frameworks/django.rb +1 -1
  89. data/components/fingerprinters/frameworks/jsf.rb +1 -1
  90. data/components/fingerprinters/frameworks/nette.rb +1 -1
  91. data/components/fingerprinters/frameworks/rack.rb +1 -1
  92. data/components/fingerprinters/frameworks/rails.rb +1 -1
  93. data/components/fingerprinters/frameworks/symfony.rb +1 -1
  94. data/components/fingerprinters/languages/asp.rb +1 -1
  95. data/components/fingerprinters/languages/aspx.rb +1 -1
  96. data/components/fingerprinters/languages/java.rb +1 -1
  97. data/components/fingerprinters/languages/php.rb +1 -1
  98. data/components/fingerprinters/languages/python.rb +1 -1
  99. data/components/fingerprinters/languages/ruby.rb +1 -1
  100. data/components/fingerprinters/os/bsd.rb +1 -1
  101. data/components/fingerprinters/os/linux.rb +1 -1
  102. data/components/fingerprinters/os/solaris.rb +1 -1
  103. data/components/fingerprinters/os/unix.rb +1 -1
  104. data/components/fingerprinters/os/windows.rb +1 -1
  105. data/components/fingerprinters/servers/apache.rb +1 -1
  106. data/components/fingerprinters/servers/gunicorn.rb +1 -1
  107. data/components/fingerprinters/servers/iis.rb +1 -1
  108. data/components/fingerprinters/servers/jetty.rb +1 -1
  109. data/components/fingerprinters/servers/nginx.rb +1 -1
  110. data/components/fingerprinters/servers/tomcat.rb +1 -1
  111. data/components/path_extractors/anchors.rb +1 -1
  112. data/components/path_extractors/areas.rb +1 -1
  113. data/components/path_extractors/comments.rb +1 -1
  114. data/components/path_extractors/data_url.rb +1 -1
  115. data/components/path_extractors/forms.rb +1 -1
  116. data/components/path_extractors/frames.rb +1 -1
  117. data/components/path_extractors/generic.rb +1 -1
  118. data/components/path_extractors/links.rb +1 -1
  119. data/components/path_extractors/meta_refresh.rb +1 -1
  120. data/components/path_extractors/scripts.rb +1 -1
  121. data/components/plugins/autologin.rb +1 -1
  122. data/components/plugins/beep_notify.rb +1 -1
  123. data/components/plugins/content_types.rb +1 -1
  124. data/components/plugins/cookie_collector.rb +1 -1
  125. data/components/plugins/debug/browser_cluster_job_monitor.rb +1 -1
  126. data/components/plugins/defaults/autothrottle.rb +1 -1
  127. data/components/plugins/defaults/healthmap.rb +2 -2
  128. data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
  129. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
  130. data/components/plugins/defaults/meta/uniformity.rb +1 -1
  131. data/components/plugins/email_notify.rb +1 -1
  132. data/components/plugins/exec.rb +3 -3
  133. data/components/plugins/form_dicattack.rb +1 -1
  134. data/components/plugins/headers_collector.rb +1 -1
  135. data/components/plugins/http_dicattack.rb +1 -1
  136. data/components/plugins/login_script.rb +1 -1
  137. data/components/plugins/metrics.rb +1 -1
  138. data/components/plugins/page_dump.rb +1 -1
  139. data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
  140. data/components/plugins/proxy/template_scope.rb +1 -1
  141. data/components/plugins/proxy.rb +3 -2
  142. data/components/plugins/rate_limiter.rb +1 -1
  143. data/components/plugins/restrict_to_dom_state.rb +1 -1
  144. data/components/plugins/script.rb +1 -1
  145. data/components/plugins/uncommon_headers.rb +1 -1
  146. data/components/plugins/vector_collector.rb +1 -1
  147. data/components/plugins/vector_feed.rb +1 -1
  148. data/components/plugins/waf_detector.rb +1 -1
  149. data/components/plugins/webhook_notify.rb +1 -1
  150. data/components/reporters/ap.rb +1 -1
  151. data/components/reporters/html/default/css/main.css +4 -0
  152. data/components/reporters/html/default.erb +9 -1
  153. data/components/reporters/html.rb +4 -6
  154. data/components/reporters/json.rb +1 -1
  155. data/components/reporters/marshal.rb +1 -1
  156. data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
  157. data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
  158. data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
  159. data/components/reporters/plugin_formatters/html/exec.rb +1 -1
  160. data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
  161. data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
  162. data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
  163. data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
  164. data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
  165. data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
  166. data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
  167. data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
  168. data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
  169. data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
  170. data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
  171. data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
  172. data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
  173. data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
  174. data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
  175. data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
  176. data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
  177. data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
  178. data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
  179. data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
  180. data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
  181. data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
  182. data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
  183. data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
  184. data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
  185. data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
  186. data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
  187. data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
  188. data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
  189. data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
  190. data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
  191. data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
  192. data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
  193. data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
  194. data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
  195. data/components/reporters/stdout.rb +6 -1
  196. data/components/reporters/txt.rb +1 -1
  197. data/components/reporters/xml/schema.xsd +1 -0
  198. data/components/reporters/xml.rb +3 -3
  199. data/components/reporters/yaml.rb +1 -1
  200. data/lib/arachni/banner.rb +1 -1
  201. data/lib/arachni/browser/element_locator.rb +1 -1
  202. data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
  203. data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
  204. data/lib/arachni/browser/javascript/proxy.rb +1 -1
  205. data/lib/arachni/browser/javascript/scripts/dom_monitor.js +39 -11
  206. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +41 -30
  207. data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
  208. data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
  209. data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
  210. data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
  211. data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
  212. data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
  213. data/lib/arachni/browser/javascript.rb +14 -29
  214. data/lib/arachni/browser.rb +133 -216
  215. data/lib/arachni/browser_cluster/job/result.rb +1 -1
  216. data/lib/arachni/browser_cluster/job.rb +1 -1
  217. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
  218. data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
  219. data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
  220. data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
  221. data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +1 -1
  222. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
  223. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  224. data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
  225. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
  226. data/lib/arachni/browser_cluster/worker.rb +11 -26
  227. data/lib/arachni/browser_cluster.rb +2 -3
  228. data/lib/arachni/check/auditor.rb +10 -5
  229. data/lib/arachni/check/base.rb +1 -1
  230. data/lib/arachni/check/manager.rb +1 -1
  231. data/lib/arachni/check.rb +1 -1
  232. data/lib/arachni/component/base.rb +1 -1
  233. data/lib/arachni/component/manager.rb +1 -1
  234. data/lib/arachni/component/options/address.rb +1 -1
  235. data/lib/arachni/component/options/base.rb +1 -1
  236. data/lib/arachni/component/options/bool.rb +1 -1
  237. data/lib/arachni/component/options/float.rb +1 -1
  238. data/lib/arachni/component/options/int.rb +1 -1
  239. data/lib/arachni/component/options/multiple_choice.rb +1 -1
  240. data/lib/arachni/component/options/object.rb +1 -1
  241. data/lib/arachni/component/options/path.rb +1 -1
  242. data/lib/arachni/component/options/port.rb +1 -1
  243. data/lib/arachni/component/options/string.rb +1 -1
  244. data/lib/arachni/component/options/url.rb +1 -1
  245. data/lib/arachni/component/options.rb +1 -1
  246. data/lib/arachni/component/output.rb +1 -1
  247. data/lib/arachni/component/utilities.rb +1 -1
  248. data/lib/arachni/component.rb +1 -1
  249. data/lib/arachni/data/framework/rpc.rb +2 -2
  250. data/lib/arachni/data/framework.rb +2 -2
  251. data/lib/arachni/data/issues.rb +1 -1
  252. data/lib/arachni/data/plugins.rb +1 -1
  253. data/lib/arachni/data/session.rb +1 -1
  254. data/lib/arachni/data.rb +1 -1
  255. data/lib/arachni/element/base.rb +1 -1
  256. data/lib/arachni/element/body.rb +1 -1
  257. data/lib/arachni/element/capabilities/analyzable/differential.rb +1 -1
  258. data/lib/arachni/element/capabilities/analyzable/signature.rb +1 -1
  259. data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
  260. data/lib/arachni/element/capabilities/analyzable.rb +1 -1
  261. data/lib/arachni/element/capabilities/auditable/buffered.rb +1 -1
  262. data/lib/arachni/element/capabilities/auditable/line_buffered.rb +1 -1
  263. data/lib/arachni/element/capabilities/auditable.rb +1 -1
  264. data/lib/arachni/element/capabilities/dom_only.rb +1 -1
  265. data/lib/arachni/element/capabilities/inputtable.rb +1 -1
  266. data/lib/arachni/element/capabilities/mutable.rb +1 -1
  267. data/lib/arachni/element/capabilities/refreshable.rb +1 -1
  268. data/lib/arachni/element/capabilities/submittable.rb +1 -1
  269. data/lib/arachni/element/capabilities/with_auditor/output.rb +1 -1
  270. data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
  271. data/lib/arachni/element/capabilities/with_dom.rb +1 -1
  272. data/lib/arachni/element/capabilities/with_node.rb +1 -1
  273. data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
  274. data/lib/arachni/element/capabilities/with_scope.rb +1 -1
  275. data/lib/arachni/element/capabilities/with_source.rb +1 -1
  276. data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
  277. data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
  278. data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
  279. data/lib/arachni/element/cookie/dom.rb +1 -1
  280. data/lib/arachni/element/cookie.rb +1 -1
  281. data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
  282. data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
  283. data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
  284. data/lib/arachni/element/dom/capabilities/mutable.rb +1 -1
  285. data/lib/arachni/element/dom/capabilities/submittable.rb +1 -1
  286. data/lib/arachni/element/dom.rb +1 -1
  287. data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
  288. data/lib/arachni/element/form/capabilities/mutable.rb +1 -1
  289. data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
  290. data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
  291. data/lib/arachni/element/form/dom.rb +1 -1
  292. data/lib/arachni/element/form.rb +1 -1
  293. data/lib/arachni/element/generic_dom.rb +1 -1
  294. data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
  295. data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
  296. data/lib/arachni/element/header.rb +1 -1
  297. data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
  298. data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
  299. data/lib/arachni/element/json.rb +1 -1
  300. data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
  301. data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
  302. data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
  303. data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
  304. data/lib/arachni/element/link/dom.rb +1 -1
  305. data/lib/arachni/element/link.rb +1 -1
  306. data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
  307. data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
  308. data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
  309. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
  310. data/lib/arachni/element/link_template/dom.rb +1 -1
  311. data/lib/arachni/element/link_template.rb +1 -1
  312. data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
  313. data/lib/arachni/element/nested_cookie.rb +370 -0
  314. data/lib/arachni/element/path.rb +1 -1
  315. data/lib/arachni/element/server.rb +1 -1
  316. data/lib/arachni/element/ui_form/dom.rb +1 -1
  317. data/lib/arachni/element/ui_form.rb +1 -1
  318. data/lib/arachni/element/ui_input/dom.rb +1 -1
  319. data/lib/arachni/element/ui_input.rb +1 -1
  320. data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
  321. data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
  322. data/lib/arachni/element/xml.rb +1 -1
  323. data/lib/arachni/element_filter.rb +1 -1
  324. data/lib/arachni/error.rb +1 -1
  325. data/lib/arachni/ethon/easy.rb +1 -1
  326. data/lib/arachni/framework/parts/audit.rb +1 -1
  327. data/lib/arachni/framework/parts/browser.rb +1 -1
  328. data/lib/arachni/framework/parts/check.rb +1 -1
  329. data/lib/arachni/framework/parts/data.rb +1 -1
  330. data/lib/arachni/framework/parts/platform.rb +1 -1
  331. data/lib/arachni/framework/parts/plugin.rb +1 -1
  332. data/lib/arachni/framework/parts/report.rb +1 -1
  333. data/lib/arachni/framework/parts/scope.rb +1 -1
  334. data/lib/arachni/framework/parts/state.rb +1 -1
  335. data/lib/arachni/framework.rb +1 -1
  336. data/lib/arachni/http/client/dynamic_404_handler.rb +1 -1
  337. data/lib/arachni/http/client.rb +7 -5
  338. data/lib/arachni/http/cookie_jar.rb +1 -1
  339. data/lib/arachni/http/headers.rb +1 -1
  340. data/lib/arachni/http/message/scope.rb +1 -1
  341. data/lib/arachni/http/message.rb +1 -1
  342. data/lib/arachni/http/proxy_server/connection.rb +3 -8
  343. data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
  344. data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
  345. data/lib/arachni/http/proxy_server/ssl_interceptor.rb +7 -6
  346. data/lib/arachni/http/proxy_server/tunnel.rb +1 -1
  347. data/lib/arachni/http/proxy_server.rb +1 -1
  348. data/lib/arachni/http/request/scope.rb +1 -1
  349. data/lib/arachni/http/request.rb +8 -2
  350. data/lib/arachni/http/response/scope.rb +1 -1
  351. data/lib/arachni/http/response.rb +1 -1
  352. data/lib/arachni/http.rb +1 -1
  353. data/lib/arachni/issue/severity/base.rb +1 -1
  354. data/lib/arachni/issue/severity.rb +1 -1
  355. data/lib/arachni/issue.rb +1 -1
  356. data/lib/arachni/option_group.rb +1 -1
  357. data/lib/arachni/option_groups/audit.rb +11 -2
  358. data/lib/arachni/option_groups/browser_cluster.rb +28 -4
  359. data/lib/arachni/option_groups/datastore.rb +1 -1
  360. data/lib/arachni/option_groups/dispatcher.rb +1 -1
  361. data/lib/arachni/option_groups/http.rb +5 -5
  362. data/lib/arachni/option_groups/input.rb +1 -1
  363. data/lib/arachni/option_groups/output.rb +1 -1
  364. data/lib/arachni/option_groups/paths.rb +1 -1
  365. data/lib/arachni/option_groups/rpc.rb +1 -1
  366. data/lib/arachni/option_groups/scope.rb +46 -4
  367. data/lib/arachni/option_groups/session.rb +1 -1
  368. data/lib/arachni/option_groups/snapshot.rb +1 -1
  369. data/lib/arachni/option_groups.rb +1 -1
  370. data/lib/arachni/options.rb +1 -1
  371. data/lib/arachni/page/dom/transition.rb +1 -1
  372. data/lib/arachni/page/dom.rb +1 -1
  373. data/lib/arachni/page/scope.rb +1 -1
  374. data/lib/arachni/page.rb +3 -3
