Class: Arachni::Plugins::ContentTypes
Overview
Logs content-types of all server responses.
Constant Summary
Constants included
from Arachni
BANNER, Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
#framework, #options
Class Method Summary
collapse
Instance Method Summary
collapse
#browser_cluster, distributable, distributable?, #framework_abort, #framework_pause, #framework_resume, gems, #http, #info, #initialize, is_distributable, #register_results, #session, #wait_while_framework_running, #with_browser
author, description, fullname, #shortname, shortname, shortname=, version
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
#read_file
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Class Method Details
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# File 'components/plugins/content_types.rb', line 89
def self.info
{
name: 'Content-types',
description: %q{
Logs content-types of server responses.
It can help you categorize and identify publicly available file-types which in
turn can help you identify accidentally leaked files.
},
author: 'Tasos "Zapotek" Laskos <[email protected]>',
version: '0.1.7',
options: [
Options::String.new( :exclude,
description: 'Exclude content-types that match this regular expression.',
default: 'text'
)
]
}
end
|
.merge(results) ⇒ Object
76
77
78
79
80
81
82
83
84
85
86
87
|
# File 'components/plugins/content_types.rb', line 76
def self.merge( results )
merged = {}
results.each do |result|
result.each do |type, val|
merged[type] ||= []
merged[type] |= val
end
end
merged
end
|
Instance Method Details
71
72
73
74
|
# File 'components/plugins/content_types.rb', line 71
def clean_up
wait_while_framework_running
register_results( @results )
end
|
#log(response) ⇒ Object
63
64
65
|
# File 'components/plugins/content_types.rb', line 63
def log( response )
@logged << log_id( response )
end
|
#log?(response) ⇒ Boolean
53
54
55
56
57
|
# File 'components/plugins/content_types.rb', line 53
def log?( response )
@exclude ||= Regexp.new( options[:exclude] )
options[:exclude].empty? ||
!response..content_type.to_s.match( @exclude )
end
|
#log_id(response) ⇒ Object
67
68
69
|
# File 'components/plugins/content_types.rb', line 67
def log_id( response )
response.request.method.to_s.upcase + response.url
end
|
#logged?(response) ⇒ Boolean
59
60
61
|
# File 'components/plugins/content_types.rb', line 59
def logged?( response )
@logged.include?( log_id( response ) )
end
|
#restore(data) ⇒ Object
21
22
23
24
|
# File 'components/plugins/content_types.rb', line 21
def restore( data )
@results = data[:results]
@logged = data[:logged]
end
|
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# File 'components/plugins/content_types.rb', line 30
def run
http.on_complete do |response|
next if skip?( response )
type = response..content_type
type = type.join( ' - ' ) if type.is_a?( Array )
@results[type] ||= []
@results[type] << {
'url' => response.url,
'method' => response.request.method.to_s.upcase,
'parameters' => response.request.parameters
}
log( response )
end
end
|
#skip?(response) ⇒ Boolean
48
49
50
51
|
# File 'components/plugins/content_types.rb', line 48
def skip?( response )
response.scope.out? || logged?( response ) ||
response..content_type.to_s.empty? || !log?( response )
end
|
26
27
28
|
# File 'components/plugins/content_types.rb', line 26
def suspend
{ results: @results, logged: @logged }
end
|