Commit bb79f618 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.4.3~git20130709

parent b520d69c
script: "bundle exec rake spec:core"
rvm:
- 1.9.2
- 1.9.3
branches:
only:
- master
- experimental
--no-private
--markup=markdown
--verbose
--title "Arachni - Web Application Security Scanner Framework"
fingerprinters/**/*.rb
path_extractors/**/*.rb
plugins/**/*.rb
reports/**/*.rb
......
......@@ -6,9 +6,16 @@ I’d like to thank:
- Mr. Colin Davis (owner of [Lonava.com](http://lonava.com/))
- The good folks from [KATHO.be](http://www.katho.be/)
- Scott Buffington (owner of [BrutalDeluxe.us](http://brutaldeluxe.us/))
- The people who preferred to remain anonymous
- The people who preferred to remain anonymous.
for allowing me to test Arachni against their websites during the early stages of development.
for allowing me to test Arachni against their websites during the early stages
of development.
All the people on [GitHub](http://github.com/Arachni/arachni/issues)
who have submitted bugs and given constructive feedback.
All the people on:
* [GitHub](http://github.com/Arachni/arachni/issues) who have submitted bugs and
given constructive feedback.
* The `CONTRIBUTORS.md` file.
Finally, a big thanks to the [RubyMine](http://www.jetbrains.com/ruby/) people
for providing their wonderful IDE to the Arachni project for free.
This diff is collapsed.
# Contributors
These are the people that helped improve Arachni either by submitting code, suggestions or testing it.
These are the people who helped improve Arachni either by submitting code,
suggestions or testing it.
- [Matías Aereal Aeón](http://mfsec.com.ar/), for general suggestions and beta testing.
- [Christos Chiotis](mailto:chris@survivetheinternet.com) for designing the new HTML report template.
- [Brandon Potter](mailto:bpotter8705@gmail.com) for the original "arachni_web_autostart" script
- [Christos Chiotis](mailto:chris@survivetheinternet.com) for designing the HTML report template.
- [Brandon Potter](mailto:bpotter8705@gmail.com) for the original "arachni_web_autostart" script.
- [Steve Pinkham](http://github.com/spinkham) for beta testing and patches.
- [Aung Khant](mailto:aungkhant@yehg.net) for general suggestions.
- [Herman Stevens](mailto:herman@astyran.com) for contributing recon modules.
- [Edwin van Andel](mailto:evanandel@yafsec.com) for contributing *BSD patches and testing the build script.
- [Dan Woodruff](mailto:daniel.woodruff@gmail.com) for contributing OSX patches and testing the build script.
- [Edwin van Andel](mailto:evanandel@yafsec.com) for contributing *BSD patches and testing the build scripts.
- [Dan Woodruff](mailto:daniel.woodruff@gmail.com) for contributing OSX patches and testing the build scripts.
- [Robert Gouin](mailto:rgouin@webmaxdb.com) for relentless testing.
- [Evan Beard](mailto:beard.evan@gmail.com) for feedback and patches.
- [Michael Borohovski](mailto:borski@mit.edu) for testing, feedback and patches.
- [Ben Sedat](mailto:bsedat@alum.mit.edu) for testing, feedback and patches.
A big thanks to my buddy [Andreas](mailto:rainmakergr@gmail.com) for the original spider drawing used in the project graphics.
A big thanks to my buddy [Andreas](mailto:rainmakergr@gmail.com) for the original
spider drawing used in the project graphics.
source :rubygems
source 'http://rubygems.org'
gem 'yard'
gem 'redcarpet'
gemspec
Arachni Web Application Security Scanner Framework
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
This product includes code from the Arachni Web Application Security Scanner Framework
developed by Tasos Laskos <tasos.laskos@gmail.com>.
......
This diff is collapsed.
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......@@ -15,7 +15,7 @@
=end
require 'bundler'
require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni/version'
require File.expand_path( File.dirname( __FILE__ ) ) + '/lib/arachni'
begin
require 'rspec'
......@@ -41,6 +41,48 @@ begin
RSpec::Core::RakeTask.new( :path_extractors ) do |t|
t.pattern = FileList[ "spec/path_extractors/**/*_spec.rb" ]
end
desc "Generate an AFR report for the report tests"
namespace :generate do
task :afr do
# Run the module tests and save all the issues to put them
# in our AFR report.
FileUtils.touch( "#{Dir.tmpdir}/save_issues" )
Rake::Task['spec:modules'].execute rescue nil
FileUtils.rm( "#{Dir.tmpdir}/save_issues" )
issues = []
File.open( "#{Dir.tmpdir}/issues.yml" ) do |f|
issues = YAML.load_documents( f ).flatten
end
200.times do |i|
# Add remarks to some issues.
issue = issues[rand( issues.size )]
issue.add_remark( :stuff, 'Blah' )
issue.add_remark( :stuff, 'Blah2' )
# Flag some issues are requiring manual verification.
issues[rand( issues.size )].verification = true
end
FileUtils.rm( "#{Dir.tmpdir}/issues.yml" )
Arachni::Options.url = 'http://test.com'
Arachni::Options.audit :forms, :links, :cookies, :headers
# Make all module constants available because the AuditStore
# will need them to make the necessary associations between them
# and the issues.
Arachni::Framework.new.modules.load_all
Arachni::AuditStore.new( issues: issues.uniq ).
save( 'spec/fixtures/auditstore.afr' )
Arachni::Options.reset
end
end
end
RSpec::Core::RakeTask.new
......@@ -50,7 +92,6 @@ rescue LoadError
end
desc "Generate docs"
task :docs do
outdir = "../arachni-docs"
......@@ -116,11 +157,7 @@ task :clean do
sh "rm *.marshal || true"
sh "rm *.gem || true"
sh "rm logs/*.log || true"
sh "rm spec/logs/*.log || true"
sh "rm lib/arachni/ui/web/server/db/*.* || true"
sh "rm lib/arachni/ui/web/server/db/welcomed || true"
sh "rm lib/arachni/ui/web/server/public/reports/*.* || true"
sh "rm lib/arachni/ui/web/server/tmp/*.* || true"
sh "rm spec/support/logs/*.log || true"
end
......
This diff is collapsed.
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......
#!/usr/bin/env ruby
=begin
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
=end
require_relative '../lib/arachni'
Arachni::Options.parse
require Arachni::Options.dir['lib'] + 'ui/cli/rpc/local'
Arachni::UI::CLI::RPC::Local.new
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......@@ -18,6 +18,6 @@
require_relative '../lib/arachni'
Arachni::Options.parse
require Arachni::Options.dir['lib'] + 'ui/rpc/rpc'
require Arachni::Options.dir['lib'] + 'ui/cli/rpc/remote'
Arachni::UI::RPC.new( Arachni::Options.instance ).run
Arachni::UI::CLI::RPC::Remote.new
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......@@ -20,6 +20,6 @@ require_relative '../lib/arachni'
Arachni::Options.no_protocol_for_url
Arachni::Options.parse
require Arachni::Options.dir['lib'] + 'ui/rpc/dispatcher_monitor'
require Arachni::Options.dir['lib'] + 'ui/cli/rpc/dispatcher_monitor'
Arachni::UI::DispatcherMonitor.new( Arachni::Options.instance ).run
Arachni::UI::CLI::RPC::DispatcherMonitor.new
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
......@@ -26,18 +26,18 @@ include UI::Output
Options.parse( false )
if Options.help
if Options.help || ARGV.empty?
puts <<EOHELP
#{BANNER}
Usage: #{__FILE__} file1 [file2] [..]
Usage: #{__FILE__} <script>
Pre-loads Arachni's libraries and loads and runs a series of Ruby scripts.
Pre-loads Arachni's libraries and loads and runs a Ruby script.
(Call the 'mute' method to mute framework output.)
EOHELP
exit
end
ARGV.each { |script| load script }
load ARGV.shift
#!/usr/bin/env ruby
=begin
Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
=end
root = File.expand_path( File.dirname( __FILE__ ) )
# the gemspec doesn't seem to able to handle shell scripts
# so we hack around it
exec <<END
echo "[>] Starting the Arachni Dispatch server..."
(#{root}/arachni_rpcd > arachni_rpcd.log) &
sleep 5
echo "[>] Starting the Arachni WebUI server..."
(#{root}/arachni_web > arachni_web.log) &
sleep 5
echo "[>] The web interface is at: http://127.0.0.1:4567"
echo "[>] --- It may take a while to startup, try refreshing the page a couple of times."
echo
echo "[>] Hit Ctrl+C to shut everything down."
while :
do
sleep 1
done
exit
END
The webui.yaml file holds configuration options for the Arachni WebUI
and any service that may be started or accessed by it such as RPC Dispatchers and Instances.
It currently contains only SSL options in the form of:
-------------------
ssl:
server:
enable:
key:
cert:
ca:
client:
enable:
key:
cert:
ca:
-------------------
Options under "server" refer to Arachni-RPC server.
Options under "client" refer to the RPC clients, such as the WebUI itself,
and used to communicate with Dispatchers and Instances.
key: private key
cert: certificate
ca: CA certificate
All the options must be paths to ".pem" files and the keys should *NOT* be encrypted.
If you use encrypted keys you will cripple the system.
It is very important that you set 'enable' to true when you configure any parameters.
\ No newline at end of file
ssl:
server:
enable:
key:
cert:
ca:
client:
enable:
key: