Class: Arachni::Checks::InterestingResponses
- Inherits:
-
Arachni::Check::Base
- Object
- Arachni::Component::Base
- Arachni::Check::Base
- Arachni::Checks::InterestingResponses
- Defined in:
- components/checks/passive/interesting_responses.rb
Overview
Logs all non 200 (OK) and non 404 server responses.
Constant Summary collapse
- IGNORE_CODES =
[ 200, 404 ].to_set
Constants included from Arachni::Check::Auditor
Arachni::Check::Auditor::DOM_ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::FILE_SIGNATURES, Arachni::Check::Auditor::FILE_SIGNATURES_PER_PLATFORM, Arachni::Check::Auditor::Format, Arachni::Check::Auditor::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Arachni
BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes included from Arachni::Check::Auditor
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from Arachni::Check::Base
#browser_cluster, elements, exempt_platforms, has_exempt_platforms?, has_platforms?, #initialize, platforms, #plugins, prefer, #preferred, preferred, #prepare, #session, supports_platforms?
Methods included from Arachni::Check::Auditor
#audit, #audit_differential, #audit_signature, #audit_timeout, #audited, #audited?, #buffered_audit, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, #initialize, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, #preferred, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster
Methods inherited from Arachni::Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Arachni::Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Arachni::Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
This class inherits a constructor from Arachni::Check::Base
Class Method Details
.acceptable ⇒ Object
80 81 82 83 84 85 86 87 |
# File 'components/checks/passive/interesting_responses.rb', line 80 def self.acceptable [ 102, 200, 201, 202, 203, 206, 207, 208, 226, 300, 301, 302, 303, 305, 306, 307, 308, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 420, 422, 423, 424, 425, 426, 428, 429, 431, 444, 449, 450, 451, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 598, 599 ] end |
.info ⇒ Object
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'components/checks/passive/interesting_responses.rb', line 55 def self.info { name: 'Interesting responses', description: %q{Logs all non 200 (OK) server responses.}, elements: [ Element::Server ], author: 'Tasos "Zapotek" Laskos <[email protected]>', version: '0.2.1', issue: { name: %q{Interesting response}, description: %q{ The server responded with a non 200 (OK) nor 404 (Not Found) status code. This is a non-issue, however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the penetration test. }, references: { 'w3.org' => 'http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html' }, tags: %w(interesting response server), severity: Severity::INFORMATIONAL }, max_issues: 25 } end |
.ran ⇒ Object
20 21 22 |
# File 'components/checks/passive/interesting_responses.rb', line 20 def self.ran @ran = true end |
.ran? ⇒ Boolean
16 17 18 |
# File 'components/checks/passive/interesting_responses.rb', line 16 def self.ran? @ran ||= false end |
Instance Method Details
#check_and_log(response) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'components/checks/passive/interesting_responses.rb', line 35 def check_and_log( response ) return if IGNORE_CODES.include?( response.code ) || response.body.to_s.empty? || issue_limit_reached? || response.scope.out? path = uri_parse( response.url ).path return if audited?( path ) || audited?( response.body ) audited( path ) audited( response.body ) log( proof: response.status_line, vector: Element::Server.new( response.url ), response: response ) print_ok "Found an interesting response -- Code: #{response.code}." end |
#clean_up ⇒ Object
31 32 33 |
# File 'components/checks/passive/interesting_responses.rb', line 31 def clean_up self.class.ran end |
#run ⇒ Object
24 25 26 27 28 29 |
# File 'components/checks/passive/interesting_responses.rb', line 24 def run return if self.class.ran? # tell the HTTP interface to call this block every-time a request completes http.on_complete { |response| check_and_log( response ) } end |