RubyGems - arachni - Versions diffs - 1.5 → 1.6.1 - Mend

arachni 1.5 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (718) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +63 -0
data/Gemfile +2 -4
data/LICENSE.md +1 -1
data/README.md +112 -111
data/Rakefile +1 -43
data/arachni.gemspec +26 -26
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +1 -1
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +7 -2
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +3 -3
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +1 -1
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection_differential.rb +3 -3
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +4 -4
data/components/checks/active/xss_dom.rb +1 -1
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +3 -3
data/components/checks/active/xss_path.rb +1 -1
data/components/checks/active/xss_script_context.rb +3 -3
data/components/checks/active/xss_tag.rb +4 -3
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +1 -1
data/components/checks/passive/backup_files.rb +2 -2
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_directories/directories.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -4
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +1 -1
data/components/checks/passive/insecure_cross_domain_policy_access.rb +1 -1
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +1 -1
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +1 -1
data/components/path_extractors/scripts.rb +2 -2
data/components/plugins/autologin.rb +1 -1
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +2 -2
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +1 -1
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +1 -1
data/components/plugins/metrics.rb +20 -20
data/components/plugins/page_dump.rb +1 -1
data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/proxy.rb +3 -2
data/components/plugins/rate_limiter.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +1 -1
data/components/plugins/webhook_notify.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html/default.erb +3 -1
data/components/reporters/html.rb +5 -7
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml/schema.xsd +1 -0
data/components/reporters/xml.rb +3 -3
data/components/reporters/yaml.rb +1 -1
data/config/write_paths.yml +4 -0
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser/element_locator.rb +1 -1
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +39 -26
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +58 -40
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript.rb +14 -36
data/lib/arachni/browser.rb +133 -216
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +11 -26
data/lib/arachni/browser_cluster.rb +2 -3
data/lib/arachni/check/auditor.rb +28 -66
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/check.rb +1 -1
data/lib/arachni/component/base.rb +1 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +2 -2
data/lib/arachni/data/framework.rb +2 -2
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/signature.rb +2 -2
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/auditable/buffered.rb +1 -1
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +1 -1
data/lib/arachni/element/capabilities/auditable.rb +1 -1
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +1 -1
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/cookie.rb +1 -1
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +1 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +1 -1
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/form.rb +1 -1
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/header.rb +1 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +1 -1
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link.rb +1 -1
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +1 -1
data/lib/arachni/element/link_template.rb +1 -1
data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
data/lib/arachni/element/nested_cookie.rb +370 -0
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +1 -1
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_form.rb +1 -1
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +1 -1
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element/xml.rb +1 -1
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +1 -1
data/lib/arachni/framework/parts/browser.rb +1 -1
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +2 -2
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/http/client/dynamic_404_handler.rb +1 -1
data/lib/arachni/http/client.rb +7 -5
data/lib/arachni/http/cookie_jar.rb +1 -1
data/lib/arachni/http/headers.rb +1 -1
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/message.rb +2 -2
data/lib/arachni/http/proxy_server/connection.rb +3 -8
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +7 -6
data/lib/arachni/http/proxy_server/tunnel.rb +1 -1
data/lib/arachni/http/proxy_server.rb +1 -1
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/request.rb +8 -2
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/http/response.rb +3 -3
data/lib/arachni/http.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups/audit.rb +11 -2
data/lib/arachni/option_groups/browser_cluster.rb +28 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +5 -5
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +12 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +46 -4
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/options.rb +2 -2
data/lib/arachni/page/dom/transition.rb +1 -1
data/lib/arachni/page/dom.rb +1 -1
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/page.rb +3 -3
data/lib/arachni/parser/document.rb +1 -1
data/lib/arachni/parser/extractors/base.rb +1 -1
data/lib/arachni/parser/nodes/base.rb +1 -1
data/lib/arachni/parser/nodes/comment.rb +1 -1
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +2 -2
data/lib/arachni/parser/nodes/element/with_attributes.rb +1 -1
data/lib/arachni/parser/nodes/element.rb +1 -1
data/lib/arachni/parser/nodes/text.rb +2 -2
data/lib/arachni/parser/nodes/with_value.rb +2 -2
data/lib/arachni/parser/sax.rb +2 -1
data/lib/arachni/parser/with_children/search.rb +1 -1
data/lib/arachni/parser/with_children.rb +2 -2
data/lib/arachni/parser.rb +33 -10
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +1 -1
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +1 -1
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/base.rb +2 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +9 -5
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -10
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/rest/server/instance_helpers.rb +10 -1
data/lib/arachni/rest/server.rb +7 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +6 -16
data/lib/arachni/session.rb +1 -1
data/lib/arachni/snapshot.rb +2 -2
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/database/base.rb +16 -10
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/profiler.rb +1 -1
data/lib/arachni/support/signature.rb +1 -1
data/lib/arachni/support.rb +1 -1
data/lib/arachni/trainer.rb +1 -1
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/uri.rb +6 -9
data/lib/arachni/utilities.rb +1 -1
data/lib/arachni/version.rb +1 -1
data/lib/arachni.rb +1 -7
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +81 -77
data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -90
data/spec/arachni/browser/javascript_spec.rb +10 -16
data/spec/arachni/browser_cluster/worker_spec.rb +23 -55
data/spec/arachni/browser_spec.rb +160 -158
data/spec/arachni/check/auditor_spec.rb +44 -165
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +1 -1
data/spec/arachni/element/nested_cookie_spec.rb +687 -0
