arachni 0.4.2 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/ACKNOWLEDGMENTS.md +3 -0
- data/CHANGELOG.md +181 -1
- data/README.md +68 -14
- data/Rakefile +1 -5
- data/arachni.gemspec +9 -6
- data/bin/arachni_multi +23 -0
- data/bin/arachni_rpc +2 -2
- data/bin/arachni_rpcd_monitor +1 -1
- data/fingerprinters/frameworks/rack.rb +41 -0
- data/fingerprinters/languages/asp.rb +42 -0
- data/fingerprinters/languages/aspx.rb +63 -0
- data/fingerprinters/languages/jsp.rb +44 -0
- data/fingerprinters/languages/php.rb +43 -0
- data/fingerprinters/languages/python.rb +40 -0
- data/fingerprinters/languages/ruby.rb +41 -0
- data/fingerprinters/os/bsd.rb +36 -0
- data/fingerprinters/os/linux.rb +42 -0
- data/fingerprinters/os/solaris.rb +41 -0
- data/fingerprinters/os/unix.rb +36 -0
- data/fingerprinters/os/windows.rb +41 -0
- data/fingerprinters/servers/apache.rb +36 -0
- data/fingerprinters/servers/iis.rb +36 -0
- data/fingerprinters/servers/jetty.rb +36 -0
- data/fingerprinters/servers/nginx.rb +36 -0
- data/fingerprinters/servers/tomcat.rb +36 -0
- data/lib/arachni/audit_store.rb +3 -4
- data/lib/arachni/banner.rb +0 -2
- data/lib/arachni/element/base.rb +25 -35
- data/lib/arachni/element/capabilities/auditable.rb +265 -133
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +14 -4
- data/lib/arachni/element/capabilities/auditable/taint.rb +32 -10
- data/lib/arachni/element/capabilities/auditable/timeout.rb +59 -29
- data/lib/arachni/element/cookie.rb +4 -3
- data/lib/arachni/element/form.rb +1 -5
- data/lib/arachni/element/header.rb +10 -0
- data/lib/arachni/element/link.rb +0 -1
- data/lib/arachni/element_filter.rb +2 -2
- data/lib/arachni/framework.rb +37 -13
- data/lib/arachni/http.rb +3 -2
- data/lib/arachni/issue.rb +27 -0
- data/lib/arachni/module.rb +16 -0
- data/lib/arachni/module/auditor.rb +107 -70
- data/lib/arachni/module/base.rb +1 -1
- data/lib/arachni/module/key_filler.rb +26 -39
- data/lib/arachni/module/manager.rb +53 -56
- data/lib/arachni/options.rb +126 -19
- data/lib/arachni/page.rb +41 -42
- data/lib/arachni/parser.rb +91 -139
- data/lib/arachni/platform.rb +19 -0
- data/lib/arachni/platform/fingerprinter.rb +100 -0
- data/lib/arachni/platform/list.rb +293 -0
- data/lib/arachni/platform/manager.rb +435 -0
- data/lib/arachni/platforms.rb +498 -0
- data/lib/arachni/plugin.rb +17 -1
- data/lib/arachni/plugin/manager.rb +35 -36
- data/lib/arachni/processes.rb +27 -0
- data/lib/arachni/processes/dispatchers.rb +149 -0
- data/lib/arachni/processes/helpers.rb +19 -0
- data/lib/arachni/processes/helpers/dispatchers.rb +45 -0
- data/lib/arachni/processes/helpers/instances.rb +51 -0
- data/lib/arachni/processes/helpers/processes.rb +51 -0
- data/lib/arachni/processes/instances.rb +196 -0
- data/lib/arachni/processes/manager.rb +129 -0
- data/lib/arachni/report.rb +16 -0
- data/lib/arachni/rpc/client/base.rb +9 -1
- data/lib/arachni/rpc/server/base.rb +1 -0
- data/lib/arachni/rpc/server/dispatcher.rb +60 -24
- data/lib/arachni/rpc/server/dispatcher/handler.rb +4 -2
- data/lib/arachni/rpc/server/dispatcher/node.rb +8 -3
- data/lib/arachni/rpc/server/framework.rb +70 -772
- data/lib/arachni/rpc/server/{distributor.rb → framework/distributor.rb} +150 -117
- data/lib/arachni/rpc/server/framework/master.rb +470 -0
- data/lib/arachni/rpc/server/framework/multi_instance.rb +267 -0
- data/lib/arachni/rpc/server/framework/slave.rb +159 -0
- data/lib/arachni/rpc/server/instance.rb +187 -109
- data/lib/arachni/rpc/server/spider.rb +136 -38
- data/lib/arachni/ruby.rb +19 -0
- data/lib/arachni/ruby/hash.rb +62 -0
- data/lib/arachni/ruby/io.rb +49 -0
- data/lib/arachni/ruby/set.rb +27 -0
- data/lib/arachni/ruby/string.rb +17 -2
- data/lib/arachni/spider.rb +60 -38
- data/lib/arachni/support.rb +26 -0
- data/lib/arachni/support/buffer.rb +19 -0
- data/lib/arachni/support/buffer/autoflush.rb +79 -0
- data/lib/arachni/{buffer → support/buffer}/base.rb +1 -1
- data/lib/arachni/{cache.rb → support/cache.rb} +1 -1
- data/lib/arachni/{cache → support/cache}/base.rb +7 -9
- data/lib/arachni/{cache → support/cache}/least_cost_replacement.rb +7 -1
- data/lib/arachni/{cache → support/cache}/least_recently_used.rb +10 -34
- data/lib/arachni/{cache → support/cache}/preference.rb +8 -3
- data/lib/arachni/{cache → support/cache}/random_replacement.rb +8 -3
- data/lib/arachni/support/crypto.rb +18 -0
- data/lib/arachni/{crypto → support/crypto}/rsa_aes_cbc.rb +7 -4
- data/lib/arachni/support/database.rb +20 -0
- data/lib/arachni/support/database/base.rb +124 -0
- data/lib/arachni/{database → support/database}/hash.rb +1 -1
- data/lib/arachni/{database → support/database}/queue.rb +1 -1
- data/lib/arachni/support/lookup.rb +20 -0
- data/lib/arachni/support/lookup/base.rb +91 -0
- data/lib/arachni/support/lookup/hash_set.rb +42 -0
- data/lib/arachni/support/lookup/moolb.rb +66 -0
- data/lib/arachni/support/queue.rb +18 -0
- data/lib/arachni/support/queue/disk.rb +171 -0
- data/lib/arachni/trainer.rb +2 -2
- data/lib/arachni/ui/cli/cli.rb +22 -0
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +7 -3
- data/lib/arachni/ui/cli/rpc/{rpc.rb → instance.rb} +69 -97
- data/lib/arachni/ui/cli/rpc/local.rb +80 -0
- data/lib/arachni/ui/cli/rpc/remote.rb +134 -0
- data/lib/arachni/ui/cli/utilities.rb +40 -5
- data/lib/arachni/ui/foo/output.rb +19 -16
- data/lib/arachni/uri.rb +35 -5
- data/lib/arachni/utilities.rb +5 -39
- data/lib/version +1 -1
- data/logs/Dispatcher - 21448-7331.log +17 -0
- data/logs/Dispatcher - 21645-1111.log +13 -0
- data/logs/Dispatcher - 21673-1111.log +21 -0
- data/modules/audit/code_injection.rb +21 -20
- data/modules/audit/code_injection_timing.rb +15 -13
- data/modules/audit/os_cmd_injection.rb +14 -10
- data/modules/audit/os_cmd_injection_timing.rb +12 -12
- data/modules/audit/path_traversal.rb +52 -47
- data/modules/audit/rfi.rb +25 -18
- data/modules/audit/sqli.rb +10 -10
- data/modules/audit/sqli_blind_rdiff.rb +3 -3
- data/modules/audit/sqli_blind_timing.rb +10 -10
- data/modules/audit/sqli_blind_timing/mssql.txt +9 -0
- data/modules/audit/sqli_blind_timing/mysql.txt +32 -0
- data/modules/audit/sqli_blind_timing/pgsql.txt +28 -0
- data/modules/audit/trainer.rb +7 -4
- data/modules/audit/unvalidated_redirect.rb +13 -11
- data/modules/audit/xpath.rb +10 -6
- data/modules/audit/xss_tag.rb +10 -3
- data/modules/recon/grep/html_objects.rb +9 -4
- data/plugins/defaults/content_types.rb +3 -3
- data/plugins/defaults/meta/remedies/timing_attacks.rb +4 -2
- data/plugins/defaults/meta/uniformity.rb +4 -3
- data/plugins/proxy.rb +42 -132
- data/plugins/proxy/panel/panel.html.erb +6 -0
- data/plugins/proxy/panel/vectors.yml.erb +9 -0
- data/plugins/proxy/server.rb +41 -10
- data/plugins/proxy/template_scope.rb +138 -0
- data/plugins/vector_feed.rb +12 -12
- data/reports/html.rb +1 -0
- data/spec/arachni/audit_store_spec.rb +1 -1
- data/spec/arachni/component/manager_spec.rb +10 -57
- data/spec/arachni/component/options/address_spec.rb +1 -1
- data/spec/arachni/component/options/base_spec.rb +1 -1
- data/spec/arachni/component/options/bool_spec.rb +1 -1
- data/spec/arachni/component/options/enum_spec.rb +1 -1
- data/spec/arachni/component/options/float_spec.rb +1 -1
- data/spec/arachni/component/options/int_spec.rb +1 -1
- data/spec/arachni/component/options/path_spec.rb +1 -1
- data/spec/arachni/component/options/port_spec.rb +1 -1
- data/spec/arachni/component/options/string_spec.rb +1 -1
- data/spec/arachni/component/options/url_spec.rb +1 -1
