arachni 1.4 → 1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +136 -0
- data/Gemfile +3 -1
- data/LICENSE.md +1 -1
- data/README.md +5 -2
- data/Rakefile +1 -1
- data/arachni.gemspec +35 -30
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +6 -1
- data/bin/arachni_reporter +1 -1
- data/bin/arachni_reproduce +12 -0
- data/bin/arachni_rest_server +1 -1
- data/bin/arachni_restore +1 -1
- data/bin/arachni_rpc +6 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +6 -1
- data/bin/arachni_script +1 -1
- data/components/checks/active/code_injection.rb +1 -1
- data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
- data/components/checks/active/code_injection_timing.rb +1 -1
- data/components/checks/active/csrf.rb +15 -75
- data/components/checks/active/file_inclusion.rb +1 -1
- data/components/checks/active/ldap_injection.rb +1 -1
- data/components/checks/active/no_sql_injection.rb +1 -1
- data/components/checks/active/no_sql_injection_differential.rb +1 -1
- data/components/checks/active/os_cmd_injection.rb +1 -1
- data/components/checks/active/os_cmd_injection_timing.rb +1 -1
- data/components/checks/active/path_traversal.rb +3 -3
- data/components/checks/active/response_splitting.rb +1 -1
- data/components/checks/active/rfi.rb +1 -1
- data/components/checks/active/session_fixation.rb +1 -1
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/sql_injection.rb +1 -1
- data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
- data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
- data/components/checks/active/sql_injection/substrings/java +4 -0
- data/components/checks/active/sql_injection/substrings/oracle +0 -1
- data/components/checks/active/sql_injection/substrings/sqlite +1 -0
- data/components/checks/active/sql_injection_differential.rb +1 -1
- data/components/checks/active/sql_injection_timing.rb +1 -1
- data/components/checks/active/trainer.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +34 -11
- data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
- data/components/checks/active/xpath_injection.rb +1 -1
- data/components/checks/active/xss.rb +52 -27
- data/components/checks/active/xss_dom.rb +15 -11
- data/components/checks/active/xss_dom_script_context.rb +4 -6
- data/components/checks/active/xss_event.rb +45 -33
- data/components/checks/active/xss_path.rb +9 -6
- data/components/checks/active/xss_script_context.rb +99 -46
- data/components/checks/active/xss_tag.rb +39 -14
- data/components/checks/active/xxe.rb +1 -1
- data/components/checks/passive/allowed_methods.rb +1 -1
- data/components/checks/passive/backdoors.rb +1 -1
- data/components/checks/passive/backup_directories.rb +15 -3
- data/components/checks/passive/backup_files.rb +39 -6
- data/components/checks/passive/common_admin_interfaces.rb +1 -1
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
- data/components/checks/passive/common_directories.rb +1 -1
- data/components/checks/passive/common_files.rb +1 -1
- data/components/checks/passive/directory_listing.rb +1 -1
- data/components/checks/passive/grep/captcha.rb +8 -9
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
- data/components/checks/passive/grep/credit_card.rb +1 -1
- data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
- data/components/checks/passive/grep/emails.rb +1 -1
- data/components/checks/passive/grep/form_upload.rb +3 -5
- data/components/checks/passive/grep/hsts.rb +1 -1
- data/components/checks/passive/grep/html_objects.rb +1 -1
- data/components/checks/passive/grep/http_only_cookies.rb +1 -1
- data/components/checks/passive/grep/insecure_cookies.rb +5 -5
- data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
- data/components/checks/passive/grep/mixed_resource.rb +4 -4
- data/components/checks/passive/grep/password_autocomplete.rb +1 -1
- data/components/checks/passive/grep/private_ip.rb +1 -1
- data/components/checks/passive/grep/ssn.rb +1 -1
- data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
- data/components/checks/passive/grep/x_frame_options.rb +1 -1
- data/components/checks/passive/htaccess_limit.rb +1 -1
- data/components/checks/passive/http_put.rb +1 -1
- data/components/checks/passive/insecure_client_access_policy.rb +2 -2
- data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
- data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
- data/components/checks/passive/interesting_responses.rb +1 -1
- data/components/checks/passive/localstart_asp.rb +1 -1
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
- data/components/checks/passive/webdav.rb +1 -1
- data/components/checks/passive/xst.rb +10 -12
- data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
- data/components/fingerprinters/frameworks/cakephp.rb +1 -1
- data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
- data/components/fingerprinters/frameworks/django.rb +1 -1
- data/components/fingerprinters/frameworks/jsf.rb +1 -1
- data/components/fingerprinters/frameworks/nette.rb +1 -1
- data/components/fingerprinters/frameworks/rack.rb +1 -1
- data/components/fingerprinters/frameworks/rails.rb +1 -1
- data/components/fingerprinters/frameworks/symfony.rb +1 -1
- data/components/fingerprinters/languages/asp.rb +1 -1
- data/components/fingerprinters/languages/aspx.rb +1 -1
- data/components/fingerprinters/languages/java.rb +1 -1
- data/components/fingerprinters/languages/php.rb +1 -1
- data/components/fingerprinters/languages/python.rb +1 -1
- data/components/fingerprinters/languages/ruby.rb +1 -1
- data/components/fingerprinters/os/bsd.rb +1 -1
- data/components/fingerprinters/os/linux.rb +1 -1
- data/components/fingerprinters/os/solaris.rb +1 -1
- data/components/fingerprinters/os/unix.rb +1 -1
- data/components/fingerprinters/os/windows.rb +1 -1
- data/components/fingerprinters/servers/apache.rb +1 -1
- data/components/fingerprinters/servers/gunicorn.rb +1 -1
- data/components/fingerprinters/servers/iis.rb +1 -1
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/nginx.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +1 -1
- data/components/path_extractors/anchors.rb +3 -5
- data/components/path_extractors/areas.rb +3 -4
- data/components/path_extractors/comments.rb +4 -5
- data/components/path_extractors/data_url.rb +4 -5
- data/components/path_extractors/forms.rb +3 -4