data/spec/arachni/element/ui_form_spec.rb +2 -2
data/spec/arachni/element/ui_input_spec.rb +1 -1
data/spec/arachni/http/client_spec.rb +14 -26
data/spec/arachni/http/cookie_jar_spec.rb +2 -2
data/spec/arachni/http/proxy_server_spec.rb +2 -0
data/spec/arachni/http/request_spec.rb +3 -2
data/spec/arachni/issue_spec.rb +1 -1
data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
data/spec/arachni/option_groups/http_spec.rb +6 -6
data/spec/arachni/option_groups/paths_spec.rb +23 -1
data/spec/arachni/option_groups/scope_spec.rb +1 -6
data/spec/arachni/page_spec.rb +3 -2
data/spec/arachni/parser_spec.rb +45 -1
data/spec/arachni/platform/list_spec.rb +1 -2
data/spec/arachni/reporter/options_spec.rb +0 -14
data/spec/arachni/rest/server_spec.rb +39 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/uri_spec.rb +1 -1
data/spec/components/checks/active/code_injection_spec.rb +12 -7
data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/path_traversal_spec.rb +10 -7
data/spec/components/checks/active/response_splitting_spec.rb +5 -4
data/spec/components/checks/active/rfi_spec.rb +9 -8
data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +53 -36
data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
data/spec/components/checks/active/xss_dom_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_event_spec.rb +5 -3
data/spec/components/checks/active/xss_script_context_spec.rb +4 -3
data/spec/components/checks/active/xss_spec.rb +5 -4
data/spec/components/checks/active/xss_tag_spec.rb +11 -3
data/spec/components/checks/passive/backup_files_spec.rb +0 -4
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
data/spec/spec_helper.rb +2 -1
data/spec/support/factories/http/response.rb +1 -1
data/spec/support/factories/issue.rb +1 -2
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +4 -4
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +1 -1
data/spec/support/fixtures/executables/node.rb +2 -3
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/nested_cookies.txt +11 -0
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +1 -1
data/spec/support/servers/arachni/check/auditor.rb +1 -0
data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
data/spec/support/servers/arachni/element/form.rb +4 -4
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
data/spec/support/servers/arachni/parser.rb +6 -0
data/spec/support/servers/checks/active/code_injection.rb +18 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
data/spec/support/servers/checks/active/path_traversal.rb +30 -3
data/spec/support/servers/checks/active/response_splitting.rb +30 -1
data/spec/support/servers/checks/active/rfi.rb +30 -2
data/spec/support/servers/checks/active/session_fixation.rb +1 -3
data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
data/spec/support/servers/checks/active/sql_injection.rb +27 -0
data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
data/spec/support/servers/checks/active/unvalidated_redirect.rb +40 -1
data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
data/spec/support/servers/checks/active/xss.rb +40 -0
data/spec/support/servers/checks/active/xss_event.rb +22 -1
data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
data/spec/support/servers/checks/active/xss_tag.rb +40 -0
data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
data/spec/support/shared/check.rb +1 -0
data/spec/support/shared/element/capabilities/auditable/buffered.rb +2 -2
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +2 -2
data/spec/support/shared/element/capabilities/auditable.rb +2 -2
data/ui/cli/framework/option_parser.rb +44 -8
data/ui/cli/framework.rb +6 -5
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +1 -1
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reproduce/option_parser.rb +1 -1
data/ui/cli/reproduce.rb +1 -1
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/instance.rb +7 -4
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +602 -707
data/logs/error-11897.log +0 -2006
data/logs/error-3855.log +0 -382
data/spec/support/logs/Dispatcher - 1024-31864.log +0 -10
data/spec/support/logs/Dispatcher - 1047-41465.log +0 -10
data/spec/support/logs/Dispatcher - 1274-60799.log +0 -64
data/spec/support/logs/Dispatcher - 1295-1058.log +0 -44
data/spec/support/logs/Dispatcher - 1313-27076.log +0 -40
data/spec/support/logs/Dispatcher - 1332-17127.log +0 -35
data/spec/support/logs/Dispatcher - 1350-7351.log +0 -29
data/spec/support/logs/Dispatcher - 1368-38528.log +0 -22
data/spec/support/logs/Dispatcher - 1386-17419.log +0 -14
data/spec/support/logs/Dispatcher - 31030-26156.log +0 -10
data/spec/support/logs/Dispatcher - 321-27189.log +0 -12
data/spec/support/logs/Dispatcher - 32353-50061.log +0 -20
data/spec/support/logs/Dispatcher - 32450-61574.log +0 -10
data/spec/support/logs/Dispatcher - 32470-53874.log +0 -20
data/spec/support/logs/Dispatcher - 32491-10523.log +0 -18
data/spec/support/logs/Dispatcher - 32509-8583.log +0 -14
data/spec/support/logs/Dispatcher - 32536-21209.log +0 -10
data/spec/support/logs/Dispatcher - 32556-53881.log +0 -10
data/spec/support/logs/Dispatcher - 32579-49083.log +0 -50
data/spec/support/logs/Dispatcher - 32761-20025.log +0 -12
data/spec/support/logs/Dispatcher - 347-17512.log +0 -12
data/spec/support/logs/Dispatcher - 3489-43230.log +0 -24
data/spec/support/logs/Dispatcher - 3524-57459.log +0 -26
data/spec/support/logs/Dispatcher - 3559-21544.log +0 -20
data/spec/support/logs/Dispatcher - 3764-33844.log +0 -25
data/spec/support/logs/Dispatcher - 3798-45350.log +0 -26
data/spec/support/logs/Dispatcher - 382-15725.log +0 -12
data/spec/support/logs/Dispatcher - 3836-6205.log +0 -21
data/spec/support/logs/Dispatcher - 4112-45433.log +0 -22
data/spec/support/logs/Dispatcher - 4148-53510.log +0 -26
data/spec/support/logs/Dispatcher - 415-29873.log +0 -14
data/spec/support/logs/Dispatcher - 4185-29736.log +0 -18
data/spec/support/logs/Dispatcher - 4268-60912.log +0 -25
data/spec/support/logs/Dispatcher - 4303-39372.log +0 -26
data/spec/support/logs/Dispatcher - 4342-42190.log +0 -21
data/spec/support/logs/Dispatcher - 463-55220.log +0 -26
data/spec/support/logs/Dispatcher - 4649-12104.log +0 -22
data/spec/support/logs/Dispatcher - 4683-32355.log +0 -26
data/spec/support/logs/Dispatcher - 4724-41636.log +0 -18
data/spec/support/logs/Dispatcher - 4881-57692.log +0 -22
data/spec/support/logs/Dispatcher - 4961-64665.log +0 -26
data/spec/support/logs/Dispatcher - 502-8742.log +0 -25
data/spec/support/logs/Dispatcher - 5052-61726.log +0 -18
data/spec/support/logs/Dispatcher - 536-15972.log +0 -22
data/spec/support/logs/Dispatcher - 620-2220.log +0 -20
data/spec/support/logs/Dispatcher - 638-17826.log +0 -18
data/spec/support/logs/Dispatcher - 656-23967.log +0 -16
data/spec/support/logs/Dispatcher - 700-15701.log +0 -12
data/spec/support/logs/Dispatcher - 726-6080.log +0 -10
data/spec/support/logs/Dispatcher - 749-56590.log +0 -18
data/spec/support/logs/Dispatcher - 807-19073.log +0 -18
data/spec/support/logs/Dispatcher - 871-8764.log +0 -10
data/spec/support/logs/Dispatcher - 898-21496.log +0 -12
data/spec/support/logs/Dispatcher - 933-64070.log +0 -12
data/spec/support/logs/Instance - 1577-32284.error.log +0 -151
data/spec/support/logs/Instance - 1625-58174.error.log +0 -154
data/spec/support/logs/Instance - 2727-57968.error.log +0 -151
data/spec/support/logs/Instance - 2898-20648.error.log +0 -303
data/spec/support/logs/Instance - 2901-30845.error.log +0 -429
data/spec/support/logs/Instance - 31185-37600.error.log +0 -174
data/spec/support/logs/Instance - 3319-20111.error.log +0 -175
data/spec/support/logs/error-3855.log +0 -5132

data/lib/arachni/http/proxy_server/connection.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -84,7 +84,7 @@ class Connection < Arachni::Reactor::Connection
                                 url:     sanitize_url( @parser.request_url, headers ),
                                 method:  method,
                                 body:    @body,
-                                headers: headers
+                                headers: Arachni::HTTP::Client.headers.to_h.merge( headers )
                             )
                         )
@@ -140,10 +140,6 @@ class Connection < Arachni::Reactor::Connection
             if @options[:request_handler].call( request, response )
                 print_debug_level_3 '-- Handler approves, running...'
-                # Even though it's a blocking request, force it to go through
-                # the HTTP::Client in order to handle cookie update and
-                # fingerprinting handlers.
-                HTTP::Client.queue( request )
                 response = request.run
                 print_debug_level_3 "-- ...completed in #{response.time}: #{response.status_line}"
@@ -153,7 +149,6 @@ class Connection < Arachni::Reactor::Connection
         else
             print_debug_level_3 '-- Running...'
-            HTTP::Client.queue( request )
             response = request.run
             print_debug_level_3 "-- ...completed in #{response.time}: #{response.status_line}"
@@ -296,7 +291,7 @@ class Connection < Arachni::Reactor::Connection
             headers.delete name
         end
-        headers
+        headers.to_h
     end
     def cleanup_response_headers( headers )

data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem CHANGED Viewed

@@ -1,34 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIF6zCCA9OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCR1Ix
-DzANBgNVBAgMBkF0dGlrYTEPMA0GA1UEBwwGQXRoZW5zMRAwDgYDVQQKDAdBcmFj
-aG5pMQ4wDAYDVQQLDAVQcm94eTEQMA4GA1UEAwwHQXJhY2huaTEqMCgGCSqGSIb3
-DQEJARYbYXJhY2huaUBhcmFjaG5pLXNjYW5uZXIuY29tMB4XDTE1MDYxNDAyMDgz
-MVoXDTI1MDYxMTAyMDgzMVowgY8xCzAJBgNVBAYTAkdSMQ8wDQYDVQQIDAZBdHRp
-a2ExDzANBgNVBAcMBkF0aGVuczEQMA4GA1UECgwHQXJhY2huaTEOMAwGA1UECwwF
-UHJveHkxEDAOBgNVBAMMB0FyYWNobmkxKjAoBgkqhkiG9w0BCQEWG2FyYWNobmlA
-YXJhY2huaS1zY2FubmVyLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAKfH1iQiuG8zYS514F8zZLp8//00gPIML7+wcJn4cw2iN+yEix6RuZEIzqva
-TfC4H6lZTyUhsoGZCeYAzzH9BMri/9uHJF+4worPfVKYIsm3TnMOVYoIC1kP1/Gj
-Y1ih8KI/3baw0pddtJJeQ5/GjDaxx4+ynY4ZxrNcFmbTYXSrPcd62V/D4+edVnLi
-uQsUezWYx7gNFiAuPRtlgJVBwzRoPV+Fh7Es2/SfmNSfGBCCYOpj4Fh0GOv7pSV0
-9TeF1W/XqDoq/eZ7RzLXoFK0Rz70/22MnFWAIdEUHZqwh3ktndNEK2QHq9FRGUx8
-cUlXVAJgYv8tTErYVBltKIi2qgbnkh0Rb+rT2OkgmSL9lg0PwpXChMeSo6o6riC7
-5a8PQi6OmIseY742QYmBXApXDHtSzaY8onHUvqgxFrFpP0Bmca3AoF6kWQfXfRwS
-ClMLwfBBDVeb+Tt97MO1G4m2VEW6c7o9H1t4td55LGslUzfJrmFe99vjAtdRTVqG
-t3qDjbYi5VpE9kIyKcPHZkSKelMQ4VO1qB14CdaK/3ufqHTk7Ro2hKgstKDqnTCF
-R7Qb9yXFsb1QyNtW8898T5mQm0HWQxdkaxcodizVjY5inHgqNwPa7A469EYFm5in
-dLSOQtdPOV4q+y5lfhA2MkE3pRdSZPpnTqCEkSVVoKfdVlftAgMBAAGjUDBOMB0G
-A1UdDgQWBBRvmR7gGqIfTQB0GygwgI22Kyr1bDAfBgNVHSMEGDAWgBRvmR7gGqIf
-TQB0GygwgI22Kyr1bDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAx
-g+ZjxJZXW1dYkc9ItXwAZba7oQJapLPu1iWCFy5cU13gck2MwDqfaDApNdr+erHg
-WN7N+smMO+x3+lZZptzTfc6g/hBthBBAnetj8CUehjnWCo3aBGgVLE/mIEyHyFym
-JX6xgcNYpvEzHT2o3Kmu/dAHCqY/3P9NtGJMhf7fy/Zz72tGY+ZTlthFSGWOjIEV
-KXTtYnRUKmIRBLMacZmrJKIZCp/qGVSnFh9yjxHTWPNXXngGMxF9ItsFbdakjefn
-hi2sHqns6/YbMaD2wK42dRQH1wH66DCGbyDPQO2j8iGK1q4Ggps+mGNYNBzMSAO/
-ybdGRLQNq8ag7RXr/tNp/jYHopS/Ga0+3bOnCKf6MXNOolknSZhsOo16BWKDRd+d
-m9ZTlro9AQr9+jdychG41IQNHXySrC5F1jLtzpEE5CJZIXkEFNYRcO9HMByJ3qwG
-759oYcMklwhU+NSC5qXpD2Z9KGf5rc0HmoO6OyD4T8hnQXkuAqoIN/NBg6YSNisN
-H2C2gbl+taRLt0/RVCiacylo5pl3XSZuQxtGaQl55gRXQDPnlfB2CtIrV44gHZOJ
-88s+Ld9h44aoT2rWbLld6dU5ElZXWEJOim+aYKJewxX7PwEHn4iCpvMLu+4jXH3j
-OkDTHheVJkxyhTDQ43ebg3/qi4yFaQyAHk3bQItwCw==
+MIIDSzCCAjOgAwIBAgIUYcNQxDuiU4HcgTPTRe8+r4QM87YwDQYJKoZIhvcNAQEN
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjExMTI0MDkzODI1WhcNMzEx
+MTIyMDkzODI1WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMXSNkRqFHAwBxiC8bgiQNDKQxeJq68NGd7ofq4z
++vDziB0XnAiR6cWMmRVXRO0kSTNUMpum+uDPD0zvlgMgu/I0MBckck9hmoWQaq5N
+mzAHiweFIhI283HzPaDb3Ucmkv9HMXOH60gzD3d+Bft2f661F/xzdhDpwMr+HG3x
+hcVr7jJEFNFgZkzXHYPJgRq9SF7Tb/hMJDcwZaOwp62/vdvniDLI+lXnPtpWUVtG
+IdQJdVk27NW0mRKaYPp7GlpOjHezyfTaUzh+e8KHD+A/2JWSgkeh2FhO8nsxH6Rj
+nB97hJdsR6Bq+IH7z6BA1/mm2GWPwzvycMNwKRQpJzgH2uUCAwEAAaOBkDCBjTAd
+BgNVHQ4EFgQUizexcP6110RDXbXGDUZEMwnbkM0wUQYDVR0jBEowSIAUizexcP61
+10RDXbXGDUZEMwnbkM2hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRhw1DE
+O6JTgdyBM9NF7z6vhAzztjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQ0FAAOCAQEACPb7DedEorHyfPuCiF0yXCKWZlKSsb4IzBooIxsRjrCG
+RKjbix3PEiRZTEwEFgalq4kL9C954io2/4CzfxPcvNv9xNd176UaFTW7t8zRP43m
+vNY3aEO5l52GvDc+i3OZ2CDT4d2oQt10ZeYCHzHBJwu4+v0nqhgMBFXeclrnDf/h
+wI1A6ijk0VYBDI0mJx8pSiLsJrDIM7Rd2jDwgkH3YbhKTYctdzraYVBQl9itqHNc
+wQ9u8+OqsKuYkvSuUiGts4UWuMN1B8ePa/pjpareuoFiQDqZGZh2hUxBc41Mmc7o
+5aSOBcR4JGItYbkzU/KSUskfhWpFWJSBbHDKeqKXaA==
 -----END CERTIFICATE-----