- data/spec/arachni/element/base_spec.rb +16 -5
- data/spec/arachni/element/body_spec.rb +1 -1
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +11 -3
- data/spec/arachni/element/capabilities/auditable/taint_spec.rb +27 -3
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +32 -3
- data/spec/arachni/element/capabilities/mutable_spec.rb +1 -1
- data/spec/arachni/element/cookie_spec.rb +21 -7
- data/spec/arachni/element/form_spec.rb +7 -58
- data/spec/arachni/element/header_spec.rb +15 -3
- data/spec/arachni/element/link_spec.rb +3 -26
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +1 -1
- data/spec/arachni/element_filter_spec.rb +1 -1
- data/spec/arachni/{error.rb → error_spec.rb} +1 -1
- data/spec/arachni/framework_spec.rb +127 -50
- data/spec/arachni/http/cookie_jar_spec.rb +9 -42
- data/spec/arachni/http_spec.rb +9 -21
- data/spec/arachni/issue_spec.rb +29 -1
- data/spec/arachni/mixins/observable_spec.rb +4 -6
- data/spec/arachni/mixins/progress_bar_spec.rb +1 -1
- data/spec/arachni/module/auditor_spec.rb +17 -5
- data/spec/arachni/module/key_filler.rb +33 -8
- data/spec/arachni/module/manager_spec.rb +1 -3
- data/spec/arachni/module/utilities_spec.rb +1 -1
- data/spec/arachni/options_spec.rb +185 -1
- data/spec/arachni/page_spec.rb +16 -3
- data/spec/arachni/parser_spec.rb +27 -123
- data/spec/arachni/platform/fingerprinter_spec.rb +159 -0
- data/spec/arachni/platform/list_spec.rb +399 -0
- data/spec/arachni/platform/manager_spec.rb +373 -0
- data/spec/arachni/plugin/manager_spec.rb +6 -29
- data/spec/arachni/report/base_spec.rb +2 -2
- data/spec/arachni/report/manager_spec.rb +2 -2
- data/spec/arachni/rpc/client/base_spec.rb +22 -27
- data/spec/arachni/rpc/client/dispatcher_spec.rb +4 -15
- data/spec/arachni/rpc/client/instance_spec.rb +3 -11
- data/spec/arachni/rpc/server/active_options_spec.rb +2 -17
- data/spec/arachni/rpc/server/base_spec.rb +23 -7
- data/spec/arachni/rpc/server/dispatcher/handler_spec.rb +4 -21
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +30 -8
- data/spec/arachni/rpc/server/dispatcher_spec.rb +130 -70
- data/spec/arachni/rpc/server/{distributor_spec.rb → framework/distributor_spec.rb} +95 -130
- data/spec/arachni/rpc/server/framework_hpg_spec.rb +38 -99
- data/spec/arachni/rpc/server/framework_simple_spec.rb +38 -71
- data/spec/arachni/rpc/server/instance_spec.rb +183 -135
- data/spec/arachni/rpc/server/modules/manager_spec.rb +18 -50
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +12 -36
- data/spec/arachni/rpc/server/spider_spec.rb +23 -48
- data/spec/arachni/ruby/array_spec.rb +1 -1
- data/spec/arachni/ruby/enumerable_spec.rb +1 -1
- data/spec/arachni/ruby/hash_spec.rb +70 -0
- data/spec/arachni/ruby/io_spec.rb +26 -0
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +15 -0
- data/spec/arachni/ruby/string_spec.rb +18 -1
- data/spec/arachni/ruby/webrick_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +3 -3
- data/spec/arachni/spider_spec.rb +30 -6
- data/spec/arachni/{buffer → support/buffer}/autoflush_spec.rb +7 -12
- data/spec/arachni/{buffer → support/buffer}/base_spec.rb +19 -23
- data/spec/arachni/{cache → support/cache}/base_spec.rb +7 -7
- data/spec/arachni/{cache → support/cache}/least_cost_replacement_spec.rb +3 -3
- data/spec/arachni/{cache → support/cache}/least_recently_used_spec.rb +3 -3
- data/spec/arachni/{cache → support/cache}/preference_spec.rb +3 -3
- data/spec/arachni/{cache → support/cache}/random_replacement_spec.rb +3 -3
- data/spec/arachni/{crypto → support/crypto}/rsa_aes_cbc_spec.rb +3 -5
- data/spec/arachni/{database → support/database}/hash_spec.rb +4 -5
- data/spec/arachni/{database → support/database}/queue_spec.rb +3 -4
- data/spec/arachni/support/lookup/hash_set_spec.rb +5 -0
- data/spec/arachni/support/lookup/moolb_spec.rb +41 -0
- data/spec/arachni/support/queue/disk_spec.rb +116 -0
- data/spec/arachni/trainer_spec.rb +6 -2
- data/spec/arachni/typhoeus/hydra_spec.rb +1 -1
- data/spec/arachni/typhoeus/requrest_spec.rb +1 -1
- data/spec/arachni/typhoeus/response_spec.rb +1 -1
- data/spec/arachni/uri_spec.rb +72 -38
- data/spec/arachni/utilities_spec.rb +6 -46
- data/spec/fingerprinters/frameworks/rack_spec.rb +41 -0
- data/spec/fingerprinters/languages/asp_spec.rb +40 -0
- data/spec/fingerprinters/languages/aspx_spec.rb +78 -0
- data/spec/fingerprinters/languages/jsp_spec.rb +58 -0
- data/spec/fingerprinters/languages/php_spec.rb +61 -0
- data/spec/fingerprinters/languages/python_spec.rb +23 -0
- data/spec/fingerprinters/languages/ruby.rb +34 -0
- data/spec/fingerprinters/os/bsd_spec.rb +26 -0
- data/spec/fingerprinters/os/linux_spec.rb +34 -0
- data/spec/fingerprinters/os/solaris_spec.rb +34 -0
- data/spec/fingerprinters/os/unix_spec.rb +26 -0
- data/spec/fingerprinters/os/windows_spec.rb +34 -0
- data/spec/fingerprinters/servers/apache_spec.rb +26 -0
- data/spec/fingerprinters/servers/iis_spec.rb +28 -0
- data/spec/fingerprinters/servers/jetty_spec.rb +28 -0
- data/spec/fingerprinters/servers/nginx_spec.rb +26 -0
- data/spec/fingerprinters/servers/tomcat_spec.rb +28 -0
- data/spec/modules/audit/code_injection_spec.rb +2 -2
- data/spec/modules/audit/code_injection_timing_spec.rb +1 -1
- data/spec/modules/audit/csrf_spec.rb +1 -1
- data/spec/modules/audit/ldapi_spec.rb +1 -1
- data/spec/modules/audit/os_cmd_injection_spec.rb +1 -1
- data/spec/modules/audit/os_cmd_injection_timing_spec.rb +2 -2
- data/spec/modules/audit/path_traversal_spec.rb +1 -1
- data/spec/modules/audit/response_splitting_spec.rb +1 -1
- data/spec/modules/audit/rfi_spec.rb +1 -1
- data/spec/modules/audit/session_fixation_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_timing_spec.rb +4 -4
- data/spec/modules/audit/sqli_spec.rb +2 -2
- data/spec/modules/audit/trainer_spec.rb +11 -1
- data/spec/modules/audit/unvalidated_redirect_spec.rb +1 -1
- data/spec/modules/audit/xpath_spec.rb +1 -1
- data/spec/modules/audit/xss_event_spec.rb +1 -1
- data/spec/modules/audit/xss_path_spec.rb +1 -1
- data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
- data/spec/modules/audit/xss_spec.rb +1 -1
- data/spec/modules/audit/xss_tag_spec.rb +1 -1
- data/spec/modules/recon/allowed_methods_spec.rb +1 -1
- data/spec/modules/recon/backdoors_spec.rb +1 -1
- data/spec/modules/recon/backup_files_spec.rb +1 -1
- data/spec/modules/recon/common_directories_spec.rb +1 -1
- data/spec/modules/recon/common_files_spec.rb +1 -1
- data/spec/modules/recon/directory_listing_spec.rb +1 -1
- data/spec/modules/recon/grep/captcha_spec.rb +1 -1
- data/spec/modules/recon/grep/credit_card_spec.rb +1 -1
- data/spec/modules/recon/grep/cvs_svn_users_spec.rb +1 -1
- data/spec/modules/recon/grep/emails_spec.rb +1 -1
- data/spec/modules/recon/grep/html_objects_spec.rb +1 -1
- data/spec/modules/recon/grep/http_only_cookies_spec.rb +1 -1
- data/spec/modules/recon/grep/insecure_cookies_spec.rb +1 -1
- data/spec/modules/recon/grep/mixed_resource_spec.rb +1 -1
- data/spec/modules/recon/grep/password_autocomplete_spec.rb +1 -1
- data/spec/modules/recon/grep/private_ip_spec.rb +1 -1
- data/spec/modules/recon/grep/ssn_spec.rb +1 -1
- data/spec/modules/recon/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/modules/recon/htaccess_limit_spec.rb +1 -1
- data/spec/modules/recon/http_put_spec.rb +1 -1
- data/spec/modules/recon/interesting_responses_spec.rb +1 -1
- data/spec/modules/recon/webdav_spec.rb +1 -1
- data/spec/modules/recon/xst_spec.rb +1 -1
- data/spec/path_extractors/anchors_spec.rb +1 -1
- data/spec/path_extractors/areas_spec.rb +1 -1
- data/spec/path_extractors/forms_spec.rb +1 -1
- data/spec/path_extractors/frames_spec.rb +1 -1
- data/spec/path_extractors/generic_spec.rb +1 -1
- data/spec/path_extractors/links_spec.rb +1 -1
- data/spec/path_extractors/meta_refresh_spec.rb +1 -1
- data/spec/path_extractors/scripts_spec.rb +1 -1
- data/spec/plugins/autologin_spec.rb +1 -1
- data/spec/plugins/autothrottle_spec.rb +2 -2
- data/spec/plugins/content_types_spec.rb +1 -1
- data/spec/plugins/cookie_collector_spec.rb +1 -1
- data/spec/plugins/form_dicattack_spec.rb +7 -7
- data/spec/plugins/healthmap_spec.rb +1 -1
- data/spec/plugins/http_dicattack_spec.rb +6 -6
- data/spec/plugins/meta/remedies/discovery_spec.rb +1 -1
- data/spec/plugins/meta/remedies/timing_attacks_spec.rb +1 -1
- data/spec/plugins/meta/uniformity_spec.rb +1 -1
- data/spec/plugins/profiler_spec.rb +3 -3
- data/spec/plugins/rescan_spec.rb +3 -3
- data/spec/plugins/resolver_spec.rb +1 -1
- data/spec/plugins/script_spec.rb +2 -2
- data/spec/plugins/vector_feed_spec.rb +13 -1
- data/spec/plugins/waf_detector_spec.rb +2 -2
- data/spec/reports/afr_spec.rb +1 -1
- data/spec/reports/ap_spec.rb +1 -1
- data/spec/reports/html_spec.rb +1 -1
- data/spec/reports/json_spec.rb +1 -1
- data/spec/reports/marshal_spec.rb +1 -1
- data/spec/reports/stdout_spec.rb +1 -1
- data/spec/reports/txt_spec.rb +1 -1
- data/spec/reports/xml_spec.rb +1 -1
- data/spec/reports/yaml_spec.rb +1 -1
- data/spec/spec_helper.rb +27 -32
- data/spec/{fixtures → support/fixtures}/auditstore.afr +0 -0
- data/spec/{fixtures → support/fixtures}/cookies.txt +0 -0
- data/spec/support/fixtures/fingerprinters/test.rb +36 -0
- data/spec/{fixtures → support/fixtures}/modules/test.rb +0 -0
- data/spec/{fixtures → support/fixtures}/modules/test2.rb +0 -0
- data/spec/{fixtures → support/fixtures}/modules/test3.rb +0 -0
- data/spec/{fixtures → support/fixtures}/passwords.txt +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/bad.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/defaults/default.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/distributable.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/loop.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/spider_hook.rb +1 -0
- data/spec/{fixtures → support/fixtures}/plugins/wait.rb +0 -0
- data/spec/{fixtures → support/fixtures}/plugins/with_options.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/with_formatters.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/with_outfile.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/base_spec/without_outfile.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/manager_spec/afr.rb +0 -0
- data/spec/{fixtures → support/fixtures}/reports/manager_spec/foo.rb +0 -0
- data/spec/{fixtures → support/fixtures}/rescan.afr.tpl +0 -0
- data/spec/{fixtures → support/fixtures}/rpcd_handlers/echo.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/body.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/cookies.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/empty.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/flch.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/forms.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/headers.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/links.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/nil.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/path.rb +0 -0
- data/spec/{fixtures → support/fixtures}/run_mod/server.rb +0 -0
- data/spec/{fixtures → support/fixtures}/script_plugin.rb +0 -0
- data/spec/{fixtures → support/fixtures}/taint_module/taint.rb +0 -0
- data/spec/{fixtures → support/fixtures}/usernames.txt +0 -0
- data/spec/{fixtures → support/fixtures}/wait_module/wait.rb +0 -0
- data/spec/{helpers → support/helpers}/auditor.rb +0 -0
- data/spec/support/helpers/framework.rb +19 -0
- data/spec/support/helpers/misc.rb +19 -0
- data/spec/support/helpers/paths.rb +31 -0
- data/spec/support/helpers/requires.rb +24 -0
- data/spec/support/helpers/resets.rb +42 -0
- data/spec/support/helpers/web_server.rb +27 -0
- data/spec/support/lib/web_server_manager.rb +120 -0
- data/spec/support/logs/Dispatcher - 11642-42685.log +9 -0
- data/spec/support/logs/Dispatcher - 11669-58445.log +21 -0
- data/spec/support/logs/Dispatcher - 11803-19013.log +9 -0
- data/spec/support/logs/Dispatcher - 11813-58646.log +19 -0
- data/spec/support/logs/Dispatcher - 11822-1913.log +17 -0
- data/spec/support/logs/Dispatcher - 11831-60571.log +13 -0
- data/spec/support/logs/Dispatcher - 11840-20151.log +9 -0
- data/spec/support/logs/Dispatcher - 11850-21796.log +9 -0
- data/spec/support/logs/Dispatcher - 11859-47650.log +11 -0
- data/spec/support/logs/Dispatcher - 11872-13669.log +11 -0
- data/spec/support/logs/Dispatcher - 11885-40034.log +35 -0
- data/spec/support/logs/Dispatcher - 11946-10629.log +21 -0
- data/spec/support/logs/Dispatcher - 11955-55497.log +21 -0
- data/spec/support/logs/Dispatcher - 11964-33080.log +23 -0
- data/spec/support/logs/Dispatcher - 12005-28558.log +19 -0
- data/spec/support/logs/Dispatcher - 12014-59368.log +17 -0
- data/spec/support/logs/Dispatcher - 12023-41547.log +15 -0
- data/spec/support/logs/Dispatcher - 12037-54838.log +11 -0
- data/spec/support/logs/Dispatcher - 12050-38840.log +9 -0
- data/spec/support/logs/Dispatcher - 12059-7283.log +9 -0
- data/spec/support/logs/Dispatcher - 12068-19765.log +9 -0
- data/spec/support/logs/Dispatcher - 12077-24147.log +9 -0
- data/spec/support/logs/Dispatcher - 12086-60404.log +11 -0
- data/spec/support/logs/Dispatcher - 12099-43307.log +9 -0
- data/spec/support/logs/Dispatcher - 12109-9701.log +9 -0
- data/spec/support/logs/Dispatcher - 12162-19782.log +63 -0
- data/spec/support/logs/Dispatcher - 12171-35883.log +43 -0
- data/spec/support/logs/Dispatcher - 12180-6456.log +39 -0
- data/spec/support/logs/Dispatcher - 12189-64516.log +34 -0
- data/spec/support/logs/Dispatcher - 12198-50800.log +28 -0
- data/spec/support/logs/Dispatcher - 12207-6148.log +21 -0
- data/spec/support/logs/Dispatcher - 12216-45994.log +13 -0
- data/spec/support/logs/Dispatcher - 12226-59932.log +9 -0
- data/spec/support/logs/Dispatcher - 12369-42683.log +19 -0
- data/spec/support/logs/Dispatcher - 12379-51205.log +21 -0
- data/spec/support/logs/Dispatcher - 12388-15229.log +15 -0
- data/spec/support/logs/Dispatcher - 12401-35502.log +19 -0
- data/spec/support/logs/Dispatcher - 12410-3386.log +21 -0
- data/spec/support/logs/Dispatcher - 12419-16056.log +15 -0
- data/spec/support/logs/Dispatcher - 12540-25763.log +17 -0
- data/spec/support/logs/Dispatcher - 12549-49234.log +21 -0
- data/spec/support/logs/Dispatcher - 12558-61027.log +13 -0
- data/spec/support/logs/Dispatcher - 12571-34789.log +19 -0
- data/spec/support/logs/Dispatcher - 12580-27968.log +21 -0
- data/spec/support/logs/Dispatcher - 12589-38100.log +15 -0
- data/spec/support/logs/Dispatcher - 12643-8172.log +17 -0
- data/spec/support/logs/Dispatcher - 12652-44715.log +21 -0
- data/spec/support/logs/Dispatcher - 12661-40547.log +13 -0
- data/spec/support/logs/Dispatcher - 12674-20100.log +17 -0
- data/spec/support/logs/Dispatcher - 12683-57063.log +21 -0
- data/spec/support/logs/Dispatcher - 12692-20974.log +13 -0
- data/spec/support/logs/Dispatcher - 12920-24047.log +19 -0
- data/spec/support/logs/Dispatcher - 12929-13265.log +21 -0
- data/spec/support/logs/Dispatcher - 12938-38472.log +15 -0
- data/spec/support/logs/Dispatcher - 12962-47051.log +21 -0
- data/spec/support/logs/Dispatcher - 12971-48844.log +25 -0
- data/spec/support/logs/Dispatcher - 12980-2331.log +15 -0
- data/spec/support/logs/Dispatcher - 13016-57455.log +17 -0
- data/spec/support/logs/Dispatcher - 13025-44069.log +21 -0
- data/spec/support/logs/Dispatcher - 13034-59986.log +13 -0
- data/spec/support/logs/Dispatcher - 13047-17338.log +21 -0
- data/spec/support/logs/Dispatcher - 13056-57124.log +25 -0
- data/spec/support/logs/Dispatcher - 13065-3014.log +15 -0
- data/spec/support/logs/Dispatcher - 13101-42040.log +17 -0
- data/spec/support/logs/Dispatcher - 13110-29137.log +21 -0
- data/spec/support/logs/Dispatcher - 13119-52878.log +13 -0
- data/spec/support/logs/Dispatcher - 13132-20646.log +17 -0
- data/spec/support/logs/Dispatcher - 13141-21629.log +21 -0
- data/spec/support/logs/Dispatcher - 13150-42002.log +13 -0
- data/spec/support/logs/Dispatcher - 8291-38888.log +9 -0
- data/spec/support/logs/Dispatcher - 8325-2241.log +21 -0
- data/spec/support/logs/Dispatcher - 8458-40239.log +9 -0
- data/spec/support/logs/Dispatcher - 8468-26555.log +19 -0
- data/spec/support/logs/Dispatcher - 8477-28819.log +17 -0
- data/spec/support/logs/Dispatcher - 8486-36985.log +13 -0
- data/spec/support/logs/Dispatcher - 8495-59407.log +9 -0
- data/spec/support/logs/Dispatcher - 8504-27479.log +9 -0
- data/spec/support/logs/Dispatcher - 8513-51807.log +11 -0
- data/spec/support/logs/Dispatcher - 8526-53739.log +11 -0
- data/spec/support/logs/Dispatcher - 8539-55908.log +35 -0
- data/spec/support/logs/Dispatcher - 8603-24287.log +21 -0
- data/spec/support/logs/Dispatcher - 8612-37320.log +21 -0
- data/spec/support/logs/Dispatcher - 8621-60797.log +23 -0
- data/spec/support/logs/Dispatcher - 8662-56395.log +19 -0
- data/spec/support/logs/Dispatcher - 8671-54268.log +17 -0
- data/spec/support/logs/Dispatcher - 8680-32387.log +15 -0
- data/spec/support/logs/Dispatcher - 8693-60728.log +11 -0
- data/spec/support/logs/Dispatcher - 8706-53092.log +9 -0
- data/spec/support/logs/Dispatcher - 8715-35576.log +9 -0
- data/spec/support/logs/Dispatcher - 8724-9842.log +9 -0
- data/spec/support/logs/Dispatcher - 8734-37290.log +9 -0
- data/spec/support/logs/Dispatcher - 8743-46516.log +11 -0
- data/spec/support/logs/Dispatcher - 8756-59294.log +9 -0
- data/spec/support/logs/Dispatcher - 8765-16318.log +9 -0
- data/spec/support/logs/Dispatcher - 8818-35968.log +63 -0
- data/spec/support/logs/Dispatcher - 8827-57068.log +43 -0
- data/spec/support/logs/Dispatcher - 8836-31238.log +39 -0
- data/spec/support/logs/Dispatcher - 8845-48148.log +34 -0
- data/spec/support/logs/Dispatcher - 8854-17355.log +28 -0
- data/spec/support/logs/Dispatcher - 8863-6616.log +21 -0
- data/spec/support/logs/Dispatcher - 8872-1373.log +13 -0
- data/spec/support/logs/Dispatcher - 8882-40014.log +9 -0
- data/spec/support/logs/Dispatcher - 8989-17108.log +19 -0
- data/spec/support/logs/Dispatcher - 9000-23195.log +21 -0
- data/spec/support/logs/Dispatcher - 9009-33836.log +15 -0
- data/spec/support/logs/Dispatcher - 9022-55515.log +19 -0
- data/spec/support/logs/Dispatcher - 9031-51301.log +21 -0
- data/spec/support/logs/Dispatcher - 9040-10025.log +15 -0
- data/spec/support/logs/Dispatcher - 9180-20874.log +17 -0
- data/spec/support/logs/Dispatcher - 9189-29826.log +21 -0
- data/spec/support/logs/Dispatcher - 9198-21818.log +13 -0
- data/spec/support/logs/Dispatcher - 9211-64830.log +19 -0
- data/spec/support/logs/Dispatcher - 9220-2570.log +21 -0
- data/spec/support/logs/Dispatcher - 9229-45654.log +15 -0
- data/spec/support/logs/Dispatcher - 9286-1284.log +17 -0
- data/spec/support/logs/Dispatcher - 9295-58545.log +21 -0
- data/spec/support/logs/Dispatcher - 9304-52355.log +13 -0
- data/spec/support/logs/Dispatcher - 9317-58138.log +17 -0
- data/spec/support/logs/Dispatcher - 9326-39184.log +21 -0
- data/spec/support/logs/Dispatcher - 9336-44714.log +13 -0
- data/spec/support/logs/Dispatcher - 9555-26114.log +19 -0
- data/spec/support/logs/Dispatcher - 9564-2270.log +21 -0
- data/spec/support/logs/Dispatcher - 9573-26148.log +15 -0
- data/spec/support/logs/Dispatcher - 9597-62247.log +21 -0
- data/spec/support/logs/Dispatcher - 9606-16162.log +25 -0
- data/spec/support/logs/Dispatcher - 9615-8643.log +15 -0
- data/spec/support/logs/Dispatcher - 9651-49224.log +17 -0
- data/spec/support/logs/Dispatcher - 9660-4390.log +21 -0
- data/spec/support/logs/Dispatcher - 9669-18266.log +13 -0
- data/spec/support/logs/Dispatcher - 9682-44582.log +21 -0
- data/spec/support/logs/Dispatcher - 9691-15941.log +25 -0
- data/spec/support/logs/Dispatcher - 9700-22186.log +15 -0
- data/spec/support/logs/Dispatcher - 9736-29672.log +17 -0
- data/spec/support/logs/Dispatcher - 9745-33231.log +21 -0
- data/spec/support/logs/Dispatcher - 9754-48381.log +13 -0
- data/spec/support/logs/Dispatcher - 9767-29812.log +17 -0
- data/spec/support/logs/Dispatcher - 9776-9894.log +21 -0
- data/spec/support/logs/Dispatcher - 9785-1421.log +13 -0
- data/spec/support/logs/Instance - 12384-38605.error.log +328 -0
- data/spec/support/logs/Instance - 12657-2379.error.log +328 -0
- data/spec/support/logs/Instance - 12688-50940.error.log +427 -0
- data/spec/support/logs/Instance - 12708-13716.error.log +326 -0
- data/spec/support/logs/Instance - 12714-45400.error.log +328 -0
- data/spec/support/logs/Instance - 12848-32645.error.log +326 -0
- data/spec/support/logs/Instance - 9005-21883.error.log +328 -0
- data/spec/support/logs/Instance - 9300-33102.error.log +328 -0
- data/spec/support/logs/Instance - 9331-48336.error.log +427 -0
- data/spec/support/logs/Instance - 9352-62807.error.log +326 -0
- data/spec/support/logs/Instance - 9358-45154.error.log +328 -0
- data/spec/support/logs/Instance - 9487-8746.error.log +326 -0
- data/spec/{logs → support/logs}/placeholder +0 -0
- data/spec/{pems → support/pems}/cacert.pem +0 -0
- data/spec/{pems → support/pems}/client/cert.pem +0 -0
- data/spec/{pems → support/pems}/client/foo-cert.pem +0 -0
- data/spec/{pems → support/pems}/client/foo-key.pem +0 -0
- data/spec/{pems → support/pems}/client/key.pem +0 -0
- data/spec/{pems → support/pems}/server/cert.pem +0 -0
- data/spec/{pems → support/pems}/server/key.pem +0 -0
- data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/rdiff.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/taint.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/capabilities/auditable/timeout.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/cookie.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/form.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/header.rb +0 -0
- data/spec/{servers → support/servers}/arachni/element/link.rb +0 -0
- data/spec/{servers → support/servers}/arachni/framework.rb +0 -0
- data/spec/{servers → support/servers}/arachni/http.rb +0 -0
- data/spec/{servers → support/servers}/arachni/http_auth.rb +0 -0
- data/spec/{servers → support/servers}/arachni/module/auditor.rb +0 -0
- data/spec/{servers → support/servers}/arachni/parser.rb +0 -0
- data/spec/{servers → support/servers}/arachni/rpc/server/framework_hpg.rb +0 -1
- data/spec/{servers → support/servers}/arachni/rpc/server/framework_simple.rb +0 -0
- data/spec/{servers → support/servers}/arachni/session.rb +0 -0
- data/spec/{servers → support/servers}/arachni/spider.rb +0 -0
- data/spec/{servers → support/servers}/arachni/spider_https.rb +0 -0
- data/spec/{servers → support/servers}/arachni/trainer.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/code_injection.rb +3 -4
- data/spec/{servers → support/servers}/modules/audit/code_injection_timing.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/csrf.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/ldapi.rb +1 -1
- data/spec/{servers → support/servers}/modules/audit/os_cmd_injection.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/os_cmd_injection_timing.rb +1 -10
- data/spec/{servers → support/servers}/modules/audit/path_traversal.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/response_splitting.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/rfi.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/session_fixation.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli.rb +1 -1
- data/spec/{servers → support/servers}/modules/audit/sqli/coldfusion +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/db2 +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/emc +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/informix +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/interbase +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/jdbc +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/mssql +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/mysql +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/oracle +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/postgresql +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/sqlite +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli/sybase +0 -0
- data/spec/{servers → support/servers}/modules/audit/sqli_blind_rdiff.rb +1 -1
- data/spec/{servers → support/servers}/modules/audit/sqli_blind_timing.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/trainer_module.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/unvalidated_redirect.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/dotnet +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/general +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/java +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/libxml2 +0 -0
- data/spec/{servers → support/servers}/modules/audit/xpath/php +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_event.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_path.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_script_tag.rb +0 -0
- data/spec/{servers → support/servers}/modules/audit/xss_tag.rb +0 -0
- data/spec/{servers → support/servers}/modules/module_server.rb +1 -1
- data/spec/{servers → support/servers}/modules/recon/allowed_methods.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/backdoors.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/backup_files.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/common_directories.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/common_files.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/directory_listing.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/captcha.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/credit_card.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/cvs_svn_users.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/emails.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/html_objects.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/http_only_cookies.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/insecure_cookies.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/mixed_resource.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/password_autocomplete.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/private_ip.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/ssn.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/grep/unencrypted_password_forms.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/htaccess_limit.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/http_put.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/interesting_responses.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/webdav.rb +0 -0
- data/spec/{servers → support/servers}/modules/recon/xst.rb +0 -0
- data/spec/{servers → support/servers}/plugins/autologin.rb +0 -0
- data/spec/{servers → support/servers}/plugins/autothrottle.rb +0 -0
- data/spec/{servers → support/servers}/plugins/content_types.rb +0 -0
- data/spec/{servers → support/servers}/plugins/cookie_collector.rb +0 -0
- data/spec/{servers → support/servers}/plugins/form_dicattack.rb +0 -0
- data/spec/{servers → support/servers}/plugins/healthmap.rb +0 -0
- data/spec/{servers → support/servers}/plugins/http_dicattack.rb +0 -0
- data/spec/{servers → support/servers}/plugins/http_dicattack_secure.rb +0 -0
- data/spec/{servers → support/servers}/plugins/http_dicattack_unprotected.rb +0 -0
- data/spec/{servers → support/servers}/plugins/meta/remedies/discovery.rb +1 -1
- data/spec/{servers → support/servers}/plugins/meta/remedies/timing_attacks.rb +0 -0
- data/spec/{servers → support/servers}/plugins/profiler.rb +0 -0
- data/spec/{servers → support/servers}/plugins/rescan.rb +0 -0
- data/spec/{servers → support/servers}/plugins/waf_detector.rb +0 -0
- data/spec/{shared → support/shared}/component.rb +1 -1
- data/spec/{shared → support/shared}/element/capabilities/auditable.rb +363 -194
- data/spec/{shared → support/shared}/element/capabilities/refreshable.rb +0 -0
- data/spec/support/shared/fingerprinter.rb +14 -0
- data/spec/{shared → support/shared}/module.rb +1 -1
- data/spec/{shared → support/shared}/path_extractor.rb +0 -0
- data/spec/{shared → support/shared}/plugin.rb +0 -0
- data/spec/{shared → support/shared}/reports.rb +1 -1
- data/spec/{arachni/bloom_filter_spec.rb → support/shared/support/lookup.rb} +11 -11
- metadata +936 -199
- data/lib/arachni/bloom_filter.rb +0 -74
- data/lib/arachni/buffer.rb +0 -3
- data/lib/arachni/buffer/autoflush.rb +0 -77
- data/lib/arachni/database.rb +0 -4
- data/lib/arachni/database/base.rb +0 -131
- data/modules/audit/code_injection_timing/payloads.txt +0 -4
- data/modules/audit/os_cmd_injection/payloads.txt +0 -3
- data/modules/audit/os_cmd_injection_timing/payloads.txt +0 -2
- data/modules/audit/sqli_blind_timing/payloads.txt +0 -69
- data/spec/helpers/misc.rb +0 -41
- data/spec/helpers/processes.rb +0 -112
- data/spec/helpers/requires.rb +0 -8
- data/spec/helpers/server.rb +0 -54
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZWZmNTMzNDdmNmFlYjYzMTQyMjk3MzcyYzlmNWM1NzIwNTM3ZDE4Yg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
ZGE1Y2EyYTAxZjU0Y2I3YmRlOGIxZmFlNzRjODFiNjg0NWVhMTliZg==
|
7
7
|
!binary "U0hBNTEy":
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
ZThkOWMzZDQ5MzY4ODUxN2UzMWY0ODk2MDFkMTYxZmZkZWIwZTA5ZGFhOTdm
|
10
|
+
MmYyN2NkNzMyNjU4NWJlOTdiOGUzMDRjN2NkZDhlZTcyNGYwZWRkM2Y5MTEw
|
11
|
+
NTA2MWFjZWQzMDkxNjQ3MDRiZjE3ZmQ1MWE4NzE3NGI5YWI3YjE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ZTFjNmVmZjM4ZjA4MjZkNGE4NjYzYjdhYWJlZDc2YjQyNmU1ZmM2MGVkNmY0
|
14
|
+
ZTc2NmMyMGNjMmQ1MWQyMDI4ODI3NzM3OTlhYWI3NDMzZWUwYTMzZTQ5ZDJi
|
15
|
+
ZjNiZDM2OThmNzFlNWQwODAxZmFkYTBhYjJhZjE0MGY3ZmFiODI=
|
data/ACKNOWLEDGMENTS.md
CHANGED
@@ -16,3 +16,6 @@ All the people on:
|
|
16
16
|
* [GitHub](http://github.com/Arachni/arachni/issues) who have submitted bugs and
|
17
17
|
given constructive feedback.
|
18
18
|
* The `CONTRIBUTORS.md` file.
|
19
|
+
|
20
|
+
Finally, a big thanks to the [RubyMine](http://www.jetbrains.com/ruby/) people
|
21
|
+
for providing their wonderful IDE to the Arachni project for free.
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,186 @@
|
|
1
1
|
# ChangeLog
|
2
2
|
|
3
|
+
## Version 0.4.3 _(July 06, 2013)_
|
4
|
+
|
5
|
+
- RPC protocol
|
6
|
+
- YAML serialization switched from `Syck` to `Psych` (the current Ruby default).
|
7
|
+
- Executables:
|
8
|
+
- Added `arachni_multi`
|
9
|
+
- Spawns and controls an `RPC::Server::Instance` process in order to
|
10
|
+
provide access to RPC-only features such as multi-Instance scans
|
11
|
+
**without** requiring a Dispatcher.
|
12
|
+
- CLI
|
13
|
+
- Added platform fingerprinting options:
|
14
|
+
- `--lsplat` -- Lists all available platforms.
|
15
|
+
- `--no-fingerprinting` -- Disables platform fingerprinting.
|
16
|
+
- `--platforms` -- Allows for user specified platforms.
|
17
|
+
- RPC client
|
18
|
+
- Added the `--grid-mode` option to allow the user to choose between:
|
19
|
+
- Load-balancing -- Slaves will be provided by the least burdened
|
20
|
+
Grid Dispatchers.
|
21
|
+
- Load balancing **with** line-aggregation -- In addition to balancing,
|
22
|
+
slaves will all be from Dispatchers with unique bandwidth Pipe-IDs
|
23
|
+
to result in application-level line-aggregation.
|
24
|
+
- Added modular `Page` fingeprinting, via `fingerprinter` components, identifying:
|
25
|
+
- Operating systems
|
26
|
+
- BSD
|
27
|
+
- Linux
|
28
|
+
- Unix
|
29
|
+
- Windows
|
30
|
+
- Solaris
|
31
|
+
- Web servers
|
32
|
+
- Apache
|
33
|
+
- IIS
|
34
|
+
- Nginx
|
35
|
+
- Tomcat
|
36
|
+
- Jetty
|
37
|
+
- Programming languages
|
38
|
+
- PHP
|
39
|
+
- ASP
|
40
|
+
- ASPX
|
41
|
+
- JSP
|
42
|
+
- Python
|
43
|
+
- Ruby
|
44
|
+
- Frameworks
|
45
|
+
- Rack
|
46
|
+
- `HTTP`
|
47
|
+
- `Accept-Encoding` set to `gzip, deflate` by default.
|
48
|
+
- `Parser`
|
49
|
+
- Now fingerprints the pages it returns.
|
50
|
+
- `Framework`
|
51
|
+
- Removed the following deprecated aliases:
|
52
|
+
- `:resume!` -- Only use `resume` from now on.
|
53
|
+
- `:pause!` -- Only use `pause` from now on.
|
54
|
+
- `:clean_up!` -- Only use `clean_up` from now on.
|
55
|
+
- Added `#list_platforms`.
|
56
|
+
- `Spider`
|
57
|
+
- Optimized path de-duplication.
|
58
|
+
- Paths-list synchronized using a `Mutex` to prevent issues when running as
|
59
|
+
part of a multi-Instance operation.
|
60
|
+
- `RPC::Server::Instance`
|
61
|
+
- Removed the following deprecated aliases:
|
62
|
+
- `:shutdown!` -- Only use `shutdown` from now on.
|
63
|
+
- Added preliminary support for UNIX sockets.
|
64
|
+
- Added `#list_platforms`.
|
65
|
+
- `Module::Auditor`
|
66
|
+
- Having access to the `Framework` is now required and guaranteed.
|
67
|
+
- `Element::Capabilities::Auditable`
|
68
|
+
- Out of scope elements are now visible in order to allow access to 3rd
|
69
|
+
party resources like Single Sign-On services.
|
70
|
+
- All audit methods return `false` when the element is out of the scan's scope.
|
71
|
+
- `#anonymous_auditor` now instantiates a `Framework`.
|
72
|
+
- Added `#skip_like` method to be passed blocks deciding what elements should
|
73
|
+
not be audited.
|
74
|
+
- `#audit`
|
75
|
+
- Updated to support the following payload types:
|
76
|
+
- `Array` -- Array of payloads to be injected.
|
77
|
+
- `Hash` -- Array of payloads to be injected per platform.
|
78
|
+
- Grid
|
79
|
+
- `RPC::Server::Dispatcher#dispatch`
|
80
|
+
- When the Dispatcher is a Grid member, it returns an Instance from the least
|
81
|
+
burdened Grid member by default, thus allowing for easy load-balancing.
|
82
|
+
- Multi-Instance scans
|
83
|
+
- Instances now communicate via UNIX domain sockets when all of them are on
|
84
|
+
the same host, to avoid TCP/IP overhead for IPC.
|
85
|
+
- `RPC::Server::Instance#scan`
|
86
|
+
- Added `grid_mode` option:
|
87
|
+
- `:balance` -- Slaves will be provided by the least burdened
|
88
|
+
Grid Dispatchers.
|
89
|
+
- `:aggregate` -- In addition to balancing, slaves will all be from
|
90
|
+
Dispatchers with unique bandwidth Pipe-IDs to result in
|
91
|
+
application-level line-aggregation.
|
92
|
+
- `RPC::Server::Framework`
|
93
|
+
- No longer performs a multi-Instance scan when its Dispatcher is a Grid
|
94
|
+
member. The `grid` or `grid_mode` options need to be set explicitly,
|
95
|
+
along with a `spawns` option value of 1 and higher.
|
96
|
+
- General code cleanup.
|
97
|
+
- Multi-Instance code moved under the `RPC::Server::Framework::MultiInstance`
|
98
|
+
module which concentrates multi-Instance code and pulls in the
|
99
|
+
following modules:
|
100
|
+
- `RPC::Server::Framework::Slave` -- Holds API and utilities for
|
101
|
+
slave instances.
|
102
|
+
- `RPC::Server::Framework::Master` -- Holds API and utilities for
|
103
|
+
master instances.
|
104
|
+
- Master seed crawl runs in its own thread to avoid blocking during the
|
105
|
+
initial seeding process.
|
106
|
+
- Removed the concept of issue summaries -- were used for lightweight
|
107
|
+
transmission of issue data for real-time feedback. Instead, full issues
|
108
|
+
are being buffered and flushed to the master after each page is audited.
|
109
|
+
- `RPC::Server::Framework::Distributor#distribute_elements`
|
110
|
+
- Optimized to handle large data sets.
|
111
|
+
- `RPC::Server::Spider`
|
112
|
+
- Updated buffering strategy to reduce RPC calls.
|
113
|
+
- Cleaned up and removed `@@` vars from:
|
114
|
+
- `Module::Manager`
|
115
|
+
- `Module::KeyFiller`
|
116
|
+
- `Plugin::Manager`
|
117
|
+
- `Parser`
|
118
|
+
- Moved supporting classes under `Arachni::Support`.
|
119
|
+
- `Support::Cache` classes now store `#hash` values of keys to preserve space.
|
120
|
+
- Added:
|
121
|
+
- `Support::LookUp` namespace to hold look-up optimized data structures with:
|
122
|
+
- `Support::LookUp::HashSet` -- Stores hashed items in a `Set`.
|
123
|
+
- `Support::LookUp::Moolb` -- Reverse of a Bloom-filter.
|
124
|
+
- `Support::Queue::Disk` -- Disk Queue with in-memory buffer.
|
125
|
+
- Added:
|
126
|
+
- `Arachni::Platform` -- Holds resources relevant to platform identification,
|
127
|
+
storage, and filtering.
|
128
|
+
- `Fingerprinters` -- Namespace under which all fingerprinter
|
129
|
+
components reside.
|
130
|
+
- `List` - List structure holding applicable platforms for a given WWW resource.
|
131
|
+
- `Manager` - Collection of `Lists`s for easy management of platforms of
|
132
|
+
different types.
|
133
|
+
- `IO#tail` -- Returns a specified amount of lines from the bottom of a file.
|
134
|
+
- Process helpers for RPC Instance and Dispatcher servers.
|
135
|
+
- `Arachni::Processes::Dispatchers` -- Spawns and kills Dispatchers.
|
136
|
+
- `Arachni::Processes::Instances` -- Spawns and kills Instances.
|
137
|
+
- `Arachni::Processes::Manager` -- Forks and kills processes.
|
138
|
+
- RSpec tests
|
139
|
+
- Major cleanup, using the aforementioned process helpers to remove duplicate code.
|
140
|
+
- Moved supporting components under `spec/support/`.
|
141
|
+
- Modules
|
142
|
+
- Audit
|
143
|
+
- `code_injection`
|
144
|
+
- Removed `Ruby` payload since it wasn't applicable.
|
145
|
+
- Updated to categorize payloads by platform.
|
146
|
+
- `code_injection_timing`
|
147
|
+
- Code cleanup.
|
148
|
+
- Removed `payloads.txt`, payloads are now in the module.
|
149
|
+
- Updated to categorize payloads by platform.
|
150
|
+
- `os_cmd_injection`
|
151
|
+
- Code cleanup.
|
152
|
+
- Removed `payloads.txt`, payloads are now in the module.
|
153
|
+
- Updated to categorize payloads by platform.
|
154
|
+
- `os_cmd_injection_timing`
|
155
|
+
- Code cleanup.
|
156
|
+
- Removed `payloads.txt`, payloads are now in the module.
|
157
|
+
- Updated to categorize payloads by platform.
|
158
|
+
- `path_traversal`
|
159
|
+
- Code cleanup.
|
160
|
+
- Updated to categorize payloads by platform.
|
161
|
+
- `sqli_blind_timing`
|
162
|
+
- Code cleanup.
|
163
|
+
- Split `payloads.txt`, to individual files per platform.
|
164
|
+
- Updated to categorize payloads by platform.
|
165
|
+
- Recon
|
166
|
+
- `html_objects`
|
167
|
+
- Updated description.
|
168
|
+
- Plugins
|
169
|
+
- Proxy
|
170
|
+
- Out-of-scope pages no longer return a _403 Forbidden_ error but are
|
171
|
+
instead loaded, though ignored.
|
172
|
+
- Fixed bug causing the `Content-Length` header to sometimes hold an
|
173
|
+
incorrect value.
|
174
|
+
- Fixed bug causing the control panel to be injected in a loop.
|
175
|
+
- Added support for `PUT` and `DELETE` methods.
|
176
|
+
- Supports exporting of discovered vectors in YAML format suitable for
|
177
|
+
use with the `vector_feed` plugin.
|
178
|
+
- Fixed bug with `POST` requests resulting in timed-out connections due
|
179
|
+
to forwarding a `Content-Length` request header to the origin server.
|
180
|
+
- AutoLogin
|
181
|
+
- Updated to allow access to out-of-scope resources like Single Sign-On
|
182
|
+
services.
|
183
|
+
|
3
184
|
## Version 0.4.2 _(April 26, 2013)_
|
4
185
|
|
5
186
|
- Options
|
@@ -34,7 +215,6 @@
|
|
34
215
|
- Protocol -- Now supports both ```Marshal``` and ```YAML``` automatically.
|
35
216
|
- ```Marshal``` by default since it's many times faster than ```YAML```.
|
36
217
|
- ```YAML``` as an automatic fallback in order to maintain backwards compatibility and ease of integration with 3rd parties.
|
37
|
-
- Updated to use the Ruby-default ```Psych``` engine.
|
38
218
|
- ```Framework```
|
39
219
|
- Updated gathering of slave status -- once a slave is done it reports back to the master.
|
40
220
|
- Clean-up happens automatically, clients no longer need to call ```#clean_up``` (like previously mentioned).
|
data/README.md
CHANGED
@@ -3,18 +3,18 @@
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
5
5
|
<th>Version</th>
|
6
|
-
<td>0.4.
|
6
|
+
<td>0.4.3</td>
|
7
7
|
</tr>
|
8
8
|
<tr>
|
9
9
|
<th>Homepage</th>
|
10
|
-
<td><a href="http://arachni-scanner.com">http://arachni-scanner.com</a></td>
|
10
|
+
<td><a href="http://www.arachni-scanner.com">http://arachni-scanner.com</a></td>
|
11
11
|
</tr>
|
12
12
|
<tr>
|
13
13
|
<th>Blog</th>
|
14
|
-
<td><a href="http://arachni-scanner.com/blog">http://arachni-scanner.com/blog</a></td>
|
14
|
+
<td><a href="http://www.arachni-scanner.com/blog">http://arachni-scanner.com/blog</a></td>
|
15
15
|
<tr>
|
16
16
|
<th>Github</th>
|
17
|
-
<td><a href="
|
17
|
+
<td><a href="https://github.com/Arachni/arachni">http://github.com/Arachni/arachni</a></td>
|
18
18
|
<tr/>
|
19
19
|
<tr>
|
20
20
|
<th>Documentation</th>
|
@@ -133,17 +133,29 @@ you with its findings.
|
|
133
133
|
|
134
134
|
### Open [distributed architecture](https://github.com/Arachni/arachni/wiki/Distributed-components)
|
135
135
|
|
136
|
-
- High-performance/low-bandwidth [communication protocol](https://github.com/Arachni/arachni-rpc).
|
137
|
-
-
|
136
|
+
- High-performance/low-bandwidth [communication protocol](https://github.com/Arachni/arachni-rpc-em).
|
137
|
+
- `Marshal` serialization for performance and efficiency.
|
138
|
+
- Automatically falls back to `YAML` for ease of integration with 3rd party systems.
|
139
|
+
- TCP/IP for general network communications.
|
140
|
+
- UNIX domain sockets for multi-Instance IPC.
|
141
|
+
- Remote monitoring and management of Dispatchers and Instances.
|
138
142
|
- Parallel scans -- Each scan is compartmentalized to its own OS process to take
|
139
143
|
advantage of:
|
140
144
|
- Multi-core/SMP architectures.
|
141
145
|
- OS-level scheduling/restrictions.
|
142
146
|
- Sandboxed failure propagation.
|
147
|
+
- Multi-Instance scans for parallelization of _individual scans_ using multiple
|
148
|
+
Instances to:
|
149
|
+
- Take advantage of multi-core/SMP architectures.
|
150
|
+
- Greatly diminish scan-times.
|
151
|
+
- Dispatcher Grids supporting:
|
152
|
+
- _(Optional)_ High-Performance mode -- Combines the resources of
|
153
|
+
multiple nodes to perform multi-Instance scans.
|
154
|
+
- Enabled on a per-scan basis.
|
155
|
+
- _(Always-on)_ Load-balancing -- All Instances are automatically provided
|
156
|
+
by the least burdened Grid member.
|
157
|
+
- With optional per-scan opt-out/override.
|
143
158
|
- SSL encryption (with optional peer authentication).
|
144
|
-
- Remote monitoring and management.
|
145
|
-
- Experimental support for High Performance Grid configuration, combining the
|
146
|
-
resources of multiple nodes to perform faster scans.
|
147
159
|
|
148
160
|
### Crawler
|
149
161
|
|
@@ -176,6 +188,43 @@ you with its findings.
|
|
176
188
|
permutations to provide extensive cookie-audit coverage.
|
177
189
|
- Can exclude specific input vectors by name.
|
178
190
|
|
191
|
+
### Platform fingerprinter
|
192
|
+
|
193
|
+
In order to make efficient use of the available bandwidth, Arachni performs some
|
194
|
+
basic platform fingerprinting and tailors the audit process to the server-side
|
195
|
+
deployed platforms by only injecting applicable payloads.
|
196
|
+
|
197
|
+
Currently, the following platforms can be identified:
|
198
|
+
|
199
|
+
- Operating systems
|
200
|
+
- BSD
|
201
|
+
- Linux
|
202
|
+
- Unix
|
203
|
+
- Windows
|
204
|
+
- Solaris
|
205
|
+
- Web servers
|
206
|
+
- Apache
|
207
|
+
- IIS
|
208
|
+
- Nginx
|
209
|
+
- Tomcat
|
210
|
+
- Jetty
|
211
|
+
- Programming languages
|
212
|
+
- PHP
|
213
|
+
- ASP
|
214
|
+
- ASPX
|
215
|
+
- JSP
|
216
|
+
- Python
|
217
|
+
- Ruby
|
218
|
+
- Frameworks
|
219
|
+
- Rack
|
220
|
+
|
221
|
+
The user also has the option of specifying extra platforms (like a DB server)
|
222
|
+
in order to help the system be as efficient as possible. Alternatively, fingerprinting
|
223
|
+
can be disabled altogether.
|
224
|
+
|
225
|
+
Finally, Arachni will always err on the side of caution and send all available
|
226
|
+
payloads when it fails to identify specific platforms.
|
227
|
+
|
179
228
|
### HTML Parser
|
180
229
|
|
181
230
|
Can extract and analyze:
|
@@ -400,7 +449,10 @@ You can run `rake spec` to run **all** specs or you can run them selectively usi
|
|
400
449
|
rake spec:reports # for the reports
|
401
450
|
rake spec:path_extractors # for the path extractors
|
402
451
|
|
403
|
-
**
|
452
|
+
**Please be warned**, the core specs will require a beast of a machine due to the
|
453
|
+
necessity to test the Grid/multi-Instance features of the system.
|
454
|
+
|
455
|
+
**Note**: _The module specs will take about 90 minutes due to the timing-attack tests._
|
404
456
|
|
405
457
|
## Bug reports/Feature requests
|
406
458
|
|
@@ -409,19 +461,21 @@ get support via the [Support Portal](http://support.arachni-scanner.com).
|
|
409
461
|
|
410
462
|
## Contributing
|
411
463
|
|
464
|
+
(Before starting any work, please read the [instructions](https://github.com/Arachni/arachni/tree/experimental#source)
|
465
|
+
for working with the source code.)
|
466
|
+
|
412
467
|
We're happy to accept help from fellow code-monkeys and these are the steps you
|
413
468
|
need to follow in order to contribute code:
|
414
469
|
|
415
|
-
*
|
416
|
-
* Start a feature branch based on the
|
470
|
+
* Fork the project.
|
471
|
+
* Start a feature branch based on the [experimental](https://github.com/Arachni/arachni-ui-web/tree/experimental)
|
472
|
+
branch (`git checkout -b <feature-name> experimental`).
|
417
473
|
* Add specs for your code.
|
418
474
|
* Run the spec suite to make sure you didn't break anything (`rake spec:core`
|
419
475
|
for the core libs or `rake spec` for everything).
|
420
476
|
* Commit and push your changes.
|
421
477
|
* Issue a pull request and wait for your code to be reviewed.
|
422
478
|
|
423
|
-
_PS: You may want to setup a [development environment](https://github.com/Arachni/arachni/wiki/Development-environment) first._
|
424
|
-
|
425
479
|
## License
|
426
480
|
|
427
481
|
Arachni is licensed under the Apache License Version 2.0.<br/>
|
data/Rakefile
CHANGED
@@ -157,11 +157,7 @@ task :clean do
|
|
157
157
|
sh "rm *.marshal || true"
|
158
158
|
sh "rm *.gem || true"
|
159
159
|
sh "rm logs/*.log || true"
|
160
|
-
sh "rm spec/logs/*.log || true"
|
161
|
-
sh "rm lib/arachni/ui/web/server/db/*.* || true"
|
162
|
-
sh "rm lib/arachni/ui/web/server/db/welcomed || true"
|
163
|
-
sh "rm lib/arachni/ui/web/server/public/reports/*.* || true"
|
164
|
-
sh "rm lib/arachni/ui/web/server/tmp/*.* || true"
|
160
|
+
sh "rm spec/support/logs/*.log || true"
|
165
161
|
end
|
166
162
|
|
167
163
|
|
data/arachni.gemspec
CHANGED
@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
|
|
27
27
|
' Ruby framework aimed towards helping penetration testers and' +
|
28
28
|
' administrators evaluate the security of web applications.'
|
29
29
|
|
30
|
-
s.homepage = 'https://
|
30
|
+
s.homepage = 'https://www.arachni-scanner.com'
|
31
31
|
s.email = 'tasos.laskos@gmail.com'
|
32
32
|
s.authors = [ 'Tasos Laskos' ]
|
33
33
|
|
@@ -38,6 +38,7 @@ Gem::Specification.new do |s|
|
|
38
38
|
s.files += Dir.glob( 'lib/**/**' )
|
39
39
|
s.files += Dir.glob( 'logs/**/**' )
|
40
40
|
s.files += Dir.glob( 'modules/**/**' )
|
41
|
+
s.files += Dir.glob( 'fingerprinters/**/**' )
|
41
42
|
s.files += Dir.glob( 'path_extractors/**/**' )
|
42
43
|
s.files += Dir.glob( 'plugins/**/**' )
|
43
44
|
s.files += Dir.glob( 'profiles/**/**' )
|
@@ -45,9 +46,11 @@ Gem::Specification.new do |s|
|
|
45
46
|
s.files += Dir.glob( 'rpcd_handlers/**/**' )
|
46
47
|
s.files += Dir.glob( 'spec/**/**' )
|
47
48
|
s.files += %w(Gemfile Rakefile arachni.gemspec)
|
49
|
+
s.test_files = Dir.glob( 'spec/**/**' )
|
48
50
|
|
49
51
|
s.executables = [ 'arachni', 'arachni_rpcd_monitor', 'arachni_rpcd',
|
50
|
-
|
52
|
+
'arachni_rpc', 'arachni_console', 'arachni_script',
|
53
|
+
'arachni_multi' ]
|
51
54
|
|
52
55
|
s.extra_rdoc_files = %w(README.md ACKNOWLEDGMENTS.md LICENSE.md
|
53
56
|
AUTHORS.md CHANGELOG.md CONTRIBUTORS.md
|
@@ -55,7 +58,8 @@ Gem::Specification.new do |s|
|
|
55
58
|
|
56
59
|
s.rdoc_options = [ '--charset=UTF-8' ]
|
57
60
|
|
58
|
-
|
61
|
+
# RPC client/server implementation.
|
62
|
+
s.add_dependency 'arachni-rpc-em', '0.2'
|
59
63
|
|
60
64
|
# HTTP interface.
|
61
65
|
s.add_dependency 'typhoeus', '~> 0.3.3'
|
@@ -84,16 +88,15 @@ Gem::Specification.new do |s|
|
|
84
88
|
# Outputting data in table format (arachni_rpcd_monitor).
|
85
89
|
s.add_dependency 'terminal-table', '>= 1.4.2'
|
86
90
|
|
87
|
-
# RPC client/server implementation.
|
88
|
-
s.add_dependency 'arachni-rpc-em', '~> 0.1.3'
|
89
|
-
|
90
91
|
# For CLI interfaces.
|
91
92
|
s.add_dependency 'highline'
|
92
93
|
|
94
|
+
s.add_development_dependency 'bundler'
|
93
95
|
s.add_development_dependency 'rake'
|
94
96
|
s.add_development_dependency 'rspec'
|
95
97
|
|
96
98
|
# For test mini-servers.
|
99
|
+
s.add_development_dependency 'thin'
|
97
100
|
s.add_development_dependency 'sinatra', '~> 1.3.2'
|
98
101
|
s.add_development_dependency 'sinatra-contrib', '~> 1.3.1'
|
99
102
|
|
data/bin/arachni_multi
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
=begin
|
3
|
+
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
|
4
|
+
|
5
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
you may not use this file except in compliance with the License.
|
7
|
+
You may obtain a copy of the License at
|
8
|
+
|
9
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
|
11
|
+
Unless required by applicable law or agreed to in writing, software
|
12
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
See the License for the specific language governing permissions and
|
15
|
+
limitations under the License.
|
16
|
+
=end
|
17
|
+
|
18
|
+
require_relative '../lib/arachni'
|
19
|
+
|
20
|
+
Arachni::Options.parse
|
21
|
+
require Arachni::Options.dir['lib'] + 'ui/cli/rpc/local'
|
22
|
+
|
23
|
+
Arachni::UI::CLI::RPC::Local.new
|