- data/components/path_extractors/frames.rb +3 -5
- data/components/path_extractors/generic.rb +3 -1
- data/components/path_extractors/links.rb +3 -4
- data/components/path_extractors/meta_refresh.rb +11 -17
- data/components/path_extractors/scripts.rb +18 -15
- data/components/plugins/autologin.rb +3 -2
- data/components/plugins/beep_notify.rb +1 -1
- data/components/plugins/content_types.rb +1 -1
- data/components/plugins/cookie_collector.rb +1 -1
- data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
- data/components/plugins/defaults/autothrottle.rb +1 -1
- data/components/plugins/defaults/healthmap.rb +3 -1
- data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
- data/components/plugins/defaults/meta/uniformity.rb +1 -1
- data/components/plugins/email_notify.rb +26 -9
- data/components/plugins/exec.rb +1 -1
- data/components/plugins/form_dicattack.rb +3 -4
- data/components/plugins/headers_collector.rb +1 -1
- data/components/plugins/http_dicattack.rb +4 -5
- data/components/plugins/login_script.rb +2 -2
- data/components/plugins/metrics.rb +41 -15
- data/components/plugins/page_dump.rb +60 -0
- data/components/plugins/proxy.rb +42 -30
- data/components/plugins/proxy/template_scope.rb +6 -1
- data/components/plugins/rate_limiter.rb +80 -0
- data/components/plugins/restrict_to_dom_state.rb +1 -1
- data/components/plugins/script.rb +1 -1
- data/components/plugins/uncommon_headers.rb +1 -1
- data/components/plugins/vector_collector.rb +1 -1
- data/components/plugins/vector_feed.rb +1 -1
- data/components/plugins/waf_detector.rb +3 -3
- data/components/plugins/webhook_notify.rb +99 -0
- data/components/reporters/ap.rb +1 -1
- data/components/reporters/html.rb +2 -3
- data/components/reporters/html/default.erb +1 -2
- data/components/reporters/html/default/configuration.erb +2 -0
- data/components/reporters/json.rb +1 -1
- data/components/reporters/marshal.rb +1 -1
- data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
- data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
- data/components/reporters/plugin_formatters/html/exec.rb +1 -1
- data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
- data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
- data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
- data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
- data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
- data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
- data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
- data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
- data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
- data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
- data/components/reporters/stdout.rb +3 -2
- data/components/reporters/txt.rb +1 -1
- data/components/reporters/xml.rb +39 -22
- data/components/reporters/xml/schema.xsd +28 -13
- data/components/reporters/yaml.rb +1 -1
- data/lib/arachni.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/browser.rb +242 -231
- data/lib/arachni/browser/element_locator.rb +9 -5
- data/lib/arachni/browser/javascript.rb +103 -168
- data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
- data/lib/arachni/browser/javascript/proxy.rb +1 -1
- data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +295 -51
- data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -8
- data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
- data/lib/arachni/browser_cluster.rb +78 -60
- data/lib/arachni/browser_cluster/job.rb +9 -2
- data/lib/arachni/browser_cluster/job/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
- data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +109 -84
- data/lib/arachni/check.rb +1 -1
- data/lib/arachni/check/auditor.rb +137 -93
- data/lib/arachni/check/base.rb +1 -1
- data/lib/arachni/check/manager.rb +1 -1
- data/lib/arachni/component.rb +1 -1
- data/lib/arachni/component/base.rb +3 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/multiple_choice.rb +1 -1
- data/lib/arachni/component/options/object.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/component/output.rb +8 -2
- data/lib/arachni/component/utilities.rb +1 -1
- data/lib/arachni/data.rb +1 -1
- data/lib/arachni/data/framework.rb +2 -1
- data/lib/arachni/data/framework/rpc.rb +1 -1
- data/lib/arachni/data/issues.rb +1 -1
- data/lib/arachni/data/plugins.rb +1 -1
- data/lib/arachni/data/session.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/analyzable.rb +1 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
- data/lib/arachni/element/capabilities/analyzable/signature.rb +39 -17
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +2 -8
- data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
- data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
- data/lib/arachni/element/capabilities/dom_only.rb +1 -1
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/capabilities/refreshable.rb +1 -1
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
- data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
- data/lib/arachni/element/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/capabilities/with_node.rb +3 -3
- data/lib/arachni/element/capabilities/with_scope.rb +1 -1
- data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
- data/lib/arachni/element/capabilities/with_source.rb +2 -2
- data/lib/arachni/element/cookie.rb +49 -24
- data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/cookie/dom.rb +1 -1
- data/lib/arachni/element/dom.rb +1 -1
- data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
- data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
- data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
- data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
- data/lib/arachni/element/form.rb +21 -32
- data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
- data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/form/dom.rb +1 -1
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/header.rb +3 -1
- data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/json.rb +4 -8
- data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +11 -30
- data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/link/dom.rb +1 -1
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/link_template.rb +10 -19
- data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/link_template/dom.rb +2 -2
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +11 -11
- data/lib/arachni/element/ui_form.rb +5 -6
- data/lib/arachni/element/ui_form/dom.rb +1 -1
- data/lib/arachni/element/ui_input.rb +4 -6
- data/lib/arachni/element/ui_input/dom.rb +1 -1
- data/lib/arachni/element/xml.rb +3 -7
- data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/ethon/easy.rb +1 -1
- data/lib/arachni/framework.rb +1 -1
- data/lib/arachni/framework/parts/audit.rb +6 -1
- data/lib/arachni/framework/parts/browser.rb +14 -14
- data/lib/arachni/framework/parts/check.rb +1 -1
- data/lib/arachni/framework/parts/data.rb +1 -1
- data/lib/arachni/framework/parts/platform.rb +1 -1
- data/lib/arachni/framework/parts/plugin.rb +1 -1
- data/lib/arachni/framework/parts/report.rb +2 -2
- data/lib/arachni/framework/parts/scope.rb +1 -1
- data/lib/arachni/framework/parts/state.rb +1 -1
- data/lib/arachni/http.rb +1 -1
- data/lib/arachni/http/client.rb +32 -7
- data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
- data/lib/arachni/http/cookie_jar.rb +13 -8
- data/lib/arachni/http/headers.rb +11 -5
- data/lib/arachni/http/message.rb +9 -8
- data/lib/arachni/http/message/scope.rb +1 -1
- data/lib/arachni/http/proxy_server.rb +44 -11
- data/lib/arachni/http/proxy_server/connection.rb +113 -80
- data/lib/arachni/http/proxy_server/ssl_interceptor.rb +2 -1
- data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
- data/lib/arachni/http/request.rb +236 -44
- data/lib/arachni/http/request/scope.rb +1 -1
- data/lib/arachni/http/response.rb +71 -8
- data/lib/arachni/http/response/scope.rb +1 -1
- data/lib/arachni/issue.rb +42 -14
- data/lib/arachni/issue/severity.rb +1 -1
- data/lib/arachni/issue/severity/base.rb +1 -1
- data/lib/arachni/option_group.rb +1 -1
- data/lib/arachni/option_groups.rb +1 -1
- data/lib/arachni/option_groups/audit.rb +1 -1
- data/lib/arachni/option_groups/browser_cluster.rb +6 -2
- data/lib/arachni/option_groups/datastore.rb +1 -1
- data/lib/arachni/option_groups/dispatcher.rb +1 -1
- data/lib/arachni/option_groups/http.rb +35 -6
- data/lib/arachni/option_groups/input.rb +1 -1
- data/lib/arachni/option_groups/output.rb +1 -1
- data/lib/arachni/option_groups/paths.rb +1 -1
- data/lib/arachni/option_groups/rpc.rb +1 -1
- data/lib/arachni/option_groups/scope.rb +13 -1
- data/lib/arachni/option_groups/session.rb +1 -1
- data/lib/arachni/option_groups/snapshot.rb +1 -1
- data/lib/arachni/options.rb +23 -4
- data/lib/arachni/page.rb +8 -6
- data/lib/arachni/page/dom.rb +46 -54
- data/lib/arachni/page/dom/transition.rb +5 -2
- data/lib/arachni/page/scope.rb +1 -1
- data/lib/arachni/parser.rb +157 -77
- data/lib/arachni/parser/document.rb +34 -0
- data/lib/arachni/parser/extractors/base.rb +48 -0
- data/lib/arachni/parser/nodes/base.rb +22 -0
- data/lib/arachni/parser/nodes/comment.rb +32 -0
- data/lib/arachni/parser/nodes/element.rb +48 -0
- data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
- data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
- data/lib/arachni/parser/nodes/text.rb +32 -0
- data/lib/arachni/parser/nodes/with_value.rb +29 -0
- data/lib/arachni/parser/sax.rb +75 -0
- data/lib/arachni/parser/with_children.rb +35 -0
- data/lib/arachni/parser/with_children/search.rb +92 -0
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +1 -1
- data/lib/arachni/platform/manager.rb +2 -2
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +2 -2
- data/lib/arachni/plugin/formatter.rb +1 -1
- data/lib/arachni/plugin/manager.rb +8 -5
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/executables/browser.rb +0 -2
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +10 -5
- data/lib/arachni/report.rb +8 -1
- data/lib/arachni/reporter.rb +1 -1
- data/lib/arachni/reporter/base.rb +1 -1
- data/lib/arachni/reporter/formatter_manager.rb +1 -1
- data/lib/arachni/reporter/manager.rb +1 -1
- data/lib/arachni/reporter/options.rb +1 -1
- data/lib/arachni/rest/server.rb +7 -1
- data/lib/arachni/rest/server/instance_helpers.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/client/instance/framework.rb +1 -1
- data/lib/arachni/rpc/client/instance/service.rb +1 -1
- data/lib/arachni/rpc/serializer.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/check/manager.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
- data/lib/arachni/rpc/server/framework.rb +1 -1
- data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +1 -1
- data/lib/arachni/ruby/hash.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +9 -5
- data/lib/arachni/ruby/webrick.rb +1 -1
- data/lib/arachni/ruby/webrick/cookie.rb +1 -1
- data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
- data/lib/arachni/scope.rb +1 -1
- data/lib/arachni/selenium/webdriver/element.rb +4 -4
- data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +69 -0
- data/lib/arachni/session.rb +32 -13
- data/lib/arachni/snapshot.rb +1 -1
- data/lib/arachni/state.rb +1 -1
- data/lib/arachni/state/audit.rb +1 -1
- data/lib/arachni/state/element_filter.rb +1 -1
- data/lib/arachni/state/framework.rb +1 -1
- data/lib/arachni/state/framework/rpc.rb +1 -1
- data/lib/arachni/state/http.rb +2 -2
- data/lib/arachni/state/options.rb +1 -1
- data/lib/arachni/state/plugins.rb +1 -1
- data/lib/arachni/support.rb +1 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +1 -1
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +1 -1
- data/lib/arachni/support/glob.rb +1 -1
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/mixins.rb +1 -1
- data/lib/arachni/support/mixins/observable.rb +1 -1
- data/lib/arachni/support/mixins/terminal.rb +1 -1
- data/lib/arachni/support/profiler.rb +52 -13
- data/lib/arachni/support/signature.rb +18 -6
- data/lib/arachni/trainer.rb +55 -39
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +132 -103
- data/lib/arachni/uri/scope.rb +15 -13
- data/lib/arachni/utilities.rb +10 -10
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/logs/error-11897.log +2006 -0
- data/logs/error-3855.log +382 -0
- data/spec/arachni/browser/element_locator_spec.rb +42 -18
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +214 -63
- data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -121
- data/spec/arachni/browser/javascript_spec.rb +92 -51
- data/spec/arachni/browser_cluster/job_spec.rb +23 -8