data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem CHANGED Viewed

@@ -1,51 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAp8fWJCK4bzNhLnXgXzNkunz//TSA8gwvv7BwmfhzDaI37ISL
-HpG5kQjOq9pN8LgfqVlPJSGygZkJ5gDPMf0EyuL/24ckX7jCis99UpgiybdOcw5V
-iggLWQ/X8aNjWKHwoj/dtrDSl120kl5Dn8aMNrHHj7KdjhnGs1wWZtNhdKs9x3rZ
-X8Pj551WcuK5CxR7NZjHuA0WIC49G2WAlUHDNGg9X4WHsSzb9J+Y1J8YEIJg6mPg
-WHQY6/ulJXT1N4XVb9eoOir95ntHMtegUrRHPvT/bYycVYAh0RQdmrCHeS2d00Qr
-ZAer0VEZTHxxSVdUAmBi/y1MSthUGW0oiLaqBueSHRFv6tPY6SCZIv2WDQ/ClcKE
-x5KjqjquILvlrw9CLo6Yix5jvjZBiYFcClcMe1LNpjyicdS+qDEWsWk/QGZxrcCg
-XqRZB9d9HBIKUwvB8EENV5v5O33sw7UbibZURbpzuj0fW3i13nksayVTN8muYV73
-2+MC11FNWoa3eoONtiLlWkT2QjIpw8dmRIp6UxDhU7WoHXgJ1or/e5+odOTtGjaE
-qCy0oOqdMIVHtBv3JcWxvVDI21bzz3xPmZCbQdZDF2RrFyh2LNWNjmKceCo3A9rs
-Djr0RgWbmKd0tI5C1085Xir7LmV+EDYyQTelF1Jk+mdOoISRJVWgp91WV+0CAwEA
-AQKCAgAo/qXvDGC+IvKy1HBvMnKBMnul1YdQHPQpxSWuKUuLYECD1NrdLEQIEPvW
-d6+lioeJ7F1vOC2Sht8pSLdXgngCTravX/TeQpmeKxZ28N9HJDfR2wXBhTeomjts
-OjzS8jaGnk5BDjFWdLnjLY8eYffugT++d6kRiHDJcE208B8Wz6R3siecw5NTC1mN
-FqKZ93YnYV4jNWdbk5CwuftR/NCCZJniVhESlGBmA/zmrrzFg+XEP4UYd72DI2h1
-n38vAs9k1W+wTsLc5vA9lvwAWTYzRs+GZ93m8jjRCjY1jr57OE8gyL5FYa50pXkl
-/B3+Co1nSz/FE79ZZkQeNlK6HM+sHM5K0UILW+lKcDci+ABGH9mwkEtJwvg6XkhZ
-2iGyBaXtEObzaDugZoNuttAURbA32r9kRJNtPXP/Q0/fkQHTpd70iq9ax0Ztdh3H
-hatt9VxN3h+NVl4xfZrBJdQYUrxb6wrraABnz7QUmRpHMulgaSnAIXe4MvZEleKe
-tAZg9sIRzzYy1bkQLdwgwTHuNNUm6usiK7HRBv94R4PycPsXTAq8CSGp0FheSW+S
-QmFCeJhaEaNGRC5mp5Wk7sycVrKDu63ch8cABdFewTuB7LZCnviY/9CGdfu+LFgD
-bQGEqq+OxHXOr6xb5c7W5LY7oxWafab6OohHPOulcxEIOF3NzQKCAQEA2gvN9i97
-+ntPXg4q4uk3rq6QpLke+q6MjM289xaNgkN2fQthxAzo3bK7yc7+zKbmKXIxrb0n
-GWWY/xTci6NS8W44YxdwZNB0LORa6gkpH3znsYLa4HsOYQTtLDu/6rOwE+EUwPA/
-UUp1TaseD0+eV8Jrz8whqdU33wUSs2mi6R7kYcb8J9PXnlHz9qw3TuPPug2Tt7Q8
-AmydJ/XiniEN2gF0DS3+99cbqLb2C7CeX7W+E8sxYRs2tQliWIMYr1iXDkKRi2Qb
-KnUQWD/N4WwNYQ6mwYKwc6J1T37Ucp5FWYwVBqa5vV1KbrXb4JLJCWqwsy+mpE+i
-wlfVVKgIi/j7ywKCAQEAxPwv8GBx84amUVBLPAUo5LPFhTOvZmHGNMNvYjVdk5Ud
-B37M3XbQMiTKQoeDII4Rr1cnkLUDm4eqgROkmlBAJZB9QLIrc87Hre8jW3eucU8y
-kVc90yUprc7WmvOcF1zilvjcNbt2gsVlmhbWuyqqn1aWfzvxjzqUXW6Xju0jD0wi
-a5qeMOVhJXrSTdy0gjZ7qg4BVWr01rIAuqifBKt7En9ynxqI4XEyzK9RYpex3ek1
-yJzVAW3fn/HN1pKpBLS6QOsUtqWQDQKGZM6zYDR49mnUuTWYkhh3pXeHQ3uNsJwR
-wS+FPu8YaiodGLXclwTmLZz093D7eChsoAjDvvB0JwKCAQEAtOVkOyFL5xQUVYDF
-fblkk8yJfc+DbxAO1OX/JrMUNYUIsVcXBhJ7wyn8d8H+TAUPIEV4B57M6FoMo1tI
-WaTnNBtwNm2Etm7mYzQUZOOytUfn5LIeKmyNElqG9dKgNvRaWTO8BxGKRkPSq9wS
-NTulr0NCNIQzTXXyQ1kvGZ/DI0qYyLHQEq7CzLtK/lQEErQXa1DGQ3sI6i339+Yb
-23qqxjm8cQ6+4Bka/k7ENBCUY+0gw8Uos1pjebBOYgZpHVgPAiqiGxWzH/c81yog
