Class: Arachni::Options

Inherits:

Object

• Object
• Arachni::Options

Includes:

Singleton

Defined in:

lib/options.rb,
lib/rpc/xml/server/options.rb

Overview

Overrides the Options class adding support for direct options parsing.

Not much to look at but it streamlines XML-RPC server option handling.

@author: Tasos “Zapotek” Laskos

<tasos.laskos@gmail.com>
<zapotek@segfault.gr>

@version: 0.1

Constant Summary

PROFILE_EXT =

The extension of the profile files.

Returns:

• (String)

'.afp'

Instance Attribute Summary

• #arachni_verbose ⇒ Bool

  Be verbose?.

• #audit_cookies ⇒ Bool

  Should Arachni audit cookies?.

• #audit_forms ⇒ Bool

  Should Arachni audit forms?.

• #audit_headers ⇒ Bool

  Should Arachni audit HTTP headers?.

• #audit_links ⇒ Bool

  Should Arachni audit links?.

• #authed_by ⇒ String

  The person that authorized the scan<br/> It will be added to the HTTP “user-agent” and “from” headers.

• #cookie_jar ⇒ String

  Location of the cookiejar.

• #cookies ⇒ Hash

  To be populated by the framework.

• #debug ⇒ Bool

  Output debugging messages?.

• #delta_time ⇒ Object

  to be populated by the framework.

• #depth_limit ⇒ Integer

  How deep to go in the site structure?<br/> If nil, depth_limit = inf.

• #dir ⇒ Hash

  Holds absolute paths for the directory structure of the framework.

• #exclude ⇒ Array

  Exclude filters <br/> URL matching any of these patterns won’t be followed.

• #exclude_cookies ⇒ Array

  Cookies to exclude from audit<br/>.

• #finish_datetime ⇒ Object

  to be populated by the framework.

• #follow_subdomains ⇒ Bool

  Should the crawler follow subdomains?.

• #help ⇒ Bool

  Show help?.

• #http_harvest_last ⇒ Bool

  Harvest the HTTP responses for the whole site at the end or for each page?.

• #http_req_limit ⇒ Integer

  How many concurrent HTTP requests?.

• #include ⇒ Array

  Include filters <br/> Only URLs that match any of these patterns will be followed.

• #link_count_limit ⇒ Integer

  How many links to follow? If nil, link_count_limit = inf.

• #load_profile ⇒ Array

  Location of Arachni Framework Profile (.afp) files to load.

• #lsmod ⇒ Array<Regexp>

  List modules, based on regexps, and exit?.

• #lsplug ⇒ Object

  Returns the value of attribute lsplug.

• #lsrep ⇒ Bool

  List reports and exit?.

• #mods ⇒ Array

  Array of modules to load.

• #obey_robots_txt ⇒ Bool

  Should the crawler obery robots.txt files?.

• #only_positives ⇒ Bool

  Output only positive results during the audit?.

• #plugins ⇒ Object

  Returns the value of attribute plugins.

• #pool_size ⇒ Object

  Returns the value of attribute pool_size.

• #proxy_addr ⇒ String

  The address of the proxy server.

• #proxy_pass ⇒ String

  The proxy password.

• #proxy_port ⇒ String

  The port to connect on the proxy server.

• #proxy_type ⇒ String

  The proxy type.

• #proxy_user ⇒ String

  The proxy user.

• #redirect_limit ⇒ Integer

  How many redirects to follow? If nil, redirect_limit = inf.

• #redundant ⇒ Array

  Filters for redundant links.

• #repload ⇒ String

  Location of an Arachni Framework Report (.afr) file to load.

• #reports ⇒ Array

  Array of reports to load.

• #reroute_to_logfile ⇒ Object

  Returns the value of attribute reroute_to_logfile.

• #rpc_port ⇒ Object

  Returns the value of attribute rpc_port.

• #save_profile ⇒ String

  Where to save the Arachni Framework Profile (.afp) file.

• #server ⇒ Object

  Returns the value of attribute server.

• #show_profile ⇒ Object

  Returns the value of attribute show_profile.

• #spider_first ⇒ Object

  Returns the value of attribute spider_first.

• #ssl ⇒ Object

  Returns the value of attribute ssl.

• #ssl_ca ⇒ Object

  Returns the value of attribute ssl_ca.

• #ssl_cert ⇒ Object

  Returns the value of attribute ssl_cert.

• #ssl_pkey ⇒ Object

  Returns the value of attribute ssl_pkey.

• #start_datetime ⇒ Object

  to be populated by the framework.

• #url ⇒ String, URI

  The URL to audit.

• #user_agent ⇒ String

  The HTTP user-agent to use.

Instance Method Summary

• #initialize ⇒ Options constructor

  A new instance of Options.

• #merge!(options) ⇒ Object

  Merges self with the object in ‘options’.

• #reset ⇒ Object

  Resets all important options that can affect the scan during framework reuse.

• #save(file) ⇒ Object

  Saves ‘self’ to file.

• #set(hash) ⇒ Object
• #to_arg(key) ⇒ Object
• #to_args ⇒ Object
• #to_h ⇒ Hash

  Converts the Options object to hash.

Constructor Details

#initialize ⇒ Options

Returns a new instance of Options.

# File 'lib/options.rb', line 332

def initialize( )

    # nil everything out
    self.instance_variables.each {
        |var|
        instance_variable_set( var.to_s, nil )
    }

    @exclude    = []
    @include    = []
    @redundant  = []

    @reports    = {}
    @lsrep      = []

    @lsmod      = []
    @dir        = Hash.new
    @exclude_cookies    = []
    @load_profile       = []

    @plugins = {}
    @lsplug  = []

    # set some defaults
    @redirect_limit = 20

    # relatively low but will give good performance without bottleneck
    # on low bandwidth conections
    @http_req_limit = 20

end

Instance Attribute Details

#arachni_verbose ⇒ Bool

Be verbose?

Returns:

• (Bool)

# File 'lib/options.rb', line 70

def arachni_verbose
  @arachni_verbose
end

#audit_cookies ⇒ Bool

Should Arachni audit cookies?

Returns:

• (Bool)

# File 'lib/options.rb', line 157

def audit_cookies
  @audit_cookies
end

#audit_forms ⇒ Bool

Should Arachni audit forms?

Returns:

• (Bool)

# File 'lib/options.rb', line 150

def audit_forms
  @audit_forms
end

#audit_headers ⇒ Bool

Should Arachni audit HTTP headers?

Returns:

• (Bool)

# File 'lib/options.rb', line 164

def audit_headers
  @audit_headers
end

#audit_links ⇒ Bool

Should Arachni audit links?

Returns:

• (Bool)

# File 'lib/options.rb', line 143

def audit_links
  @audit_links
end

#authed_by ⇒ String

The person that authorized the scan<br/> It will be added to the HTTP “user-agent” and “from” headers.

Returns:

• (String)

# File 'lib/options.rb', line 210

def authed_by
  @authed_by
end

#cookie_jar ⇒ String

Location of the cookiejar

Returns:

• (String)

# File 'lib/options.rb', line 261

def cookie_jar
  @cookie_jar
end

#cookies ⇒ Hash

To be populated by the framework

Parsed cookiejar cookies

Returns:

• (Hash) —

  name=>value pairs

# File 'lib/options.rb', line 254

def cookies
  @cookies
end

#debug ⇒ Bool

Output debugging messages?

Returns:

• (Bool)

# File 'lib/options.rb', line 77

def debug
  @debug
end

#delta_time ⇒ Object

to be populated by the framework

# File 'lib/options.rb', line 313

def delta_time
  @delta_time
end

#depth_limit ⇒ Integer

How deep to go in the site structure?<br/> If nil, depth_limit = inf

Returns:

• (Integer)

# File 'lib/options.rb', line 99

def depth_limit
  @depth_limit
end

#dir ⇒ Hash

Holds absolute paths for the directory structure of the framework

Returns:

• (Hash)

# File 'lib/options.rb', line 42

def dir
  @dir
end

#exclude ⇒ Array

Exclude filters <br/> URL matching any of these patterns won’t be followed

Returns:

• (Array)

# File 'lib/options.rb', line 276

def exclude
  @exclude
end

#exclude_cookies ⇒ Array

Cookies to exclude from audit<br/>

Returns:

• (Array)

# File 'lib/options.rb', line 283

def exclude_cookies
  @exclude_cookies
end

#finish_datetime ⇒ Object

to be populated by the framework

# File 'lib/options.rb', line 311

def finish_datetime
  @finish_datetime
end

#follow_subdomains ⇒ Bool

Should the crawler follow subdomains?

Returns:

• (Bool)

# File 'lib/options.rb', line 298

def follow_subdomains
  @follow_subdomains
end

#help ⇒ Bool

Show help?

Returns:

• (Bool)

# File 'lib/options.rb', line 56

def help
  @help
end

#http_harvest_last ⇒ Bool

Harvest the HTTP responses for the whole site at the end or for each page?

Returns:

• (Bool)

# File 'lib/options.rb', line 306

def http_harvest_last
  @http_harvest_last
end

#http_req_limit ⇒ Integer

How many concurrent HTTP requests?

Returns:

• (Integer)

# File 'lib/options.rb', line 136

def http_req_limit
  @http_req_limit
end

#include ⇒ Array

Include filters <br/> Only URLs that match any of these patterns will be followed

Returns:

• (Array)

# File 'lib/options.rb', line 291

def include
  @include
end

#link_count_limit ⇒ Integer

How many links to follow? If nil, link_count_limit = inf

Returns:

• (Integer)

# File 'lib/options.rb', line 107

def link_count_limit
  @link_count_limit
end

#load_profile ⇒ Array

Location of Arachni Framework Profile (.afp) files to load

Returns:

• (Array)

# File 'lib/options.rb', line 199

def load_profile
  @load_profile
end

#lsmod ⇒ Array<Regexp>

List modules, based on regexps, and exit?

Returns:

• (Array<Regexp>)

# File 'lib/options.rb', line 122

def lsmod
  @lsmod
end

#lsplug ⇒ Object

Returns the value of attribute lsplug.

# File 'lib/options.rb', line 315

def lsplug
  @lsplug
end

#lsrep ⇒ Bool

List reports and exit?

Returns:

• (Bool)

# File 'lib/options.rb', line 129

def lsrep
  @lsrep
end

#mods ⇒ Array

Array of modules to load

Returns:

• (Array)

# File 'lib/options.rb', line 171

def mods
  @mods
end

#obey_robots_txt ⇒ Bool

Should the crawler obery robots.txt files?

Returns:

• (Bool)

# File 'lib/options.rb', line 91

def obey_robots_txt
  @obey_robots_txt
end

#only_positives ⇒ Bool

Output only positive results during the audit?

Returns:

• (Bool)

# File 'lib/options.rb', line 63

def only_positives
  @only_positives
end

#plugins ⇒ Object

Returns the value of attribute plugins.

# File 'lib/options.rb', line 316

def plugins
  @plugins
end

#pool_size ⇒ Object

Returns the value of attribute pool_size.

# File 'lib/options.rb', line 329

def pool_size
  @pool_size
end

#proxy_addr ⇒ String

The address of the proxy server

Returns:

• (String)

# File 'lib/options.rb', line 217

def proxy_addr
  @proxy_addr
end

#proxy_pass ⇒ String

The proxy password

Returns:

• (String)

# File 'lib/options.rb', line 231

def proxy_pass
  @proxy_pass
end

#proxy_port ⇒ String

The port to connect on the proxy server

Returns:

• (String)

# File 'lib/options.rb', line 224

def proxy_port
  @proxy_port
end

#proxy_type ⇒ String

The proxy type

Returns:

• (String) —

  http, socks

# File 'lib/options.rb', line 245

def proxy_type
  @proxy_type
end

#proxy_user ⇒ String

The proxy user

Returns:

• (String)

# File 'lib/options.rb', line 238

def proxy_user
  @proxy_user
end

#redirect_limit ⇒ Integer

How many redirects to follow? If nil, redirect_limit = inf

Returns:

• (Integer)

# File 'lib/options.rb', line 115

def redirect_limit
  @redirect_limit
end

#redundant ⇒ Array

Filters for redundant links

Returns:

• (Array)

# File 'lib/options.rb', line 84

def redundant
  @redundant
end

#repload ⇒ String

Location of an Arachni Framework Report (.afr) file to load

Returns:

• (String)

# File 'lib/options.rb', line 185

def repload
  @repload
end

#reports ⇒ Array

Array of reports to load

Returns:

• (Array)

# File 'lib/options.rb', line 178

def reports
  @reports
end

#reroute_to_logfile ⇒ Object

Returns the value of attribute reroute_to_logfile.

# File 'lib/options.rb', line 328

def reroute_to_logfile
  @reroute_to_logfile
end

#rpc_port ⇒ Object

Returns the value of attribute rpc_port.

# File 'lib/options.rb', line 320

def rpc_port
  @rpc_port
end

#save_profile ⇒ String

Where to save the Arachni Framework Profile (.afp) file

Returns:

• (String)

# File 'lib/options.rb', line 192

def save_profile
  @save_profile
end

#server ⇒ Object

Returns the value of attribute server.

# File 'lib/options.rb', line 326

def server
  @server
end

#show_profile ⇒ Object

Returns the value of attribute show_profile.

# File 'lib/options.rb', line 202

def show_profile
  @show_profile
end

#spider_first ⇒ Object

Returns the value of attribute spider_first.

# File 'lib/options.rb', line 318

def spider_first
  @spider_first
end

#ssl ⇒ Object

Returns the value of attribute ssl.

# File 'lib/options.rb', line 321

def ssl
  @ssl
end

#ssl_ca ⇒ Object

Returns the value of attribute ssl_ca.

# File 'lib/options.rb', line 324

def ssl_ca
  @ssl_ca
end

#ssl_cert ⇒ Object

Returns the value of attribute ssl_cert.

# File 'lib/options.rb', line 323

def ssl_cert
  @ssl_cert
end

#ssl_pkey ⇒ Object

Returns the value of attribute ssl_pkey.

# File 'lib/options.rb', line 322

def ssl_pkey
  @ssl_pkey
end

#start_datetime ⇒ Object

to be populated by the framework

# File 'lib/options.rb', line 309

def start_datetime
  @start_datetime
end

#url ⇒ String, URI

The URL to audit

Returns:

• (String, URI)

# File 'lib/options.rb', line 49

def url
  @url
end

#user_agent ⇒ String

The HTTP user-agent to use

Returns:

• (String)

# File 'lib/options.rb', line 268

def user_agent
  @user_agent
end

Instance Method Details

#merge!(options) ⇒ Object

Merges self with the object in ‘options’

Parameters:

• (Options)

# File 'lib/options.rb', line 433

def merge!( options )
    options.to_h.each_pair {
        |k, v|

        next if ( v.is_a?( Array ) || v.is_a?( Hash ) ) && v.empty?
        send( "#{k}=", v ) if v
    }
end

#reset ⇒ Object

Resets all important options that can affect the scan during framework reuse.

# File 'lib/rpc/xml/server/options.rb', line 42

def reset
    # nil everything out
    self.instance_variables.each {
        |var|

        # do *NOT* nil out @dir, we'll loose our paths!
        next if var.to_s == '@dir'

        begin
            instance_variable_set( var.to_s, nil )
        rescue Exception
        end
    }


    @exclude    = []
    @include    = []
    @redundant  = []
    @lsmod      = []
    @exclude_cookies    = []

    # set some defaults
    @redirect_limit = 20

    # relatively low but will give good performance without bottleneck
    # on low bandwidth conections
    @http_req_limit = 20
end

#save(file) ⇒ Object

Saves ‘self’ to file

Parameters:

• file (String)

# File 'lib/options.rb', line 369

def save( file )

    dir           = @dir.clone
    load_profile  = @load_profile.clone if @load_profile
    save_profile  = @save_profile.clone if @save_profile
    authed_by     = @authed_by.clone if @authed_by

    @dir          = nil
    @load_profile = nil
    @save_profile = nil
    @authed_by    = nil

    begin
        f = File.open( file + PROFILE_EXT, 'w' )
        YAML.dump( self, f )
    rescue
        return
    ensure
        f.close

        @dir          = dir
        @load_profile = load_profile
        @save_profile = save_profile
        @authed_by    = authed_by
    end

    return f.path
end

#set(hash) ⇒ Object

# File 'lib/rpc/xml/server/options.rb', line 25

def set( hash )
    hash.each_pair {
        |k, v|
        begin
            send( "#{k.to_s}=", v )
        rescue Exception => e
            ap e
            ap e.backtrace
        end
    }
    true
end

#to_arg(key) ⇒ Object

# File 'lib/options.rb', line 457

def to_arg( key )

    var = self.instance_variable_get( "@#{key}" )

    return if !var
    return if ( var.is_a?( Array ) || var.is_a?( Hash ) ) && var.empty?
    return if key == 'show_profile'
    return if key == 'url'
    return if key == 'dir'
    return if key == 'include' && var == [/.*/]
    return if key == 'reports' && var == ['stdout']

    key = 'exclude_cookie' if key == 'exclude_cookies'
    key = 'report'         if key == 'reports'

    key = key.gsub( '_', '-' )

    arg = ''

    case key

        when 'mods'
            var = var.join( ',' )

        when 'arachni-verbose'
            key = 'verbosity'

        when 'redundant'
            var.each {
                |rule|
                arg += " --#{key}=#{rule['regexp'].source}:#{rule['count']}"
            }
            return arg

        when 'plugins','report'
            arg = ''
            var.each {
                |opt, val|
                arg += " --#{key.chomp( 's' )}=#{opt}"
                arg += ':' if !val.empty?

                val.each {
                    |k, v|
                    arg += "#{k}=#{v},"
                }

                arg.chomp!( ',' )
            }
            return arg

        when 'proxy-port'
            return

        when 'proxy-addr'
            return "--proxy=#{self.proxy_addr}:#{self.proxy_port}"


    end

    if( var.is_a?( TrueClass ) )
        arg = "--#{key}"
    end

    if( var.is_a?( String ) || var.is_a?( Fixnum ) )
        arg = "--#{key}=#{var.to_s}"
    end

    if( var.is_a?( Array ) )

        var.each {
            |i|

            i = i.source if i.is_a?( Regexp )

            arg += " --#{key}=#{i}"
        }

    end

    return arg
end

#to_args ⇒ Object

# File 'lib/options.rb', line 442

def to_args

    cli_args = ''

    self.to_h.keys.each {
        |key|

        arg = self.to_arg( key )

        cli_args += " #{arg.to_s}" if arg
    }

    return cli_args += " #{self.url}"
end

#to_h ⇒ Hash

Converts the Options object to hash

Returns:

• (Hash)

# File 'lib/options.rb', line 419

def to_h
    hash = Hash.new
    self.instance_variables.each {
        |var|
        hash[normalize_name( var )] = self.instance_variable_get( var )
    }
    hash
end