Class: Arachni::OptionGroups::Scope

Inherits:

Arachni::OptionGroup

• Object
• Arachni::OptionGroup
• Arachni::OptionGroups::Scope

Defined in:

lib/arachni/option_groups/scope.rb

Overview

Scan scope options, maintains rules used to decide which resources should be considered for crawling/auditing/etc. during the scan.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Instance Attribute Summary

• #auto_redundant_paths ⇒ Bool

  Sets a limit to how many paths with identical query parameter names to process.

• #directory_depth_limit ⇒ Integer

  How deep to go into the site’s directory tree.

• #dom_depth_limit ⇒ Integer

  How deep to go into each page’s DOM tree.

• #exclude_binaries ⇒ Bool (also: #exclude_binaries?)

  Exclude pages with binary content from the audit.

• #exclude_content_patterns ⇒ Array<Regexp>

  Page/HTTP::Response bodies matching any of these patterns will be are ignored.

• #exclude_path_patterns ⇒ Array<Regexp>

  Path exclusion patterns, resources that match any of the specified patterns will not be considered.

• #extend_paths ⇒ Array<String>

  Paths to use in addition to crawling.

• #https_only ⇒ Bool (also: #https_only?)

  If an HTTPS Arachni::Options#url has been provided, **do not** downgrade to to a insecure link.

• #include_path_patterns ⇒ Array<Regexp>

  Path inclusion patterns, only resources that match any of the specified patterns will be considered.

• #include_subdomains ⇒ Bool

  Take into consideration URLs pointing to different subdomains from the seed URL.

• #page_limit ⇒ Integer

  How many pages to consider (crawl/audit)?.

• #redundant_path_patterns ⇒ Hash{Regexp => Integer}

  Filters for redundant paths in the form of ‘{ pattern => counter }`.

• #restrict_paths ⇒ Array<String>

  Paths to use instead of crawling.

• #url_rewrites ⇒ Hash<Regexp => String>

  Regular expression and substitution pairs, used to rewrite Element::Capabilities::Submittable#action.

Instance Method Summary

• #auto_redundant? ⇒ Boolean
• #auto_redundant_counter ⇒ Object
• #crawl ⇒ Object
• #crawl? ⇒ Boolean
• #do_not_crawl ⇒ Object
• #page_limit_reached?(count) ⇒ Boolean
• #to_rpc_data ⇒ Object

Methods inherited from Arachni::OptionGroup

#==, attr_accessor, attributes, #attributes, #defaults, defaults, #hash, inherited, #initialize, #merge, set_defaults, #to_h, #to_hash, #update, #validate

Constructor Details

This class inherits a constructor from Arachni::OptionGroup

Instance Attribute Details

#auto_redundant_paths ⇒ Bool

Returns Sets a limit to how many paths with identical query parameter names to process. Helps avoid processing redundant/identical resources like entries in calendars and catalogs.

Returns:

• (Bool) —

  Sets a limit to how many paths with identical query parameter names to process. Helps avoid processing redundant/identical resources like entries in calendars and catalogs.

See Also:

• URI::Scope#redundant?
• URI::Scope#auto_redundant?

# File 'lib/arachni/option_groups/scope.rb', line 75

def auto_redundant_paths
  @auto_redundant_paths
end

#directory_depth_limit ⇒ Integer

Note:

‘nil` is infinite – default is `nil`.

Returns How deep to go into the site’s directory tree.

Returns:

• (Integer) —

  How deep to go into the site’s directory tree.

See Also:

• URI::Scope#too_deep?

# File 'lib/arachni/option_groups/scope.rb', line 23

def directory_depth_limit
  @directory_depth_limit
end

#dom_depth_limit ⇒ Integer

Note:

‘nil` is infinite – default is `10`.

Returns How deep to go into each page’s DOM tree.

Returns:

• (Integer) —

  How deep to go into each page’s DOM tree.

See Also:

• Page::Scope#dom_depth_limit_reached?

# File 'lib/arachni/option_groups/scope.rb', line 31

def dom_depth_limit
  @dom_depth_limit
end

#exclude_binaries ⇒ Bool Also known as: exclude_binaries?

Note:

Default is ‘false`.

Returns Exclude pages with binary content from the audit. Mainly used to avoid having grep checks confused by random binary content.

Returns:

• (Bool) —

  Exclude pages with binary content from the audit. Mainly used to avoid having grep checks confused by random binary content.

See Also:

• HTTP::Response::Scope#exclude_as_binary?

# File 'lib/arachni/option_groups/scope.rb', line 104

def exclude_binaries
  @exclude_binaries
end

#exclude_content_patterns ⇒ Array<Regexp>

Returns Page/HTTP::Response bodies matching any of these patterns will be are ignored.

Returns:

• (Array<Regexp>) —

  Page/HTTP::Response bodies matching any of these patterns will be are ignored.

See Also:

• HTTP::Response::Scope#exclude_content?

# File 'lib/arachni/option_groups/scope.rb', line 95

def exclude_content_patterns
  @exclude_content_patterns
end

#exclude_path_patterns ⇒ Array<Regexp>

Returns Path exclusion patterns, resources that match any of the specified patterns will not be considered.

Returns:

• (Array<Regexp>) —

  Path exclusion patterns, resources that match any of the specified patterns will not be considered.

See Also:

• URI::Scope#exclude?

# File 'lib/arachni/option_groups/scope.rb', line 89

def exclude_path_patterns
  @exclude_path_patterns
end

#extend_paths ⇒ Array<String>

Returns Paths to use in addition to crawling.

Returns:

• (Array<String>) —

  Paths to use in addition to crawling.

See Also:

• Framework#push_to_page_queue
• Framework#push_to_url_queue

# File 'lib/arachni/option_groups/scope.rb', line 55

def extend_paths
  @extend_paths
end

#https_only ⇒ Bool Also known as: https_only?

Returns If an HTTPS Arachni::Options#url has been provided, **do not** downgrade to to a insecure link.

Returns:

• (Bool) —

  If an HTTPS Arachni::Options#url has been provided, **do not** downgrade to to a insecure link.

See Also:

• URI::Scope#follow_protocol?

# File 'lib/arachni/option_groups/scope.rb', line 121

def https_only
  @https_only
end

#include_path_patterns ⇒ Array<Regexp>

Returns Path inclusion patterns, only resources that match any of the specified patterns will be considered.

Returns:

• (Array<Regexp>) —

  Path inclusion patterns, only resources that match any of the specified patterns will be considered.

See Also:

• URI::Scope#include?

# File 'lib/arachni/option_groups/scope.rb', line 82

def include_path_patterns
  @include_path_patterns
end

#include_subdomains ⇒ Bool

Note:

Default if ‘false`.

Returns Take into consideration URLs pointing to different subdomains from the seed URL.

Returns:

• (Bool) —

  Take into consideration URLs pointing to different subdomains from the seed URL.

See Also:

• URI::Scope#in_domain?

# File 'lib/arachni/option_groups/scope.rb', line 114

def include_subdomains
  @include_subdomains
end

#page_limit ⇒ Integer

Note:

‘nil` is infinite – default is `nil`.

Returns How many pages to consider (crawl/audit)?.

Returns:

• (Integer) —

  How many pages to consider (crawl/audit)?

See Also:

• Framework#push_to_page_queue
• Framework#push_to_url_queue
• Framework#audit_page
• Trainer#push

# File 'lib/arachni/option_groups/scope.rb', line 42

def page_limit
  @page_limit
end

#redundant_path_patterns ⇒ Hash{Regexp => Integer}

Returns Filters for redundant paths in the form of ‘{ pattern => counter }`. Once the `pattern` has matched a path `counter` amount of times, the resource will be ignored from then on.

Useful when scanning pages that dynamically generate a large number of pages like galleries and calendars.

Returns:

• (Hash{Regexp => Integer}) —

  Filters for redundant paths in the form of ‘{ pattern => counter }`. Once the `pattern` has matched a path `counter` amount of times, the resource will be ignored from then on.

  Useful when scanning pages that dynamically generate a large number of pages like galleries and calendars.

See Also:

• URI::Scope#redundant?

# File 'lib/arachni/option_groups/scope.rb', line 66

def redundant_path_patterns
  @redundant_path_patterns
end

#restrict_paths ⇒ Array<String>

Returns Paths to use instead of crawling.

Returns:

• (Array<String>) —

  Paths to use instead of crawling.

See Also:

• Framework#push_to_url_queue

# File 'lib/arachni/option_groups/scope.rb', line 48

def restrict_paths
  @restrict_paths
end

#url_rewrites ⇒ Hash<Regexp => String>

Returns Regular expression and substitution pairs, used to rewrite Element::Capabilities::Submittable#action.

Returns:

• (Hash<Regexp => String>) —

  Regular expression and substitution pairs, used to rewrite Element::Capabilities::Submittable#action.

See Also:

• URI.rewrite
• URI#rewrite

# File 'lib/arachni/option_groups/scope.rb', line 130

def url_rewrites
  @url_rewrites
end

Instance Method Details

#auto_redundant? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/option_groups/scope.rb', line 170

def auto_redundant?
    !!@auto_redundant_paths
end

#auto_redundant_counter ⇒ Object

# File 'lib/arachni/option_groups/scope.rb', line 174

def auto_redundant_counter
    @auto_redundant_counter ||= Hash.new( 0 )
end

#crawl ⇒ Object

# File 'lib/arachni/option_groups/scope.rb', line 182

def crawl
    self.page_limit = nil
end

#crawl? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/option_groups/scope.rb', line 186

def crawl?
    !page_limit || page_limit != 0
end

#do_not_crawl ⇒ Object

# File 'lib/arachni/option_groups/scope.rb', line 178

def do_not_crawl
    self.page_limit = 0
end

#page_limit_reached?(count) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/option_groups/scope.rb', line 190

def page_limit_reached?( count )
    page_limit && page_limit.to_i > 0 && count >= page_limit
end

#to_rpc_data ⇒ Object

# File 'lib/arachni/option_groups/scope.rb', line 218

def to_rpc_data
    d = super

    %w(redundant_path_patterns url_rewrites).each do |k|
        d[k] = d[k].my_stringify
    end

    %w(exclude_path_patterns exclude_content_patterns include_path_patterns).each do |k|
        d[k] = d[k].map(&:to_s)
    end

    d
end