├── .gitignore
├── .jrubyrc
├── .ruby-gemset
├── .ruby-version
├── .simplecov
├── .yardopts
├── CHANGELOG.md
├── Gemfile
├── LICENSE.md
├── README.md
├── Rakefile
├── arachni.gemspec
├── bin
    ├── arachni
    ├── arachni_console
    ├── arachni_multi
    ├── arachni_reporter
    ├── arachni_reproduce
    ├── arachni_rest_server
    ├── arachni_restore
    ├── arachni_rpc
    ├── arachni_rpcd
    ├── arachni_rpcd_monitor
    └── arachni_script
├── components
    ├── checks
    │   ├── active
    │   │   ├── code_injection.rb
    │   │   ├── code_injection_php_input_wrapper.rb
    │   │   ├── code_injection_timing.rb
    │   │   ├── csrf.rb
    │   │   ├── file_inclusion.rb
    │   │   ├── ldap_injection.rb
    │   │   ├── ldap_injection
    │   │   │   └── errors.txt
    │   │   ├── no_sql_injection.rb
    │   │   ├── no_sql_injection
    │   │   │   └── substrings
    │   │   │   │   └── mongodb
    │   │   ├── no_sql_injection_differential.rb
    │   │   ├── os_cmd_injection.rb
    │   │   ├── os_cmd_injection_timing.rb
    │   │   ├── path_traversal.rb
    │   │   ├── response_splitting.rb
    │   │   ├── rfi.rb
    │   │   ├── session_fixation.rb
    │   │   ├── source_code_disclosure.rb
    │   │   ├── sql_injection.rb
    │   │   ├── sql_injection
    │   │   │   ├── ignore_substrings
    │   │   │   ├── regexps
    │   │   │   │   ├── db2.yaml
    │   │   │   │   ├── frontbase.yaml
    │   │   │   │   ├── hsqldb.yaml
    │   │   │   │   ├── informix.yaml
    │   │   │   │   ├── ingres.yaml
    │   │   │   │   ├── maxdb.yaml
    │   │   │   │   ├── mssql.yaml
    │   │   │   │   ├── mysql.yaml
    │   │   │   │   ├── oracle.yaml
    │   │   │   │   ├── pgsql.yaml
    │   │   │   │   ├── sqlite.yaml
    │   │   │   │   └── sybase.yaml
    │   │   │   └── substrings
    │   │   │   │   ├── access
    │   │   │   │   ├── db2
    │   │   │   │   ├── emc
    │   │   │   │   ├── firebird
    │   │   │   │   ├── hsqldb
    │   │   │   │   ├── informix
    │   │   │   │   ├── ingres
    │   │   │   │   ├── interbase
    │   │   │   │   ├── java
    │   │   │   │   ├── mssql
    │   │   │   │   ├── mysql
    │   │   │   │   ├── oracle
    │   │   │   │   ├── pgsql
    │   │   │   │   ├── sqlite
    │   │   │   │   └── sybase
    │   │   ├── sql_injection_differential.rb
    │   │   ├── sql_injection_differential
    │   │   │   └── payloads.txt
    │   │   ├── sql_injection_timing.rb
    │   │   ├── sql_injection_timing
    │   │   │   ├── mssql.txt
    │   │   │   ├── mysql.txt
    │   │   │   └── pgsql.txt
    │   │   ├── trainer.rb
    │   │   ├── unvalidated_redirect.rb
    │   │   ├── unvalidated_redirect_dom.rb
    │   │   ├── xpath_injection.rb
    │   │   ├── xpath_injection
    │   │   │   └── errors.txt
    │   │   ├── xss.rb
    │   │   ├── xss_dom.rb
    │   │   ├── xss_dom_script_context.rb
    │   │   ├── xss_event.rb
    │   │   ├── xss_path.rb
    │   │   ├── xss_script_context.rb
    │   │   ├── xss_tag.rb
    │   │   └── xxe.rb
    │   └── passive
    │   │   ├── allowed_methods.rb
    │   │   ├── backdoors.rb
    │   │   ├── backdoors
    │   │       └── filenames.txt
    │   │   ├── backup_directories.rb
    │   │   ├── backup_directories
    │   │       └── formats.txt
    │   │   ├── backup_files.rb
    │   │   ├── backup_files
    │   │       └── formats.txt
    │   │   ├── common_admin_interfaces.rb
    │   │   ├── common_admin_interfaces
    │   │       └── admin-panels.txt
    │   │   ├── common_directories.rb
    │   │   ├── common_directories
    │   │       └── directories.txt
    │   │   ├── common_files.rb
    │   │   ├── common_files
    │   │       └── filenames.txt
    │   │   ├── directory_listing.rb
    │   │   ├── grep
    │   │       ├── captcha.rb
    │   │       ├── cookie_set_for_parent_domain.rb
    │   │       ├── credit_card.rb
    │   │       ├── cvs_svn_users.rb
    │   │       ├── emails.rb
    │   │       ├── form_upload.rb
    │   │       ├── hsts.rb
    │   │       ├── html_objects.rb
    │   │       ├── http_only_cookies.rb
    │   │       ├── insecure_cookies.rb
    │   │       ├── insecure_cors_policy.rb
    │   │       ├── mixed_resource.rb
    │   │       ├── password_autocomplete.rb
    │   │       ├── private_ip.rb
    │   │       ├── ssn.rb
    │   │       ├── unencrypted_password_forms.rb
    │   │       └── x_frame_options.rb
    │   │   ├── htaccess_limit.rb
    │   │   ├── http_put.rb
    │   │   ├── insecure_client_access_policy.rb
    │   │   ├── insecure_cross_domain_policy_access.rb
    │   │   ├── insecure_cross_domain_policy_headers.rb
    │   │   ├── interesting_responses.rb
    │   │   ├── localstart_asp.rb
    │   │   ├── origin_spoof_access_restriction_bypass.rb
    │   │   ├── webdav.rb
    │   │   └── xst.rb
    ├── fingerprinters
    │   ├── frameworks
    │   │   ├── aspx_mvc.rb
    │   │   ├── cakephp.rb
    │   │   ├── cherrypy.rb
    │   │   ├── django.rb
    │   │   ├── jsf.rb
    │   │   ├── nette.rb
    │   │   ├── rack.rb
    │   │   ├── rails.rb
    │   │   └── symfony.rb
    │   ├── languages
    │   │   ├── asp.rb
    │   │   ├── aspx.rb
    │   │   ├── java.rb
    │   │   ├── php.rb
    │   │   ├── python.rb
    │   │   └── ruby.rb
    │   ├── os
    │   │   ├── bsd.rb
    │   │   ├── linux.rb
    │   │   ├── solaris.rb
    │   │   ├── unix.rb
    │   │   └── windows.rb
    │   └── servers
    │   │   ├── apache.rb
    │   │   ├── gunicorn.rb
    │   │   ├── iis.rb
    │   │   ├── jetty.rb
    │   │   ├── nginx.rb
    │   │   └── tomcat.rb
    ├── path_extractors
    │   ├── anchors.rb
    │   ├── areas.rb
    │   ├── comments.rb
    │   ├── data_url.rb
    │   ├── forms.rb
    │   ├── frames.rb
    │   ├── generic.rb
    │   ├── links.rb
    │   ├── meta_refresh.rb
    │   └── scripts.rb
    ├── plugins
    │   ├── autologin.rb
    │   ├── beep_notify.rb
    │   ├── content_types.rb
    │   ├── cookie_collector.rb
    │   ├── debug
    │   │   └── browser_cluster_job_monitor.rb
    │   ├── defaults
    │   │   ├── autothrottle.rb
    │   │   ├── healthmap.rb
    │   │   └── meta
    │   │   │   ├── remedies
    │   │   │       ├── discovery.rb
    │   │   │       └── timing_attacks.rb
    │   │   │   └── uniformity.rb
    │   ├── email_notify.rb
    │   ├── exec.rb
    │   ├── form_dicattack.rb
    │   ├── headers_collector.rb
    │   ├── http_dicattack.rb
    │   ├── login_script.rb
    │   ├── metrics.rb
    │   ├── page_dump.rb
    │   ├── proxy.rb
    │   ├── proxy
    │   │   ├── panel
    │   │   │   ├── 403_forbidden.html.erb
    │   │   │   ├── 404_not_found.html.erb
    │   │   │   ├── css
    │   │   │   │   ├── bootstrap-responsive.css
    │   │   │   │   ├── bootstrap.min.css
    │   │   │   │   └── panel.css
    │   │   │   ├── help.html.erb
    │   │   │   ├── img
    │   │   │   │   ├── glyphicons-halflings-white.png
    │   │   │   │   ├── glyphicons-halflings.png
    │   │   │   │   └── record.png
    │   │   │   ├── inspect.html.erb
    │   │   │   ├── js
    │   │   │   │   ├── bootstrap.min.js
    │   │   │   │   ├── jquery.min.js
    │   │   │   │   └── panel.js
    │   │   │   ├── layout.html.erb
    │   │   │   ├── page_accordion.html.erb
    │   │   │   ├── page_twin_accordion.html.erb
    │   │   │   ├── panel.html.erb
    │   │   │   ├── shutdown_message.html.erb
    │   │   │   ├── sign_in.html.erb
    │   │   │   ├── vectors.yml.erb
    │   │   │   ├── verify_login_check.html.erb
    │   │   │   ├── verify_login_final.html.erb
    │   │   │   └── verify_login_sequence.html.erb
    │   │   └── template_scope.rb
    │   ├── rate_limiter.rb
    │   ├── restrict_to_dom_state.rb
    │   ├── script.rb
    │   ├── uncommon_headers.rb
    │   ├── vector_collector.rb
    │   ├── vector_feed.rb
    │   ├── waf_detector.rb
    │   └── webhook_notify.rb
    ├── reporters
    │   ├── ap.rb
    │   ├── html.rb
    │   ├── html
    │   │   ├── default.erb
    │   │   └── default
    │   │   │   ├── configuration.erb
    │   │   │   ├── css
    │   │   │       ├── lib
    │   │   │       │   ├── bootstrap-theme.min.css
    │   │   │       │   ├── bootstrap.min.css
    │   │   │       │   ├── c3.css
    │   │   │       │   └── font-awesome.min.css
    │   │   │       └── main.css
    │   │   │   ├── fonts
    │   │   │       ├── FontAwesome.otf
    │   │   │       ├── fontawesome-webfont.eot
    │   │   │       ├── fontawesome-webfont.svg
    │   │   │       ├── fontawesome-webfont.ttf
    │   │   │       ├── fontawesome-webfont.woff
    │   │   │       ├── glyphicons-halflings-regular.eot
    │   │   │       ├── glyphicons-halflings-regular.svg
    │   │   │       ├── glyphicons-halflings-regular.ttf
    │   │   │       └── glyphicons-halflings-regular.woff
    │   │   │   ├── issue.erb
    │   │   │   ├── issue
    │   │   │       ├── details.erb
    │   │   │       ├── info.erb
    │   │   │       ├── page.erb
    │   │   │       ├── page
    │   │   │       │   ├── body.erb
    │   │   │       │   ├── sink
    │   │   │       │   │   ├── data_flow.erb
    │   │   │       │   │   ├── data_flow
    │   │   │       │   │   │   ├── arguments.erb
    │   │   │       │   │   │   └── source.erb
    │   │   │       │   │   ├── execution_flow.erb
    │   │   │       │   │   ├── frame
    │   │   │       │   │   │   └── source.erb
    │   │   │       │   │   └── trace
    │   │   │       │   │   │   └── table.erb
    │   │   │       │   └── transitions.erb
    │   │   │       ├── platform.erb
    │   │   │       ├── remarks.erb
    │   │   │       └── vector.erb
    │   │   │   ├── issues.erb
    │   │   │   ├── issues
    │   │   │       └── grouped.erb
    │   │   │   ├── js
    │   │   │       ├── charts.js.erb
    │   │   │       ├── configuration.js.erb
    │   │   │       ├── helpers.js
    │   │   │       ├── init.js.erb
    │   │   │       └── lib
    │   │   │       │   ├── bootstrap.min.js
    │   │   │       │   ├── c3.min.js
    │   │   │       │   ├── d3.min.js
    │   │   │       │   └── jquery.min.js
    │   │   │   ├── navigation.erb
    │   │   │   ├── plugins.erb
    │   │   │   ├── shared
    │   │   │       ├── hash.erb
    │   │   │       └── hash_table.erb
    │   │   │   ├── sitemap.erb
    │   │   │   ├── summary.erb
    │   │   │   └── summary
    │   │   │       ├── charts.erb
    │   │   │       ├── issues.erb
    │   │   │       ├── issues
    │   │   │           └── by_name.erb
    │   │   │       └── owasp_top_10.erb
    │   ├── json.rb
    │   ├── marshal.rb
    │   ├── plugin_formatters
    │   │   ├── html
    │   │   │   ├── autologin.rb
    │   │   │   ├── content_types.rb
    │   │   │   ├── cookie_collector.rb
    │   │   │   ├── exec.rb
    │   │   │   ├── form_dicattack.rb
    │   │   │   ├── healthmap.rb
    │   │   │   ├── http_dicattack.rb
    │   │   │   ├── login_script.rb
    │   │   │   ├── metrics.rb
    │   │   │   ├── uncommon_headers.rb
    │   │   │   ├── uniformity.rb
    │   │   │   ├── vector_collector.rb
    │   │   │   └── waf_detector.rb
    │   │   ├── stdout
    │   │   │   ├── autologin.rb
    │   │   │   ├── content_types.rb
    │   │   │   ├── cookie_collector.rb
    │   │   │   ├── exec.rb
    │   │   │   ├── form_dicattack.rb
    │   │   │   ├── healthmap.rb
    │   │   │   ├── http_dicattack.rb
    │   │   │   ├── login_script.rb
    │   │   │   ├── metrics.rb
    │   │   │   ├── uncommon_headers.rb
    │   │   │   ├── uniformity.rb
    │   │   │   ├── vector_collector.rb
    │   │   │   └── waf_detector.rb
    │   │   └── xml
    │   │   │   ├── autologin.rb
    │   │   │   ├── content_types.rb
    │   │   │   ├── cookie_collector.rb
    │   │   │   ├── exec.rb
    │   │   │   ├── form_dicattack.rb
    │   │   │   ├── healthmap.rb
    │   │   │   ├── http_dicattack.rb
    │   │   │   ├── login_script.rb
    │   │   │   ├── metrics.rb
    │   │   │   ├── uncommon_headers.rb
    │   │   │   ├── uniformity.rb
    │   │   │   ├── vector_collector.rb
    │   │   │   └── waf_detector.rb
    │   ├── stdout.rb
    │   ├── txt.rb
    │   ├── xml.rb
    │   ├── xml
    │   │   └── schema.xsd
    │   └── yaml.rb
    └── services
    │   └── placeholder
├── config
    └── write_paths.yml
├── lib
    ├── arachni.rb
    ├── arachni
    │   ├── banner.rb
    │   ├── browser.rb
    │   ├── browser
    │   │   ├── element_locator.rb
    │   │   ├── javascript.rb
    │   │   └── javascript
    │   │   │   ├── dom_monitor.rb
    │   │   │   ├── proxy.rb
    │   │   │   ├── proxy
    │   │   │       └── stub.rb
    │   │   │   ├── scripts
    │   │   │       ├── dom_monitor.js
    │   │   │       ├── polyfills.js
    │   │   │       └── taint_tracer.js
    │   │   │   ├── taint_tracer.rb
    │   │   │   └── taint_tracer
    │   │   │       ├── frame.rb
    │   │   │       ├── frame
    │   │   │           └── called_function.rb
    │   │   │       └── sink
    │   │   │           ├── base.rb
    │   │   │           ├── data_flow.rb
    │   │   │           └── execution_flow.rb
    │   ├── browser_cluster.rb
    │   ├── browser_cluster
    │   │   ├── job.rb
    │   │   ├── job
    │   │   │   └── result.rb
    │   │   ├── jobs
    │   │   │   ├── browser_provider.rb
    │   │   │   ├── dom_exploration.rb
    │   │   │   ├── dom_exploration
    │   │   │   │   ├── event_trigger.rb
    │   │   │   │   ├── event_trigger
    │   │   │   │   │   └── result.rb
    │   │   │   │   └── result.rb
    │   │   │   ├── taint_trace.rb
    │   │   │   └── taint_trace
    │   │   │   │   ├── event_trigger.rb
    │   │   │   │   ├── event_trigger
    │   │   │   │       └── result.rb
    │   │   │   │   └── result.rb
    │   │   └── worker.rb
    │   ├── check.rb
    │   ├── check
    │   │   ├── auditor.rb
    │   │   ├── base.rb
    │   │   └── manager.rb
    │   ├── component.rb
    │   ├── component
    │   │   ├── base.rb
    │   │   ├── manager.rb
    │   │   ├── options.rb
    │   │   ├── options
    │   │   │   ├── address.rb
    │   │   │   ├── base.rb
    │   │   │   ├── bool.rb
    │   │   │   ├── float.rb
    │   │   │   ├── int.rb
    │   │   │   ├── multiple_choice.rb
    │   │   │   ├── object.rb
    │   │   │   ├── path.rb
    │   │   │   ├── port.rb
    │   │   │   ├── string.rb
    │   │   │   └── url.rb
    │   │   ├── output.rb
    │   │   └── utilities.rb
    │   ├── data.rb
    │   ├── data
    │   │   ├── framework.rb
    │   │   ├── framework
    │   │   │   └── rpc.rb
    │   │   ├── issues.rb
    │   │   ├── plugins.rb
    │   │   └── session.rb
    │   ├── element
    │   │   ├── base.rb
    │   │   ├── body.rb
    │   │   ├── capabilities
    │   │   │   ├── analyzable.rb
    │   │   │   ├── analyzable
    │   │   │   │   ├── differential.rb
    │   │   │   │   ├── signature.rb
    │   │   │   │   └── timeout.rb
    │   │   │   ├── auditable.rb
    │   │   │   ├── auditable
    │   │   │   │   ├── buffered.rb
    │   │   │   │   └── line_buffered.rb
    │   │   │   ├── dom_only.rb
    │   │   │   ├── inputtable.rb
    │   │   │   ├── mutable.rb
    │   │   │   ├── refreshable.rb
    │   │   │   ├── submittable.rb
    │   │   │   ├── with_auditor.rb
    │   │   │   ├── with_auditor
    │   │   │   │   └── output.rb
    │   │   │   ├── with_dom.rb
    │   │   │   ├── with_node.rb
    │   │   │   ├── with_scope.rb
    │   │   │   ├── with_scope
    │   │   │   │   └── scope.rb
    │   │   │   └── with_source.rb
    │   │   ├── cookie.rb
    │   │   ├── cookie
    │   │   │   ├── capabilities
    │   │   │   │   ├── inputtable.rb
    │   │   │   │   ├── mutable.rb
    │   │   │   │   └── with_dom.rb
    │   │   │   └── dom.rb
    │   │   ├── dom.rb
    │   │   ├── dom
    │   │   │   └── capabilities
    │   │   │   │   ├── auditable.rb
    │   │   │   │   ├── inputtable.rb
    │   │   │   │   ├── locatable.rb
    │   │   │   │   ├── mutable.rb
    │   │   │   │   └── submittable.rb
    │   │   ├── form.rb
    │   │   ├── form
    │   │   │   ├── capabilities
    │   │   │   │   ├── auditable.rb
    │   │   │   │   ├── mutable.rb
    │   │   │   │   ├── submittable.rb
    │   │   │   │   └── with_dom.rb
    │   │   │   └── dom.rb
    │   │   ├── generic_dom.rb
    │   │   ├── header.rb
    │   │   ├── header
    │   │   │   └── capabilities
    │   │   │   │   ├── inputtable.rb
    │   │   │   │   └── mutable.rb
    │   │   ├── json.rb
    │   │   ├── json
    │   │   │   └── capabilities
    │   │   │   │   ├── inputtable.rb
    │   │   │   │   └── mutable.rb
    │   │   ├── link.rb
    │   │   ├── link
    │   │   │   ├── capabilities
    │   │   │   │   ├── auditable.rb
    │   │   │   │   ├── submittable.rb
    │   │   │   │   └── with_dom.rb
    │   │   │   ├── dom.rb
    │   │   │   └── dom
    │   │   │   │   └── capabilities
    │   │   │   │       └── submittable.rb
    │   │   ├── link_template.rb
    │   │   ├── link_template
    │   │   │   ├── capabilities
    │   │   │   │   ├── auditable.rb
    │   │   │   │   ├── inputtable.rb
    │   │   │   │   └── with_dom.rb
    │   │   │   ├── dom.rb
    │   │   │   └── dom
    │   │   │   │   └── capabilities
    │   │   │   │       └── submittable.rb
    │   │   ├── nested_cookie.rb
    │   │   ├── nested_cookie
    │   │   │   └── capabilities
    │   │   │   │   └── submittable.rb
    │   │   ├── path.rb
    │   │   ├── server.rb
    │   │   ├── ui_form.rb
    │   │   ├── ui_form
    │   │   │   └── dom.rb
    │   │   ├── ui_input.rb
    │   │   ├── ui_input
    │   │   │   └── dom.rb
    │   │   ├── xml.rb
    │   │   └── xml
    │   │   │   └── capabilities
    │   │   │       ├── inputtable.rb
    │   │   │       └── mutable.rb
    │   ├── element_filter.rb
    │   ├── error.rb
    │   ├── ethon
    │   │   └── easy.rb
    │   ├── framework.rb
    │   ├── framework
    │   │   └── parts
    │   │   │   ├── audit.rb
    │   │   │   ├── browser.rb
    │   │   │   ├── check.rb
    │   │   │   ├── data.rb
    │   │   │   ├── platform.rb
    │   │   │   ├── plugin.rb
    │   │   │   ├── report.rb
    │   │   │   ├── scope.rb
    │   │   │   └── state.rb
    │   ├── http.rb
    │   ├── http
    │   │   ├── client.rb
    │   │   ├── client
    │   │   │   └── dynamic_404_handler.rb
    │   │   ├── cookie_jar.rb
    │   │   ├── headers.rb
    │   │   ├── message.rb
    │   │   ├── message
    │   │   │   └── scope.rb
    │   │   ├── proxy_server.rb
    │   │   ├── proxy_server
    │   │   │   ├── connection.rb
    │   │   │   ├── ssl-interceptor-cacert.pem
    │   │   │   ├── ssl-interceptor-cakey.pem
    │   │   │   ├── ssl_interceptor.rb
    │   │   │   └── tunnel.rb
    │   │   ├── request.rb
    │   │   ├── request
    │   │   │   └── scope.rb
    │   │   ├── response.rb
    │   │   └── response
    │   │   │   └── scope.rb
    │   ├── issue.rb
    │   ├── issue
    │   │   ├── severity.rb
    │   │   └── severity
    │   │   │   └── base.rb
    │   ├── option_group.rb
    │   ├── option_groups.rb
    │   ├── option_groups
    │   │   ├── audit.rb
    │   │   ├── browser_cluster.rb
    │   │   ├── datastore.rb
    │   │   ├── dispatcher.rb
    │   │   ├── http.rb
    │   │   ├── input.rb
    │   │   ├── output.rb
    │   │   ├── paths.rb
    │   │   ├── rpc.rb
    │   │   ├── scope.rb
    │   │   ├── session.rb
    │   │   └── snapshot.rb
    │   ├── options.rb
    │   ├── page.rb
    │   ├── page
    │   │   ├── dom.rb
    │   │   ├── dom
    │   │   │   └── transition.rb
    │   │   └── scope.rb
    │   ├── parser.rb
    │   ├── parser
    │   │   ├── document.rb
    │   │   ├── extractors
    │   │   │   └── base.rb
    │   │   ├── nodes
    │   │   │   ├── base.rb
    │   │   │   ├── comment.rb
    │   │   │   ├── element.rb
    │   │   │   ├── element
    │   │   │   │   ├── with_attributes.rb
    │   │   │   │   └── with_attributes
    │   │   │   │   │   └── attributes.rb
    │   │   │   ├── text.rb
    │   │   │   └── with_value.rb
    │   │   ├── sax.rb
    │   │   ├── with_children.rb
    │   │   └── with_children
    │   │   │   └── search.rb
    │   ├── platform.rb
    │   ├── platform
    │   │   ├── fingerprinter.rb
    │   │   ├── list.rb
    │   │   └── manager.rb
    │   ├── plugin.rb
    │   ├── plugin
    │   │   ├── base.rb
    │   │   ├── formatter.rb
    │   │   └── manager.rb
    │   ├── processes.rb
    │   ├── processes
    │   │   ├── dispatchers.rb
    │   │   ├── executables
    │   │   │   ├── base.rb
    │   │   │   ├── browser.rb
    │   │   │   ├── dispatcher.rb
    │   │   │   ├── instance.rb
    │   │   │   └── rest_service.rb
    │   │   ├── helpers.rb
    │   │   ├── helpers
    │   │   │   ├── dispatchers.rb
    │   │   │   ├── instances.rb
    │   │   │   └── processes.rb
    │   │   ├── instances.rb
    │   │   └── manager.rb
    │   ├── report.rb
    │   ├── reporter.rb
    │   ├── reporter
    │   │   ├── base.rb
    │   │   ├── formatter_manager.rb
    │   │   ├── manager.rb
    │   │   └── options.rb
    │   ├── rest
    │   │   ├── server.rb
    │   │   └── server
    │   │   │   └── instance_helpers.rb
    │   ├── rpc
    │   │   ├── client.rb
    │   │   ├── client
    │   │   │   ├── base.rb
    │   │   │   ├── dispatcher.rb
    │   │   │   ├── instance.rb
    │   │   │   └── instance
    │   │   │   │   ├── framework.rb
    │   │   │   │   └── service.rb
    │   │   ├── serializer.rb
    │   │   └── server
    │   │   │   ├── active_options.rb
    │   │   │   ├── base.rb
    │   │   │   ├── check
    │   │   │       └── manager.rb
    │   │   │   ├── dispatcher.rb
    │   │   │   ├── dispatcher
    │   │   │       ├── node.rb
    │   │   │       └── service.rb
    │   │   │   ├── framework.rb
    │   │   │   ├── framework
    │   │   │       ├── distributor.rb
    │   │   │       ├── master.rb
    │   │   │       ├── multi_instance.rb
    │   │   │       └── slave.rb
    │   │   │   ├── instance.rb
    │   │   │   ├── output.rb
    │   │   │   └── plugin
    │   │   │       └── manager.rb
    │   ├── ruby.rb
    │   ├── ruby
    │   │   ├── array.rb
    │   │   ├── hash.rb
    │   │   ├── object.rb
    │   │   ├── set.rb
    │   │   ├── string.rb
    │   │   ├── webrick.rb
    │   │   └── webrick
    │   │   │   ├── cookie.rb
    │   │   │   └── httprequest.rb
    │   ├── scope.rb
    │   ├── selenium
    │   │   └── webdriver
    │   │   │   ├── element.rb
    │   │   │   └── remote
    │   │   │       └── typhoeus.rb
    │   ├── session.rb
    │   ├── snapshot.rb
    │   ├── state.rb
    │   ├── state
    │   │   ├── audit.rb
    │   │   ├── element_filter.rb
    │   │   ├── framework.rb
    │   │   ├── framework
    │   │   │   └── rpc.rb
    │   │   ├── http.rb
    │   │   ├── options.rb
    │   │   └── plugins.rb
    │   ├── support.rb
    │   ├── support
    │   │   ├── buffer.rb
    │   │   ├── buffer
    │   │   │   ├── autoflush.rb
    │   │   │   └── base.rb
    │   │   ├── cache.rb
    │   │   ├── cache
    │   │   │   ├── base.rb
    │   │   │   ├── least_cost_replacement.rb
    │   │   │   ├── least_recently_pushed.rb
    │   │   │   ├── least_recently_used.rb
    │   │   │   ├── preference.rb
    │   │   │   └── random_replacement.rb
    │   │   ├── crypto.rb
    │   │   ├── crypto
    │   │   │   └── rsa_aes_cbc.rb
    │   │   ├── database.rb
    │   │   ├── database
    │   │   │   ├── base.rb
    │   │   │   ├── hash.rb
    │   │   │   └── queue.rb
    │   │   ├── glob.rb
    │   │   ├── lookup.rb
    │   │   ├── lookup
    │   │   │   ├── base.rb
    │   │   │   ├── hash_set.rb
    │   │   │   └── moolb.rb
    │   │   ├── mixins.rb
    │   │   ├── mixins
    │   │   │   ├── observable.rb
    │   │   │   └── terminal.rb
    │   │   ├── profiler.rb
    │   │   └── signature.rb
    │   ├── trainer.rb
    │   ├── ui
    │   │   └── foo
    │   │   │   └── output.rb
    │   ├── uri.rb
    │   ├── uri
    │   │   └── scope.rb
    │   ├── utilities.rb
    │   └── version.rb
    └── version
├── logs
    └── placeholder
├── profiles
    └── placeholder
├── snapshots
    └── placeholder
├── spec
    ├── arachni
    │   ├── browser
    │   │   ├── element_locator_spec.rb
    │   │   ├── javascript
    │   │   │   ├── dom_monitor_spec.rb
    │   │   │   ├── polyfills_spec.rb
    │   │   │   ├── proxy
    │   │   │   │   └── stub_spec.rb
    │   │   │   ├── proxy_spec.rb
    │   │   │   ├── taint_tracer
    │   │   │   │   ├── frame
    │   │   │   │   │   └── called_function_spec.rb
    │   │   │   │   ├── frame_spec.rb
    │   │   │   │   └── sink
    │   │   │   │   │   ├── data_flow_spec.rb
    │   │   │   │   │   └── execution_flow_spec.rb
    │   │   │   └── taint_tracer_spec.rb
    │   │   └── javascript_spec.rb
    │   ├── browser_cluster
    │   │   ├── job
    │   │   │   └── result_spec.rb
    │   │   ├── job_spec.rb
    │   │   ├── jobs
    │   │   │   ├── dom_exploration
    │   │   │   │   ├── event_trigger
    │   │   │   │   │   └── result_spec.rb
    │   │   │   │   ├── event_trigger_spec.rb
    │   │   │   │   └── result_spec.rb
    │   │   │   ├── dom_exploration_spec.rb
    │   │   │   └── taint_tracer_spec.rb
    │   │   └── worker_spec.rb
    │   ├── browser_cluster_spec.rb
    │   ├── browser_spec.rb
    │   ├── check
    │   │   ├── auditor_spec.rb
    │   │   ├── base_spec.rb
    │   │   └── manager_spec.rb
    │   ├── component
    │   │   ├── base_spec.rb
    │   │   ├── manager_spec.rb
    │   │   ├── options
    │   │   │   ├── address_spec.rb
    │   │   │   ├── base_spec.rb
    │   │   │   ├── bool_spec.rb
    │   │   │   ├── float_spec.rb
    │   │   │   ├── int_spec.rb
    │   │   │   ├── multiple_choice_spec.rb
    │   │   │   ├── object_spec.rb
    │   │   │   ├── path_spec.rb
    │   │   │   ├── port_spec.rb
    │   │   │   ├── string_spec.rb
    │   │   │   └── url_spec.rb
    │   │   ├── utilities_spec.rb
    │   │   └── utilities_spec
    │   │   │   └── read_file.txt
    │   ├── data
    │   │   ├── framework
    │   │   │   └── rpc_spec.rb
