Class: Arachni::Framework

Inherits:

Object

• Object
• Arachni::Framework

Includes:

Module::Utilities, UI::Output

Defined in:

lib/framework.rb

Overview

Arachni::Framework class

The Framework class ties together all the components.<br/> It should be wrapped by a UI class.

It’s the brains of the operation, it bosses the rest of the classes around.<br/> It runs the audit, loads modules and reports and runs them according to user options.

@author: Tasos “Zapotek” Laskos

<tasos.laskos@gmail.com>
<zapotek@segfault.gr>

@version: 0.2.1

Direct Known Subclasses

RPC::XML::Server::Framework

Constant Summary

REVISION =

the version of this class

'0.2.1'

Instance Attribute Summary

• #auditmap ⇒ Object readonly

  Returns the value of attribute auditmap.

• #http ⇒ Arachni::HTTP readonly
• #modules ⇒ Arachni::Module::Manager readonly

  Module manager.

• #opts ⇒ Options readonly

  Instance options.

• #page_queue ⇒ Queue<Arachni::Parser::Page> readonly

  Holds candidate pages to be audited.

• #plugins ⇒ Arachni::Plugin::Manager readonly

  Plugin manager.

• #reports ⇒ Arachni::Report::Manager readonly

  Report manager.

• #sitemap ⇒ Object readonly

  Returns the value of attribute sitemap.

• #spider ⇒ Arachni::Spider readonly

  Spider.

Instance Method Summary

• #audit ⇒ Object

  Audits the site.

• #audit_queue ⇒ Object
• #audit_store(fresh = false) ⇒ AuditStore

  Returns the results of the audit as an AuditStore instance.

• #initialize(opts) ⇒ Framework constructor

  Initializes system components.

• #lsmod ⇒ Array<Hash>

  Returns an array of hashes with information about all available modules.

• #lsplug ⇒ Array<Hash>

  Returns an array of hashes with information about all available reports.

• #lsrep ⇒ Array<Hash>

  Returns an array of hashes with information about all available reports.

• #pause! ⇒ Object
• #paused? ⇒ Boolean
• #plugin_store(plugin, obj) ⇒ Object
• #resume! ⇒ Object
• #revision ⇒ String

  Returns the revision of the Framework (this) class.

• #run(&block) ⇒ Object

  Runs the system.

• #running? ⇒ Boolean
• #stats(refresh_time = false) ⇒ Object
• #version ⇒ String

  Returns the version of the framework.

Methods included from Module::Utilities

#exception_jail, #get_path, #normalize_url, #read_file, #seed

Methods included from UI::Output

#buffer, #debug!, #debug?, #flush_buffer, #mute!, #muted?, #only_positives!, #only_positives?, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, #unmute!, #verbose!, #verbose?

Constructor Details

#initialize(opts) ⇒ Framework

Initializes system components.

Parameters:

• opts (Options)

# File 'lib/framework.rb', line 128

def initialize( opts )

    Encoding.default_external = "BINARY"
    Encoding.default_internal = "BINARY"

    @opts = opts

    @modules = Arachni::Module::Manager.new( @opts )
    @reports = Arachni::Report::Manager.new( @opts )
    @plugins = Arachni::Plugin::Manager.new( self )

    @page_queue = Queue.new

    prepare_cookie_jar( )
    prepare_user_agent( )

    # deep clone the redundancy rules to preserve their counter
    # for the reports
    @orig_redundant = @opts.redundant.deep_clone

    @running = false
    @paused  = []

    @plugin_store = {}

    @current_url = ''
end

Instance Attribute Details

#auditmap ⇒ Object (readonly)

Returns the value of attribute auditmap.

# File 'lib/framework.rb', line 108

def auditmap
  @auditmap
end

#http ⇒ Arachni::HTTP (readonly)

Returns:

• (Arachni::HTTP)

# File 'lib/framework.rb', line 105

def http
  @http
end

#modules ⇒ Arachni::Module::Manager (readonly)

Returns module manager.

