arachni 1.0.3 → 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/README.md +1 -1
- data/components/checks/active/csrf.rb +2 -3
- data/components/checks/passive/backdoors/filenames.txt +12 -0
- data/components/checks/passive/common_directories/directories.txt +249 -0
- data/lib/arachni/browser.rb +19 -3
- data/lib/version +1 -1
- data/spec/arachni/browser_spec.rb +7 -0
- data/spec/support/servers/checks/active/csrf.rb +11 -1
- data/ui/cli/framework.rb +0 -2
- data/ui/cli/framework/option_parser.rb +2 -2
- data/ui/cli/restored_framework.rb +6 -1
- data/ui/cli/restored_framework/option_parser.rb +36 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 99e76bd9a28d81d3b89c8a4544dad6a6ccbe5c54
|
4
|
+
data.tar.gz: 4c204ffb2b1b72f3820cda0b58681a073c9234de
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 514fcc4191723fcfd0ef82355f19555ed4d21efab9cb8f6e3fd7a388aff526e8550919dbc16c18137f7310d22c30614ad165a63d0f399de36c8ddecdad9cb6e0
|
7
|
+
data.tar.gz: 1eca14df793d96453809d737ad229f36632eab832e1482801ec6a1a98f78de7f6f2ee30992f694b00056658ad9e23e788496af3c0da18fbdc6d953f738859d4d
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,20 @@
|
|
1
1
|
# ChangeLog
|
2
2
|
|
3
|
+
## 1.0.4 _(October 25, 2014)_
|
4
|
+
|
5
|
+
- CLI options
|
6
|
+
- Fixed typo causing `--http-authentication-password` to be ignored.
|
7
|
+
- Executables
|
8
|
+
- `arachni_restore` -- Updated to accept timeout options.
|
9
|
+
- `Browser`
|
10
|
+
- Fail with `Browser::Error::Spawn` on unsuccessful process spawn.
|
11
|
+
- Checks
|
12
|
+
- Active
|
13
|
+
- `csrf` -- Check for `csrf` substring in input names and values.
|
14
|
+
- Passive
|
15
|
+
- `backdoors` -- Added more filenames. [PR #492]
|
16
|
+
- `common_directories` -- Added ISO 3166-1 Alpha-2 countries. [PR #491]
|
17
|
+
|
3
18
|
## 1.0.3 _(October 3, 2014)_
|
4
19
|
|
5
20
|
- Added overrides for system write directories in `config/write_paths.yml`.
|
data/README.md
CHANGED
@@ -33,8 +33,6 @@
|
|
33
33
|
#
|
34
34
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
35
35
|
#
|
36
|
-
# @version 0.3.3
|
37
|
-
#
|
38
36
|
# @see http://en.wikipedia.org/wiki/Cross-site_request_forgery
|
39
37
|
# @see http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
|
40
38
|
# @see http://www.cgisecurity.com/csrf-faq.html
|
@@ -96,6 +94,7 @@ class Arachni::Checks::CSRF < Arachni::Check::Base
|
|
96
94
|
# @param [String] str
|
97
95
|
def csrf_token?( str )
|
98
96
|
return false if !str
|
97
|
+
return true if str.to_s.include?( 'csrf' )
|
99
98
|
|
100
99
|
# we could use regexps but i kinda like lcamtuf's (Michal's) way
|
101
100
|
base16_len_min = 8
|
@@ -152,7 +151,7 @@ checks them for lack of anti-CSRF tokens.
|
|
152
151
|
},
|
153
152
|
elements: [ Element::Form ],
|
154
153
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
155
|
-
version: '0.3.
|
154
|
+
version: '0.3.4',
|
156
155
|
|
157
156
|
issue: {
|
158
157
|
name: %q{Cross-Site Request Forgery},
|
@@ -14,3 +14,15 @@ c-h.v2.php
|
|
14
14
|
php-backdoor.php
|
15
15
|
simple-backdoor.php
|
16
16
|
cmdasp.asp
|
17
|
+
cmd-asp-5.1.asp
|
18
|
+
cmdasp.aspx
|
19
|
+
shell.sh
|
20
|
+
cfexec.cfm
|
21
|
+
cmdjsp.jsp
|
22
|
+
jsp-reverse.jsp
|
23
|
+
perlcmd.cgi
|
24
|
+
perl-reverse-shell.pl
|
25
|
+
php-findsock-shell.php
|
26
|
+
php-reverse-shell.php
|
27
|
+
php-tiny-shell.php
|
28
|
+
qsd-php-backdoor.php
|
@@ -258,3 +258,252 @@ network
|
|
258
258
|
xamp
|
259
259
|
xampp
|
260
260
|
lamp
|
261
|
+
AD
|
262
|
+
AE
|
263
|
+
AF
|
264
|
+
AG
|
265
|
+
AI
|
266
|
+
AL
|
267
|
+
AM
|
268
|
+
AO
|
269
|
+
AQ
|
270
|
+
AR
|
271
|
+
AS
|
272
|
+
AT
|
273
|
+
AU
|
274
|
+
AW
|
275
|
+
AX
|
276
|
+
AZ
|
277
|
+
BA
|
278
|
+
BB
|
279
|
+
BD
|
280
|
+
BE
|
281
|
+
BF
|
282
|
+
BG
|
283
|
+
BH
|
284
|
+
BI
|
285
|
+
BJ
|
286
|
+
BL
|
287
|
+
BM
|
288
|
+
BN
|
289
|
+
BO
|
290
|
+
BQ
|
291
|
+
BR
|
292
|
+
BS
|
293
|
+
BT
|
294
|
+
BV
|
295
|
+
BW
|
296
|
+
BY
|
297
|
+
BZ
|
298
|
+
CA
|
299
|
+
CC
|
300
|
+
CD
|
301
|
+
CF
|
302
|
+
CG
|
303
|
+
CH
|
304
|
+
CI
|
305
|
+
CK
|
306
|
+
CL
|
307
|
+
CM
|
308
|
+
CN
|
309
|
+
CO
|
310
|
+
CR
|
311
|
+
CU
|
312
|
+
CV
|
313
|
+
CW
|
314
|
+
CX
|
315
|
+
CY
|
316
|
+
CZ
|
317
|
+
DE
|
318
|
+
DJ
|
319
|
+
DK
|
320
|
+
DM
|
321
|
+
DO
|
322
|
+
DZ
|
323
|
+
EC
|
324
|
+
EE
|
325
|
+
EG
|
326
|
+
EH
|
327
|
+
ER
|
328
|
+
ES
|
329
|
+
ET
|
330
|
+
FI
|
331
|
+
FJ
|
332
|
+
FK
|
333
|
+
FM
|
334
|
+
FO
|
335
|
+
FR
|
336
|
+
GA
|
337
|
+
GB
|
338
|
+
GD
|
339
|
+
GE
|
340
|
+
GF
|
341
|
+
GG
|
342
|
+
GH
|
343
|
+
GI
|
344
|
+
GL
|
345
|
+
GM
|
346
|
+
GN
|
347
|
+
GP
|
348
|
+
GQ
|
349
|
+
GR
|
350
|
+
GS
|
351
|
+
GT
|
352
|
+
GU
|
353
|
+
GW
|
354
|
+
GY
|
355
|
+
HK
|
356
|
+
HM
|
357
|
+
HN
|
358
|
+
HR
|
359
|
+
HT
|
360
|
+
HU
|
361
|
+
ID
|
362
|
+
IE
|
363
|
+
IL
|
364
|
+
IM
|
365
|
+
IN
|
366
|
+
IO
|
367
|
+
IQ
|
368
|
+
IR
|
369
|
+
IS
|
370
|
+
IT
|
371
|
+
JE
|
372
|
+
JM
|
373
|
+
JO
|
374
|
+
JP
|
375
|
+
KE
|
376
|
+
KG
|
377
|
+
KH
|
378
|
+
KI
|
379
|
+
KM
|
380
|
+
KN
|
381
|
+
KP
|
382
|
+
KR
|
383
|
+
KW
|
384
|
+
KY
|
385
|
+
KZ
|
386
|
+
LA
|
387
|
+
LB
|
388
|
+
LC
|
389
|
+
LI
|
390
|
+
LK
|
391
|
+
LR
|
392
|
+
LS
|
393
|
+
LT
|
394
|
+
LU
|
395
|
+
LV
|
396
|
+
LY
|
397
|
+
MA
|
398
|
+
MC
|
399
|
+
MD
|
400
|
+
ME
|
401
|
+
MF
|
402
|
+
MG
|
403
|
+
MH
|
404
|
+
MK
|
405
|
+
ML
|
406
|
+
MM
|
407
|
+
MN
|
408
|
+
MO
|
409
|
+
MP
|
410
|
+
MQ
|
411
|
+
MR
|
412
|
+
MS
|
413
|
+
MT
|
414
|
+
MU
|
415
|
+
MV
|
416
|
+
MW
|
417
|
+
MX
|
418
|
+
MY
|
419
|
+
MZ
|
420
|
+
NA
|
421
|
+
NC
|
422
|
+
NE
|
423
|
+
NF
|
424
|
+
NG
|
425
|
+
NI
|
426
|
+
NL
|
427
|
+
NO
|
428
|
+
NP
|
429
|
+
NR
|
430
|
+
NU
|
431
|
+
NZ
|
432
|
+
OM
|
433
|
+
PA
|
434
|
+
PE
|
435
|
+
PF
|
436
|
+
PG
|
437
|
+
PH
|
438
|
+
PK
|
439
|
+
PL
|
440
|
+
PM
|
441
|
+
PN
|
442
|
+
PR
|
443
|
+
PS
|
444
|
+
PT
|
445
|
+
PW
|
446
|
+
PY
|
447
|
+
QA
|
448
|
+
RE
|
449
|
+
RO
|
450
|
+
RS
|
451
|
+
RU
|
452
|
+
RW
|
453
|
+
SA
|
454
|
+
SB
|
455
|
+
SC
|
456
|
+
SD
|
457
|
+
SE
|
458
|
+
SG
|
459
|
+
SH
|
460
|
+
SI
|
461
|
+
SJ
|
462
|
+
SK
|
463
|
+
SL
|
464
|
+
SM
|
465
|
+
SN
|
466
|
+
SO
|
467
|
+
SR
|
468
|
+
SS
|
469
|
+
ST
|
470
|
+
SV
|
471
|
+
SX
|
472
|
+
SY
|
473
|
+
SZ
|
474
|
+
TC
|
475
|
+
TD
|
476
|
+
TF
|
477
|
+
TG
|
478
|
+
TH
|
479
|
+
TJ
|
480
|
+
TK
|
481
|
+
TL
|
482
|
+
TM
|
483
|
+
TN
|
484
|
+
TO
|
485
|
+
TR
|
486
|
+
TT
|
487
|
+
TV
|
488
|
+
TW
|
489
|
+
TZ
|
490
|
+
UA
|
491
|
+
UG
|
492
|
+
UM
|
493
|
+
US
|
494
|
+
UY
|
495
|
+
UZ
|
496
|
+
VA
|
497
|
+
VC
|
498
|
+
VE
|
499
|
+
VG
|
500
|
+
VI
|
501
|
+
VN
|
502
|
+
VU
|
503
|
+
WF
|
504
|
+
WS
|
505
|
+
YE
|
506
|
+
YT
|
507
|
+
ZA
|
508
|
+
ZM
|
509
|
+
ZW
|
data/lib/arachni/browser.rb
CHANGED
@@ -47,6 +47,12 @@ class Browser
|
|
47
47
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
48
48
|
class Error < Arachni::Error
|
49
49
|
|
50
|
+
# Raised when the browser could not be spawned.
|
51
|
+
#
|
52
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
53
|
+
class Spawn < Error
|
54
|
+
end
|
55
|
+
|
50
56
|
# Raised when a given resource can't be loaded.
|
51
57
|
#
|
52
58
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
@@ -942,7 +948,11 @@ class Browser
|
|
942
948
|
end
|
943
949
|
|
944
950
|
def spawn_browser
|
945
|
-
spawn_phantomjs
|
951
|
+
if !spawn_phantomjs
|
952
|
+
fail Error::Spawn, 'Could not start the browser process.'
|
953
|
+
end
|
954
|
+
|
955
|
+
@browser_url
|
946
956
|
end
|
947
957
|
|
948
958
|
def spawn_phantomjs
|
@@ -953,6 +963,7 @@ class Browser
|
|
953
963
|
ChildProcess.posix_spawn = true
|
954
964
|
|
955
965
|
port = nil
|
966
|
+
last_attempt_output = nil
|
956
967
|
10.times do |i|
|
957
968
|
done = false
|
958
969
|
port = available_port
|
@@ -996,7 +1007,8 @@ class Browser
|
|
996
1007
|
print_debug 'Spawn timed-out.'
|
997
1008
|
end
|
998
1009
|
|
999
|
-
|
1010
|
+
last_attempt_output = IO.read( @process.io.stdout )
|
1011
|
+
print_debug last_attempt_output
|
1000
1012
|
|
1001
1013
|
if done
|
1002
1014
|
print_debug 'PhantomJS is ready.'
|
@@ -1012,7 +1024,11 @@ class Browser
|
|
1012
1024
|
#
|
1013
1025
|
# Bail out for now and count on the BrowserCluster to retry to boot
|
1014
1026
|
# another process ass needed.
|
1015
|
-
|
1027
|
+
if !@process
|
1028
|
+
log_error 'Could not spawn browser process.'
|
1029
|
+
log_error last_attempt_output
|
1030
|
+
return
|
1031
|
+
end
|
1016
1032
|
|
1017
1033
|
begin
|
1018
1034
|
@pid = @process.pid
|
data/lib/version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.4
|
@@ -200,6 +200,13 @@ describe Arachni::Browser do
|
|
200
200
|
end
|
201
201
|
end
|
202
202
|
end
|
203
|
+
|
204
|
+
context 'when browser process spawn fails' do
|
205
|
+
it "raises #{described_class::Error::Spawn}" do
|
206
|
+
described_class.any_instance.stub(:spawn_phantomjs) { nil }
|
207
|
+
expect { described_class.new }.to raise_error described_class::Error::Spawn
|
208
|
+
end
|
209
|
+
end
|
203
210
|
end
|
204
211
|
|
205
212
|
describe '#source_with_line_numbers' do
|
@@ -43,7 +43,10 @@ get '/token_in_name' do
|
|
43
43
|
|
44
44
|
<form name='secure_important_form' action='?'>
|
45
45
|
<input name='booya!' value='other important stuff' />
|
46
|
-
|
46
|
+
<input type='hidden' name='da39a3ee5e6b4b0d3255bfef95601890afd80709' />
|
47
|
+
|
48
|
+
<form name='secure_important_form_2' action='?'>
|
49
|
+
<input name='blahcsrfblah' value='stuff' />
|
47
50
|
</form>
|
48
51
|
|
49
52
|
HTML
|
@@ -73,6 +76,13 @@ get '/token_in_action' do
|
|
73
76
|
<input name='booya!' value='other important stuff' />
|
74
77
|
</form>
|
75
78
|
|
79
|
+
<form name='secure_important_form4' action='?csrf=stuff'>
|
80
|
+
<input name='booya!' value='other important stuff' />
|
81
|
+
</form>
|
82
|
+
|
83
|
+
<form name='secure_important_form5' action='?stuff=csrf'>
|
84
|
+
<input name='booya!' value='other important stuff' />
|
85
|
+
</form>
|
76
86
|
HTML
|
77
87
|
end
|
78
88
|
|
data/ui/cli/framework.rb
CHANGED
@@ -296,8 +296,8 @@ class OptionParser < UI::CLI::OptionParser
|
|
296
296
|
end
|
297
297
|
|
298
298
|
on( '--http-authentication-password PASSWORD',
|
299
|
-
'Password for HTTP authentication.' ) do |
|
300
|
-
options.http.
|
299
|
+
'Password for HTTP authentication.' ) do |password|
|
300
|
+
options.http.authentication_password = password
|
301
301
|
end
|
302
302
|
|
303
303
|
on( '--http-proxy ADDRESS:PORT', 'Proxy to use.' ) do |url|
|
@@ -24,10 +24,15 @@ class RestoredFramework < Framework
|
|
24
24
|
# It basically prepares the framework before calling {Arachni::Framework#run}.
|
25
25
|
def parse_options
|
26
26
|
parser = OptionParser.new
|
27
|
-
parser.snapshot
|
28
27
|
parser.report
|
28
|
+
parser.snapshot
|
29
|
+
parser.timeout
|
30
|
+
parser.timeout_suspend
|
29
31
|
parser.parse
|
30
32
|
|
33
|
+
@timeout = parser.get_timeout
|
34
|
+
@timeout_suspend = parser.timeout_suspend?
|
35
|
+
|
31
36
|
if parser.print_metadata?
|
32
37
|
print_metadata Snapshot.read_metadata( parser.snapshot_path )
|
33
38
|
exit
|
@@ -18,6 +18,34 @@ class OptionParser < UI::CLI::OptionParser
|
|
18
18
|
|
19
19
|
attr_accessor :snapshot_path
|
20
20
|
|
21
|
+
def timeout
|
22
|
+
separator ''
|
23
|
+
separator 'Timeout'
|
24
|
+
|
25
|
+
on( '--timeout HOURS:MINUTES:SECONDS',
|
26
|
+
'Stop the scan after the given duration is exceeded.'
|
27
|
+
) do |time|
|
28
|
+
@timeout = Arachni::Utilities.hms_to_seconds( time )
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def timeout_suspend
|
33
|
+
on( '--timeout-suspend',
|
34
|
+
'Suspend after the timeout.',
|
35
|
+
'You can use the generated file to resume the scan with the \'arachni_restore\' executable.'
|
36
|
+
) do
|
37
|
+
@timeout_suspend = true
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def timeout_suspend?
|
42
|
+
!!@timeout_suspend
|
43
|
+
end
|
44
|
+
|
45
|
+
def get_timeout
|
46
|
+
@timeout
|
47
|
+
end
|
48
|
+
|
21
49
|
def snapshot
|
22
50
|
separator ''
|
23
51
|
separator 'Snapshot'
|
@@ -59,11 +87,19 @@ class OptionParser < UI::CLI::OptionParser
|
|
59
87
|
end
|
60
88
|
|
61
89
|
def validate
|
90
|
+
validate_timeout
|
62
91
|
validate_report_path
|
63
92
|
validate_snapshot_path
|
64
93
|
validate_snapshot_save_path
|
65
94
|
end
|
66
95
|
|
96
|
+
def validate_timeout
|
97
|
+
return if !@timeout || @timeout > 0
|
98
|
+
|
99
|
+
print_bad 'Invalid timeout value.'
|
100
|
+
exit 1
|
101
|
+
end
|
102
|
+
|
67
103
|
def validate_snapshot_path
|
68
104
|
if !@snapshot_path
|
69
105
|
print_error 'No snapshot file provided.'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arachni
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tasos Laskos
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-10-
|
11
|
+
date: 2014-10-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -1355,7 +1355,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1355
1355
|
version: '0'
|
1356
1356
|
requirements: []
|
1357
1357
|
rubyforge_project:
|
1358
|
-
rubygems_version: 2.4.
|
1358
|
+
rubygems_version: 2.4.2
|
1359
1359
|
signing_key:
|
1360
1360
|
specification_version: 4
|
1361
1361
|
summary: Arachni is a feature-full, modular, high-performance Ruby framework aimed
|