  375. data/lib/arachni/parser/document.rb +1 -1
  376. data/lib/arachni/parser/extractors/base.rb +1 -1
  377. data/lib/arachni/parser/nodes/base.rb +1 -1
  378. data/lib/arachni/parser/nodes/comment.rb +1 -1
  379. data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +2 -2
  380. data/lib/arachni/parser/nodes/element/with_attributes.rb +1 -1
  381. data/lib/arachni/parser/nodes/element.rb +1 -1
  382. data/lib/arachni/parser/nodes/text.rb +1 -1
  383. data/lib/arachni/parser/nodes/with_value.rb +2 -2
  384. data/lib/arachni/parser/sax.rb +2 -1
  385. data/lib/arachni/parser/with_children/search.rb +1 -1
  386. data/lib/arachni/parser/with_children.rb +1 -1
  387. data/lib/arachni/parser.rb +31 -2
  388. data/lib/arachni/platform/fingerprinter.rb +1 -1
  389. data/lib/arachni/platform/list.rb +1 -1
  390. data/lib/arachni/platform/manager.rb +1 -1
  391. data/lib/arachni/platform.rb +1 -1
  392. data/lib/arachni/plugin/base.rb +1 -1
  393. data/lib/arachni/plugin/formatter.rb +1 -1
  394. data/lib/arachni/plugin/manager.rb +1 -1
  395. data/lib/arachni/plugin.rb +1 -1
  396. data/lib/arachni/processes/dispatchers.rb +1 -1
  397. data/lib/arachni/processes/executables/base.rb +2 -1
  398. data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
  399. data/lib/arachni/processes/helpers/instances.rb +1 -1
  400. data/lib/arachni/processes/helpers/processes.rb +1 -1
  401. data/lib/arachni/processes/helpers.rb +1 -1
  402. data/lib/arachni/processes/instances.rb +1 -1
  403. data/lib/arachni/processes/manager.rb +9 -5
  404. data/lib/arachni/processes.rb +1 -1
  405. data/lib/arachni/report.rb +1 -1
  406. data/lib/arachni/reporter/base.rb +1 -1
  407. data/lib/arachni/reporter/formatter_manager.rb +1 -1
  408. data/lib/arachni/reporter/manager.rb +1 -1
  409. data/lib/arachni/reporter/options.rb +1 -10
  410. data/lib/arachni/reporter.rb +1 -1
  411. data/lib/arachni/rest/server/instance_helpers.rb +10 -1
  412. data/lib/arachni/rest/server.rb +7 -1
  413. data/lib/arachni/rpc/client/base.rb +1 -1
  414. data/lib/arachni/rpc/client/dispatcher.rb +1 -1
  415. data/lib/arachni/rpc/client/instance/framework.rb +1 -1
  416. data/lib/arachni/rpc/client/instance/service.rb +1 -1
  417. data/lib/arachni/rpc/client/instance.rb +1 -1
  418. data/lib/arachni/rpc/serializer.rb +1 -1
  419. data/lib/arachni/rpc/server/active_options.rb +1 -1
  420. data/lib/arachni/rpc/server/base.rb +1 -1
  421. data/lib/arachni/rpc/server/check/manager.rb +1 -1
  422. data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
  423. data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
  424. data/lib/arachni/rpc/server/dispatcher.rb +1 -1
  425. data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
  426. data/lib/arachni/rpc/server/framework/master.rb +1 -1
  427. data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
  428. data/lib/arachni/rpc/server/framework/slave.rb +1 -1
  429. data/lib/arachni/rpc/server/framework.rb +1 -1
  430. data/lib/arachni/rpc/server/instance.rb +1 -1
  431. data/lib/arachni/rpc/server/output.rb +1 -1
  432. data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
  433. data/lib/arachni/ruby/array.rb +1 -1
  434. data/lib/arachni/ruby/hash.rb +1 -1
  435. data/lib/arachni/ruby/object.rb +1 -1
  436. data/lib/arachni/ruby/set.rb +1 -1
  437. data/lib/arachni/ruby/string.rb +1 -1
  438. data/lib/arachni/ruby/webrick/cookie.rb +1 -1
  439. data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
  440. data/lib/arachni/ruby/webrick.rb +1 -1
  441. data/lib/arachni/ruby.rb +1 -1
  442. data/lib/arachni/scope.rb +1 -1
  443. data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +6 -16
  444. data/lib/arachni/session.rb +1 -1
  445. data/lib/arachni/snapshot.rb +1 -1
  446. data/lib/arachni/state/audit.rb +1 -1
  447. data/lib/arachni/state/element_filter.rb +1 -1
  448. data/lib/arachni/state/framework/rpc.rb +1 -1
  449. data/lib/arachni/state/framework.rb +1 -1
  450. data/lib/arachni/state/http.rb +1 -1
  451. data/lib/arachni/state/options.rb +1 -1
  452. data/lib/arachni/state/plugins.rb +1 -1
  453. data/lib/arachni/state.rb +1 -1
  454. data/lib/arachni/support/buffer/autoflush.rb +1 -1
  455. data/lib/arachni/support/buffer/base.rb +1 -1
  456. data/lib/arachni/support/buffer.rb +1 -1
  457. data/lib/arachni/support/cache/base.rb +1 -1
  458. data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
  459. data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
  460. data/lib/arachni/support/cache/least_recently_used.rb +1 -1
  461. data/lib/arachni/support/cache/preference.rb +1 -1
  462. data/lib/arachni/support/cache/random_replacement.rb +1 -1
  463. data/lib/arachni/support/cache.rb +1 -1
  464. data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
  465. data/lib/arachni/support/crypto.rb +1 -1
  466. data/lib/arachni/support/database/base.rb +15 -7
  467. data/lib/arachni/support/database/hash.rb +1 -1
  468. data/lib/arachni/support/database/queue.rb +1 -1
  469. data/lib/arachni/support/database.rb +1 -1
  470. data/lib/arachni/support/glob.rb +1 -1
  471. data/lib/arachni/support/lookup/base.rb +1 -1
  472. data/lib/arachni/support/lookup/hash_set.rb +1 -1
  473. data/lib/arachni/support/lookup/moolb.rb +1 -1
  474. data/lib/arachni/support/lookup.rb +1 -1
  475. data/lib/arachni/support/mixins/observable.rb +1 -1
  476. data/lib/arachni/support/mixins/terminal.rb +1 -1
  477. data/lib/arachni/support/mixins.rb +1 -1
  478. data/lib/arachni/support/profiler.rb +1 -1
  479. data/lib/arachni/support/signature.rb +1 -1
  480. data/lib/arachni/support.rb +1 -1
  481. data/lib/arachni/trainer.rb +1 -1
  482. data/lib/arachni/ui/foo/output.rb +1 -1
  483. data/lib/arachni/uri/scope.rb +1 -1
  484. data/lib/arachni/uri.rb +6 -9
  485. data/lib/arachni/utilities.rb +1 -1
  486. data/lib/arachni/version.rb +1 -1
  487. data/lib/arachni.rb +1 -1
  488. data/lib/version +1 -1
  489. data/logs/error-1821117.log +243 -0
  490. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +84 -60
  491. data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
  492. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -90
  493. data/spec/arachni/browser/javascript_spec.rb +10 -9
  494. data/spec/arachni/browser_cluster/worker_spec.rb +23 -55
  495. data/spec/arachni/browser_spec.rb +160 -158
  496. data/spec/arachni/data/framework/rpc_spec.rb +1 -1
  497. data/spec/arachni/data/framework_spec.rb +1 -1
  498. data/spec/arachni/element/cookie_spec.rb +1 -1
  499. data/spec/arachni/element/nested_cookie_spec.rb +687 -0
  500. data/spec/arachni/element/ui_form_spec.rb +2 -2
  501. data/spec/arachni/element/ui_input_spec.rb +1 -1
  502. data/spec/arachni/http/client_spec.rb +14 -26
  503. data/spec/arachni/http/cookie_jar_spec.rb +2 -2
  504. data/spec/arachni/http/proxy_server_spec.rb +2 -0
  505. data/spec/arachni/http/request_spec.rb +3 -2
  506. data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
  507. data/spec/arachni/option_groups/http_spec.rb +6 -6
  508. data/spec/arachni/option_groups/scope_spec.rb +1 -6
  509. data/spec/arachni/page_spec.rb +3 -2
  510. data/spec/arachni/parser_spec.rb +45 -1
  511. data/spec/arachni/reporter/options_spec.rb +0 -14
  512. data/spec/arachni/rest/server_spec.rb +39 -2
  513. data/spec/arachni/uri_spec.rb +1 -1
  514. data/spec/components/checks/active/code_injection_spec.rb +12 -7
  515. data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
  516. data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
  517. data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
  518. data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
  519. data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
  520. data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
  521. data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
  522. data/spec/components/checks/active/path_traversal_spec.rb +10 -7
  523. data/spec/components/checks/active/response_splitting_spec.rb +5 -4
  524. data/spec/components/checks/active/rfi_spec.rb +9 -8
  525. data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
  526. data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
  527. data/spec/components/checks/active/sql_injection_spec.rb +53 -36
  528. data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
  529. data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
  530. data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
  531. data/spec/components/checks/active/xss_dom_script_context_spec.rb +5 -5
  532. data/spec/components/checks/active/xss_event_spec.rb +5 -3
  533. data/spec/components/checks/active/xss_script_context_spec.rb +4 -3
  534. data/spec/components/checks/active/xss_spec.rb +5 -4
  535. data/spec/components/checks/active/xss_tag_spec.rb +11 -3
  536. data/spec/components/checks/passive/backup_files_spec.rb +0 -4
  537. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
  538. data/spec/spec_helper.rb +2 -1
  539. data/spec/support/factories/http/response.rb +1 -1
  540. data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
  541. data/spec/support/fixtures/checks/test.rb +4 -4
  542. data/spec/support/fixtures/checks/test2.rb +1 -1
  543. data/spec/support/fixtures/checks/test3.rb +1 -1
  544. data/spec/support/fixtures/cookies.txt +1 -1
  545. data/spec/support/fixtures/executables/node.rb +2 -3
  546. data/spec/support/fixtures/fingerprinters/test.rb +1 -1
  547. data/spec/support/fixtures/nested_cookies.txt +11 -0
  548. data/spec/support/fixtures/plugins/bad.rb +1 -1
  549. data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
  550. data/spec/support/fixtures/plugins/distributable.rb +1 -1
  551. data/spec/support/fixtures/plugins/loop.rb +1 -1
  552. data/spec/support/fixtures/plugins/suspendable.rb +1 -1
  553. data/spec/support/fixtures/plugins/wait.rb +1 -1
  554. data/spec/support/fixtures/plugins/with_options.rb +1 -1
  555. data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
  556. data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
  557. data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
  558. data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
  559. data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
  560. data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
  561. data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
  562. data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
  563. data/spec/support/fixtures/report.afr +0 -0
  564. data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
  565. data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
  566. data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
  567. data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
  568. data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
  569. data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
  570. data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
  571. data/spec/support/fixtures/run_check/body.rb +1 -1
  572. data/spec/support/fixtures/run_check/cookies.rb +1 -1
  573. data/spec/support/fixtures/run_check/empty.rb +1 -1
  574. data/spec/support/fixtures/run_check/flch.rb +1 -1
  575. data/spec/support/fixtures/run_check/forms.rb +1 -1
  576. data/spec/support/fixtures/run_check/headers.rb +1 -1
  577. data/spec/support/fixtures/run_check/links.rb +1 -1
  578. data/spec/support/fixtures/run_check/nil.rb +1 -1
  579. data/spec/support/fixtures/run_check/path.rb +1 -1
  580. data/spec/support/fixtures/run_check/server.rb +1 -1
  581. data/spec/support/fixtures/signature_check/signature.rb +1 -1
  582. data/spec/support/fixtures/wait_check/wait.rb +1 -1
  583. data/spec/support/helpers/framework.rb +1 -1
  584. data/spec/support/helpers/misc.rb +1 -1
  585. data/spec/support/helpers/paths.rb +1 -1
  586. data/spec/support/helpers/requires.rb +1 -1
  587. data/spec/support/helpers/resets.rb +1 -1
  588. data/spec/support/helpers/web_server.rb +1 -1
  589. data/spec/support/lib/factory.rb +1 -1
  590. data/spec/support/lib/web_server_client.rb +1 -1
  591. data/spec/support/lib/web_server_dispatcher.rb +1 -1
  592. data/spec/support/lib/web_server_manager.rb +1 -1
  593. data/spec/support/servers/arachni/check/auditor.rb +1 -0
  594. data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
  595. data/spec/support/servers/arachni/element/form.rb +4 -4
  596. data/spec/support/servers/arachni/element/header.rb +1 -1
  597. data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
  598. data/spec/support/servers/arachni/parser.rb +6 -0
  599. data/spec/support/servers/checks/active/code_injection.rb +18 -0
  600. data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
  601. data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
  602. data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
  603. data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
  604. data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
  605. data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
  606. data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
  607. data/spec/support/servers/checks/active/path_traversal.rb +30 -3
  608. data/spec/support/servers/checks/active/response_splitting.rb +30 -1
  609. data/spec/support/servers/checks/active/rfi.rb +30 -2
  610. data/spec/support/servers/checks/active/session_fixation.rb +1 -3
  611. data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
  612. data/spec/support/servers/checks/active/sql_injection.rb +27 -0
  613. data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
  614. data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
  615. data/spec/support/servers/checks/active/unvalidated_redirect.rb +40 -1
  616. data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
  617. data/spec/support/servers/checks/active/xss.rb +40 -0
  618. data/spec/support/servers/checks/active/xss_event.rb +22 -1
  619. data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
  620. data/spec/support/servers/checks/active/xss_tag.rb +40 -0
  621. data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
  622. data/spec/support/shared/check.rb +1 -0
  623. data/spec/support/shared/element/capabilities/auditable/buffered.rb +2 -2
  624. data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +2 -2
  625. data/spec/support/shared/element/capabilities/auditable.rb +2 -2
  626. data/ui/cli/framework/option_parser.rb +44 -8
  627. data/ui/cli/framework.rb +6 -5
  628. data/ui/cli/option_parser.rb +1 -1
  629. data/ui/cli/output.rb +1 -1
  630. data/ui/cli/reporter/option_parser.rb +1 -1
  631. data/ui/cli/reporter.rb +1 -1
  632. data/ui/cli/reproduce/option_parser.rb +1 -1
  633. data/ui/cli/reproduce.rb +1 -1
  634. data/ui/cli/rest/server/option_parser.rb +1 -1
  635. data/ui/cli/rest/server.rb +1 -1
  636. data/ui/cli/restored_framework/option_parser.rb +1 -1
  637. data/ui/cli/restored_framework.rb +1 -1
  638. data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
  639. data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
  640. data/ui/cli/rpc/client/instance.rb +7 -4
  641. data/ui/cli/rpc/client/local/option_parser.rb +1 -1
  642. data/ui/cli/rpc/client/local.rb +1 -1
  643. data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
  644. data/ui/cli/rpc/client/remote.rb +1 -1
  645. data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
  646. data/ui/cli/rpc/server/dispatcher.rb +1 -1
  647. data/ui/cli/utilities.rb +1 -1
  648. metadata +603 -581
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: f1728e58117259b5f10e529734b0643b91e04635
4
- data.tar.gz: 656bbd3c108692ca6764795a47ade985735b0b9a
2
+ SHA256:
3
+ metadata.gz: 98a242080468df426489cea1c37dbc3420ee9b329f04b27fa03163cb8df49de3
4
+ data.tar.gz: 4afd4d3d17fcbd14fd57f5faec17f2fce8af7f87359de9a969be3b789d983568
5
5
  SHA512:
6
- metadata.gz: a072ffdf8586c6206de12bf6717343d0cf96c1bf3450f35756408f48758cdbaa6c8cffe18ce6d950e8017bcb48eb008d9dccf94a1c756d38a6b5172151024c35
7
- data.tar.gz: e073d1da05c8a8e4697803946ef42f7bfd22ca32878f471f3920bc6d7dcf17fd85aa3d4c1d3ef9d23bc3f064e06a5cb5591875b58f0571ff4b2585ba2273b279
6
+ metadata.gz: 444dc3e67802214b06dd71f6af65b1dc4a7a119e33b9295af381c54dc3723e6a0f6e3dc255452925c59151daf1fed90eafaac60818de26d8e8e43ed6ce9be5c9
7
+ data.tar.gz: 69fc119cc27759c4a604293428e954f9d7a85c67503ff0705202ffb12856a6d7dfedec71ae2a2046fe42f206aa13b4b1f737562db776d2f74a7ca3cc5163383a
data/CHANGELOG.md CHANGED
@@ -1,5 +1,61 @@
1
1
  # ChangeLog
2
2
 
3
+ ## 1.6.1.1 (May 3, 2022)
4
+
5
+ - Plugins
6
+ - `exec` -- Fixed error on empty option.
7
+ - Reporters
8
+ - `stdout` -- Inform of Arachni's obsolescence and its successor [Ecsypno SCNR](https://www.ecsypno.com/).
9
+ - `html` -- Inform of Arachni's obsolescence and its successor [Ecsypno SCNR](https://www.ecsypno.com/).
10
+
11
+ ## 1.6.1 _(March 20, 2022)_
12
+
13
+ - `Browser#eelenium` -- Disable sandbox.
14
+
15
+ ## 1.6.0 _(March 4, 2022)_
16
+
17
+ - Options
18
+ - Scope
19
+ - `--scope-dom-depth-limit` -- Changed default from `5` to `4`.
20
+ - `--scope-auto-redundant` -- Changed default from `inf` to `15`.
21
+ - `--scope-directory-depth-limit` -- Changed default from `inf` to `10`.
22
+ - Browser cluster
23
+ - `--browser-cluster-pool-size` -- Changed default from `5` to `4`.
24
+ - HTTP
25
+ - `--http-max-concurrency` -- Changed default from `20` to `10`.
26
+ - New
27
+ - `--scope-dom-event-inheritance-limit` -- Limits the amount of inherited events.
28
+ - `--browser-cluster-session-storage` -- Sets the browsers' session storage.
29
+ - `--browser-cluster-wait-for-timers` -- Wait for the maximum `setTimeout()`
30
+ -- Used to be hardcoded to `true`, now defaults to `false`.
31
+ - `URI`
32
+ - `#encode` -- Fixed encoding order of `+`.
33
+ - `#decode` -- Fixed decoding order of `+`.
34
+ - `Element`
35
+ - Added `NestedCookie`: Handles key-value pairs inside individual cookies.
36
+ - `Browser` -- Replaced PhantomJS with headless Chrome.
37
+ - `Javascript`
38
+ - `DOMMonitor`
39
+ - `#elements_with_events` -- Optionally limits event inheritance.
40
+ - `Rest::Server`
41
+ - Added `/scans/:id/report.afr`.
42
+ - Added error handling for when trying to connect to killed instances.
43
+ - `Support`
44
+ - `Database` -- Updated to compress disk data.
45
+ - `Parser` -- Recode node data to UTF-8.
46
+ - `Process`
47
+ - `Manager`
48
+ - `#spawn` -- Pass Arachni options via `ENV` rather than `ARGV`.
49
+ - Checks
50
+ - Active
51
+ - `xss` -- Fixed proof data to return HTML.
52
+ - `csrf` -- Disabled for pages with DOM transitions due to FPs.
53
+ - Passive
54
+ - `x_frame_options` -- Ignore non-200 pages.
55
+ - `common_directories` -- Look for `.git`.
56
+ - Plugins
57
+ - `proxy` -- Fixed error on login sequence recording.
58
+
3
59
  ## 1.5.1 _(March 29, 2017)_
4
60
 
5
61
  - `config/write_paths.yml` -- Added configurable temporary directory.
data/Gemfile CHANGED
@@ -1,6 +1,6 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
- gem 'rake', '11.3.0'
3
+ gem 'rake', '>= 12.3.3'
4
4
  gem 'pry'
5
5
 
6
6
  group :docs do
@@ -9,9 +9,7 @@ group :docs do
9
9
  end
10
10
 
11
11
  group :spec do
12
- gem 'simplecov', require: false, group: :test
13
-
14
- gem 'rspec', '2.99.0'
12
+ gem 'rspec'
15
13
  gem 'faker'
16
14
  end
17
15
 
data/LICENSE.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # License
2
2
 
3
- Copyright 2010-2017 [Sarosys LLC](http://www.sarosys.com).
3
+ Copyright 2010-2022 [Ecsypno](http://www.ecsypno.com).
4
4
 
5
5
  ```
6
6
  Arachni Public Source License
data/README.md CHANGED
@@ -1,9 +1,14 @@
1
+ # Notice
2
+
3
+ Arachni is heading towards obsolescence, try out its next-gen successor
4
+ [Ecsypno](https://www.ecsypno.com/) [SCNR](https://ecsypno.com/scnr-documentation/)!
5
+
1
6
  # Arachni - Web Application Security Scanner Framework
2
7
 
3
8
  <table>
4
9
  <tr>
5
10
  <th>Version</th>
6
- <td>1.5.1</td>
11
+ <td>1.6.1.1</td>
7
12
  </tr>
8
13
  <tr>
9
14
  <th>Homepage</th>
@@ -38,7 +43,7 @@
38
43
  </tr>
39
44
  <tr>
40
45
  <th>Copyright</th>
41
- <td>2010-2017 <a href="http://www.sarosys.com">Sarosys LLC</a></td>
46
+ <td>2010-2022 <a href="http://www.ecsypno.com">Ecsypno</a></td>
42
47
  </tr>
43
48
  <tr>
44
49
  <th>License</th>
@@ -112,27 +117,27 @@ you with its findings.
112
117
 
113
118
  ### General
114
119
 
115
- - Cookie-jar/cookie-string support.
116
- - Custom header support.
117
- - SSL support with fine-grained options.
118
- - User Agent spoofing.
119
- - Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
120
- - Proxy authentication.
121
- - Site authentication (SSL-based, form-based, Cookie-Jar, Basic-Digest, NTLMv1, Kerberos and others).
122
- - Automatic log-out detection and re-login during the scan (when the initial
123
- login was performed via the `autologin`, `login_script` or `proxy` plugins).
124
- - Custom 404 page detection.
125
- - UI abstraction:
120
+ - Cookie-jar/cookie-string support.
121
+ - Custom header support.
122
+ - SSL support with fine-grained options.
123
+ - User Agent spoofing.
124
+ - Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
125
+ - Proxy authentication.
126
+ - Site authentication (SSL-based, form-based, Cookie-Jar, Basic-Digest, NTLMv1, Kerberos and others).
127
+ - Automatic log-out detection and re-login during the scan (when the initial
128
+ login was performed via the `autologin`, `login_script` or `proxy` plugins).
129
+ - Custom 404 page detection.
130
+ - UI abstraction:
126
131
  - [Command-line Interface](https://github.com/Arachni/arachni/wiki/Executables).
127
132
  - [Web User Interface](https://github.com/Arachni/arachni-ui-web).
128
- - Pause/resume functionality.
129
- - Hibernation support -- Suspend to and restore from disk.
130
- - High performance asynchronous HTTP requests.
133
+ - Pause/resume functionality.
134
+ - Hibernation support -- Suspend to and restore from disk.
135
+ - High performance asynchronous HTTP requests.
131
136
  - With adjustable concurrency.
132
137
  - With the ability to auto-detect server health and adjust its concurrency
133
- automatically.
134
- - Support for custom default input values, using pairs of patterns (to be matched
135
- against input names) and values to be used to fill in matching inputs.
138
+ automatically.
139
+ - Support for custom default input values, using pairs of patterns (to be matched
140
+ against input names) and values to be used to fill in matching inputs.
136
141
 
137
142
  ### Integrated browser environment
138
143
 
@@ -155,27 +160,27 @@ with a great deal of information regarding the state of the page at the time.
155
160
 
156
161
  Relevant information include:
157
162
 
158
- - Page DOM, as HTML code.
159
- - With a list of DOM transitions required to restore the state of the
160
- page to the one at the time it was logged.
161
- - Original DOM (i.e. prior to the action that caused the page to be logged),
162
- as HTML code.
163
- - With a list of DOM transitions.
164
- - Data-flow sinks -- Each sink is a JS method which received a tainted argument.
165
- - Parent object of the method (ex.: `DOMWindow`).
166
- - Method signature (ex.: `decodeURIComponent()`).
167
- - Arguments list.
168
- - With the identified taint located recursively in the included objects.
169
- - Method source code.
170
- - JS stacktrace.
171
- - Execution flow sinks -- Each sink is a successfully executed JS payload,
172
- as injected by the security checks.
173
- - Includes a JS stacktrace.
174
- - JavaScript stack-traces include:
175
- - Method names.
176
- - Method locations.
177
- - Method source codes.
178
- - Argument lists.
163
+ - Page DOM, as HTML code.
164
+ - With a list of DOM transitions required to restore the state of the
165
+ page to the one at the time it was logged.
166
+ - Original DOM (i.e. prior to the action that caused the page to be logged),
167
+ as HTML code.
168
+ - With a list of DOM transitions.
169
+ - Data-flow sinks -- Each sink is a JS method which received a tainted argument.
170
+ - Parent object of the method (ex.: `DOMWindow`).
171
+ - Method signature (ex.: `decodeURIComponent()`).
172
+ - Arguments list.
173
+ - With the identified taint located recursively in the included objects.
174
+ - Method source code.
175
+ - JS stacktrace.
176
+ - Execution flow sinks -- Each sink is a successfully executed JS payload,
177
+ as injected by the security checks.
178
+ - Includes a JS stacktrace.
179
+ - JavaScript stack-traces include:
180
+ - Method names.
181
+ - Method locations.
182
+ - Method source codes.
183
+ - Argument lists.
179
184
 
180
185
  In essence, you have access to roughly the same information that your favorite
181
186
  debugger (for example, FireBug) would provide, as if you had set a breakpoint to
@@ -189,15 +194,15 @@ consuming in a high-performance fashion.
189
194
 
190
195
  Configuration options include:
191
196
 
192
- - Adjustable pool-size, i.e. the amount of browser workers to utilize.
193
- - Timeout for each job.
194
- - Worker TTL counted in jobs -- Workers which exceed the TTL have their browser
195
- process respawned.
196
- - Ability to disable loading images.
197
- - Adjustable screen width and height.
198
- - Can be used to analyze responsive and mobile applications.
199
- - Ability to wait until certain elements appear in the page.
200
- - Configurable local storage data.
197
+ - Adjustable pool-size, i.e. the amount of browser workers to utilize.
198
+ - Timeout for each job.
199
+ - Worker TTL counted in jobs -- Workers which exceed the TTL have their browser
200
+ process respawned.
201
+ - Ability to disable loading images.
202
+ - Adjustable screen width and height.
203
+ - Can be used to analyze responsive and mobile applications.
204
+ - Ability to wait until certain elements appear in the page.
205
+ - Configurable local storage data.
201
206
 
202
207
  ### Coverage
203
208
 
@@ -212,27 +217,28 @@ order to provide coverage for a full set of possible scenarios.
212
217
  By inspecting all possible pages and their states (when using client-side code)
213
218
  Arachni is able to extract and audit the following elements and their inputs:
214
219
 
215
- - Forms
220
+ - Forms
216
221
  - Along with ones that require interaction via a real browser due to DOM events.
217
- - User-interface Forms
222
+ - User-interface Forms
218
223
  - Input and button groups which don't belong to an HTML `<form>` element but
219
- are instead associated via JS code.
220
- - User-interface Inputs
224
+ are instead associated via JS code.
225
+ - User-interface Inputs
221
226
  - Orphan `<input>` elements with associated DOM events.
222
- - Links
227
+ - Links
223
228
  - Along with ones that have client-side parameters in their fragment, i.e.:
224
- `http://example.com/#/?param=val&param2=val2`
229
+ `http://example.com/#/?param=val&param2=val2`
225
230
  - With support for rewrite rules.
226
- - LinkTemplates -- Allowing for extraction of arbitrary inputs from generic paths,
227
- based on user-supplied templates -- useful when rewrite rules are not available.
231
+ - LinkTemplates -- Allowing for extraction of arbitrary inputs from generic paths,
232
+ based on user-supplied templates -- useful when rewrite rules are not available.
228
233
  - Along with ones that have client-side parameters in their URL fragments, i.e.:
229
- `http://example.com/#/param/val/param2/val2`
230
- - Cookies
231
- - Headers
232
- - Generic client-side elements which have associated DOM events.
233
- - AJAX-request parameters.
234
- - JSON request data.
235
- - XML request data.
234
+ `http://example.com/#/param/val/param2/val2`
235
+ - Cookies
236
+ - Also supports nested cookies, containing key-value pairs inside individual cookies.
237
+ - Headers
238
+ - Generic client-side elements which have associated DOM events.
239
+ - AJAX-request parameters.
240
+ - JSON request data.
241
+ - XML request data.
236
242
 
237
243
  ### Open [distributed architecture](https://github.com/Arachni/arachni/wiki/Distributed-components)
238
244
 
@@ -246,7 +252,7 @@ Both approaches allow you to:
246
252
 
247
253
  - Remotely monitor and manage scans.
248
254
  - Perform multiple scans at the same time -- Each scan is compartmentalized to
249
- its own OS process to take advantage of:
255
+ its own OS process to take advantage of:
250
256
  - Multi-core/SMP architectures.
251
257
  - OS-level scheduling/restrictions.
252
258
  - Sandboxed failure propagation.
@@ -260,51 +266,51 @@ Both approaches allow you to:
260
266
  - Uses JSON to format messages.
261
267
  - Stateful scan monitoring.
262
268
  - Unique sessions automatically only receive updates when polling for progress,
263
- rather than full data.
269
+ rather than full data.
264
270
 
265
271
  #### [RPC API](https://github.com/Arachni/arachni/wiki/RPC-API)
266
272
 
267
273
  - High-performance/low-bandwidth [communication protocol](https://github.com/Arachni/arachni-rpc).
268
274
  - `MessagePack` serialization for performance, efficiency and ease of
269
- integration with 3rd party systems.
275
+ integration with 3rd party systems.
270
276
  - Grid:
271
277
  - Self-healing.
272
278
  - Scale up/down by hot-plugging/hot-unplugging nodes.
273
279
  - Can scale up infinitely by adding nodes to increase scan capacity.
274
280
  - _(Always-on)_ Load-balancing -- All Instances are automatically provided
275
- by the least burdened Grid member.
281
+ by the least burdened Grid member.
276
282
  - With optional per-scan opt-out/override.
277
283
  - _(Optional)_ High-Performance mode -- Combines the resources of
278
- multiple nodes to perform multi-Instance scans.
284
+ multiple nodes to perform multi-Instance scans.
279
285
  - Enabled on a per-scan basis.
280
286
 
281
287
  ### Scope configuration
282
288
 
283
- - Filters for redundant pages like galleries, catalogs, etc. based on regular
284
- expressions and counters.
289
+ - Filters for redundant pages like galleries, catalogs, etc. based on regular
290
+ expressions and counters.
285
291
  - Can optionally detect and ignore redundant pages automatically.
286
- - URL exclusion filters using regular expressions.
287
- - Page exclusion filters based on content, using regular expressions.
288
- - URL inclusion filters using regular expressions.
289
- - Can be forced to only follow HTTPS paths and not downgrade to HTTP.
290
- - Can optionally follow subdomains.
291
- - Adjustable page count limit.
292
- - Adjustable redirect limit.
293
- - Adjustable directory depth limit.
294
- - Adjustable DOM depth limit.
295
- - Adjustment using URL-rewrite rules.
296
- - Can read paths from multiple user supplied files (to both restrict and extend
297
- the scope).
292
+ - URL exclusion filters using regular expressions.
293
+ - Page exclusion filters based on content, using regular expressions.
294
+ - URL inclusion filters using regular expressions.
295
+ - Can be forced to only follow HTTPS paths and not downgrade to HTTP.
296
+ - Can optionally follow subdomains.
297
+ - Adjustable page count limit.
298
+ - Adjustable redirect limit.
299
+ - Adjustable directory depth limit.
300
+ - Adjustable DOM depth limit.
301
+ - Adjustment using URL-rewrite rules.
302
+ - Can read paths from multiple user supplied files (to both restrict and extend
303
+ the scope).
298
304
 
299
305
  ### Audit
300
306
 
301
- - Can audit:
307
+ - Can audit:
302
308
  - Forms
303
309
  - Can automatically refresh nonce tokens.
304
310
  - Can submit them via the integrated browser environment.
305
- - User-interface Forms
311
+ - User-interface Forms
306
312
  - Input and button groups which don't belong to an HTML `<form>` element
307
- but are instead associated via JS code.
313
+ but are instead associated via JS code.
308
314
  - User-interface Inputs
309
315
  - Orphan `<input>` elements with associated DOM events.
310
316
  - Links
@@ -317,13 +323,13 @@ Both approaches allow you to:
317
323
  - Generic client-side DOM elements.
318
324
  - JSON request data.
319
325
  - XML request data.
320
- - Can ignore binary/non-text pages.
321
- - Can audit elements using both `GET` and `POST` HTTP methods.
322
- - Can inject both raw and HTTP encoded payloads.
323
- - Can submit all links and forms of the page along with the cookie
324
- permutations to provide extensive cookie-audit coverage.
325
- - Can exclude specific input vectors by name.
326
- - Can include specific input vectors by name.
326
+ - Can ignore binary/non-text pages.
327
+ - Can audit elements using both `GET` and `POST` HTTP methods.
328
+ - Can inject both raw and HTTP encoded payloads.
329
+ - Can submit all links and forms of the page along with the cookie
330
+ permutations to provide extensive cookie-audit coverage.
331
+ - Can exclude specific input vectors by name.
332
+ - Can include specific input vectors by name.
327
333
 
328
334
  ### Components
329
335
 
@@ -514,7 +520,7 @@ Passive checks look for the existence of files, folders and signatures.
514
520
 
515
521
  - Standard output
516
522
  - [HTML](http://www.arachni-scanner.com/reports/report.html/)
517
- ([zip](http://www.arachni-scanner.com/reports/report.html.zip)) (`html`).
523
+ ([zip](http://www.arachni-scanner.com/reports/report.html.zip)) (`html`).
518
524
  - [XML](http://www.arachni-scanner.com/reports/report.xml) (`xml`).
519
525
  - [Text](http://www.arachni-scanner.com/reports/report.txt) (`text`).
520
526
  - [JSON](http://www.arachni-scanner.com/reports/report.json) (`json`)
@@ -529,32 +535,32 @@ Plugins add extra functionality to the system in a modular fashion, this way the
529
535
  core remains lean and makes it easy for anyone to add arbitrary functionality.
530
536
 
531
537
  - Passive Proxy (`proxy`) -- Analyzes requests and responses between the web app and
532
- the browser assisting in AJAX audits, logging-in and/or restricting the scope of the audit.
538
+ the browser assisting in AJAX audits, logging-in and/or restricting the scope of the audit.
533
539
  - Form based login (`autologin`).
534
540
  - Script based login (`login_script`).
535
541
  - Dictionary attacker for HTTP Auth (`http_dicattack`).
536
542
  - Dictionary attacker for form based authentication (`form_dicattack`).
537
543
  - Cookie collector (`cookie_collector`) -- Keeps track of cookies while establishing a timeline of changes.
538
544
  - WAF (Web Application Firewall) Detector (`waf_detector`) -- Establishes a baseline of
539
- normal behavior and uses rDiff analysis to determine if malicious inputs cause any behavioral changes.
545
+ normal behavior and uses rDiff analysis to determine if malicious inputs cause any behavioral changes.
540
546
  - BeepNotify (`beep_notify`) -- Beeps when the scan finishes.
541
547
  - EmailNotify (`email_notify`) -- Sends a notification (and optionally a report) over SMTP at
542
- the end of the scan.
548
+ the end of the scan.
543
549
  - VectorFeed (`vector_feed`) -- Reads in vector data from which it creates elements to be
544
- audited. Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
545
- Useful for unit-testing or a gazillion other things.
550
+ audited. Can be used to perform extremely specialized/narrow audits on a per vector/element basis.
551
+ Useful for unit-testing or a gazillion other things.
546
552
  - Script (`script`) -- Loads and runs an external Ruby script under the scope of a plugin,
547
- used for debugging and general hackery.
553
+ used for debugging and general hackery.
548
554
  - Uncommon headers (`uncommon_headers`) -- Logs uncommon headers.
549
555
  - Content-types (`content_types`) -- Logs content-types of server responses aiding in the
550
- identification of interesting (possibly leaked) files.
556
+ identification of interesting (possibly leaked) files.
551
557
  - Vector collector (`vector_collector`) -- Collects information about all seen input vectors
552
- which are within the scan scope.
558
+ which are within the scan scope.
553
559
  - Headers collector (`headers_collector`) -- Collects response headers based on specified criteria.
554
560
  - Exec (`exec`) -- Calls external executables at different scan stages.
555
561
  - Metrics (`metrics`) -- Captures metrics about multiple aspects of the scan and the web application.
556
562
  - Restrict to DOM state (`restrict_to_dom_state`) -- Restricts the audit to a single page's DOM
557
- state, based on a URL fragment.
563
+ state, based on a URL fragment.
558
564
  - Webhook notify (`webhook_notify`) -- Sends a webhook payload over HTTP at the end of the scan.
559
565
  - Rate limiter (`rate_limiter`) -- Rate limits HTTP requests.
560
566
  - Page dump (`page_dump`) -- Dumps page data to disk as YAML.
@@ -564,7 +570,7 @@ core remains lean and makes it easy for anyone to add arbitrary functionality.
564
570
  Default plugins will run for every scan and are placed under `/plugins/defaults/`.
565
571
 
566
572
  - AutoThrottle (`autothrottle`) -- Dynamically adjusts HTTP throughput during the scan for
567
- maximum bandwidth utilization.
573
+ maximum bandwidth utilization.
568
574
  - Healthmap (`healthmap`) -- Generates sitemap showing the health of each crawled/audited URL
569
575
 
570
576
  ###### Meta
@@ -573,12 +579,12 @@ Plugins under `/plugins/defaults/meta/` perform analysis on the scan results
573
579
  to determine trustworthiness or just add context information or general insights.
574
580
 
575
581
  - TimingAttacks (`timing_attacks`) -- Provides a notice for issues uncovered by timing attacks
576
- when the affected audited pages returned unusually high response times to begin with.
577
- It also points out the danger of DoS attacks against pages that perform heavy-duty processing.
582
+ when the affected audited pages returned unusually high response times to begin with.
583
+ It also points out the danger of DoS attacks against pages that perform heavy-duty processing.
578
584
  - Discovery (`discovery`) -- Performs anomaly detection on issues logged by discovery
579
- checks and warns of the possibility of false positives where applicable.
585
+ checks and warns of the possibility of false positives where applicable.
580
586
  - Uniformity (`uniformity`) -- Reports inputs that are uniformly vulnerable across a number
581
- of pages hinting to the lack of a central point of input sanitization.
587
+ of pages hinting to the lack of a central point of input sanitization.
582
588
 
583
589
  ### Trainer subsystem
584
590
 
@@ -628,10 +634,10 @@ need to follow in order to contribute code:
628
634
 
629
635
  * Fork the project.
630
636
  * Start a feature branch based on the [experimental](https://github.com/Arachni/arachni/tree/experimental)
631
- branch (`git checkout -b <feature-name> experimental`).
637
+ branch (`git checkout -b <feature-name> experimental`).
632
638
  * Add specs for your code.
633
639
  * Run the spec suite to make sure you didn't break anything (`rake spec:core`
634
- for the core libs or `rake spec` for everything).
640
+ for the core libs or `rake spec` for everything).
635
641
  * Commit and push your changes.
636
642
  * Issue a pull request and wait for your code to be reviewed.
637
643
 
data/Rakefile CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/arachni.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  # coding: utf-8
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -10,7 +10,7 @@
10
10
  Gem::Specification.new do |s|
11
11
  require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni/version'
12
12
 
13
- s.required_ruby_version = '>= 2.2.0'
13
+ s.required_ruby_version = '>= 2.3.0'
14
14
 
15
15
  s.name = 'arachni'
16
16
  s.version = Arachni::VERSION
@@ -43,76 +43,76 @@ Gem::Specification.new do |s|
43
43
 
44
44
  s.add_dependency 'awesome_print', '1.6.1'
45
45
 
46
- s.add_dependency 'rack', '1.6.4'
46
+ s.add_dependency 'rack', '2.2.3'
47
+ s.add_dependency 'rack-test'
47
48
 
48
49
  # Don't specify version, messes with the packages since they always grab the
49
50
  # latest one.
50
51
  s.add_dependency 'bundler'
51
52
 
52
- s.add_dependency 'concurrent-ruby', '1.0.2'
53
- s.add_dependency 'concurrent-ruby-ext', '1.0.2'
53
+ s.add_dependency 'concurrent-ruby', '1.0.5'
54
+ s.add_dependency 'concurrent-ruby-ext', '1.0.5'
54
55
 
55
56
  # For compressing/decompressing system state archives.
56
- s.add_dependency 'rubyzip', '1.2.1'
57
+ s.add_dependency 'rubyzip', '>= 1.3.0'
57
58
 
58
59
  # HTTP proxy server
59
60
  s.add_dependency 'http_parser.rb', '0.6.0'
60
61
 
61
62
  # HTML report
62
- s.add_dependency 'coderay', '1.1.0'
63
+ s.add_dependency 'coderay', '1.1.2'
63
64
 
64
- s.add_dependency 'childprocess', '0.5.3'
65
+ s.add_dependency 'childprocess', '0.9.0'
65
66
 
66
67
  # RPC serialization.
67
- s.add_dependency 'msgpack', '0.7.0'
68
+ s.add_dependency 'msgpack', '1.2.4'
68
69
 
69
70
  if RUBY_PLATFORM != 'java'
70
71
  # Optimized JSON.
71
- s.add_dependency 'oj', '2.15.0'
72
+ s.add_dependency 'oj', '3.6.5'
72
73
  s.add_dependency 'oj_mimic_json', '1.0.1'
73
74
  end
74
75
 
75
76
  # Web server
76
- s.add_dependency 'puma', '2.14.0'
77
+ s.add_dependency 'puma', '>= 4.3.9'
77
78
 
78
79
  # REST API
79
- s.add_dependency 'sinatra', '1.4.6'
80
- s.add_dependency 'sinatra-contrib', '1.4.6'
80
+ s.add_dependency 'sinatra', '2.1.0'
81
+ s.add_dependency 'sinatra-contrib', '2.1.0'
81
82
 
82
83
  # RPC client/server implementation.
83
84
  s.add_dependency 'arachni-rpc', '~> 0.2.1.4'
84
85
 
85
86
  # HTTP client.
86
- s.add_dependency 'typhoeus', '1.0.2'
87
+ s.add_dependency 'typhoeus', '1.3.0'
87
88
 
88
89
  # Fallback URI parsing and encoding utilities.
89
- s.add_dependency 'addressable', '2.3.6'
90
+ s.add_dependency 'addressable', '>= 2.8.0'
90
91
 
91
92
  # E-mail plugin.
92
- s.add_dependency 'pony', '1.11'
93
+ s.add_dependency 'pony', '1.12'
93
94
 
94
95
  # For the Arachni console (arachni_console).
95
- s.add_dependency 'rb-readline', '0.5.1'
96
+ s.add_dependency 'rb-readline', '0.5.5'
96
97
 
97
98
  # Markup parsing, for reports and Element::XML.
98
- s.add_dependency 'nokogiri', '1.6.8.1'
99
+ s.add_dependency 'nokogiri'
99
100
  # Really fast and lightweight markup parsing, for pages.
100
- s.add_dependency 'ox', '2.4.11'
101
+ s.add_dependency 'ox', '2.9.4'
101
102
 
102
103
  # Outputting data in table format (arachni_rpcd_monitor).
103
- s.add_dependency 'terminal-table', '1.4.5'
104
+ s.add_dependency 'terminal-table', '1.8.0'
104
105
 
105
106
  # Browser support for DOM/JS/AJAX analysis stuff.
106
- # Lock webdriver, newer versions has issues.
107
- s.add_dependency 'selenium-webdriver', '3.0.1'
108
- s.add_dependency 'watir-webdriver', '0.8.0'
107
+ s.add_dependency 'watir', '6.19.1'
108
+ s.add_dependency 'selenium-webdriver', '4.1.0'
109
109
 
110
110
  # Markdown to HTML conversion, used by the HTML report for component
111
111
  # descriptions.
112
- s.add_dependency 'kramdown', '1.4.1'
112
+ s.add_dependency 'kramdown', '>= 2.3.0'
113
113
 
114
114
  # Used to scrub Markdown for XSS etc.
115
- s.add_dependency 'loofah', '2.0.3'
115
+ s.add_dependency 'loofah', '>= 2.3.1'
116
116
 
117
117
  s.post_install_message = <<MSG
118
118
 
@@ -129,7 +129,7 @@ License - Arachni Public Source License v1.0
129
129
  (https://github.com/Arachni/arachni/blob/master/LICENSE.md)
130
130
  Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
131
131
  Twitter - http://twitter.com/ArachniScanner
132
- Copyright - 2010-2017 Sarosys LLC (http://www.sarosys.com)
132
+ Copyright - 2010-2022 Ecsypno (http://www.ecsypno.com)
133
133
 
134
134
  Please do not hesitate to ask for assistance (via the support portal)
135
135
  or report a bug (via GitHub Issues) if you come across any problem.
data/bin/arachni CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_console CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_multi CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_reporter CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework