arachni 1.2 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/README.md +3 -1
- data/components/checks/passive/backdoors.rb +2 -2
- data/components/fingerprinters/frameworks/nette.rb +29 -0
- data/components/fingerprinters/frameworks/symfony.rb +28 -0
- data/components/plugins/proxy.rb +8 -4
- data/lib/arachni/http/proxy_server.rb +19 -8
- data/lib/arachni/platform/manager.rb +4 -0
- data/lib/version +1 -1
- data/spec/arachni/framework/parts/platform_spec.rb +3 -1
- data/spec/arachni/platform/manager_spec.rb +1 -1
- data/spec/components/fingerprinters/frameworks/nette_spec.rb +40 -0
- data/spec/components/fingerprinters/frameworks/symphony_spec.rb +22 -0
- metadata +8 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d17c2d7494c0ec0cbaf825b7f55ce71a90fb48ba
|
4
|
+
data.tar.gz: 3343cc7e23ed519a1b5e7e059aa3e88cf777ba32
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 697804e1e14595b202beada64a5b2b0296d33fb4b61714091084c4d2ef813af467470a31bb04f571aed438c18b4f1cef8c91ea1bf299f46580556372108ae1bc
|
7
|
+
data.tar.gz: 245fd98a16d683a668eddf41deb0783de006679352308b2c4e268a48a5f2bcfdd159431624a80d3d82f46633bcc4cf0d4ad2971afaff42a942a35d4939f608a4
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,21 @@
|
|
1
1
|
# ChangeLog
|
2
2
|
|
3
|
+
## 1.2.1 _(July 25, 2015)_
|
4
|
+
|
5
|
+
- HTTP
|
6
|
+
- `ProxyServer`
|
7
|
+
- Updated SSL interception to use different interceptors for each host.
|
8
|
+
- Shutdown on framework abort, instead of waiting for the user to shutdown
|
9
|
+
the proxy manually.
|
10
|
+
- Checks
|
11
|
+
- Passive
|
12
|
+
- `backdoors` -- Updated exempt platforms to all Framework platforms.
|
13
|
+
- Fingerprinters
|
14
|
+
- Added
|
15
|
+
- Frameworks
|
16
|
+
- Nette
|
17
|
+
- Symphony
|
18
|
+
|
3
19
|
## 1.2 _(July 16, 2015)_
|
4
20
|
|
5
21
|
- Switched to Arachni Public Source License v1.0.
|
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
5
5
|
<th>Version</th>
|
6
|
-
<td>1.2</td>
|
6
|
+
<td>1.2.1</td>
|
7
7
|
</tr>
|
8
8
|
<tr>
|
9
9
|
<th>Homepage</th>
|
@@ -340,6 +340,8 @@ Currently, the following platforms can be identified:
|
|
340
340
|
- ASP.NET MVC
|
341
341
|
- JSF
|
342
342
|
- CherryPy
|
343
|
+
- Nette
|
344
|
+
- Symfony
|
343
345
|
|
344
346
|
The user also has the option of specifying extra platforms (like a DB server)
|
345
347
|
in order to help the system be as efficient as possible. Alternatively, fingerprinting
|
@@ -29,8 +29,8 @@ class Arachni::Checks::Backdoors < Arachni::Check::Base
|
|
29
29
|
description: %q{Tries to find common backdoors on the server.},
|
30
30
|
elements: [Element::Server],
|
31
31
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> ',
|
32
|
-
version: '0.2.
|
33
|
-
exempt_platforms:
|
32
|
+
version: '0.2.5',
|
33
|
+
exempt_platforms: Arachni::Platform::Manager::FRAMEWORKS,
|
34
34
|
|
35
35
|
issue: {
|
36
36
|
name: %q{A backdoor file exists on the server},
|
@@ -0,0 +1,29 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
3
|
+
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
|
+
web site for more information on licensing and terms of use.
|
7
|
+
=end
|
8
|
+
|
9
|
+
module Arachni
|
10
|
+
module Platform::Fingerprinters
|
11
|
+
|
12
|
+
# Identifies Nette Framework cookies.
|
13
|
+
#
|
14
|
+
# @author Tomas Dobrotka <tomas@dobrotka.sk>
|
15
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
16
|
+
# @version 0.1
|
17
|
+
class Nette < Platform::Fingerprinter
|
18
|
+
|
19
|
+
def run
|
20
|
+
return if !server_or_powered_by_include?( 'Nette' ) &&
|
21
|
+
!cookies.include?( 'nette-browser' )
|
22
|
+
|
23
|
+
platforms << :php << :nette
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
|
3
|
+
|
4
|
+
This file is part of the Arachni Framework project and is subject to
|
5
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
|
+
web site for more information on licensing and terms of use.
|
7
|
+
=end
|
8
|
+
|
9
|
+
module Arachni
|
10
|
+
module Platform::Fingerprinters
|
11
|
+
|
12
|
+
# Identifies Default Symfony Framework cookie.
|
13
|
+
#
|
14
|
+
# @author Tomas Dobrotka <tomas@dobrotka.sk>
|
15
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
16
|
+
# @version 0.1
|
17
|
+
class Symfony < Platform::Fingerprinter
|
18
|
+
|
19
|
+
def run
|
20
|
+
return if !cookies.include?( 'symfony' )
|
21
|
+
|
22
|
+
platforms << :php << :symfony
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
28
|
+
end
|
data/components/plugins/proxy.rb
CHANGED
@@ -15,8 +15,6 @@ require 'ostruct'
|
|
15
15
|
# data to {Arachni::Framework#push_to_page_queue} to be audited.
|
16
16
|
#
|
17
17
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
18
|
-
#
|
19
|
-
# @version 0.3.2
|
20
18
|
class Arachni::Plugins::Proxy < Arachni::Plugin::Base
|
21
19
|
|
22
20
|
BASEDIR = "#{File.dirname( __FILE__ )}/proxy/"
|
@@ -74,7 +72,13 @@ class Arachni::Plugins::Proxy < Arachni::Plugin::Base
|
|
74
72
|
print_info
|
75
73
|
|
76
74
|
TemplateScope.get.set :params, {}
|
77
|
-
|
75
|
+
|
76
|
+
Thread.new do
|
77
|
+
@server.start
|
78
|
+
end
|
79
|
+
|
80
|
+
wait_while_framework_running
|
81
|
+
@server.shutdown
|
78
82
|
end
|
79
83
|
|
80
84
|
def clean_up
|
@@ -493,7 +497,7 @@ a way to restrict usage enough to avoid users unwittingly interfering with each
|
|
493
497
|
others' sessions.
|
494
498
|
},
|
495
499
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
496
|
-
version: '0.3.
|
500
|
+
version: '0.3.4',
|
497
501
|
options: [
|
498
502
|
Options::Port.new( :port,
|
499
503
|
description: 'Port to bind to.',
|
@@ -63,6 +63,9 @@ class ProxyServer < WEBrick::HTTPProxyServer
|
|
63
63
|
# Will force the proxy to stfu.
|
64
64
|
@logger.close
|
65
65
|
|
66
|
+
@interceptor_ports = {}
|
67
|
+
@interceptors = {}
|
68
|
+
|
66
69
|
super(
|
67
70
|
BindAddress: @options[:address],
|
68
71
|
Port: @options[:port],
|
@@ -111,6 +114,14 @@ class ProxyServer < WEBrick::HTTPProxyServer
|
|
111
114
|
@tokens.max - @tokens.size
|
112
115
|
end
|
113
116
|
|
117
|
+
def shutdown
|
118
|
+
@interceptors.each do |_, interceptor|
|
119
|
+
interceptor.shutdown
|
120
|
+
end
|
121
|
+
|
122
|
+
super
|
123
|
+
end
|
124
|
+
|
114
125
|
private
|
115
126
|
|
116
127
|
# Performs a GET request.
|
@@ -176,7 +187,7 @@ class ProxyServer < WEBrick::HTTPProxyServer
|
|
176
187
|
def do_CONNECT( req, res )
|
177
188
|
host = req.unparsed_uri.split(':').first
|
178
189
|
|
179
|
-
req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port}" )
|
190
|
+
req.instance_variable_set( :@unparsed_uri, "127.0.0.1:#{interceptor_port( host )}" )
|
180
191
|
|
181
192
|
start_ssl_interceptor( host )
|
182
193
|
|
@@ -211,7 +222,7 @@ class ProxyServer < WEBrick::HTTPProxyServer
|
|
211
222
|
#
|
212
223
|
# The interceptor will listen on {#interceptor_port}.
|
213
224
|
def start_ssl_interceptor( host )
|
214
|
-
return @
|
225
|
+
return @interceptors[host] if @interceptors[host]
|
215
226
|
|
216
227
|
ca = OpenSSL::X509::Certificate.new( File.read( INTERCEPTOR_CA_CERTIFICATE ) )
|
217
228
|
ca_key = OpenSSL::PKey::RSA.new( File.read( INTERCEPTOR_CA_KEY ) )
|
@@ -253,25 +264,25 @@ class ProxyServer < WEBrick::HTTPProxyServer
|
|
253
264
|
|
254
265
|
# The interceptor is only used for SSL decryption/encryption, the actual
|
255
266
|
# proxy functionality is forwarded to the plain proxy server.
|
256
|
-
@interceptor = self.class.new(
|
267
|
+
@interceptors[host] = interceptor = self.class.new(
|
257
268
|
address: '127.0.0.1',
|
258
|
-
port: interceptor_port,
|
269
|
+
port: interceptor_port( host ),
|
259
270
|
ssl_certificate: cert,
|
260
271
|
ssl_private_key: keypair,
|
261
272
|
service_handler: method( :proxy_service )
|
262
273
|
)
|
263
274
|
|
264
|
-
def
|
275
|
+
def interceptor.service( request, response )
|
265
276
|
@options[:service_handler].call( request, response )
|
266
277
|
end
|
267
278
|
|
268
|
-
|
279
|
+
interceptor.start_async
|
269
280
|
end
|
270
281
|
|
271
282
|
# @return [Integer]
|
272
283
|
# Picks and stores an available port number for the interceptor.
|
273
|
-
def interceptor_port
|
274
|
-
@
|
284
|
+
def interceptor_port( host )
|
285
|
+
@interceptor_ports[host] ||= Utilities.available_port
|
275
286
|
end
|
276
287
|
|
277
288
|
# Communicates with the endpoint webapp and forwards its responses to the
|
@@ -108,6 +108,8 @@ class Manager
|
|
108
108
|
:rack,
|
109
109
|
:rails,
|
110
110
|
:cakephp,
|
111
|
+
:symfony,
|
112
|
+
:nette,
|
111
113
|
:django,
|
112
114
|
:aspx_mvc,
|
113
115
|
:jsf,
|
@@ -165,6 +167,8 @@ class Manager
|
|
165
167
|
rack: 'Rack',
|
166
168
|
django: 'Django',
|
167
169
|
cakephp: 'CakePHP',
|
170
|
+
nette: 'Nette Framework',
|
171
|
+
symfony: 'Symfony',
|
168
172
|
rails: 'Ruby on Rails',
|
169
173
|
aspx_mvc: 'ASP.NET MVC',
|
170
174
|
jsf: 'JavaServer Faces',
|
data/lib/version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2
|
1
|
+
1.2.1
|
@@ -420,7 +420,7 @@ describe Arachni::Platform::Manager do
|
|
420
420
|
:tomcat, :asp, :aspx, :java, :perl, :php, :python, :ruby, :rack,
|
421
421
|
:sybase, :frontbase, :ingres, :hsqldb, :access, :jetty, :mongodb,
|
422
422
|
:aix, :sql, :nosql, :aspx_mvc, :rails, :django, :gunicorn, :cakephp,
|
423
|
-
:cherrypy, :jsf].sort
|
423
|
+
:cherrypy, :jsf, :symfony, :nette].sort
|
424
424
|
end
|
425
425
|
end
|
426
426
|
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Arachni::Platform::Fingerprinters::Nette do
|
4
|
+
include_examples 'fingerprinter'
|
5
|
+
|
6
|
+
def platforms
|
7
|
+
[:php, :nette]
|
8
|
+
end
|
9
|
+
|
10
|
+
context 'when there is a Server header' do
|
11
|
+
it 'identifies it as Nette' do
|
12
|
+
check_platforms Arachni::Page.from_data(
|
13
|
+
url: 'http://stuff.com/blah',
|
14
|
+
response: { headers: { 'Server' => 'Nette/0.1' } }
|
15
|
+
)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context 'when there is an X-Powered-By header' do
|
20
|
+
it 'identifies it as Nette' do
|
21
|
+
check_platforms Arachni::Page.from_data(
|
22
|
+
url: 'http://stuff.com/blah',
|
23
|
+
response: { headers: { 'X-Powered-By' => 'Nette/0.1' } }
|
24
|
+
)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context 'when there is a nette-browser cookie' do
|
29
|
+
it 'identifies it as Nette' do
|
30
|
+
check_platforms Arachni::Page.from_data(
|
31
|
+
url: 'http://stuff.com/blah',
|
32
|
+
cookies: [Arachni::Cookie.new(
|
33
|
+
url: 'http://stuff.com/blah',
|
34
|
+
inputs: { 'nette-browser' => 'stuff' } )]
|
35
|
+
|
36
|
+
)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Arachni::Platform::Fingerprinters::Symfony do
|
4
|
+
include_examples 'fingerprinter'
|
5
|
+
|
6
|
+
def platforms
|
7
|
+
[:php, :symfony]
|
8
|
+
end
|
9
|
+
|
10
|
+
context 'when there is a symfony cookie' do
|
11
|
+
it 'identifies it as Symfony' do
|
12
|
+
check_platforms Arachni::Page.from_data(
|
13
|
+
url: 'http://stuff.com/blah',
|
14
|
+
cookies: [Arachni::Cookie.new(
|
15
|
+
url: 'http://stuff.com/blah',
|
16
|
+
inputs: { 'symfony' => 'stuff' } )]
|
17
|
+
|
18
|
+
)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arachni
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tasos Laskos
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-07-
|
11
|
+
date: 2015-07-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -438,8 +438,10 @@ files:
|
|
438
438
|
- components/fingerprinters/frameworks/cherrypy.rb
|
439
439
|
- components/fingerprinters/frameworks/django.rb
|
440
440
|
- components/fingerprinters/frameworks/jsf.rb
|
441
|
+
- components/fingerprinters/frameworks/nette.rb
|
441
442
|
- components/fingerprinters/frameworks/rack.rb
|
442
443
|
- components/fingerprinters/frameworks/rails.rb
|
444
|
+
- components/fingerprinters/frameworks/symfony.rb
|
443
445
|
- components/fingerprinters/languages/asp.rb
|
444
446
|
- components/fingerprinters/languages/aspx.rb
|
445
447
|
- components/fingerprinters/languages/java.rb
|
@@ -1111,8 +1113,10 @@ files:
|
|
1111
1113
|
- spec/components/fingerprinters/frameworks/cherrypy_spec.rb
|
1112
1114
|
- spec/components/fingerprinters/frameworks/django_spec.rb
|
1113
1115
|
- spec/components/fingerprinters/frameworks/jsf_spec.rb
|
1116
|
+
- spec/components/fingerprinters/frameworks/nette_spec.rb
|
1114
1117
|
- spec/components/fingerprinters/frameworks/rack_spec.rb
|
1115
1118
|
- spec/components/fingerprinters/frameworks/rails_spec.rb
|
1119
|
+
- spec/components/fingerprinters/frameworks/symphony_spec.rb
|
1116
1120
|
- spec/components/fingerprinters/languages/asp_spec.rb
|
1117
1121
|
- spec/components/fingerprinters/languages/aspx_spec.rb
|
1118
1122
|
- spec/components/fingerprinters/languages/java_spec.rb
|
@@ -1910,9 +1914,11 @@ test_files:
|
|
1910
1914
|
- spec/components/fingerprinters/languages/asp_spec.rb
|
1911
1915
|
- spec/components/fingerprinters/frameworks/rails_spec.rb
|
1912
1916
|
- spec/components/fingerprinters/frameworks/django_spec.rb
|
1917
|
+
- spec/components/fingerprinters/frameworks/symphony_spec.rb
|
1913
1918
|
- spec/components/fingerprinters/frameworks/rack_spec.rb
|
1914
1919
|
- spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb
|
1915
1920
|
- spec/components/fingerprinters/frameworks/cakephp_spec.rb
|
1921
|
+
- spec/components/fingerprinters/frameworks/nette_spec.rb
|
1916
1922
|
- spec/components/fingerprinters/frameworks/jsf_spec.rb
|
1917
1923
|
- spec/components/fingerprinters/frameworks/cherrypy_spec.rb
|
1918
1924
|
- spec/spec_helper.rb
|