    │   │   ├── framework_spec.rb
    │   │   ├── issues_spec.rb
    │   │   ├── plugins_spec.rb
    │   │   └── session_spec.rb
    │   ├── data_spec.rb
    │   ├── element
    │   │   ├── body_spec.rb
    │   │   ├── capabilities
    │   │   │   ├── analyzable
    │   │   │   │   ├── differential_spec.rb
    │   │   │   │   ├── signature_spec.rb
    │   │   │   │   └── timeout_spec.rb
    │   │   │   └── with_scope
    │   │   │   │   └── scope_spec.rb
    │   │   ├── cookie
    │   │   │   └── dom_spec.rb
    │   │   ├── cookie_spec.rb
    │   │   ├── form
    │   │   │   └── dom_spec.rb
    │   │   ├── form_spec.rb
    │   │   ├── generic_dom_spec.rb
    │   │   ├── header_spec.rb
    │   │   ├── json_spec.rb
    │   │   ├── link
    │   │   │   └── dom_spec.rb
    │   │   ├── link_spec.rb
    │   │   ├── link_template
    │   │   │   └── dom_spec.rb
    │   │   ├── link_template_spec.rb
    │   │   ├── nested_cookie_spec.rb
    │   │   ├── path_spec.rb
    │   │   ├── server_spec.rb
    │   │   ├── ui_form
    │   │   │   └── dom_spec.rb
    │   │   ├── ui_form_spec.rb
    │   │   ├── ui_input
    │   │   │   └── dom_spec.rb
    │   │   ├── ui_input_spec.rb
    │   │   └── xml_spec.rb
    │   ├── element_filter_spec.rb
    │   ├── error_spec.rb
    │   ├── framework
    │   │   └── parts
    │   │   │   ├── audit_spec.rb
    │   │   │   ├── browser_spec.rb
    │   │   │   ├── check_spec.rb
    │   │   │   ├── data_spec.rb
    │   │   │   ├── platform_spec.rb
    │   │   │   ├── plugin_spec.rb
    │   │   │   ├── report_spec.rb
    │   │   │   ├── scope_spec.rb
    │   │   │   └── state_spec.rb
    │   ├── framework_spec.rb
    │   ├── http
    │   │   ├── client
    │   │   │   └── dynamic_404_handlers_spec.rb
    │   │   ├── client_spec.rb
    │   │   ├── cookie_jar_spec.rb
    │   │   ├── headers_spec.rb
    │   │   ├── message_spec.rb
    │   │   ├── proxy_server_spec.rb
    │   │   ├── request_spec.rb
    │   │   ├── response
    │   │   │   └── scope_spec.rb
    │   │   └── response_spec.rb
    │   ├── issue
    │   │   ├── severity
    │   │   │   └── base_spec.rb
    │   │   └── severity_spec.rb
    │   ├── issue_spec.rb
    │   ├── option_groups
    │   │   ├── audit_spec.rb
    │   │   ├── browser_cluster_spec.rb
    │   │   ├── datastore_spec.rb
    │   │   ├── dispatcher_spec.rb
    │   │   ├── http_spec.rb
    │   │   ├── input_spec.rb
    │   │   ├── output_spec.rb
    │   │   ├── paths_spec.rb
    │   │   ├── rpc_spec.rb
    │   │   ├── scope_spec.rb
    │   │   ├── session_spec.rb
    │   │   └── snapshot_spec.rb
    │   ├── options_spec.rb
    │   ├── page
    │   │   ├── dom
    │   │   │   └── transition_spec.rb
    │   │   ├── dom_spec.rb
    │   │   └── scope_spec.rb
    │   ├── page_spec.rb
    │   ├── parser
    │   │   ├── document_spec.rb
    │   │   ├── nodes
    │   │   │   ├── comment_spec.rb
    │   │   │   ├── element
    │   │   │   │   ├── with_attributes
    │   │   │   │   │   └── attributes_spec.rb
    │   │   │   │   └── with_attributes_spec.rb
    │   │   │   ├── element_spec.rb
    │   │   │   └── text_spec.rb
    │   │   ├── sax_spec.rb
    │   │   ├── with_children
    │   │   │   └── search_spec.rb
    │   │   └── with_children_spec.rb
    │   ├── parser_spec.rb
    │   ├── platform
    │   │   ├── fingerprinter_spec.rb
    │   │   ├── list_spec.rb
    │   │   └── manager_spec.rb
    │   ├── plugin
    │   │   ├── base_spec.rb
    │   │   └── manager_spec.rb
    │   ├── report_spec.rb
    │   ├── reporter
    │   │   ├── base_spec.rb
    │   │   ├── manager_spec.rb
    │   │   └── options_spec.rb
    │   ├── rest
    │   │   └── server_spec.rb
    │   ├── rpc
    │   │   ├── client
    │   │   │   ├── base_spec.rb
    │   │   │   ├── dispatcher_spec.rb
    │   │   │   └── instance_spec.rb
    │   │   └── server
    │   │   │   ├── active_options_spec.rb
    │   │   │   ├── base_spec.rb
    │   │   │   ├── checks
    │   │   │       └── manager_spec.rb
    │   │   │   ├── dispatcher
    │   │   │       ├── node_spec.rb
    │   │   │       └── service_spec.rb
    │   │   │   ├── dispatcher_spec.rb
    │   │   │   ├── framework
    │   │   │       └── distributor_spec.rb
    │   │   │   ├── framework_multi_spec.rb
    │   │   │   ├── framework_spec.rb
    │   │   │   ├── instance_spec.rb
    │   │   │   ├── output_spec.rb
    │   │   │   └── plugin
    │   │   │       └── manager_spec.rb
    │   ├── ruby
    │   │   ├── array_spec.rb
    │   │   ├── hash_spec.rb
    │   │   ├── object_spec.rb
    │   │   ├── set_spec.rb
    │   │   ├── string_spec.rb
    │   │   └── webrick_spec.rb
    │   ├── scope_spec.rb
    │   ├── session_spec.rb
    │   ├── snapshot_spec.rb
    │   ├── state
    │   │   ├── audit_spec.rb
    │   │   ├── element_filter_spec.rb
    │   │   ├── framework
    │   │   │   └── rpc_spec.rb
    │   │   ├── framework_spec.rb
    │   │   ├── http_spec.rb
    │   │   ├── options_spec.rb
    │   │   └── plugins_spec.rb
    │   ├── state_spec.rb
    │   ├── support
    │   │   ├── buffer
    │   │   │   ├── autoflush_spec.rb
    │   │   │   └── base_spec.rb
    │   │   ├── cache
    │   │   │   ├── least_cost_replacement_spec.rb
    │   │   │   ├── least_recently_pushed_spec.rb
    │   │   │   ├── least_recently_used_spec.rb
    │   │   │   ├── preference_spec.rb
    │   │   │   └── random_replacement_spec.rb
    │   │   ├── crypto
    │   │   │   └── rsa_aes_cbc_spec.rb
    │   │   ├── database
    │   │   │   ├── hash_spec.rb
    │   │   │   └── queue_spec.rb
    │   │   ├── glob_spec.rb
    │   │   ├── lookup
    │   │   │   ├── hash_set_spec.rb
    │   │   │   └── moolb_spec.rb
    │   │   ├── mixins
    │   │   │   └── observable_spec.rb
    │   │   └── signature_spec.rb
    │   ├── trainer_spec.rb
    │   ├── typhoeus
    │   │   └── hydra_spec.rb
    │   ├── uri
    │   │   └── scope_spec.rb
    │   ├── uri_spec.rb
    │   └── utilities_spec.rb
    ├── components
    │   ├── checks
    │   │   ├── active
    │   │   │   ├── code_injection_spec.rb
    │   │   │   ├── code_injection_timing_spec.rb
    │   │   │   ├── csrf_spec.rb
    │   │   │   ├── file_inclusion_spec.rb
    │   │   │   ├── ldap_injection_spec.rb
    │   │   │   ├── no_sql_injection_differential_spec.rb
    │   │   │   ├── no_sql_injection_spec.rb
    │   │   │   ├── os_cmd_injection_spec.rb
    │   │   │   ├── os_cmd_injection_timing_spec.rb
    │   │   │   ├── path_traversal_spec.rb
    │   │   │   ├── response_splitting_spec.rb
    │   │   │   ├── rfi_spec.rb
    │   │   │   ├── session_fixation_spec.rb
    │   │   │   ├── source_code_disclosure_spec.rb
    │   │   │   ├── sql_injection_differential_spec.rb
    │   │   │   ├── sql_injection_spec.rb
    │   │   │   ├── sql_injection_timing_spec.rb
    │   │   │   ├── trainer_spec.rb
    │   │   │   ├── unvalidated_redirect_dom_spec.rb
    │   │   │   ├── unvalidated_redirect_spec.rb
    │   │   │   ├── xpath_injection_spec.rb
    │   │   │   ├── xss_dom_script_context_spec.rb
    │   │   │   ├── xss_dom_spec.rb
    │   │   │   ├── xss_event_spec.rb
    │   │   │   ├── xss_path_spec.rb
    │   │   │   ├── xss_script_context_spec.rb
    │   │   │   ├── xss_spec.rb
    │   │   │   ├── xss_tag_spec.rb
    │   │   │   └── xxe_spec.rb
    │   │   └── passive
    │   │   │   ├── allowed_methods_spec.rb
    │   │   │   ├── backdoors_spec.rb
    │   │   │   ├── backup_directories_spec.rb
    │   │   │   ├── backup_files_spec.rb
    │   │   │   ├── common_admin_interfaces_spec.rb
    │   │   │   ├── common_directories_spec.rb
    │   │   │   ├── common_files_spec.rb
    │   │   │   ├── directory_listing_spec.rb
    │   │   │   ├── grep
    │   │   │       ├── captcha_spec.rb
    │   │   │       ├── cookie_set_for_parent_domain_spec.rb
    │   │   │       ├── credit_card_spec.rb
    │   │   │       ├── cvs_svn_users_spec.rb
    │   │   │       ├── emails_spec.rb
    │   │   │       ├── form_upload_spec.rb
    │   │   │       ├── hsts_spec.rb
    │   │   │       ├── html_objects_spec.rb
    │   │   │       ├── http_only_cookies_spec.rb
    │   │   │       ├── insecure_cookies_spec.rb
    │   │   │       ├── insecure_cors_policy_spec.rb
    │   │   │       ├── mixed_resource_spec.rb
    │   │   │       ├── password_autocomplete_spec.rb
    │   │   │       ├── private_ip_spec.rb
    │   │   │       ├── ssn_spec.rb
    │   │   │       ├── unencrypted_password_forms_spec.rb
    │   │   │       └── x_frame_options_spec.rb
    │   │   │   ├── htaccess_limit_spec.rb
    │   │   │   ├── http_put_spec.rb
    │   │   │   ├── insecure_client_access_policy_spec.rb
    │   │   │   ├── insecure_cross_domain_policy_access_spec.rb
    │   │   │   ├── insecure_cross_domain_policy_headers_spec.rb
    │   │   │   ├── interesting_responses_spec.rb
    │   │   │   ├── localstart_asp_spec.rb
    │   │   │   ├── origin_spoof_access_restriction_bypass_spec.rb
    │   │   │   ├── webdav_spec.rb
    │   │   │   └── xst_spec.rb
    │   ├── fingerprinters
    │   │   ├── frameworks
    │   │   │   ├── aspx_mvc_spec.rb
    │   │   │   ├── cakephp_spec.rb
    │   │   │   ├── cherrypy_spec.rb
    │   │   │   ├── django_spec.rb
    │   │   │   ├── jsf_spec.rb
    │   │   │   ├── nette_spec.rb
    │   │   │   ├── rack_spec.rb
    │   │   │   ├── rails_spec.rb
    │   │   │   └── symphony_spec.rb
    │   │   ├── languages
    │   │   │   ├── asp_spec.rb
    │   │   │   ├── aspx_spec.rb
    │   │   │   ├── java_spec.rb
    │   │   │   ├── php_spec.rb
    │   │   │   ├── python_spec.rb
    │   │   │   └── ruby.rb
    │   │   ├── os
    │   │   │   ├── bsd_spec.rb
    │   │   │   ├── linux_spec.rb
    │   │   │   ├── solaris_spec.rb
    │   │   │   ├── unix_spec.rb
    │   │   │   └── windows_spec.rb
    │   │   └── servers
    │   │   │   ├── apache_spec.rb
    │   │   │   ├── gunicorn_spec.rb
    │   │   │   ├── iis_spec.rb
    │   │   │   ├── jetty_spec.rb
    │   │   │   ├── nginx_spec.rb
    │   │   │   └── tomcat_spec.rb
    │   ├── path_extractors
    │   │   ├── anchors_spec.rb
    │   │   ├── areas_spec.rb
    │   │   ├── comments_spec.rb
    │   │   ├── data_url_spec.rb
    │   │   ├── forms_spec.rb
    │   │   ├── frames_spec.rb
    │   │   ├── generic_spec.rb
    │   │   ├── links_spec.rb
    │   │   ├── meta_refresh_spec.rb
    │   │   └── scripts_spec.rb
    │   ├── plugins
    │   │   ├── autologin_spec.rb
    │   │   ├── autothrottle_spec.rb
    │   │   ├── content_types_spec.rb
    │   │   ├── cookie_collector_spec.rb
    │   │   ├── exec_spec.rb
    │   │   ├── form_dicattack_spec.rb
    │   │   ├── headers_collector_spec.rb
    │   │   ├── healthmap_spec.rb
    │   │   ├── http_dicattack_spec.rb
    │   │   ├── login_script_spec.rb
    │   │   ├── meta
    │   │   │   ├── remedies
    │   │   │   │   ├── discovery_spec.rb
    │   │   │   │   └── timing_attacks_spec.rb
    │   │   │   └── uniformity_spec.rb
    │   │   ├── restrict_to_dom_state_spec.rb
    │   │   ├── script_spec.rb
    │   │   ├── uncommon_headers_spec.rb
    │   │   ├── vector_collector_spec.rb
    │   │   ├── vector_feed_spec.rb
    │   │   ├── waf_detector_spec.rb
    │   │   └── webhook_notify_spec.rb
    │   └── reporters
    │   │   ├── ap_spec.rb
    │   │   ├── html_spec.rb
    │   │   ├── json_spec.rb
    │   │   ├── marshal_spec.rb
    │   │   ├── stdout_spec.rb
    │   │   ├── txt_spec.rb
    │   │   ├── xml_spec.rb
    │   │   └── yaml_spec.rb
    ├── external
    │   └── wavsep
    │   │   ├── active
    │   │       ├── lfi_spec.rb
    │   │       ├── obsolete_files_spec.rb
    │   │       ├── rfi_spec.rb
    │   │       ├── sqli_spec.rb
    │   │       ├── unvalidated_redirect_spec.rb
    │   │       ├── xss_dom_spec.rb
    │   │       └── xss_spec.rb
    │   │   └── false_positives
    │   │       ├── lfi_spec.rb
    │   │       ├── obsolete_files_spec.rb
    │   │       ├── rfi_spec.rb
    │   │       ├── sqli_spec.rb
    │   │       ├── unvalidated_redirect_spec.rb
    │   │       └── xss_spec.rb
    ├── spec_helper.rb
    └── support
    │   ├── factories
    │       ├── browser
    │       │   └── javascript
    │       │   │   └── taint_tracer
    │       │   │       ├── frame.rb
    │       │   │       ├── frame
    │       │   │           └── called_function.rb
    │       │   │       └── sink
    │       │   │           ├── data_flow.rb
    │       │   │           └── execution_flow.rb
    │       ├── browser_cluster
    │       │   └── job.rb
    │       ├── element
    │       │   ├── body.rb
    │       │   ├── cookie.rb
    │       │   ├── form.rb
    │       │   ├── generic_dom.rb
    │       │   ├── header.rb
    │       │   ├── json.rb
    │       │   ├── link.rb
    │       │   ├── link_template.rb
    │       │   ├── path.rb
    │       │   ├── server.rb
    │       │   ├── ui_form.rb
    │       │   ├── ui_input.rb
    │       │   └── xml.rb
    │       ├── http
    │       │   ├── request.rb
    │       │   └── response.rb
    │       ├── issue.rb
    │       ├── page.rb
    │       ├── page
    │       │   ├── dom.rb
    │       │   └── dom
    │       │   │   └── transition.rb
    │       ├── scan_report.rb
    │       └── vector.rb
    │   ├── fixtures
    │       ├── check_with_invalid_platforms
    │       │   └── with_invalid_platforms.rb
    │       ├── checks
    │       │   ├── test.rb
    │       │   ├── test2.rb
    │       │   └── test3.rb
    │       ├── cookies.txt
    │       ├── empty
    │       │   └── placeholder
    │       ├── executables
    │       │   └── node.rb
    │       ├── fingerprinters
    │       │   └── test.rb
    │       ├── nested_cookies.txt
    │       ├── option_groups
    │       │   └── input.yml
    │       ├── passwords.txt
    │       ├── plugins
    │       │   ├── bad.rb
    │       │   ├── defaults
    │       │   │   └── default.rb
    │       │   ├── distributable.rb
    │       │   ├── loop.rb
    │       │   ├── suspendable.rb
    │       │   ├── wait.rb
    │       │   └── with_options.rb
    │       ├── plugins_with_priorities
    │       │   ├── p0.rb
    │       │   ├── p00.rb
    │       │   ├── p1.rb
    │       │   ├── p2.rb
    │       │   ├── p22.rb
    │       │   ├── p222.rb
    │       │   ├── p_nil.rb
    │       │   └── p_nil2.rb
    │       ├── report.afr
    │       ├── reporters
    │       │   ├── base_spec
    │       │   │   ├── plugin_formatters
    │       │   │   │   └── with_formatters
    │       │   │   │   │   └── foobar.rb
    │       │   │   ├── with_formatters.rb
    │       │   │   ├── with_outfile.rb
    │       │   │   └── without_outfile.rb
    │       │   └── manager_spec
    │       │   │   ├── afr.rb
    │       │   │   ├── error.rb
    │       │   │   └── foo.rb
    │       ├── rescan.afr.tpl
    │       ├── run_check
    │       │   ├── body.rb
    │       │   ├── cookies.rb
    │       │   ├── empty.rb
    │       │   ├── flch.rb
    │       │   ├── forms.rb
    │       │   ├── headers.rb
    │       │   ├── links.rb
    │       │   ├── nil.rb
    │       │   ├── path.rb
    │       │   └── server.rb
    │       ├── script_plugin.rb
    │       ├── services
    │       │   └── echo.rb
    │       ├── signature_check
    │       │   └── signature.rb
    │       ├── usernames.txt
    │       └── wait_check
    │       │   └── wait.rb
    │   ├── helpers
    │       ├── auditor.rb
    │       ├── browser.rb
    │       ├── browser_cluster
    │       │   └── jobs
    │       │   │   └── taint_tracer.rb
    │       ├── framework.rb
    │       ├── misc.rb
    │       ├── pages.rb
    │       ├── paths.rb
    │       ├── request_helpers.rb
    │       ├── requires.rb
    │       ├── resets.rb
    │       └── web_server.rb
    │   ├── lib
    │       ├── factory.rb
    │       ├── web_server_client.rb
    │       ├── web_server_dispatcher.rb
    │       └── web_server_manager.rb
    │   ├── logs
    │       └── placeholder
    │   ├── pems
    │       ├── cacert.pem
    │       ├── client
    │       │   ├── cert.pem
    │       │   ├── foo-cert.pem
    │       │   ├── foo-key.pem
    │       │   └── key.pem
    │       └── server
    │       │   ├── cert.pem
    │       │   └── key.pem
    │   ├── servers
    │       ├── arachni
    │       │   ├── browser.rb
    │       │   ├── browser
    │       │   │   ├── javascript.rb
    │       │   │   └── javascript
    │       │   │   │   ├── angular-1.2.8.js
    │       │   │   │   ├── angular-route.js
    │       │   │   │   ├── dom_monitor.rb
    │       │   │   │   ├── jquery-2.0.3.js
    │       │   │   │   ├── jquery.cookie.js
    │       │   │   │   ├── proxy.rb
    │       │   │   │   └── taint_tracer.rb
    │       │   ├── browser_cluster
    │       │   │   └── jobs
    │       │   │   │   └── event_trigger.rb
    │       │   ├── browser_https.rb
    │       │   ├── check
    │       │   │   └── auditor.rb
    │       │   ├── element
    │       │   │   ├── body.rb
    │       │   │   ├── capabilities
    │       │   │   │   └── analyzable
    │       │   │   │   │   ├── differential.rb
    │       │   │   │   │   ├── signature.rb
    │       │   │   │   │   └── timeout.rb
    │       │   │   ├── cookie.rb
    │       │   │   ├── cookie
    │       │   │   │   └── cookie_dom.rb
    │       │   │   ├── form.rb
    │       │   │   ├── form
    │       │   │   │   └── form_dom.rb
    │       │   │   ├── header.rb
    │       │   │   ├── input
    │       │   │   │   └── input_dom.rb
    │       │   │   ├── json.rb
    │       │   │   ├── link.rb
    │       │   │   ├── link
    │       │   │   │   └── link_dom.rb
    │       │   │   ├── link_template.rb
    │       │   │   ├── link_template
    │       │   │   │   └── link_template_dom.rb
    │       │   │   ├── nested_cookie.rb
    │       │   │   ├── ui_form
    │       │   │   │   └── ui_form_dom.rb
    │       │   │   └── xml.rb
    │       │   ├── framework.rb
    │       │   ├── http
    │       │   │   ├── client.rb
    │       │   │   ├── client
    │       │   │   │   ├── dynamic_404_handler.rb
    │       │   │   │   ├── dynamic_404_handler_redirect_1.rb
    │       │   │   │   └── dynamic_404_handler_redirect_2.rb
    │       │   │   ├── proxy_server.rb
    │       │   │   └── proxy_server_https.rb
    │       │   ├── page
    │       │   │   └── page_dom.rb
    │       │   ├── parser.rb
    │       │   ├── rpc
    │       │   │   └── server
    │       │   │   │   └── framework_multi.rb
    │       │   ├── session.rb
    │       │   └── trainer.rb
    │       ├── checks
    │       │   ├── active
    │       │   │   ├── code_injection.rb
    │       │   │   ├── code_injection_timing.rb
    │       │   │   ├── csrf.rb
    │       │   │   ├── file_inclusion.rb
    │       │   │   ├── ldap_injection.rb
    │       │   │   ├── no_sql_injection.rb
    │       │   │   ├── no_sql_injection
    │       │   │   │   └── mongodb
    │       │   │   ├── no_sql_injection_differential.rb
    │       │   │   ├── os_cmd_injection.rb
    │       │   │   ├── os_cmd_injection_timing.rb
    │       │   │   ├── path_traversal.rb
    │       │   │   ├── response_splitting.rb
    │       │   │   ├── rfi.rb
    │       │   │   ├── session_fixation.rb
    │       │   │   ├── source_code_disclosure.rb
    │       │   │   ├── sql_injection.rb
    │       │   │   ├── sql_injection
    │       │   │   │   ├── access
    │       │   │   │   ├── coldfusion
    │       │   │   │   ├── db2
    │       │   │   │   ├── emc
    │       │   │   │   ├── firebird
    │       │   │   │   ├── frontbase
    │       │   │   │   ├── hsqldb
    │       │   │   │   ├── informix
    │       │   │   │   ├── ingres
    │       │   │   │   ├── interbase
    │       │   │   │   ├── java
    │       │   │   │   ├── jdbc
    │       │   │   │   ├── maxdb
    │       │   │   │   ├── mssql
    │       │   │   │   ├── mysql
    │       │   │   │   ├── oracle
    │       │   │   │   ├── pgsql
    │       │   │   │   ├── sqlite
    │       │   │   │   └── sybase
    │       │   │   ├── sql_injection_differential.rb
    │       │   │   ├── sql_injection_timing.rb
    │       │   │   ├── trainer_check.rb
    │       │   │   ├── unvalidated_redirect.rb
    │       │   │   ├── unvalidated_redirect_dom.rb
    │       │   │   ├── xpath_injection.rb
    │       │   │   ├── xpath_injection
    │       │   │   │   ├── dotnet
    │       │   │   │   ├── general
    │       │   │   │   ├── java
    │       │   │   │   ├── libxml2
    │       │   │   │   └── php
    │       │   │   ├── xss.rb
    │       │   │   ├── xss_dom.rb
    │       │   │   ├── xss_dom_script_context.rb
    │       │   │   ├── xss_event.rb
    │       │   │   ├── xss_path.rb
    │       │   │   ├── xss_script_context.rb
    │       │   │   ├── xss_tag.rb
    │       │   │   └── xxe.rb
    │       │   ├── check_server.rb
    │       │   └── passive
    │       │   │   ├── allowed_methods.rb
    │       │   │   ├── backdoors.rb
    │       │   │   ├── backup_directories.rb
    │       │   │   ├── backup_files.rb
    │       │   │   ├── common_admin_interfaces.rb
    │       │   │   ├── common_directories.rb
    │       │   │   ├── common_files.rb
    │       │   │   ├── directory_listing.rb
    │       │   │   ├── grep
    │       │   │       ├── captcha.rb
    │       │   │       ├── cookie_set_for_parent_domain.rb
    │       │   │       ├── credit_card.rb
    │       │   │       ├── cvs_svn_users.rb
    │       │   │       ├── emails.rb
    │       │   │       ├── form_upload.rb
    │       │   │       ├── hsts_https.rb
    │       │   │       ├── html_objects.rb
    │       │   │       ├── http_only_cookies.rb
    │       │   │       ├── insecure_cookies_https.rb
    │       │   │       ├── insecure_cors_policy.rb
    │       │   │       ├── mixed_resource_https.rb
    │       │   │       ├── password_autocomplete.rb
    │       │   │       ├── private_ip.rb
    │       │   │       ├── ssn.rb
    │       │   │       ├── unencrypted_password_forms.rb
    │       │   │       └── x_frame_options.rb
    │       │   │   ├── htaccess_limit.rb
    │       │   │   ├── http_put.rb
    │       │   │   ├── insecure_client_access_policy.rb
    │       │   │   ├── insecure_cross_domain_policy_access.rb
    │       │   │   ├── insecure_cross_domain_policy_headers.rb
    │       │   │   ├── interesting_responses.rb
    │       │   │   ├── localstart_asp.rb
    │       │   │   ├── origin_spoof_access_restriction_bypass.rb
    │       │   │   ├── webdav.rb
    │       │   │   └── xst.rb
    │       └── plugins
    │       │   ├── autologin.rb
    │       │   ├── autothrottle.rb
    │       │   ├── content_types.rb
    │       │   ├── cookie_collector.rb
    │       │   ├── form_dicattack.rb
    │       │   ├── headers_collector.rb
    │       │   ├── healthmap.rb
    │       │   ├── http_dicattack.rb
    │       │   ├── http_dicattack_secure.rb
    │       │   ├── http_dicattack_unprotected.rb
    │       │   ├── login_script.rb
    │       │   ├── meta
    │       │       └── remedies
    │       │       │   ├── discovery.rb
    │       │       │   └── timing_attacks.rb
    │       │   ├── restrict_to_dom_state.rb
    │       │   ├── uncommon_headers.rb
    │       │   ├── vector_collector.rb
    │       │   ├── waf_detector.rb
    │       │   └── webhook_notify.rb
    │   └── shared
    │       ├── browser
    │           └── javascript
    │           │   └── taint_tracer
    │           │       └── sink
    │           │           └── base.rb
    │       ├── check.rb
    │       ├── component.rb
    │       ├── component
    │           └── options
    │           │   └── base.rb
    │       ├── element
    │           ├── base.rb
    │           ├── capabilities
    │           │   ├── auditable.rb
    │           │   ├── auditable
    │           │   │   ├── buffered.rb
    │           │   │   └── line_buffered.rb
    │           │   ├── dom_only.rb
    │           │   ├── inputtable.rb
    │           │   ├── mutable.rb
    │           │   ├── refreshable.rb
    │           │   ├── submittable.rb
    │           │   ├── with_auditor.rb
    │           │   ├── with_dom.rb
    │           │   ├── with_node.rb
    │           │   ├── with_scope.rb
    │           │   └── with_source.rb
    │           ├── dom.rb
    │           └── dom
    │           │   ├── auditable.rb
    │           │   ├── inputtable.rb
    │           │   ├── locatable.rb
    │           │   ├── mutable.rb
    │           │   └── submittable.rb
    │       ├── external
    │           └── wavsep.rb
    │       ├── fingerprinter.rb
    │       ├── framework.rb
    │       ├── http
    │           └── message.rb
    │       ├── option_group.rb
    │       ├── path_extractor.rb
    │       ├── plugin.rb
    │       ├── reporter.rb
    │       └── support
    │           ├── cache.rb
    │           └── lookup.rb
└── ui
    └── cli
        ├── framework.rb
        ├── framework
            └── option_parser.rb
        ├── option_parser.rb
        ├── output.rb
        ├── reporter.rb
        ├── reporter
            └── option_parser.rb
        ├── reproduce.rb
        ├── reproduce
            └── option_parser.rb
        ├── rest
            ├── server.rb
            └── server
            │   └── option_parser.rb
        ├── restored_framework.rb
        ├── restored_framework
            └── option_parser.rb
        ├── rpc
            ├── client
            │   ├── dispatcher_monitor.rb
            │   ├── dispatcher_monitor
            │   │   └── option_parser.rb
            │   ├── instance.rb
            │   ├── local.rb
            │   ├── local
            │   │   └── option_parser.rb
            │   ├── remote.rb
            │   └── remote
            │   │   └── option_parser.rb
            └── server
            │   ├── dispatcher.rb
            │   └── dispatcher
            │       └── option_parser.rb
        └── utilities.rb


