RubyGems - arachni - Versions diffs - 0.4.5.2 → 0.4.6 - Mend

arachni 0.4.5.2 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (621) hide show

checksums.yaml +9 -9
data/CHANGELOG.md +97 -0
data/CONTRIBUTORS.md +1 -0
data/NOTICE +1 -1
data/README.md +4 -4
data/Rakefile +111 -26
data/arachni.gemspec +2 -2
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/external/metasploit/LICENSE +1 -1
data/fingerprinters/frameworks/rack.rb +1 -1
data/fingerprinters/languages/asp.rb +1 -1
data/fingerprinters/languages/aspx.rb +1 -1
data/fingerprinters/languages/jsp.rb +3 -5
data/fingerprinters/languages/php.rb +1 -1
data/fingerprinters/languages/python.rb +1 -1
data/fingerprinters/languages/ruby.rb +1 -1
data/fingerprinters/os/bsd.rb +1 -1
data/fingerprinters/os/linux.rb +1 -1
data/fingerprinters/os/solaris.rb +1 -1
data/fingerprinters/os/unix.rb +1 -1
data/fingerprinters/os/windows.rb +1 -1
data/fingerprinters/servers/apache.rb +1 -1
data/fingerprinters/servers/iis.rb +1 -1
data/fingerprinters/servers/jetty.rb +1 -1
data/fingerprinters/servers/nginx.rb +1 -1
data/fingerprinters/servers/tomcat.rb +1 -1
data/lib/arachni.rb +6 -1
data/lib/arachni/audit_store.rb +1 -1
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/enum.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/auditable.rb +45 -22
data/lib/arachni/element/capabilities/auditable/rdiff.rb +378 -122
data/lib/arachni/element/capabilities/auditable/taint.rb +57 -20
data/lib/arachni/element/capabilities/auditable/timeout.rb +95 -68
data/lib/arachni/element/capabilities/mutable.rb +77 -40
data/lib/arachni/element/capabilities/refreshable.rb +7 -1
data/lib/arachni/element/cookie.rb +46 -167
data/lib/arachni/element/form.rb +77 -517
data/lib/arachni/element/header.rb +21 -15
data/lib/arachni/element/link.rb +2 -2
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +1 -1
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/framework.rb +16 -7
data/lib/arachni/http.rb +111 -118
data/lib/arachni/http/cookie_jar.rb +8 -2
data/lib/arachni/issue.rb +4 -1
data/lib/arachni/mixins/observable.rb +1 -1
data/lib/arachni/mixins/progress_bar.rb +1 -1
data/lib/arachni/mixins/terminal.rb +1 -1
data/lib/arachni/module.rb +1 -1
data/lib/arachni/module/auditor.rb +23 -17
data/lib/arachni/module/base.rb +1 -1
data/lib/arachni/module/manager.rb +4 -4
data/lib/arachni/module/output.rb +1 -1
data/lib/arachni/module/utilities.rb +1 -1
data/lib/arachni/options.rb +28 -7
data/lib/arachni/page.rb +4 -5
data/lib/arachni/parser.rb +3 -2
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +11 -29
data/lib/arachni/platform/manager.rb +31 -8
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/manager.rb +1 -1
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +1 -1
data/lib/arachni/report.rb +1 -1
data/lib/arachni/report/base.rb +1 -1
data/lib/arachni/report/manager.rb +1 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +10 -6
data/lib/arachni/rpc/server/dispatcher/handler.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +5 -3
data/lib/arachni/rpc/server/framework.rb +5 -3
data/lib/arachni/rpc/server/framework/distributor.rb +24 -19
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +7 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +5 -4
data/lib/arachni/rpc/server/module/manager.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/rpc/server/spider.rb +5 -2
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/ruby/array.rb +9 -1
data/lib/arachni/ruby/enumerable.rb +1 -1
data/lib/arachni/ruby/hash.rb +24 -5
data/lib/arachni/ruby/io.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +13 -2
data/lib/arachni/ruby/webrick.rb +3 -15
data/lib/arachni/ruby/webrick/cookie.rb +30 -0
data/lib/arachni/ruby/webrick/httprequest.rb +42 -0
data/lib/arachni/session.rb +21 -8
data/lib/arachni/spider.rb +18 -11
data/lib/arachni/support.rb +3 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +5 -5
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +52 -69
data/lib/arachni/{module → support}/key_filler.rb +11 -17
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/queue.rb +1 -1
data/lib/arachni/support/queue/disk.rb +1 -1
data/lib/arachni/support/signature.rb +153 -0
data/lib/arachni/trainer.rb +30 -19
data/lib/arachni/typhoeus/hydra.rb +1 -1
data/lib/arachni/typhoeus/request.rb +1 -1
data/lib/arachni/typhoeus/response.rb +8 -2
data/lib/arachni/typhoeus/utils.rb +1 -1
data/lib/arachni/ui/cli/cli.rb +18 -7
data/lib/arachni/ui/cli/output.rb +28 -1
data/lib/arachni/ui/cli/rpc/dispatcher_monitor.rb +1 -1
data/lib/arachni/ui/cli/rpc/instance.rb +1 -1
data/lib/arachni/ui/cli/rpc/local.rb +1 -1
data/lib/arachni/ui/cli/rpc/remote.rb +1 -1
data/lib/arachni/ui/cli/utilities.rb +14 -29
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri.rb +2 -3
data/lib/arachni/utilities.rb +1 -1
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/modules/audit/code_injection.rb +1 -1
data/modules/audit/code_injection_php_input_wrapper.rb +1 -1
data/modules/audit/code_injection_timing.rb +1 -1
data/modules/audit/csrf.rb +1 -1
data/modules/audit/file_inclusion.rb +5 -5
data/modules/audit/ldapi.rb +1 -1
data/modules/audit/os_cmd_injection.rb +1 -1
data/modules/audit/os_cmd_injection_timing.rb +4 -3
data/modules/audit/path_traversal.rb +5 -5
data/modules/audit/response_splitting.rb +1 -1
data/modules/audit/rfi.rb +1 -1
data/modules/audit/session_fixation.rb +1 -1
data/modules/audit/source_code_disclosure.rb +21 -17
data/modules/audit/sqli.rb +11 -8
data/modules/audit/sqli/patterns/pgsql +1 -0
data/modules/audit/sqli/regexp_ignore.txt +1 -0
data/modules/audit/sqli_blind_rdiff.rb +12 -12
data/modules/audit/sqli_blind_rdiff/payloads.txt +1 -5
data/modules/audit/sqli_blind_timing.rb +4 -6
data/modules/audit/sqli_blind_timing/mssql.txt +9 -9
data/modules/audit/sqli_blind_timing/mysql.txt +9 -31
data/modules/audit/sqli_blind_timing/pgsql.txt +6 -28
data/modules/audit/trainer.rb +1 -1
data/modules/audit/unvalidated_redirect.rb +1 -1
data/modules/audit/xpath.rb +1 -1
data/modules/audit/xss.rb +12 -12
data/modules/audit/xss_event.rb +1 -1
data/modules/audit/xss_path.rb +1 -1
data/modules/audit/xss_script_tag.rb +13 -20
data/modules/audit/xss_tag.rb +5 -7
data/modules/recon/allowed_methods.rb +1 -1
data/modules/recon/backdoors.rb +1 -1
data/modules/recon/backup_files.rb +1 -1
data/modules/recon/common_directories.rb +1 -1
data/modules/recon/common_files.rb +1 -1
data/modules/recon/common_files/filenames.txt +1 -0
data/modules/recon/directory_listing.rb +2 -2
data/modules/recon/grep/captcha.rb +1 -1
data/modules/recon/grep/credit_card.rb +1 -1
data/modules/recon/grep/cvs_svn_users.rb +1 -1
data/modules/recon/grep/emails.rb +1 -1
data/modules/recon/grep/form_upload.rb +1 -1
data/modules/recon/grep/html_objects.rb +1 -1
data/modules/recon/grep/http_only_cookies.rb +1 -1
data/modules/recon/grep/insecure_cookies.rb +1 -1
data/modules/recon/grep/mixed_resource.rb +1 -1
data/modules/recon/grep/password_autocomplete.rb +1 -1
data/modules/recon/grep/private_ip.rb +1 -1
data/modules/recon/grep/ssn.rb +1 -1
data/modules/recon/grep/unencrypted_password_forms.rb +1 -1
data/modules/recon/htaccess_limit.rb +1 -1
data/modules/recon/http_put.rb +1 -1
data/modules/recon/interesting_responses.rb +1 -1
data/modules/recon/localstart_asp.rb +5 -5
data/modules/recon/webdav.rb +1 -1
data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +1 -1
data/modules/recon/xst.rb +1 -1
data/path_extractors/anchors.rb +1 -1
data/path_extractors/areas.rb +1 -1
data/path_extractors/forms.rb +1 -1
data/path_extractors/frames.rb +1 -1
data/path_extractors/generic.rb +1 -1
data/path_extractors/links.rb +1 -1
data/path_extractors/meta_refresh.rb +1 -1
data/path_extractors/scripts.rb +1 -1
data/plugins/autologin.rb +16 -8
data/plugins/beep_notify.rb +1 -1
data/plugins/{defaults/content_types.rb → content_types.rb} +1 -1
data/plugins/cookie_collector.rb +21 -11
data/plugins/defaults/autothrottle.rb +1 -1
data/plugins/defaults/healthmap.rb +1 -1
data/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/plugins/defaults/meta/remedies/timing_attacks.rb +6 -8
data/plugins/defaults/meta/uniformity.rb +1 -1
data/plugins/defaults/resolver.rb +1 -1
data/plugins/email_notify.rb +1 -1
data/plugins/form_dicattack.rb +1 -1
data/plugins/http_dicattack.rb +1 -1
data/plugins/libnotify.rb +1 -1
data/plugins/profiler.rb +1 -1
data/plugins/proxy.rb +2 -1
data/plugins/proxy/server.rb +3 -1
data/plugins/proxy/template_scope.rb +1 -1
data/plugins/rescan.rb +1 -1
data/plugins/script.rb +1 -1
data/plugins/uncommon_headers.rb +2 -1
data/plugins/vector_feed.rb +1 -1
data/plugins/waf_detector.rb +1 -1
data/reports/afr.rb +8 -9
data/reports/ap.rb +1 -1
data/reports/html.rb +8 -12
data/reports/html/default.erb +2 -3
data/reports/html/default/issue.erb +0 -12
data/reports/html/default/issues.erb +2 -2
data/reports/json.rb +13 -10
data/reports/marshal.rb +8 -9
data/reports/metareport.rb +9 -10
data/reports/plugin_formatters/html/autologin.rb +1 -1
data/reports/plugin_formatters/html/content_types.rb +1 -1
data/reports/plugin_formatters/html/cookie_collector.rb +1 -1
data/reports/plugin_formatters/html/discovery.rb +1 -1
data/reports/plugin_formatters/html/form_dicattack.rb +1 -1
data/reports/plugin_formatters/html/healthmap.rb +1 -1
data/reports/plugin_formatters/html/http_dicattack.rb +1 -1
data/reports/plugin_formatters/html/profiler.rb +1 -1
data/reports/plugin_formatters/html/resolver.rb +1 -1
data/reports/plugin_formatters/html/timing_attacks.rb +1 -1
data/reports/plugin_formatters/html/uncommon_headers.rb +1 -1
data/reports/plugin_formatters/html/uniformity.rb +1 -1
data/reports/plugin_formatters/html/waf_detector.rb +1 -1
data/reports/plugin_formatters/stdout/autologin.rb +1 -1
data/reports/plugin_formatters/stdout/content_types.rb +1 -1
data/reports/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/reports/plugin_formatters/stdout/discovery.rb +1 -1
data/reports/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/reports/plugin_formatters/stdout/healthmap.rb +2 -4
data/reports/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/reports/plugin_formatters/stdout/profiler.rb +1 -1
data/reports/plugin_formatters/stdout/resolver.rb +1 -1
data/reports/plugin_formatters/stdout/timing_attacks.rb +1 -1
data/reports/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/reports/plugin_formatters/stdout/uniformity.rb +1 -1
data/reports/plugin_formatters/stdout/waf_detector.rb +1 -1
data/reports/plugin_formatters/xml/autologin.rb +1 -1
data/reports/plugin_formatters/xml/content_types.rb +1 -1
data/reports/plugin_formatters/xml/cookie_collector.rb +1 -1
data/reports/plugin_formatters/xml/discovery.rb +1 -1
data/reports/plugin_formatters/xml/form_dicattack.rb +1 -1
data/reports/plugin_formatters/xml/healthmap.rb +1 -1
data/reports/plugin_formatters/xml/http_dicattack.rb +1 -1
data/reports/plugin_formatters/xml/profiler.rb +1 -1
data/reports/plugin_formatters/xml/resolver.rb +1 -1
data/reports/plugin_formatters/xml/timing_attacks.rb +1 -1
data/reports/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/reports/plugin_formatters/xml/uniformity.rb +1 -1
data/reports/plugin_formatters/xml/waf_detector.rb +1 -1
data/reports/stdout.rb +1 -1
data/reports/txt.rb +1 -1
data/reports/xml.rb +8 -9
data/reports/xml/buffer.rb +2 -2
data/reports/yaml.rb +8 -9
data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +80 -2
data/spec/arachni/element/capabilities/auditable/timeout_spec.rb +44 -29
data/spec/arachni/element/cookie_spec.rb +1 -1
data/spec/arachni/element/form_spec.rb +31 -13
data/spec/arachni/http/cookie_jar_spec.rb +11 -0
data/spec/arachni/http_spec.rb +33 -7
data/spec/arachni/issue_spec.rb +10 -3
data/spec/arachni/options_spec.rb +18 -1
data/spec/arachni/parser_spec.rb +27 -26
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +10 -1
data/spec/arachni/rpc/server/dispatcher_spec.rb +15 -0
data/spec/arachni/ruby/array_spec.rb +11 -0
data/spec/arachni/ruby/hash_spec.rb +28 -1
data/spec/arachni/ruby/string_spec.rb +14 -1
data/spec/arachni/session_spec.rb +39 -0
data/spec/arachni/spider_spec.rb +23 -14
data/spec/arachni/{module → support}/key_filler.rb +20 -2
data/spec/arachni/support/signature_spec.rb +158 -0
data/spec/arachni/trainer_spec.rb +31 -0
data/spec/arachni/typhoeus/response_spec.rb +17 -0
data/spec/arachni/uri_spec.rb +1 -1
data/spec/external/wavsep/active/lfi_spec.rb +94 -0
data/spec/external/wavsep/active/rfi_spec.rb +35 -0
data/spec/external/wavsep/active/sqli_spec.rb +108 -0
data/spec/external/wavsep/active/xss_spec.rb +41 -0
data/spec/external/wavsep/false_positives/lfi_spec.rb +33 -0
data/spec/external/wavsep/false_positives/rfi_spec.rb +21 -0
data/spec/external/wavsep/false_positives/sqli_spec.rb +32 -0
data/spec/external/wavsep/false_positives/xss_spec.rb +21 -0
data/spec/modules/audit/source_code_disclosure_spec.rb +4 -4
data/spec/modules/audit/sqli_blind_rdiff_spec.rb +1 -1
data/spec/modules/audit/sqli_blind_timing_spec.rb +3 -3
data/spec/modules/audit/sqli_spec.rb +1 -1
data/spec/modules/audit/xss_script_tag_spec.rb +1 -1
data/spec/plugins/autologin_spec.rb +25 -7
data/spec/plugins/cookie_collector_spec.rb +17 -0
data/spec/spec_helper.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/modules/test.rb +1 -1
data/spec/support/fixtures/modules/test2.rb +1 -1
data/spec/support/fixtures/modules/test3.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/spider_hook.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/reports/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reports/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reports/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reports/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reports/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reports/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_mod/body.rb +1 -1
data/spec/support/fixtures/run_mod/cookies.rb +1 -1
data/spec/support/fixtures/run_mod/empty.rb +1 -1
data/spec/support/fixtures/run_mod/flch.rb +1 -1
data/spec/support/fixtures/run_mod/forms.rb +1 -1
data/spec/support/fixtures/run_mod/headers.rb +1 -1
data/spec/support/fixtures/run_mod/links.rb +1 -1
data/spec/support/fixtures/run_mod/nil.rb +1 -1
data/spec/support/fixtures/run_mod/path.rb +1 -1
data/spec/support/fixtures/run_mod/server.rb +1 -1
data/spec/support/fixtures/taint_module/taint.rb +1 -1
data/spec/support/fixtures/wait_module/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/web_server_manager.rb +1 -1
data/spec/support/logs/Dispatcher - 10129-46995.log +9 -0
data/spec/support/logs/Dispatcher - 10139-63648.log +19 -0
data/spec/support/logs/Dispatcher - 10149-5551.log +17 -0
data/spec/support/logs/Dispatcher - 10158-34385.log +13 -0
data/spec/support/logs/Dispatcher - 10167-55701.log +9 -0
data/spec/support/logs/Dispatcher - 10176-8922.log +9 -0
data/spec/support/logs/Dispatcher - 10185-53716.log +11 -0
data/spec/support/logs/Dispatcher - 10198-44724.log +11 -0
data/spec/support/logs/Dispatcher - 10211-7697.log +11 -0
data/spec/support/logs/Dispatcher - 10224-3751.log +35 -0
data/spec/support/logs/Dispatcher - 10285-7404.log +21 -0
data/spec/support/logs/Dispatcher - 10294-56221.log +21 -0
data/spec/support/logs/Dispatcher - 10303-2483.log +23 -0
data/spec/support/logs/Dispatcher - 10344-60543.log +19 -0
data/spec/support/logs/Dispatcher - 10355-31708.log +17 -0
data/spec/support/logs/Dispatcher - 10364-63170.log +15 -0
data/spec/support/logs/Dispatcher - 10377-37936.log +11 -0
data/spec/support/logs/Dispatcher - 10390-37511.log +9 -0
data/spec/support/logs/Dispatcher - 10400-29603.log +9 -0
data/spec/support/logs/Dispatcher - 10409-57042.log +9 -0
data/spec/support/logs/Dispatcher - 10418-17812.log +9 -0
data/spec/support/logs/Dispatcher - 10427-59862.log +11 -0
data/spec/support/logs/Dispatcher - 10440-48351.log +9 -0
data/spec/support/logs/Dispatcher - 10449-24218.log +9 -0
data/spec/support/logs/Dispatcher - 10458-54646.log +9 -0
data/spec/support/logs/Dispatcher - 10511-3333.log +63 -0
data/spec/support/logs/Dispatcher - 10520-50009.log +43 -0
data/spec/support/logs/Dispatcher - 10529-44870.log +39 -0
data/spec/support/logs/Dispatcher - 10538-49556.log +34 -0
data/spec/support/logs/Dispatcher - 10547-61887.log +28 -0
data/spec/support/logs/Dispatcher - 10556-31163.log +21 -0
data/spec/support/logs/Dispatcher - 10565-40008.log +13 -0
data/spec/support/logs/Dispatcher - 10575-18836.log +9 -0
data/spec/support/logs/Dispatcher - 10747-32268.log +19 -0
data/spec/support/logs/Dispatcher - 10757-4081.log +21 -0
data/spec/support/logs/Dispatcher - 10766-49190.log +15 -0
data/spec/support/logs/Dispatcher - 10780-46610.log +19 -0
data/spec/support/logs/Dispatcher - 10789-5332.log +21 -0
data/spec/support/logs/Dispatcher - 10798-56243.log +15 -0
data/spec/support/logs/Dispatcher - 10920-32037.log +17 -0
data/spec/support/logs/Dispatcher - 10929-35662.log +21 -0
data/spec/support/logs/Dispatcher - 10938-64010.log +13 -0
data/spec/support/logs/Dispatcher - 10951-44746.log +19 -0
data/spec/support/logs/Dispatcher - 10961-55791.log +21 -0
data/spec/support/logs/Dispatcher - 10972-58913.log +15 -0
data/spec/support/logs/Dispatcher - 11023-45004.log +17 -0
data/spec/support/logs/Dispatcher - 11033-55505.log +21 -0
data/spec/support/logs/Dispatcher - 11042-46123.log +13 -0
data/spec/support/logs/Dispatcher - 11055-26836.log +17 -0
data/spec/support/logs/Dispatcher - 11064-60361.log +21 -0
data/spec/support/logs/Dispatcher - 11073-17507.log +13 -0
data/spec/support/logs/Dispatcher - 11298-28357.log +19 -0
data/spec/support/logs/Dispatcher - 11307-62669.log +21 -0
data/spec/support/logs/Dispatcher - 11316-9391.log +15 -0
data/spec/support/logs/Dispatcher - 11340-45921.log +21 -0
data/spec/support/logs/Dispatcher - 11349-8693.log +25 -0
data/spec/support/logs/Dispatcher - 11358-53753.log +15 -0
data/spec/support/logs/Dispatcher - 11394-29437.log +17 -0
data/spec/support/logs/Dispatcher - 11403-59953.log +21 -0
data/spec/support/logs/Dispatcher - 11412-51134.log +13 -0
data/spec/support/logs/Dispatcher - 11425-42569.log +21 -0
data/spec/support/logs/Dispatcher - 11434-16150.log +25 -0
data/spec/support/logs/Dispatcher - 11443-19072.log +15 -0
data/spec/support/logs/Dispatcher - 11479-39149.log +17 -0
data/spec/support/logs/Dispatcher - 11488-42169.log +21 -0
data/spec/support/logs/Dispatcher - 11497-29822.log +13 -0
data/spec/support/logs/Dispatcher - 11510-8273.log +17 -0
data/spec/support/logs/Dispatcher - 11519-18206.log +21 -0
data/spec/support/logs/Dispatcher - 11528-55825.log +13 -0
data/spec/support/logs/Dispatcher - 9969-52890.log +9 -0
data/spec/support/logs/Dispatcher - 9996-38451.log +21 -0
data/spec/support/logs/{Instance - 12589-35500.error.log → Instance - 10762-33696.error.log } +63 -40
data/spec/support/logs/{Instance - 16415-47240.error.log → Instance - 11038-18065.error.log } +65 -42
data/spec/support/logs/{Instance - 16762-48636.error.log → Instance - 11069-34848.error.log } +162 -139
data/spec/support/logs/{Instance - 16789-61713.error.log → Instance - 11091-33954.error.log } +60 -37
data/spec/support/logs/{Instance - 16795-55306.error.log → Instance - 11097-33191.error.log } +65 -42
data/spec/support/logs/{Instance - 12909-9442.error.log → Instance - 11229-38634.error.log } +60 -37
data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +131 -7
data/spec/support/servers/arachni/element/capabilities/auditable/timeout.rb +4 -0
data/spec/support/servers/arachni/element/form.rb +27 -0
data/spec/support/servers/arachni/element/link.rb +16 -0
data/spec/support/servers/arachni/session.rb +17 -1
data/spec/support/servers/arachni/spider.rb +25 -1
data/spec/support/servers/arachni/trainer.rb +8 -0
data/spec/support/servers/modules/audit/os_cmd_injection_timing.rb +2 -1
data/spec/support/servers/modules/audit/source_code_disclosure.rb +0 -1
data/spec/support/servers/modules/audit/sqli/postgresql +2 -0
data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +9 -13
data/spec/support/shared/element/capabilities/auditable.rb +62 -3
data/spec/support/shared/element/capabilities/refreshable.rb +27 -0
data/spec/support/shared/external/wavsep.rb +89 -0
metadata +1081 -1206
data/lib/arachni/platforms.rb +0 -499
data/logs/Dispatcher - 12101-7331.log +0 -15
data/spec/support/logs/Dispatcher - 11821-58635.log +0 -9
data/spec/support/logs/Dispatcher - 11848-37716.log +0 -21
data/spec/support/logs/Dispatcher - 11974-31477.log +0 -9
data/spec/support/logs/Dispatcher - 11984-10290.log +0 -19
data/spec/support/logs/Dispatcher - 11993-33501.log +0 -17
data/spec/support/logs/Dispatcher - 12002-62227.log +0 -13
data/spec/support/logs/Dispatcher - 12013-45779.log +0 -9
data/spec/support/logs/Dispatcher - 12022-22434.log +0 -9
data/spec/support/logs/Dispatcher - 12031-41130.log +0 -11
data/spec/support/logs/Dispatcher - 12045-23894.log +0 -11
data/spec/support/logs/Dispatcher - 12059-57317.log +0 -35
data/spec/support/logs/Dispatcher - 12122-60206.log +0 -21
data/spec/support/logs/Dispatcher - 12132-58445.log +0 -21
data/spec/support/logs/Dispatcher - 12141-13273.log +0 -23
data/spec/support/logs/Dispatcher - 12183-2341.log +0 -19
data/spec/support/logs/Dispatcher - 12192-56486.log +0 -17
data/spec/support/logs/Dispatcher - 12201-8840.log +0 -15
data/spec/support/logs/Dispatcher - 12214-47545.log +0 -11
data/spec/support/logs/Dispatcher - 12227-23676.log +0 -9
data/spec/support/logs/Dispatcher - 12236-16018.log +0 -9
data/spec/support/logs/Dispatcher - 12245-61980.log +0 -9
data/spec/support/logs/Dispatcher - 12254-30185.log +0 -9
data/spec/support/logs/Dispatcher - 12263-29578.log +0 -11
data/spec/support/logs/Dispatcher - 12276-64279.log +0 -9
data/spec/support/logs/Dispatcher - 12285-49975.log +0 -9
data/spec/support/logs/Dispatcher - 12347-26600.log +0 -63
data/spec/support/logs/Dispatcher - 12356-43960.log +0 -43
data/spec/support/logs/Dispatcher - 12365-30567.log +0 -39
data/spec/support/logs/Dispatcher - 12374-49263.log +0 -34
data/spec/support/logs/Dispatcher - 12401-6543.log +0 -28
data/spec/support/logs/Dispatcher - 12410-21678.log +0 -21
data/spec/support/logs/Dispatcher - 12419-42381.log +0 -13
data/spec/support/logs/Dispatcher - 12429-25829.log +0 -9
data/spec/support/logs/Dispatcher - 12574-63838.log +0 -19
data/spec/support/logs/Dispatcher - 12584-33256.log +0 -21
data/spec/support/logs/Dispatcher - 12593-45982.log +0 -15
data/spec/support/logs/Dispatcher - 12606-64171.log +0 -19
data/spec/support/logs/Dispatcher - 12615-52258.log +0 -21
data/spec/support/logs/Dispatcher - 12624-48032.log +0 -15
data/spec/support/logs/Dispatcher - 12744-31691.log +0 -17
data/spec/support/logs/Dispatcher - 12753-9777.log +0 -21
data/spec/support/logs/Dispatcher - 12762-14195.log +0 -13
data/spec/support/logs/Dispatcher - 12775-52778.log +0 -19
data/spec/support/logs/Dispatcher - 12784-33121.log +0 -21
data/spec/support/logs/Dispatcher - 12793-23476.log +0 -15
data/spec/support/logs/Dispatcher - 12845-33401.log +0 -17
data/spec/support/logs/Dispatcher - 12854-58592.log +0 -21
data/spec/support/logs/Dispatcher - 12863-38667.log +0 -13
data/spec/support/logs/Dispatcher - 12876-18504.log +0 -17
data/spec/support/logs/Dispatcher - 12885-8765.log +0 -21
data/spec/support/logs/Dispatcher - 12894-7708.log +0 -13
data/spec/support/logs/Dispatcher - 13112-20247.log +0 -19
data/spec/support/logs/Dispatcher - 13121-37610.log +0 -21
data/spec/support/logs/Dispatcher - 13130-55144.log +0 -15
data/spec/support/logs/Dispatcher - 13154-11476.log +0 -21
data/spec/support/logs/Dispatcher - 13163-28157.log +0 -25
data/spec/support/logs/Dispatcher - 13172-1403.log +0 -15
data/spec/support/logs/Dispatcher - 13208-39214.log +0 -17
data/spec/support/logs/Dispatcher - 13217-25789.log +0 -21
data/spec/support/logs/Dispatcher - 13226-32449.log +0 -13
data/spec/support/logs/Dispatcher - 13239-50344.log +0 -21
data/spec/support/logs/Dispatcher - 13248-35317.log +0 -25
data/spec/support/logs/Dispatcher - 13257-20820.log +0 -15
data/spec/support/logs/Dispatcher - 13293-39307.log +0 -17
data/spec/support/logs/Dispatcher - 13302-62417.log +0 -21
data/spec/support/logs/Dispatcher - 13311-57144.log +0 -13
data/spec/support/logs/Dispatcher - 13324-35654.log +0 -17
data/spec/support/logs/Dispatcher - 13333-9999.log +0 -21
data/spec/support/logs/Dispatcher - 13342-64466.log +0 -13
data/spec/support/logs/Dispatcher - 15092-40680.log +0 -9
data/spec/support/logs/Dispatcher - 15119-21562.log +0 -21
data/spec/support/logs/Dispatcher - 15680-63471.log +0 -9
data/spec/support/logs/Dispatcher - 15690-15104.log +0 -19
data/spec/support/logs/Dispatcher - 15699-36034.log +0 -17
data/spec/support/logs/Dispatcher - 15708-21275.log +0 -13
data/spec/support/logs/Dispatcher - 15717-6134.log +0 -9
data/spec/support/logs/Dispatcher - 15727-5906.log +0 -9
data/spec/support/logs/Dispatcher - 15736-27941.log +0 -11
data/spec/support/logs/Dispatcher - 15749-31464.log +0 -11
data/spec/support/logs/Dispatcher - 15762-52837.log +0 -35
data/spec/support/logs/Dispatcher - 15823-2486.log +0 -21
data/spec/support/logs/Dispatcher - 15832-34792.log +0 -21
data/spec/support/logs/Dispatcher - 15841-3367.log +0 -23
data/spec/support/logs/Dispatcher - 15886-2171.log +0 -19
data/spec/support/logs/Dispatcher - 15895-6022.log +0 -17
data/spec/support/logs/Dispatcher - 15904-51624.log +0 -15
data/spec/support/logs/Dispatcher - 15917-11227.log +0 -11
data/spec/support/logs/Dispatcher - 15930-17170.log +0 -9
data/spec/support/logs/Dispatcher - 15939-24891.log +0 -9
data/spec/support/logs/Dispatcher - 15948-26858.log +0 -9
data/spec/support/logs/Dispatcher - 15957-12278.log +0 -9
data/spec/support/logs/Dispatcher - 15967-37642.log +0 -11
data/spec/support/logs/Dispatcher - 15981-57959.log +0 -9
data/spec/support/logs/Dispatcher - 16000-51003.log +0 -9
data/spec/support/logs/Dispatcher - 16064-25969.log +0 -63
data/spec/support/logs/Dispatcher - 16073-13164.log +0 -43
data/spec/support/logs/Dispatcher - 16083-21729.log +0 -39
data/spec/support/logs/Dispatcher - 16092-48691.log +0 -34
data/spec/support/logs/Dispatcher - 16101-7385.log +0 -28
data/spec/support/logs/Dispatcher - 16110-24222.log +0 -21
data/spec/support/logs/Dispatcher - 16119-29645.log +0 -13
data/spec/support/logs/Dispatcher - 16129-23325.log +0 -9
data/spec/support/logs/Dispatcher - 16399-42716.log +0 -19
data/spec/support/logs/Dispatcher - 16410-3301.log +0 -21
data/spec/support/logs/Dispatcher - 16419-8500.log +0 -15
data/spec/support/logs/Dispatcher - 16432-2467.log +0 -19
data/spec/support/logs/Dispatcher - 16441-27407.log +0 -21
data/spec/support/logs/Dispatcher - 16450-28157.log +0 -15
data/spec/support/logs/Dispatcher - 16607-37339.log +0 -17
data/spec/support/logs/Dispatcher - 16616-50971.log +0 -21
data/spec/support/logs/Dispatcher - 16625-28154.log +0 -13
data/spec/support/logs/Dispatcher - 16638-17094.log +0 -19
data/spec/support/logs/Dispatcher - 16647-25657.log +0 -21
data/spec/support/logs/Dispatcher - 16656-11108.log +0 -15
data/spec/support/logs/Dispatcher - 16716-31067.log +0 -17
data/spec/support/logs/Dispatcher - 16726-34466.log +0 -21
data/spec/support/logs/Dispatcher - 16735-55150.log +0 -13
data/spec/support/logs/Dispatcher - 16748-7910.log +0 -17
data/spec/support/logs/Dispatcher - 16757-62118.log +0 -21
data/spec/support/logs/Dispatcher - 16766-31937.log +0 -13
data/spec/support/logs/Dispatcher - 16999-6441.log +0 -19
data/spec/support/logs/Dispatcher - 17008-51788.log +0 -21
data/spec/support/logs/Dispatcher - 17017-20096.log +0 -15
data/spec/support/logs/Dispatcher - 17041-15877.log +0 -21
data/spec/support/logs/Dispatcher - 17050-42137.log +0 -25
data/spec/support/logs/Dispatcher - 17059-12767.log +0 -15
data/spec/support/logs/Dispatcher - 17095-3041.log +0 -17
data/spec/support/logs/Dispatcher - 17104-42336.log +0 -21
data/spec/support/logs/Dispatcher - 17113-11660.log +0 -13
data/spec/support/logs/Dispatcher - 17126-64859.log +0 -21
data/spec/support/logs/Dispatcher - 17135-11634.log +0 -25
data/spec/support/logs/Dispatcher - 17144-37598.log +0 -15
data/spec/support/logs/Dispatcher - 17180-55804.log +0 -17
data/spec/support/logs/Dispatcher - 17189-5599.log +0 -21
data/spec/support/logs/Dispatcher - 17198-13188.log +0 -13
data/spec/support/logs/Dispatcher - 17211-23553.log +0 -17
data/spec/support/logs/Dispatcher - 17220-36701.log +0 -21
data/spec/support/logs/Dispatcher - 17229-41502.log +0 -13
data/spec/support/logs/Instance - 12859-23151.error.log +0 -314
data/spec/support/logs/Instance - 12890-17901.error.log +0 -413
data/spec/support/logs/Instance - 12915-45947.error.log +0 -314
data/spec/support/logs/Instance - 13044-48074.error.log +0 -312
data/spec/support/logs/Instance - 16731-60738.error.log +0 -314
data/spec/support/logs/Instance - 16931-37511.error.log +0 -312

checksums.yaml CHANGED Viewed

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NzNlOTZlMGUyOTkwNTY4MWRmYTQyYmFmNmRlMGI0ZDVlNzZkMmI4NA==
+    MjQyMTU0MWMwYTcyZTVhMjk0NDM0YjZlMmZiMDllYmI4ZTNkZjM4Zg==
   data.tar.gz: !binary |-
-    YmNiN2YyNmFlMzZlZThjYmZiMGUwZGY1MTQ5NjlhZTgyYzk4M2NjZQ==
-!binary "U0hBNTEy":
+    MWI4ZjZmNzE5MzMxM2UyOTdkMzI4NjM0YTI0NWQwZDg4NmUxMzcwYw==
+SHA512:
   metadata.gz: !binary |-
-    MDZmZGMzZTU5ZjVhM2Q4MDg2OTI5NGUwMDBhZTJhNGRlOGViYjc4YjlmY2I3
-    OWE4Y2E4MTFkODIyNTI0N2VmNzBmM2Q2YjEwZGQxMmZlNjFjODQ3YTFmYmZh
-    N2Y5NDhhNzgyMTQzZmM0MTRiNWMzNmYwZWEwOTVjY2ExZWQ3NjA=
+    N2NkYzk3M2Y1MzY3YWQ0ZmEwZTM0ODBiZGUwNmZhYmIxOWRlODAyZDFjOTgw
+    YTIwMmQ0YjdhNDhjMWUzNWVkYzQ0MTM0ZjA5ZGQyYzM2MzQ2MDgyZWFiZmQw
+    MDY5NDFiMWY0ZGY4YzNjMWZjNTliMmFlM2YyZGM2MzFlZjY4YTg=
   data.tar.gz: !binary |-
-    MzRiNTI1ZDY0Y2EwZjBlNmRiYWRjOGE0ZmI5ODkyMmQyZjMzN2VlNWVkZTg3
-    ZTkzMDEzMjBlZGZiMGM2MmI5MTkyZmE5ZmRiZTY0NzcwMDc2YzY3M2JkN2Y4
-    ZmY0MDhiMTAyMDU5YWRlZGEwMjMzOGRjNjhiMTE2NzcxNDhjZjU=
+    M2JlNDdkN2MxODRhMThkYzQxNTBkZjcyMWQxNTg3ZWM2YzU5NTQyOTRhNmFm
+    ZTVkNzA4MjJjNmI2NzQ0ZTE2ZjNkNzgzNmFlMGJkYWQwMGRhNjc0M2RiODM5
+    YjY3MGM1MGRiNWFmYjI0MTg2YjVmNjZjYzhiOGZhNTk3NGM4YTE=

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,102 @@
 # ChangeLog
+## 0.4.6 _(January 1, 2014)_
+- CLI user interfaces
+    - `--lsmod`
+        - Longer pauses every 3 modules, it lists all of them at once.
+        - Updated to show the _Severity_ of the issues the module logs.
+    - `Ctrl+C` screen optimized to use less resources when printing scan data.
+- Options
+    - `--cookie-string` -- Updated to also handle cookies in the form of `Set-Cookie` headers.
+    - Added:
+        - `--external-address` -- The external address of a Dispatcher.
+        - `--http-queue-size` -- Maximum amount of requests to keep in the queue,
+            bigger size means better scheduling and better performance, smaller
+            means less RAM consumption.
+- `Session`
+    - `#ensure_logged_in` -- Retry on login failure.
+- `Spider`
+    - Don't apply scope restrictions to the seed URL.
+- `Framework`
+    - Audit
+        - Stored pages are now offloaded to disk to lower RAM consumption.
+- `Trainer`
+    - `#push` -- Prints verbose messages in cases of scope violations.
+- `HTTP`
+    - Maximum request-queue size lowered from 5000 to 500, to decrease RAM usage
+        by preventing the storage of large amounts of requests for extended periods of time.
+    - Updated to use the new `Support::Signature` class for custom-404 signatures.
+- `RPC::Server::Dispatcher`
+    - Now supports specifying an external address to allow for deployments behind NATs.
+- `Element::Capabilities::Auditable::RDiff`
+    - Updated to use the new `Support::Signature` class to perform response body comparisons.
+    - Updated the algorithm to use a `false` as the control.
+    - Added integrity check for the analysis process.
+    - Optimized scheduling of data gathering.
+    - Reduced total amount of performed requests.
+    - Massively reduced RAM consumption for data storage and analysis.
+- `Element::Capabilities::Auditable::Timeout`
+    - Updated the algorithm to use an approximated web application processing
+        time instead of the HTTP timeout based on the total request-response process.
+    - Made analysis corruption checks more stringent to diminish the chances of
+        false positives.
+    - Fixed bug causing non-vetted inputs to reach the final stages of analysis
+        which sometimes resulted in false positives.
+    - Added a cool-off period after Phase 2 to ensure webapp responsiveness post-attack.
+    - Improved status messages.
+- `Element::Capabilities::Auditable::Taint`
+    - Added longest-word-optimization -- Checks if the longest word of a regexp
+        exists in the response body prior to matching the full-blown regexp.
+- `Element::Capabilities::Auditable#audit`
+    - Added option `:skip_like`, accepting blocks used to filter the mutations
+        about to be audited.
+    - Fixed bug causing audits with constantly changing tokens to fail.
+    - Updated to use `#each_mutation` instead of `#mutations`.
+- `Element::Capabilities::Mutable`
+    - Added `#each_mutation` to generate mutations on the fly instead of relying
+        on `#mutations` to generate an array of mutations.
+    - Updated `#mutations` to delegate to `#each_mutation`.
+- `Element::Cookie#encode`
+    - Allow `=` to remain un-encoded in the cookie value.
+- `Element::Form` -- Buttons are now treated as inputs as well.
+- `Options#load` -- Updated to support serialized `Hash` objects.
+- Added `Support::Signature` -- Signature class used to generate and refine signatures
+    from `String` objects.
+- Modules
+    - Audit
+        - `path_traversal` -- Updated to use double-slashes for *nix payloads.
+        - `file_inclusion` -- Added evasive payloads using '\'.
+        - `source_code_disclosure`
+            - Increased coverage by following the directory tree of each file one
+                level at a time.
+        - `xss_script_tag` -- Updated to check for the existence of encoding operations.
+        - `sqli`
+            - Updated to cache the compiled regular expressions.
+            - Updated to use the longest-word-optimization of the taint analysis
+                implementation for faster analysis.
+        - `sqli_blind_rdiff`
+            - Massively reduced injected payloads.
+        - `os_cmd_injection_timing` -- Decreased the time delay.
+    - Recon
+        - `localstart_asp`
+            - Check for an ASP platform instead of a Windows one.
+            - Fixed `LocalJumpError`.
+- Plugins
+    - `autologin`
+        - Changed `print_bad` to `print_error` so that errors are written to the
+            error log.
+        - Scan remains paused and awaits user action upon failure.
+    - `proxy`
+        - Updated request URL encoding to handle malformed URLs.
+        - Disabled reverse DNS lookup on requests to increase performance.
+    - `content_types` -- Moved out of `defaults/'.
+    - `cookie_collector`
+        - Added `filter` option used to determine which cookies to log based on
+            a pattern matched against cookie names.
+- Reports -- Added `content_type` to all reports with `outfile` option in `.info`.
+    - `xml` -- Escaped parameter values in XML report.
 ## 0.4.5.2 _(September 18, 2013)_
 - `gemspec`

data/CONTRIBUTORS.md CHANGED Viewed

@@ -15,6 +15,7 @@ suggestions or testing it.
 - [Evan Beard](mailto:beard.evan@gmail.com) for feedback and patches.
 - [Michael Borohovski](mailto:borski@mit.edu) for testing, feedback and patches.
 - [Ben Sedat](mailto:bsedat@alum.mit.edu) for testing, feedback and patches.
+- [Michiel van Es](mailto:mve@pragmasec.nl) for relentless testing and feedback.
 A big thanks to my buddy [Andreas](mailto:rainmakergr@gmail.com) for the original
 spider drawing used in the project graphics.

data/NOTICE CHANGED Viewed

@@ -1,5 +1,5 @@
     Arachni Web Application Security Scanner Framework
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     This product includes code from the Arachni Web Application Security Scanner Framework
     developed by Tasos Laskos <tasos.laskos@gmail.com>.

data/README.md CHANGED Viewed

@@ -3,7 +3,7 @@
 <table>
     <tr>
         <th>Version</th>
-        <td>0.4.5.2</td>
+        <td>0.4.6</td>
     </tr>
     <tr>
         <th>Homepage</th>
@@ -38,7 +38,7 @@
     </tr>
     <tr>
         <th>Copyright</th>
-        <td>2010-2013 Tasos Laskos</td>
+        <td>2010-2014 Tasos Laskos</td>
     </tr>
     <tr>
         <th>License</th>
@@ -403,6 +403,8 @@ core remains lean and makes it easy for anyone to add arbitrary functionality.
 - Script (`script`) -- Loads and runs an external Ruby script under the scope of a plugin,
     used for debugging and general hackery.
 - Uncommon headers (`uncommon_headers`) -- Logs uncommon headers.
+- Content-types (`content_types`) -- Logs content-types of server responses aiding in the
+    identification of interesting (possibly leaked) files.
 #### Defaults
@@ -410,8 +412,6 @@ Default plugins will run for every scan and are placed under `/plugins/defaults/
 - AutoThrottle (`autothrottle`) -- Dynamically adjusts HTTP throughput during the scan for
     maximum bandwidth utilization.
-- Content-types (`content_types`) -- Logs content-types of server responses aiding in the
-    identification of interesting (possibly leaked) files.
 - Healthmap (`healthmap`) -- Generates sitemap showing the health of each crawled/audited URL
 - Resolver (`resolver`) -- Resolves vulnerable hostnames to IP addresses.

data/Rakefile CHANGED Viewed

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 =end
 require 'bundler'
+require 'fileutils'
 require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni'
 begin
@@ -22,27 +23,116 @@ begin
     require 'rspec/core/rake_task'
     namespace :spec do
+        desc 'Run core library tests.'
         RSpec::Core::RakeTask.new( :core ) do |t|
-            t.pattern = FileList[ "spec/arachni/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/arachni/**/*_spec.rb' ]
         end
+        desc 'Run module tests.'
         RSpec::Core::RakeTask.new( :modules ) do |t|
-            t.pattern = FileList[ "spec/modules/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/modules/**/*_spec.rb' ]
+        end
+        namespace :modules do
+            desc 'Run tests for the audit modules.'
+            RSpec::Core::RakeTask.new( :audit ) do |t|
+                t.pattern = FileList[ 'spec/modules/audit/**/*_spec.rb' ]
+            end
+            desc 'Run tests for the recon modules.'
+            RSpec::Core::RakeTask.new( :recon ) do |t|
+                t.pattern = FileList[ 'spec/modules/recon/**/*_spec.rb' ]
+            end
         end
+        desc 'Run report tests.'
         RSpec::Core::RakeTask.new( :reports ) do |t|
-            t.pattern = FileList[ "spec/reports/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/reports/**/*_spec.rb' ]
         end
+        desc 'Run plugin tests.'
         RSpec::Core::RakeTask.new( :plugins ) do |t|
-            t.pattern = FileList[ "spec/plugins/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/plugins/**/*_spec.rb' ]
         end
+        desc 'Run path-extractor tests.'
         RSpec::Core::RakeTask.new( :path_extractors ) do |t|
-            t.pattern = FileList[ "spec/path_extractors/**/*_spec.rb" ]
+            t.pattern = FileList[ 'spec/path_extractors/**/*_spec.rb' ]
+        end
+        desc 'Run external test suites.'
+        RSpec::Core::RakeTask.new( :external ) do |t|
+            t.pattern = FileList[ 'spec/external/**/*_spec.rb' ]
+        end
+        namespace :external do
+            desc 'Run the WAVSEP test suite.'
+            RSpec::Core::RakeTask.new( :wavsep ) do |t|
+                t.pattern = FileList[ 'spec/external/wavsep/**/**/*_spec.rb' ]
+            end
+            namespace :wavsep do
+                desc 'Run the WAVSEP active tests.'
+                RSpec::Core::RakeTask.new( :active ) do |t|
+                    t.pattern = FileList[ 'spec/external/wavsep/active/**/*_spec.rb' ]
+                end
+                namespace :active do
+                    desc 'Run the WAVSEP XSS tests.'
+                    RSpec::Core::RakeTask.new( :xss ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/xss_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP SQL injection tests.'
+                    RSpec::Core::RakeTask.new( :sqli ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/sqli_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP LFI tests.'
+                    RSpec::Core::RakeTask.new( :lfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/lfi_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP RFI tests.'
+                    RSpec::Core::RakeTask.new( :rfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/active/rfi_spec.rb' ]
+                    end
+                end
+                desc 'Run the WAVSEP false positive tests.'
+                RSpec::Core::RakeTask.new( :false_positives ) do |t|
+                    t.pattern = FileList[ 'spec/external/wavsep/false_positives/**/*_spec.rb' ]
+                end
+                namespace :false_positives do
+                    desc 'Run the WAVSEP XSS false positive tests.'
+                    RSpec::Core::RakeTask.new( :xss ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/xss_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP SQL injection false positive tests.'
+                    RSpec::Core::RakeTask.new( :sqli ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/sqli_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP LFI false positive tests.'
+                    RSpec::Core::RakeTask.new( :lfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/lfi_spec.rb' ]
+                    end
+                    desc 'Run the WAVSEP RFI false positive tests.'
+                    RSpec::Core::RakeTask.new( :rfi ) do |t|
+                        t.pattern = FileList[ 'spec/external/wavsep/false_positives/rfi_spec.rb' ]
+                    end
+                end
+            end
         end
-        desc "Generate an AFR report for the report tests"
+        desc 'Generate an AFR report for the report tests.'
         namespace :generate do
             task :afr do
@@ -78,7 +168,7 @@ begin
                 Arachni::Framework.new.modules.load_all
                 Arachni::AuditStore.new( issues: issues.uniq ).
-                    save( 'spec/fixtures/auditstore.afr' )
+                    save( 'spec/support/fixtures/auditstore.afr' )
                 Arachni::Options.reset
             end
@@ -91,7 +181,7 @@ rescue LoadError
     puts '  gem install rspec'
 end
-desc "Generate docs"
+desc 'Generate docs.'
 task :docs do
     outdir = "../arachni-docs"
@@ -103,7 +193,7 @@ task :docs do
     sh "rm -rf .yardoc"
 end
-desc "Generate graphics"
+desc 'Generate graphics.'
 task :gfx do
     outdir = 'gfx/compiled'
@@ -129,7 +219,7 @@ end
 #
 # [1] https://github.com/tmm1/perftools.rb
 #
-desc "Profile Arachni"
+desc 'Profile Arachni.'
 task :profile do
     if !Gem::Specification.find_all_by_name( 'perftools.rb' ).empty?
@@ -144,27 +234,22 @@ task :profile do
 end
-#
-# Cleans reports and logs
-#
-desc "Cleaning report and log files."
+desc 'Remove report and log files.'
 task :clean do
+    files = %w(error.log *.afr *.yaml *.json *.marshal *.gem pkg/*.gem logs/*.log
+        spec/support/logs/*.log).map { |file| Dir.glob( file ) }.flatten
-    sh "rm error.log || true"
-    sh "rm *.afr || true"
-    sh "rm *.yaml || true"
-    sh "rm *.json || true"
-    sh "rm *.marshal || true"
-    sh "rm *.gem || true"
-    sh "rm logs/*.log || true"
-    sh "rm spec/support/logs/*.log || true"
-end
+    next if files.empty?
+    puts 'Removing:'
+    files.each { |file| puts "  * #{file}" }
+    FileUtils.rm files
+end
 Bundler::GemHelper.install_tasks
-desc "Push a new version to RubyGems"
+desc 'Push a new version to RubyGems'
 task :publish => [ :release ]
-desc "Build Arachni and run all the tests."
+desc 'Build Arachni and run all the tests.'
 task :default => [ :build, :spec ]

data/arachni.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 # coding: utf-8
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -114,7 +114,7 @@ GitHub page        - http://github.com/Arachni/arachni
 Code Documentation - http://rubydoc.info/github/Arachni/arachni
 Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
 Twitter            - http://twitter.com/ArachniScanner
-Copyright          - 2010-2013 Tasos Laskos
+Copyright          - 2010-2014 Tasos Laskos
 License            - Apache License v2
 Please do not hesitate to ask for assistance (via the support portal)

data/bin/arachni CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_console CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_multi CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_rpc CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.

data/bin/arachni_rpcd CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 =begin
-    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+    Copyright 2010-2014 Tasos Laskos <tasos.laskos@gmail.com>
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.