Class: Arachni::Check::Base Abstract
- Inherits:
-
Arachni::Component::Base
- Object
- Arachni::Component::Base
- Arachni::Check::Base
- Includes:
- Auditor
- Defined in:
- lib/arachni/check/base.rb
Overview
Base check class to be extended by all checks.
Defines basic structure and provides utilities to checks.
Direct Known Subclasses
Arachni::Checks::AllowedMethods, Arachni::Checks::Backdoors, Arachni::Checks::BackupDirectories, Arachni::Checks::BackupFiles, Arachni::Checks::CSRF, Arachni::Checks::Captcha, Arachni::Checks::CodeInjection, Arachni::Checks::CodeInjectionPhpInputWrapper, Arachni::Checks::CodeInjectionTiming, Arachni::Checks::CommonAdminInterfaces, Arachni::Checks::CommonDirectories, Arachni::Checks::CommonFiles, Arachni::Checks::CookieSetForParentDomain, Arachni::Checks::CreditCard, Arachni::Checks::CvsSvnUsers, Arachni::Checks::DirectoryListing, Arachni::Checks::Emails, Arachni::Checks::FileInclusion, Arachni::Checks::FormUpload, Arachni::Checks::Hsts, Arachni::Checks::HtaccessLimit, Arachni::Checks::HtmlObjects, Arachni::Checks::HttpOnlyCookies, Arachni::Checks::HttpPut, Arachni::Checks::InsecureCORSPolicy, Arachni::Checks::InsecureClientAccessPolicy, Arachni::Checks::InsecureCookies, Arachni::Checks::InsecureCrossDomainPolicyAccess, Arachni::Checks::InsecureCrossDomainPolicyHeaders, Arachni::Checks::InterestingResponses, Arachni::Checks::LdapInjection, Arachni::Checks::LocalstartAsp, Arachni::Checks::MixedResource, Arachni::Checks::NoSqlInjection, Arachni::Checks::NoSqlInjectionDifferential, Arachni::Checks::OriginSpoofAccessRestrictionBypass, Arachni::Checks::OsCmdInjection, Arachni::Checks::OsCmdInjectionTiming, Arachni::Checks::PasswordAutocomplete, Arachni::Checks::PathTraversal, Arachni::Checks::PrivateIP, Arachni::Checks::ResponseSplitting, Arachni::Checks::Rfi, Arachni::Checks::SessionFixation, Arachni::Checks::SourceCodeDisclosure, Arachni::Checks::SqlInjection, Arachni::Checks::SqlInjectionDifferential, Arachni::Checks::SqlInjectionTiming, Arachni::Checks::Ssn, Arachni::Checks::Trainer, Arachni::Checks::UnencryptedPasswordForms, Arachni::Checks::UnvalidatedRedirect, Arachni::Checks::UnvalidatedRedirectDOM, Arachni::Checks::Webdav, Arachni::Checks::XFrameOptions, Arachni::Checks::XpathInjection, Arachni::Checks::Xss, Arachni::Checks::XssDom, Arachni::Checks::XssDomScriptContext, Arachni::Checks::XssEvent, Arachni::Checks::XssPath, Arachni::Checks::XssScriptContext, Arachni::Checks::XssTag, Arachni::Checks::Xst, Arachni::Checks::Xxe
Constant Summary
Constants included from Auditor
Auditor::DOM_ELEMENTS_WITH_INPUTS, Auditor::ELEMENTS_WITH_INPUTS, Auditor::FILE_SIGNATURES, Auditor::FILE_SIGNATURES_PER_PLATFORM, Auditor::Format, Auditor::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Arachni
BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes included from Auditor
Class Method Summary collapse
-
.elements ⇒ Array<Symbol>
Targeted element types.
-
.exempt_platforms ⇒ Array<Symbol>
Platforms not applicable to this check.
-
.has_exempt_platforms? ⇒ Bool
true
if the check has specified platforms for which it does not apply. -
.has_platforms? ⇒ Bool
true
if the check can benefit from knowing the platform beforehand,false
otherwise. -
.info ⇒ Object
abstract
REQUIRED.
-
.platforms ⇒ Array<Symbol>
Targeted platforms.
-
.prefer(*args) ⇒ Array
Schedules self to be run after the specified checks and prevents auditing elements that have been previously logged by any of these checks.
-
.preferred ⇒ Array
Names of checks which should be preferred over this one.
-
.supports_platforms?(resource_platforms) ⇒ Boolean
true
if any of the given platforms are supported,false
otherwise.
Instance Method Summary collapse
- #browser_cluster ⇒ Arachni::BrowserCluster
-
#clean_up ⇒ Object
abstract
OPTIONAL.
-
#initialize(page, framework) ⇒ Base
constructor
A new instance of Base.
-
#plugins ⇒ Arachni::Plugin::Manager
Provides access to the plugin manager.
- #preferred ⇒ Object
-
#prepare ⇒ Object
abstract
OPTIONAL.
-
#run ⇒ Object
abstract
REQUIRED.
- #session ⇒ Arachni::Session
Methods included from Auditor
#audit, #audit_differential, #audit_signature, #audit_timeout, #audited, #audited?, #buffered_audit, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster
Methods inherited from Arachni::Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Arachni::Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Arachni::Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
#initialize(page, framework) ⇒ Base
Returns a new instance of Base.
26 27 28 |
# File 'lib/arachni/check/base.rb', line 26 def initialize( page, framework ) super end |
Class Method Details
.elements ⇒ Array<Symbol>
Returns Targeted element types.
205 206 207 |
# File 'lib/arachni/check/base.rb', line 205 def elements @elements ||= [info[:elements]].flatten.compact end |
.exempt_platforms ⇒ Array<Symbol>
Returns Platforms not applicable to this check.
167 168 169 |
# File 'lib/arachni/check/base.rb', line 167 def exempt_platforms @exempt_platforms ||= [info[:exempt_platforms]].flatten.compact end |
.has_exempt_platforms? ⇒ Bool
Returns true
if the check has specified platforms for which it does not apply.
159 160 161 |
# File 'lib/arachni/check/base.rb', line 159 def has_exempt_platforms? exempt_platforms.any? end |
.has_platforms? ⇒ Bool
Returns true
if the check can benefit from knowing the platform beforehand,
false
otherwise.
143 144 145 |
# File 'lib/arachni/check/base.rb', line 143 def has_platforms? platforms.any? end |
.info ⇒ Object
REQUIRED
Provides information about the check. Don't take this lightly and don't ommit any of the info.
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/arachni/check/base.rb', line 89 def self.info { name: 'Base check abstract class', description: %q{Provides an abstract class the check should implement.}, # # Arachni needs to know what elements the check plans to audit # before invoking it. # If a page doesn't have any of those elements # there's no point in instantiating the check. # # If you want the check to run no-matter what, leave the array # empty. # # elements: [ # Element::Form, # Element::Link # Element::Cookie # Element::Header # ], elements: [], author: 'Tasos "Zapotek" Laskos <[email protected]>', version: '0.1', references: { 'Title' => 'http://ref.url' }, issue: { name: %q{Serious issue}, description: %q{This issue is a serious issue and you should consider it seriously}, # CWE ID number cwe: 0, # # Severity can be: # # Severity::HIGH # Severity::MEDIUM # Severity::LOW # Severity::INFORMATIONAL # severity: Severity::HIGH, remedy_guidance: %q{Paint it blue and throw it in the sea.}, remedy_code: %q{sudo rm -rf /} } } end |
.platforms ⇒ Array<Symbol>
Returns Targeted platforms.
151 152 153 |
# File 'lib/arachni/check/base.rb', line 151 def platforms @platforms ||= [info[:platforms]].flatten.compact end |
.prefer(*args) ⇒ Array
Schedules self to be run after the specified checks and prevents auditing elements that have been previously logged by any of these checks.
214 215 216 |
# File 'lib/arachni/check/base.rb', line 214 def prefer( *args ) @preferred = args.flatten.compact end |
.preferred ⇒ Array
Returns Names of checks which should be preferred over this one.
222 223 224 |
# File 'lib/arachni/check/base.rb', line 222 def preferred @preferred ||= [] end |
.supports_platforms?(resource_platforms) ⇒ Boolean
Returns true
if any of the given platforms are supported, false
otherwise.
176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 |
# File 'lib/arachni/check/base.rb', line 176 def supports_platforms?( resource_platforms ) if resource_platforms.any? && has_exempt_platforms? manager = Platform::Manager.new( exempt_platforms ) resource_platforms.each do |p| # When we check for exempt platforms we're looking for info # from the same type. ptype = Platform::Manager.find_type( p ) type_manager = manager.send( ptype ) return false if type_manager.pick( p => true ).any? end end return true if resource_platforms.empty? || !has_platforms? # Determine if we've got anything for the given platforms, the same # way payloads are picked. foo_data = self.platforms. inject({}) { |h, platform| h.merge!( platform => true ) } Platform::Manager.new( resource_platforms ).pick( foo_data ).any? end |
Instance Method Details
#browser_cluster ⇒ Arachni::BrowserCluster
75 76 77 |
# File 'lib/arachni/check/base.rb', line 75 def browser_cluster framework.browser_cluster if framework end |
#plugins ⇒ Arachni::Plugin::Manager
Provides access to the plugin manager
You can use it to gain access to the instances of running plugins like so:
p plugins.get( 'profiler' )
# => #
p plugins.get( 'profiler' )[:instance] # => #Arachni::Plugins::Profiler
65 66 67 |
# File 'lib/arachni/check/base.rb', line 65 def plugins framework.plugins if framework end |
#preferred ⇒ Object
79 80 81 |
# File 'lib/arachni/check/base.rb', line 79 def preferred self.class.preferred end |
#prepare ⇒ Object
OPTIONAL
It provides you with a way to setup your check's data and methods.
35 36 |
# File 'lib/arachni/check/base.rb', line 35 def prepare end |
#run ⇒ Object
REQUIRED
This is used to deliver the check's payload whatever it may be.
43 44 |
# File 'lib/arachni/check/base.rb', line 43 def run end |
#session ⇒ Arachni::Session
70 71 72 |
# File 'lib/arachni/check/base.rb', line 70 def session framework.session if framework end |