/.gitignore:
--------------------------------------------------------------------------------
 1 | Gemfile.lock
 2 | .idea/
 3 | *.gem
 4 | /tmp
 5 | /logs/
 6 | /snapshots/
 7 | /spec/logs/
 8 | /spec/support/logs/
 9 | /private.pem
10 | error.log
11 | /lib/arachni/ui/web/server/db/*
12 | /lib/arachni/ui/web/server/tmp/*
13 | /lib/arachni/ui/web/server/public/reports/*
14 | TODO
15 | .rvmrc
16 | coverage/
17 | .env
18 | .bundle/
19 | *.afs
20 | *.afr
21 | 


--------------------------------------------------------------------------------
/.jrubyrc:
--------------------------------------------------------------------------------
 1 | # Ruby 2.0 mode.
 2 | compat.version=2.0
 3 | 
 4 | # Make backtraces pretty.
 5 | errno.backtrace=true
 6 | backtrace.color=true
 7 | backtrace.style=mri
 8 | 
 9 | # Keep a lot of methods in the JIT cache.
10 | jit.max=16384
11 | 
12 | # Could be trouble.
13 | compile.fastest=true
14 | 
15 | # Store the JIT compilation data to disk for subsequent runs.
16 | # Could be nice but has to remain disabled for now as it throws
17 | # 'java.lang.NullPointerException' during runtime.
18 | #jit.codeCache=tmp/jit-cache
19 | 


--------------------------------------------------------------------------------
/.ruby-gemset:
--------------------------------------------------------------------------------
1 | arachni
2 | 


--------------------------------------------------------------------------------
/.ruby-version:
--------------------------------------------------------------------------------
1 | ruby-2.7.5
2 | 


--------------------------------------------------------------------------------
/.yardopts:
--------------------------------------------------------------------------------
 1 | --no-private
 2 | --markup=markdown
 3 | --verbose
 4 | --title "Arachni - Web Application Security Scanner Framework"
 5 | components/**/*.rb
 6 | lib/**/*.rb
 7 | ui/**/*.rb
 8 | -
 9 | CHANGELOG.md
10 | LICENSE.md
11 | 


--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
 1 | source 'https://rubygems.org'
 2 | 
 3 | gem 'rake', '>= 12.3.3'
 4 | gem 'pry'
 5 | 
 6 | group :docs do
 7 |     gem 'yard'
 8 |     gem 'redcarpet'
 9 | end
10 | 
11 | group :spec do
12 |     gem 'rspec'
13 |     gem 'faker'
14 | end
15 | 
16 | group :prof do
17 |     gem 'stackprof'
18 |     gem 'sys-proctable'
19 |     gem 'ruby-mass'
20 |     gem 'benchmark-ips'
21 |     gem 'memory_profiler'
22 | end
23 | 
24 | gemspec
25 | 


--------------------------------------------------------------------------------
/bin/arachni:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../ui/cli/framework'
11 | 
12 | Arachni::UI::CLI::Framework.new
13 | 


--------------------------------------------------------------------------------
/bin/arachni_multi:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../lib/arachni'
11 | require_relative '../ui/cli/rpc/client/local'
12 | 
13 | if Arachni.windows?
14 |     Arachni::UI::Output.print_error "This interface is not available on MS Windows."
15 |     exit
16 | end
17 | 
18 | Arachni::UI::CLI::RPC::Client::Local.new
19 | 


--------------------------------------------------------------------------------
/bin/arachni_reporter:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../ui/cli/reporter'
11 | 
12 | Arachni::UI::CLI::Reporter.new
13 | 


--------------------------------------------------------------------------------
/bin/arachni_reproduce:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../ui/cli/reproduce'
11 | 
12 | Arachni::UI::CLI::Reproduce.new
13 | 


--------------------------------------------------------------------------------
/bin/arachni_rest_server:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../lib/arachni'
11 | require_relative '../ui/cli/rest/server'
12 | 
13 | Arachni::UI::CLI::Rest::Server.new
14 | 


--------------------------------------------------------------------------------
/bin/arachni_restore:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../ui/cli/restored_framework'
11 | 
12 | Arachni::UI::CLI::RestoredFramework.new
13 | 


--------------------------------------------------------------------------------
/bin/arachni_rpc:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../lib/arachni'
11 | require_relative '../ui/cli/rpc/client/remote'
12 | 
13 | if Arachni.windows?
14 |     Arachni::UI::Output.print_error "This interface is not available on MS Windows."
15 |     exit
16 | end
17 | 
18 | Arachni::UI::CLI::RPC::Client::Remote.new
19 | 


--------------------------------------------------------------------------------
/bin/arachni_rpcd:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../lib/arachni'
11 | require_relative '../ui/cli/rpc/server/dispatcher'
12 | 
13 | Arachni::UI::CLI::RPC::Server::Dispatcher.new
14 | 


--------------------------------------------------------------------------------
/bin/arachni_rpcd_monitor:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | =begin
 3 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 4 | 
 5 |     This file is part of the Arachni Framework project and is subject to
 6 |     redistribution and commercial restrictions. Please see the Arachni Framework
 7 |     web site for more information on licensing and terms of use.
 8 | =end
 9 | 
10 | require_relative '../lib/arachni'
11 | require_relative '../ui/cli/rpc/client/dispatcher_monitor'
12 | 
13 | if Arachni.windows?
14 |     Arachni::UI::Output.print_error "This interface is not available on MS Windows."
15 |     exit
16 | end
17 | 
18 | Arachni::UI::CLI::RPC::Client::DispatcherMonitor.new
19 | 


--------------------------------------------------------------------------------
/components/checks/active/no_sql_injection/substrings/mongodb:
--------------------------------------------------------------------------------
1 | Uncaught exception 'MongoCursorException'
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/ignore_substrings:
--------------------------------------------------------------------------------
1 | String or binary data would be truncated
2 | Access denied for user
3 | Invalid Input for SQL
4 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/db2.yaml:
--------------------------------------------------------------------------------
1 | CLI Driver: CLI Driver.*DB2
2 | db2_: db2_\w+\(
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/frontbase.yaml:
--------------------------------------------------------------------------------
1 | Transaction rollback: Exception (condition )?\d+\. Transaction rollback\.
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/hsqldb.yaml:
--------------------------------------------------------------------------------
1 | Unexpected token: Unexpected token.*in statement \[
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/informix.yaml:
--------------------------------------------------------------------------------
1 | Informix: Exception.*Informix
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/ingres.yaml:
--------------------------------------------------------------------------------
1 | ingres_: Warning.*ingres_
2 | Ingres: Ingres\W.*Driver
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/maxdb.yaml:
--------------------------------------------------------------------------------
1 | SQL error: SQL error.*POS([0-9]+).*
2 | maxdb: Warning.*maxdb.*
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/mssql.yaml:
--------------------------------------------------------------------------------
1 | Procedure or function: Procedure or function .* expects parameter
2 | in query expression: Syntax error .* in query expression
3 | SQL Server: OLE DB.*SQL Server
4 | mssql_: Warning.*mssql_.*
5 | Driver: Driver.*SQL[\-\_\ ]*Server
6 | SQL Server: SQL Server.*Driver
7 | SQL Server: SQL Server.*[0-9a-fA-F]{8}
8 | SqlClient: Exception.*\WSystem\.Data\.SqlClient\.
9 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/mysql.yaml:
--------------------------------------------------------------------------------
1 | Table ': Table '[^']+' doesn't exist
2 | SQL syntax: SQL syntax.*MySQL
3 | mysql_: Warning.*mysql_.*
4 | 
5 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/oracle.yaml:
--------------------------------------------------------------------------------
1 | ORA-: ORA-[0-9][0-9][0-9][0-9]
2 | Oracle: Oracle.*Driver
3 | oci_: Warning.*oci_.*
4 | ora_: Warning.*ora_.*
5 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/pgsql.yaml:
--------------------------------------------------------------------------------
1 | ERROR: PostgreSQL.*ERROR
2 | pg_: Warning.*pg_.*
3 | PG::: PG::([a-zA-Z]*)Error
4 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/sqlite.yaml:
--------------------------------------------------------------------------------
1 | sqlite_: Warning.*sqlite_.*
2 | SQLite3::: "Warning.*SQLite3::"
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/regexps/sybase.yaml:
--------------------------------------------------------------------------------
1 | sybase: Warning.*sybase.*
2 | Server message: Sybase.*Server message.*
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/access:
--------------------------------------------------------------------------------
1 | JET Database Engine
2 | Access Database Engine
3 | [Microsoft][ODBC Microsoft Access Driver]
4 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/db2:
--------------------------------------------------------------------------------
1 | [IBM][CLI Driver][DB2/6000]
2 | DB2 SQL error
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/emc:
--------------------------------------------------------------------------------
1 | [DM_QUERY_E_SYNTAX]
2 | has occurred in the vicinity of:
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/firebird:
--------------------------------------------------------------------------------
1 | Dynamic SQL Error
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/hsqldb:
--------------------------------------------------------------------------------
1 | org.hsqldb.jdbc
2 | Unexpected end of command in statement [
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/informix:
--------------------------------------------------------------------------------
1 | An illegal character has been found in the statement
2 | com.informix.jdbc
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/ingres:
--------------------------------------------------------------------------------
1 | Ingres SQLSTATE
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/interbase:
--------------------------------------------------------------------------------
1 | <b>Warning</b>: ibase_
2 | Unexpected end of command in statement
3 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/java:
--------------------------------------------------------------------------------
1 | org.hibernate.QueryException: unexpected char:
2 | org.hibernate.QueryException: expecting '
3 | java.sql.SQLSyntaxErrorException
4 | java.sql.SQLException
5 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/mssql:
--------------------------------------------------------------------------------
 1 | System.Data.OleDb.OleDbException
 2 | [Microsoft][ODBC SQL Server Driver]
 3 | [Macromedia][SQLServer JDBC Driver]
 4 | [SqlException
 5 | System.Data.SqlClient.SqlException
 6 | Unclosed quotation mark after the character string
 7 | '80040e14'
 8 | mssql_query()
 9 | Microsoft OLE DB Provider for ODBC Drivers
10 | Microsoft OLE DB Provider for SQL Server
11 | Incorrect syntax near
12 | Sintaxis incorrecta cerca de
13 | Syntax error in string in query expression
14 | Unclosed quotation mark before the character string
15 | Data type mismatch in criteria expression.
16 | ADODB.Field (0x800A0BCD)
17 | the used select statements have different number of columns
18 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/mysql:
--------------------------------------------------------------------------------
 1 | supplied argument is not a valid MySQL
 2 | Column count doesn't match value count at row
 3 | mysql_fetch_array()
 4 | on MySQL result index
 5 | You have an error in your SQL syntax;
 6 | You have an error in your SQL syntax near
 7 | MySQL server version for the right syntax to use
 8 | [MySQL][ODBC
 9 | Column count doesn't match
10 | valid MySQL result
11 | MySqlClient.
12 | 
13 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/oracle:
--------------------------------------------------------------------------------
1 | Oracle error
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/pgsql:
--------------------------------------------------------------------------------
1 | PostgreSQL query failed:
2 | supplied argument is not a valid PostgreSQL result
3 | pg_query() [:
4 | pg_exec() [:
5 | valid PostgreSQL result
6 | Npgsql.
7 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/sqlite:
--------------------------------------------------------------------------------
1 | SQLite/JDBCDriver
2 | SQLite.Exception
3 | System.Data.SQLite.SQLiteException
4 | SQLITE_ERROR
5 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection/substrings/sybase:
--------------------------------------------------------------------------------
1 | Sybase message:
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection_differential/payloads.txt:
--------------------------------------------------------------------------------
1 | -1839%q% or
2 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection_timing/mssql.txt:
--------------------------------------------------------------------------------
 1 | ;waitfor delay '0:0:__TIME__'--[space]
 2 | ';waitfor delay '0:0:__TIME__'--[space]
 3 | ";waitfor delay '0:0:__TIME__'--[space]
 4 | );waitfor delay '0:0:__TIME__'--[space]
 5 | ');waitfor delay '0:0:__TIME__'--[space]
 6 | ");waitfor delay '0:0:__TIME__'--[space]
 7 | ));waitfor delay '0:0:__TIME__'--[space]
 8 | '));waitfor delay '0:0:__TIME__'--[space]
 9 | "));waitfor delay '0:0:__TIME__'--[space]
10 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection_timing/mysql.txt:
--------------------------------------------------------------------------------
 1 | [space]and sleep(__TIME__)
 2 | [space]or sleep(__TIME__) #[space]
 3 | ' and sleep(__TIME__)='
 4 | ' and sleep(__TIME__) #[space]
 5 | " and sleep(__TIME__)="
 6 | ' or sleep(__TIME__) #[space]
 7 | " or sleep(__TIME__) #[space]
 8 | '=sleep(__TIME__)='
 9 | "=sleep(__TIME__)="
10 | ' where sleep(__TIME__) #[space]
11 | 


