Class: Arachni::Options

Inherits:

Object

• Object
• Arachni::Options

Includes:

Singleton

Defined in:

lib/arachni/options.rb

Overview

Provides access to all of Arachni‘s runtime options.

To make management of options for different subsystems easier, some options are grouped together.

Option groups are initialized and added as attribute readers to this class dynamically. Their attribute readers are named after the group’s filename and can be accessed, like so:

Arachni::Options.scope.page_limit = 10

See Also:

• OptionGroups

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Classes: Error

Instance Attribute Summary

• #authorized_by ⇒ String

  E-mail address of the person that authorized the scan.

• #checks ⇒ Array<String, Symbol>

  Checks to load, by name.

• #no_fingerprinting ⇒ Bool

  Disable platform fingeprinting.

• #platforms ⇒ Array<Symbol>

  Platforms to use instead of (or in addition to, depending on the option) fingerprinting.

• #plugins ⇒ Hash{<String, Symbol> => Hash{String => String}}

  Plugins to load, by name, as keys and their options as values.

• #spawns ⇒ Integer

  Amount of child RPC::Server::Instances to spawn when performing multi-RPC::Server::Instance scans.

• #url ⇒ String

  The URL to audit.

Class Method Summary

• .group_classes ⇒ Hash<Symbol,OptionGroup>

  Option group classes by name.

• .method_missing(sym, *args, &block) ⇒ Object
• .register_group(group) ⇒ Object

  Should be called by Arachni::OptionGroup.inherited.

• .respond_to?(*args) ⇒ Boolean

Instance Method Summary

• #do_not_fingerprint ⇒ Object

  Disables platform fingerprinting.

• #fingerprint ⇒ Object

  Enables platform fingerprinting.

• #fingerprint? ⇒ Bool

  ‘true` if platform fingerprinting is enabled, `false` otherwise.

• #hash_to_rpc_data(hash) ⇒ Hash

  ‘hash` in #to_rpc_data format.

• #hash_to_save_data(hash) ⇒ Object
• #initialize ⇒ Options constructor

  A new instance of Options.

• #load(filepath) ⇒ Arachni::Options

  Loads a file created by #save.

• #reset ⇒ Options

  Restores everything to their default values.

• #rpc_data_to_hash(hash) ⇒ Hash

  ‘hash` in #to_hash format.

• #save(file) ⇒ Object
• #to_hash ⇒ Hash (also: #to_h)

  ‘self` converted to a Hash.

• #to_rpc_data ⇒ Hash

  ‘self` converted to a Hash suitable for RPC transmission.

• #to_save_data ⇒ Object
• #update(options) ⇒ Options (also: #set)

  Configures options via a Hash object.

• #validate ⇒ Hash

  Hash of errors with the name of the invalid options/groups as the keys.

Constructor Details

#initialize ⇒ Options

Returns a new instance of Options.

# File 'lib/arachni/options.rb', line 147

def initialize
    reset
end

Instance Attribute Details

#authorized_by ⇒ String

Returns E-mail address of the person that authorized the scan. It will be added to the HTTP ‘From` headers.

Returns:

• (String) —

  E-mail address of the person that authorized the scan. It will be added to the HTTP ‘From` headers.

See Also:

• HTTP::Client#headers

# File 'lib/arachni/options.rb', line 129

def authorized_by
  @authorized_by
end

#checks ⇒ Array<String, Symbol>

Returns Checks to load, by name.

Returns:

• (Array<String, Symbol>) —

  Checks to load, by name.

See Also:

• Checks
• Check::Base
• Check::Manager

# File 'lib/arachni/options.rb', line 105

def checks
  @checks
end

#no_fingerprinting ⇒ Bool

Returns Disable platform fingeprinting.

Returns:

• (Bool) —

  Disable platform fingeprinting.

See Also:

• Platform::Fingerprinter
• Platform::Fingerprinters
• Platform::List
• Platform::Manager

# File 'lib/arachni/options.rb', line 138

def no_fingerprinting
  @no_fingerprinting
end

#platforms ⇒ Array<Symbol>

Returns Platforms to use instead of (or in addition to, depending on the option) fingerprinting.

Returns:

• (Array<Symbol>) —

  Platforms to use instead of (or in addition to, depending on the option) fingerprinting.

See Also:

• Platform
• Platform::List
• Platform::Manager

# File 'lib/arachni/options.rb', line 114

def platforms
  @platforms
end

#plugins ⇒ Hash{<String, Symbol> => Hash{String => String}}

Returns Plugins to load, by name, as keys and their options as values.

Returns:

• (Hash{<String, Symbol> => Hash{String => String}}) —

  Plugins to load, by name, as keys and their options as values.

See Also:

• Plugins
• Plugin::Base
• Plugin::Manager

# File 'lib/arachni/options.rb', line 122

def plugins
  @plugins
end

#spawns ⇒ Integer

Returns Amount of child RPC::Server::Instances to spawn when performing multi-RPC::Server::Instance scans.

Returns:

• (Integer) —

  Amount of child RPC::Server::Instances to spawn when performing multi-RPC::Server::Instance scans.

See Also:

• UI::CLI::RPC::Instance#scan

# File 'lib/arachni/options.rb', line 145

def spawns
  @spawns
end

#url ⇒ String

Returns The URL to audit.

Returns:

• (String) —

  The URL to audit.

# File 'lib/arachni/options.rb', line 97

def url
  @url
end

Class Method Details

.group_classes ⇒ Hash<Symbol,OptionGroup>

Returns Option group classes by name.

Returns:

• (Hash<Symbol,OptionGroup>) —

  Option group classes by name.

# File 'lib/arachni/options.rb', line 73

def group_classes
    @group_classes ||= {}
end

.method_missing(sym, *args, &block) ⇒ Object

# File 'lib/arachni/options.rb', line 55

def method_missing( sym, *args, &block )
    if instance.respond_to?( sym )
        instance.send( sym, *args, &block )
    else
        super( sym, *args, &block )
    end
end

.register_group(group) ⇒ Object

Should be called by Arachni::OptionGroup.inherited.

# File 'lib/arachni/options.rb', line 79

def register_group( group )
    name = Utilities.caller_name

    # Prepare an attribute reader for this group...
    attr_reader name

    # ... and initialize it.
    instance_variable_set "@#{name}".to_sym, group.new

    group_classes[name.to_sym] = group
end

.respond_to?(*args) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/options.rb', line 63

def respond_to?( *args )
    super || instance.respond_to?( *args )
end

Instance Method Details

#do_not_fingerprint ⇒ Object

Disables platform fingerprinting.

# File 'lib/arachni/options.rb', line 182

def do_not_fingerprint
    self.no_fingerprinting = true
end

#fingerprint ⇒ Object

Enables platform fingerprinting.

# File 'lib/arachni/options.rb', line 187

def fingerprint
    self.no_fingerprinting = false
end

#fingerprint? ⇒ Bool

Returns ‘true` if platform fingerprinting is enabled, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if platform fingerprinting is enabled, `false` otherwise.

# File 'lib/arachni/options.rb', line 193

def fingerprint?
    !@no_fingerprinting
end

#hash_to_rpc_data(hash) ⇒ Hash

Returns ‘hash` in #to_rpc_data format.

Parameters:

• hash (Hash) —

  Hash to convert into #to_rpc_data format.

Returns:

• (Hash) —

  ‘hash` in #to_rpc_data format.

# File 'lib/arachni/options.rb', line 372

def hash_to_rpc_data( hash )
    self.class.allocate.reset.update( hash ).to_rpc_data
end

#hash_to_save_data(hash) ⇒ Object

# File 'lib/arachni/options.rb', line 376

def hash_to_save_data( hash )
    self.class.allocate.reset.update( hash ).to_save_data
end

#load(filepath) ⇒ Arachni::Options

Loads a file created by #save.

Parameters:

• filepath (String) —

  Path to the file created by #save.

Returns:

• (Arachni::Options)

# File 'lib/arachni/options.rb', line 314

def load( filepath )
    update( YAML.load_file( filepath ) )
end

#reset ⇒ Options

Restores everything to their default values.

Returns:

• (Options) —

  ‘self`

# File 'lib/arachni/options.rb', line 154

def reset
    # nil everything out.
    instance_variables.each { |var| instance_variable_set( var.to_s, nil ) }

    # Set fresh option groups.
    group_classes.each do |name, klass|
        instance_variable_set "@#{name}".to_sym, klass.new
    end

    @checks    = []
    @platforms = []
    @plugins   = {}
    @spawns    = 0

    @no_fingerprinting = false
    @authorized_by     = nil

    self
end

#rpc_data_to_hash(hash) ⇒ Hash

Returns ‘hash` in #to_hash format.

Parameters:

• hash (Hash) —

  Hash to convert into #to_hash format.

Returns:

• (Hash) —

  ‘hash` in #to_hash format.

# File 'lib/arachni/options.rb', line 363

def rpc_data_to_hash( hash )
    self.class.allocate.reset.update( hash ).to_hash
end

#save(file) ⇒ Object

Parameters:

• file (String) —

  Saves ‘self` to `file` using YAML.

# File 'lib/arachni/options.rb', line 297

def save( file )
    File.open( file, 'w' ) do |f|
        f.write to_save_data
        f.path
    end
end

#to_hash ⇒ Hash Also known as: to_h

Returns ‘self` converted to a Hash.

Returns:

• (Hash) —

  ‘self` converted to a Hash.

# File 'lib/arachni/options.rb', line 342

def to_hash
    hash = {}
    instance_variables.each do |var|
        val = instance_variable_get( var )
        next if (var = normalize_name( var )) == :instance

        hash[var] = (val.is_a? OptionGroup) ? val.to_h : val
    end

    hash.delete( :url ) if !hash[:url]
    hash.delete(:paths)

    hash.deep_clone
end

#to_rpc_data ⇒ Hash

Returns ‘self` converted to a Hash suitable for RPC transmission.

Returns:

• (Hash) —

  ‘self` converted to a Hash suitable for RPC transmission.

# File 'lib/arachni/options.rb', line 320

def to_rpc_data
    ignore = Set.new([:instance, :rpc, :dispatcher, :paths, :spawns,
                      :snapshot, :output])

    hash = {}
    instance_variables.each do |var|
        val = instance_variable_get( var )
        var = normalize_name( var )

        next if ignore.include?( var )

        hash[var.to_s] = (val.is_a? OptionGroup) ? val.to_rpc_data : val
    end
    hash = hash.deep_clone

    hash.delete( 'url' ) if !hash['url']

    hash
end

#to_save_data ⇒ Object

# File 'lib/arachni/options.rb', line 304

def to_save_data
    to_rpc_data.to_yaml
end

#update(options) ⇒ Options Also known as: set

Configures options via a Hash object.

Examples:

Configuring direct and Arachni::OptionGroups attributes.

{
    # Direct Options#url attribute.
    url:    'http://test.com/',
    # Options#audit attribute pointing to an OptionGroups::Audit instance.
    audit:  {
        # Works due to the OptionGroups::Audit#elements= helper method.
        elements: [ :links, :forms, :cookies ]
    },
    # Direct Options#checks attribute.
    checks: [ :xss, 'sql_injection*' ],
    # Options#scope attribute pointing to an OptionGroups::Scope instance.
    scope:  {
        # OptionGroups::Scope#page_limit
        page_limit:            10,
        # OptionGroups::Scope#directory_depth_limit
        directory_depth_limit: 3
    },
    # Options#http attribute pointing to an OptionGroups::HTTP instance.
    http:  {
        # OptionGroups::HTTP#request_concurrency
        request_concurrency: 25,
        # OptionGroups::HTTP#request_timeout
        request_timeout:     10_000
    }
}

Parameters:

• options (Hash) —

  If the key refers to a class attribute, the attribute will be assigned the given value, if it refers to one of the Arachni::OptionGroups the value should be a hash with data to update that group using Arachni::OptionGroup#update.

Returns:

• (Options)

See Also:

• Arachni::OptionGroups

# File 'lib/arachni/options.rb', line 270

def update( options )
    options.each do |k, v|
        k = k.to_sym
        if group_classes.include? k
            send( k ).update v
        else
            send( "#{k.to_s}=", v )
        end
    end

    self
end

#validate ⇒ Hash

Returns Hash of errors with the name of the invalid options/groups as the keys.

Returns:

• (Hash) —

  Hash of errors with the name of the invalid options/groups as the keys.

# File 'lib/arachni/options.rb', line 286

def validate
    errors = {}
    group_classes.keys.each do |name|
        next if (group_errors = send(name).validate).empty?
        errors[name] = group_errors
    end
    errors
end