arachni 0.4.5.2 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +9 -9
- data/CHANGELOG.md +97 -0
- data/CONTRIBUTORS.md +1 -0
- data/NOTICE +1 -1
- data/README.md +4 -4
- data/Rakefile +111 -26
- data/arachni.gemspec +2 -2
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +1 -1
- data/bin/arachni_rpc +1 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +1 -1
- data/bin/arachni_script +1 -1
- data/external/metasploit/LICENSE +1 -1
- data/fingerprinters/frameworks/rack.rb +1 -1
- data/fingerprinters/languages/asp.rb +1 -1
- data/fingerprinters/languages/aspx.rb +1 -1
- data/fingerprinters/languages/jsp.rb +3 -5
- data/fingerprinters/languages/php.rb +1 -1
- data/fingerprinters/languages/python.rb +1 -1
- data/fingerprinters/languages/ruby.rb +1 -1
- data/fingerprinters/os/bsd.rb +1 -1
- data/fingerprinters/os/linux.rb +1 -1
- data/fingerprinters/os/solaris.rb +1 -1
- data/fingerprinters/os/unix.rb +1 -1
- data/fingerprinters/os/windows.rb +1 -1
- data/fingerprinters/servers/apache.rb +1 -1
- data/fingerprinters/servers/iis.rb +1 -1
- data/fingerprinters/servers/jetty.rb +1 -1
- data/fingerprinters/servers/nginx.rb +1 -1
- data/fingerprinters/servers/tomcat.rb +1 -1
- data/lib/arachni.rb +6 -1
- data/lib/arachni/audit_store.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/enum.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +45 -22
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +378 -122
- data/lib/arachni/element/capabilities/auditable/taint.rb +57 -20
- data/lib/arachni/element/capabilities/auditable/timeout.rb +95 -68
- data/lib/arachni/element/capabilities/mutable.rb +77 -40
- data/lib/arachni/element/capabilities/refreshable.rb +7 -1
- data/lib/arachni/element/cookie.rb +46 -167
- data/lib/arachni/element/form.rb +77 -517
- data/lib/arachni/element/header.rb +21 -15
- data/lib/arachni/element/link.rb +2 -2
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/framework.rb +16 -7
- data/lib/arachni/http.rb +111 -118
- data/lib/arachni/http/cookie_jar.rb +8 -2
- data/lib/arachni/issue.rb +4 -1
- data/lib/arachni/mixins/observable.rb +1 -1
- data/lib/arachni/mixins/progress_bar.rb +1 -1
- data/lib/arachni/mixins/terminal.rb +1 -1
- data/lib/arachni/module.rb +1 -1
- data/lib/arachni/module/auditor.rb +23 -17
- data/lib/arachni/module/base.rb +1 -1
- data/lib/arachni/module/manager.rb +4 -4
- data/lib/arachni/module/output.rb +1 -1
- data/lib/arachni/module/utilities.rb +1 -1
- data/lib/arachni/options.rb +28 -7
- data/lib/arachni/page.rb +4 -5
- data/lib/arachni/parser.rb +3 -2
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +11 -29
- data/lib/arachni/platform/manager.rb +31 -8
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +1 -1
- data/lib/arachni/plugin/manager.rb +1 -1
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +1 -1
- data/lib/arachni/report.rb +1 -1
- data/lib/arachni/report/base.rb +1 -1
- data/lib/arachni/report/manager.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +10 -6
- data/lib/arachni/rpc/server/dispatcher/handler.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +5 -3
- data/lib/arachni/rpc/server/framework.rb +5 -3
- data/lib/arachni/rpc/server/framework/distributor.rb +24 -19
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +7 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +5 -4
- data/lib/arachni/rpc/server/module/manager.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/rpc/server/spider.rb +5 -2
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +9 -1
- data/lib/arachni/ruby/enumerable.rb +1 -1
- data/lib/arachni/ruby/hash.rb +24 -5
- data/lib/arachni/ruby/io.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +13 -2
- data/lib/arachni/ruby/webrick.rb +3 -15
- data/lib/arachni/ruby/webrick/cookie.rb +30 -0
- data/lib/arachni/ruby/webrick/httprequest.rb +42 -0
- data/lib/arachni/session.rb +21 -8
- data/lib/arachni/spider.rb +18 -11
- data/lib/arachni/support.rb +3 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +5 -5
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +52 -69
- data/lib/arachni/{module → support}/key_filler.rb +11 -17
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/queue.rb +1 -1
- data/lib/arachni/support/queue/disk.rb +1 -1
- data/lib/arachni/support/signature.rb +153 -0
- data/lib/arachni/trainer.rb +30 -19
- data/lib/arachni/typhoeus/hydra.rb +1 -1
- data/lib/arachni/typhoeus/request.rb +1 -1
- data/lib/arachni/typhoeus/response.rb +8 -2
- data/lib/arachni/typhoeus/utils.rb +1 -1
- data/lib/arachni/ui/cli/cli.rb +18 -7
- data/lib/arachni/ui/cli/output.rb +28 -1
- data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +1 -1
- data/lib/arachni/ui/cli/rpc/instance.rb +1 -1
- data/lib/arachni/ui/cli/rpc/local.rb +1 -1
- data/lib/arachni/ui/cli/rpc/remote.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +14 -29
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +2 -3
- data/lib/arachni/utilities.rb +1 -1
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/modules/audit/code_injection.rb +1 -1
- data/modules/audit/code_injection_php_input_wrapper.rb +1 -1
- data/modules/audit/code_injection_timing.rb +1 -1
- data/modules/audit/csrf.rb +1 -1
- data/modules/audit/file_inclusion.rb +5 -5
- data/modules/audit/ldapi.rb +1 -1
- data/modules/audit/os_cmd_injection.rb +1 -1
- data/modules/audit/os_cmd_injection_timing.rb +4 -3
- data/modules/audit/path_traversal.rb +5 -5
- data/modules/audit/response_splitting.rb +1 -1
- data/modules/audit/rfi.rb +1 -1
- data/modules/audit/session_fixation.rb +1 -1
- data/modules/audit/source_code_disclosure.rb +21 -17
- data/modules/audit/sqli.rb +11 -8
- data/modules/audit/sqli/patterns/pgsql +1 -0
- data/modules/audit/sqli/regexp_ignore.txt +1 -0
- data/modules/audit/sqli_blind_rdiff.rb +12 -12
- data/modules/audit/sqli_blind_rdiff/payloads.txt +1 -5
- data/modules/audit/sqli_blind_timing.rb +4 -6
- data/modules/audit/sqli_blind_timing/mssql.txt +9 -9
- data/modules/audit/sqli_blind_timing/mysql.txt +9 -31
- data/modules/audit/sqli_blind_timing/pgsql.txt +6 -28
- data/modules/audit/trainer.rb +1 -1
- data/modules/audit/unvalidated_redirect.rb +1 -1
- data/modules/audit/xpath.rb +1 -1
- data/modules/audit/xss.rb +12 -12
- data/modules/audit/xss_event.rb +1 -1
- data/modules/audit/xss_path.rb +1 -1
- data/modules/audit/xss_script_tag.rb +13 -20
- data/modules/audit/xss_tag.rb +5 -7
- data/modules/recon/allowed_methods.rb +1 -1
- data/modules/recon/backdoors.rb +1 -1
- data/modules/recon/backup_files.rb +1 -1
- data/modules/recon/common_directories.rb +1 -1
- data/modules/recon/common_files.rb +1 -1
- data/modules/recon/common_files/filenames.txt +1 -0
- data/modules/recon/directory_listing.rb +2 -2
- data/modules/recon/grep/captcha.rb +1 -1
- data/modules/recon/grep/credit_card.rb +1 -1
- data/modules/recon/grep/cvs_svn_users.rb +1 -1
- data/modules/recon/grep/emails.rb +1 -1
- data/modules/recon/grep/form_upload.rb +1 -1
- data/modules/recon/grep/html_objects.rb +1 -1
- data/modules/recon/grep/http_only_cookies.rb +1 -1
- data/modules/recon/grep/insecure_cookies.rb +1 -1
- data/modules/recon/grep/mixed_resource.rb +1 -1
- data/modules/recon/grep/password_autocomplete.rb +1 -1
- data/modules/recon/grep/private_ip.rb +1 -1
- data/modules/recon/grep/ssn.rb +1 -1
- data/modules/recon/grep/unencrypted_password_forms.rb +1 -1
- data/modules/recon/htaccess_limit.rb +1 -1
- data/modules/recon/http_put.rb +1 -1
- data/modules/recon/interesting_responses.rb +1 -1
- data/modules/recon/localstart_asp.rb +5 -5
- data/modules/recon/webdav.rb +1 -1
- data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +1 -1
- data/modules/recon/xst.rb +1 -1
- data/path_extractors/anchors.rb +1 -1
- data/path_extractors/areas.rb +1 -1
- data/path_extractors/forms.rb +1 -1
- data/path_extractors/frames.rb +1 -1
- data/path_extractors/generic.rb +1 -1
- data/path_extractors/links.rb +1 -1
- data/path_extractors/meta_refresh.rb +1 -1
- data/path_extractors/scripts.rb +1 -1
- data/plugins/autologin.rb +16 -8
- data/plugins/beep_notify.rb +1 -1
- data/plugins/{defaults/content_types.rb → content_types.rb} +1 -1
- data/plugins/cookie_collector.rb +21 -11
- data/plugins/defaults/autothrottle.rb +1 -1
- data/plugins/defaults/healthmap.rb +1 -1
- data/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/plugins/defaults/meta/remedies/timing_attacks.rb +6 -8
- data/plugins/defaults/meta/uniformity.rb +1 -1
- data/plugins/defaults/resolver.rb +1 -1
- data/plugins/email_notify.rb +1 -1
- data/plugins/form_dicattack.rb +1 -1
- data/plugins/http_dicattack.rb +1 -1
- data/plugins/libnotify.rb +1 -1
- data/plugins/profiler.rb +1 -1
- data/plugins/proxy.rb +2 -1
- data/plugins/proxy/server.rb +3 -1
- data/plugins/proxy/template_scope.rb +1 -1
- data/plugins/rescan.rb +1 -1
- data/plugins/script.rb +1 -1
- data/plugins/uncommon_headers.rb +2 -1
- data/plugins/vector_feed.rb +1 -1
- data/plugins/waf_detector.rb +1 -1
- data/reports/afr.rb +8 -9
- data/reports/ap.rb +1 -1
- data/reports/html.rb +8 -12
- data/reports/html/default.erb +2 -3
- data/reports/html/default/issue.erb +0 -12
- data/reports/html/default/issues.erb +2 -2
- data/reports/json.rb +13 -10
- data/reports/marshal.rb +8 -9
- data/reports/metareport.rb +9 -10
- data/reports/plugin_formatters/html/autologin.rb +1 -1
- data/reports/plugin_formatters/html/content_types.rb +1 -1
- data/reports/plugin_formatters/html/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/html/discovery.rb +1 -1
- data/reports/plugin_formatters/html/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/healthmap.rb +1 -1
- data/reports/plugin_formatters/html/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/html/profiler.rb +1 -1
- data/reports/plugin_formatters/html/resolver.rb +1 -1
- data/reports/plugin_formatters/html/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/html/uniformity.rb +1 -1
- data/reports/plugin_formatters/html/waf_detector.rb +1 -1
- data/reports/plugin_formatters/stdout/autologin.rb +1 -1
- data/reports/plugin_formatters/stdout/content_types.rb +1 -1
- data/reports/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/stdout/discovery.rb +1 -1
- data/reports/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/healthmap.rb +2 -4
- data/reports/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/stdout/profiler.rb +1 -1
- data/reports/plugin_formatters/stdout/resolver.rb +1 -1
- data/reports/plugin_formatters/stdout/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/stdout/uniformity.rb +1 -1
- data/reports/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/reports/plugin_formatters/xml/autologin.rb +1 -1
- data/reports/plugin_formatters/xml/content_types.rb +1 -1
- data/reports/plugin_formatters/xml/cookie_collector.rb +1 -1
- data/reports/plugin_formatters/xml/discovery.rb +1 -1
- data/reports/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/healthmap.rb +1 -1
- data/reports/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/reports/plugin_formatters/xml/profiler.rb +1 -1
- data/reports/plugin_formatters/xml/resolver.rb +1 -1
- data/reports/plugin_formatters/xml/timing_attacks.rb +1 -1
- data/reports/plugin_formatters/xml/uncommon_headers.rb +1 -1
- data/reports/plugin_formatters/xml/uniformity.rb +1 -1
- data/reports/plugin_formatters/xml/waf_detector.rb +1 -1
- data/reports/stdout.rb +1 -1
- data/reports/txt.rb +1 -1
- data/reports/xml.rb +8 -9
- data/reports/xml/buffer.rb +2 -2
- data/reports/yaml.rb +8 -9
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +80 -2
- data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +44 -29
- data/spec/arachni/element/cookie_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +31 -13
- data/spec/arachni/http/cookie_jar_spec.rb +11 -0
- data/spec/arachni/http_spec.rb +33 -7
- data/spec/arachni/issue_spec.rb +10 -3
- data/spec/arachni/options_spec.rb +18 -1
- data/spec/arachni/parser_spec.rb +27 -26
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +10 -1
- data/spec/arachni/rpc/server/dispatcher_spec.rb +15 -0
- data/spec/arachni/ruby/array_spec.rb +11 -0
- data/spec/arachni/ruby/hash_spec.rb +28 -1
- data/spec/arachni/ruby/string_spec.rb +14 -1
- data/spec/arachni/session_spec.rb +39 -0
- data/spec/arachni/spider_spec.rb +23 -14
- data/spec/arachni/{module → support}/key_filler.rb +20 -2
- data/spec/arachni/support/signature_spec.rb +158 -0
- data/spec/arachni/trainer_spec.rb +31 -0
- data/spec/arachni/typhoeus/response_spec.rb +17 -0
- data/spec/arachni/uri_spec.rb +1 -1
- data/spec/external/wavsep/active/lfi_spec.rb +94 -0
- data/spec/external/wavsep/active/rfi_spec.rb +35 -0
- data/spec/external/wavsep/active/sqli_spec.rb +108 -0
- data/spec/external/wavsep/active/xss_spec.rb +41 -0
- data/spec/external/wavsep/false_positives/lfi_spec.rb +33 -0
- data/spec/external/wavsep/false_positives/rfi_spec.rb +21 -0
- data/spec/external/wavsep/false_positives/sqli_spec.rb +32 -0
- data/spec/external/wavsep/false_positives/xss_spec.rb +21 -0
- data/spec/modules/audit/source_code_disclosure_spec.rb +4 -4
- data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
- data/spec/modules/audit/sqli_blind_timing_spec.rb +3 -3
- data/spec/modules/audit/sqli_spec.rb +1 -1
- data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
- data/spec/plugins/autologin_spec.rb +25 -7
- data/spec/plugins/cookie_collector_spec.rb +17 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/modules/test.rb +1 -1
- data/spec/support/fixtures/modules/test2.rb +1 -1
- data/spec/support/fixtures/modules/test3.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/spider_hook.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reports/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reports/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_mod/body.rb +1 -1
- data/spec/support/fixtures/run_mod/cookies.rb +1 -1
- data/spec/support/fixtures/run_mod/empty.rb +1 -1
- data/spec/support/fixtures/run_mod/flch.rb +1 -1
- data/spec/support/fixtures/run_mod/forms.rb +1 -1
- data/spec/support/fixtures/run_mod/headers.rb +1 -1
- data/spec/support/fixtures/run_mod/links.rb +1 -1
- data/spec/support/fixtures/run_mod/nil.rb +1 -1
- data/spec/support/fixtures/run_mod/path.rb +1 -1
- data/spec/support/fixtures/run_mod/server.rb +1 -1
- data/spec/support/fixtures/taint_module/taint.rb +1 -1
- data/spec/support/fixtures/wait_module/wait.rb +1 -1
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +1 -1
- data/spec/support/logs/Dispatcher - 10129-46995.log +9 -0
- data/spec/support/logs/Dispatcher - 10139-63648.log +19 -0
- data/spec/support/logs/Dispatcher - 10149-5551.log +17 -0
- data/spec/support/logs/Dispatcher - 10158-34385.log +13 -0
- data/spec/support/logs/Dispatcher - 10167-55701.log +9 -0
- data/spec/support/logs/Dispatcher - 10176-8922.log +9 -0
- data/spec/support/logs/Dispatcher - 10185-53716.log +11 -0
- data/spec/support/logs/Dispatcher - 10198-44724.log +11 -0
- data/spec/support/logs/Dispatcher - 10211-7697.log +11 -0
- data/spec/support/logs/Dispatcher - 10224-3751.log +35 -0
- data/spec/support/logs/Dispatcher - 10285-7404.log +21 -0
- data/spec/support/logs/Dispatcher - 10294-56221.log +21 -0
- data/spec/support/logs/Dispatcher - 10303-2483.log +23 -0
- data/spec/support/logs/Dispatcher - 10344-60543.log +19 -0
- data/spec/support/logs/Dispatcher - 10355-31708.log +17 -0
- data/spec/support/logs/Dispatcher - 10364-63170.log +15 -0
- data/spec/support/logs/Dispatcher - 10377-37936.log +11 -0
- data/spec/support/logs/Dispatcher - 10390-37511.log +9 -0
- data/spec/support/logs/Dispatcher - 10400-29603.log +9 -0
- data/spec/support/logs/Dispatcher - 10409-57042.log +9 -0
- data/spec/support/logs/Dispatcher - 10418-17812.log +9 -0
- data/spec/support/logs/Dispatcher - 10427-59862.log +11 -0
- data/spec/support/logs/Dispatcher - 10440-48351.log +9 -0
- data/spec/support/logs/Dispatcher - 10449-24218.log +9 -0
- data/spec/support/logs/Dispatcher - 10458-54646.log +9 -0
- data/spec/support/logs/Dispatcher - 10511-3333.log +63 -0
- data/spec/support/logs/Dispatcher - 10520-50009.log +43 -0
- data/spec/support/logs/Dispatcher - 10529-44870.log +39 -0
- data/spec/support/logs/Dispatcher - 10538-49556.log +34 -0
- data/spec/support/logs/Dispatcher - 10547-61887.log +28 -0
- data/spec/support/logs/Dispatcher - 10556-31163.log +21 -0
- data/spec/support/logs/Dispatcher - 10565-40008.log +13 -0
- data/spec/support/logs/Dispatcher - 10575-18836.log +9 -0
- data/spec/support/logs/Dispatcher - 10747-32268.log +19 -0
- data/spec/support/logs/Dispatcher - 10757-4081.log +21 -0
- data/spec/support/logs/Dispatcher - 10766-49190.log +15 -0
- data/spec/support/logs/Dispatcher - 10780-46610.log +19 -0
- data/spec/support/logs/Dispatcher - 10789-5332.log +21 -0
- data/spec/support/logs/Dispatcher - 10798-56243.log +15 -0
- data/spec/support/logs/Dispatcher - 10920-32037.log +17 -0
- data/spec/support/logs/Dispatcher - 10929-35662.log +21 -0
- data/spec/support/logs/Dispatcher - 10938-64010.log +13 -0
- data/spec/support/logs/Dispatcher - 10951-44746.log +19 -0
- data/spec/support/logs/Dispatcher - 10961-55791.log +21 -0
- data/spec/support/logs/Dispatcher - 10972-58913.log +15 -0
- data/spec/support/logs/Dispatcher - 11023-45004.log +17 -0
- data/spec/support/logs/Dispatcher - 11033-55505.log +21 -0
- data/spec/support/logs/Dispatcher - 11042-46123.log +13 -0
- data/spec/support/logs/Dispatcher - 11055-26836.log +17 -0
- data/spec/support/logs/Dispatcher - 11064-60361.log +21 -0
- data/spec/support/logs/Dispatcher - 11073-17507.log +13 -0
- data/spec/support/logs/Dispatcher - 11298-28357.log +19 -0
- data/spec/support/logs/Dispatcher - 11307-62669.log +21 -0
- data/spec/support/logs/Dispatcher - 11316-9391.log +15 -0
- data/spec/support/logs/Dispatcher - 11340-45921.log +21 -0
- data/spec/support/logs/Dispatcher - 11349-8693.log +25 -0
- data/spec/support/logs/Dispatcher - 11358-53753.log +15 -0
- data/spec/support/logs/Dispatcher - 11394-29437.log +17 -0
- data/spec/support/logs/Dispatcher - 11403-59953.log +21 -0
- data/spec/support/logs/Dispatcher - 11412-51134.log +13 -0
- data/spec/support/logs/Dispatcher - 11425-42569.log +21 -0
- data/spec/support/logs/Dispatcher - 11434-16150.log +25 -0
- data/spec/support/logs/Dispatcher - 11443-19072.log +15 -0
- data/spec/support/logs/Dispatcher - 11479-39149.log +17 -0
- data/spec/support/logs/Dispatcher - 11488-42169.log +21 -0
- data/spec/support/logs/Dispatcher - 11497-29822.log +13 -0
- data/spec/support/logs/Dispatcher - 11510-8273.log +17 -0
- data/spec/support/logs/Dispatcher - 11519-18206.log +21 -0
- data/spec/support/logs/Dispatcher - 11528-55825.log +13 -0
- data/spec/support/logs/Dispatcher - 9969-52890.log +9 -0
- data/spec/support/logs/Dispatcher - 9996-38451.log +21 -0
- data/spec/support/logs/{Instance - 12589-35500.error.log → Instance - 10762-33696.error.log } +63 -40
- data/spec/support/logs/{Instance - 16415-47240.error.log → Instance - 11038-18065.error.log } +65 -42
- data/spec/support/logs/{Instance - 16762-48636.error.log → Instance - 11069-34848.error.log } +162 -139
- data/spec/support/logs/{Instance - 16789-61713.error.log → Instance - 11091-33954.error.log } +60 -37
- data/spec/support/logs/{Instance - 16795-55306.error.log → Instance - 11097-33191.error.log } +65 -42
- data/spec/support/logs/{Instance - 12909-9442.error.log → Instance - 11229-38634.error.log } +60 -37
- data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +131 -7
- data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +4 -0
- data/spec/support/servers/arachni/element/form.rb +27 -0
- data/spec/support/servers/arachni/element/link.rb +16 -0
- data/spec/support/servers/arachni/session.rb +17 -1
- data/spec/support/servers/arachni/spider.rb +25 -1
- data/spec/support/servers/arachni/trainer.rb +8 -0
- data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +2 -1
- data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -1
- data/spec/support/servers/modules/audit/sqli/postgresql +2 -0
- data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +9 -13
- data/spec/support/shared/element/capabilities/auditable.rb +62 -3
- data/spec/support/shared/element/capabilities/refreshable.rb +27 -0
- data/spec/support/shared/external/wavsep.rb +89 -0
- metadata +1081 -1206
- data/lib/arachni/platforms.rb +0 -499
- data/logs/Dispatcher - 12101-7331.log +0 -15
- data/spec/support/logs/Dispatcher - 11821-58635.log +0 -9
- data/spec/support/logs/Dispatcher - 11848-37716.log +0 -21
- data/spec/support/logs/Dispatcher - 11974-31477.log +0 -9
- data/spec/support/logs/Dispatcher - 11984-10290.log +0 -19
- data/spec/support/logs/Dispatcher - 11993-33501.log +0 -17
- data/spec/support/logs/Dispatcher - 12002-62227.log +0 -13
- data/spec/support/logs/Dispatcher - 12013-45779.log +0 -9
- data/spec/support/logs/Dispatcher - 12022-22434.log +0 -9
- data/spec/support/logs/Dispatcher - 12031-41130.log +0 -11
- data/spec/support/logs/Dispatcher - 12045-23894.log +0 -11
- data/spec/support/logs/Dispatcher - 12059-57317.log +0 -35
- data/spec/support/logs/Dispatcher - 12122-60206.log +0 -21
- data/spec/support/logs/Dispatcher - 12132-58445.log +0 -21
- data/spec/support/logs/Dispatcher - 12141-13273.log +0 -23
- data/spec/support/logs/Dispatcher - 12183-2341.log +0 -19
- data/spec/support/logs/Dispatcher - 12192-56486.log +0 -17
- data/spec/support/logs/Dispatcher - 12201-8840.log +0 -15
- data/spec/support/logs/Dispatcher - 12214-47545.log +0 -11
- data/spec/support/logs/Dispatcher - 12227-23676.log +0 -9
- data/spec/support/logs/Dispatcher - 12236-16018.log +0 -9
- data/spec/support/logs/Dispatcher - 12245-61980.log +0 -9
- data/spec/support/logs/Dispatcher - 12254-30185.log +0 -9
- data/spec/support/logs/Dispatcher - 12263-29578.log +0 -11
- data/spec/support/logs/Dispatcher - 12276-64279.log +0 -9
- data/spec/support/logs/Dispatcher - 12285-49975.log +0 -9
- data/spec/support/logs/Dispatcher - 12347-26600.log +0 -63
- data/spec/support/logs/Dispatcher - 12356-43960.log +0 -43
- data/spec/support/logs/Dispatcher - 12365-30567.log +0 -39
- data/spec/support/logs/Dispatcher - 12374-49263.log +0 -34
- data/spec/support/logs/Dispatcher - 12401-6543.log +0 -28
- data/spec/support/logs/Dispatcher - 12410-21678.log +0 -21
- data/spec/support/logs/Dispatcher - 12419-42381.log +0 -13
- data/spec/support/logs/Dispatcher - 12429-25829.log +0 -9
- data/spec/support/logs/Dispatcher - 12574-63838.log +0 -19
- data/spec/support/logs/Dispatcher - 12584-33256.log +0 -21
- data/spec/support/logs/Dispatcher - 12593-45982.log +0 -15
- data/spec/support/logs/Dispatcher - 12606-64171.log +0 -19
- data/spec/support/logs/Dispatcher - 12615-52258.log +0 -21
- data/spec/support/logs/Dispatcher - 12624-48032.log +0 -15
- data/spec/support/logs/Dispatcher - 12744-31691.log +0 -17
- data/spec/support/logs/Dispatcher - 12753-9777.log +0 -21
- data/spec/support/logs/Dispatcher - 12762-14195.log +0 -13
- data/spec/support/logs/Dispatcher - 12775-52778.log +0 -19
- data/spec/support/logs/Dispatcher - 12784-33121.log +0 -21
- data/spec/support/logs/Dispatcher - 12793-23476.log +0 -15
- data/spec/support/logs/Dispatcher - 12845-33401.log +0 -17
- data/spec/support/logs/Dispatcher - 12854-58592.log +0 -21
- data/spec/support/logs/Dispatcher - 12863-38667.log +0 -13
- data/spec/support/logs/Dispatcher - 12876-18504.log +0 -17
- data/spec/support/logs/Dispatcher - 12885-8765.log +0 -21
- data/spec/support/logs/Dispatcher - 12894-7708.log +0 -13
- data/spec/support/logs/Dispatcher - 13112-20247.log +0 -19
- data/spec/support/logs/Dispatcher - 13121-37610.log +0 -21
- data/spec/support/logs/Dispatcher - 13130-55144.log +0 -15
- data/spec/support/logs/Dispatcher - 13154-11476.log +0 -21
- data/spec/support/logs/Dispatcher - 13163-28157.log +0 -25
- data/spec/support/logs/Dispatcher - 13172-1403.log +0 -15
- data/spec/support/logs/Dispatcher - 13208-39214.log +0 -17
- data/spec/support/logs/Dispatcher - 13217-25789.log +0 -21
- data/spec/support/logs/Dispatcher - 13226-32449.log +0 -13
- data/spec/support/logs/Dispatcher - 13239-50344.log +0 -21
- data/spec/support/logs/Dispatcher - 13248-35317.log +0 -25
- data/spec/support/logs/Dispatcher - 13257-20820.log +0 -15
- data/spec/support/logs/Dispatcher - 13293-39307.log +0 -17
- data/spec/support/logs/Dispatcher - 13302-62417.log +0 -21
- data/spec/support/logs/Dispatcher - 13311-57144.log +0 -13
- data/spec/support/logs/Dispatcher - 13324-35654.log +0 -17
- data/spec/support/logs/Dispatcher - 13333-9999.log +0 -21
- data/spec/support/logs/Dispatcher - 13342-64466.log +0 -13
- data/spec/support/logs/Dispatcher - 15092-40680.log +0 -9
- data/spec/support/logs/Dispatcher - 15119-21562.log +0 -21
- data/spec/support/logs/Dispatcher - 15680-63471.log +0 -9
- data/spec/support/logs/Dispatcher - 15690-15104.log +0 -19
- data/spec/support/logs/Dispatcher - 15699-36034.log +0 -17
- data/spec/support/logs/Dispatcher - 15708-21275.log +0 -13
- data/spec/support/logs/Dispatcher - 15717-6134.log +0 -9
- data/spec/support/logs/Dispatcher - 15727-5906.log +0 -9
- data/spec/support/logs/Dispatcher - 15736-27941.log +0 -11
- data/spec/support/logs/Dispatcher - 15749-31464.log +0 -11
- data/spec/support/logs/Dispatcher - 15762-52837.log +0 -35
- data/spec/support/logs/Dispatcher - 15823-2486.log +0 -21
- data/spec/support/logs/Dispatcher - 15832-34792.log +0 -21
- data/spec/support/logs/Dispatcher - 15841-3367.log +0 -23
- data/spec/support/logs/Dispatcher - 15886-2171.log +0 -19
- data/spec/support/logs/Dispatcher - 15895-6022.log +0 -17
- data/spec/support/logs/Dispatcher - 15904-51624.log +0 -15
- data/spec/support/logs/Dispatcher - 15917-11227.log +0 -11
- data/spec/support/logs/Dispatcher - 15930-17170.log +0 -9
- data/spec/support/logs/Dispatcher - 15939-24891.log +0 -9
- data/spec/support/logs/Dispatcher - 15948-26858.log +0 -9
- data/spec/support/logs/Dispatcher - 15957-12278.log +0 -9
- data/spec/support/logs/Dispatcher - 15967-37642.log +0 -11
- data/spec/support/logs/Dispatcher - 15981-57959.log +0 -9
- data/spec/support/logs/Dispatcher - 16000-51003.log +0 -9
- data/spec/support/logs/Dispatcher - 16064-25969.log +0 -63
- data/spec/support/logs/Dispatcher - 16073-13164.log +0 -43
- data/spec/support/logs/Dispatcher - 16083-21729.log +0 -39
- data/spec/support/logs/Dispatcher - 16092-48691.log +0 -34
- data/spec/support/logs/Dispatcher - 16101-7385.log +0 -28
- data/spec/support/logs/Dispatcher - 16110-24222.log +0 -21
- data/spec/support/logs/Dispatcher - 16119-29645.log +0 -13
- data/spec/support/logs/Dispatcher - 16129-23325.log +0 -9
- data/spec/support/logs/Dispatcher - 16399-42716.log +0 -19
- data/spec/support/logs/Dispatcher - 16410-3301.log +0 -21
- data/spec/support/logs/Dispatcher - 16419-8500.log +0 -15
- data/spec/support/logs/Dispatcher - 16432-2467.log +0 -19
- data/spec/support/logs/Dispatcher - 16441-27407.log +0 -21
- data/spec/support/logs/Dispatcher - 16450-28157.log +0 -15
- data/spec/support/logs/Dispatcher - 16607-37339.log +0 -17
- data/spec/support/logs/Dispatcher - 16616-50971.log +0 -21
- data/spec/support/logs/Dispatcher - 16625-28154.log +0 -13
- data/spec/support/logs/Dispatcher - 16638-17094.log +0 -19
- data/spec/support/logs/Dispatcher - 16647-25657.log +0 -21
- data/spec/support/logs/Dispatcher - 16656-11108.log +0 -15
- data/spec/support/logs/Dispatcher - 16716-31067.log +0 -17
- data/spec/support/logs/Dispatcher - 16726-34466.log +0 -21
- data/spec/support/logs/Dispatcher - 16735-55150.log +0 -13
- data/spec/support/logs/Dispatcher - 16748-7910.log +0 -17
- data/spec/support/logs/Dispatcher - 16757-62118.log +0 -21
- data/spec/support/logs/Dispatcher - 16766-31937.log +0 -13
- data/spec/support/logs/Dispatcher - 16999-6441.log +0 -19
- data/spec/support/logs/Dispatcher - 17008-51788.log +0 -21
- data/spec/support/logs/Dispatcher - 17017-20096.log +0 -15
- data/spec/support/logs/Dispatcher - 17041-15877.log +0 -21
- data/spec/support/logs/Dispatcher - 17050-42137.log +0 -25
- data/spec/support/logs/Dispatcher - 17059-12767.log +0 -15
- data/spec/support/logs/Dispatcher - 17095-3041.log +0 -17
- data/spec/support/logs/Dispatcher - 17104-42336.log +0 -21
- data/spec/support/logs/Dispatcher - 17113-11660.log +0 -13
- data/spec/support/logs/Dispatcher - 17126-64859.log +0 -21
- data/spec/support/logs/Dispatcher - 17135-11634.log +0 -25
- data/spec/support/logs/Dispatcher - 17144-37598.log +0 -15
- data/spec/support/logs/Dispatcher - 17180-55804.log +0 -17
- data/spec/support/logs/Dispatcher - 17189-5599.log +0 -21
- data/spec/support/logs/Dispatcher - 17198-13188.log +0 -13
- data/spec/support/logs/Dispatcher - 17211-23553.log +0 -17
- data/spec/support/logs/Dispatcher - 17220-36701.log +0 -21
- data/spec/support/logs/Dispatcher - 17229-41502.log +0 -13
- data/spec/support/logs/Instance - 12859-23151.error.log +0 -314
- data/spec/support/logs/Instance - 12890-17901.error.log +0 -413
- data/spec/support/logs/Instance - 12915-45947.error.log +0 -314
- data/spec/support/logs/Instance - 13044-48074.error.log +0 -312
- data/spec/support/logs/Instance - 16731-60738.error.log +0 -314
- data/spec/support/logs/Instance - 16931-37511.error.log +0 -312
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
MjQyMTU0MWMwYTcyZTVhMjk0NDM0YjZlMmZiMDllYmI4ZTNkZjM4Zg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
7
|
-
|
6
|
+
MWI4ZjZmNzE5MzMxM2UyOTdkMzI4NjM0YTI0NWQwZDg4NmUxMzcwYw==
|
7
|
+
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
N2NkYzk3M2Y1MzY3YWQ0ZmEwZTM0ODBiZGUwNmZhYmIxOWRlODAyZDFjOTgw
|
10
|
+
YTIwMmQ0YjdhNDhjMWUzNWVkYzQ0MTM0ZjA5ZGQyYzM2MzQ2MDgyZWFiZmQw
|
11
|
+
MDY5NDFiMWY0ZGY4YzNjMWZjNTliMmFlM2YyZGM2MzFlZjY4YTg=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
M2JlNDdkN2MxODRhMThkYzQxNTBkZjcyMWQxNTg3ZWM2YzU5NTQyOTRhNmFm
|
14
|
+
ZTVkNzA4MjJjNmI2NzQ0ZTE2ZjNkNzgzNmFlMGJkYWQwMGRhNjc0M2RiODM5
|
15
|
+
YjY3MGM1MGRiNWFmYjI0MTg2YjVmNjZjYzhiOGZhNTk3NGM4YTE=
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,102 @@
|
|
1
1
|
# ChangeLog
|
2
2
|
|
3
|
+
## 0.4.6 _(January 1, 2014)_
|
4
|
+
|
5
|
+
- CLI user interfaces
|
6
|
+
- `--lsmod`
|
7
|
+
- Longer pauses every 3 modules, it lists all of them at once.
|
8
|
+
- Updated to show the _Severity_ of the issues the module logs.
|
9
|
+
- `Ctrl+C` screen optimized to use less resources when printing scan data.
|
10
|
+
- Options
|
11
|
+
- `--cookie-string` -- Updated to also handle cookies in the form of `Set-Cookie` headers.
|
12
|
+
- Added:
|
13
|
+
- `--external-address` -- The external address of a Dispatcher.
|
14
|
+
- `--http-queue-size` -- Maximum amount of requests to keep in the queue,
|
15
|
+
bigger size means better scheduling and better performance, smaller
|
16
|
+
means less RAM consumption.
|
17
|
+
- `Session`
|
18
|
+
- `#ensure_logged_in` -- Retry on login failure.
|
19
|
+
- `Spider`
|
20
|
+
- Don't apply scope restrictions to the seed URL.
|
21
|
+
- `Framework`
|
22
|
+
- Audit
|
23
|
+
- Stored pages are now offloaded to disk to lower RAM consumption.
|
24
|
+
- `Trainer`
|
25
|
+
- `#push` -- Prints verbose messages in cases of scope violations.
|
26
|
+
- `HTTP`
|
27
|
+
- Maximum request-queue size lowered from 5000 to 500, to decrease RAM usage
|
28
|
+
by preventing the storage of large amounts of requests for extended periods of time.
|
29
|
+
- Updated to use the new `Support::Signature` class for custom-404 signatures.
|
30
|
+
- `RPC::Server::Dispatcher`
|
31
|
+
- Now supports specifying an external address to allow for deployments behind NATs.
|
32
|
+
- `Element::Capabilities::Auditable::RDiff`
|
33
|
+
- Updated to use the new `Support::Signature` class to perform response body comparisons.
|
34
|
+
- Updated the algorithm to use a `false` as the control.
|
35
|
+
- Added integrity check for the analysis process.
|
36
|
+
- Optimized scheduling of data gathering.
|
37
|
+
- Reduced total amount of performed requests.
|
38
|
+
- Massively reduced RAM consumption for data storage and analysis.
|
39
|
+
- `Element::Capabilities::Auditable::Timeout`
|
40
|
+
- Updated the algorithm to use an approximated web application processing
|
41
|
+
time instead of the HTTP timeout based on the total request-response process.
|
42
|
+
- Made analysis corruption checks more stringent to diminish the chances of
|
43
|
+
false positives.
|
44
|
+
- Fixed bug causing non-vetted inputs to reach the final stages of analysis
|
45
|
+
which sometimes resulted in false positives.
|
46
|
+
- Added a cool-off period after Phase 2 to ensure webapp responsiveness post-attack.
|
47
|
+
- Improved status messages.
|
48
|
+
- `Element::Capabilities::Auditable::Taint`
|
49
|
+
- Added longest-word-optimization -- Checks if the longest word of a regexp
|
50
|
+
exists in the response body prior to matching the full-blown regexp.
|
51
|
+
- `Element::Capabilities::Auditable#audit`
|
52
|
+
- Added option `:skip_like`, accepting blocks used to filter the mutations
|
53
|
+
about to be audited.
|
54
|
+
- Fixed bug causing audits with constantly changing tokens to fail.
|
55
|
+
- Updated to use `#each_mutation` instead of `#mutations`.
|
56
|
+
- `Element::Capabilities::Mutable`
|
57
|
+
- Added `#each_mutation` to generate mutations on the fly instead of relying
|
58
|
+
on `#mutations` to generate an array of mutations.
|
59
|
+
- Updated `#mutations` to delegate to `#each_mutation`.
|
60
|
+
- `Element::Cookie#encode`
|
61
|
+
- Allow `=` to remain un-encoded in the cookie value.
|
62
|
+
- `Element::Form` -- Buttons are now treated as inputs as well.
|
63
|
+
- `Options#load` -- Updated to support serialized `Hash` objects.
|
64
|
+
- Added `Support::Signature` -- Signature class used to generate and refine signatures
|
65
|
+
from `String` objects.
|
66
|
+
- Modules
|
67
|
+
- Audit
|
68
|
+
- `path_traversal` -- Updated to use double-slashes for *nix payloads.
|
69
|
+
- `file_inclusion` -- Added evasive payloads using '\'.
|
70
|
+
- `source_code_disclosure`
|
71
|
+
- Increased coverage by following the directory tree of each file one
|
72
|
+
level at a time.
|
73
|
+
- `xss_script_tag` -- Updated to check for the existence of encoding operations.
|
74
|
+
- `sqli`
|
75
|
+
- Updated to cache the compiled regular expressions.
|
76
|
+
- Updated to use the longest-word-optimization of the taint analysis
|
77
|
+
implementation for faster analysis.
|
78
|
+
- `sqli_blind_rdiff`
|
79
|
+
- Massively reduced injected payloads.
|
80
|
+
- `os_cmd_injection_timing` -- Decreased the time delay.
|
81
|
+
- Recon
|
82
|
+
- `localstart_asp`
|
83
|
+
- Check for an ASP platform instead of a Windows one.
|
84
|
+
- Fixed `LocalJumpError`.
|
85
|
+
- Plugins
|
86
|
+
- `autologin`
|
87
|
+
- Changed `print_bad` to `print_error` so that errors are written to the
|
88
|
+
error log.
|
89
|
+
- Scan remains paused and awaits user action upon failure.
|
90
|
+
- `proxy`
|
91
|
+
- Updated request URL encoding to handle malformed URLs.
|
92
|
+
- Disabled reverse DNS lookup on requests to increase performance.
|
93
|
+
- `content_types` -- Moved out of `defaults/'.
|
94
|
+
- `cookie_collector`
|
95
|
+
- Added `filter` option used to determine which cookies to log based on
|
96
|
+
a pattern matched against cookie names.
|
97
|
+
- Reports -- Added `content_type` to all reports with `outfile` option in `.info`.
|
98
|
+
- `xml` -- Escaped parameter values in XML report.
|
99
|
+
|
3
100
|
## 0.4.5.2 _(September 18, 2013)_
|
4
101
|
|
5
102
|
- `gemspec`
|
data/CONTRIBUTORS.md
CHANGED
@@ -15,6 +15,7 @@ suggestions or testing it.
|
|
15
15
|
- [Evan Beard](mailto:beard.evan@gmail.com) for feedback and patches.
|
16
16
|
- [Michael Borohovski](mailto:borski@mit.edu) for testing, feedback and patches.
|
17
17
|
- [Ben Sedat](mailto:bsedat@alum.mit.edu) for testing, feedback and patches.
|
18
|
+
- [Michiel van Es](mailto:mve@pragmasec.nl) for relentless testing and feedback.
|
18
19
|
|
19
20
|
A big thanks to my buddy [Andreas](mailto:rainmakergr@gmail.com) for the original
|
20
21
|
spider drawing used in the project graphics.
|
data/NOTICE
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
Arachni Web Application Security Scanner Framework
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
3
3
|
|
4
4
|
This product includes code from the Arachni Web Application Security Scanner Framework
|
5
5
|
developed by Tasos Laskos <tasos.laskos@gmail.com>.
|
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
5
5
|
<th>Version</th>
|
6
|
-
<td>0.4.
|
6
|
+
<td>0.4.6</td>
|
7
7
|
</tr>
|
8
8
|
<tr>
|
9
9
|
<th>Homepage</th>
|
@@ -38,7 +38,7 @@
|
|
38
38
|
</tr>
|
39
39
|
<tr>
|
40
40
|
<th>Copyright</th>
|
41
|
-
<td>2010-
|
41
|
+
<td>2010-2014 Tasos Laskos</td>
|
42
42
|
</tr>
|
43
43
|
<tr>
|
44
44
|
<th>License</th>
|
@@ -403,6 +403,8 @@ core remains lean and makes it easy for anyone to add arbitrary functionality.
|
|
403
403
|
- Script (`script`) -- Loads and runs an external Ruby script under the scope of a plugin,
|
404
404
|
used for debugging and general hackery.
|
405
405
|
- Uncommon headers (`uncommon_headers`) -- Logs uncommon headers.
|
406
|
+
- Content-types (`content_types`) -- Logs content-types of server responses aiding in the
|
407
|
+
identification of interesting (possibly leaked) files.
|
406
408
|
|
407
409
|
#### Defaults
|
408
410
|
|
@@ -410,8 +412,6 @@ Default plugins will run for every scan and are placed under `/plugins/defaults/
|
|
410
412
|
|
411
413
|
- AutoThrottle (`autothrottle`) -- Dynamically adjusts HTTP throughput during the scan for
|
412
414
|
maximum bandwidth utilization.
|
413
|
-
- Content-types (`content_types`) -- Logs content-types of server responses aiding in the
|
414
|
-
identification of interesting (possibly leaked) files.
|
415
415
|
- Healthmap (`healthmap`) -- Generates sitemap showing the health of each crawled/audited URL
|
416
416
|
- Resolver (`resolver`) -- Resolves vulnerable hostnames to IP addresses.
|
417
417
|
|
data/Rakefile
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
3
3
|
|
4
4
|
Licensed under the Apache License, Version 2.0 (the "License");
|
5
5
|
you may not use this file except in compliance with the License.
|
@@ -15,6 +15,7 @@
|
|
15
15
|
=end
|
16
16
|
|
17
17
|
require 'bundler'
|
18
|
+
require 'fileutils'
|
18
19
|
require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni'
|
19
20
|
|
20
21
|
begin
|
@@ -22,27 +23,116 @@ begin
|
|
22
23
|
require 'rspec/core/rake_task'
|
23
24
|
|
24
25
|
namespace :spec do
|
26
|
+
|
27
|
+
desc 'Run core library tests.'
|
25
28
|
RSpec::Core::RakeTask.new( :core ) do |t|
|
26
|
-
t.pattern = FileList[
|
29
|
+
t.pattern = FileList[ 'spec/arachni/**/*_spec.rb' ]
|
27
30
|
end
|
28
31
|
|
32
|
+
desc 'Run module tests.'
|
29
33
|
RSpec::Core::RakeTask.new( :modules ) do |t|
|
30
|
-
t.pattern = FileList[
|
34
|
+
t.pattern = FileList[ 'spec/modules/**/*_spec.rb' ]
|
35
|
+
end
|
36
|
+
|
37
|
+
namespace :modules do
|
38
|
+
desc 'Run tests for the audit modules.'
|
39
|
+
RSpec::Core::RakeTask.new( :audit ) do |t|
|
40
|
+
t.pattern = FileList[ 'spec/modules/audit/**/*_spec.rb' ]
|
41
|
+
end
|
42
|
+
|
43
|
+
desc 'Run tests for the recon modules.'
|
44
|
+
RSpec::Core::RakeTask.new( :recon ) do |t|
|
45
|
+
t.pattern = FileList[ 'spec/modules/recon/**/*_spec.rb' ]
|
46
|
+
end
|
31
47
|
end
|
32
48
|
|
49
|
+
desc 'Run report tests.'
|
33
50
|
RSpec::Core::RakeTask.new( :reports ) do |t|
|
34
|
-
t.pattern = FileList[
|
51
|
+
t.pattern = FileList[ 'spec/reports/**/*_spec.rb' ]
|
35
52
|
end
|
36
53
|
|
54
|
+
desc 'Run plugin tests.'
|
37
55
|
RSpec::Core::RakeTask.new( :plugins ) do |t|
|
38
|
-
t.pattern = FileList[
|
56
|
+
t.pattern = FileList[ 'spec/plugins/**/*_spec.rb' ]
|
39
57
|
end
|
40
58
|
|
59
|
+
desc 'Run path-extractor tests.'
|
41
60
|
RSpec::Core::RakeTask.new( :path_extractors ) do |t|
|
42
|
-
t.pattern = FileList[
|
61
|
+
t.pattern = FileList[ 'spec/path_extractors/**/*_spec.rb' ]
|
62
|
+
end
|
63
|
+
|
64
|
+
desc 'Run external test suites.'
|
65
|
+
RSpec::Core::RakeTask.new( :external ) do |t|
|
66
|
+
t.pattern = FileList[ 'spec/external/**/*_spec.rb' ]
|
67
|
+
end
|
68
|
+
|
69
|
+
namespace :external do
|
70
|
+
|
71
|
+
desc 'Run the WAVSEP test suite.'
|
72
|
+
RSpec::Core::RakeTask.new( :wavsep ) do |t|
|
73
|
+
t.pattern = FileList[ 'spec/external/wavsep/**/**/*_spec.rb' ]
|
74
|
+
end
|
75
|
+
|
76
|
+
namespace :wavsep do
|
77
|
+
|
78
|
+
desc 'Run the WAVSEP active tests.'
|
79
|
+
RSpec::Core::RakeTask.new( :active ) do |t|
|
80
|
+
t.pattern = FileList[ 'spec/external/wavsep/active/**/*_spec.rb' ]
|
81
|
+
end
|
82
|
+
|
83
|
+
namespace :active do
|
84
|
+
|
85
|
+
desc 'Run the WAVSEP XSS tests.'
|
86
|
+
RSpec::Core::RakeTask.new( :xss ) do |t|
|
87
|
+
t.pattern = FileList[ 'spec/external/wavsep/active/xss_spec.rb' ]
|
88
|
+
end
|
89
|
+
|
90
|
+
desc 'Run the WAVSEP SQL injection tests.'
|
91
|
+
RSpec::Core::RakeTask.new( :sqli ) do |t|
|
92
|
+
t.pattern = FileList[ 'spec/external/wavsep/active/sqli_spec.rb' ]
|
93
|
+
end
|
94
|
+
|
95
|
+
desc 'Run the WAVSEP LFI tests.'
|
96
|
+
RSpec::Core::RakeTask.new( :lfi ) do |t|
|
97
|
+
t.pattern = FileList[ 'spec/external/wavsep/active/lfi_spec.rb' ]
|
98
|
+
end
|
99
|
+
|
100
|
+
desc 'Run the WAVSEP RFI tests.'
|
101
|
+
RSpec::Core::RakeTask.new( :rfi ) do |t|
|
102
|
+
t.pattern = FileList[ 'spec/external/wavsep/active/rfi_spec.rb' ]
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
desc 'Run the WAVSEP false positive tests.'
|
107
|
+
RSpec::Core::RakeTask.new( :false_positives ) do |t|
|
108
|
+
t.pattern = FileList[ 'spec/external/wavsep/false_positives/**/*_spec.rb' ]
|
109
|
+
end
|
110
|
+
|
111
|
+
namespace :false_positives do
|
112
|
+
desc 'Run the WAVSEP XSS false positive tests.'
|
113
|
+
RSpec::Core::RakeTask.new( :xss ) do |t|
|
114
|
+
t.pattern = FileList[ 'spec/external/wavsep/false_positives/xss_spec.rb' ]
|
115
|
+
end
|
116
|
+
|
117
|
+
desc 'Run the WAVSEP SQL injection false positive tests.'
|
118
|
+
RSpec::Core::RakeTask.new( :sqli ) do |t|
|
119
|
+
t.pattern = FileList[ 'spec/external/wavsep/false_positives/sqli_spec.rb' ]
|
120
|
+
end
|
121
|
+
|
122
|
+
desc 'Run the WAVSEP LFI false positive tests.'
|
123
|
+
RSpec::Core::RakeTask.new( :lfi ) do |t|
|
124
|
+
t.pattern = FileList[ 'spec/external/wavsep/false_positives/lfi_spec.rb' ]
|
125
|
+
end
|
126
|
+
|
127
|
+
desc 'Run the WAVSEP RFI false positive tests.'
|
128
|
+
RSpec::Core::RakeTask.new( :rfi ) do |t|
|
129
|
+
t.pattern = FileList[ 'spec/external/wavsep/false_positives/rfi_spec.rb' ]
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
43
133
|
end
|
44
134
|
|
45
|
-
desc
|
135
|
+
desc 'Generate an AFR report for the report tests.'
|
46
136
|
namespace :generate do
|
47
137
|
task :afr do
|
48
138
|
|
@@ -78,7 +168,7 @@ begin
|
|
78
168
|
Arachni::Framework.new.modules.load_all
|
79
169
|
|
80
170
|
Arachni::AuditStore.new( issues: issues.uniq ).
|
81
|
-
save( 'spec/fixtures/auditstore.afr' )
|
171
|
+
save( 'spec/support/fixtures/auditstore.afr' )
|
82
172
|
|
83
173
|
Arachni::Options.reset
|
84
174
|
end
|
@@ -91,7 +181,7 @@ rescue LoadError
|
|
91
181
|
puts ' gem install rspec'
|
92
182
|
end
|
93
183
|
|
94
|
-
desc
|
184
|
+
desc 'Generate docs.'
|
95
185
|
task :docs do
|
96
186
|
|
97
187
|
outdir = "../arachni-docs"
|
@@ -103,7 +193,7 @@ task :docs do
|
|
103
193
|
sh "rm -rf .yardoc"
|
104
194
|
end
|
105
195
|
|
106
|
-
desc
|
196
|
+
desc 'Generate graphics.'
|
107
197
|
task :gfx do
|
108
198
|
|
109
199
|
outdir = 'gfx/compiled'
|
@@ -129,7 +219,7 @@ end
|
|
129
219
|
#
|
130
220
|
# [1] https://github.com/tmm1/perftools.rb
|
131
221
|
#
|
132
|
-
desc
|
222
|
+
desc 'Profile Arachni.'
|
133
223
|
task :profile do
|
134
224
|
|
135
225
|
if !Gem::Specification.find_all_by_name( 'perftools.rb' ).empty?
|
@@ -144,27 +234,22 @@ task :profile do
|
|
144
234
|
|
145
235
|
end
|
146
236
|
|
147
|
-
|
148
|
-
# Cleans reports and logs
|
149
|
-
#
|
150
|
-
desc "Cleaning report and log files."
|
237
|
+
desc 'Remove report and log files.'
|
151
238
|
task :clean do
|
239
|
+
files = %w(error.log *.afr *.yaml *.json *.marshal *.gem pkg/*.gem logs/*.log
|
240
|
+
spec/support/logs/*.log).map { |file| Dir.glob( file ) }.flatten
|
152
241
|
|
153
|
-
|
154
|
-
sh "rm *.afr || true"
|
155
|
-
sh "rm *.yaml || true"
|
156
|
-
sh "rm *.json || true"
|
157
|
-
sh "rm *.marshal || true"
|
158
|
-
sh "rm *.gem || true"
|
159
|
-
sh "rm logs/*.log || true"
|
160
|
-
sh "rm spec/support/logs/*.log || true"
|
161
|
-
end
|
242
|
+
next if files.empty?
|
162
243
|
|
244
|
+
puts 'Removing:'
|
245
|
+
files.each { |file| puts " * #{file}" }
|
246
|
+
FileUtils.rm files
|
247
|
+
end
|
163
248
|
|
164
249
|
Bundler::GemHelper.install_tasks
|
165
250
|
|
166
|
-
desc
|
251
|
+
desc 'Push a new version to RubyGems'
|
167
252
|
task :publish => [ :release ]
|
168
253
|
|
169
|
-
desc
|
254
|
+
desc 'Build Arachni and run all the tests.'
|
170
255
|
task :default => [ :build, :spec ]
|
data/arachni.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
Licensed under the Apache License, Version 2.0 (the "License");
|
6
6
|
you may not use this file except in compliance with the License.
|
@@ -114,7 +114,7 @@ GitHub page - http://github.com/Arachni/arachni
|
|
114
114
|
Code Documentation - http://rubydoc.info/github/Arachni/arachni
|
115
115
|
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
|
116
116
|
Twitter - http://twitter.com/ArachniScanner
|
117
|
-
Copyright - 2010-
|
117
|
+
Copyright - 2010-2014 Tasos Laskos
|
118
118
|
License - Apache License v2
|
119
119
|
|
120
120
|
Please do not hesitate to ask for assistance (via the support portal)
|
data/bin/arachni
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
Licensed under the Apache License, Version 2.0 (the "License");
|
6
6
|
you may not use this file except in compliance with the License.
|
data/bin/arachni_console
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
Licensed under the Apache License, Version 2.0 (the "License");
|
6
6
|
you may not use this file except in compliance with the License.
|
data/bin/arachni_multi
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
Licensed under the Apache License, Version 2.0 (the "License");
|
6
6
|
you may not use this file except in compliance with the License.
|
data/bin/arachni_rpc
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
Licensed under the Apache License, Version 2.0 (the "License");
|
6
6
|
you may not use this file except in compliance with the License.
|
data/bin/arachni_rpcd
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
|
4
4
|
|
5
5
|
Licensed under the Apache License, Version 2.0 (the "License");
|
6
6
|
you may not use this file except in compliance with the License.
|