- data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
- data/spec/arachni/browser_cluster/worker_spec.rb +31 -57
- data/spec/arachni/browser_cluster_spec.rb +124 -43
- data/spec/arachni/browser_spec.rb +352 -312
- data/spec/arachni/check/auditor_spec.rb +118 -33
- data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
- data/spec/arachni/element/cookie/dom_spec.rb +1 -1
- data/spec/arachni/element/cookie_spec.rb +158 -63
- data/spec/arachni/element/form/dom_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +101 -54
- data/spec/arachni/element/header_spec.rb +3 -1
- data/spec/arachni/element/json_spec.rb +2 -0
- data/spec/arachni/element/link/dom_spec.rb +2 -2
- data/spec/arachni/element/link_spec.rb +46 -15
- data/spec/arachni/element/link_template/dom_spec.rb +1 -1
- data/spec/arachni/element/link_template_spec.rb +36 -12
- data/spec/arachni/element/server_spec.rb +22 -5
- data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
- data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
- data/spec/arachni/element/xml_spec.rb +5 -3
- data/spec/arachni/framework/parts/audit_spec.rb +2 -14
- data/spec/arachni/framework/parts/data_spec.rb +0 -6
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
- data/spec/arachni/http/client_spec.rb +82 -10
- data/spec/arachni/http/headers_spec.rb +59 -12
- data/spec/arachni/http/proxy_server_spec.rb +56 -25
- data/spec/arachni/http/request_spec.rb +379 -33
- data/spec/arachni/http/response_spec.rb +135 -7
- data/spec/arachni/issue_spec.rb +20 -1
- data/spec/arachni/option_groups/http_spec.rb +15 -0
- data/spec/arachni/option_groups/scope_spec.rb +26 -1
- data/spec/arachni/options_spec.rb +8 -1
- data/spec/arachni/page/dom_spec.rb +20 -6
- data/spec/arachni/page_spec.rb +5 -5
- data/spec/arachni/parser/document_spec.rb +49 -0
- data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
- data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
- data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
- data/spec/arachni/parser/nodes/element_spec.rb +18 -0
- data/spec/arachni/parser/nodes/text_spec.rb +24 -0
- data/spec/arachni/parser/sax_spec.rb +88 -0
- data/spec/arachni/parser/with_children/search_spec.rb +146 -0
- data/spec/arachni/parser/with_children_spec.rb +37 -0
- data/spec/arachni/parser_spec.rb +166 -26
- data/spec/arachni/report_spec.rb +9 -2
- data/spec/arachni/rest/server_spec.rb +52 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
- data/spec/arachni/ruby/string_spec.rb +6 -0
- data/spec/arachni/session_spec.rb +69 -8
- data/spec/arachni/support/signature_spec.rb +58 -0
- data/spec/arachni/trainer_spec.rb +102 -21
- data/spec/arachni/uri_spec.rb +11 -8
- data/spec/arachni/utilities_spec.rb +3 -3
- data/spec/components/checks/active/csrf_spec.rb +1 -21
- data/spec/components/checks/active/path_traversal_spec.rb +12 -12
- data/spec/components/checks/active/sql_injection_spec.rb +10 -1
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -5
- data/spec/components/checks/active/xss_dom_spec.rb +2 -2
- data/spec/components/checks/active/xss_event_spec.rb +8 -2
- data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
- data/spec/components/checks/active/xss_spec.rb +3 -3
- data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
- data/spec/components/checks/passive/backup_files_spec.rb +8 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +3 -1
- data/spec/components/path_extractors/data_url_spec.rb +6 -2
- data/spec/components/path_extractors/links_spec.rb +1 -1
- data/spec/components/plugins/autologin_spec.rb +2 -2
- data/spec/components/plugins/webhook_notify_spec.rb +69 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/factories/page/dom.rb +6 -0
- data/spec/support/factories/scan_report.rb +1 -0
- data/spec/support/factories/vector.rb +7 -3
- data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
- data/spec/support/fixtures/checks/test.rb +1 -1
- data/spec/support/fixtures/checks/test2.rb +1 -1
- data/spec/support/fixtures/checks/test3.rb +1 -1
- data/spec/support/fixtures/cookies.txt +2 -2
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/suspendable.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_check/body.rb +1 -1
- data/spec/support/fixtures/run_check/cookies.rb +1 -1
- data/spec/support/fixtures/run_check/empty.rb +1 -1
- data/spec/support/fixtures/run_check/flch.rb +1 -1
- data/spec/support/fixtures/run_check/forms.rb +1 -1
- data/spec/support/fixtures/run_check/headers.rb +1 -1
- data/spec/support/fixtures/run_check/links.rb +1 -1
- data/spec/support/fixtures/run_check/nil.rb +1 -1
- data/spec/support/fixtures/run_check/path.rb +1 -1
- data/spec/support/fixtures/run_check/server.rb +1 -1
- data/spec/support/fixtures/signature_check/signature.rb +1 -1
- data/spec/support/fixtures/wait_check/wait.rb +1 -1
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/factory.rb +1 -1
- data/spec/support/lib/web_server_client.rb +1 -1
- data/spec/support/lib/web_server_dispatcher.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +4 -2
- data/spec/support/logs/Dispatcher - 1024-31864.log +10 -0
- data/spec/support/logs/Dispatcher - 1047-41465.log +10 -0
- data/spec/support/logs/Dispatcher - 1274-60799.log +64 -0
- data/spec/support/logs/Dispatcher - 1295-1058.log +44 -0
- data/spec/support/logs/Dispatcher - 1313-27076.log +40 -0
- data/spec/support/logs/Dispatcher - 1332-17127.log +35 -0
- data/spec/support/logs/Dispatcher - 1350-7351.log +29 -0
- data/spec/support/logs/Dispatcher - 1368-38528.log +22 -0
- data/spec/support/logs/Dispatcher - 1386-17419.log +14 -0
- data/spec/support/logs/Dispatcher - 31030-26156.log +10 -0
- data/spec/support/logs/Dispatcher - 321-27189.log +12 -0
- data/spec/support/logs/Dispatcher - 32353-50061.log +20 -0
- data/spec/support/logs/Dispatcher - 32450-61574.log +10 -0
- data/spec/support/logs/Dispatcher - 32470-53874.log +20 -0
- data/spec/support/logs/Dispatcher - 32491-10523.log +18 -0
- data/spec/support/logs/Dispatcher - 32509-8583.log +14 -0
- data/spec/support/logs/Dispatcher - 32536-21209.log +10 -0
- data/spec/support/logs/Dispatcher - 32556-53881.log +10 -0
- data/spec/support/logs/Dispatcher - 32579-49083.log +50 -0
- data/spec/support/logs/Dispatcher - 32761-20025.log +12 -0
- data/spec/support/logs/Dispatcher - 347-17512.log +12 -0
- data/spec/support/logs/Dispatcher - 3489-43230.log +24 -0
- data/spec/support/logs/Dispatcher - 3524-57459.log +26 -0
- data/spec/support/logs/Dispatcher - 3559-21544.log +20 -0
- data/spec/support/logs/Dispatcher - 3764-33844.log +25 -0
- data/spec/support/logs/Dispatcher - 3798-45350.log +26 -0
- data/spec/support/logs/Dispatcher - 382-15725.log +12 -0
- data/spec/support/logs/Dispatcher - 3836-6205.log +21 -0
- data/spec/support/logs/Dispatcher - 4112-45433.log +22 -0
- data/spec/support/logs/Dispatcher - 4148-53510.log +26 -0
- data/spec/support/logs/Dispatcher - 415-29873.log +14 -0
- data/spec/support/logs/Dispatcher - 4185-29736.log +18 -0
- data/spec/support/logs/Dispatcher - 4268-60912.log +25 -0
- data/spec/support/logs/Dispatcher - 4303-39372.log +26 -0
- data/spec/support/logs/Dispatcher - 4342-42190.log +21 -0
- data/spec/support/logs/Dispatcher - 463-55220.log +26 -0
- data/spec/support/logs/Dispatcher - 4649-12104.log +22 -0
- data/spec/support/logs/Dispatcher - 4683-32355.log +26 -0
- data/spec/support/logs/Dispatcher - 4724-41636.log +18 -0
- data/spec/support/logs/Dispatcher - 4881-57692.log +22 -0
- data/spec/support/logs/Dispatcher - 4961-64665.log +26 -0
- data/spec/support/logs/Dispatcher - 502-8742.log +25 -0
- data/spec/support/logs/Dispatcher - 5052-61726.log +18 -0
- data/spec/support/logs/Dispatcher - 536-15972.log +22 -0
- data/spec/support/logs/Dispatcher - 620-2220.log +20 -0
- data/spec/support/logs/Dispatcher - 638-17826.log +18 -0
- data/spec/support/logs/Dispatcher - 656-23967.log +16 -0
- data/spec/support/logs/Dispatcher - 700-15701.log +12 -0
- data/spec/support/logs/Dispatcher - 726-6080.log +10 -0
- data/spec/support/logs/Dispatcher - 749-56590.log +18 -0
- data/spec/support/logs/Dispatcher - 807-19073.log +18 -0
- data/spec/support/logs/Dispatcher - 871-8764.log +10 -0
- data/spec/support/logs/Dispatcher - 898-21496.log +12 -0
- data/spec/support/logs/Dispatcher - 933-64070.log +12 -0
- data/spec/support/logs/Instance - 1577-32284.error.log +151 -0
- data/spec/support/logs/Instance - 1625-58174.error.log +154 -0
- data/spec/support/logs/Instance - 2727-57968.error.log +151 -0
- data/spec/support/logs/Instance - 2898-20648.error.log +303 -0
- data/spec/support/logs/Instance - 2901-30845.error.log +429 -0
- data/spec/support/logs/Instance - 31185-37600.error.log +174 -0
- data/spec/support/logs/Instance - 3319-20111.error.log +175 -0
- data/spec/support/logs/error-3855.log +5132 -0
- data/spec/support/servers/arachni/browser.rb +275 -4
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
- data/spec/support/servers/arachni/check/auditor.rb +8 -0
- data/spec/support/servers/arachni/element/cookie.rb +34 -0
- data/spec/support/servers/arachni/element/form.rb +34 -0
- data/spec/support/servers/arachni/element/header.rb +36 -1
- data/spec/support/servers/arachni/element/json.rb +33 -0
- data/spec/support/servers/arachni/element/link.rb +33 -1
- data/spec/support/servers/arachni/element/link_template.rb +37 -5
- data/spec/support/servers/arachni/element/xml.rb +33 -0
- data/spec/support/servers/arachni/http/client.rb +43 -4
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
- data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
- data/spec/support/servers/arachni/session.rb +24 -1
- data/spec/support/servers/checks/active/csrf.rb +0 -76
- data/spec/support/servers/checks/active/sql_injection/java +2 -0
- data/spec/support/servers/checks/active/unvalidated_redirect.rb +81 -0
- data/spec/support/servers/checks/active/xss_event.rb +1 -1
- data/spec/support/servers/checks/passive/backup_files.rb +20 -1
- data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
- data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
- data/spec/support/servers/plugins/autologin.rb +17 -1
- data/spec/support/servers/plugins/webhook_notify.rb +9 -0
- data/spec/support/shared/element/capabilities/auditable.rb +26 -32
- data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
- data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
- data/spec/support/shared/element/capabilities/with_node.rb +2 -2
- data/spec/support/shared/element/dom/submittable.rb +10 -10
- data/spec/support/shared/path_extractor.rb +17 -5
- data/ui/cli/framework.rb +24 -4
- data/ui/cli/framework/option_parser.rb +35 -6
- data/ui/cli/option_parser.rb +1 -1
- data/ui/cli/output.rb +10 -3
- data/ui/cli/reporter.rb +1 -1
- data/ui/cli/reporter/option_parser.rb +1 -1
- data/ui/cli/reproduce.rb +228 -0
- data/ui/cli/reproduce/option_parser.rb +90 -0
- data/ui/cli/rest/server.rb +1 -1
- data/ui/cli/rest/server/option_parser.rb +1 -1
- data/ui/cli/restored_framework.rb +1 -1
- data/ui/cli/restored_framework/option_parser.rb +1 -1
- data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
- data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
- data/ui/cli/rpc/client/instance.rb +1 -1
- data/ui/cli/rpc/client/local.rb +1 -1
- data/ui/cli/rpc/client/local/option_parser.rb +1 -1
- data/ui/cli/rpc/client/remote.rb +1 -1
- data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
- data/ui/cli/rpc/server/dispatcher.rb +1 -1
- data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
- data/ui/cli/utilities.rb +1 -1
- metadata +253 -49
- data/ACKNOWLEDGMENTS.md +0 -21
- data/AUTHORS.md +0 -3
- data/CONTRIBUTORS.md +0 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9258760c9e75d398da9ab655640904e5d51544c4
|
4
|
+
data.tar.gz: b7f5f56e8f1977916b7a87465954c354892cc4d3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: baef5531633d799813d4bbfdfc89a44aa682feb5b502349e40c19ec9036ef074f2cf4f8838403487e79b2ac905ace671863b5ee092515251418d0180f0db659b
|
7
|
+
data.tar.gz: 43e379175dff426bc078a5055dda4b0d65dee05f47df7032559501ce1603d5e4c32517ff0c9fb69669a0d21b7710df4f62b2899de099e32ebcc530165a039c46
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,140 @@
|
|
1
1
|
# ChangeLog
|
2
2
|
|
3
|
+
## 1.5 _(January 31, 2017)_
|
4
|
+
|
5
|
+
- Executables
|
6
|
+
- `arachni_rpcd_monitor` -- Brought up to date with Dispatcher refactoring.
|
7
|
+
- New
|
8
|
+
- `arachni_reproduce` -- Reproduces the issues in the given report.
|
9
|
+
- Options
|
10
|
+
- `url` -- Raise error on addresses starting with `127.` because
|
11
|
+
PhantomJS 2.1.1 doesn't proxy any loopback connections.
|
12
|
+
- `--http-cookie-string` -- Updated to only accept `Set-Cookie` formatted
|
13
|
+
cookies instead of `Cookie` ones.
|
14
|
+
- `--browser-cluster-job-timeout`
|
15
|
+
- Repurposed to apply to communication requests for Selenium rather than
|
16
|
+
the entire job.
|
17
|
+
- Lowered to `10` seconds.
|
18
|
+
- New
|
19
|
+
- `--http-authentication-type`
|
20
|
+
- `auto` -- Default
|
21
|
+
- `basic`
|
22
|
+
- `digest`
|
23
|
+
- `digest_ie`
|
24
|
+
- `negotiate`
|
25
|
+
- `ntlm`
|
26
|
+
- `--scope-dom-event-limit` -- Limits the amount of DOM events to be
|
27
|
+
triggered for each DOM depth.
|
28
|
+
- `--daemon-friendly` -- Disables status screen.
|
29
|
+
- `UI`
|
30
|
+
- `CLI`
|
31
|
+
- `Framework` -- Trap `USR1` signal and go into a `pry` session for debugging.
|
32
|
+
- `URI`
|
33
|
+
- `.fast_parse` --- Ignore `data:` URIs.
|
34
|
+
- `HTTP`
|
35
|
+
- `ProxyServer`
|
36
|
+
- Fixed state of abruptly closed SSL interceptor connections leading to
|
37
|
+
frozen browser operations.
|
38
|
+
- Added support for configurable concurrency of origin requests to keep
|
39
|
+
the amount of `Thread`s low.
|
40
|
+
- Added support for `Connection: Upgrade` requests by tunneling WebSocket
|
41
|
+
connections.
|
42
|
+
- `Client`
|
43
|
+
- Added `X-Arachni-Scan-Seed` header that includes the random scan seed.
|
44
|
+
- `Dynamic404Handler`
|
45
|
+
- Added more training scenarios for when:
|
46
|
+
- Dashes are used as routing separators.
|
47
|
+
- Directory name prepending and appending is ignored.
|
48
|
+
- Updated to not dismiss redirects but follow the location.
|
49
|
+
- `Browser`
|
50
|
+
- Updated engine to PhantomJS 2.1.1.
|
51
|
+
- Remove `Content-Security-Policy` to allow the Arachni JS env to run.
|
52
|
+
- `#snapshot_id` -- Moved to browser-side `DOMMonitor` for better performance.
|
53
|
+
- `#capture` -- Extract query parameters from `POST` requests.
|
54
|
+
- `#capture_snapshot` -- Deduplicate based on DOM URL and transitions as well.
|
55
|
+
- `ElementLocator` -- Fixed bug causing broken CSS selectors with UTF8 characters.
|
56
|
+
- `Javascript`
|
57
|
+
- `#dom_elements_with_events`
|
58
|
+
- Moved code to browser-side `DOMMonitor`.
|
59
|
+
- Updated it to return results in batches, in order to keep RAM
|
60
|
+
usage under control when processing large pages with thousands
|
61
|
+
of elements with events.
|
62
|
+
- `BrowserCluster`
|
63
|
+
- `Worker`
|
64
|
+
- `#run_job` -- Retry 5 times on job time-outs.
|
65
|
+
- `Element`
|
66
|
+
- `Capabilities`
|
67
|
+
- `Auditable`
|
68
|
+
- New
|
69
|
+
- `Buffered` -- Reads audit responses in chunks.
|
70
|
+
- `LineBuffered` -- Reads audit responses in chunks of lines.
|
71
|
+
- `DOM`
|
72
|
+
- `Capabilities`
|
73
|
+
- `Submittable`, `Auditable` -- Switched from `Proc` to class methods
|
74
|
+
for callbacks, in order to avoid keeping contexts in memory.
|
75
|
+
- Session -- Allow for a submit input to be specified when the login needs to be
|
76
|
+
triggered by clicking it, rather than just triggering the submit event on
|
77
|
+
the form.
|
78
|
+
- REST API
|
79
|
+
- Added `GET /scans/:id/summary` to return scan progress data without
|
80
|
+
`issues`, `errors` and `sitemap`.
|
81
|
+
- Report
|
82
|
+
- Added `#seed` attribute that includes the random scan seed.
|
83
|
+
- Plugins
|
84
|
+
- New
|
85
|
+
- `webhook_notify` -- Sends a webhook payload over HTTP at the end of the scan.
|
86
|
+
- `rate_limiter` -- Rate limits HTTP requests.
|
87
|
+
- `page_dump` -- Dumps page data to disk as YAML.
|
88
|
+
- `proxy` -- `bind_address` default switched to `127.0.0.1`, `0.0.0.0` breaks
|
89
|
+
SSL interception on MS Windows.
|
90
|
+
- `metrics`
|
91
|
+
- Fixed division by 0 error when no requests have been performed.
|
92
|
+
- Added:
|
93
|
+
- HTTP
|
94
|
+
- Request time-outs
|
95
|
+
- Responses per second
|
96
|
+
- Browser cluster
|
97
|
+
- Timed-out jobs
|
98
|
+
- Seconds per job
|
99
|
+
- Total job time
|
100
|
+
- Job count
|
101
|
+
- `email_notify`
|
102
|
+
- Retry on error.
|
103
|
+
- Default to `afr` as a report format.
|
104
|
+
- Checks
|
105
|
+
- Active
|
106
|
+
- `xss` -- Only check HTML responses to avoid FPs.
|
107
|
+
- `xss_event`
|
108
|
+
- Replaced full parsing of responses with SAX.
|
109
|
+
- Only check HTML responses to avoid FPs.
|
110
|
+
- `xss_script_context`
|
111
|
+
- Replaced full parsing of responses with SAX.
|
112
|
+
- Only check HTML responses to avoid FPs.
|
113
|
+
- `xss_tag`
|
114
|
+
- Replaced full parsing of responses with SAX.
|
115
|
+
- Only check HTML responses to avoid FPs.
|
116
|
+
- `unvalidated_redirect`, `unvalidated_redirect_dom`, `xss`, `xss_dom`,
|
117
|
+
`xss_dom_script_context`, `xss_script_context` -- Replaced `Proc`s
|
118
|
+
with class methods for `BrowserCluster` job callbacks.
|
119
|
+
- `unvalidated_redirect` -- Added prepended payload to the default value.
|
120
|
+
- `sql_injection` -- Added more error signatures for HSQLDB, Java and SQLite.
|
121
|
+
- `csrf` -- Removed heuristics that try to match tokens based on format;
|
122
|
+
now only uses a nonce check.
|
123
|
+
- `path_traversal` -- Increased maximum traversals to 8.
|
124
|
+
- Passive
|
125
|
+
- `backup_files`
|
126
|
+
- Ignore media files to avoid FPs when dealing with galleries and the like.
|
127
|
+
- Added issue remark explaining how the original resource name was manipulated.
|
128
|
+
- `backup_directories` -- Added issue remark explaining how the original
|
129
|
+
resource name was manipulated.
|
130
|
+
- `xst` -- Run once for each protocol, not just for the first page.
|
131
|
+
- Path extractors
|
132
|
+
- `data_url` -- Extract from all elements, not just links.
|
133
|
+
- Reporters
|
134
|
+
- `xml`
|
135
|
+
- Replaced unsupported null-bytes with a placeholder.
|
136
|
+
- Made `issues/issue/page/dom/data_flow_sinks/data_flow_sink/frame/line` nil-able.
|
137
|
+
|
3
138
|
## 1.4 _(February 7, 2016)_
|
4
139
|
|
5
140
|
- Native MS Windows compatibility.
|
@@ -95,6 +230,7 @@
|
|
95
230
|
there's no way to verify SSNs.
|
96
231
|
- `http_only_cookies`, `insecure_cookies` -- Only check current page
|
97
232
|
cookies, don't let the CookieJar ones sneak in.
|
233
|
+
- `insecure_cookies` -- Check JS cookies too.
|
98
234
|
- Plugins
|
99
235
|
- `proxy`
|
100
236
|
- Removed injection of control toolbar to each response.
|
data/Gemfile
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem 'rake'
|
3
|
+
gem 'rake', '11.3.0'
|
4
|
+
gem 'pry'
|
4
5
|
|
5
6
|
group :docs do
|
6
7
|
gem 'yard'
|
@@ -19,6 +20,7 @@ group :prof do
|
|
19
20
|
gem 'sys-proctable'
|
20
21
|
gem 'ruby-mass'
|
21
22
|
gem 'benchmark-ips'
|
23
|
+
gem 'memory_profiler'
|
22
24
|
end
|
23
25
|
|
24
26
|
gemspec
|
data/LICENSE.md
CHANGED
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
5
5
|
<th>Version</th>
|
6
|
-
<td>1.
|
6
|
+
<td>1.5</td>
|
7
7
|
</tr>
|
8
8
|
<tr>
|
9
9
|
<th>Homepage</th>
|
@@ -38,7 +38,7 @@
|
|
38
38
|
</tr>
|
39
39
|
<tr>
|
40
40
|
<th>Copyright</th>
|
41
|
-
<td>2010-
|
41
|
+
<td>2010-2017 <a href="http://www.sarosys.com">Sarosys LLC</a></td>
|
42
42
|
</tr>
|
43
43
|
<tr>
|
44
44
|
<th>License</th>
|
@@ -555,6 +555,9 @@ core remains lean and makes it easy for anyone to add arbitrary functionality.
|
|
555
555
|
- Metrics (`metrics`) -- Captures metrics about multiple aspects of the scan and the web application.
|
556
556
|
- Restrict to DOM state (`restrict_to_dom_state`) -- Restricts the audit to a single page's DOM
|
557
557
|
state, based on a URL fragment.
|
558
|
+
- Webhook notify (`webhook_notify`) -- Sends a webhook payload over HTTP at the end of the scan.
|
559
|
+
- Rate limiter (`rate_limiter`) -- Rate limits HTTP requests.
|
560
|
+
- Page dump (`page_dump`) -- Dumps page data to disk as YAML.
|
558
561
|
|
559
562
|
##### Defaults
|
560
563
|
|
data/Rakefile
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
3
3
|
|
4
4
|
This file is part of the Arachni Framework project and is subject to
|
5
5
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
data/arachni.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
@@ -10,7 +10,7 @@
|
|
10
10
|
Gem::Specification.new do |s|
|
11
11
|
require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni/version'
|
12
12
|
|
13
|
-
s.required_ruby_version = '>= 2.
|
13
|
+
s.required_ruby_version = '>= 2.2.0'
|
14
14
|
|
15
15
|
s.name = 'arachni'
|
16
16
|
s.version = Arachni::VERSION
|
@@ -37,77 +37,82 @@ Gem::Specification.new do |s|
|
|
37
37
|
|
38
38
|
s.executables = Dir.glob( 'bin/*' ).map { |e| File.basename e }
|
39
39
|
|
40
|
-
s.extra_rdoc_files = %w(README.md
|
41
|
-
AUTHORS.md CHANGELOG.md CONTRIBUTORS.md)
|
40
|
+
s.extra_rdoc_files = %w(README.md LICENSE.md CHANGELOG.md)
|
42
41
|
|
43
42
|
s.rdoc_options = [ '--charset=UTF-8' ]
|
44
43
|
|
45
|
-
s.add_dependency 'awesome_print'
|
44
|
+
s.add_dependency 'awesome_print', '1.6.1'
|
46
45
|
|
47
|
-
s.add_dependency 'rack'
|
46
|
+
s.add_dependency 'rack', '1.6.4'
|
48
47
|
|
48
|
+
# Don't specify version, messes with the packages since they always grab the
|
49
|
+
# latest one.
|
49
50
|
s.add_dependency 'bundler'
|
50
51
|
|
51
|
-
s.add_dependency 'concurrent-ruby', '1.0.
|
52
|
-
s.add_dependency 'concurrent-ruby-ext', '1.0.
|
52
|
+
s.add_dependency 'concurrent-ruby', '1.0.2'
|
53
|
+
s.add_dependency 'concurrent-ruby-ext', '1.0.2'
|
53
54
|
|
54
55
|
# For compressing/decompressing system state archives.
|
55
|
-
s.add_dependency 'rubyzip',
|
56
|
+
s.add_dependency 'rubyzip', '1.1.6'
|
56
57
|
|
57
58
|
# HTTP proxy server
|
58
|
-
s.add_dependency 'http_parser.rb'
|
59
|
+
s.add_dependency 'http_parser.rb', '0.6.0'
|
59
60
|
|
60
61
|
# HTML report
|
61
|
-
s.add_dependency 'coderay',
|
62
|
+
s.add_dependency 'coderay', '1.1.0'
|
62
63
|
|
63
|
-
s.add_dependency 'childprocess',
|
64
|
+
s.add_dependency 'childprocess', '0.5.3'
|
64
65
|
|
65
66
|
# RPC serialization.
|
66
|
-
s.add_dependency 'msgpack',
|
67
|
+
s.add_dependency 'msgpack', '0.7.0'
|
67
68
|
|
68
69
|
if RUBY_PLATFORM != 'java'
|
69
70
|
# Optimized JSON.
|
70
|
-
s.add_dependency 'oj',
|
71
|
-
s.add_dependency 'oj_mimic_json'
|
71
|
+
s.add_dependency 'oj', '2.15.0'
|
72
|
+
s.add_dependency 'oj_mimic_json', '1.0.1'
|
72
73
|
end
|
73
74
|
|
74
75
|
# Web server
|
75
|
-
s.add_dependency 'puma',
|
76
|
+
s.add_dependency 'puma', '2.14.0'
|
76
77
|
|
77
78
|
# REST API
|
78
|
-
s.add_dependency 'sinatra',
|
79
|
-
s.add_dependency 'sinatra-contrib',
|
79
|
+
s.add_dependency 'sinatra', '1.4.6'
|
80
|
+
s.add_dependency 'sinatra-contrib', '1.4.6'
|
80
81
|
|
81
82
|
# RPC client/server implementation.
|
82
|
-
s.add_dependency 'arachni-rpc',
|
83
|
+
s.add_dependency 'arachni-rpc', '~> 0.2.1.4'
|
83
84
|
|
84
85
|
# HTTP client.
|
85
|
-
s.add_dependency 'typhoeus',
|
86
|
+
s.add_dependency 'typhoeus', '1.0.2'
|
86
87
|
|
87
88
|
# Fallback URI parsing and encoding utilities.
|
88
|
-
s.add_dependency 'addressable',
|
89
|
+
s.add_dependency 'addressable', '2.3.6'
|
89
90
|
|
90
91
|
# E-mail plugin.
|
91
|
-
s.add_dependency 'pony',
|
92
|
+
s.add_dependency 'pony', '1.11'
|
92
93
|
|
93
94
|
# For the Arachni console (arachni_console).
|
94
|
-
s.add_dependency 'rb-readline',
|
95
|
+
s.add_dependency 'rb-readline', '0.5.1'
|
95
96
|
|
96
|
-
# Markup parsing.
|
97
|
-
s.add_dependency 'nokogiri',
|
97
|
+
# Markup parsing, for reports and Element::XML.
|
98
|
+
s.add_dependency 'nokogiri', '1.6.8.1'
|
99
|
+
# Really fast and lightweight markup parsing, for pages.
|
100
|
+
s.add_dependency 'ox', '2.4.9'
|
98
101
|
|
99
102
|
# Outputting data in table format (arachni_rpcd_monitor).
|
100
|
-
s.add_dependency 'terminal-table',
|
103
|
+
s.add_dependency 'terminal-table', '1.4.5'
|
101
104
|
|
102
105
|
# Browser support for DOM/JS/AJAX analysis stuff.
|
103
|
-
|
106
|
+
# Lock webdriver, newer versions has issues.
|
107
|
+
s.add_dependency 'selenium-webdriver', '3.0.1'
|
108
|
+
s.add_dependency 'watir-webdriver', '0.8.0'
|
104
109
|
|
105
110
|
# Markdown to HTML conversion, used by the HTML report for component
|
106
111
|
# descriptions.
|
107
|
-
s.add_dependency 'kramdown',
|
112
|
+
s.add_dependency 'kramdown', '1.4.1'
|
108
113
|
|
109
114
|
# Used to scrub Markdown for XSS etc.
|
110
|
-
s.add_dependency 'loofah',
|
115
|
+
s.add_dependency 'loofah', '2.0.3'
|
111
116
|
|
112
117
|
s.post_install_message = <<MSG
|
113
118
|
|
@@ -124,7 +129,7 @@ License - Arachni Public Source License v1.0
|
|
124
129
|
(https://github.com/Arachni/arachni/blob/master/LICENSE.md)
|
125
130
|
Author - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
|
126
131
|
Twitter - http://twitter.com/ArachniScanner
|
127
|
-
Copyright - 2010-
|
132
|
+
Copyright - 2010-2017 Sarosys LLC (http://www.sarosys.com)
|
128
133
|
|
129
134
|
Please do not hesitate to ask for assistance (via the support portal)
|
130
135
|
or report a bug (via GitHub Issues) if you come across any problem.
|
data/bin/arachni
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
data/bin/arachni_console
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
data/bin/arachni_multi
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
@@ -10,4 +10,9 @@
|
|
10
10
|
require_relative '../lib/arachni'
|
11
11
|
require_relative '../ui/cli/rpc/client/local'
|
12
12
|
|
13
|
+
if Arachni.windows?
|
14
|
+
Arachni::UI::Output.print_error "This interface is not available on MS Windows."
|
15
|
+
exit
|
16
|
+
end
|
17
|
+
|
13
18
|
Arachni::UI::CLI::RPC::Client::Local.new
|
data/bin/arachni_reporter
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
@@ -0,0 +1,12 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
=begin
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
|
+
|
5
|
+
This file is part of the Arachni Framework project and is subject to
|
6
|
+
redistribution and commercial restrictions. Please see the Arachni Framework
|
7
|
+
web site for more information on licensing and terms of use.
|
8
|
+
=end
|
9
|
+
|
10
|
+
require_relative '../ui/cli/reproduce'
|
11
|
+
|
12
|
+
Arachni::UI::CLI::Reproduce.new
|
data/bin/arachni_rest_server
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
data/bin/arachni_restore
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
data/bin/arachni_rpc
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
=begin
|
3
|
-
Copyright 2010-
|
3
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
4
4
|
|
5
5
|
This file is part of the Arachni Framework project and is subject to
|
6
6
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
@@ -10,4 +10,9 @@
|
|
10
10
|
require_relative '../lib/arachni'
|
11
11
|
require_relative '../ui/cli/rpc/client/remote'
|
12
12
|
|
13
|
+
if Arachni.windows?
|
14
|
+
Arachni::UI::Output.print_error "This interface is not available on MS Windows."
|
15
|
+
exit
|
16
|
+
end
|
17
|
+
|
13
18
|
Arachni::UI::CLI::RPC::Client::Remote.new
|