arachni 1.0.3 → 1.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fe4bb5082b1faba59faf683145dd95841b0299a2
-  data.tar.gz: 83374892882e248fb3334b7651c7f166c99c3bc2
+  metadata.gz: 99e76bd9a28d81d3b89c8a4544dad6a6ccbe5c54
+  data.tar.gz: 4c204ffb2b1b72f3820cda0b58681a073c9234de
 SHA512:
-  metadata.gz: def0427f488fd60f1aed48b0a38d2cb3e3deff96c3270305f27a5a7e2e9a00d01074716b492169ef6e1f45984ac84f89ef39e81b1d155791b73aa560c40f5e33
-  data.tar.gz: 0edb331de9533d6f5b9a63d3fdcb3f4a7f64697ce6f0f3a98f610a53d41629037d50c01cee7037d28afa9b2489edaa82fd97dee4311c9c4188f4336e78815600
+  metadata.gz: 514fcc4191723fcfd0ef82355f19555ed4d21efab9cb8f6e3fd7a388aff526e8550919dbc16c18137f7310d22c30614ad165a63d0f399de36c8ddecdad9cb6e0
+  data.tar.gz: 1eca14df793d96453809d737ad229f36632eab832e1482801ec6a1a98f78de7f6f2ee30992f694b00056658ad9e23e788496af3c0da18fbdc6d953f738859d4d

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 # ChangeLog
 
+## 1.0.4 _(October 25, 2014)_
+
+- CLI options
+    - Fixed typo causing `--http-authentication-password` to be ignored.
+- Executables
+    - `arachni_restore` -- Updated to accept timeout options.
+- `Browser`
+    - Fail with `Browser::Error::Spawn` on unsuccessful process spawn.
+- Checks
+    - Active
+        - `csrf` -- Check for `csrf` substring in input names and values.
+    - Passive
+        - `backdoors` -- Added more filenames. [PR #492]
+        - `common_directories` -- Added ISO 3166-1 Alpha-2 countries. [PR #491]
+
 ## 1.0.3 _(October 3, 2014)_
 
 - Added overrides for system write directories in `config/write_paths.yml`.

data/README.md

@@ -3,7 +3,7 @@
 <table>
     <tr>
         <th>Version</th>
-        <td>1.0.3</td>
+        <td>1.0.4</td>
     </tr>
     <tr>
         <th>Homepage</th>

data/components/checks/active/csrf.rb

@@ -33,8 +33,6 @@
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 #
-# @version 0.3.3
-#
 # @see http://en.wikipedia.org/wiki/Cross-site_request_forgery
 # @see http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
 # @see http://www.cgisecurity.com/csrf-faq.html
@@ -96,6 +94,7 @@ class Arachni::Checks::CSRF < Arachni::Check::Base
     # @param  [String]  str
     def csrf_token?( str )
         return false if !str
+        return true if str.to_s.include?( 'csrf' )
 
         # we could use regexps but i kinda like lcamtuf's (Michal's) way
         base16_len_min    = 8
@@ -152,7 +151,7 @@ checks them for lack of anti-CSRF tokens.
 },
             elements:    [ Element::Form ],
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
-            version:     '0.3.3',
+            version:     '0.3.4',
 
             issue:       {
                 name:            %q{Cross-Site Request Forgery},

data/components/checks/passive/backdoors/filenames.txt

@@ -14,3 +14,15 @@ c-h.v2.php
 php-backdoor.php
 simple-backdoor.php
 cmdasp.asp
+cmd-asp-5.1.asp
+cmdasp.aspx
+shell.sh
+cfexec.cfm
+cmdjsp.jsp
+jsp-reverse.jsp
+perlcmd.cgi
+perl-reverse-shell.pl
+php-findsock-shell.php
+php-reverse-shell.php
+php-tiny-shell.php
+qsd-php-backdoor.php

data/components/checks/passive/common_directories/directories.txt

@@ -258,3 +258,252 @@ network
 xamp
 xampp
 lamp
+AD
+AE
+AF
+AG
+AI
+AL
+AM
+AO
+AQ
+AR
+AS
+AT
+AU
+AW
+AX
+AZ
+BA
+BB
+BD
+BE
+BF
+BG
+BH
+BI
+BJ
+BL
+BM
+BN
+BO
+BQ
+BR
+BS
+BT
+BV
+BW
+BY
+BZ
+CA
+CC
+CD
+CF
+CG
+CH
+CI
+CK
+CL
+CM
+CN
+CO
+CR
+CU
+CV
+CW
+CX
+CY
+CZ
+DE
+DJ
+DK
+DM
+DO
+DZ
+EC
+EE
+EG
+EH
+ER
+ES
+ET
+FI
+FJ
+FK
+FM
+FO
+FR
+GA
+GB
+GD
+GE
+GF
+GG
+GH
+GI
+GL
+GM
+GN
+GP
+GQ
+GR
+GS
+GT
+GU
+GW
+GY
+HK
+HM
+HN
+HR
+HT
+HU
+ID
+IE
+IL
+IM
+IN
+IO
+IQ
+IR
+IS
+IT
+JE
+JM
+JO
+JP
+KE
+KG
+KH
+KI
+KM
+KN
+KP
+KR
+KW
+KY
+KZ
+LA
+LB
+LC
+LI
+LK
+LR
+LS
+LT
+LU
+LV
+LY
+MA
+MC
+MD
+ME
+MF
+MG
+MH
+MK
+ML
+MM
+MN
+MO
+MP
+MQ
+MR
+MS
+MT
+MU
+MV
+MW
+MX
+MY
+MZ
+NA
+NC
+NE
+NF
+NG
+NI
+NL
+NO
+NP
+NR
+NU
+NZ
+OM
+PA
+PE
+PF
+PG
+PH
+PK
+PL
+PM
+PN
+PR
+PS
+PT
+PW
+PY
+QA
+RE
+RO
+RS
+RU
+RW
+SA
+SB
+SC
+SD
+SE
+SG
+SH
+SI
+SJ
+SK
+SL
+SM
+SN
+SO
+SR
+SS
+ST
+SV
+SX
+SY
+SZ
+TC
+TD
+TF
+TG
+TH
+TJ
+TK
+TL
+TM
+TN
+TO
+TR
+TT
+TV
+TW
+TZ
+UA
+UG
+UM
+US
+UY
+UZ
+VA
+VC
+VE
+VG
+VI
+VN
+VU
+WF
+WS
+YE
+YT
+ZA
+ZM
+ZW

data/lib/arachni/browser.rb

@@ -47,6 +47,12 @@ class Browser
     # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
     class Error < Arachni::Error
 
+        # Raised when the browser could not be spawned.
+        #
+        # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+        class Spawn < Error
+        end
+
         # Raised when a given resource can't be loaded.
         #
         # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
@@ -942,7 +948,11 @@ class Browser
     end
 
     def spawn_browser
-        spawn_phantomjs
+        if !spawn_phantomjs
+            fail Error::Spawn, 'Could not start the browser process.'
+        end
+
+        @browser_url
     end
 
     def spawn_phantomjs
@@ -953,6 +963,7 @@ class Browser
         ChildProcess.posix_spawn = true
 
         port = nil
+        last_attempt_output = nil
         10.times do |i|
             done = false
             port = available_port
@@ -996,7 +1007,8 @@ class Browser
                 print_debug 'Spawn timed-out.'
             end
 
-            print_debug IO.read( @process.io.stdout )
+            last_attempt_output = IO.read( @process.io.stdout )
+            print_debug last_attempt_output
 
             if done
                 print_debug 'PhantomJS is ready.'
@@ -1012,7 +1024,11 @@ class Browser
         #
         # Bail out for now and count on the BrowserCluster to retry to boot
         # another process ass needed.
-        return if !@process
+        if !@process
+            log_error 'Could not spawn browser process.'
+            log_error last_attempt_output
+            return
+        end
 
         begin
             @pid = @process.pid

data/lib/version

@@ -1 +1 @@
-1.0.3
+1.0.4

data/spec/arachni/browser_spec.rb

@@ -200,6 +200,13 @@ describe Arachni::Browser do
                 end
             end
         end
+
+        context 'when browser process spawn fails' do
+            it "raises #{described_class::Error::Spawn}" do
+                described_class.any_instance.stub(:spawn_phantomjs) { nil }
+                expect { described_class.new }.to raise_error described_class::Error::Spawn
+            end
+        end
     end
 
     describe '#source_with_line_numbers' do

data/spec/support/servers/checks/active/csrf.rb

@@ -43,7 +43,10 @@ get '/token_in_name' do
 
         <form name='secure_important_form' action='?'>
             <input name='booya!' value='other important stuff' />
-            <input type='hidden' name='da39a3ee5e6b4b0d3255bfef95601890afd80709' />
+        <input type='hidden' name='da39a3ee5e6b4b0d3255bfef95601890afd80709' />
+
+        <form name='secure_important_form_2' action='?'>
+            <input name='blahcsrfblah' value='stuff' />
         </form>
 
         HTML
@@ -73,6 +76,13 @@ get '/token_in_action' do
             <input name='booya!' value='other important stuff' />
         </form>
 
+        <form name='secure_important_form4' action='?csrf=stuff'>
+            <input name='booya!' value='other important stuff' />
+        </form>
+
+        <form name='secure_important_form5' action='?stuff=csrf'>
+            <input name='booya!' value='other important stuff' />
+        </form>
         HTML
     end
 

data/ui/cli/framework.rb

@@ -281,8 +281,6 @@ class Framework
 
                 # Toggle between status messages and command screens.
                 when ''
-                    return if !@framework.scanning?
-
                     if @show_command_screen
                         hide_command_screen
                     else

data/ui/cli/framework/option_parser.rb

@@ -296,8 +296,8 @@ class OptionParser < UI::CLI::OptionParser
         end
 
         on( '--http-authentication-password PASSWORD',
-               'Password for HTTP authentication.' ) do |username|
-            options.http.authentication_username = username
+               'Password for HTTP authentication.' ) do |password|
+            options.http.authentication_password = password
         end
 
         on( '--http-proxy ADDRESS:PORT', 'Proxy to use.' ) do |url|

data/ui/cli/restored_framework.rb

@@ -24,10 +24,15 @@ class RestoredFramework < Framework
     # It basically prepares the framework before calling {Arachni::Framework#run}.
     def parse_options
         parser = OptionParser.new
-        parser.snapshot
         parser.report
+        parser.snapshot
+        parser.timeout
+        parser.timeout_suspend
         parser.parse
 
+        @timeout         = parser.get_timeout
+        @timeout_suspend = parser.timeout_suspend?
+
         if parser.print_metadata?
             print_metadata Snapshot.read_metadata( parser.snapshot_path )
             exit

data/ui/cli/restored_framework/option_parser.rb

@@ -18,6 +18,34 @@ class OptionParser < UI::CLI::OptionParser
 
     attr_accessor :snapshot_path
 
+    def timeout
+        separator ''
+        separator 'Timeout'
+
+        on( '--timeout HOURS:MINUTES:SECONDS',
+            'Stop the scan after the given duration is exceeded.'
+        ) do |time|
+            @timeout = Arachni::Utilities.hms_to_seconds( time )
+        end
+    end
+
+    def timeout_suspend
+        on( '--timeout-suspend',
+            'Suspend after the timeout.',
+            'You can use the generated file to resume the scan with the \'arachni_restore\' executable.'
+        ) do
+            @timeout_suspend = true
+        end
+    end
+
+    def timeout_suspend?
+        !!@timeout_suspend
+    end
+
+    def get_timeout
+        @timeout
+    end
+
     def snapshot
         separator ''
         separator 'Snapshot'
@@ -59,11 +87,19 @@ class OptionParser < UI::CLI::OptionParser
     end
 
     def validate
+        validate_timeout
         validate_report_path
         validate_snapshot_path
         validate_snapshot_save_path
     end
 
+    def validate_timeout
+        return if !@timeout || @timeout > 0
+
+        print_bad 'Invalid timeout value.'
+        exit 1
+    end
+
     def validate_snapshot_path
         if !@snapshot_path
             print_error 'No snapshot file provided.'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arachni
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-07 00:00:00.000000000 Z
+date: 2014-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -1355,7 +1355,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.1
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed