Class: Arachni::Framework

Inherits:

Object

• Object
• Arachni::Framework

Includes:

Parts::Audit, Parts::Browser, Parts::Check, Parts::Data, Parts::Platform, Parts::Plugin, Parts::Report, Parts::Scope, Parts::State, UI::Output, Utilities

Defined in:

lib/arachni/framework.rb,
lib/arachni/framework/parts/data.rb,
lib/arachni/framework/parts/audit.rb,
lib/arachni/framework/parts/check.rb,
lib/arachni/framework/parts/scope.rb,
lib/arachni/framework/parts/state.rb,
lib/arachni/framework/parts/plugin.rb,
lib/arachni/framework/parts/report.rb,
lib/arachni/framework/parts/browser.rb,
lib/arachni/framework/parts/platform.rb

Overview

The Framework class ties together all the subsystems.

It’s the brains of the operation, it bosses the rest of the subsystems around. It loads checks, reports and plugins and runs them according to user options.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Direct Known Subclasses

RPC::Server::Framework

Defined Under Namespace

Modules: Parts Classes: Error

Constant Summary

AUDIT_PAGE_MAX_TRIES =

How many times to request a page upon failure.

5

Instance Attribute Summary

• #options ⇒ Options readonly

  System options.

Attributes included from Parts::Audit

#failures, #http, #session, #trainer

Attributes included from Parts::Check

#checks

Attributes included from Parts::Plugin

#plugins

Attributes included from Parts::Report

#reporters

Instance Method Summary

• #initialize(options = Options.instance, &block) ⇒ Framework constructor

  A new instance of Framework.

• #inspect ⇒ Object
• #run(&block) ⇒ Object

  Starts the scan.

• #statistics ⇒ Hash

  Framework statistics:.

• #version ⇒ String

  Returns the version of the framework.

Methods included from Parts::State

#abort, #abort?, #aborted?, #aborting?, #clean_up, #done?, included, #pause, #pause?, #paused?, #pausing?, #reset, #reset_trainer, #restore, #resume, #running?, #scanning?, #snapshot_path, #state, #status, #status_messages, #suspend, #suspend?, #suspended?

Methods included from Parts::Data

#data, #page_queue_total_size, #push_to_page_queue, #push_to_url_queue, #sitemap, #url_queue_total_size

Methods included from Parts::Audit

#after_page_audit, #audit_page, #on_effective_page_audit, #on_page_audit

Methods included from Support::Mixins::Observable

included

Methods included from Utilities

#available_port, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from UI::Output

#debug?, #debug_off, #debug_on, #disable_only_positives, #included, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #unmute, #verbose?, #verbose_on

Methods included from Parts::Platform

#list_platforms

Methods included from Parts::Check

#list_checks

Methods included from Parts::Plugin

#list_plugins

Methods included from Parts::Report

#list_reporters, #report, #report_as

Methods included from Parts::Browser

#browser_cluster, #browser_cluster_job_skip_states, #host_has_browser?, #use_browsers?, #wait_for_browser_cluster?

Methods included from Parts::Scope

#accepts_more_pages?, #crawl?, #page_limit_reached?

Constructor Details

#initialize(options = Options.instance, &block) ⇒ Framework

Returns a new instance of Framework.

Parameters:

• options (Options) (defaults to: Options.instance)
• block (Block) —

  Block to be passed a Arachni::Framework instance which will then be Arachni::Framework::Parts::State#reset.

# File 'lib/arachni/framework.rb', line 87

def initialize( options = Options.instance, &block )
    Encoding.default_external = 'BINARY'
    Encoding.default_internal = 'BINARY'

    @options = options

    # Initialize the Parts.
    super()

    # Little helper to run a piece of code and reset the framework to be
    # ready to be reused.
    if block_given?
        begin
            block.call self
        ensure
            clean_up
            reset
        end
    end
end

Instance Attribute Details

#options ⇒ Options (readonly)

Returns System options.

Returns:

• (Options) —

  System options

# File 'lib/arachni/framework.rb', line 82

def options
  @options
end

Instance Method Details

#inspect ⇒ Object

# File 'lib/arachni/framework.rb', line 152

def inspect
    stats = statistics

    s = "#<#{self.class} (#{status}) "

    s << "runtime=#{stats[:runtime]} "
    s << "found-pages=#{stats[:found_pages]} "
    s << "audited-pages=#{stats[:audited_pages]} "
    s << "issues=#{Data.issues.size} "

    if @current_url
        s << "current_url=#{@current_url.inspect} "
    end

    s << "checks=#{@checks.keys.join(',')} "
    s << "plugins=#{@plugins.keys.join(',')}"
    s << '>'
end

#run(&block) ⇒ Object

Starts the scan.

Parameters:

• block (Block) —

  A block to call after the audit has finished but before running Arachni::Framework::Parts::Report#reporters.

# File 'lib/arachni/framework.rb', line 112

def run( &block )
    prepare
    handle_signals
    return if aborted?

    # Catch exceptions so that if something breaks down or the user opted to
    # exit the reporters will still run with whatever results Arachni managed
    # to gather.
    exception_jail( false ){ audit }

    return if aborted? || suspended?

    clean_up
    exception_jail( false ){ block.call } if block_given?
    state.status = :done

    true
end

#statistics ⇒ Hash

Returns Framework statistics:

• ‘:http` – HTTP::Client#statistics

• ‘:runtime` – Scan runtime in seconds.

• ‘:found_pages` – Number of discovered pages.

• ‘:audited_pages` – Number of audited pages.

• ‘:current_page` – URL of the currently audited page.

• ‘:status` – Arachni::Framework::Parts::State#status

• ‘:messages` – Arachni::Framework::Parts::State#status_messages.

Returns:

• (Hash) —

  Framework statistics:

  • ‘:http` – HTTP::Client#statistics

  • ‘:runtime` – Scan runtime in seconds.

  • ‘:found_pages` – Number of discovered pages.

  • ‘:audited_pages` – Number of audited pages.

  • ‘:current_page` – URL of the currently audited page.

  • ‘:status` – Arachni::Framework::Parts::State#status

  • ‘:messages` – Arachni::Framework::Parts::State#status_messages

# File 'lib/arachni/framework.rb', line 142

def statistics
    {
        http:          http.statistics,
        runtime:       @start_datetime ? Time.now - @start_datetime : 0,
        found_pages:   sitemap.size,
        audited_pages: state.audited_page_count,
        current_page:  @current_url
    }
end

#version ⇒ String

Returns the version of the framework.

Returns:

• (String) —

  Returns the version of the framework.

# File 'lib/arachni/framework.rb', line 173

def version
    Arachni::VERSION
end