-ASumseX43MQy5cxbLNeZI3pBKLh53SnHIN5b2RuRTnAYz3IvJImc4+aZrkg2WWSK
-qq2nHwKCAQAaqR8743HIygKcosdr+i7MtWAYZSRqMPWIkqLyodJmdRoWt5y2pKwM
-/Vm6o2il8VSHbL5YIYe5dyUmjygKEq575xBsvzCOXgA8lE8uxAYCI/vuG+asOy1m
-7sWw9yO7LcElOc1kIFkr3deggVLSxjWNl0SLN+u7vOvzsVIl8AZ8vYszERwz9feu
-AO+RxjtQHFukanzXuMAmhrT+jm/nS+Y+XK2AxzCbgpyjg176fxl9tWCoJEHYDazk
-ku+PCQ6DKorC2o5VIhdbC2pxHmC8tp1gjHZUEuLxcwpOhNzzzzcgHh9xDCN2nxmo
-1MZXX9XZQrp8le+5xbrjSmVZS5Zis1ylAoIBADOMSmu//rdDwCwptRByopmLiE+S
-2AayD1Xk7X9YjkotXNYttOfnnnXq6pyEj4X0c0ISL9MkyADJ6+mx5GWH6yQlWIjo
-T00AcL5//IreAIRGluUhkFeI45QvgFfinKRiIN9YzAqhNHCEM7lEYGhMygD0OK0Y
-ZluvUvYshFLXbZA7+rYCzLM5FgeY2dxMJ4lIiXZwC5cbE95mf6bGlGb8/deBp0eW
-iGVyOSoY/Eh6qDDrQV4FOFRVFg7+9CKr8VDNizKTE6/JZFOb/F85QLwzx1zaJD1A
-FmGleWRh50XEaSAB0lA4LPWUl/m6r45bB03d9A6mx4axgl7ttjaIz6Vw9WQ=
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,2A035C8A165173F5841E28DE1D0A3673
+3hM9SEm1c4Hhu4HPApkPtuA4sl34K0Ul46jH34Ep+rt1tPkC+rPSS+dmZffVOc+j
+eOHajJf0rJXxjJ3ugsnXqmoTIMTEVgTG81+RQ1DfF1S4HWmp0zyqEnltXzrUV22l
+H/B783dEBdaFnUbnAISNePqNuU4f5rNPzlSMZlZ9WtiTXsB6QMUrGaLyDBpVsG3S
+lNFiqeRsCumvheH5UXFECzN/jy+m569uYkla8W5DivjhLd4eg0KZsa0Z6NpdbFTL
+E7ZouXkm33UbyhIPgz8Z5PA9CVAbcVZEKmXoanHbvz0kUYZY6DTpm/E62dBoSSmn
+R9831JKJDcQ+VdGbsDrbwTMKqx8dezCk6S5XrBd6hp7eE5FjN4+8IU4XRs57B/X9
+rWDvzxBwKKRh1l6MRu1bSsmlKd1+pAXz9Bi+6goYQfn+LsWTluUWpB+HYSfT1/AN
+V9XNjbZ70nlmUJtRhgctAt1O6sWpG3gPkWuBlhWr5rngeQr7t/Q6N5BS8UJ5yq9L
+jhDjUT9aZDEUdqIIh+3WTAPO4uMHHIohq2AtFi1PXqjajGAj8sQlAsST/ePjNkLz
+A/jZ+M8wc8Q8pyVrci3m9m6Kme2JI9JbvuOvkr7aAe3B6NLfpBx6BR7yT7dmGDxu
+in3qph/23xRTj1FLG/QEbHFRTiFxTQhD6kximZk68D0/b5GEv9grXlZk53DSaZ/o
+MTlsC+UwniKtGw3BhKqlH1KE0sYkS0ivRyUeQTH6Vujg33/asdNGu1U4nhTtZZWb
+2y4DVK+ZW36bKudY1klWTS+C3E1kHI9pOYlvmdTIV8maU930AFRGSITZZ/3yLjgm
+2SLcs2YrPWLZVgPe5O0w1N2ushxUDnclxvUr5HDH+thndmCB498e/1YIMFzb+c4f
+QfJjvGlEtmo5LxSCodlhGJ9Uw/K1CTAefiXkcpUx8AZV6/UEaFSlVk7XW7e/vcDZ
+sUvLm1oZXCnOzQIv3++akf+kZnFrTuwnIaAtVaBczluJihUDEv69WPymJ3kVNJ8C
+vo/R2oXQrtwI4NjdZ2pg3tka3RUJ7q9yT7KTnjeAhI1ZzTV8MbsT+mxA8nDixVtS
+kXInhCkara1STTFt0rUsiuaZxV3/sK4TpVmkm+hrbeEfacaFq2ZtAO6dtfyPL+Kq
+U4GkjEzK6fZ7elFzZ+xISV7oS+PBcNk2pqKZxI5rg8JMtBAgiUnVmIVqGuD9nNzf
+sttPzjbw1S3ezC7hcmTNcKa9UzAUO4+RBmakiVMBIHYEPyXTGgvbsFUT6abXg6pb
+tvKNnMaBDkF+YP+QTcbo4kJ7f//e1XNHbtnGkLu9N+PL45vam7YQFpq3YpwYVl18
+PfjoYCWoR8CfUzXEdf7blURzjyvbGg1DQ/WskenfupmpdVtxsiqzEcEgzyOsWmL0
+e7kx4IrOI49VS0aePDUh92kCKLl9+wKNfD+UNEaYuXo0sqYBmlBNBdUBzljokzxC
+GIag0AYLoIMZe0ccEa3PpVuAa0uMMrfVujLx3bXY5PrVw69gEPwc+GZz8MgAQWX5
+BGxtnrv1qhe6RpIB0AibY3myO+qIlVEOszJHDoMK8J5MKwu50s5L8R0M+Y3JdGHi
 -----END RSA PRIVATE KEY-----

data/lib/arachni/http/proxy_server/ssl_interceptor.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -16,6 +16,7 @@ class SSLInterceptor < Connection
     include TLS
+    CA_PASSPHRASE = 'interceptor'
     CA_CERTIFICATE = File.dirname( __FILE__ ) + '/ssl-interceptor-cacert.pem'
     CA_KEY         = File.dirname( __FILE__ ) + '/ssl-interceptor-cakey.pem'
@@ -43,9 +44,9 @@ class SSLInterceptor < Connection
         if @role == :server
             ca     = OpenSSL::X509::Certificate.new( File.read( CA_CERTIFICATE ) )
-            ca_key = OpenSSL::PKey::RSA.new( File.read( CA_KEY ) )
+            ca_key = OpenSSL::PKey::RSA.new( File.read( CA_KEY ), CA_PASSPHRASE )
-            keypair = OpenSSL::PKey::RSA.new( 1024 )
+            keypair = OpenSSL::PKey::RSA.new( 2048 )
             req            = OpenSSL::X509::Request.new
             req.version    = 0
@@ -53,12 +54,12 @@ class SSLInterceptor < Connection
                 "CN=#{@origin_host}/subjectAltName=#{@origin_host}/O=Arachni/OU=Proxy/L=Athens/ST=Attika/C=GR"
             )
             req.public_key = keypair.public_key
-            req.sign( keypair, OpenSSL::Digest::SHA1.new )
+            req.sign( keypair, OpenSSL::Digest::SHA256.new )
             cert            = OpenSSL::X509::Certificate.new
             cert.version    = 2
             cert.serial     = rand( 999999 )
-            cert.not_before = Time.new
+            cert.not_before = Time.new - 600
             cert.not_after  = cert.not_before + (60 * 60 * 24 * 365)
             cert.public_key = req.public_key
             cert.subject    = req.subject
@@ -78,7 +79,7 @@ class SSLInterceptor < Connection
                                      true
                 )
             ]
-            cert.sign( ca_key, OpenSSL::Digest::SHA1.new )
+            cert.sign( ca_key, OpenSSL::Digest::SHA256.new )
             @ssl_context = OpenSSL::SSL::SSLContext.new
             @ssl_context.cert = cert

data/lib/arachni/http/proxy_server/tunnel.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/http/proxy_server.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/http/request/scope.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/http/request.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -832,7 +832,13 @@ class Request < Message
     def client_run
         # Set #on_complete so that the #response will be set.
         on_complete {}
-        to_typhoeus.run
+        treq = self.to_typhoeus
+        hydra = (Thread.current[:client_run_hydra] ||= Typhoeus::Hydra.new)
+        hydra.queue treq
+        hydra.run
         self.response
     end

data/lib/arachni/http/response/scope.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/http/response.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -286,7 +286,7 @@ class Response < Message
         redirections = response.redirections.map do |redirect|
             rurl   = URI.to_absolute( redirect.headers['Location'],
                                       response.effective_url )
-            rurl ||= response.effective_url
+            rurl ||= URI.normalize( response.effective_url )
             # Broken redirection, skip it...
             next if !rurl
@@ -296,7 +296,7 @@ class Response < Message
                 code:          redirect.code,
                 headers:       redirect.headers
             ))
-        end
+        end.compact
         return_code    = response.return_code
         return_message = response.return_message

data/lib/arachni/http.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/issue/severity/base.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/issue/severity.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/issue.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_group.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/audit.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -114,6 +114,15 @@ class Audit < Arachni::OptionGroup
     alias :cookie_doms  :cookies
     alias :cookie_doms= :cookies=
+    # @note Default is `false`.
+    #
+    # @return    [Bool]
+    #   Audit nested cookies.
+    #
+    # @see Element::NestedCookie
+    # @see Element::Capabilities::Auditable#audit
+    attr_accessor :nested_cookies
     # @note Default is `false`.
     #
     # @return    [Bool]
@@ -284,7 +293,7 @@ class Audit < Arachni::OptionGroup
     end
     alias :element? :elements?
-    [:links, :forms, :cookies, :headers, :cookies_extensively,
+    [:links, :forms, :cookies, :nested_cookies, :headers, :cookies_extensively,
      :with_both_http_methods, :link_doms, :form_doms, :cookie_doms,
      :jsons, :xmls, :ui_inputs, :ui_input_doms, :ui_forms, :ui_form_doms,
      :parameter_values, :parameter_names, :with_extra_parameter].each do |attribute|

data/lib/arachni/option_groups/browser_cluster.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -17,6 +17,10 @@ class BrowserCluster < Arachni::OptionGroup
     #   Data to be set in the browser's `localStorage`.
     attr_accessor :local_storage
+    # @return   [Hash]
+    #   Data to be set in the browser's `sessionStorage`.
+    attr_accessor :session_storage
     # @return   [Hash<Regexp,String>]
     #   When the page URL matched the key `Regexp`, wait until the `String` CSS
     #   selector in the value matches an element.
@@ -46,21 +50,31 @@ class BrowserCluster < Arachni::OptionGroup
     #   Screen height.
     attr_accessor :screen_height
+    # @return   [Bool]
+    #   Shall we wait for the max timer to fire on the page?
+    attr_accessor :wait_for_timers
     set_defaults(
         local_storage:       {},
+        session_storage:     {},
         wait_for_elements:   {},
-        pool_size:           6,
+        wait_for_timers:     false,
+        pool_size:           4,
         # Not actually a timeout for the job anymore, sets a timeout for Selenium
         # communication HTTP requests.
         # Name hijacked for compatibility, but should probably change in the
         # future.
-        job_timeout:         10,
-        worker_time_to_live: 100,
+        job_timeout:         60,
+        worker_time_to_live: 250,
         ignore_images:       false,
         screen_width:        1600,
         screen_height:       1200
     )
+    def wait_for_timers?
+        !!@wait_for_timers
+    end
     def local_storage=( data )
         data ||= {}
@@ -71,6 +85,16 @@ class BrowserCluster < Arachni::OptionGroup
         @local_storage = data
     end
+    def session_storage=( data )
+        data ||= {}
+        if !data.is_a?( Hash )
+            fail ArgumentError, "Expected data to be Hash, got #{data.class} instead."
+        end
+        @session_storage = data
+    end
     def css_to_wait_for( url )
         wait_for_elements.map do |pattern, css|
             next if !(url =~ pattern)

data/lib/arachni/option_groups/datastore.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/dispatcher.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/http.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -251,11 +251,11 @@ class HTTP < Arachni::OptionGroup
     attr_accessor :ssl_version
     set_defaults(
-        user_agent:             "Arachni/v#{Arachni::VERSION}",
-        request_timeout:        10_000,
+        user_agent:             "Mozilla/5.0 (Gecko) Arachni/v#{Arachni::VERSION}",
+        request_timeout:        20_000,
         request_redirect_limit: 5,
-        request_concurrency:    20,
-        request_queue_size:     100,
+        request_concurrency:    10,
+        request_queue_size:     50,
         request_headers:        {},
         response_max_size:      500_000,
         cookies:                {},

data/lib/arachni/option_groups/input.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/output.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/paths.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -7,6 +7,7 @@
 =end
 require 'fileutils'
+require 'tmpdir'
 module Arachni::OptionGroups
@@ -75,6 +76,16 @@ class Paths < Arachni::OptionGroup
         File.expand_path( File.dirname( __FILE__ ) + '/../../..' ) + '/'
     end
+    def tmpdir
+        if config['framework']['tmpdir'].to_s.empty?
+            # On MS Windows Dir.tmpdir can return the path with a shortname,
+            # better avoid that as it can be insonsistent with other paths.
+            Arachni.get_long_win32_filename( Dir.tmpdir )
+        else
+            Arachni.get_long_win32_filename( config['framework']['tmpdir'] )
+        end
+    end
     def config
         self.class.config
     end

data/lib/arachni/option_groups/rpc.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/scope.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -14,6 +14,38 @@ module Arachni::OptionGroups
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class Scope < Arachni::OptionGroup
+    EXCLUDE_MIME_TYPES = {
+      # Media
+      image:       %w(
+            gif bmp tif tiff jpg jpeg jpe pjpeg png ico psd xcf 3dm max svg eps
+            drw ai
+        ),
+      video:       %w(asf rm mpg mpeg mpe 3gp 3g2  avi flv mov mp4 swf vob wmv),
+      audio:       %w(aif mp3 mpa ra wav wma mid m4a ogg flac),
+      # Generic data
+      archive:     %w(zip zipx tar gz 7z rar bz2),
+      disk:        %w(bin cue dmg iso mdf vcd raw),
+      # Executables -- or thereabouts.
+      application: %w(exe apk app jar pkg deb rpm msi),
+      # Assets
+      #
+      # The browsers will not check the scope for asset files, so these shouldn't
+      # mess with it, they should only narrow down the audit.
+      font:        %w(ttf otf woff woff2 fon fnt),
+      stylesheet:  %w(css),
+      script:      %w(js),
+      # Documents
+      #
+      # Allow rtf, ps, xls, doc, ppt, ppts since they can contain greppable text.
+      document:    %w(pdf docx xlsx pptx odt odp),
+    }
+    EXCLUDE_FILE_EXTENSIONS = Set.new( EXCLUDE_MIME_TYPES.values.flatten.uniq )
     # @note `nil` is infinite -- default is `nil`.
     #
     # @return    [Integer]
@@ -38,6 +70,14 @@ class Scope < Arachni::OptionGroup
     # @see Browser#trigger_events
     attr_accessor :dom_event_limit
+    # @note `nil` is infinite -- default is `nil`.
+    #
+    # @return    [Integer]
+    #   How many elements should inherit the DOM events of their parents.
+    #
+    # @see Browser#trigger_events
+    attr_accessor :dom_event_inheritance_limit
     # @note `nil` is infinite -- default is `nil`.
     #
     # @return    [Integer]
@@ -145,9 +185,11 @@ class Scope < Arachni::OptionGroup
     attr_accessor :url_rewrites
     set_defaults(
+        directory_depth_limit:    10,
+        auto_redundant_paths:     15,
         redundant_path_patterns:  {},
-        dom_depth_limit:          5,
-        exclude_file_extensions:  Set.new,
+        dom_depth_limit:          4,
+        exclude_file_extensions:  EXCLUDE_FILE_EXTENSIONS,
         exclude_path_patterns:    [],
         exclude_content_patterns: [],
         include_path_patterns:    [],
@@ -201,7 +243,7 @@ class Scope < Arachni::OptionGroup
     end
     def auto_redundant?
-        !!@auto_redundant_paths
+        @auto_redundant_paths.to_i > 0
     end
     def auto_redundant_counter

data/lib/arachni/option_groups/session.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/option_groups/snapshot.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
+    Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework