arachni 1.5.1 → 1.6.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (648) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +56 -0
  3. data/Gemfile +2 -4
  4. data/LICENSE.md +1 -1
  5. data/README.md +116 -110
  6. data/Rakefile +1 -1
  7. data/arachni.gemspec +26 -26
  8. data/bin/arachni +1 -1
  9. data/bin/arachni_console +1 -1
  10. data/bin/arachni_multi +1 -1
  11. data/bin/arachni_reporter +1 -1
  12. data/bin/arachni_reproduce +1 -1
  13. data/bin/arachni_rest_server +1 -1
  14. data/bin/arachni_restore +1 -1
  15. data/bin/arachni_rpc +1 -1
  16. data/bin/arachni_rpcd +1 -1
  17. data/bin/arachni_rpcd_monitor +1 -1
  18. data/bin/arachni_script +1 -1
  19. data/components/checks/active/code_injection.rb +1 -1
  20. data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
  21. data/components/checks/active/code_injection_timing.rb +1 -1
  22. data/components/checks/active/csrf.rb +7 -2
  23. data/components/checks/active/file_inclusion.rb +1 -1
  24. data/components/checks/active/ldap_injection.rb +1 -1
  25. data/components/checks/active/no_sql_injection.rb +1 -1
  26. data/components/checks/active/no_sql_injection_differential.rb +3 -3
  27. data/components/checks/active/os_cmd_injection.rb +1 -1
  28. data/components/checks/active/os_cmd_injection_timing.rb +1 -1
  29. data/components/checks/active/path_traversal.rb +1 -1
  30. data/components/checks/active/response_splitting.rb +1 -1
  31. data/components/checks/active/rfi.rb +1 -1
  32. data/components/checks/active/session_fixation.rb +1 -1
  33. data/components/checks/active/source_code_disclosure.rb +1 -1
  34. data/components/checks/active/sql_injection.rb +1 -1
  35. data/components/checks/active/sql_injection_differential.rb +3 -3
  36. data/components/checks/active/sql_injection_timing.rb +1 -1
  37. data/components/checks/active/trainer.rb +1 -1
  38. data/components/checks/active/unvalidated_redirect.rb +1 -1
  39. data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
  40. data/components/checks/active/xpath_injection.rb +1 -1
  41. data/components/checks/active/xss.rb +4 -4
  42. data/components/checks/active/xss_dom.rb +1 -1
  43. data/components/checks/active/xss_dom_script_context.rb +1 -1
  44. data/components/checks/active/xss_event.rb +3 -3
  45. data/components/checks/active/xss_path.rb +1 -1
  46. data/components/checks/active/xss_script_context.rb +3 -3
  47. data/components/checks/active/xss_tag.rb +4 -3
  48. data/components/checks/active/xxe.rb +1 -1
  49. data/components/checks/passive/allowed_methods.rb +1 -1
  50. data/components/checks/passive/backdoors.rb +1 -1
  51. data/components/checks/passive/backup_directories.rb +1 -1
  52. data/components/checks/passive/backup_files.rb +2 -2
  53. data/components/checks/passive/common_admin_interfaces.rb +1 -1
  54. data/components/checks/passive/common_directories/directories.txt +1 -0
  55. data/components/checks/passive/common_directories.rb +1 -1
  56. data/components/checks/passive/common_files.rb +1 -1
  57. data/components/checks/passive/directory_listing.rb +1 -1
  58. data/components/checks/passive/grep/captcha.rb +1 -1
  59. data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
  60. data/components/checks/passive/grep/credit_card.rb +1 -1
  61. data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
  62. data/components/checks/passive/grep/emails.rb +1 -1
  63. data/components/checks/passive/grep/form_upload.rb +1 -1
  64. data/components/checks/passive/grep/hsts.rb +1 -1
  65. data/components/checks/passive/grep/html_objects.rb +1 -1
  66. data/components/checks/passive/grep/http_only_cookies.rb +1 -1
  67. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  68. data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
  69. data/components/checks/passive/grep/mixed_resource.rb +1 -1
  70. data/components/checks/passive/grep/password_autocomplete.rb +1 -1
  71. data/components/checks/passive/grep/private_ip.rb +1 -1
  72. data/components/checks/passive/grep/ssn.rb +1 -1
  73. data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
  74. data/components/checks/passive/grep/x_frame_options.rb +4 -4
  75. data/components/checks/passive/htaccess_limit.rb +1 -1
  76. data/components/checks/passive/http_put.rb +1 -1
  77. data/components/checks/passive/insecure_client_access_policy.rb +1 -1
  78. data/components/checks/passive/insecure_cross_domain_policy_access.rb +1 -1
  79. data/components/checks/passive/insecure_cross_domain_policy_headers.rb +1 -1
  80. data/components/checks/passive/interesting_responses.rb +1 -1
  81. data/components/checks/passive/localstart_asp.rb +1 -1
  82. data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
  83. data/components/checks/passive/webdav.rb +1 -1
  84. data/components/checks/passive/xst.rb +1 -1
  85. data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
  86. data/components/fingerprinters/frameworks/cakephp.rb +1 -1
  87. data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
  88. data/components/fingerprinters/frameworks/django.rb +1 -1
  89. data/components/fingerprinters/frameworks/jsf.rb +1 -1
  90. data/components/fingerprinters/frameworks/nette.rb +1 -1
  91. data/components/fingerprinters/frameworks/rack.rb +1 -1
  92. data/components/fingerprinters/frameworks/rails.rb +1 -1
  93. data/components/fingerprinters/frameworks/symfony.rb +1 -1
  94. data/components/fingerprinters/languages/asp.rb +1 -1
  95. data/components/fingerprinters/languages/aspx.rb +1 -1
  96. data/components/fingerprinters/languages/java.rb +1 -1
  97. data/components/fingerprinters/languages/php.rb +1 -1
  98. data/components/fingerprinters/languages/python.rb +1 -1
  99. data/components/fingerprinters/languages/ruby.rb +1 -1
  100. data/components/fingerprinters/os/bsd.rb +1 -1
  101. data/components/fingerprinters/os/linux.rb +1 -1
  102. data/components/fingerprinters/os/solaris.rb +1 -1
  103. data/components/fingerprinters/os/unix.rb +1 -1
  104. data/components/fingerprinters/os/windows.rb +1 -1
  105. data/components/fingerprinters/servers/apache.rb +1 -1
  106. data/components/fingerprinters/servers/gunicorn.rb +1 -1
  107. data/components/fingerprinters/servers/iis.rb +1 -1
  108. data/components/fingerprinters/servers/jetty.rb +1 -1
