RubyGems - arachni - Versions diffs - 0.4.5.2 → 0.4.6 - Mend

arachni 0.4.5.2 → 0.4.6

Files changed (621) hide show

checksums.yaml +9 -9
data/CHANGELOG.md +97 -0
data/CONTRIBUTORS.md +1 -0
data/NOTICE +1 -1
data/README.md +4 -4
data/Rakefile +111 -26
data/arachni.gemspec +2 -2
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/external/metasploit/LICENSE +1 -1
data/fingerprinters/frameworks/rack.rb +1 -1
data/fingerprinters/languages/asp.rb +1 -1
data/fingerprinters/languages/aspx.rb +1 -1
data/fingerprinters/languages/jsp.rb +3 -5
data/fingerprinters/languages/php.rb +1 -1
data/fingerprinters/languages/python.rb +1 -1
data/fingerprinters/languages/ruby.rb +1 -1
data/fingerprinters/os/bsd.rb +1 -1
data/fingerprinters/os/linux.rb +1 -1
data/fingerprinters/os/solaris.rb +1 -1
data/fingerprinters/os/unix.rb +1 -1
data/fingerprinters/os/windows.rb +1 -1
data/fingerprinters/servers/apache.rb +1 -1
data/fingerprinters/servers/iis.rb +1 -1
data/fingerprinters/servers/jetty.rb +1 -1
data/fingerprinters/servers/nginx.rb +1 -1
data/fingerprinters/servers/tomcat.rb +1 -1
data/lib/arachni.rb +6 -1
data/lib/arachni/audit_store.rb +1 -1
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/enum.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/auditable.rb +45 -22
data/lib/arachni/element/capabilities/auditable/rdiff.rb +378 -122
data/lib/arachni/element/capabilities/auditable/taint.rb +57 -20
data/lib/arachni/element/capabilities/auditable/timeout.rb +95 -68
data/lib/arachni/element/capabilities/mutable.rb +77 -40
data/lib/arachni/element/capabilities/refreshable.rb +7 -1
data/lib/arachni/element/cookie.rb +46 -167
data/lib/arachni/element/form.rb +77 -517
data/lib/arachni/element/header.rb +21 -15
data/lib/arachni/element/link.rb +2 -2
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +1 -1
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/framework.rb +16 -7
data/lib/arachni/http.rb +111 -118
data/lib/arachni/http/cookie_jar.rb +8 -2
data/lib/arachni/issue.rb +4 -1
data/lib/arachni/mixins/observable.rb +1 -1
data/lib/arachni/mixins/progress_bar.rb +1 -1
data/lib/arachni/mixins/terminal.rb +1 -1
data/lib/arachni/module.rb +1 -1
data/lib/arachni/module/auditor.rb +23 -17
data/lib/arachni/module/base.rb +1 -1
data/lib/arachni/module/manager.rb +4 -4
data/lib/arachni/module/output.rb +1 -1
data/lib/arachni/module/utilities.rb +1 -1
data/lib/arachni/options.rb +28 -7
data/lib/arachni/page.rb +4 -5
data/lib/arachni/parser.rb +3 -2
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +11 -29
data/lib/arachni/platform/manager.rb +31 -8
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/manager.rb +1 -1
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +1 -1
data/lib/arachni/report.rb +1 -1
data/lib/arachni/report/base.rb +1 -1
data/lib/arachni/report/manager.rb +1 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +10 -6
data/lib/arachni/rpc/server/dispatcher/handler.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +5 -3
data/lib/arachni/rpc/server/framework.rb +5 -3
data/lib/arachni/rpc/server/framework/distributor.rb +24 -19
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +7 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +5 -4
data/lib/arachni/rpc/server/module/manager.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/rpc/server/spider.rb +5 -2
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/ruby/array.rb +9 -1
data/lib/arachni/ruby/enumerable.rb +1 -1
data/lib/arachni/ruby/hash.rb +24 -5
data/lib/arachni/ruby/io.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +13 -2
data/lib/arachni/ruby/webrick.rb +3 -15
data/lib/arachni/ruby/webrick/cookie.rb +30 -0
data/lib/arachni/ruby/webrick/httprequest.rb +42 -0
data/lib/arachni/session.rb +21 -8
data/lib/arachni/spider.rb +18 -11
data/lib/arachni/support.rb +3 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +5 -5
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +52 -69
data/lib/arachni/{module → support}/key_filler.rb +11 -17
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/queue.rb +1 -1
data/lib/arachni/support/queue/disk.rb +1 -1
data/lib/arachni/support/signature.rb +153 -0
data/lib/arachni/trainer.rb +30 -19
data/lib/arachni/typhoeus/hydra.rb +1 -1
data/lib/arachni/typhoeus/request.rb +1 -1
data/lib/arachni/typhoeus/response.rb +8 -2
data/lib/arachni/typhoeus/utils.rb +1 -1
data/lib/arachni/ui/cli/cli.rb +18 -7
data/lib/arachni/ui/cli/output.rb +28 -1
data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +1 -1
data/lib/arachni/ui/cli/rpc/instance.rb +1 -1
data/lib/arachni/ui/cli/rpc/local.rb +1 -1
data/lib/arachni/ui/cli/rpc/remote.rb +1 -1
data/lib/arachni/ui/cli/utilities.rb +14 -29
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri.rb +2 -3
data/lib/arachni/utilities.rb +1 -1
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/modules/audit/code_injection.rb +1 -1
data/modules/audit/code_injection_php_input_wrapper.rb +1 -1
data/modules/audit/code_injection_timing.rb +1 -1
data/modules/audit/csrf.rb +1 -1
data/modules/audit/file_inclusion.rb +5 -5
data/modules/audit/ldapi.rb +1 -1
data/modules/audit/os_cmd_injection.rb +1 -1
data/modules/audit/os_cmd_injection_timing.rb +4 -3
data/modules/audit/path_traversal.rb +5 -5
data/modules/audit/response_splitting.rb +1 -1
data/modules/audit/rfi.rb +1 -1
data/modules/audit/session_fixation.rb +1 -1
data/modules/audit/source_code_disclosure.rb +21 -17
data/modules/audit/sqli.rb +11 -8
data/modules/audit/sqli/patterns/pgsql +1 -0
data/modules/audit/sqli/regexp_ignore.txt +1 -0
data/modules/audit/sqli_blind_rdiff.rb +12 -12
data/modules/audit/sqli_blind_rdiff/payloads.txt +1 -5
data/modules/audit/sqli_blind_timing.rb +4 -6
data/modules/audit/sqli_blind_timing/mssql.txt +9 -9
data/modules/audit/sqli_blind_timing/mysql.txt +9 -31
data/modules/audit/sqli_blind_timing/pgsql.txt +6 -28
data/modules/audit/trainer.rb +1 -1
data/modules/audit/unvalidated_redirect.rb +1 -1
data/modules/audit/xpath.rb +1 -1
data/modules/audit/xss.rb +12 -12
data/modules/audit/xss_event.rb +1 -1
data/modules/audit/xss_path.rb +1 -1
data/modules/audit/xss_script_tag.rb +13 -20
data/modules/audit/xss_tag.rb +5 -7
data/modules/recon/allowed_methods.rb +1 -1
data/modules/recon/backdoors.rb +1 -1
data/modules/recon/backup_files.rb +1 -1
data/modules/recon/common_directories.rb +1 -1
data/modules/recon/common_files.rb +1 -1
data/modules/recon/common_files/filenames.txt +1 -0
data/modules/recon/directory_listing.rb +2 -2
data/modules/recon/grep/captcha.rb +1 -1
data/modules/recon/grep/credit_card.rb +1 -1
data/modules/recon/grep/cvs_svn_users.rb +1 -1
data/modules/recon/grep/emails.rb +1 -1
data/modules/recon/grep/form_upload.rb +1 -1
data/modules/recon/grep/html_objects.rb +1 -1
data/modules/recon/grep/http_only_cookies.rb +1 -1
data/modules/recon/grep/insecure_cookies.rb +1 -1
data/modules/recon/grep/mixed_resource.rb +1 -1
data/modules/recon/grep/password_autocomplete.rb +1 -1
data/modules/recon/grep/private_ip.rb +1 -1
data/modules/recon/grep/ssn.rb +1 -1
data/modules/recon/grep/unencrypted_password_forms.rb +1 -1
data/modules/recon/htaccess_limit.rb +1 -1
data/modules/recon/http_put.rb +1 -1
data/modules/recon/interesting_responses.rb +1 -1
data/modules/recon/localstart_asp.rb +5 -5
data/modules/recon/webdav.rb +1 -1
data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +1 -1
data/modules/recon/xst.rb +1 -1
data/path_extractors/anchors.rb +1 -1
data/path_extractors/areas.rb +1 -1
data/path_extractors/forms.rb +1 -1
data/path_extractors/frames.rb +1 -1
data/path_extractors/generic.rb +1 -1
data/path_extractors/links.rb +1 -1
data/path_extractors/meta_refresh.rb +1 -1
data/path_extractors/scripts.rb +1 -1
data/plugins/autologin.rb +16 -8
data/plugins/beep_notify.rb +1 -1
data/plugins/{defaults/content_types.rb → content_types.rb} +1 -1
data/plugins/cookie_collector.rb +21 -11
data/plugins/defaults/autothrottle.rb +1 -1
data/plugins/defaults/healthmap.rb +1 -1
data/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/plugins/defaults/meta/remedies/timing_attacks.rb +6 -8
data/plugins/defaults/meta/uniformity.rb +1 -1
data/plugins/defaults/resolver.rb +1 -1
data/plugins/email_notify.rb +1 -1
data/plugins/form_dicattack.rb +1 -1
data/plugins/http_dicattack.rb +1 -1
data/plugins/libnotify.rb +1 -1
data/plugins/profiler.rb +1 -1
data/plugins/proxy.rb +2 -1
data/plugins/proxy/server.rb +3 -1
data/plugins/proxy/template_scope.rb +1 -1
data/plugins/rescan.rb +1 -1
data/plugins/script.rb +1 -1
data/plugins/uncommon_headers.rb +2 -1
data/plugins/vector_feed.rb +1 -1
data/plugins/waf_detector.rb +1 -1
data/reports/afr.rb +8 -9
data/reports/ap.rb +1 -1
data/reports/html.rb +8 -12
data/reports/html/default.erb +2 -3
data/reports/html/default/issue.erb +0 -12
data/reports/html/default/issues.erb +2 -2
data/reports/json.rb +13 -10
data/reports/marshal.rb +8 -9
data/reports/metareport.rb +9 -10
data/reports/plugin_formatters/html/autologin.rb +1 -1
data/reports/plugin_formatters/html/content_types.rb +1 -1
data/reports/plugin_formatters/html/cookie_collector.rb +1 -1
data/reports/plugin_formatters/html/discovery.rb +1 -1
data/reports/plugin_formatters/html/form_dicattack.rb +1 -1
data/reports/plugin_formatters/html/healthmap.rb +1 -1
data/reports/plugin_formatters/html/http_dicattack.rb +1 -1
data/reports/plugin_formatters/html/profiler.rb +1 -1
data/reports/plugin_formatters/html/resolver.rb +1 -1
data/reports/plugin_formatters/html/timing_attacks.rb +1 -1
data/reports/plugin_formatters/html/uncommon_headers.rb +1 -1
data/reports/plugin_formatters/html/uniformity.rb +1 -1
data/reports/plugin_formatters/html/waf_detector.rb +1 -1
data/reports/plugin_formatters/stdout/autologin.rb +1 -1
data/reports/plugin_formatters/stdout/content_types.rb +1 -1
data/reports/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/reports/plugin_formatters/stdout/discovery.rb +1 -1
data/reports/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/reports/plugin_formatters/stdout/healthmap.rb +2 -4
data/reports/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/reports/plugin_formatters/stdout/profiler.rb +1 -1
data/reports/plugin_formatters/stdout/resolver.rb +1 -1
data/reports/plugin_formatters/stdout/timing_attacks.rb +1 -1
data/reports/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/reports/plugin_formatters/stdout/uniformity.rb +1 -1
data/reports/plugin_formatters/stdout/waf_detector.rb +1 -1
data/reports/plugin_formatters/xml/autologin.rb +1 -1
data/reports/plugin_formatters/xml/content_types.rb +1 -1
data/reports/plugin_formatters/xml/cookie_collector.rb +1 -1
data/reports/plugin_formatters/xml/discovery.rb +1 -1
data/reports/plugin_formatters/xml/form_dicattack.rb +1 -1
data/reports/plugin_formatters/xml/healthmap.rb +1 -1
data/reports/plugin_formatters/xml/http_dicattack.rb +1 -1
data/reports/plugin_formatters/xml/profiler.rb +1 -1
data/reports/plugin_formatters/xml/resolver.rb +1 -1
data/reports/plugin_formatters/xml/timing_attacks.rb +1 -1
data/reports/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/reports/plugin_formatters/xml/uniformity.rb +1 -1
data/reports/plugin_formatters/xml/waf_detector.rb +1 -1
data/reports/stdout.rb +1 -1
data/reports/txt.rb +1 -1
data/reports/xml.rb +8 -9
data/reports/xml/buffer.rb +2 -2
data/reports/yaml.rb +8 -9
data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +80 -2
data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +44 -29
data/spec/arachni/element/cookie_spec.rb +1 -1
data/spec/arachni/element/form_spec.rb +31 -13
data/spec/arachni/http/cookie_jar_spec.rb +11 -0
data/spec/arachni/http_spec.rb +33 -7
data/spec/arachni/issue_spec.rb +10 -3
data/spec/arachni/options_spec.rb +18 -1
data/spec/arachni/parser_spec.rb +27 -26
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +10 -1
data/spec/arachni/rpc/server/dispatcher_spec.rb +15 -0
data/spec/arachni/ruby/array_spec.rb +11 -0
data/spec/arachni/ruby/hash_spec.rb +28 -1
data/spec/arachni/ruby/string_spec.rb +14 -1
data/spec/arachni/session_spec.rb +39 -0
data/spec/arachni/spider_spec.rb +23 -14
data/spec/arachni/{module → support}/key_filler.rb +20 -2
data/spec/arachni/support/signature_spec.rb +158 -0
data/spec/arachni/trainer_spec.rb +31 -0
data/spec/arachni/typhoeus/response_spec.rb +17 -0
data/spec/arachni/uri_spec.rb +1 -1
data/spec/external/wavsep/active/lfi_spec.rb +94 -0
data/spec/external/wavsep/active/rfi_spec.rb +35 -0
data/spec/external/wavsep/active/sqli_spec.rb +108 -0
data/spec/external/wavsep/active/xss_spec.rb +41 -0
data/spec/external/wavsep/false_positives/lfi_spec.rb +33 -0
data/spec/external/wavsep/false_positives/rfi_spec.rb +21 -0
data/spec/external/wavsep/false_positives/sqli_spec.rb +32 -0
data/spec/external/wavsep/false_positives/xss_spec.rb +21 -0
data/spec/modules/audit/source_code_disclosure_spec.rb +4 -4
data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
data/spec/modules/audit/sqli_blind_timing_spec.rb +3 -3
data/spec/modules/audit/sqli_spec.rb +1 -1
data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
data/spec/plugins/autologin_spec.rb +25 -7
data/spec/plugins/cookie_collector_spec.rb +17 -0
data/spec/spec_helper.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/modules/test.rb +1 -1
data/spec/support/fixtures/modules/test2.rb +1 -1
data/spec/support/fixtures/modules/test3.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/spider_hook.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reports/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reports/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reports/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reports/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reports/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_mod/body.rb +1 -1
data/spec/support/fixtures/run_mod/cookies.rb +1 -1
data/spec/support/fixtures/run_mod/empty.rb +1 -1
data/spec/support/fixtures/run_mod/flch.rb +1 -1
data/spec/support/fixtures/run_mod/forms.rb +1 -1
data/spec/support/fixtures/run_mod/headers.rb +1 -1
data/spec/support/fixtures/run_mod/links.rb +1 -1
data/spec/support/fixtures/run_mod/nil.rb +1 -1
data/spec/support/fixtures/run_mod/path.rb +1 -1
data/spec/support/fixtures/run_mod/server.rb +1 -1
data/spec/support/fixtures/taint_module/taint.rb +1 -1
data/spec/support/fixtures/wait_module/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/web_server_manager.rb +1 -1
data/spec/support/logs/Dispatcher - 10129-46995.log +9 -0
data/spec/support/logs/Dispatcher - 10139-63648.log +19 -0
data/spec/support/logs/Dispatcher - 10149-5551.log +17 -0
data/spec/support/logs/Dispatcher - 10158-34385.log +13 -0
data/spec/support/logs/Dispatcher - 10167-55701.log +9 -0
data/spec/support/logs/Dispatcher - 10176-8922.log +9 -0
data/spec/support/logs/Dispatcher - 10185-53716.log +11 -0
data/spec/support/logs/Dispatcher - 10198-44724.log +11 -0
data/spec/support/logs/Dispatcher - 10211-7697.log +11 -0
data/spec/support/logs/Dispatcher - 10224-3751.log +35 -0
data/spec/support/logs/Dispatcher - 10285-7404.log +21 -0
data/spec/support/logs/Dispatcher - 10294-56221.log +21 -0
data/spec/support/logs/Dispatcher - 10303-2483.log +23 -0
data/spec/support/logs/Dispatcher - 10344-60543.log +19 -0
data/spec/support/logs/Dispatcher - 10355-31708.log +17 -0
data/spec/support/logs/Dispatcher - 10364-63170.log +15 -0
data/spec/support/logs/Dispatcher - 10377-37936.log +11 -0
data/spec/support/logs/Dispatcher - 10390-37511.log +9 -0
data/spec/support/logs/Dispatcher - 10400-29603.log +9 -0
data/spec/support/logs/Dispatcher - 10409-57042.log +9 -0
data/spec/support/logs/Dispatcher - 10418-17812.log +9 -0
data/spec/support/logs/Dispatcher - 10427-59862.log +11 -0
data/spec/support/logs/Dispatcher - 10440-48351.log +9 -0
data/spec/support/logs/Dispatcher - 10449-24218.log +9 -0
data/spec/support/logs/Dispatcher - 10458-54646.log +9 -0
data/spec/support/logs/Dispatcher - 10511-3333.log +63 -0
data/spec/support/logs/Dispatcher - 10520-50009.log +43 -0
data/spec/support/logs/Dispatcher - 10529-44870.log +39 -0
data/spec/support/logs/Dispatcher - 10538-49556.log +34 -0
data/spec/support/logs/Dispatcher - 10547-61887.log +28 -0
data/spec/support/logs/Dispatcher - 10556-31163.log +21 -0
data/spec/support/logs/Dispatcher - 10565-40008.log +13 -0
data/spec/support/logs/Dispatcher - 10575-18836.log +9 -0
data/spec/support/logs/Dispatcher - 10747-32268.log +19 -0
data/spec/support/logs/Dispatcher - 10757-4081.log +21 -0
data/spec/support/logs/Dispatcher - 10766-49190.log +15 -0
data/spec/support/logs/Dispatcher - 10780-46610.log +19 -0
data/spec/support/logs/Dispatcher - 10789-5332.log +21 -0
data/spec/support/logs/Dispatcher - 10798-56243.log +15 -0
data/spec/support/logs/Dispatcher - 10920-32037.log +17 -0
data/spec/support/logs/Dispatcher - 10929-35662.log +21 -0
data/spec/support/logs/Dispatcher - 10938-64010.log +13 -0
data/spec/support/logs/Dispatcher - 10951-44746.log +19 -0
data/spec/support/logs/Dispatcher - 10961-55791.log +21 -0
data/spec/support/logs/Dispatcher - 10972-58913.log +15 -0
data/spec/support/logs/Dispatcher - 11023-45004.log +17 -0
data/spec/support/logs/Dispatcher - 11033-55505.log +21 -0
data/spec/support/logs/Dispatcher - 11042-46123.log +13 -0
data/spec/support/logs/Dispatcher - 11055-26836.log +17 -0
data/spec/support/logs/Dispatcher - 11064-60361.log +21 -0
data/spec/support/logs/Dispatcher - 11073-17507.log +13 -0
data/spec/support/logs/Dispatcher - 11298-28357.log +19 -0
data/spec/support/logs/Dispatcher - 11307-62669.log +21 -0
data/spec/support/logs/Dispatcher - 11316-9391.log +15 -0
data/spec/support/logs/Dispatcher - 11340-45921.log +21 -0
data/spec/support/logs/Dispatcher - 11349-8693.log +25 -0
data/spec/support/logs/Dispatcher - 11358-53753.log +15 -0
data/spec/support/logs/Dispatcher - 11394-29437.log +17 -0
data/spec/support/logs/Dispatcher - 11403-59953.log +21 -0
data/spec/support/logs/Dispatcher - 11412-51134.log +13 -0
data/spec/support/logs/Dispatcher - 11425-42569.log +21 -0
data/spec/support/logs/Dispatcher - 11434-16150.log +25 -0
data/spec/support/logs/Dispatcher - 11443-19072.log +15 -0
data/spec/support/logs/Dispatcher - 11479-39149.log +17 -0
data/spec/support/logs/Dispatcher - 11488-42169.log +21 -0
data/spec/support/logs/Dispatcher - 11497-29822.log +13 -0
data/spec/support/logs/Dispatcher - 11510-8273.log +17 -0
data/spec/support/logs/Dispatcher - 11519-18206.log +21 -0
data/spec/support/logs/Dispatcher - 11528-55825.log +13 -0
data/spec/support/logs/Dispatcher - 9969-52890.log +9 -0
data/spec/support/logs/Dispatcher - 9996-38451.log +21 -0
data/spec/support/logs/{Instance - 12589-35500.error.log → Instance - 10762-33696.error.log } +63 -40
data/spec/support/logs/{Instance - 16415-47240.error.log → Instance - 11038-18065.error.log } +65 -42
data/spec/support/logs/{Instance - 16762-48636.error.log → Instance - 11069-34848.error.log } +162 -139
data/spec/support/logs/{Instance - 16789-61713.error.log → Instance - 11091-33954.error.log } +60 -37
data/spec/support/logs/{Instance - 16795-55306.error.log → Instance - 11097-33191.error.log } +65 -42
data/spec/support/logs/{Instance - 12909-9442.error.log → Instance - 11229-38634.error.log } +60 -37
data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +131 -7
data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +4 -0
data/spec/support/servers/arachni/element/form.rb +27 -0
data/spec/support/servers/arachni/element/link.rb +16 -0
data/spec/support/servers/arachni/session.rb +17 -1
data/spec/support/servers/arachni/spider.rb +25 -1
data/spec/support/servers/arachni/trainer.rb +8 -0
data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +2 -1
data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -1
data/spec/support/servers/modules/audit/sqli/postgresql +2 -0
data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +9 -13
data/spec/support/shared/element/capabilities/auditable.rb +62 -3
data/spec/support/shared/element/capabilities/refreshable.rb +27 -0
data/spec/support/shared/external/wavsep.rb +89 -0
metadata +1081 -1206
data/lib/arachni/platforms.rb +0 -499
data/logs/Dispatcher - 12101-7331.log +0 -15
data/spec/support/logs/Dispatcher - 11821-58635.log +0 -9
data/spec/support/logs/Dispatcher - 11848-37716.log +0 -21
data/spec/support/logs/Dispatcher - 11974-31477.log +0 -9
data/spec/support/logs/Dispatcher - 11984-10290.log +0 -19
data/spec/support/logs/Dispatcher - 11993-33501.log +0 -17
data/spec/support/logs/Dispatcher - 12002-62227.log +0 -13
data/spec/support/logs/Dispatcher - 12013-45779.log +0 -9
data/spec/support/logs/Dispatcher - 12022-22434.log +0 -9
data/spec/support/logs/Dispatcher - 12031-41130.log +0 -11
data/spec/support/logs/Dispatcher - 12045-23894.log +0 -11
data/spec/support/logs/Dispatcher - 12059-57317.log +0 -35
data/spec/support/logs/Dispatcher - 12122-60206.log +0 -21
data/spec/support/logs/Dispatcher - 12132-58445.log +0 -21
data/spec/support/logs/Dispatcher - 12141-13273.log +0 -23
data/spec/support/logs/Dispatcher - 12183-2341.log +0 -19
data/spec/support/logs/Dispatcher - 12192-56486.log +0 -17
data/spec/support/logs/Dispatcher - 12201-8840.log +0 -15
data/spec/support/logs/Dispatcher - 12214-47545.log +0 -11
data/spec/support/logs/Dispatcher - 12227-23676.log +0 -9
data/spec/support/logs/Dispatcher - 12236-16018.log +0 -9
data/spec/support/logs/Dispatcher - 12245-61980.log +0 -9
data/spec/support/logs/Dispatcher - 12254-30185.log +0 -9
data/spec/support/logs/Dispatcher - 12263-29578.log +0 -11
data/spec/support/logs/Dispatcher - 12276-64279.log +0 -9
data/spec/support/logs/Dispatcher - 12285-49975.log +0 -9
data/spec/support/logs/Dispatcher - 12347-26600.log +0 -63
data/spec/support/logs/Dispatcher - 12356-43960.log +0 -43
data/spec/support/logs/Dispatcher - 12365-30567.log +0 -39
data/spec/support/logs/Dispatcher - 12374-49263.log +0 -34
data/spec/support/logs/Dispatcher - 12401-6543.log +0 -28
data/spec/support/logs/Dispatcher - 12410-21678.log +0 -21
data/spec/support/logs/Dispatcher - 12419-42381.log +0 -13
data/spec/support/logs/Dispatcher - 12429-25829.log +0 -9
data/spec/support/logs/Dispatcher - 12574-63838.log +0 -19
data/spec/support/logs/Dispatcher - 12584-33256.log +0 -21
data/spec/support/logs/Dispatcher - 12593-45982.log +0 -15
data/spec/support/logs/Dispatcher - 12606-64171.log +0 -19
data/spec/support/logs/Dispatcher - 12615-52258.log +0 -21
data/spec/support/logs/Dispatcher - 12624-48032.log +0 -15
data/spec/support/logs/Dispatcher - 12744-31691.log +0 -17
data/spec/support/logs/Dispatcher - 12753-9777.log +0 -21
data/spec/support/logs/Dispatcher - 12762-14195.log +0 -13
data/spec/support/logs/Dispatcher - 12775-52778.log +0 -19
data/spec/support/logs/Dispatcher - 12784-33121.log +0 -21
data/spec/support/logs/Dispatcher - 12793-23476.log +0 -15
data/spec/support/logs/Dispatcher - 12845-33401.log +0 -17
data/spec/support/logs/Dispatcher - 12854-58592.log +0 -21
data/spec/support/logs/Dispatcher - 12863-38667.log +0 -13
data/spec/support/logs/Dispatcher - 12876-18504.log +0 -17
data/spec/support/logs/Dispatcher - 12885-8765.log +0 -21
data/spec/support/logs/Dispatcher - 12894-7708.log +0 -13
data/spec/support/logs/Dispatcher - 13112-20247.log +0 -19
data/spec/support/logs/Dispatcher - 13121-37610.log +0 -21
data/spec/support/logs/Dispatcher - 13130-55144.log +0 -15
data/spec/support/logs/Dispatcher - 13154-11476.log +0 -21
data/spec/support/logs/Dispatcher - 13163-28157.log +0 -25
data/spec/support/logs/Dispatcher - 13172-1403.log +0 -15
data/spec/support/logs/Dispatcher - 13208-39214.log +0 -17
data/spec/support/logs/Dispatcher - 13217-25789.log +0 -21
data/spec/support/logs/Dispatcher - 13226-32449.log +0 -13
data/spec/support/logs/Dispatcher - 13239-50344.log +0 -21
data/spec/support/logs/Dispatcher - 13248-35317.log +0 -25
data/spec/support/logs/Dispatcher - 13257-20820.log +0 -15
data/spec/support/logs/Dispatcher - 13293-39307.log +0 -17
data/spec/support/logs/Dispatcher - 13302-62417.log +0 -21
data/spec/support/logs/Dispatcher - 13311-57144.log +0 -13
data/spec/support/logs/Dispatcher - 13324-35654.log +0 -17
data/spec/support/logs/Dispatcher - 13333-9999.log +0 -21
data/spec/support/logs/Dispatcher - 13342-64466.log +0 -13
data/spec/support/logs/Dispatcher - 15092-40680.log +0 -9
data/spec/support/logs/Dispatcher - 15119-21562.log +0 -21
data/spec/support/logs/Dispatcher - 15680-63471.log +0 -9
data/spec/support/logs/Dispatcher - 15690-15104.log +0 -19
data/spec/support/logs/Dispatcher - 15699-36034.log +0 -17
data/spec/support/logs/Dispatcher - 15708-21275.log +0 -13
data/spec/support/logs/Dispatcher - 15717-6134.log +0 -9
data/spec/support/logs/Dispatcher - 15727-5906.log +0 -9
data/spec/support/logs/Dispatcher - 15736-27941.log +0 -11
data/spec/support/logs/Dispatcher - 15749-31464.log +0 -11
data/spec/support/logs/Dispatcher - 15762-52837.log +0 -35
data/spec/support/logs/Dispatcher - 15823-2486.log +0 -21
data/spec/support/logs/Dispatcher - 15832-34792.log +0 -21
data/spec/support/logs/Dispatcher - 15841-3367.log +0 -23
data/spec/support/logs/Dispatcher - 15886-2171.log +0 -19
data/spec/support/logs/Dispatcher - 15895-6022.log +0 -17
data/spec/support/logs/Dispatcher - 15904-51624.log +0 -15
data/spec/support/logs/Dispatcher - 15917-11227.log +0 -11
data/spec/support/logs/Dispatcher - 15930-17170.log +0 -9
data/spec/support/logs/Dispatcher - 15939-24891.log +0 -9
data/spec/support/logs/Dispatcher - 15948-26858.log +0 -9
data/spec/support/logs/Dispatcher - 15957-12278.log +0 -9
data/spec/support/logs/Dispatcher - 15967-37642.log +0 -11
data/spec/support/logs/Dispatcher - 15981-57959.log +0 -9
data/spec/support/logs/Dispatcher - 16000-51003.log +0 -9
data/spec/support/logs/Dispatcher - 16064-25969.log +0 -63
data/spec/support/logs/Dispatcher - 16073-13164.log +0 -43
data/spec/support/logs/Dispatcher - 16083-21729.log +0 -39
data/spec/support/logs/Dispatcher - 16092-48691.log +0 -34
data/spec/support/logs/Dispatcher - 16101-7385.log +0 -28
data/spec/support/logs/Dispatcher - 16110-24222.log +0 -21
data/spec/support/logs/Dispatcher - 16119-29645.log +0 -13
data/spec/support/logs/Dispatcher - 16129-23325.log +0 -9
data/spec/support/logs/Dispatcher - 16399-42716.log +0 -19
data/spec/support/logs/Dispatcher - 16410-3301.log +0 -21
data/spec/support/logs/Dispatcher - 16419-8500.log +0 -15
data/spec/support/logs/Dispatcher - 16432-2467.log +0 -19
data/spec/support/logs/Dispatcher - 16441-27407.log +0 -21
data/spec/support/logs/Dispatcher - 16450-28157.log +0 -15
data/spec/support/logs/Dispatcher - 16607-37339.log +0 -17
data/spec/support/logs/Dispatcher - 16616-50971.log +0 -21
data/spec/support/logs/Dispatcher - 16625-28154.log +0 -13
data/spec/support/logs/Dispatcher - 16638-17094.log +0 -19
data/spec/support/logs/Dispatcher - 16647-25657.log +0 -21
data/spec/support/logs/Dispatcher - 16656-11108.log +0 -15
data/spec/support/logs/Dispatcher - 16716-31067.log +0 -17
data/spec/support/logs/Dispatcher - 16726-34466.log +0 -21
data/spec/support/logs/Dispatcher - 16735-55150.log +0 -13
data/spec/support/logs/Dispatcher - 16748-7910.log +0 -17
data/spec/support/logs/Dispatcher - 16757-62118.log +0 -21
data/spec/support/logs/Dispatcher - 16766-31937.log +0 -13
data/spec/support/logs/Dispatcher - 16999-6441.log +0 -19
data/spec/support/logs/Dispatcher - 17008-51788.log +0 -21
data/spec/support/logs/Dispatcher - 17017-20096.log +0 -15
data/spec/support/logs/Dispatcher - 17041-15877.log +0 -21
data/spec/support/logs/Dispatcher - 17050-42137.log +0 -25
data/spec/support/logs/Dispatcher - 17059-12767.log +0 -15
data/spec/support/logs/Dispatcher - 17095-3041.log +0 -17
data/spec/support/logs/Dispatcher - 17104-42336.log +0 -21
data/spec/support/logs/Dispatcher - 17113-11660.log +0 -13
data/spec/support/logs/Dispatcher - 17126-64859.log +0 -21
data/spec/support/logs/Dispatcher - 17135-11634.log +0 -25
data/spec/support/logs/Dispatcher - 17144-37598.log +0 -15
data/spec/support/logs/Dispatcher - 17180-55804.log +0 -17
data/spec/support/logs/Dispatcher - 17189-5599.log +0 -21
data/spec/support/logs/Dispatcher - 17198-13188.log +0 -13
data/spec/support/logs/Dispatcher - 17211-23553.log +0 -17
data/spec/support/logs/Dispatcher - 17220-36701.log +0 -21
data/spec/support/logs/Dispatcher - 17229-41502.log +0 -13
data/spec/support/logs/Instance - 12859-23151.error.log +0 -314
data/spec/support/logs/Instance - 12890-17901.error.log +0 -413
data/spec/support/logs/Instance - 12915-45947.error.log +0 -314
data/spec/support/logs/Instance - 13044-48074.error.log +0 -312
data/spec/support/logs/Instance - 16731-60738.error.log +0 -314
data/spec/support/logs/Instance - 16931-37511.error.log +0 -312

checksums.yaml CHANGED Viewed

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NzNlOTZlMGUyOTkwNTY4MWRmYTQyYmFmNmRlMGI0ZDVlNzZkMmI4NA==
+    MjQyMTU0MWMwYTcyZTVhMjk0NDM0YjZlMmZiMDllYmI4ZTNkZjM4Zg==
   data.tar.gz: !binary |-
-    YmNiN2YyNmFlMzZlZThjYmZiMGUwZGY1MTQ5NjlhZTgyYzk4M2NjZQ==
-!binary "U0hBNTEy":
+    MWI4ZjZmNzE5MzMxM2UyOTdkMzI4NjM0YTI0NWQwZDg4NmUxMzcwYw==
+SHA512:
   metadata.gz: !binary |-
-    MDZmZGMzZTU5ZjVhM2Q4MDg2OTI5NGUwMDBhZTJhNGRlOGViYjc4YjlmY2I3
-    OWE4Y2E4MTFkODIyNTI0N2VmNzBmM2Q2YjEwZGQxMmZlNjFjODQ3YTFmYmZh
-    N2Y5NDhhNzgyMTQzZmM0MTRiNWMzNmYwZWEwOTVjY2ExZWQ3NjA=
+    N2NkYzk3M2Y1MzY3YWQ0ZmEwZTM0ODBiZGUwNmZhYmIxOWRlODAyZDFjOTgw
+    YTIwMmQ0YjdhNDhjMWUzNWVkYzQ0MTM0ZjA5ZGQyYzM2MzQ2MDgyZWFiZmQw
+    MDY5NDFiMWY0ZGY4YzNjMWZjNTliMmFlM2YyZGM2MzFlZjY4YTg=
   data.tar.gz: !binary |-
-    MzRiNTI1ZDY0Y2EwZjBlNmRiYWRjOGE0ZmI5ODkyMmQyZjMzN2VlNWVkZTg3
-    ZTkzMDEzMjBlZGZiMGM2MmI5MTkyZmE5ZmRiZTY0NzcwMDc2YzY3M2JkN2Y4
-    ZmY0MDhiMTAyMDU5YWRlZGEwMjMzOGRjNjhiMTE2NzcxNDhjZjU=
+    M2JlNDdkN2MxODRhMThkYzQxNTBkZjcyMWQxNTg3ZWM2YzU5NTQyOTRhNmFm
+    ZTVkNzA4MjJjNmI2NzQ0ZTE2ZjNkNzgzNmFlMGJkYWQwMGRhNjc0M2RiODM5
+    YjY3MGM1MGRiNWFmYjI0MTg2YjVmNjZjYzhiOGZhNTk3NGM4YTE=

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,102 @@
 # ChangeLog
+## 0.4.6 _(January 1, 2014)_
+- CLI user interfaces
+    - `--lsmod`
+        - Longer pauses every 3 modules, it lists all of them at once.
+        - Updated to show the _Severity_ of the issues the module logs.
+    - `Ctrl+C` screen optimized to use less resources when printing scan data.
+- Options
+    - `--cookie-string` -- Updated to also handle cookies in the form of `Set-Cookie` headers.
+    - Added:
+        - `--external-address` -- The external address of a Dispatcher.
+        - `--http-queue-size` -- Maximum amount of requests to keep in the queue,
+            bigger size means better scheduling and better performance, smaller
+            means less RAM consumption.
+- `Session`
+    - `#ensure_logged_in` -- Retry on login failure.
+- `Spider`
+    - Don't apply scope restrictions to the seed URL.
+- `Framework`
+    - Audit
+        - Stored pages are now offloaded to disk to lower RAM consumption.
+- `Trainer`
+    - `#push` -- Prints verbose messages in cases of scope violations.
+- `HTTP`
+    - Maximum request-queue size lowered from 5000 to 500, to decrease RAM usage
+        by preventing the storage of large amounts of requests for extended periods of time.
+    - Updated to use the new `Support::Signature` class for custom-404 signatures.
+- `RPC::Server::Dispatcher`
+    - Now supports specifying an external address to allow for deployments behind NATs.
+- `Element::Capabilities::Auditable::RDiff`
+    - Updated to use the new `Support::Signature` class to perform response body comparisons.
+    - Updated the algorithm to use a `false` as the control.
+    - Added integrity check for the analysis process.
+    - Optimized scheduling of data gathering.
+    - Reduced total amount of performed requests.
+    - Massively reduced RAM consumption for data storage and analysis.
+- `Element::Capabilities::Auditable::Timeout`
+    - Updated the algorithm to use an approximated web application processing
+        time instead of the HTTP timeout based on the total request-response process.
+    - Made analysis corruption checks more stringent to diminish the chances of
+        false positives.
+    - Fixed bug causing non-vetted inputs to reach the final stages of analysis
+        which sometimes resulted in false positives.
+    - Added a cool-off period after Phase 2 to ensure webapp responsiveness post-attack.
+    - Improved status messages.
+- `Element::Capabilities::Auditable::Taint`
+    - Added longest-word-optimization -- Checks if the longest word of a regexp
+        exists in the response body prior to matching the full-blown regexp.
+- `Element::Capabilities::Auditable#audit`
+    - Added option `:skip_like`, accepting blocks used to filter the mutations
+        about to be audited.
+    - Fixed bug causing audits with constantly changing tokens to fail.
+    - Updated to use `#each_mutation` instead of `#mutations`.
+- `Element::Capabilities::Mutable`
+    - Added `#each_mutation` to generate mutations on the fly instead of relying
+        on `#mutations` to generate an array of mutations.
+    - Updated `#mutations` to delegate to `#each_mutation`.
+- `Element::Cookie#encode`
+    - Allow `=` to remain un-encoded in the cookie value.
+- `Element::Form` -- Buttons are now treated as inputs as well.
+- `Options#load` -- Updated to support serialized `Hash` objects.
+- Added `Support::Signature` -- Signature class used to generate and refine signatures
+    from `String` objects.
+- Modules
+    - Audit
+        - `path_traversal` -- Updated to use double-slashes for *nix payloads.
+        - `file_inclusion` -- Added evasive payloads using '\'.
+        - `source_code_disclosure`
+            - Increased coverage by following the directory tree of each file one
+                level at a time.
+        - `xss_script_tag` -- Updated to check for the existence of encoding operations.
+        - `sqli`
+            - Updated to cache the compiled regular expressions.
+            - Updated to use the longest-word-optimization of the taint analysis
+                implementation for faster analysis.
+        - `sqli_blind_rdiff`
+            - Massively reduced injected payloads.
+        - `os_cmd_injection_timing` -- Decreased the time delay.
+    - Recon
+        - `localstart_asp`
+            - Check for an ASP platform instead of a Windows one.
+            - Fixed `LocalJumpError`.
+- Plugins
+    - `autologin`
+        - Changed `print_bad` to `print_error` so that errors are written to the
+            error log.
+        - Scan remains paused and awaits user action upon failure.
+    - `proxy`
+        - Updated request URL encoding to handle malformed URLs.
+        - Disabled reverse DNS lookup on requests to increase performance.
+    - `content_types` -- Moved out of `defaults/'.
+    - `cookie_collector`
+        - Added `filter` option used to determine which cookies to log based on
+            a pattern matched against cookie names.
+- Reports -- Added `content_type` to all reports with `outfile` option in `.info`.
+    - `xml` -- Escaped parameter values in XML report.
 ## 0.4.5.2 _(September 18, 2013)_
 - `gemspec`

data/CONTRIBUTORS.md CHANGED Viewed

@@ -15,6 +15,7 @@ suggestions or testing it.
 - [Evan Beard](mailto:beard.evan@gmail.com) for feedback and patches.
 - [Michael Borohovski](mailto:borski@mit.edu) for testing, feedback and patches.
 - [Ben Sedat](mailto:bsedat@alum.mit.edu) for testing, feedback and patches.
+- [Michiel van Es](mailto:mve@pragmasec.nl) for relentless testing and feedback.
 A big thanks to my buddy [Andreas](mailto:rainmakergr@gmail.com) for the original
 spider drawing used in the project graphics.

data/NOTICE CHANGED Viewed

@@ -1,5 +1,5 @@
     Arachni Web Application Security Scanner Framework
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     This product includes code from the Arachni Web Application Security Scanner Framework
     developed by Tasos Laskos <tasos.laskos@gmail.com>.

data/README.md CHANGED Viewed

@@ -3,7 +3,7 @@
 <table>
     <tr>
         <th>Version</th>
-        <td>0.4.5.2</td>
+        <td>0.4.6</td>
     </tr>
     <tr>
         <th>Homepage</th>
@@ -38,7 +38,7 @@
     </tr>
     <tr>
         <th>Copyright</th>
-        <td>2010-2013 Tasos Laskos</td>
+        <td>2010-2014 Tasos Laskos</td>
     </tr>
     <tr>
         <th>License</th>
@@ -403,6 +403,8 @@ core remains lean and makes it easy for anyone to add arbitrary functionality.
 - Script (`script`) -- Loads and runs an external Ruby script under the scope of a plugin,
     used for debugging and general hackery.
 - Uncommon headers (`uncommon_headers`) -- Logs uncommon headers.
+- Content-types (`content_types`) -- Logs content-types of server responses aiding in the
+    identification of interesting (possibly leaked) files.
 #### Defaults
@@ -410,8 +412,6 @@ Default plugins will run for every scan and are placed under `/plugins/defaults/
 - AutoThrottle (`autothrottle`) -- Dynamically adjusts HTTP throughput during the scan for
     maximum bandwidth utilization.
-- Content-types (`content_types`) -- Logs content-types of server responses aiding in the
-    identification of interesting (possibly leaked) files.
 - Healthmap (`healthmap`) -- Generates sitemap showing the health of each crawled/audited URL
 - Resolver (`resolver`) -- Resolves vulnerable hostnames to IP addresses.

data/Rakefile CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 =end
 require 'bundler'
+require 'fileutils'
 require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni'
 begin
@@ -22,27 +23,116 @@ begin
     require 'rspec/core/rake_task'
     namespace :spec do
+        desc 'Run core library tests.'
         RSpec::Core::RakeTask.new( :core ) do |t|
-            t.pattern = FileList[ "spec/arachni/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/arachni/**/*_spec.rb' ]
         end
+        desc 'Run module tests.'
         RSpec::Core::RakeTask.new( :modules ) do |t|
-            t.pattern = FileList[ "spec/modules/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/modules/**/*_spec.rb' ]
+        end
+        namespace :modules do
+            desc 'Run tests for the audit modules.'
+            RSpec::Core::RakeTask.new( :audit ) do |t|
+                t.pattern = FileList[ 'spec/modules/audit/**/*_spec.rb' ]
+            end
+            desc 'Run tests for the recon modules.'
+            RSpec::Core::RakeTask.new( :recon ) do |t|
+                t.pattern = FileList[ 'spec/modules/recon/**/*_spec.rb' ]
+            end
         end
+        desc 'Run report tests.'
         RSpec::Core::RakeTask.new( :reports ) do |t|
-            t.pattern = FileList[ "spec/reports/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/reports/**/*_spec.rb' ]
         end
+        desc 'Run plugin tests.'
         RSpec::Core::RakeTask.new( :plugins ) do |t|
-            t.pattern = FileList[ "spec/plugins/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/plugins/**/*_spec.rb' ]
         end
+        desc 'Run path-extractor tests.'
         RSpec::Core::RakeTask.new( :path_extractors ) do |t|
-            t.pattern = FileList[ "spec/path_extractors/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/path_extractors/**/*_spec.rb' ]
+        end
+        desc 'Run external test suites.'
+        RSpec::Core::RakeTask.new( :external ) do |t|
+            t.pattern = FileList[ 'spec/external/**/*_spec.rb' ]
+        end
+        namespace :external do
+            desc 'Run the WAVSEP test suite.'
+            RSpec::Core::RakeTask.new( :wavsep ) do |t|
+                t.pattern = FileList[ 'spec/external/wavsep/**/**/*_spec.rb' ]
+            end
+            namespace :wavsep do
+                desc 'Run the WAVSEP active tests.'
+                RSpec::Core::RakeTask.new( :active ) do |t|
+                    t.pattern = FileList[ 'spec/external/wavsep/active/**/*_spec.rb' ]
+                end
+                namespace :active do
+                    desc 'Run the WAVSEP XSS tests.'
+                    RSpec::Core::RakeTask.new( :xss ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/xss_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP SQL injection tests.'
+                    RSpec::Core::RakeTask.new( :sqli ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/sqli_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP LFI tests.'
+                    RSpec::Core::RakeTask.new( :lfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/lfi_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP RFI tests.'
+                    RSpec::Core::RakeTask.new( :rfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/rfi_spec.rb' ]
+                    end
+                end
+                desc 'Run the WAVSEP false positive tests.'
+                RSpec::Core::RakeTask.new( :false_positives ) do |t|
+                    t.pattern = FileList[ 'spec/external/wavsep/false_positives/**/*_spec.rb' ]
+                end
+                namespace :false_positives do
+                    desc 'Run the WAVSEP XSS false positive tests.'
+                    RSpec::Core::RakeTask.new( :xss ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/xss_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP SQL injection false positive tests.'
+                    RSpec::Core::RakeTask.new( :sqli ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/sqli_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP LFI false positive tests.'
+                    RSpec::Core::RakeTask.new( :lfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/lfi_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP RFI false positive tests.'
+                    RSpec::Core::RakeTask.new( :rfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/rfi_spec.rb' ]
+                    end
+                end
+            end
         end
-        desc "Generate an AFR report for the report tests"
+        desc 'Generate an AFR report for the report tests.'
         namespace :generate do
             task :afr do
@@ -78,7 +168,7 @@ begin
                 Arachni::Framework.new.modules.load_all
                 Arachni::AuditStore.new( issues: issues.uniq ).
-                    save( 'spec/fixtures/auditstore.afr' )
+                    save( 'spec/support/fixtures/auditstore.afr' )
                 Arachni::Options.reset
             end
@@ -91,7 +181,7 @@ rescue LoadError
     puts '  gem install rspec'
 end
-desc "Generate docs"
+desc 'Generate docs.'
 task :docs do
     outdir = "../arachni-docs"
@@ -103,7 +193,7 @@ task :docs do
     sh "rm -rf .yardoc"
 end
-desc "Generate graphics"
+desc 'Generate graphics.'
 task :gfx do
     outdir = 'gfx/compiled'
@@ -129,7 +219,7 @@ end
 #
 # [1] https://github.com/tmm1/perftools.rb
 #
-desc "Profile Arachni"
+desc 'Profile Arachni.'
 task :profile do
     if !Gem::Specification.find_all_by_name( 'perftools.rb' ).empty?
@@ -144,27 +234,22 @@ task :profile do
 end
-#
-# Cleans reports and logs
-#
-desc "Cleaning report and log files."
+desc 'Remove report and log files.'
 task :clean do
+    files = %w(error.log *.afr *.yaml *.json *.marshal *.gem pkg/*.gem logs/*.log
+        spec/support/logs/*.log).map { |file| Dir.glob( file ) }.flatten
-    sh "rm error.log || true"
-    sh "rm *.afr || true"
-    sh "rm *.yaml || true"
-    sh "rm *.json || true"
-    sh "rm *.marshal || true"
-    sh "rm *.gem || true"
-    sh "rm logs/*.log || true"
-    sh "rm spec/support/logs/*.log || true"
-end
+    next if files.empty?
+    puts 'Removing:'
+    files.each { |file| puts "  * #{file}" }
+    FileUtils.rm files
+end
 Bundler::GemHelper.install_tasks
-desc "Push a new version to RubyGems"
+desc 'Push a new version to RubyGems'
 task :publish => [ :release ]
-desc "Build Arachni and run all the tests."
+desc 'Build Arachni and run all the tests.'
 task :default => [ :build, :spec ]

data/arachni.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 # coding: utf-8
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -114,7 +114,7 @@ GitHub page        - http://github.com/Arachni/arachni
 Code Documentation - http://rubydoc.info/github/Arachni/arachni
 Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
 Twitter            - http://twitter.com/ArachniScanner
-Copyright          - 2010-2013 Tasos Laskos
+Copyright          - 2010-2014 Tasos Laskos
 License            - Apache License v2
 Please do not hesitate to ask for assistance (via the support portal)

data/bin/arachni CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_console CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_multi CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_rpc CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_rpcd CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.