Returns:

• (Arachni::Module::Manager) —

  module manager

# File 'lib/framework.rb', line 90

def modules
  @modules
end

#opts ⇒ Options (readonly)

Instance options

Returns:

• (Options)

# File 'lib/framework.rb', line 80

def opts
  @opts
end

#page_queue ⇒ Queue<Arachni::Parser::Page> (readonly)

Holds candidate pages to be audited.

Pages in the queue are pushed in by the trainer, the queue doesn’t hold pages returned by the spider.

Plug-ins can push their own pages to be audited if they wish to…

Returns:

• (Queue<Arachni::Parser::Page>) —

  page queue

# File 'lib/framework.rb', line 120

def page_queue
  @page_queue
end

#plugins ⇒ Arachni::Plugin::Manager (readonly)

Returns plugin manager.

Returns:

• (Arachni::Plugin::Manager) —

  plugin manager

# File 'lib/framework.rb', line 95

def plugins
  @plugins
end

#reports ⇒ Arachni::Report::Manager (readonly)

Returns report manager.

Returns:

• (Arachni::Report::Manager) —

  report manager

# File 'lib/framework.rb', line 85

def reports
  @reports
end

#sitemap ⇒ Object (readonly)

Returns the value of attribute sitemap.

# File 'lib/framework.rb', line 107

def sitemap
  @sitemap
end

#spider ⇒ Arachni::Spider (readonly)

Returns spider.

Returns:

• (Arachni::Spider) —

  spider

# File 'lib/framework.rb', line 100

def spider
  @spider
end

Instance Method Details

#audit ⇒ Object

Audits the site.

Runs the spider, analyzes each page as it appears and passes it to (#run_mods} to be audited.

# File 'lib/framework.rb', line 238

def audit

    wait_if_paused

    @spider = Arachni::Spider.new( @opts )

    @sitemap  ||= []
    @auditmap ||= []

    # initiates the crawl
    @spider.run {
        |page|

        @sitemap |= @spider.pages

        @page_queue << page
        audit_queue if !@opts.spider_first
    }

    audit_queue

    if( @opts.http_harvest_last )
        harvest_http_responses( )
    end

end

#audit_queue ⇒ Object

# File 'lib/framework.rb', line 265

def audit_queue

    # this will run until no new elements appear for the given page
    while( !@page_queue.empty? && page = @page_queue.pop )

        # audit the page
        exception_jail{ run_mods( page ) }

        # run all the queued HTTP requests and harvest the responses
        http.run

        # check to see if the page was updated
        page = http.trainer.page
        # and push it in the queue to be audited as well
        @page_queue << page if page

    end
end

#audit_store(fresh = false) ⇒ AuditStore

Returns the results of the audit as an AuditStore instance

Returns:

• (AuditStore)

See Also:

• AuditStore

# File 'lib/framework.rb', line 292

def audit_store( fresh = false )

    # restore the original redundacy rules and their counters
    @opts.redundant = @orig_redundant
    opts = @opts.to_h
    opts['mods'] = @modules.keys

    if( !fresh && @store )
        return @store
    else
        return @store = AuditStore.new( {
            :version  => version( ),
            :revision => REVISION,
            :options  => opts,
            :sitemap  => @sitemap ? @sitemap.sort : ['N/A'],
            :issues   => @modules.results( ).deep_clone,
            :plugins  => @plugin_store
        }, self )
     end
end

#lsmod ⇒ Array<Hash>

Returns an array of hashes with information about all available modules

Returns:

• (Array<Hash>)

# File 'lib/framework.rb', line 335

def lsmod

    mod_info = []
    @modules.available( ).each {
        |name|

        path = @modules.name_to_path( name )
        next if !lsmod_match?( path )

        info = @modules[name].info( )

        info[:mod_name]    = name
        info[:name]        = info[:name].strip
        info[:description] = info[:description].strip

        if( !info[:dependencies] )
            info[:dependencies] = []
        end

        info[:author]    = info[:author].strip
        info[:version]   = info[:version].strip
        info[:path]      = path.strip

        mod_info << info
    }

    # unload all modules
    @modules.clear( )

    return mod_info

end

#lsplug ⇒ Array<Hash>

Returns an array of hashes with information about all available reports

Returns:

• (Array<Hash>)

# File 'lib/framework.rb', line 398

def lsplug

    plug_info = []

    @plugins.available( ).each {
        |plugin|

        info = @plugins[plugin].info

        info[:plug_name]   = plugin
        info[:path]        = @plugins.name_to_path( plugin )

        plug_info << info
    }

    @plugins.clear( )

    return plug_info
end

#lsrep ⇒ Array<Hash>

Returns an array of hashes with information about all available reports

Returns:

• (Array<Hash>)

# File 'lib/framework.rb', line 374

def lsrep

    rep_info = []
    @reports.available( ).each {
        |report|

        info = @reports[report].info

        info[:rep_name]    = report
        info[:path]        = @reports.name_to_path( report )

        rep_info << info
    }
    @reports.clear( )

    return rep_info
end

#pause! ⇒ Object

# File 'lib/framework.rb', line 426

def pause!
    @paused << caller
    return true
end

#paused? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/framework.rb', line 422

def paused?
    !@paused.empty?
end

#plugin_store(plugin, obj) ⇒ Object

# File 'lib/framework.rb', line 313

def plugin_store( plugin, obj )
    name = ''
    @plugins.each_pair {
        |k, v|

        if plugin.class.name == v.name
            name = k
            break
        end
    }

    @plugin_store[name] = {
        :results => obj
    }.merge( plugin.class.info )
end

#resume! ⇒ Object

# File 'lib/framework.rb', line 431

def resume!
    @paused.delete( caller )
    return true
end

#revision ⇒ String

Returns the revision of the Arachni::Framework (this) class

Returns:

• (String)

# File 'lib/framework.rb', line 450

def revision
    REVISION
end

#run(&block) ⇒ Object

Runs the system

It parses the instanse options and runs the audit

Parameters:

• &block (Block) —

  a block to call after the audit has finished but before running the reports

# File 'lib/framework.rb', line 168

def run( &block )
    @running = true

    @opts.start_datetime = Time.now

    # run all plugins
    @plugins.run

    # catch exceptions so that if something breaks down or the user opted to
    # exit the reports will still run with whatever results
    # Arachni managed to gather
    begin
        # start the audit
        audit( )
    rescue Exception
    end

    clean_up!
    begin
        block.call if block
    rescue Exception
    end

    # run reports
    if( @opts.reports && !@opts.reports.empty? )
        exception_jail{ @reports.run( audit_store( ) ) }
    end

    return true
end

#running? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/framework.rb', line 418

def running?
    @running
end

#stats(refresh_time = false) ⇒ Object

# File 'lib/framework.rb', line 199

def stats( refresh_time = false )
    req_cnt = http.request_count
    res_cnt = http.response_count

    @auditmap ||= []
    @sitemap  ||= []
    if !refresh_time || @auditmap.size == @sitemap.size
        @opts.delta_time ||= Time.now - @opts.start_datetime
    else
        @opts.delta_time = Time.now - @opts.start_datetime
    end

    curr_avg = 0
    if http.curr_res_cnt > 0
        curr_avg = (http.curr_res_cnt / http.curr_res_time).to_i.to_s
    end

    return {
        :requests   => req_cnt,
        :responses  => res_cnt,
        :time       => audit_store.delta_time,
        :avg        => ( res_cnt / @opts.delta_time ).to_i.to_s,
        :sitemap_size  => @sitemap.size,
        :auditmap_size => @auditmap.size,
        :curr_res_time => http.curr_res_time,
        :curr_res_cnt  => http.curr_res_cnt,
        :curr_avg      => curr_avg,
        :average_res_time => http.average_res_time,
        :max_concurrency => http.max_concurrency,
        :current_page    => @current_url
    }
end

#version ⇒ String

Returns the version of the framework

Returns:

• (String)

# File 'lib/framework.rb', line 441

def version
    Arachni::VERSION
end