--------------------------------------------------------------------------------
/components/checks/active/sql_injection_timing/pgsql.txt:
--------------------------------------------------------------------------------
1 | ;select pg_sleep(__TIME__); --[space]
2 | ';select pg_sleep(__TIME__); --[space]
3 | );select pg_sleep(__TIME__); --[space]
4 | ');select pg_sleep(__TIME__); --[space]
5 | ));select pg_sleep(__TIME__); --[space]
6 | '));select pg_sleep(__TIME__); --[space]
7 | 


--------------------------------------------------------------------------------
/components/checks/passive/backdoors/filenames.txt:
--------------------------------------------------------------------------------
 1 | r57shell.php
 2 | r57.php
 3 | c99shell.php
 4 | c99.php
 5 | nstview.php
 6 | nst.php
 7 | rst.php
 8 | r57eng.php
 9 | shell.php
10 | r.php
11 | lol.php
12 | zehir.php
13 | c-h.v2.php
14 | php-backdoor.php
15 | simple-backdoor.php
16 | cmdasp.asp
17 | cmd-asp-5.1.asp
18 | cmdasp.aspx
19 | shell.sh
20 | cfexec.cfm
21 | cmdjsp.jsp
22 | jsp-reverse.jsp
23 | perlcmd.cgi
24 | perl-reverse-shell.pl
25 | php-findsock-shell.php
26 | php-reverse-shell.php
27 | php-tiny-shell.php
28 | qsd-php-backdoor.php
29 | 


--------------------------------------------------------------------------------
/components/checks/passive/common_admin_interfaces/admin-panels.txt:
--------------------------------------------------------------------------------
 1 | .admin
 2 | .adm
 3 | adm
 4 | admin
 5 | admin-login
 6 | admin.asp
 7 | admin.aspx
 8 | admin.cfm
 9 | admin.cgi
10 | admin.do
11 | admin.htm
12 | admin.html
13 | admin.jsp
14 | admin.php
15 | admin.php3
16 | admin2
17 | admin_
18 | admin_login
19 | admin_logon
20 | administracion
21 | administrador
22 | administrateur
23 | administration
24 | administrator
25 | administrator
26 | administrator-login
27 | adminlogon
28 | authadmin
29 | backend
30 | console
31 | fpadmin
32 | iisadmin
33 | manage
34 | manager
35 | operador
36 | operator
37 | ops
38 | phpmyadmin
39 | portal
40 | siteadmin
41 | staff
42 | user
43 | users
44 | usuario
45 | usuarios
46 | vpn
47 | webadmin
48 | wp-admin/install.php
49 | wp-admin/setup-config.php
50 | ~admin
51 | 


--------------------------------------------------------------------------------
/components/checks/passive/common_files/filenames.txt:
--------------------------------------------------------------------------------
 1 | robots.txt
 2 | sitemap.xml
 3 | sitemap.xml.gz
 4 | phpinfo.php
 5 | CVS/Repository
 6 | CVS/Root
 7 | CVS/Entries
 8 | .svn/wc.db
 9 | .svn/all-wcprops
10 | .git/HEAD
11 | _mmServerScripts/MMHTTPDB.php
12 | _mmServerScripts/MMHTTPDB.asp
13 | _mmDBScripts/MMHTTPDB.php
14 | _mmDBScripts/MMHTTPDB.asp
15 | config/database.yml
16 | install.php
17 | config.php
18 | php.ini
19 | error_log
20 | elmah.axd
21 | server-status
22 | WEB-INF (copy)/web.xml
23 | WEB-INF - Copy/web.xml
24 | Copy of WEB-INF/web.xml
25 | 


--------------------------------------------------------------------------------
/components/fingerprinters/frameworks/cakephp.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | # Identifies CakePHP resources.
13 | #
14 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
15 | #
16 | # @version 0.1
17 | class CakePHP < Platform::Fingerprinter
18 | 
19 |     def run
20 |         if cookies.include?( 'cakephp' )
21 |             platforms << :php << :cakephp
22 |         end
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/fingerprinters/frameworks/jsf.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | # Identifies JSF resources.
13 | #
14 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
15 | #
16 | # @version 0.1
17 | class JSF < Platform::Fingerprinter
18 | 
19 |     def run
20 |         if server_or_powered_by_include?( 'jsf' ) ||
21 |             parameters.include?( 'javax.faces.token')
22 | 
23 |             platforms << :java << :jsf
24 |         end
25 |     end
26 | 
27 | end
28 | 
29 | end
30 | end
31 | 


--------------------------------------------------------------------------------
/components/fingerprinters/frameworks/symfony.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | # Identifies Default Symfony Framework cookie.
13 | #
14 | # @author Tomas Dobrotka <tomas@dobrotka.sk>
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | # @version 0.1
17 | class Symfony < Platform::Fingerprinter
18 | 
19 |     def run
20 |         return if !cookies.include?( 'symfony' )
21 | 
22 |         platforms << :php << :symfony
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/fingerprinters/os/bsd.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | #
13 | # Identifies BSD operating systems.
14 | #
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | #
17 | # @version 0.1
18 | #
19 | class BSD < Platform::Fingerprinter
20 | 
21 |     def run
22 |         platforms << :bsd if server_or_powered_by_include? 'bsd'
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/fingerprinters/os/unix.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | #
13 | # Identifies *nix operating systems whose flavor couldn't be determines.
14 | #
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | #
17 | # @version 0.1
18 | #
19 | class Unix < Platform::Fingerprinter
20 | 
21 |     def run
22 |         platforms << :unix if server_or_powered_by_include? 'unix'
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/fingerprinters/servers/iis.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | #
13 | # Identifies IIS web servers.
14 | #
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | #
17 | # @version 0.1
18 | #
19 | class IIS < Platform::Fingerprinter
20 | 
21 |     def run
22 |         platforms << :windows << :iis if server_or_powered_by_include? 'iis'
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/fingerprinters/servers/jetty.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | #
13 | # Identifies Jetty web servers.
14 | #
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | #
17 | # @version 0.1
18 | #
19 | class Jetty < Platform::Fingerprinter
20 | 
21 |     def run
22 |         platforms << :java << :jetty if server_or_powered_by_include? 'jetty'
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/fingerprinters/servers/nginx.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | #
13 | # Identifies Nginx web servers.
14 | #
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | #
17 | # @version 0.1
18 | #
19 | class Nginx < Platform::Fingerprinter
20 | 
21 |     def run
22 |         platforms << :nginx if server_or_powered_by_include? 'nginx'
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/components/path_extractors/anchors.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Extracts paths from anchor elements.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Parser::Extractors::Anchors < Arachni::Parser::Extractors::Base
13 | 
14 |     def run
15 |         return [] if !check_for?( 'href' )
16 | 
17 |         document.nodes_by_name( 'a' ).map { |a| a['href'] }
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/components/path_extractors/areas.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Extracts paths from anchor elements.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Parser::Extractors::Areas < Arachni::Parser::Extractors::Base
13 | 
14 |     def run
15 |         return [] if !check_for?( 'area' ) || !check_for?( 'href' )
16 | 
17 |         document.nodes_by_name( 'area' ).map { |a| a['href'] }
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/components/path_extractors/data_url.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Extracts paths from `data-url` attributes.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Parser::Extractors::DataURL < Arachni::Parser::Extractors::Base
13 | 
14 |     def run
15 |         return [] if !html || !check_for?( 'data-url' )
16 | 
17 |         html.scan( /data-url\s*=\s*['"]?(.*?)?['"]?[\s>]/ )
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/components/path_extractors/forms.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Extracts paths from "form" HTML elements.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Parser::Extractors::Forms < Arachni::Parser::Extractors::Base
13 | 
14 |     def run
15 |         return [] if !check_for?( 'action' )
16 | 
17 |         document.nodes_by_name( 'form' ).map { |f| f['action'] }
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/components/path_extractors/frames.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Extracts paths from frames.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Parser::Extractors::Frames < Arachni::Parser::Extractors::Base
13 | 
14 |     def run
15 |         return [] if !check_for?( 'frame' )
16 | 
17 |         document.nodes_by_names( ['frame', 'iframe'] ).map { |n| n['src'] }
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/components/path_extractors/links.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Extracts paths from "link" HTML elements.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Parser::Extractors::Links < Arachni::Parser::Extractors::Base
13 | 
14 |     def run
15 |         return [] if !check_for?( 'link' )
16 | 
17 |         document.nodes_by_name( 'link' ).map { |l| l['href'] }
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/403_forbidden.html.erb:
--------------------------------------------------------------------------------
 1 | <% content_for :title, 'Forbidden request - trying to reach a foreign resource' %>
 2 | 
 3 | <div class="hero-unit">
 4 |     <h1><em>403</em> Forbidden,</h1>
 5 |     <h2>because:</h2>
 6 |     <ul>
 7 |         <% reasons.each do |reason| %>
 8 |         <li><%= reason %></li>
 9 |         <% end %>
10 |     </ul>
11 | </div>
12 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/404_not_found.html.erb:
--------------------------------------------------------------------------------
1 | <% content_for :title, 'File not found' %>
2 | 
3 | <div class="hero-unit">
4 |     <h1><em>404</em> Not Found</h1>
5 |     <p>You sure you know what you're looking for?</p>
6 | </div>
7 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/css/panel.css:
--------------------------------------------------------------------------------
 1 | .faded {
 2 |     opacity: 0.3;
 3 | }
 4 | 
 5 | a:hover .faded {
 6 |     opacity: 1;
 7 | }
 8 | 
 9 | .record-icon {
10 |     background-image: url("/img/record.png");
11 |     background-position: 14px 14px;
12 | }
13 | 
14 | .navbar {
15 |     box-shadow: 0 0 2px 1px #313131 inset, 0 1px 5px #080808;
16 | }
17 | 
18 | #loading {
19 |     display: none;
20 | }
21 | 
22 | .progress {
23 |     margin-bottom: 0px;
24 |     padding: 9px 10px 11px;
25 |     background: none;
26 | }
27 | 
28 | .progress.active .bar {
29 |     width: 300px
30 | }
31 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/img/glyphicons-halflings-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/plugins/proxy/panel/img/glyphicons-halflings-white.png


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/img/glyphicons-halflings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/plugins/proxy/panel/img/glyphicons-halflings.png


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/img/record.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/plugins/proxy/panel/img/record.png


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/inspect.html.erb:
--------------------------------------------------------------------------------
1 | <div class="hero-unit">
2 |     <h1>
3 |       <em><%= pages.size %></em>
4 |       pages with auditable elements
5 |     </h1>
6 | </div>
7 | 
8 | <%= render :page_twin_accordion, pages: pages  %>
9 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/page_twin_accordion.html.erb:
--------------------------------------------------------------------------------
 1 | <%
 2 |    rp, lp = []
 3 |    if pages.any?
 4 |        rp, lp = *pages.chunk( 2 )
 5 |    end
 6 | 
 7 |    rp ||= []
 8 |    rl ||= []
 9 | %>
10 | 
11 | <div class="row">
12 |     <div class="span6">
13 |         <%= render :page_accordion, pages: lp  %>
14 |     </div>
15 |     <div class="span6">
16 |         <%= render :page_accordion, pages: rp  %>
17 |     </div>
18 | </div>
19 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/shutdown_message.html.erb:
--------------------------------------------------------------------------------
1 | <div class="navbar navbar-fixed-top">
2 |     <nav class="navbar-inner">
3 |         <div class="container">
4 |             <div class="btn btn-inverse"><h4>Shutting down now.</h4></div>
5 |         </div>
6 |     </nav>
7 | </div>
8 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/sign_in.html.erb:
--------------------------------------------------------------------------------
 1 | <% content_for :title, 'Please sign-in' %>
 2 | 
 3 | <div class="hero-unit">
 4 |     <h1>Please sign-in</h1>
 5 | 
 6 |     <form action="<%= sign_in_url %>" method="post">
 7 |         <label>Session token:</label>
 8 |         <input name="session_token" />
 9 |     </form>
10 | </div>
11 | 


--------------------------------------------------------------------------------
/components/plugins/proxy/panel/vectors.yml.erb:
--------------------------------------------------------------------------------
 1 | #
 2 | # Generated by the Proxy plugin of the Arachni Web Application Security Scanner Framework.
 3 | #
 4 | # The contents of this file are formatted for use with the 'vector_feed' plugin.
 5 | # You can use this file to save and then feed these vectors back to Arachni
 6 | # without needing to operate the proxy again.
 7 | #
 8 | 
 9 | <%= vectors %>
10 | 


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/FontAwesome.otf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/FontAwesome.otf


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/fontawesome-webfont.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/fontawesome-webfont.eot


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/fontawesome-webfont.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/fontawesome-webfont.ttf


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/fontawesome-webfont.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/fontawesome-webfont.woff


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/glyphicons-halflings-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/glyphicons-halflings-regular.eot


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/glyphicons-halflings-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/glyphicons-halflings-regular.ttf


--------------------------------------------------------------------------------
/components/reporters/html/default/fonts/glyphicons-halflings-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/reporters/html/default/fonts/glyphicons-halflings-regular.woff


--------------------------------------------------------------------------------
/components/reporters/html/default/issue/page/sink/data_flow/source.erb:
--------------------------------------------------------------------------------
1 | <%= code_highlight( source, :javascript, anchor_id: "#{id}-source" ) %>
2 | 


--------------------------------------------------------------------------------
/components/reporters/html/default/issue/platform.erb:
--------------------------------------------------------------------------------
1 | <% if issue.platform_type %>
2 |     <p class="alert alert-info">
3 |         Affected platform type belongs to the
4 |         <strong><%= Arachni::Platform::Manager::TYPES[issue.platform_type] %></strong>
5 |         category, identified as
6 |         <strong><%= Arachni::Platform::Manager.new.fullname issue.platform_name %></strong>.
7 |     </p>
8 | <% end %>
9 | 


--------------------------------------------------------------------------------
/components/reporters/html/default/js/configuration.js.erb:
--------------------------------------------------------------------------------
 1 | jQuery(function ($) {
 2 |     var download_button = $('#configuration-download');
 3 | 
 4 |     // Create a blob object.
 5 |     var bb = new Blob(
 6 |         [<%= Arachni::Options.hash_to_save_data( report.options ).to_json %>],
 7 |         { type : 'application/yaml' }
 8 |     );
 9 | 
10 |     download_button.attr( 'href', window.URL.createObjectURL( bb ) );
11 |     download_button.attr( 'download', '<%= "#{Arachni::URI( report.url ).host}-profile.afp" %>' );
12 | });
13 | 


--------------------------------------------------------------------------------
/components/reporters/html/default/js/init.js.erb:
--------------------------------------------------------------------------------
 1 | jQuery.fn.exists = function(){ return this.length > 0; };
 2 | 
 3 | $.expr[':'].icontains = function(obj, index, meta, stack){
 4 |     return (obj.textContent || obj.innerText || jQuery(obj).text() || '').
 5 |         toLowerCase().indexOf(meta[3].toLowerCase()) >= 0;
 6 | };
 7 | 
 8 | jQuery(function ($) {
 9 |     // Init all tooltips.
10 |     $("[rel=tooltip]").tooltip();
11 | 
12 |     if( !window.location.hash.split('#!/')[1] ) {
13 |         goToLocation( 'summary/charts' );
14 |     }
15 | 
16 |     // Restore the last open tab from the URL fragment.
17 |     openFromWindowLocation();
18 |     scrollToActiveElementFromWindowLocation();
19 | });
20 | 
21 | $(window).bind( 'hashchange', function () {
22 |     openFromWindowLocation();
23 | });
24 | 


--------------------------------------------------------------------------------
/components/reporters/html/default/shared/hash.erb:
--------------------------------------------------------------------------------
 1 | <dl class="dl-horizontal">
 2 |     <% object.each do |k, v| %>
 3 |         <dt>
 4 |             <%= code ? "<code>#{escapeHTML( k )}</code>" : escapeHTML( k ) %>
 5 |         </dt>
 6 |         <dd>
 7 |             <%= code ? "<code>#{escapeHTML( v )}</code>" : escapeHTML( v ) %>
 8 |         </dd>
 9 |     <% end %>
10 | </dl>
11 | 


--------------------------------------------------------------------------------
/components/reporters/html/default/sitemap.erb:
--------------------------------------------------------------------------------
 1 | <h2>
 2 |     <a href="#!/sitemap">
 3 |         Sitemap
 4 | 
 5 |         <span class="badge"><%= report.sitemap.size %></span>
 6 |     </a>
 7 | </h2>
 8 | 
 9 | <div id="sitemap">
10 | 
11 |     <table class="table table-condensed">
12 |         <tr>
13 |             <th>HTTP status code</th>
14 |             <th>URL</th>
15 |         </tr>
16 | 
17 |         <% report.sitemap.sort_by { |k, v| k }.each do |url, code| %>
18 |             <tr>
19 |                 <th><%= code %></th>
20 |                 <td>
21 |                     <a href="<%= escapeHTML url %>">
22 |                         <%= escapeHTML url %>
23 |                     </a>
24 |                 </td>
25 |             </tr>
26 |         <% end %>
27 |     </table>
28 | 
29 | </div>
30 | 


--------------------------------------------------------------------------------
/components/reporters/plugin_formatters/stdout/login_script.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::Stdout
10 | 
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class PluginFormatters::LoginScript < Arachni::Plugin::Formatter
13 | 
14 |     def run
15 |         print_ok results['message']
16 | 
17 |         return if !results['cookies']
18 |         print_info 'Cookies set to:'
19 |         results['cookies'].each_pair { |name, val| print_info "    * #{name} = #{val}" }
20 |     end
21 | 
22 | end
23 | end
24 | 


--------------------------------------------------------------------------------
/components/reporters/plugin_formatters/stdout/waf_detector.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::Stdout
10 | 
11 | # Stdout formatter for the results of the WAFDetector plugin
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class PluginFormatters::WAFDetector < Arachni::Plugin::Formatter
15 | 
16 |     def run
17 |         print_ok results['message']
18 |     end
19 | 
20 | end
21 | end
22 | 


--------------------------------------------------------------------------------
/components/reporters/plugin_formatters/xml/form_dicattack.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::XML
10 | 
11 | # XML formatter for the results of the FormDicattack plugin
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class PluginFormatters::FormDicattack < Arachni::Plugin::Formatter
15 | 
16 |     def run( xml )
17 |         xml.username results['username']
18 |         xml.password results['password']
19 |     end
20 | 
21 | end
22 | end
23 | 


--------------------------------------------------------------------------------
/components/reporters/plugin_formatters/xml/http_dicattack.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::XML
10 | 
11 | # XML formatter for the results of the HTTPDicattack plugin
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class PluginFormatters::HTTPDicattack < Arachni::Plugin::Formatter
15 | 
16 |     def run( xml )
17 |         xml.username results['username']
18 |         xml.password results['password']
19 |     end
20 | 
21 | end
22 | end
23 | 


--------------------------------------------------------------------------------
/components/reporters/plugin_formatters/xml/uniformity.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::XML
10 | 
11 | # XML formatter for the results of the Uniformity plugin.
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class PluginFormatters::Uniformity < Arachni::Plugin::Formatter
15 | 
16 |     def run( xml )
17 |         results.each do |digests|
18 |             xml.digests digests.join( ' ' )
19 |         end
20 |     end
21 | 
22 | end
23 | end
24 | 


--------------------------------------------------------------------------------
/components/reporters/plugin_formatters/xml/waf_detector.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::XML
10 | 
11 | # XML formatter for the results of the WAF Detector plugin
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class PluginFormatters::WAFDetector < Arachni::Plugin::Formatter
15 | 
16 |     def run( xml )
17 |         xml.message results['message']
18 |         xml.status results['status']
19 |     end
20 | 
21 | end
22 | end
23 | 


--------------------------------------------------------------------------------
/components/services/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/components/services/placeholder


--------------------------------------------------------------------------------
/config/write_paths.yml:
--------------------------------------------------------------------------------
 1 | # Sets default locations for writing files.
 2 | #
 3 | # * '~' will be expanded to $HOME.
 4 | # * Directories will be created if they don't already exist.
 5 | 
 6 | cli:
 7 |     # Default directory for AFR reports generated by CLI interfaces, either
 8 |     # local or RPC clients.
 9 |     report_path:
10 | framework:
11 |     # Error and RPC logs.
12 |     logs:
13 |     # Default directory for scan snapshots generated either by the CLI
14 |     # or by RPC Instances.
15 |     snapshots:
16 |     # Directory for temporary files -- like for excess workload that's been
17 |     # offloaded to disk etc..
18 |     # Will default to the OS temporary directory.
19 |     tmpdir:
20 | 


--------------------------------------------------------------------------------
/lib/arachni/browser/javascript/scripts/polyfills.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/lib/arachni/browser/javascript/scripts/polyfills.js


--------------------------------------------------------------------------------
/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class Browser
11 | class Javascript
12 | class TaintTracer
13 | class Sink
14 | 
15 | # Represents an execution-flow trace.
16 | #
17 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
18 | class ExecutionFlow < Base
19 | 
20 |     # @return   [Array]
21 |     #   Data passed to the `TaintTracer#log_execution_flow_sink` JS interface.
22 |     attr_accessor :data
23 | 
24 | end
25 | 
26 | end
27 | end
28 | end
29 | end
30 | end
31 | 


--------------------------------------------------------------------------------
/lib/arachni/browser_cluster/job/result.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class BrowserCluster
11 | class Job
12 | 
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class Result
15 | 
16 |     # @return [Job]
17 |     attr_accessor :job
18 | 
19 |     # @param    [Hash]  options
20 |     # @option   options [Job]   :job
21 |     def initialize( options = {} )
22 |         options.each { |k, v| send( "#{k}=", v ) }
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | end
30 | 


--------------------------------------------------------------------------------
/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class BrowserCluster
11 | module Jobs
12 | class DOMExploration
13 | class EventTrigger
14 | 
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | class Result < DOMExploration::Result
17 | end
18 | 
19 | end
20 | end
21 | end
22 | end
23 | end
24 | 


--------------------------------------------------------------------------------
/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class BrowserCluster
11 | module Jobs
12 | class DOMExploration
13 | 
14 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
15 | class Result < Job::Result
16 | 
17 |     # @return [Page]
18 |     attr_accessor :page
19 | 
20 |     def to_s
21 |         "#<#{self.class}:#{object_id} @job=#{@job} @page=#{@page}>"
22 |     end
23 | 
24 | end
25 | 
26 | end
27 | end
28 | end
29 | end
30 | 


--------------------------------------------------------------------------------
/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class BrowserCluster
11 | module Jobs
12 | class TaintTrace
13 | class EventTrigger
14 | 
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | class Result < DOMExploration::Result
17 | end
18 | 
19 | end
20 | end
21 | end
22 | end
23 | end
24 | 


--------------------------------------------------------------------------------
/lib/arachni/browser_cluster/jobs/taint_trace/result.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class BrowserCluster
11 | module Jobs
12 | class TaintTrace
13 | 
14 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
15 | class Result < Job::Result
16 |     # @return [Page]
17 |     attr_accessor :page
18 | end
19 | 
20 | end
21 | end
22 | end
23 | end
24 | 


--------------------------------------------------------------------------------
/lib/arachni/check.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.lib
10 | require lib + 'component/manager'
11 | require lib + 'check/base'
12 | require lib + 'check/manager'
13 | 


--------------------------------------------------------------------------------
/lib/arachni/component.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.lib
10 | require lib + 'component/manager'
11 | require lib + 'component/base'
12 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/address.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require 'socket'
10 | 
11 | # Network address option.
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class Arachni::Component::Options::Address < Arachni::Component::Options::Base
15 | 
16 |     def valid?
17 |         return false if !super
18 |         !!IPSocket.getaddress( effective_value ) rescue false
19 |     end
20 | 
21 |     def type
22 |         :address
23 |     end
24 | 
25 | end
26 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/float.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Floating point option.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Component::Options::Float < Arachni::Component::Options::Base
13 | 
14 |     def normalize
15 |         Float( effective_value ) rescue nil
16 |     end
17 | 
18 |     def valid?
19 |         super && normalize
20 |     end
21 | 
22 |     def type
23 |         :float
24 |     end
25 | 
26 | end
27 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/int.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Integer option.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Component::Options::Int < Arachni::Component::Options::Base
13 | 
14 |     def normalize
15 |         effective_value.to_i
16 |     end
17 | 
18 |     def valid?
19 |         return false if !super
20 |         effective_value.to_s =~ /^\d+$/
21 |     end
22 | 
23 |     def type
24 |         :integer
25 |     end
26 | 
27 | end
28 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/object.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
10 | class Arachni::Component::Options::Object < Arachni::Component::Options::Base
11 | 
12 |     def type
13 |         :object
14 |     end
15 | 
16 | end
17 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/path.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Network address option.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Component::Options::Path < Arachni::Component::Options::Base
13 | 
14 |     def valid?
15 |         return false if !super
16 |         File.exists?( effective_value )
17 |     end
18 | 
19 |     def type
20 |         :path
21 |     end
22 | 
23 | end
24 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/port.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Network port option.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Component::Options::Port < Arachni::Component::Options::Base
13 | 
14 |     def normalize
15 |         effective_value.to_i
16 |     end
17 | 
18 |     def valid?
19 |         return false if !super
20 |         (1..65535).include?( normalize )
21 |     end
22 | 
23 |     def type
24 |         :port
25 |     end
26 | 
27 | end
28 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/string.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # Mult-byte character string option.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Component::Options::String < Arachni::Component::Options::Base
13 | 
14 |     def normalize
15 |         effective_value.to_s
16 |     end
17 | 
18 |     def type
19 |         :string
20 |     end
21 | 
22 | end
23 | 


--------------------------------------------------------------------------------
/lib/arachni/component/options/url.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | # URL option.
10 | #
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Arachni::Component::Options::URL < Arachni::Component::Options::Base
13 | 
14 |     def normalize
15 |         Arachni::URI( effective_value )
16 |     end
17 | 
18 |     def valid?
19 |         return false if !super
20 |         IPSocket.getaddress( normalize.host ) rescue false
21 |     end
22 | 
23 |     def type
24 |         :url
25 |     end
26 | 
27 | end
28 | 


--------------------------------------------------------------------------------
/lib/arachni/element/capabilities/with_node.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'with_source'
10 | 
11 | module Arachni
12 | module Element::Capabilities
13 | 
14 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
15 | module WithNode
16 |     include WithSource
17 | 
18 |     # @return [Ox::Element]
19 |     def node
20 |         return if !@source
21 |         Arachni::Parser.parse_fragment( @source )
22 |     end
23 | 
24 | end
25 | 
26 | end
27 | end
28 | 


--------------------------------------------------------------------------------
/lib/arachni/element/capabilities/with_scope.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Element::Capabilities
11 | 
12 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
13 | module WithScope
14 | 
15 |     require_relative 'with_scope/scope'
16 | 
17 |     # @return   [Scope]
18 |     def scope
19 |         @scope ||= Scope.new( self )
20 |     end
21 | 
22 | end
23 | 
24 | end
25 | end
26 | 


--------------------------------------------------------------------------------
/lib/arachni/element/dom/capabilities/inputtable.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni::Element
10 | class DOM
11 | module Capabilities
12 | 
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | module Inputtable
15 |     include Arachni::Element::Capabilities::Inputtable
16 | 
17 |     INVALID_INPUT_DATA = [ "\0" ]
18 | 
19 |     def valid_input_data?( data )
20 |         !INVALID_INPUT_DATA.find { |c| data.include? c }
21 |     end
22 | 
23 | end
24 | 
25 | end
26 | end
27 | end
28 | 


--------------------------------------------------------------------------------
/lib/arachni/element/dom/capabilities/locatable.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni::Element
10 | class DOM
11 | module Capabilities
12 | 
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | module Locatable
15 | 
16 |     def locator
17 |         @locator ||= Arachni::Browser::ElementLocator.from_node( node )
18 |     end
19 | 
20 |     # Locates the element in the page.
21 |     def locate
22 |         locator.locate( browser )
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | end
30 | 


--------------------------------------------------------------------------------
/lib/arachni/error.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | 
11 | # It provides a namespace for all system errors.
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class Error < StandardError
15 | end
16 | 
17 | end
18 | 


--------------------------------------------------------------------------------
/lib/arachni/http.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'http/client'
10 | require_relative 'http/proxy_server'
11 | 


--------------------------------------------------------------------------------
/lib/arachni/option_groups.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'option_group'
10 | 
11 | # We need this to be available prior to loading the rest of the groups.
12 | require_relative 'option_groups/paths'
13 | 
14 | Dir.glob( "#{File.dirname(__FILE__)}/option_groups/*.rb" ).each do |group|
15 |     require group
16 | end
17 | 


--------------------------------------------------------------------------------
/lib/arachni/option_groups/output.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni::OptionGroups
10 | 
11 | # {Arachni::UI::Output} options.
12 | #
13 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
14 | class Output < Arachni::OptionGroup
15 | 
16 |     # @return   [Bool]
17 |     #   `true` if the output of the RPC instances should be redirected to a
18 |     #   file, `false` otherwise.
19 |     attr_accessor :reroute_to_logfile
20 | 
21 | end
22 | end
23 | 


--------------------------------------------------------------------------------
/lib/arachni/option_groups/snapshot.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni::OptionGroups
10 | 
11 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
12 | class Snapshot < Arachni::OptionGroup
13 | 
14 |     # @return    [String]
15 |     #   Directory or file path where to store the scan snapshot.
16 |     #
17 |     # @see Framework#suspend
18 |     attr_accessor :save_path
19 | 
20 |     def initialize
21 |         @save_path = Paths.config['framework']['snapshots']
22 |     end
23 | 
24 | end
25 | end
26 | 
27 | 


--------------------------------------------------------------------------------
/lib/arachni/parser/nodes/base.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class Parser
11 | module Nodes
12 | 
13 | class Base
14 | 
15 |     attr_accessor :parent
16 |     attr_accessor :document
17 | 
18 | end
19 | 
20 | end
21 | end
22 | end
23 | 


--------------------------------------------------------------------------------
/lib/arachni/parser/nodes/comment.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'base'
10 | require_relative 'with_value'
11 | 
12 | module Arachni
13 | class Parser
14 | module Nodes
15 | 
16 | class Comment < Base
17 |     include WithValue
18 | 
19 |     def text
20 |         @value
21 |     end
22 | 
23 |     def to_html( indentation = 2, level = 0 )
24 |         indent = ' ' * (indentation * level)
25 |         "#{indent}<!-- #{value} -->\n"
26 |     end
27 | 
28 | end
29 | 
30 | end
31 | end
32 | end
33 | 


--------------------------------------------------------------------------------
/lib/arachni/parser/nodes/element/with_attributes.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'with_attributes/attributes'
10 | 
11 | module Arachni
12 | class Parser
13 | module Nodes
14 | class Element
15 | 
16 | module WithAttributes
17 | 
18 |     def attributes
19 |         @attributes ||= Attributes.new
20 |     end
21 | 
22 |     def []( name )
23 |         attributes[name]
24 |     end
25 | 
26 |     def []=( name, value )
27 |         attributes[name] = value
28 |     end
29 | 
30 | end
31 | 
32 | end
33 | end
34 | end
35 | end
36 | 


--------------------------------------------------------------------------------
/lib/arachni/parser/nodes/element/with_attributes/attributes.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class Parser
11 | module Nodes
12 | class Element
13 | module WithAttributes
14 | 
15 | class Attributes < Hash
16 | 
17 |     def []( name )
18 |         super name.to_s.downcase
19 |     end
20 | 
21 |     def []=( name, value )
22 |         super name.to_s.recode.downcase.freeze, value.recode.freeze
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | end
30 | end
31 | end
32 | 


--------------------------------------------------------------------------------
/lib/arachni/parser/nodes/text.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'base'
10 | require_relative 'with_value'
11 | 
12 | module Arachni
13 | class Parser
14 | module Nodes
15 | 
16 | class Text < Base
17 |     include WithValue
18 | 
19 |     def text
20 |         @value.to_s
21 |     end
22 | 
23 |     def to_html( indentation = 2, level = 0 )
24 |         indent = ' ' * (indentation * level)
25 |         "#{indent}#{value}\n"
26 |     end
27 | 
28 | end
29 | 
30 | end
31 | end
32 | end
33 | 


--------------------------------------------------------------------------------
/lib/arachni/parser/nodes/with_value.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | class Parser
11 | module Nodes
12 | 
13 | module WithValue
14 | 
15 |     attr_reader :value
16 | 
17 |     def initialize( value )
18 |         self.value = value
19 |     end
20 | 
21 |     def value=( v )
22 |         @value = v.recode.strip.freeze
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | end
30 | 


--------------------------------------------------------------------------------
/lib/arachni/platform.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.lib
10 | require lib + 'component/manager'
11 | require lib + 'platform/manager'
12 | 


--------------------------------------------------------------------------------
/lib/arachni/plugin.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.lib
10 | require lib + 'component/manager'
11 | require lib + 'plugin/base'
12 | require lib + 'plugin/manager'
13 | 


--------------------------------------------------------------------------------
/lib/arachni/processes.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require 'singleton'
10 | require 'ostruct'
11 | 
12 | lib = Arachni::Options.paths.lib
13 | require lib + 'rpc/client/instance'
14 | require lib + 'rpc/client/dispatcher'
15 | 
16 | lib = Arachni::Options.paths.lib + 'processes/'
17 | require lib + 'manager'
18 | require lib + 'dispatchers'
19 | require lib + 'instances'
20 | 


--------------------------------------------------------------------------------
/lib/arachni/processes/executables/dispatcher.rb:
--------------------------------------------------------------------------------
1 | require Options.paths.root + 'ui/cli/output'
2 | require Options.paths.lib  + 'rpc/server/dispatcher'
3 | 
4 | Reactor.global.run do
5 |     RPC::Server::Dispatcher.new
6 | end
7 | 


--------------------------------------------------------------------------------
/lib/arachni/processes/executables/instance.rb:
--------------------------------------------------------------------------------
 1 | require Options.paths.root + 'ui/cli/output'
 2 | require Options.paths.lib  + 'rpc/server/instance'
 3 | 
 4 | if (socket = $options[:socket])
 5 |     Options.rpc.server_address          = nil
 6 |     Options.dispatcher.external_address = nil
 7 |     Options.rpc.server_port             = nil
 8 |     Options.rpc.server_socket           = socket
 9 | elsif (port = $options[:port])
10 |     Options.rpc.server_port = port
11 | end
12 | 
13 | RPC::Server::Instance.new( Options, $options[:token] )
14 | 


--------------------------------------------------------------------------------
/lib/arachni/processes/executables/rest_service.rb:
--------------------------------------------------------------------------------
 1 | require Options.paths.root + 'ui/cli/output'
 2 | require Options.paths.lib  + 'rest/server'
 3 | 
 4 | Rest::Server.run!(
 5 |     port:     Options.rpc.server_port,
 6 |     bind:     Options.rpc.server_address,
 7 | 
 8 |     username: Options.datastore['username'],
 9 |     password: Options.datastore['password'],
10 | 
11 |     ssl_ca:          Options.rpc.ssl_ca,
12 |     ssl_key:         Options.rpc.server_ssl_private_key,
13 |     ssl_certificate: Options.rpc.server_ssl_certificate
14 | )
15 | 


--------------------------------------------------------------------------------
/lib/arachni/processes/helpers.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require_relative 'helpers/processes'
10 | require_relative 'helpers/dispatchers'
11 | require_relative 'helpers/instances'
12 | 


--------------------------------------------------------------------------------
/lib/arachni/reporter.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.lib
10 | require lib + 'component/manager'
11 | require lib + 'reporter/base'
12 | require lib + 'reporter/manager'
13 | 


--------------------------------------------------------------------------------
/lib/arachni/reporter/formatter_manager.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Reporter
11 | 
12 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
13 | class FormatterManager < Component::Manager
14 |     def paths
15 |         @paths_cache ||=
16 |             Dir.glob( File.join( "#{@lib}", '*.rb' ) ).
17 |                 reject { |path| helper?( path ) }
18 |     end
19 | end
20 | 
21 | end
22 | end
23 | 


--------------------------------------------------------------------------------
/lib/arachni/rpc/client.rb:
--------------------------------------------------------------------------------
1 | require_relative 'client/instance'
2 | require_relative 'client/dispatcher'
3 | 


--------------------------------------------------------------------------------
/lib/arachni/ruby.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.lib
10 | require lib + 'ruby/object'
11 | require lib + 'ruby/hash'
12 | require lib + 'ruby/set'
13 | require lib + 'ruby/array'
14 | require lib + 'ruby/string'
15 | require lib + 'ruby/webrick'
16 | 


--------------------------------------------------------------------------------
/lib/arachni/ruby/set.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require 'set'
10 | 
11 | class Set
12 |     def shift
13 |         return if @hash.empty?
14 | 
15 |         key = @hash.first.first
16 |         @hash.delete key
17 |         key
18 |     end
19 | end
20 | 


--------------------------------------------------------------------------------
/lib/arachni/ruby/webrick.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | require 'webrick'
10 | require_relative 'webrick/cookie'
11 | require_relative 'webrick/httprequest'
12 | 


--------------------------------------------------------------------------------
/lib/arachni/ruby/webrick/cookie.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class WEBrick::Cookie
10 |     attr_accessor :httponly
11 | 
12 |     class << self
13 |         alias :old_parse_set_cookie :parse_set_cookie
14 |     end
15 | 
16 |     def self.parse_set_cookie( str )
17 |         cookie = old_parse_set_cookie( str )
18 |         cookie.httponly = str.split( ';' ).map { |f| f.downcase.strip }.
19 |             include?( 'httponly' )
20 |         cookie
21 |     end
22 | end
23 | 


--------------------------------------------------------------------------------
/lib/arachni/support.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni::Support
10 | end
11 | 
12 | lib = Arachni::Options.paths.support
13 | require lib + 'mixins'
14 | require lib + 'buffer'
15 | require lib + 'cache'
16 | require lib + 'crypto'
17 | require lib + 'database'
18 | require lib + 'lookup'
19 | require lib + 'signature'
20 | require lib + 'glob'
21 | 


--------------------------------------------------------------------------------
/lib/arachni/support/buffer.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | buffers = Arachni::Options.paths.support + 'buffer/'
10 | require buffers + 'base'
11 | require buffers + 'autoflush'
12 | 


--------------------------------------------------------------------------------
/lib/arachni/support/cache.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.support + 'cache/'
10 | require lib + 'base'
11 | require lib + 'least_recently_pushed'
12 | require lib + 'least_recently_used'
13 | require lib + 'random_replacement'
14 | require lib + 'least_cost_replacement'
15 | require lib + 'preference'
16 | 


--------------------------------------------------------------------------------
/lib/arachni/support/cache/random_replacement.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Support::Cache
11 | 
12 | # Random Replacement cache implementation.
13 | #
14 | # Discards entries at random in order to make room for new ones.
15 | #
16 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
17 | class RandomReplacement < Base
18 | 
19 |     private
20 | 
21 |     def prune
22 |         @cache.delete( @cache.keys.sample )
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/lib/arachni/support/crypto.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.support + 'crypto/'
10 | require lib + 'rsa_aes_cbc'
11 | 


--------------------------------------------------------------------------------
/lib/arachni/support/database.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.support + '/database/'
10 | require lib + 'base'
11 | require lib + 'queue'
12 | require lib + 'hash'
13 | 


--------------------------------------------------------------------------------
/lib/arachni/support/lookup.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | lib = Arachni::Options.paths.support + 'lookup/'
10 | require lib + 'base'
11 | require lib + 'hash_set'
12 | require lib + 'moolb'
13 | 


--------------------------------------------------------------------------------
/lib/arachni/support/mixins.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni::Mixins
10 | end
11 | 
12 | lib = Arachni::Options.paths.mixins
13 | require lib + 'observable'
14 | require lib + 'terminal'
15 | 


--------------------------------------------------------------------------------
/lib/arachni/version.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | 
11 |     # the universal system version
12 |     VERSION = IO.read( File.dirname( __FILE__ ) + '/../version' ).strip
13 | 
14 | end
15 | 


--------------------------------------------------------------------------------
/lib/version:
--------------------------------------------------------------------------------
1 | 1.6.1.3
2 | 


--------------------------------------------------------------------------------
/logs/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/logs/placeholder


--------------------------------------------------------------------------------
/profiles/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/profiles/placeholder


--------------------------------------------------------------------------------
/snapshots/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/snapshots/placeholder


--------------------------------------------------------------------------------
/spec/arachni/browser/javascript/polyfills_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'Arachni::Browser::Javascript::Polyfiils' do
 4 | 
 5 |     before( :all ) do
 6 |         @url = Arachni::Utilities.normalize_url( web_server_url_for( :browser ) )
 7 |     end
 8 | 
 9 |     before( :each ) do
10 |         @browser = Arachni::Browser.new
11 |         @browser.load @url
12 |     end
13 | 
14 |     after( :each ) do
15 |         @browser.shutdown
16 |     end
17 | 
18 |     subject { @browser.javascript }
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/spec/arachni/browser_cluster/job/result_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::BrowserCluster::Job::Result do
 4 |     let(:job) { Factory[:custom_job] }
 5 |     subject { described_class.new }
 6 |     it { is_expected.to respond_to :job }
 7 |     it { is_expected.to respond_to :job= }
 8 | 
 9 |     describe '#initialize' do
10 |         it 'sets the given data via accessors' do
11 |             expect(described_class.new( job: job ).job.id).to eq(job.id)
12 |         end
13 |     end
14 | end
15 | 


--------------------------------------------------------------------------------
/spec/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 | 
3 | describe Arachni::BrowserCluster::Jobs::DOMExploration::EventTrigger::Result do
4 |     subject { described_class.new }
5 |     it { is_expected.to respond_to :page }
6 |     it { is_expected.to respond_to :page= }
7 | end
8 | 


--------------------------------------------------------------------------------
/spec/arachni/browser_cluster/jobs/dom_exploration/result_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 | 
3 | describe Arachni::BrowserCluster::Jobs::DOMExploration::Result do
4 |     subject { described_class.new }
5 |     it { is_expected.to respond_to :page }
6 |     it { is_expected.to respond_to :page= }
7 | end
8 | 


--------------------------------------------------------------------------------
/spec/arachni/component/options/object_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Component::Options::Object do
 4 |     include_examples 'component_option'
 5 |     subject { described_class.new( '' ) }
 6 | 
 7 |     %w(value normalize).each do |m|
 8 |         describe "##{m}" do
 9 |             it 'returns the value as is' do
10 |                 [1, 'test', :stuff, [:blah]].each do |value|
11 |                     subject.value = value
12 |                     expect(subject.send(m)).to eq(value)
13 |                 end
14 |             end
15 |         end
16 |     end
17 | 
18 |     describe '#type' do
19 |         it 'returns the option type as a string' do
20 |             expect(subject.type).to eq(:object)
21 |         end
22 |     end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/arachni/component/utilities_spec/read_file.txt:
--------------------------------------------------------------------------------
1 | read
2 | me
3 | !
4 | 


--------------------------------------------------------------------------------
/spec/arachni/error_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Error do
 4 |     it 'inherits from StandardError' do
 5 |         expect(Arachni::Error <= StandardError).to be_truthy
 6 | 
 7 |         caught = false
 8 |         begin
 9 |             fail Arachni::Error
10 |         rescue StandardError => e
11 |             caught = true
12 |         end
13 |         expect(caught).to be_truthy
14 | 
15 |         caught = false
16 |         begin
17 |             fail Arachni::Error
18 |         rescue
19 |             caught = true
20 |         end
21 |         expect(caught).to be_truthy
22 |     end
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/arachni/http/message_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 | 
3 | describe Arachni::HTTP::Message do
4 |     it_should_behave_like 'Arachni::HTTP::Message'
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/arachni/issue/severity/base_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Issue::Severity::Base do
 4 |     describe '#to_sym' do
 5 |         it 'returns the severity as a Symbol' do
 6 |             described_class.new( 'test' ).to_sym == :test
 7 |         end
 8 |     end
 9 | 
10 |     describe '#to_s' do
11 |         it 'returns the severity as a String' do
12 |             described_class.new( :test ).to_s == 'test'
13 |         end
14 |     end
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/arachni/option_groups/output_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::OptionGroups::Output do
 4 |     include_examples 'option_group'
 5 |     subject { described_class.new }
 6 | 
 7 |     %w(reroute_to_logfile).each do |method|
 8 |         it { is_expected.to respond_to method }
 9 |         it { is_expected.to respond_to "#{method}=" }
10 |     end
11 | end
12 | 


--------------------------------------------------------------------------------
/spec/arachni/option_groups/rpc_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::OptionGroups::RPC do
 4 |     include_examples 'option_group'
 5 |     subject { described_class.new }
 6 | 
 7 |     %w(server_socket server_address server_port ssl_ca server_ssl_private_key
 8 |         server_ssl_certificate client_ssl_private_key client_ssl_certificate
 9 |         client_max_retries).each do |method|
10 |         it { is_expected.to respond_to method }
11 |         it { is_expected.to respond_to "#{method}=" }
12 |     end
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/arachni/parser/nodes/comment_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Parser::Nodes::Comment do
 4 |     subject { described_class.new( value ) }
 5 |     let(:value) { 'my comment' }
 6 | 
 7 |     describe '#value' do
 8 |         it 'returns the given value' do
 9 |             expect(subject.value).to eq value
10 |         end
11 |     end
12 | 
13 |     describe '#text' do
14 |         it 'returns the given value' do
15 |             expect(subject.text).to eq value
16 |         end
17 |     end
18 | 
19 |     describe '#to_html' do
20 |         it 'returns the given value' do
21 |             expect(subject.to_html).to eq "<!-- my comment -->\n"
22 |         end
23 |     end
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/arachni/parser/nodes/element_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Parser::Nodes::Element do
 4 |     subject { described_class.new( name ) }
 5 |     let(:name) { 'dIv' }
 6 | 
 7 |     describe '#name' do
 8 |         it 'returns the given value' do
 9 |             expect(subject.name).to eq :div
10 |         end
11 |     end
12 | 
13 |     describe '#to_html' do
14 |         it 'returns the given value' do
15 |             expect(subject.to_html).to eq "<div>\n</div>\n"
16 |         end
17 |     end
18 | end
19 | 


--------------------------------------------------------------------------------
/spec/arachni/parser/nodes/text_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Parser::Nodes::Text do
 4 |     subject { described_class.new( value ) }
 5 |     let(:value) { 'my text' }
 6 | 
 7 |     describe '#value' do
 8 |         it 'returns the given value' do
 9 |             expect(subject.value).to eq value
10 |         end
11 |     end
12 | 
13 |     describe '#text' do
14 |         it 'returns the given value' do
15 |             expect(subject.text).to eq value
16 |         end
17 |     end
18 | 
19 |     describe '#to_html' do
20 |         it 'returns the given value' do
21 |             expect(subject.to_html).to eq "my text\n"
22 |         end
23 |     end
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/arachni/rpc/client/dispatcher_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | require 'fileutils'
 3 | 
 4 | describe Arachni::RPC::Client::Dispatcher do
 5 |     before( :all ) do
 6 |         @handler_lib = Arachni::Options.paths.services
 7 |         FileUtils.cp( "#{fixtures_path}/services/echo.rb", @handler_lib )
 8 | 
 9 |         @dispatcher = dispatcher_light_spawn
10 |     end
11 | 
12 |     after( :all ) { FileUtils.rm( "#{@handler_lib}/echo.rb" ) }
13 | 
14 |     it 'maps the remote handlers to local objects' do
15 |         args = [ 'stuff', 'here', { 'blah' => true } ]
16 |         expect(@dispatcher.echo.echo( *args )).to eq(args)
17 |     end
18 | 
19 |     describe '#node' do
20 |         it 'provides access to the node data' do
21 |             expect(@dispatcher.node.info.is_a?( Hash )).to be_truthy
22 |         end
23 |     end
24 | 
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/arachni/ruby/object_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | class Empty
 4 | end
 5 | 
 6 | class MyClass
 7 |     attr_accessor :stuff
 8 | end
 9 | 
10 | describe Object do
11 | 
12 |     describe '#deep_clone' do
13 |         it 'returns a deep copy of the object' do
14 |             a = [ [1,2] ]
15 |             b = a.deep_clone
16 |             a[0] << 3
17 | 
18 |             expect(b).to eq([ [1,2] ])
19 |         end
20 |     end
21 | 
22 | end
23 | 


--------------------------------------------------------------------------------
/spec/arachni/ruby/set_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Set do
 4 | 
 5 |     describe '#shift' do
 6 |         it 'removes and returns an item from the set' do
 7 |             set = described_class.new
 8 |             set << 1
 9 |             expect(set.size).to eq(1)
10 |             expect(set.shift).to eq(1)
11 |             expect(set.size).to eq(0)
12 |         end
13 |     end
14 | 
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/arachni/ruby/webrick_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe WEBrick::Cookie do
 4 | 
 5 |     describe '.parse_set_cookie' do
 6 |         it 'includes the httponly attribute' do
 7 |             str = "cookie2=val2; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.foo.com; HttpOnly"
 8 |             expect(WEBrick::Cookie.parse_set_cookie( str ).httponly).to be_truthy
 9 | 
10 |             str = "cookie2=val2; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.foo.com"
11 |             expect(WEBrick::Cookie.parse_set_cookie( str ).httponly).to be_falsey
12 |         end
13 |     end
14 | 
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/arachni/scope_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Scope do
 4 | 
 5 |     subject { described_class.new }
 6 | 
 7 |     describe '#options' do
 8 |         it "returns #{Arachni::OptionGroups::Scope}" do
 9 |             expect(subject.options).to be_kind_of Arachni::OptionGroups::Scope
10 |         end
11 |     end
12 | 
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/arachni/typhoeus/hydra_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Typhoeus::Hydra do
 4 | 
 5 |     describe '#max_concurrency' do
 6 |         it 'is be accessible' do
 7 |             h = Typhoeus::Hydra.new
 8 |             expect(h.max_concurrency).to be_truthy
 9 |             h.max_concurrency = 10
10 |             expect(h.max_concurrency).to eq(10)
11 |         end
12 |     end
13 | 
14 | end
15 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/csrf_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form ]
 8 |     end
 9 | 
10 |     before( :each ) do
11 |         http.cookie_jar << Arachni::Element::Cookie.new(
12 |             url: url,
13 |             inputs: { 'logged_in' => 'true' }
14 |         )
15 |     end
16 | 
17 |     it 'skips forms that have a nonce' do
18 |         options.url = url
19 |         audit :forms
20 |         expect(issues.size).to eq(1)
21 |         expect(issues.first.vector.name).to eq('insecure_important_form')
22 |     end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/no_sql_injection_differential_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.platforms
 7 |         [:nosql]
 8 |     end
 9 | 
10 |     def self.elements
11 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie ]
12 |     end
13 | 
14 |     def issue_count
15 |         6
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/response_splitting_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header, Element::LinkTemplate, Element::JSON, Element::XML ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 4,
14 |             Element::Link         => 4,
15 |             Element::Cookie       => 6,
16 |             Element::Header       => 2,
17 |             Element::LinkTemplate => 8,
18 |             Element::JSON         => 4,
19 |             Element::XML          => 4,
20 |             Element::NestedCookie => 8
21 |         }
22 |     end
23 | 
24 |     easy_test
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/rfi_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header, Element::JSON, Element::XML ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 24,
14 |             Element::Link         => 24,
15 |             Element::Cookie       => 18,
16 |             Element::Header       => 6,
17 |             Element::JSON         => 12,
18 |             Element::XML          => 12,
19 |             Element::NestedCookie => 24
20 |         }
21 |     end
22 | 
23 |     easy_test
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/session_fixation_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     before :all do
 7 |         options.session.check_url     = url
 8 |         options.session.check_pattern = /dear user/
 9 |     end
10 | 
11 |     def self.elements
12 |         [ Element::Form, Element::Link, Element::LinkTemplate ]
13 |     end
14 | 
15 |     def issue_count
16 |         8
17 |     end
18 | 
19 |     easy_test
20 | end
21 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/sql_injection_differential_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.platforms
 7 |         [:sql]
 8 |     end
 9 | 
10 |     def self.elements
11 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie ]
12 |     end
13 | 
14 |     def issue_count
15 |         1
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/unvalidated_redirect_dom_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form::DOM, Element::Link::DOM, Element::Cookie::DOM,
 8 |           Element::UIForm::DOM ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form::DOM   => 3,
14 |             Element::Link::DOM   => 3,
15 |             Element::Cookie::DOM => 3,
16 |             Element::UIForm::DOM => 3
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/unvalidated_redirect_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header, Element::JSON, Element::XML ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 26,
14 |             Element::Link         => 22,
15 |             Element::Cookie       => 11,
16 |             Element::Header       => 11,
17 |             Element::JSON         => 9,
18 |             Element::XML          => 18,
19 |             Element::NestedCookie => 16
20 |         }
21 |     end
22 | 
23 |     easy_test
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xpath_injection_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header, Element::LinkTemplate, Element::JSON, Element::XML ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 150,
14 |             Element::Link         => 150,
15 |             Element::Cookie       => 300,
16 |             Element::Header       => 75,
17 |             Element::LinkTemplate => 150,
18 |             Element::JSON         => 75,
19 |             Element::XML          => 150,
20 |             Element::NestedCookie => 225
21 |         }
22 |     end
23 | 
24 |     easy_test
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xss_event_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 210,
14 |             Element::Link         => 114,
15 |             Element::Cookie       => 228,
16 |             Element::Header       => 114,
17 |             Element::LinkTemplate => 114,
18 |             Element::NestedCookie => 228
19 |         }
20 |     end
21 | 
22 |     easy_test
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xss_path_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Path ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         8
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xss_script_context_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header, Element::LinkTemplate ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 64,
14 |             Element::Link         => 32,
15 |             Element::Cookie       => 32,
16 |             Element::Header       => 24,
17 |             Element::LinkTemplate => 18,
18 |             Element::NestedCookie => 32
19 |         }
20 |     end
21 | 
22 |     easy_test
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xss_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header, Element::LinkTemplate ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 12,
14 |             Element::Link         => 13,
15 |             Element::Cookie       => 14,
16 |             Element::Header       => 6,
17 |             Element::LinkTemplate => 12,
18 |             Element::NestedCookie => 7
19 |         }
20 |     end
21 | 
22 |     easy_test
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xss_tag_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
 8 |           Element::Header ]
 9 |     end
10 | 
11 |     def issue_count_per_element
12 |         {
13 |             Element::Form         => 5,
14 |             Element::Link         => 5,
15 |             Element::Cookie       => 10,
16 |             Element::Header       => 5,
17 |             Element::LinkTemplate => 5,
18 |             Element::NestedCookie => 10
19 |         }
20 |     end
21 | 
22 |     easy_test
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/components/checks/active/xxe_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.platforms
 7 |         [:unix, :windows]
 8 |     end
 9 | 
10 |     def self.elements
11 |         [ Element::XML ]
12 |     end
13 | 
14 |     def issue_count
15 |         4
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/allowed_methods_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test { expect(issues.first.proof).to eq 'OPTIONS, TRACE, GET, HEAD' }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/backdoors_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         current_check.filenames.count
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/backup_directories_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         current_check.formats.size
12 |     end
13 | 
14 |     easy_test do
15 |         expect(issues.find { |issue| issue.remarks.empty? }).to be_nil
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/backup_files_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         current_check.formats.size
12 |     end
13 | 
14 |     easy_test do
15 |         expect(issues.find { |issue| issue.remarks.empty? }).to be_nil
16 |         expect(issues.find { |issue| current_check::IGNORE_EXTENSIONS.include?( issue.response.parsed_url.resource_extension) }).to be_nil
17 |     end
18 | end
19 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/common_admin_interfaces_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         current_check.resources.count
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/common_directories_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         current_check.directories.count
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/common_files_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         current_check.filenames.count
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/directory_listing_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/captcha_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Cookie ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         2
12 |     end
13 | 
14 |     easy_test { expect(issues.map { |i| i.vector.name }.sort).to eq %w(cookie cookie2).sort }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/credit_card_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         3
12 |     end
13 | 
14 |     easy_test { expect(issues.find(&:trusted?)).to be_nil }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/cvs_svn_users_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         6
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/emails_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         5
12 |     end
13 | 
14 |     easy_test do
15 |         emails = issues.map(&:proof).sort
16 | 
17 |         expect(emails).to eq [
18 |             'tasos@example.com',
19 |             'john@www.example.com',
20 |             'john32.21d@example.com',
21 |             'a.little.more.unusual@example.com',
22 |             'a.little.more.unusual[at]example[dot]com'
23 |         ].sort
24 |     end
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/form_upload_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/hsts_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     it 'logs hosts missing the header' do
15 |         options.url = "#{url}/vulnerable"
16 |         run
17 |         expect(issues).to be_any
18 |     end
19 | 
20 |     it 'logs hosts missing the header' do
21 |         options.url = "#{url}/safe"
22 |         run
23 |         expect(issues).to be_empty
24 |     end
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/html_objects_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/http_only_cookies_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Cookie ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         2
12 |     end
13 | 
14 |     easy_test { expect(issues.map { |i| i.vector.name }.sort).to eq %w(cookie cookie2).sort }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/insecure_cookies_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Cookie ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         3
12 |     end
13 | 
14 |     easy_test { expect(issues.map { |i| i.vector.name }.sort).to eq %w(cookie cookie2 jscookie).sort }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     it 'logs hosts with a wildcard Access-Control-Allow-Origin' do
15 |         options.url = "#{url}/vulnerable"
16 |         run
17 |         expect(issues).to be_any
18 |     end
19 | 
20 |     it 'does not log hosts without a wildcard Access-Control-Allow-Origin' do
21 |         options.url = "#{url}/safe"
22 |         run
23 |         expect(issues).to be_empty
24 |     end
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/mixed_resource_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         2
12 |     end
13 | 
14 |     use_https
15 |     easy_test
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/password_autocomplete_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         2
12 |     end
13 | 
14 |     easy_test { expect(issues.map { |i| i.vector.name_or_id }.sort).to eq %w(insecure insecure_2).sort }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/private_ip_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body, Element::Header ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         2
12 |     end
13 | 
14 |     easy_test( false ) do
15 |         header_issue = issues.select { |i| i.vector.class == Element::Header }.first
16 |         expect(header_issue.vector.name).to eq 'Disclosure'
17 |         expect(header_issue.proof).to eq '192.168.1.121'
18 | 
19 |         body_issue  = issues.select { |i| i.vector.class == Element::Body }.first
20 |         expect(body_issue.proof).to eq '192.168.1.12'
21 |     end
22 | end
23 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/ssn_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Body ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test { expect(issues.find(&:trusted?)).to be_nil }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Form ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         2
12 |     end
13 | 
14 |     easy_test { expect(issues.map { |i| i.vector.affected_input_name }.sort).to eq %w(insecure insecure_2).sort }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/grep/x_frame_options_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     it 'logs hosts missing the header' do
15 |         options.url = "#{url}/vulnerable"
16 |         run
17 |         expect(issues).to be_any
18 |     end
19 | 
20 |     it 'does not log hosts with the header' do
21 |         options.url = "#{url}/safe"
22 |         run
23 |         expect(issues).to be_empty
24 |     end
25 | 
26 |     it 'does not log hosts non-200 pages' do
27 |         options.url = "#{url}/non-200"
28 |         run
29 |         expect(issues).to be_empty
30 |     end
31 | end
32 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/htaccess_limit_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/http_put_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/insecure_client_access_policy_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/insecure_cross_domain_policy_access_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/insecure_cross_domain_policy_headers_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/localstart_asp_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/origin_spoof_access_restriction_bypass_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         8
12 |     end
13 | 
14 |     easy_test
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/webdav_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test { expect(issues.first.vector.url).to eq url }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/checks/passive/xst_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'check'
 5 | 
 6 |     def self.elements
 7 |         [ Element::Server ]
 8 |     end
 9 | 
10 |     def issue_count
11 |         1
12 |     end
13 | 
14 |     easy_test { expect(issues.first.vector.url).to eq url }
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/components/fingerprinters/frameworks/cakephp_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Platform::Fingerprinters::CakePHP do
 4 |     include_examples 'fingerprinter'
 5 | 
 6 |     def platforms
 7 |         [:php, :cakephp]
 8 |     end
 9 | 
10 |     context 'when there is a CAKEPHP cookie' do
11 |         it 'identifies it as CakePHP' do
12 |             check_platforms Arachni::Page.from_data(
13 |                 url:     'http://stuff.com/blah',
14 |                 cookies: [Arachni::Cookie.new(
15 |                               url: 'http://stuff.com/blah',
16 |                               inputs: { 'CAKEPHP' => 'stuff' } )]
17 | 
18 |             )
19 |         end
20 |     end
21 | 
22 | end
23 | 


--------------------------------------------------------------------------------
/spec/components/fingerprinters/frameworks/symphony_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe Arachni::Platform::Fingerprinters::Symfony do
 4 |     include_examples 'fingerprinter'
 5 | 
 6 |     def platforms
 7 |         [:php, :symfony]
 8 |     end
 9 | 
10 |     context 'when there is a symfony cookie' do
11 |         it 'identifies it as Symfony' do
12 |             check_platforms Arachni::Page.from_data(
13 |                 url:     'http://stuff.com/blah',
14 |                 cookies: [Arachni::Cookie.new(
15 |                               url:    'http://stuff.com/blah',
16 |                               inputs: { 'symfony' => 'stuff' } )]
17 | 
18 |             )
19 |         end
20 |     end
21 | 
22 | end
23 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/anchors_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com'
11 |         ]
12 |     end
13 | 
14 |     def text
15 |         results.map { |u| "<a href='#{u}'>Stuff</a>" }.join
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/areas_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com'
11 |         ]
12 |     end
13 | 
14 |     def text
15 |         results.map { |u| "<area href='#{u}'>Stuff</area>" }.join
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/comments_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             '/stuff/here.php',
 9 |             '/stuff/here',
10 |             '/other/stuff/here.php'
11 |         ]
12 |     end
13 | 
14 |     def text
15 |         <<-HTML
16 |             <!-- Blah blah: /stuff/here.php -->
17 | <!--
18 | /other/stuff/here.php
19 | -->
20 |             <!-- <style type="text/css"> stuff: here; </style> -->
21 | 
22 |             <div>Blah blah...</div>
23 | 
24 |             <!--Pre blah /stuff/here post blah -->
25 |         HTML
26 |     end
27 | 
28 |     easy_test
29 | end
30 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/data_url_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com',
11 |             'test.gr'
12 |         ]
13 |     end
14 | 
15 |     def text
16 |         <<EOHTML
17 |         <a class="test" data-url= 'http://test.com'>1</a> <span data-url= 'test.com'>2</span>
18 |         <div data-url = 'test' id=blah>2</div> <p data-url=test.gr >3</p>
19 | EOHTML
20 |     end
21 | 
22 |     easy_test
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/forms_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com'
11 |         ]
12 |     end
13 | 
14 |     def text
15 |         results.map { |u| "<form action='#{u}'>Stuff</form>" }.join
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/frames_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com',
11 |             'iframe.com'
12 |         ]
13 |     end
14 | 
15 |     def text
16 |         results[0...-1].map { |u| "<frame src='#{u}' />" }.join + "<iframe src='iframe.com' />"
17 |     end
18 | 
19 |     easy_test
20 | end
21 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/generic_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'https://test.com',
10 |             'http://blah.com',
11 |             'https://blah.com'
12 |         ]
13 |     end
14 | 
15 |     def text
16 |         <<-HTML
17 |             <script>
18 |                 var url  = 'http://test.com';
19 |                 var url2 = "https://test.com";
20 |             </script>
21 | 
22 |             http://blah.com
23 |             https://blah.com
24 |         HTML
25 |     end
26 | 
27 |     easy_test
28 | end
29 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/links_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com'
11 |         ]
12 |     end
13 | 
14 |     def text
15 |         results.map { |u| "<link href='#{u}'>Stuff</link>" }.join
16 |     end
17 | 
18 |     easy_test
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/meta_refresh_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'http://test.com/ /d',
10 |             'test.com',
11 |             'http://test2.com'
12 |         ]
13 |     end
14 | 
15 |     def text
16 |         <<-HTML
17 |             <meta http-equiv="refresh" content="5">
18 |             <meta http-equiv="refreSH" content="5;URL='test.com'">
19 |             <meta http-equiv="Refresh" content='0;URL="http://test.com"'>
20 |             <meta http-equiv="Refresh" content='0;URL="http://test.com/ /d"'>
21 |             <meta http-equiv="refResh" content='0;URL= http://test2.com '>
22 |         HTML
23 |     end
24 | 
25 |     easy_test
26 | end
27 | 


--------------------------------------------------------------------------------
/spec/components/path_extractors/scripts_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'path_extractor'
 5 | 
 6 |     def results
 7 |         [
 8 |             'http://test.com',
 9 |             'test',
10 |             'test.com',
11 |             '/test/stuff2.php'
12 |         ]
13 |     end
14 | 
15 |     def text
16 |         s = <<SCRIPT
17 |         <script>
18 |             /*Blah.1*/
19 |             //Blah.2
20 |             var path = "/test/stuff2.php"
21 |             var ignore = "test/stuff2"
22 |         </script>
23 | SCRIPT
24 | 
25 |         s + [
26 |             'http://test.com',
27 |             'test',
28 |             'test.com'
29 |         ].map { |u| "<script src='#{u}'>Stuff</script>" }.join
30 |     end
31 | 
32 |     easy_test
33 | end
34 | 


--------------------------------------------------------------------------------
/spec/components/plugins/meta/remedies/discovery_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'plugin'
 5 | 
 6 |     before( :all ) do
 7 |         options.url = url
 8 |         options.audit.element :forms
 9 | 
10 |         framework.checks.load :common_files
11 |     end
12 | 
13 |     context 'when issues have similar response bodies' do
14 |         it 'marks them as untrusted and adds remarks' do
15 |             run
16 | 
17 |             framework.report.issues.each do |issue|
18 |                 expect(issue).to be_untrusted
19 |                 expect(issue.remarks).to include :meta_analysis
20 |             end
21 |         end
22 |     end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/components/plugins/restrict_to_dom_state_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'plugin'
 5 | 
 6 |     before( :all ) do
 7 |         options.url = url
 8 |     end
 9 | 
10 |     it 'audits only the page at the specific DOM state' do
11 |         options.plugins[component_name] = { 'fragment' => 'stuff/blah' }
12 | 
13 |         run
14 |         expect(framework.sitemap).to eq({ "#{options.url}#stuff/blah" => 200 })
15 |     end
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/components/plugins/script_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'plugin'
 5 | 
 6 |     it 'executes a Ruby script under the scope of the running plugin' do
 7 |         options.url = web_server_url_for(:framework)
 8 |         options.plugins[component_name] = { 'path' => fixtures_path + '/script_plugin.rb' }
 9 | 
10 |         run
11 |         expect(actual_results).to eq('I\'m a script!')
12 |     end
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/components/reporters/ap_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     # Not much to test here, if there's not an exception then we're cool.
 7 |     test_with_full_report
 8 |     test_with_empty_report
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/components/reporters/html_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     # if there's not an exception then we're cool, for now...
 7 |     test_with_full_report
 8 |     test_with_empty_report
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/components/reporters/json_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     test_with_full_report do
 7 |         json = IO.read( outfile ).force_encoding( 'UTF-8' )
 8 |         expect(JSON.pretty_generate( full_report.to_hash )).to eq(json)
 9 |         expect(JSON.load( json ).is_a?( Hash )).to be_truthy
10 |     end
11 | 
12 |     test_with_empty_report do
13 |         json = IO.read( outfile )
14 |         expect(JSON.pretty_generate( empty_report.to_hash )).to eq(json)
15 |         expect(JSON.load( json ).is_a?( Hash )).to be_truthy
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/components/reporters/marshal_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     test_with_full_report do
 7 |         expect(Marshal.dump( full_report.to_h )).to eq(IO.read( outfile ))
 8 |     end
 9 | 
10 |     test_with_empty_report do
11 |         expect(Marshal.dump( empty_report.to_h )).to eq(IO.read( outfile ))
12 |     end
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/components/reporters/stdout_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     # Not much to test here, if there's not an exception then we're cool.
 7 |     test_with_full_report
 8 |     test_with_empty_report
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/components/reporters/txt_spec.rb:
--------------------------------------------------------------------------------
1 | require 'spec_helper'
2 | 
3 | describe name_from_filename do
4 |     include_examples 'reporter'
5 | 
6 |     test_with_full_report
7 |     test_with_empty_report
8 | end
9 | 


--------------------------------------------------------------------------------
/spec/components/reporters/xml_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     # Validates itself via the XSD.
 7 |     test_with_full_report
 8 |     test_with_empty_report
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/components/reporters/yaml_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe name_from_filename do
 4 |     include_examples 'reporter'
 5 | 
 6 |     test_with_full_report do
 7 |         expect(full_report.to_h.to_yaml.recode).to eq(
 8 |             IO.read( outfile ).force_encoding( 'UTF-8' )
 9 |         )
10 |     end
11 | 
12 |     test_with_empty_report do
13 |         expect(empty_report.to_h.to_yaml).to eq(IO.binread( outfile ))
14 |     end
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/external/wavsep/false_positives/lfi_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'WAVSEP false-positive Local File Inclusion' do
 4 |     include_examples 'wavsep'
 5 | 
 6 |     def self.methods
 7 |         ['GET']
 8 |     end
 9 | 
10 |     def self.test_cases( http_method )
11 |         {
12 |             'Local File Inclusion' => {
13 |                 url:        "LFI/LFI-FalsePositives-#{http_method}/",
14 |                 checks:     [:file_inclusion, :path_traversal, :source_code_disclosure],
15 |                 vulnerable: []
16 |             }
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/external/wavsep/false_positives/obsolete_files_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'WAVSEP false-positive obsolete-files' do
 4 |     include_examples 'wavsep'
 5 | 
 6 |     def self.methods
 7 |         ['GET']
 8 |     end
 9 | 
10 |     def self.test_cases( http_method )
11 |         {
12 |             'Obsolete files' => {
13 |                 url:        "Obsolete-Files/ObsoleteFile-FalsePositives-#{http_method}/",
14 |                 checks:     [:backup_files, :backup_directories, :common_files, :common_directories],
15 |                 vulnerable: []
16 |             }
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/external/wavsep/false_positives/rfi_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'WAVSEP false-positive Remote File Inclusion' do
 4 |     include_examples 'wavsep'
 5 | 
 6 |     def self.methods
 7 |         ['GET']
 8 |     end
 9 | 
10 |     def self.test_cases( http_method )
11 |         {
12 |             'Remote File Inclusion' => {
13 |                 url:        "RFI/RFI-FalsePositives-#{http_method}/",
14 |                 checks:     :rfi,
15 |                 vulnerable: []
16 |             }
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/external/wavsep/false_positives/sqli_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'WAVSEP false-positive SQL injection' do
 4 |     include_examples 'wavsep'
 5 | 
 6 |     def self.methods
 7 |         ['GET']
 8 |     end
 9 | 
10 |     def self.test_cases( http_method )
11 |         {
12 |             'SQL Injection' => {
13 |                 url:        "SQL-Injection/SInjection-FalsePositives-#{http_method}/",
14 |                 checks:     'sql_injection*',
15 |                 vulnerable: []
16 |             }
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/external/wavsep/false_positives/unvalidated_redirect_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'WAVSEP false-positive unvalidated redirect' do
 4 |     include_examples 'wavsep'
 5 | 
 6 |     def self.methods
 7 |         ['GET']
 8 |     end
 9 | 
10 |     def self.test_cases( http_method )
11 |         {
12 |             'Unvalidated redirect' => {
13 |                 url:        "Unvalidated-Redirect/Redirect-FalsePositives-#{http_method}/",
14 |                 checks:     [:unvalidated_redirect],
15 |                 vulnerable: []
16 |             }
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/external/wavsep/false_positives/xss_spec.rb:
--------------------------------------------------------------------------------
 1 | require 'spec_helper'
 2 | 
 3 | describe 'WAVSEP false-positive XSS' do
 4 |     include_examples 'wavsep'
 5 | 
 6 |     def self.methods
 7 |         ['GET']
 8 |     end
 9 | 
10 |     def self.test_cases( http_method )
11 |         {
12 |             'Reflected Cross Site Scripting' => {
13 |                 url:     "Reflected-XSS/RXSS-FalsePositives-#{http_method}/",
14 |                 checks:  'xss*',
15 |                 vulnerable: []
16 |             }
17 |         }
18 |     end
19 | 
20 |     easy_test
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/support/factories/browser/javascript/taint_tracer/frame.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :frame_data do
 2 |     {
 3 |         function: Factory[:called_function],
 4 |         line:     202
 5 |     }
 6 | end
 7 | 
 8 | Factory.define :frame do
 9 |     Arachni::Browser::Javascript::TaintTracer::Frame.new( Factory[:frame_data] )
10 | end
11 | 


--------------------------------------------------------------------------------
/spec/support/factories/browser/javascript/taint_tracer/frame/called_function.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :called_function_data do
 2 |     {
 3 |         name:      'stuff',
 4 |         source:    'function stuff(blah, blooh){ function ha(){} }',
 5 |         arguments: %w(blah-val blooh-val)
 6 |     }
 7 | end
 8 | 
 9 | Factory.define :called_function do
10 |     Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction.new( Factory[:called_function_data] )
11 | end
12 | 


--------------------------------------------------------------------------------
/spec/support/factories/browser/javascript/taint_tracer/sink/data_flow.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :data_flow_data do
 2 |     {
 3 |         function:               Factory[:called_function],
 4 |         object:                 '[object DOMWindow]',
 5 |         tainted_value:          Factory[:called_function].arguments.first,
 6 |         tainted_argument_index: 0,
 7 |         taint:                  Factory[:called_function].arguments.first,
 8 |         trace:                  [ Factory[:frame] ]
 9 |     }
10 | end
11 | 
12 | Factory.define :data_flow do
13 |     Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow.new( Factory[:data_flow_data] )
14 | end
15 | 


--------------------------------------------------------------------------------
/spec/support/factories/browser/javascript/taint_tracer/sink/execution_flow.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :execution_flow_data do
 2 |     {
 3 |         data:  ['arguments'],
 4 |         trace: [ Factory[:frame] ]
 5 |     }
 6 | end
 7 | 
 8 | Factory.define :execution_flow do
 9 |     Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow.new( Factory[:execution_flow_data] )
10 | end
11 | 


--------------------------------------------------------------------------------
/spec/support/factories/browser_cluster/job.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :custom_job do
 2 |     class CustomJob < Arachni::BrowserCluster::Job
 3 |         class Result < Arachni::BrowserCluster::Job::Result
 4 |             attr_accessor :my_data
 5 |         end
 6 | 
 7 |         def run
 8 |             sleep 0.1
 9 |             save_result my_data: 'Some stuff'
10 |         end
11 |     end
12 | 
13 |     CustomJob.new
14 | end
15 | 
16 | Factory.define :sleep_job do
17 |     class CustomJob < Arachni::BrowserCluster::Job
18 |         class Result < Arachni::BrowserCluster::Job::Result
19 |             attr_accessor :my_data
20 |         end
21 | 
22 |         def run
23 |             loop { sleep 1 }
24 |         end
25 |     end
26 | 
27 |     CustomJob.new
28 | end
29 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/body.rb:
--------------------------------------------------------------------------------
1 | Factory.define :body do
2 |     Arachni::Element::Body.new 'http://test.com/'
3 | end
4 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/cookie.rb:
--------------------------------------------------------------------------------
1 | Factory.define :cookie, class: Arachni::Element::Cookie,
2 |                options: {
3 |                    url:    'http://test.com',
4 |                    inputs: { stuff: 1 },
5 |                }
6 | 
7 | Factory.alias :cookie_dom, :cookie
8 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/form.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :form, class: Arachni::Element::Form,
 2 |                options: {
 3 |                    url:    'http://test.com',
 4 |                    inputs: { stuff: 1 }
 5 |                }
 6 | 
 7 | Factory.define :form_dom, class: Arachni::Element::Form,
 8 |                options: {
 9 |                    url:    'http://test.com',
10 |                    inputs: { stuff: 1 },
11 |                    source: '<form><inputs name="stuff" value="1">'
12 |                }
13 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/generic_dom.rb:
--------------------------------------------------------------------------------
1 | Factory.define :genericdom do
2 |     Arachni::Element::GenericDOM.new(
3 |         url:        Factory[:dom].url,
4 |         transition: Factory[:input_transition]
5 |     )
6 | end
7 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/header.rb:
--------------------------------------------------------------------------------
1 | Factory.define :header, class: Arachni::Element::Header,
2 |                options: {
3 |                    url:    'http://test.com',
4 |                    inputs: { stuff: 1 },
5 |                }
6 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/json.rb:
--------------------------------------------------------------------------------
1 | Factory.define :json, class: Arachni::Element::JSON,
2 |                options: {
3 |                    url:    'http://test.com',
4 |                    inputs: { stuff: 1 }
5 |                }
6 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/link.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :link, class: Arachni::Element::Link,
 2 |                options: {
 3 |                    url:    'http://test.com',
 4 |                    inputs: { stuff: 1 }
 5 |                }
 6 | 
 7 | Factory.define :link_dom, class: Arachni::Element::Link,
 8 |                options: {
 9 |                    url:  'http://test.com',
10 |                    source: '<a href="#/?link-dom-input=1">a</a>'
11 |                }
12 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/link_template.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :link_template, class: Arachni::Element::LinkTemplate,
 2 |                options: {
 3 |                    url:      'http://test.com/input1/value1/input2/value2',
 4 |                    template: /input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/
 5 |                }
 6 | 
 7 | Factory.define :link_template_dom, class: Arachni::Element::LinkTemplate,
 8 |                options: {
 9 |                    url:  'http://test.com/#/input1/value1/input2/value2',
10 |                    source: '<a href="#/input1/value1/input2/value2">a</a>'
11 |                }
12 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/path.rb:
--------------------------------------------------------------------------------
1 | Factory.define :path do
2 |     Arachni::Element::Path.new 'http://test.com/'
3 | end
4 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/server.rb:
--------------------------------------------------------------------------------
1 | Factory.define :server do
2 |     Arachni::Element::Server.new 'http://test.com/'
3 | end
4 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/ui_form.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :ui_form, class: Arachni::Element::UIForm,
 2 |                options: {
 3 |                    url:          'http://test.com',
 4 |                    source:       '<button id="myname" />',
 5 |                    method:       'click',
 6 |                    inputs:       { 'my-input' => 'stuff' },
 7 |                    opening_tags: {
 8 |                        'my-input' => "<input id=\"my-input\" type=\"text\" value=\"stuff\">"
 9 |                    }
10 |                }
11 | 
12 | Factory.define :ui_form_dom do
13 |     Factory[:ui_form].dom
14 | end
15 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/ui_input.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :ui_input, class: Arachni::Element::UIInput,
 2 |                options: {
 3 |                    url:    'http://test.com',
 4 |                    source: '<input id="myname" />',
 5 |                    method: 'input',
 6 |                    inputs: {
 7 |                        'myname' => ''
 8 |                    }
 9 |                }
10 | 
11 | Factory.define :ui_input_dom do
12 |     Factory[:ui_input].dom
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/support/factories/element/xml.rb:
--------------------------------------------------------------------------------
1 | Factory.define :xml, class: Arachni::Element::XML,
2 |                options: {
3 |                    url:    'http://test.com',
4 |                    source: '<input>value</input>'
5 |                }
6 | 


--------------------------------------------------------------------------------
/spec/support/factories/http/request.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :request do
 2 |     Arachni::HTTP::Request.new(
 3 |         url:    'http://a-url.com/',
 4 |         method: :get,
 5 |         headers: {
 6 |             'req-header-name' => 'req header value'
 7 |         }
 8 |     )
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/support/factories/page.rb:
--------------------------------------------------------------------------------
 1 | Factory.define :page do
 2 |     Arachni::Page.new(
 3 |         response: Factory[:response],
 4 |         dom:      Factory[:dom_data]
 5 |     # Load all elements to populate metadata and the like but clear the cache.
 6 |     ).tap(&:elements).tap(&:clear_cache)
 7 | end
 8 | 
 9 | Factory.define :empty_page do
10 |     Arachni::Page.from_data(
11 |         response: {
12 |             code: 0,
13 |             url:  Factory[:response].url
14 |         }
15 |     )
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/cookies.txt:
--------------------------------------------------------------------------------
 1 | # comment, should be ignored
 2 | .domain.com	TRUE	/path/to/somewhere	TRUE	Tue, 02 Oct 9999 19:25:57 GMT	first_name	first_value
 3 | 
 4 | # ignored again
 5 | another-domain.com	FALSE	/	FALSE	second_name	second_value
 6 | 
 7 | # with expiry date as seconds since epoch
 8 | .blah-domain	TRUE	/	FALSE	2596981560	coo%40ki+e2	blah+val2%40
 9 | 
10 | # with expiry date of 0
11 | 192.168.1.1	FALSE	/	FALSE	0	_superapp_session	MzE4OjEzNzU0Mzc0OTc4NDI6MmY3YzkxMTkwZDE5MTRmNjBlYjY4OGQ5ZjczMTU1ZTQzNGM2Y2IwNA%3D%3D
12 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/empty/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/spec/support/fixtures/empty/placeholder


--------------------------------------------------------------------------------
/spec/support/fixtures/fingerprinters/test.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | module Arachni
10 | module Platform::Fingerprinters
11 | 
12 | #
13 | # Identifies Apache web servers.
14 | #
15 | # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
16 | #
17 | # @version 0.1
18 | #
19 | class Test < Platform::Fingerprinter
20 | 
21 |     def run
22 |         platforms << :unix << :apache
23 |     end
24 | 
25 | end
26 | 
27 | end
28 | end
29 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/nested_cookies.txt:
--------------------------------------------------------------------------------
 1 | # comment, should be ignored
 2 | .domain.com	TRUE	/path/to/somewhere	TRUE	Tue, 02 Oct 9999 19:25:57 GMT	name	first_name=first_value
 3 | 
 4 | # ignored again
 5 | another-domain.com	FALSE	/	FALSE	name	second_name=second_value
 6 | 
 7 | # with expiry date as seconds since epoch
 8 | .blah-domain	TRUE	/	FALSE	1596981560	name	coo%40ki+e2=blah+val2%40
 9 | 
10 | # with expiry date of 0
11 | 192.168.1.1	FALSE	/	FALSE	0	name	third_name=third_value
12 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/option_groups/input.yml:
--------------------------------------------------------------------------------
1 | !ruby/regexp /test/: blah
2 | other-test: blah2
3 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/passwords.txt:
--------------------------------------------------------------------------------
 1 | admin
 2 | password
 3 | manager
 4 | letmein
 5 | cisco
 6 | default
 7 | root
 8 | apc
 9 | pass
10 | security
11 | user
12 | system
13 | sys
14 | none
15 | xampp
16 | wampp
17 | ppmax2011 
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins/loop.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::Loop < Arachni::Plugin::Base
10 | 
11 |     def run
12 |         loop { sleep 1 }
13 |     end
14 | 
15 |     def self.info
16 |         {
17 |             name:        '',
18 |             description: %q{},
19 |             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
20 |             version:     '0.1'
21 |         }
22 |     end
23 | 
24 | end
25 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p0.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::P0 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'P0',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |             priority: 0
15 |         }
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p00.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::P00 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'P00',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |             priority: 0
15 |         }
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p1.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::P1 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'P1',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |             priority: 1
15 |         }
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p2.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::P2 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'P2',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |             priority: 2
15 |         }
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p22.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::P22 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'P22',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |             priority: 2
15 |         }
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p222.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::P222 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'P222',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |             priority: 2
15 |         }
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p_nil.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::PNIL < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'PNIL',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |         }
15 |     end
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/plugins_with_priorities/p_nil2.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Plugins::PNIL2 < Arachni::Plugin::Base
10 |     def self.info
11 |         {
12 |             name:     'PNIL2',
13 |             author:   'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
14 |         }
15 |     end
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/report.afr:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/spec/support/fixtures/report.afr


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::WithFormatters::PluginFormatters::Foobar < Arachni::Plugin::Formatter
10 |     def run
11 |         @results
12 |     end
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/base_spec/with_formatters.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::WithFormatters < Arachni::Reporter::Base
10 | 
11 |     def run
12 |         File.open( 'with_formatters', 'w' ) { |f| f.write( format_plugin_results ) }
13 |     end
14 | 
15 | end
16 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/base_spec/with_outfile.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::WithOutfile < Arachni::Reporter::Base
10 |     def run
11 |     end
12 | 
13 |     def self.info
14 |         super.merge( options: [ Arachni::Reporter::Options.outfile('.stuff') ] )
15 |     end
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/base_spec/without_outfile.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::WithoutOutfile < Arachni::Reporter::Base
10 |     def run
11 |     end
12 | end
13 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/manager_spec/afr.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::AFR < Arachni::Reporter::Base
10 |     def run
11 |         File.open( "afr", "w" ) {}
12 |     end
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/manager_spec/error.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::Error < Arachni::Reporter::Base
10 | 
11 |     def run
12 |         fail
13 |     end
14 | 
15 |     def self.info
16 |         super.merge( options: [ Options.outfile( 'foo' ) ] )
17 |     end
18 | end
19 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/reporters/manager_spec/foo.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | class Arachni::Reporters::Foo < Arachni::Reporter::Base
10 | 
11 |     def run
12 |         File.open( "foo", "w" ) {}
13 |     end
14 | 
15 |     def self.info
16 |         super.merge( options: [ Options.outfile( 'foo' ) ] )
17 |     end
18 | end
19 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/script_plugin.rb:
--------------------------------------------------------------------------------
1 | register_results 'I\'m a script!'
2 | 


--------------------------------------------------------------------------------
/spec/support/fixtures/usernames.txt:
--------------------------------------------------------------------------------
 1 | admin
 2 | manager
 3 | root
 4 | cisco
 5 | apc
 6 | pass
 7 | security
 8 | user
 9 | system
10 | sys
11 | wampp
12 | newuser
13 | xampp-dav-unsecure
14 | 


--------------------------------------------------------------------------------
/spec/support/helpers/browser.rb:
--------------------------------------------------------------------------------
1 | def browser_explore_check_pages( pages )
2 |     pages_should_have_form_with_input pages, 'by-ajax'
3 |     pages_should_have_form_with_input pages, 'from-post-ajax'
4 |     pages_should_have_form_with_input pages, 'ajax-token'
5 |     pages_should_have_form_with_input pages, 'href-post-name'
6 | end
7 | 


--------------------------------------------------------------------------------
/spec/support/helpers/framework.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | def issues
10 |     Arachni::Data.issues.all
11 | end
12 | 


--------------------------------------------------------------------------------
/spec/support/helpers/misc.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | def available_port
10 |     Arachni::Utilities.available_port
11 | end
12 | 


--------------------------------------------------------------------------------
/spec/support/helpers/paths.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | def name_from_filename
10 |     File.basename( caller.first.split( ':' ).first, '_spec.rb' )
11 | end
12 | 
13 | def spec_path
14 |     File.expand_path( File.dirname( File.absolute_path( __FILE__ )  ) + '/../../' ) + '/'
15 | end
16 | 
17 | def support_path
18 |     "#{spec_path}support/"
19 | end
20 | 
21 | def fixtures_path
22 |     "#{support_path}fixtures/"
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/support/helpers/requires.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | def require_lib( path )
10 |     require Arachni::Options.paths.lib + path
11 | end
12 | 
13 | def require_testee
14 |     require Kernel.caller.first.split( ':' ).first.
15 |                 gsub( '/spec/arachni', '/lib/arachni' ).gsub( '_spec', '' )
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/helpers/web_server.rb:
--------------------------------------------------------------------------------
 1 | =begin
 2 |     Copyright 2010-2022 Ecsypno <http://www.ecsypno.com>
 3 | 
 4 |     This file is part of the Arachni Framework project and is subject to
 5 |     redistribution and commercial restrictions. Please see the Arachni Framework
 6 |     web site for more information on licensing and terms of use.
 7 | =end
 8 | 
 9 | def web_server_manager
10 |     ENV['WEB_SERVER_DISPATCHER'] ? WebServerClient.instance : WebServerManager
11 | end
12 | 
13 | def web_server_url_for( *args )
14 |     web_server_manager.url_for( *args )
15 | end
16 | 
17 | def web_server_spawn( *args )
18 |     web_server_manager.spawn( *args )
19 | end
20 | 
21 | def web_server_killall
22 |     web_server_manager.killall
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/support/logs/placeholder:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/spec/support/logs/placeholder


--------------------------------------------------------------------------------
/spec/support/servers/arachni/browser/javascript.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require 'sinatra/contrib'
3 | 
4 | get '/' do
5 |     <<HTML
6 | HTML
7 | end
8 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/browser/javascript/proxy.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     <<EOHTML
 6 |     <html>
 7 |         <script>
 8 |             _#{params[:token]}ProxyTest = {
 9 |                 my_property: null,
10 |                 my_function: function( number, string, hash ) {
11 |                     return [number, string, hash]
12 |                 }
13 |             }
14 |         </script>
15 |     </html>
16 | EOHTML
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/element/body.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 |     'Match this!'
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/element/capabilities/analyzable/signature.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | set :logging, false
 4 | 
 5 | get '/' do
 6 |     <<-EOHTML
 7 |     <a href='?input=blah'>Inject here</a>
 8 |     #{params[:input]}
 9 | EOHTML
10 | end
11 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/element/cookie/cookie_dom.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     <<-EOHTML
 6 | <html>
 7 |     <head>
 8 |         <title></title>
 9 |     </head>
10 | 
11 |     <body>
12 |         <div id='container'>
13 |         </div>
14 | 
15 |         <script>
16 |             document.getElementById('container').innerHTML = decodeURIComponent(document.cookie);
17 |         </script>
18 |     </body>
19 | </html>
20 |     EOHTML
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'ap'
 3 | 
 4 | @@redirect_url ||= nil
 5 | 
 6 | get '/set-redirect' do
 7 |     @@redirect_url ||= params[:url]
 8 | end
 9 | 
10 | get '/test/index.html' do
11 |     response.headers['Content-Type'] = 'text/html'
12 |     "some content here for index page"
13 | end
14 | 
15 | get '*' do
16 |     response.headers['Content-Type'] = 'text/html'
17 |     redirect "#{@@redirect_url}/error/index.html", 302
18 | end
19 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/error/index.html' do
 4 |     response.headers['Content-Type'] = 'text/html'
 5 |     "custom page"
 6 | end
 7 | 
 8 | get '*' do
 9 |     status 404
10 |     "404 Not Found"
11 | end
12 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/http/proxy_server.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     'GET'
 5 | end
 6 | 
 7 | get '/sleep' do
 8 |     sleep 5
 9 | end
10 | 
11 | get '/text' do
12 |     content_type 'text/html; charset=ss'
13 | 
14 |     'Blah'.encode( 'ASCII-8BIT' )
15 | end
16 | 
17 | get '/binary' do
18 |     content_type 'application/binary'
19 | 
20 |     "\x01\x02\x03".encode( 'ASCII-8BIT' )
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/support/servers/arachni/http/proxy_server_https.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra/base'
 2 | require 'webrick'
 3 | require 'webrick/https'
 4 | require 'openssl'
 5 | 
 6 | options = {
 7 |     Port:            ARGV[1].to_i,
 8 |     Host:            ARGV[3],
 9 |     SSLEnable:       true,
10 |     SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
11 |     SSLCertName:     [["CN", WEBrick::Utils::getservername]],
12 | }
13 | 
14 | class HTTPSServer < Sinatra::Base
15 | 
16 |     get '/' do
17 |         'HTTPS GET'
18 |     end
19 | 
20 | end
21 | 
22 | server = ::Rack::Handler::WEBrick
23 | trap( :INT ) { server.shutdown }
24 | 
25 | server.run( HTTPSServer, options )
26 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/no_sql_injection/mongodb:
--------------------------------------------------------------------------------
1 | Fatal error: Uncaught exception 'MongoCursorException' with message '127.0.0.1:27017: SyntaxError: Unexpected token ILLEGAL' in /var/www/mongo.php:13 Stack trace: #0 /var/www/mongo.php(13): MongoCursor->rewind() #1 {main} thrown in /var/www/mongo.php on line 13
2 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/access:
--------------------------------------------------------------------------------
1 | JET Database Engine
2 | Access Database Engine
3 | [Microsoft][ODBC Microsoft Access Driver]
4 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/coldfusion:
--------------------------------------------------------------------------------
1 | [Macromedia][SQLServer JDBC Driver]
2 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/db2:
--------------------------------------------------------------------------------
1 | DB2 SQL error:
2 | [IBM][CLI Driver][DB2/6000]
3 | CLI Driver stuff DB2
4 | DB2 SQL error
5 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/emc:
--------------------------------------------------------------------------------
1 | [DM_QUERY_E_SYNTAX]
2 | has occurred in the vicinity of:
3 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/firebird:
--------------------------------------------------------------------------------
1 | Dynamic SQL Error
2 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/frontbase:
--------------------------------------------------------------------------------
1 | Exception condition 1. Transaction rollback.
2 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/hsqldb:
--------------------------------------------------------------------------------
1 | org.hsqldb.jdbc
2 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/informix:
--------------------------------------------------------------------------------
1 | An illegal character has been found in the statement
2 | com.informix.jdbc
3 | Exception stuff Informix
4 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/ingres:
--------------------------------------------------------------------------------
1 | Warning stuff ingres_
2 | Ingres SQLSTATE
3 | Ingres stuff Driver
4 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/interbase:
--------------------------------------------------------------------------------
1 | <b>Warning</b>: ibase_
2 | Unexpected end of command in statement
3 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/java:
--------------------------------------------------------------------------------
1 | org.hibernate.QueryException: unexpected char:
2 | org.hibernate.QueryException: expecting '
3 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/jdbc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Arachni/arachni/c1710d607a7a58e24f1fa980c495ce0f8c88a83d/spec/support/servers/checks/active/sql_injection/jdbc


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/maxdb:
--------------------------------------------------------------------------------
1 | SQL error stuff POS(1234) stuff
2 | Warning stuff maxdb stuff
3 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/mysql:
--------------------------------------------------------------------------------
 1 | supplied argument is not a valid MySQL
 2 | Column count doesn't match value count at row
 3 | mysql_fetch_array()
 4 | on MySQL result index
 5 | You have an error in your SQL syntax;
 6 | You have an error in your SQL syntax near
 7 | MySQL server version for the right syntax to use
 8 | [MySQL][ODBC
 9 | Column count doesn't match
10 | Table 'Stuff' doesn't exist
11 | SQL syntax stuff MySQL
12 | Warning stuff mysql_
13 | valid MySQL result
14 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/oracle:
--------------------------------------------------------------------------------
1 | ORA 9124
2 | java.sql.SQLException
3 | Oracle error
4 | Oracle stuff Driver
5 | Warning stuff oci_ stuff
6 | Warning stuff ora_ stuff
7 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/pgsql:
--------------------------------------------------------------------------------
 1 | PostgreSQL query failed:
 2 | supplied argument is not a valid PostgreSQL result
 3 | pg_query() [:
 4 | pg_exec() [:
 5 | PostgreSQL.*ERROR
 6 | Warning stuff pg_ stuff
 7 | valid PostgreSQL result
 8 | Npgsql.stuff
 9 | PG::StuFError
10 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/sqlite:
--------------------------------------------------------------------------------
1 | Warning stuff sqlite_
2 | SQLite/JDBCDriver
3 | SQLite.Exception
4 | System.Data.SQLite.SQLiteException
5 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/sql_injection/sybase:
--------------------------------------------------------------------------------
1 | Sybase message:
2 | Warning stuff sybase stuff
3 | Sybase stuff Server message stuff
4 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/xpath_injection/dotnet:
--------------------------------------------------------------------------------
1 | MS.Internal.Xml.
2 | error '80004005'
3 | Expression must evaluate to a node-set.
4 | <p>msxml4.dll</font>
5 | <p>msxml3.dll</font>
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/xpath_injection/general:
--------------------------------------------------------------------------------
 1 | A closing bracket expected in
 2 | An operand in Union Expression does not produce a node-set
 3 | Cannot convert expression to a number
 4 | Document Axis does not allow any context Location Steps
 5 | Empty Path Expression
 6 | Empty Relative Location Path
 7 | Empty Union Expression
 8 | Expected ')' in
 9 | Expected node test or name specification after axis operator
10 | Incompatible XPath key
11 | Incorrect Variable Binding
12 | A document must contain exactly one root element.
13 | Expected token ']'
14 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/xpath_injection/java:
--------------------------------------------------------------------------------
1 | XPathException
2 | Unknown error in XPath
3 | org.apache.xpath.XPath
4 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/xpath_injection/libxml2:
--------------------------------------------------------------------------------
1 | libxml2 library function failed
2 | xmlsec library function
3 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/active/xpath_injection/php:
--------------------------------------------------------------------------------
1 | xmlXPathEval: evaluation failed
2 | SimpleXMLElement::xpath()
3 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/check_server.rb:
--------------------------------------------------------------------------------
 1 | require_relative '../../../../lib/arachni'
 2 | 
 3 | def framework
 4 |     @@framework ||= Arachni::Framework.new
 5 | end
 6 | 
 7 | def current_check
 8 |     @@current_check ||=
 9 |         framework.checks[ File.basename( caller.first.split( ':' ).first, '.rb' ) ]
10 | end
11 | 
12 | def check_name
13 |     File.basename( caller.first.split( ':' ).first, '.rb' )
14 | end
15 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/allowed_methods.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | options '/' do
4 |     headers 'Allow' => 'OPTIONS, TRACE, GET, HEAD'
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/backdoors.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require_relative '../check_server'
3 | 
4 | get( '/' ){}
5 | current_check.filenames.each { |filename| get( "/#{filename}" ) { filename } }
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/backup_directories.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require_relative '../check_server'
 3 | 
 4 | get '/' do
 5 |     <<-HTML
 6 |         <a href="/some_directory/">Hit me</a>
 7 |     HTML
 8 | end
 9 | 
10 | get( '/some_directory/' ){}
11 | 
12 | current_check.formats.each do |format|
13 |     path = format.gsub( '[name]', 'some_directory' )
14 |     get '/' + path do
15 |         path
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/common_admin_interfaces.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require_relative '../check_server'
3 | 
4 | current_check.resources.each { |name| get( "/#{name}" ) { name } }
5 | 
6 | get( '/' ) {}
7 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/common_directories.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require_relative '../check_server'
3 | 
4 | current_check.directories.each { |name| get( "/#{name}/" ) { name } }
5 | 
6 | get( '/' ) {}
7 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/common_files.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require_relative '../check_server'
3 | 
4 | current_check.filenames.each { |name| get( "/#{name}" ) { name } }
5 | 
6 | get( '/' ) {}
7 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/directory_listing.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require_relative '../check_server'
 3 | 
 4 | def root
 5 |     File.expand_path( File.dirname( __FILE__ ) )
 6 | end
 7 | 
 8 | get '/' do
 9 |     <<-EOHTML
10 |         <a href="/some/path.crap?input=bloo">Path</a>
11 |     EOHTML
12 | end
13 | 
14 | get '/some/path.crap' do
15 |     <<-EOHTML
16 |         Blah blah blah...#{params['input']}
17 |     EOHTML
18 | end
19 | 
20 | get '/some*' do
21 |     req = URI.decode( env['PATH_INFO'].gsub( '/some', root ) ).gsub( '\\', '/' )
22 |     req << '/' if !req.end_with?( '/' )
23 | 
24 |     #ap req
25 |     if File.directory?( req )
26 |         Dir.glob( req + '*' ).join( '<br/>' )
27 |     elsif !File.exists?( req )
28 |         'Does not exist'
29 |     end
30 | end
31 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/captcha.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<-EOHTML
 5 |         <a href="/captcha">Captcha</a>
 6 |         <a href="/empty">Empty</a>
 7 |         <a href="/irrelevant">Irrelevant</a>
 8 |     EOHTML
 9 | end
10 | 
11 | get '/captcha' do
12 |     <<-EOHTML
13 |         <form>
14 |             <input name='CapTcha-32-Some_stuff' />
15 |         </form>
16 |     EOHTML
17 | end
18 | 
19 | get '/empty' do
20 |     ''
21 | end
22 | 
23 | get '/irrelevant' do
24 |     <<-EOHTML
25 |         Random crap here...
26 |     EOHTML
27 | end
28 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     response.set_cookie( 'cookie', {
 6 |         value:  'value',
 7 |         domain: '.localhost'
 8 |     })
 9 |     response.set_cookie( 'cookie2', {
10 |         value:  'value2',
11 |         domain: 'localhost'
12 |     })
13 |     response.set_cookie( 'cookie3', {
14 |         value:  'value3'
15 |     })
16 |     response.set_cookie( 'cookie4', {
17 |         value:  'value4'
18 |     })
19 | end
20 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/credit_card.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | NUMBERS = {
 5 |     amex:         378282246310005,
 6 |     amex_copr:    378734493671000,
 7 |     oz_bank_card: 5610591081018250,
 8 |     dinners:      30569309025904,
 9 |     discover:     6011111111111117,
10 |     jcb:          3530111333300000,
11 |     master:       5555555555554444,
12 |     visa:         4111111111111111,
13 |     pbs:          76009244561,
14 |     paymentech:   6331101999990016
15 | }
16 | 
17 | NUMBERS.each do |type, number|
18 |     get "/#{type}" do
19 |         number.to_s
20 |     end
21 | end
22 | 
23 | get '/' do
24 |     NUMBERS.keys.map do |type|
25 |         "<a href=\"#{type}\">#{type}</a> "
26 |     end.join
27 | end
28 | 
29 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/cvs_svn_users.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | KEYWORDS = {
 5 |     locker:  '$Locker: markd_locker $ ',
 6 |     author:  '$Author: markd_author $ ',
 7 |     id:      '$Id: https-test.pl 1081 2008-09-30 19:03:23Z john_id1 Exp $ ',
 8 |     id2:     '$Id: https-test.pl 1081 2008-09-30 19:03:23Z john_id2 $ ',
 9 |     header2: '$Header: /cvsweb/cvs-guide/keyword.html,v 1.3 1999/12/23 21:59:22 markd_header2 $ ',
10 |     header:  '$Header: /cvsweb/cvs-guide/keyword.html,v 1.3 1999/12/23 21:59:22 markd_header Exp $ '
11 | }
12 | 
13 | KEYWORDS.each do |type, string|
14 |     get "/#{type}" do
15 |         string
16 |     end
17 | end
18 | 
19 | get '/' do
20 |     KEYWORDS.keys.map do |type|
21 |         "<a href=\"#{type}\">#{type}</a> "
22 |     end.join
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/emails.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | ADDRESSES = [
 5 |     'tasos@does.not.exist.com',
 6 |     'tasos@example.com',
 7 |     'john@www.example.com',
 8 |     'john32.21d@example.com',
 9 |     'a.little.more.unusual@example.com',
10 |     'a.little.more.unusual[at]example[dot]com'
11 | ]
12 | 
13 | ADDRESSES.each.with_index  do |address, i|
14 |     get "/#{i}" do
15 |         address
16 |     end
17 | end
18 | 
19 | get '/' do
20 |     ADDRESSES.map.with_index do |type, i|
21 |         "<a href=\"#{i}\">#{i}</a> "
22 |     end.join
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/form_upload.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<-EOHTML
 5 |         <form name="upload-form">
 6 |             <input type="file" name="upload-me">
 7 |         </form>
 8 |     EOHTML
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/html_objects.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 |     <<-EOHTML
5 |         <object width="400" height="400" data="helloworld.swf"></object>
6 |     EOHTML
7 | end
8 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/http_only_cookies.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     response.set_cookie( "cookie", {
 6 |         value:    "value",
 7 |         httponly: false
 8 |     })
 9 |     response.set_cookie( "cookie2", {
10 |         value:    "value2",
11 |         httponly: false
12 |     })
13 |     response.set_cookie( "cookie3", {
14 |         value:    "value3",
15 |         httponly: true
16 |     })
17 |     response.set_cookie( "cookie4", {
18 |         value:    "value4",
19 |         httponly: true
20 |     })
21 | end
22 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/insecure_cors_policy.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/vulnerable' do
4 |     headers 'Access-Control-Allow-Origin' => '*'
5 | end
6 | 
7 | get '/safe' do
8 | end
9 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/private_ip.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<-EOHTML
 5 |         <a href="/body">Body</a>
 6 |         <a href="/header">Header</a>
 7 |     EOHTML
 8 | end
 9 | 
10 | get '/body' do
11 |     <<-EOHTML
12 |         192.168.1.12
13 |     EOHTML
14 | end
15 | 
16 | get '/header' do
17 |     headers 'Disclosure' => '192.168.1.121'
18 | end
19 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/ssn.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 |     'stuff 333-65-4320 v'
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/unencrypted_password_forms.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<-EOHTML
 5 |         <a href="/insecure">Insecure</a>
 6 |         <a href="/secure">Secure</a>
 7 |     EOHTML
 8 | end
 9 | 
10 | get '/insecure' do
11 |     <<-EOHTML
12 |         <form>
13 |             <input name='insecure' type='password' />
14 |         </form>
15 | 
16 |         <form>
17 |             <input name='insecure_2' type='password' />
18 |         </form>
19 | 
20 |         Will be ignored.
21 |         <form>
22 |             <input type='password' />
23 |         </form>
24 |     EOHTML
25 | end
26 | 
27 | get '/secure' do
28 |     <<-EOHTML
29 |         <form action="https://localhost/crap">
30 |             <input name='secure' type='password' />
31 |         </form>
32 |     EOHTML
33 | end
34 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/grep/x_frame_options.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/vulnerable' do
 4 |     headers 'X-Frame-Options' => ''
 5 | end
 6 | 
 7 | get '/safe' do
 8 |     headers 'X-Frame-Options' => 'DENY'
 9 | end
10 | 
11 | get '/non-200' do
12 |     headers 'X-Frame-Options' => ''
13 |     [404, 'Not found']
14 | end
15 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/htaccess_limit.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 |     status 401
5 | end
6 | 
7 | post '/' do
8 | end
9 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/http_put.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | put '/Arachni-*' do
4 |     body = request.body.read
5 |     self.class.get( env['REQUEST_PATH'] ) { body }
6 |     status 201
7 | end
8 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/insecure_client_access_policy.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/clientaccesspolicy.xml' do
 4 |     <<EOHTML
 5 | <allow-from http-request-headers="*">
 6 |     <domain uri="*"/>
 7 | </allow-from>
 8 | EOHTML
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/insecure_cross_domain_policy_access.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/crossdomain.xml' do
 4 |     <<EOHTML
 5 | <?xml version="1.0"?>
 6 | <!DOCTYPE cross-domain-policy SYSTEM
 7 | "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
 8 | <cross-domain-policy>
 9 |    <site-control permitted-cross-domain-policies="all"/>
10 |    <allow-access-from domain="*" secure="false"/>
11 | </cross-domain-policy>
12 | EOHTML
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/insecure_cross_domain_policy_headers.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/crossdomain.xml' do
 4 |     <<EOHTML
 5 | <?xml version="1.0"?>
 6 | <!DOCTYPE cross-domain-policy SYSTEM
 7 | "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
 8 | <cross-domain-policy>
 9 |    <site-control permitted-cross-domain-policies="all"/>
10 |    <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
11 | </cross-domain-policy>
12 | EOHTML
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/interesting_responses.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require_relative '../check_server'
3 | 
4 | current_check.acceptable.each { |code| get( "/#{code}" ) { status code; code.to_s + rand( 9999 ).to_s } }
5 | current_check.acceptable.each { |code| get( "/blah/#{code}" ) { status code; code.to_s + rand( 9999 ).to_s } }
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/localstart_asp.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/localstart.asp' do
4 |     status 401
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/origin_spoof_access_restriction_bypass.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | HEADERS = [
 4 |     'X-Forwarded-For',
 5 |     'X-Originating-IP',
 6 |     'X-Remote-IP',
 7 |     'X-Remote-Addr'
 8 | ].map { |h| "HTTP_#{h.gsub( '-', '_' ).upcase}" }
 9 | 
10 | ADDRESS = '127.0.0.1'
11 | 
12 | get '/' do
13 |     HEADERS.map do |header|
14 |         <<-EOHTML
15 |             <a href="#{header}/401">401</a>
16 |             <a href="#{header}/403">403</a>
17 |         EOHTML
18 |     end.join
19 | end
20 | 
21 | HEADERS.each do |header|
22 |     get "/#{header}/401" do
23 |         env[header] == '127.0.0.1' ? 200 : 401
24 |     end
25 | 
26 |     get "/#{header}/403" do
27 |         env[header] == '127.0.0.1' ? 200 : 403
28 |     end
29 | 
30 | end
31 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/webdav.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require_relative '../check_server'
 3 | 
 4 | get '/' do
 5 |     <<-HTML
 6 |         <a href="/safe">Safe</a>
 7 |         <a href="/empty">Empty</a>
 8 |     HTML
 9 | end
10 | 
11 | options '/' do
12 |     headers 'Allow' => 'STUFF, PROPFIND'
13 | end
14 | 
15 | get '/safe' do
16 | 
17 | end
18 | options '/safe' do
19 |     headers 'Allow' => ''
20 | end
21 | 
22 | get '/empty' do
23 | end
24 | options '/empty' do
25 | end
26 | 


--------------------------------------------------------------------------------
/spec/support/servers/checks/passive/xst.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require 'sinatra/multi_route'
3 | 
4 | route 'TRACE', '/' do
5 |     "TRACE / HTTP/1.1"
6 | end
7 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/autothrottle.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 | end
5 | 
6 | get '/slow' do
7 |     sleep 1
8 | end
9 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/content_types.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | TYPES = {
 4 |     css:   'text/css',
 5 |     png:   'image/png',
 6 |     excel: 'application/vnd.ms-excel',
 7 | }
 8 | 
 9 | get '/' do
10 |     TYPES.keys.map { |k| "<a href='#{k}'></a>" }.join
11 | end
12 | 
13 | TYPES.each do |k, v|
14 |     get "/#{k}" do
15 |         headers 'Content-Type' => v
16 |     end
17 | end
18 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/cookie_collector.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     cookies[:cookie1] = 'val1'
 6 | 
 7 |     <<-HTML
 8 |         <a href='/a_link'>A link</a>
 9 |         <a href='/update_cookie'>Update cookie</a>
10 |     HTML
11 | end
12 | 
13 | get '/a_link' do
14 |     cookies[:link_followed] = 'yay link!'
15 | end
16 | 
17 | get '/update_cookie' do
18 |     cookies[:link_followed] = 'updated link!'
19 |     cookies[:stuff] = 'blah'
20 | end
21 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/form_dicattack.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     <<-HTML
 6 |     <form method='post' name='login_form' action="/login">
 7 |         <input name='username' value='' />
 8 |         <input name='password' type='password' value='' />
 9 |         <input name='token' type='hidden' value='secret!' />
10 |     </form>
11 |     HTML
12 | end
13 | 
14 | post '/login' do
15 |     if params['username'] == 'sys' && params['password'] == 'admin' &&
16 |         params['token'] == 'secret!'
17 |         <<-HTML
18 |             Hello logged in user!
19 |             <a href='/congrats'>stuff</a>
20 |         HTML
21 |     else
22 |         'Boohoo...'
23 |     end
24 | end
25 | 
26 | get '/congrats' do
27 |     'Congrats!'
28 | end
29 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/headers_collector.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<EOHTML
 5 |         <a href="/1">1</a>
 6 |         <a href="/2">2</a>
 7 | EOHTML
 8 | end
 9 | 
10 | get '/1' do
11 |     headers['Weird'] = 'Value'
12 | end
13 | 
14 | get '/2' do
15 |     headers['Weird2'] = 'Value2'
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/healthmap.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<HTML
 5 |     <a href='/vuln?input=stuff'></a>
 6 |     <a href='/safe'></a>
 7 | HTML
 8 | end
 9 | 
10 | get '/safe' do
11 |     'stuff here'
12 | end
13 | 
14 | get '/vuln' do
15 |     params['input'].to_s
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/http_dicattack.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | use Rack::Auth::Basic do |username, password|
 4 |     [username, password] == %w(admin pass)
 5 | end
 6 | 
 7 | get '/' do
 8 |     'authenticated!'
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/http_dicattack_secure.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | use Rack::Auth::Basic do |username, password|
 4 |     [username, password] == %w(admin3434234342 pass)
 5 | end
 6 | 
 7 | get '/' do
 8 |     'authenticated!'
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/http_dicattack_unprotected.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 |     'blah'
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/login_script.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     cookies[:success] ||= 'false'
 6 | 
 7 |     if cookies[:success] == 'true'
 8 |         <<-HTML
 9 |             <a href='/congrats'>Hi there logged-in user!</a>
10 |         HTML
11 |     end
12 | end
13 | 
14 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/meta/remedies/discovery.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | require_relative '../../../checks/check_server'
3 | 
4 | framework.checks[:common_files].filenames.each do |name|
5 |     get( "/#{name}" ) { 'stuff' }
6 | end
7 | 
8 | get( '/' ) {}
9 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/meta/remedies/timing_attacks.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | # stupid to way to pretend vulnerability for :os_cmd_injection_timing
 4 | def eval( str )
 5 |     return if !str.to_s.strip.start_with?( 'ping' )
 6 | 
 7 |     if delay = str.to_s.gsub( /\D/, ' ' ).split( ' ' ).uniq.last
 8 |         sleep delay.to_i
 9 |     end
10 | end
11 | 
12 | get '/' do
13 |     <<-HTML
14 |         <form action='/trusted'>
15 |             <input name="trusted_input"/>
16 |         </form>
17 | 
18 |         <form action='/untrusted'>
19 |             <input name="untrusted_input"/>
20 |         </form>
21 |     HTML
22 | end
23 | 
24 | get '/trusted' do
25 |     eval( params['trusted_input'] )
26 | end
27 | 
28 | get '/untrusted' do
29 |     sleep( 4 )
30 |     eval( params['untrusted_input'] )
31 | end
32 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/restrict_to_dom_state.rb:
--------------------------------------------------------------------------------
1 | require 'sinatra'
2 | 
3 | get '/' do
4 | end
5 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/uncommon_headers.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | get '/' do
 4 |     <<EOHTML
 5 |         <a href="/1">1</a>
 6 |         <a href="/2">2</a>
 7 | EOHTML
 8 | end
 9 | 
10 | get '/1' do
11 |     headers['Weird'] = 'Value'
12 | end
13 | 
14 | get '/2' do
15 |     headers['Weird2'] = 'Value2'
16 | end
17 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/vector_collector.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'sinatra/contrib'
 3 | 
 4 | get '/' do
 5 |     cookies[:cookie1] = 'val1'
 6 | 
 7 |     <<-HTML
 8 |         <a href='/link?link_input=blah'>A link</a>
 9 |         <form method="post">
10 |             <input name="form-input" />
11 |         </form>
12 |     HTML
13 | end
14 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/waf_detector.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | 
 3 | def normal_response
 4 |     'Usual response...normal stuff'
 5 | end
 6 | 
 7 | def rejected
 8 |     'Piss off!'
 9 | end
10 | 
11 | def random
12 |     (0..100).map{ rand( 9999 ).to_s }.join
13 | end
14 | 
15 | @@request_cnt ||= 0
16 | 
17 | get '/positive' do
18 |     params.to_s.include?( 'script' ) ? rejected : normal_response
19 | end
20 | 
21 | get '/negative' do
22 |     normal_response
23 | end
24 | 
25 | get '/inconclusive' do
26 |     @@request_cnt += 1
27 | 
28 |     if params.empty?
29 |         normal_response
30 |     else
31 |         @@request_cnt % 2 == 0 ? rejected : normal_response
32 |     end
33 | end
34 | 


--------------------------------------------------------------------------------
/spec/support/servers/plugins/webhook_notify.rb:
--------------------------------------------------------------------------------
 1 | require 'sinatra'
 2 | require 'json'
 3 | 
 4 | post '/hook' do
 5 |     [
 6 |         request.env['CONTENT_TYPE'],
 7 |         request.body.read
 8 |     ].to_json
 9 | end
10 | 


--------------------------------------------------------------------------------
/spec/support/shared/element/capabilities/with_node.rb:
--------------------------------------------------------------------------------
 1 | shared_examples_for 'with_node' do |html|
 2 |     it_should_behave_like 'with_source', html
 3 | 
 4 |     let(:with_node) do
 5 |         subject.dup
 6 |     end
 7 | 
 8 |     describe '#node' do
 9 |         it 'returns the set node' do
10 |             node = with_node.node
11 |             expect(node.is_a?( Arachni::Parser::Nodes::Element )).to be_truthy
12 |             expect(node.to_s).to eq(Arachni::Parser.parse_fragment( with_node.source ).to_s)
13 |         end
14 |     end
15 | 
16 |     describe '#dup' do
17 |         let(:dupped) { with_node.dup }
18 | 
19 |         it 'preserves #node' do
20 |             expect(dupped.node.to_s).to eq(with_node.node.to_s)
21 |         end
22 |     end
23 | end
24 | 


--------------------------------------------------------------------------------
/spec/support/shared/element/capabilities/with_scope.rb:
--------------------------------------------------------------------------------
 1 | shared_examples_for 'with_scope' do
 2 | 
 3 |     let(:with_scope) do
 4 |         # Make sure the scope has been loaded.
 5 |         subject.scope
 6 |         subject
 7 |     end
 8 | 
 9 |     describe '#to_rpc_data' do
10 |         let(:data) { with_scope.to_rpc_data }
11 | 
12 |         it "does not include 'scope'" do
13 |             expect(data).not_to include 'scope'
14 |         end
15 |     end
16 | 
17 |     describe '#scope' do
18 |         it 'returns scope' do
19 |             expect(subject.scope).to be_kind_of described_class::Scope
20 |         end
21 |     end
22 | end
23 | 


--------------------------------------------------------------------------------
/spec/support/shared/element/dom/inputtable.rb:
--------------------------------------------------------------------------------
1 | shared_examples_for 'inputtable_dom' do |options = {}|
2 |     it_should_behave_like 'inputtable', options
3 | 
4 |     it 'does not support null bytes'
5 | end
6 | 


--------------------------------------------------------------------------------
/spec/support/shared/element/dom/locatable.rb:
--------------------------------------------------------------------------------
 1 | shared_examples_for 'locatable_dom' do
 2 | 
 3 |     describe '#locate' do
 4 |         it 'locates the live element' do
 5 |             called = false
 6 |             subject.with_browser do |browser|
 7 |                 subject.browser = browser
 8 |                 browser.load subject.page
 9 | 
10 |                 element = subject.locate
11 |                 expect(element).to be_kind_of Selenium::WebDriver::Element
12 |                 called = true
13 |             end
14 | 
15 |             subject.auditor.browser_cluster.wait
16 |             expect(called).to be_truthy
17 |         end
18 |     end
19 | 
20 | end
21 | 


--------------------------------------------------------------------------------
/spec/support/shared/element/dom/mutable.rb:
--------------------------------------------------------------------------------
1 | shared_examples_for 'mutable_dom' do |options = {}|
2 |     it_should_behave_like 'mutable', options.merge( supports_nulls: false )
3 | end
4 | 


--------------------------------------------------------------------------------
/spec/support/shared/fingerprinter.rb:
--------------------------------------------------------------------------------
 1 | shared_examples_for 'fingerprinter' do
 2 |     include_examples 'component'
 3 | 
 4 |     before :each do
 5 |         Arachni::Platform::Manager.reset
 6 |     end
 7 | 
 8 |     def check_platforms( page )
 9 |         platforms.each do |p|
10 |             expect(platforms_for( page )).to include p
11 |         end
12 |     end
13 | 
14 |     def platforms_for( page )
15 |         Arachni::Platform::Manager.reset
16 |         expect(page.platforms).to be_empty
17 | 
18 |         described_class.new( page ).run
19 |         page.platforms
20 |     end
21 | 
22 | end
23 | 


--------------------------------------------------------------------------------
/spec/support/shared/framework.rb:
--------------------------------------------------------------------------------
 1 | shared_examples_for 'framework' do
 2 | 
 3 |     before( :all ) do
 4 |         @url   = web_server_url_for( :auditor )
 5 |         @f_url = web_server_url_for( :framework )
 6 | 
 7 |         @options = Arachni::Options.instance
 8 |     end
 9 | 
10 |     before( :each ) do
11 |         reset_options
12 |         @options.paths.reporters = fixtures_path + '/reporters/manager_spec/'
13 |         @options.paths.checks    = fixtures_path + '/signature_check/'
14 | 
15 |         @f = Arachni::Framework.new
16 |         @f.options.url = @url
17 |     end
18 |     after( :each ) do
19 |         File.delete( @snapshot ) rescue nil
20 | 
21 |         @f.clean_up
22 |         @f.reset
23 |     end
24 | 
25 |     subject { @f }
26 | end
27 | 


--------------------------------------------------------------------------------