  109. data/components/fingerprinters/servers/nginx.rb +1 -1
  110. data/components/fingerprinters/servers/tomcat.rb +1 -1
  111. data/components/path_extractors/anchors.rb +1 -1
  112. data/components/path_extractors/areas.rb +1 -1
  113. data/components/path_extractors/comments.rb +1 -1
  114. data/components/path_extractors/data_url.rb +1 -1
  115. data/components/path_extractors/forms.rb +1 -1
  116. data/components/path_extractors/frames.rb +1 -1
  117. data/components/path_extractors/generic.rb +1 -1
  118. data/components/path_extractors/links.rb +1 -1
  119. data/components/path_extractors/meta_refresh.rb +1 -1
  120. data/components/path_extractors/scripts.rb +1 -1
  121. data/components/plugins/autologin.rb +1 -1
  122. data/components/plugins/beep_notify.rb +1 -1
  123. data/components/plugins/content_types.rb +1 -1
  124. data/components/plugins/cookie_collector.rb +1 -1
  125. data/components/plugins/debug/browser_cluster_job_monitor.rb +1 -1
  126. data/components/plugins/defaults/autothrottle.rb +1 -1
  127. data/components/plugins/defaults/healthmap.rb +2 -2
  128. data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
  129. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
  130. data/components/plugins/defaults/meta/uniformity.rb +1 -1
  131. data/components/plugins/email_notify.rb +1 -1
  132. data/components/plugins/exec.rb +3 -3
  133. data/components/plugins/form_dicattack.rb +1 -1
  134. data/components/plugins/headers_collector.rb +1 -1
  135. data/components/plugins/http_dicattack.rb +1 -1
  136. data/components/plugins/login_script.rb +1 -1
  137. data/components/plugins/metrics.rb +1 -1
  138. data/components/plugins/page_dump.rb +1 -1
  139. data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
  140. data/components/plugins/proxy/template_scope.rb +1 -1
  141. data/components/plugins/proxy.rb +3 -2
  142. data/components/plugins/rate_limiter.rb +1 -1
  143. data/components/plugins/restrict_to_dom_state.rb +1 -1
  144. data/components/plugins/script.rb +1 -1
  145. data/components/plugins/uncommon_headers.rb +1 -1
  146. data/components/plugins/vector_collector.rb +1 -1
  147. data/components/plugins/vector_feed.rb +1 -1
  148. data/components/plugins/waf_detector.rb +1 -1
  149. data/components/plugins/webhook_notify.rb +1 -1
  150. data/components/reporters/ap.rb +1 -1
  151. data/components/reporters/html/default/css/main.css +4 -0
  152. data/components/reporters/html/default.erb +9 -1
  153. data/components/reporters/html.rb +4 -6
  154. data/components/reporters/json.rb +1 -1
  155. data/components/reporters/marshal.rb +1 -1
  156. data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
  157. data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
  158. data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
  159. data/components/reporters/plugin_formatters/html/exec.rb +1 -1
  160. data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
  161. data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
  162. data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
  163. data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
  164. data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
  165. data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
  166. data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
  167. data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
  168. data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
  169. data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
  170. data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
  171. data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
  172. data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
  173. data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
  174. data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
  175. data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
  176. data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
  177. data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
  178. data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
  179. data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
  180. data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
  181. data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
  182. data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
  183. data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
  184. data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
  185. data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
  186. data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
  187. data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
  188. data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
  189. data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
  190. data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
  191. data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
  192. data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
  193. data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
  194. data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
  195. data/components/reporters/stdout.rb +6 -1
  196. data/components/reporters/txt.rb +1 -1
  197. data/components/reporters/xml/schema.xsd +1 -0
  198. data/components/reporters/xml.rb +3 -3
  199. data/components/reporters/yaml.rb +1 -1
  200. data/lib/arachni/banner.rb +1 -1
  201. data/lib/arachni/browser/element_locator.rb +1 -1
  202. data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
  203. data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
  204. data/lib/arachni/browser/javascript/proxy.rb +1 -1
  205. data/lib/arachni/browser/javascript/scripts/dom_monitor.js +39 -11
  206. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +41 -30
  207. data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
  208. data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
  209. data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
  210. data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
  211. data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
  212. data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
  213. data/lib/arachni/browser/javascript.rb +14 -29
  214. data/lib/arachni/browser.rb +133 -216
  215. data/lib/arachni/browser_cluster/job/result.rb +1 -1
  216. data/lib/arachni/browser_cluster/job.rb +1 -1
  217. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
  218. data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
  219. data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
  220. data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
  221. data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +1 -1
  222. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
  223. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  224. data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
  225. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
  226. data/lib/arachni/browser_cluster/worker.rb +11 -26
  227. data/lib/arachni/browser_cluster.rb +2 -3
  228. data/lib/arachni/check/auditor.rb +10 -5
  229. data/lib/arachni/check/base.rb +1 -1
  230. data/lib/arachni/check/manager.rb +1 -1
  231. data/lib/arachni/check.rb +1 -1
  232. data/lib/arachni/component/base.rb +1 -1
  233. data/lib/arachni/component/manager.rb +1 -1
  234. data/lib/arachni/component/options/address.rb +1 -1
  235. data/lib/arachni/component/options/base.rb +1 -1
  236. data/lib/arachni/component/options/bool.rb +1 -1
  237. data/lib/arachni/component/options/float.rb +1 -1
  238. data/lib/arachni/component/options/int.rb +1 -1
  239. data/lib/arachni/component/options/multiple_choice.rb +1 -1
  240. data/lib/arachni/component/options/object.rb +1 -1
  241. data/lib/arachni/component/options/path.rb +1 -1
  242. data/lib/arachni/component/options/port.rb +1 -1
  243. data/lib/arachni/component/options/string.rb +1 -1
  244. data/lib/arachni/component/options/url.rb +1 -1
  245. data/lib/arachni/component/options.rb +1 -1
  246. data/lib/arachni/component/output.rb +1 -1
  247. data/lib/arachni/component/utilities.rb +1 -1
  248. data/lib/arachni/component.rb +1 -1
  249. data/lib/arachni/data/framework/rpc.rb +2 -2
  250. data/lib/arachni/data/framework.rb +2 -2
  251. data/lib/arachni/data/issues.rb +1 -1
  252. data/lib/arachni/data/plugins.rb +1 -1
  253. data/lib/arachni/data/session.rb +1 -1
  254. data/lib/arachni/data.rb +1 -1
  255. data/lib/arachni/element/base.rb +1 -1
  256. data/lib/arachni/element/body.rb +1 -1
  257. data/lib/arachni/element/capabilities/analyzable/differential.rb +1 -1
  258. data/lib/arachni/element/capabilities/analyzable/signature.rb +1 -1
  259. data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
  260. data/lib/arachni/element/capabilities/analyzable.rb +1 -1
  261. data/lib/arachni/element/capabilities/auditable/buffered.rb +1 -1
  262. data/lib/arachni/element/capabilities/auditable/line_buffered.rb +1 -1
  263. data/lib/arachni/element/capabilities/auditable.rb +1 -1
  264. data/lib/arachni/element/capabilities/dom_only.rb +1 -1
  265. data/lib/arachni/element/capabilities/inputtable.rb +1 -1
  266. data/lib/arachni/element/capabilities/mutable.rb +1 -1
  267. data/lib/arachni/element/capabilities/refreshable.rb +1 -1
  268. data/lib/arachni/element/capabilities/submittable.rb +1 -1
  269. data/lib/arachni/element/capabilities/with_auditor/output.rb +1 -1
  270. data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
  271. data/lib/arachni/element/capabilities/with_dom.rb +1 -1
  272. data/lib/arachni/element/capabilities/with_node.rb +1 -1
  273. data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
  274. data/lib/arachni/element/capabilities/with_scope.rb +1 -1
  275. data/lib/arachni/element/capabilities/with_source.rb +1 -1
  276. data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
  277. data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
  278. data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
  279. data/lib/arachni/element/cookie/dom.rb +1 -1
  280. data/lib/arachni/element/cookie.rb +1 -1
  281. data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
  282. data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
  283. data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
  284. data/lib/arachni/element/dom/capabilities/mutable.rb +1 -1
  285. data/lib/arachni/element/dom/capabilities/submittable.rb +1 -1
  286. data/lib/arachni/element/dom.rb +1 -1
  287. data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
  288. data/lib/arachni/element/form/capabilities/mutable.rb +1 -1
  289. data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
  290. data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
  291. data/lib/arachni/element/form/dom.rb +1 -1
  292. data/lib/arachni/element/form.rb +1 -1
  293. data/lib/arachni/element/generic_dom.rb +1 -1
  294. data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
  295. data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
  296. data/lib/arachni/element/header.rb +1 -1
  297. data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
  298. data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
  299. data/lib/arachni/element/json.rb +1 -1
  300. data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
  301. data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
  302. data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
  303. data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
  304. data/lib/arachni/element/link/dom.rb +1 -1
  305. data/lib/arachni/element/link.rb +1 -1
  306. data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
  307. data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
  308. data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
  309. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
  310. data/lib/arachni/element/link_template/dom.rb +1 -1
  311. data/lib/arachni/element/link_template.rb +1 -1
  312. data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
  313. data/lib/arachni/element/nested_cookie.rb +370 -0
  314. data/lib/arachni/element/path.rb +1 -1
  315. data/lib/arachni/element/server.rb +1 -1
  316. data/lib/arachni/element/ui_form/dom.rb +1 -1
  317. data/lib/arachni/element/ui_form.rb +1 -1
  318. data/lib/arachni/element/ui_input/dom.rb +1 -1
  319. data/lib/arachni/element/ui_input.rb +1 -1
  320. data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
  321. data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
  322. data/lib/arachni/element/xml.rb +1 -1
  323. data/lib/arachni/element_filter.rb +1 -1
  324. data/lib/arachni/error.rb +1 -1
  325. data/lib/arachni/ethon/easy.rb +1 -1
  326. data/lib/arachni/framework/parts/audit.rb +1 -1
  327. data/lib/arachni/framework/parts/browser.rb +1 -1
  328. data/lib/arachni/framework/parts/check.rb +1 -1
  329. data/lib/arachni/framework/parts/data.rb +1 -1
  330. data/lib/arachni/framework/parts/platform.rb +1 -1
  331. data/lib/arachni/framework/parts/plugin.rb +1 -1
  332. data/lib/arachni/framework/parts/report.rb +1 -1
  333. data/lib/arachni/framework/parts/scope.rb +1 -1
  334. data/lib/arachni/framework/parts/state.rb +1 -1
  335. data/lib/arachni/framework.rb +1 -1
  336. data/lib/arachni/http/client/dynamic_404_handler.rb +1 -1
  337. data/lib/arachni/http/client.rb +7 -5
  338. data/lib/arachni/http/cookie_jar.rb +1 -1
  339. data/lib/arachni/http/headers.rb +1 -1
  340. data/lib/arachni/http/message/scope.rb +1 -1
  341. data/lib/arachni/http/message.rb +1 -1
  342. data/lib/arachni/http/proxy_server/connection.rb +3 -8
  343. data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
  344. data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
  345. data/lib/arachni/http/proxy_server/ssl_interceptor.rb +7 -6
  346. data/lib/arachni/http/proxy_server/tunnel.rb +1 -1
  347. data/lib/arachni/http/proxy_server.rb +1 -1
  348. data/lib/arachni/http/request/scope.rb +1 -1
  349. data/lib/arachni/http/request.rb +8 -2
  350. data/lib/arachni/http/response/scope.rb +1 -1
  351. data/lib/arachni/http/response.rb +1 -1
  352. data/lib/arachni/http.rb +1 -1
  353. data/lib/arachni/issue/severity/base.rb +1 -1
  354. data/lib/arachni/issue/severity.rb +1 -1
  355. data/lib/arachni/issue.rb +1 -1
  356. data/lib/arachni/option_group.rb +1 -1
  357. data/lib/arachni/option_groups/audit.rb +11 -2
  358. data/lib/arachni/option_groups/browser_cluster.rb +28 -4
  359. data/lib/arachni/option_groups/datastore.rb +1 -1
  360. data/lib/arachni/option_groups/dispatcher.rb +1 -1
  361. data/lib/arachni/option_groups/http.rb +5 -5
  362. data/lib/arachni/option_groups/input.rb +1 -1
  363. data/lib/arachni/option_groups/output.rb +1 -1
  364. data/lib/arachni/option_groups/paths.rb +1 -1
  365. data/lib/arachni/option_groups/rpc.rb +1 -1
  366. data/lib/arachni/option_groups/scope.rb +46 -4
  367. data/lib/arachni/option_groups/session.rb +1 -1
  368. data/lib/arachni/option_groups/snapshot.rb +1 -1
  369. data/lib/arachni/option_groups.rb +1 -1
  370. data/lib/arachni/options.rb +1 -1
  371. data/lib/arachni/page/dom/transition.rb +1 -1
  372. data/lib/arachni/page/dom.rb +1 -1
  373. data/lib/arachni/page/scope.rb +1 -1
  374. data/lib/arachni/page.rb +3 -3
  375. data/lib/arachni/parser/document.rb +1 -1
  376. data/lib/arachni/parser/extractors/base.rb +1 -1
  377. data/lib/arachni/parser/nodes/base.rb +1 -1
  378. data/lib/arachni/parser/nodes/comment.rb +1 -1
  379. data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +2 -2
  380. data/lib/arachni/parser/nodes/element/with_attributes.rb +1 -1
  381. data/lib/arachni/parser/nodes/element.rb +1 -1
  382. data/lib/arachni/parser/nodes/text.rb +1 -1
  383. data/lib/arachni/parser/nodes/with_value.rb +2 -2
  384. data/lib/arachni/parser/sax.rb +2 -1
  385. data/lib/arachni/parser/with_children/search.rb +1 -1
  386. data/lib/arachni/parser/with_children.rb +1 -1
  387. data/lib/arachni/parser.rb +31 -2
  388. data/lib/arachni/platform/fingerprinter.rb +1 -1
  389. data/lib/arachni/platform/list.rb +1 -1
  390. data/lib/arachni/platform/manager.rb +1 -1
  391. data/lib/arachni/platform.rb +1 -1
  392. data/lib/arachni/plugin/base.rb +1 -1
  393. data/lib/arachni/plugin/formatter.rb +1 -1
  394. data/lib/arachni/plugin/manager.rb +1 -1
  395. data/lib/arachni/plugin.rb +1 -1
  396. data/lib/arachni/processes/dispatchers.rb +1 -1
  397. data/lib/arachni/processes/executables/base.rb +2 -1
  398. data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
  399. data/lib/arachni/processes/helpers/instances.rb +1 -1
  400. data/lib/arachni/processes/helpers/processes.rb +1 -1
  401. data/lib/arachni/processes/helpers.rb +1 -1
  402. data/lib/arachni/processes/instances.rb +1 -1
  403. data/lib/arachni/processes/manager.rb +9 -5
  404. data/lib/arachni/processes.rb +1 -1
  405. data/lib/arachni/report.rb +1 -1
  406. data/lib/arachni/reporter/base.rb +1 -1
  407. data/lib/arachni/reporter/formatter_manager.rb +1 -1
  408. data/lib/arachni/reporter/manager.rb +1 -1
  409. data/lib/arachni/reporter/options.rb +1 -10
  410. data/lib/arachni/reporter.rb +1 -1
  411. data/lib/arachni/rest/server/instance_helpers.rb +10 -1
  412. data/lib/arachni/rest/server.rb +7 -1
  413. data/lib/arachni/rpc/client/base.rb +1 -1
  414. data/lib/arachni/rpc/client/dispatcher.rb +1 -1
  415. data/lib/arachni/rpc/client/instance/framework.rb +1 -1
  416. data/lib/arachni/rpc/client/instance/service.rb +1 -1
  417. data/lib/arachni/rpc/client/instance.rb +1 -1
  418. data/lib/arachni/rpc/serializer.rb +1 -1
  419. data/lib/arachni/rpc/server/active_options.rb +1 -1
  420. data/lib/arachni/rpc/server/base.rb +1 -1
  421. data/lib/arachni/rpc/server/check/manager.rb +1 -1
  422. data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
  423. data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
  424. data/lib/arachni/rpc/server/dispatcher.rb +1 -1
  425. data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
  426. data/lib/arachni/rpc/server/framework/master.rb +1 -1
  427. data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
  428. data/lib/arachni/rpc/server/framework/slave.rb +1 -1
  429. data/lib/arachni/rpc/server/framework.rb +1 -1
  430. data/lib/arachni/rpc/server/instance.rb +1 -1
  431. data/lib/arachni/rpc/server/output.rb +1 -1
  432. data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
  433. data/lib/arachni/ruby/array.rb +1 -1
  434. data/lib/arachni/ruby/hash.rb +1 -1
  435. data/lib/arachni/ruby/object.rb +1 -1
  436. data/lib/arachni/ruby/set.rb +1 -1
  437. data/lib/arachni/ruby/string.rb +1 -1
  438. data/lib/arachni/ruby/webrick/cookie.rb +1 -1
  439. data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
  440. data/lib/arachni/ruby/webrick.rb +1 -1
  441. data/lib/arachni/ruby.rb +1 -1
  442. data/lib/arachni/scope.rb +1 -1
  443. data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +6 -16
  444. data/lib/arachni/session.rb +1 -1
  445. data/lib/arachni/snapshot.rb +1 -1
  446. data/lib/arachni/state/audit.rb +1 -1
  447. data/lib/arachni/state/element_filter.rb +1 -1
  448. data/lib/arachni/state/framework/rpc.rb +1 -1
  449. data/lib/arachni/state/framework.rb +1 -1
  450. data/lib/arachni/state/http.rb +1 -1
  451. data/lib/arachni/state/options.rb +1 -1
  452. data/lib/arachni/state/plugins.rb +1 -1
  453. data/lib/arachni/state.rb +1 -1
  454. data/lib/arachni/support/buffer/autoflush.rb +1 -1
  455. data/lib/arachni/support/buffer/base.rb +1 -1
  456. data/lib/arachni/support/buffer.rb +1 -1
  457. data/lib/arachni/support/cache/base.rb +1 -1
  458. data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
  459. data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
  460. data/lib/arachni/support/cache/least_recently_used.rb +1 -1
  461. data/lib/arachni/support/cache/preference.rb +1 -1
  462. data/lib/arachni/support/cache/random_replacement.rb +1 -1
  463. data/lib/arachni/support/cache.rb +1 -1
  464. data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
  465. data/lib/arachni/support/crypto.rb +1 -1
  466. data/lib/arachni/support/database/base.rb +15 -7
  467. data/lib/arachni/support/database/hash.rb +1 -1
  468. data/lib/arachni/support/database/queue.rb +1 -1
  469. data/lib/arachni/support/database.rb +1 -1
  470. data/lib/arachni/support/glob.rb +1 -1
  471. data/lib/arachni/support/lookup/base.rb +1 -1
  472. data/lib/arachni/support/lookup/hash_set.rb +1 -1
  473. data/lib/arachni/support/lookup/moolb.rb +1 -1
  474. data/lib/arachni/support/lookup.rb +1 -1
  475. data/lib/arachni/support/mixins/observable.rb +1 -1
  476. data/lib/arachni/support/mixins/terminal.rb +1 -1
  477. data/lib/arachni/support/mixins.rb +1 -1
  478. data/lib/arachni/support/profiler.rb +1 -1
  479. data/lib/arachni/support/signature.rb +1 -1
  480. data/lib/arachni/support.rb +1 -1
  481. data/lib/arachni/trainer.rb +1 -1
  482. data/lib/arachni/ui/foo/output.rb +1 -1
  483. data/lib/arachni/uri/scope.rb +1 -1
  484. data/lib/arachni/uri.rb +6 -9
  485. data/lib/arachni/utilities.rb +1 -1
  486. data/lib/arachni/version.rb +1 -1
  487. data/lib/arachni.rb +1 -1
  488. data/lib/version +1 -1
  489. data/logs/error-1821117.log +243 -0
  490. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +84 -60
  491. data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
  492. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -90
  493. data/spec/arachni/browser/javascript_spec.rb +10 -9
  494. data/spec/arachni/browser_cluster/worker_spec.rb +23 -55
  495. data/spec/arachni/browser_spec.rb +160 -158
  496. data/spec/arachni/data/framework/rpc_spec.rb +1 -1
  497. data/spec/arachni/data/framework_spec.rb +1 -1
  498. data/spec/arachni/element/cookie_spec.rb +1 -1
  499. data/spec/arachni/element/nested_cookie_spec.rb +687 -0
  500. data/spec/arachni/element/ui_form_spec.rb +2 -2
  501. data/spec/arachni/element/ui_input_spec.rb +1 -1
  502. data/spec/arachni/http/client_spec.rb +14 -26
  503. data/spec/arachni/http/cookie_jar_spec.rb +2 -2
  504. data/spec/arachni/http/proxy_server_spec.rb +2 -0
  505. data/spec/arachni/http/request_spec.rb +3 -2
  506. data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
  507. data/spec/arachni/option_groups/http_spec.rb +6 -6
  508. data/spec/arachni/option_groups/scope_spec.rb +1 -6
  509. data/spec/arachni/page_spec.rb +3 -2
  510. data/spec/arachni/parser_spec.rb +45 -1
  511. data/spec/arachni/reporter/options_spec.rb +0 -14
  512. data/spec/arachni/rest/server_spec.rb +39 -2
  513. data/spec/arachni/uri_spec.rb +1 -1
  514. data/spec/components/checks/active/code_injection_spec.rb +12 -7
  515. data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
  516. data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
  517. data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
  518. data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
  519. data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
  520. data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
  521. data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
  522. data/spec/components/checks/active/path_traversal_spec.rb +10 -7
  523. data/spec/components/checks/active/response_splitting_spec.rb +5 -4
  524. data/spec/components/checks/active/rfi_spec.rb +9 -8
  525. data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
  526. data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
  527. data/spec/components/checks/active/sql_injection_spec.rb +53 -36
  528. data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
  529. data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
  530. data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
  531. data/spec/components/checks/active/xss_dom_script_context_spec.rb +5 -5
  532. data/spec/components/checks/active/xss_event_spec.rb +5 -3
  533. data/spec/components/checks/active/xss_script_context_spec.rb +4 -3
  534. data/spec/components/checks/active/xss_spec.rb +5 -4
  535. data/spec/components/checks/active/xss_tag_spec.rb +11 -3
  536. data/spec/components/checks/passive/backup_files_spec.rb +0 -4
  537. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
  538. data/spec/spec_helper.rb +2 -1
  539. data/spec/support/factories/http/response.rb +1 -1
  540. data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
  541. data/spec/support/fixtures/checks/test.rb +4 -4
  542. data/spec/support/fixtures/checks/test2.rb +1 -1
  543. data/spec/support/fixtures/checks/test3.rb +1 -1
  544. data/spec/support/fixtures/cookies.txt +1 -1
  545. data/spec/support/fixtures/executables/node.rb +2 -3
  546. data/spec/support/fixtures/fingerprinters/test.rb +1 -1
  547. data/spec/support/fixtures/nested_cookies.txt +11 -0
  548. data/spec/support/fixtures/plugins/bad.rb +1 -1
  549. data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
  550. data/spec/support/fixtures/plugins/distributable.rb +1 -1
  551. data/spec/support/fixtures/plugins/loop.rb +1 -1
  552. data/spec/support/fixtures/plugins/suspendable.rb +1 -1
  553. data/spec/support/fixtures/plugins/wait.rb +1 -1
  554. data/spec/support/fixtures/plugins/with_options.rb +1 -1
  555. data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
  556. data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
  557. data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
  558. data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
  559. data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
  560. data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
  561. data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
  562. data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
  563. data/spec/support/fixtures/report.afr +0 -0
  564. data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
  565. data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
  566. data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
  567. data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
  568. data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
  569. data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
  570. data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
  571. data/spec/support/fixtures/run_check/body.rb +1 -1
  572. data/spec/support/fixtures/run_check/cookies.rb +1 -1
  573. data/spec/support/fixtures/run_check/empty.rb +1 -1
  574. data/spec/support/fixtures/run_check/flch.rb +1 -1
  575. data/spec/support/fixtures/run_check/forms.rb +1 -1
  576. data/spec/support/fixtures/run_check/headers.rb +1 -1
  577. data/spec/support/fixtures/run_check/links.rb +1 -1
  578. data/spec/support/fixtures/run_check/nil.rb +1 -1
  579. data/spec/support/fixtures/run_check/path.rb +1 -1
  580. data/spec/support/fixtures/run_check/server.rb +1 -1
  581. data/spec/support/fixtures/signature_check/signature.rb +1 -1
  582. data/spec/support/fixtures/wait_check/wait.rb +1 -1
  583. data/spec/support/helpers/framework.rb +1 -1
  584. data/spec/support/helpers/misc.rb +1 -1
  585. data/spec/support/helpers/paths.rb +1 -1
  586. data/spec/support/helpers/requires.rb +1 -1
  587. data/spec/support/helpers/resets.rb +1 -1
  588. data/spec/support/helpers/web_server.rb +1 -1
  589. data/spec/support/lib/factory.rb +1 -1
  590. data/spec/support/lib/web_server_client.rb +1 -1
  591. data/spec/support/lib/web_server_dispatcher.rb +1 -1
  592. data/spec/support/lib/web_server_manager.rb +1 -1
  593. data/spec/support/servers/arachni/check/auditor.rb +1 -0
  594. data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
  595. data/spec/support/servers/arachni/element/form.rb +4 -4
  596. data/spec/support/servers/arachni/element/header.rb +1 -1
  597. data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
  598. data/spec/support/servers/arachni/parser.rb +6 -0
  599. data/spec/support/servers/checks/active/code_injection.rb +18 -0
  600. data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
  601. data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
  602. data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
  603. data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
  604. data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
  605. data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
  606. data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
  607. data/spec/support/servers/checks/active/path_traversal.rb +30 -3
  608. data/spec/support/servers/checks/active/response_splitting.rb +30 -1
  609. data/spec/support/servers/checks/active/rfi.rb +30 -2
  610. data/spec/support/servers/checks/active/session_fixation.rb +1 -3
  611. data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
  612. data/spec/support/servers/checks/active/sql_injection.rb +27 -0
  613. data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
  614. data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
  615. data/spec/support/servers/checks/active/unvalidated_redirect.rb +40 -1
  616. data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
  617. data/spec/support/servers/checks/active/xss.rb +40 -0
  618. data/spec/support/servers/checks/active/xss_event.rb +22 -1
  619. data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
  620. data/spec/support/servers/checks/active/xss_tag.rb +40 -0
  621. data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
  622. data/spec/support/shared/check.rb +1 -0
  623. data/spec/support/shared/element/capabilities/auditable/buffered.rb +2 -2
  624. data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +2 -2
  625. data/spec/support/shared/element/capabilities/auditable.rb +2 -2
  626. data/ui/cli/framework/option_parser.rb +44 -8
  627. data/ui/cli/framework.rb +6 -5
  628. data/ui/cli/option_parser.rb +1 -1
  629. data/ui/cli/output.rb +1 -1
  630. data/ui/cli/reporter/option_parser.rb +1 -1
  631. data/ui/cli/reporter.rb +1 -1
  632. data/ui/cli/reproduce/option_parser.rb +1 -1
  633. data/ui/cli/reproduce.rb +1 -1
  634. data/ui/cli/rest/server/option_parser.rb +1 -1
  635. data/ui/cli/rest/server.rb +1 -1
  636. data/ui/cli/restored_framework/option_parser.rb +1 -1
  637. data/ui/cli/restored_framework.rb +1 -1
  638. data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
  639. data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
  640. data/ui/cli/rpc/client/instance.rb +7 -4
  641. data/ui/cli/rpc/client/local/option_parser.rb +1 -1
  642. data/ui/cli/rpc/client/local.rb +1 -1
  643. data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
  644. data/ui/cli/rpc/client/remote.rb +1 -1
  645. data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
  646. data/ui/cli/rpc/server/dispatcher.rb +1 -1
  647. data/ui/cli/utilities.rb +1 -1
  648. metadata +603 -581
data/bin/arachni_reproduce CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_rest_server CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_restore CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_rpc CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_rpcd CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_rpcd_monitor CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/bin/arachni_script CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  =begin
3
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
3
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
4
4
 
5
5
  This file is part of the Arachni Framework project and is subject to
6
6
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/code_injection.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/code_injection_php_input_wrapper.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/code_injection_timing.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/csrf.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -40,6 +40,11 @@
40
40
  class Arachni::Checks::CSRF < Arachni::Check::Base
41
41
 
42
42
  def run
43
+ # TODO:
44
+ # Check forms that were created dynamically via JS.
45
+ # Maybe add a csrf_dom check?
46
+ return if page.dom.transitions.any?
47
+
43
48
  print_status 'Looking for CSRF candidates...'
44
49
  print_status 'Simulating logged-out user.'
45
50
 
@@ -95,7 +100,7 @@ checks them for lack of anti-CSRF tokens.
95
100
  },
96
101
  elements: [ Element::Form ],
97
102
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
98
- version: '0.4',
103
+ version: '0.4.1',
99
104
 
100
105
  issue: {
101
106
  name: %q{Cross-Site Request Forgery},
data/components/checks/active/file_inclusion.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/ldap_injection.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/no_sql_injection.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/no_sql_injection_differential.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -37,9 +37,9 @@ It uses differential analysis to determine how different inputs affect the behav
37
37
  of the web application and checks if the displayed behavior is consistent with
38
38
  that of a vulnerable application.
39
39
  },
40
- elements: [ Element::Link, Element::Form, Element::Cookie ],
40
+ elements: [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ],
41
41
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
42
- version: '0.1.2',
42
+ version: '0.1.3',
43
43
  platforms: [ :nosql ],
44
44
 
45
45
  issue: {
data/components/checks/active/os_cmd_injection.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/os_cmd_injection_timing.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/path_traversal.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/response_splitting.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/rfi.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/session_fixation.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/source_code_disclosure.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/sql_injection.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/sql_injection_differential.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -55,9 +55,9 @@ It uses differential analysis to determine how different inputs affect behavior
55
55
  of the web application and checks if the displayed behavior is consistent with
56
56
  that of a vulnerable application.
57
57
  },
58
- elements: [ Element::Link, Element::Form, Element::Cookie ],
58
+ elements: [ Element::Link, Element::Form, Element::Cookie, Element::NestedCookie ],
59
59
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
60
- version: '0.4.4',
60
+ version: '0.4.5',
61
61
  platforms: [ :sql ],
62
62
 
63
63
  issue: {
data/components/checks/active/sql_injection_timing.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/trainer.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/unvalidated_redirect.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/unvalidated_redirect_dom.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/xpath_injection.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/xss.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -144,7 +144,7 @@ class Arachni::Checks::Xss < Arachni::Check::Base
144
144
 
145
145
  return if !proof
146
146
 
147
- proof
147
+ proof.to_html
148
148
  end
149
149
 
150
150
  def self.info
@@ -155,9 +155,9 @@ Injects an HTML element into page inputs and then parses the HTML markup of
155
155
  tainted responses to look for proof of vulnerability.
156
156
  },
157
157
  elements: [Element::Form, Element::Link, Element::Cookie,
158
- Element::Header, Element::LinkTemplate],
158
+ Element::NestedCookie, Element::Header, Element::LinkTemplate],
159
159
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
160
- version: '0.4.9',
160
+ version: '0.4.10',
161
161
 
162
162
  issue: {
163
163
  name: %q{Cross-Site Scripting (XSS)},
data/components/checks/active/xss_dom.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/xss_dom_script_context.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/xss_event.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -125,9 +125,9 @@ class Arachni::Checks::XssEvent < Arachni::Check::Base
125
125
  {
126
126
  name: 'XSS in HTML element event attribute',
127
127
  description: %q{Cross-Site Scripting in event tag of HTML element.},
128
- elements: [Element::Form, Element::Link, Element::Cookie, Element::Header],
128
+ elements: [Element::Form, Element::Link, Element::Cookie, Element::NestedCookie, Element::Header],
129
129
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
130
- version: '0.1.9',
130
+ version: '0.1.10',
131
131
 
132
132
  issue: {
133
133
  name: %q{Cross-Site Scripting (XSS) in event tag of HTML element},
data/components/checks/active/xss_path.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/active/xss_script_context.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -223,9 +223,9 @@ class Arachni::Checks::XssScriptContext < Arachni::Check::Base
223
223
  Injects JS taint code and check to see if it gets executed as proof of vulnerability.
224
224
  },
225
225
  elements: [ Element::Form, Element::Link, Element::Cookie,
226
- Element::Header, Element::LinkTemplate ],
226
+ Element::NestedCookie, Element::Header, Element::LinkTemplate ],
227
227
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
228
- version: '0.2.5',
228
+ version: '0.2.6',
229
229
 
230
230
  issue: {
231
231
  name: %q{Cross-Site Scripting (XSS) in script context},
data/components/checks/active/xss_tag.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -83,9 +83,10 @@ class Arachni::Checks::XssTag < Arachni::Check::Base
83
83
  {
84
84
  name: 'XSS in HTML tag',
85
85
  description: %q{Cross-Site Scripting in HTML tag.},
86
- elements: [ Element::Form, Element::Link, Element::Cookie, Element::Header ],
86
+ elements: [ Element::Form, Element::Link, Element::Cookie,
87
+ Element::NestedCookie, Element::Header ],
87
88
  author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
88
- version: '0.1.11',
89
+ version: '0.1.12',
89
90
 
90
91
  issue: {
91
92
  name: %q{Cross-Site Scripting (XSS) in HTML tag},
data/components/checks/active/xxe.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/allowed_methods.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/backdoors.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/backup_directories.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/backup_files.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
@@ -18,7 +18,7 @@ class Arachni::Checks::BackupFiles < Arachni::Check::Base
18
18
  ),
19
19
  video: %w(asf rm mpg mpeg mpe 3gp 3g2 avi flv mov mp4 swf vob wmv),
20
20
  audio: %w(aif mp3 mpa ra wav wma mid m4a ogg flac),
21
- font: %w(ttf otf woff fon fnt)
21
+ font: %w(ttf otf woff woff2 fon fnt)
22
22
  }
23
23
 
24
24
  IGNORE_EXTENSIONS = Set.new( IGNORE_MIME_TYPES.values.flatten )
data/components/checks/passive/common_admin_interfaces.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/common_directories/directories.txt CHANGED
@@ -496,3 +496,4 @@ intern
496
496
  extern
497
497
  /rails/info/properties
498
498
  /rails/info/routes
499
+ .git
data/components/checks/passive/common_directories.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/common_files.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/directory_listing.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/captcha.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/credit_card.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/cvs_svn_users.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/emails.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/form_upload.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/hsts.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/html_objects.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/http_only_cookies.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/insecure_cookies.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/insecure_cors_policy.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/mixed_resource.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/password_autocomplete.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework
data/components/checks/passive/grep/private_ip.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  =begin
2
- Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
2
+ Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
3
3
 
4
4
  This file is part of the Arachni Framework project and is subject to
5
5
  redistribution and commercial restrictions. Please see the Arachni Framework