Method: Arachni::Module::Auditor#audit

Defined in:
lib/module/auditor.rb

#audit(injection_str, opts = { }, &block) ⇒ Object

Provides easy access to element auditing.

If no elements have been specified in ‘opts’ it will use the elements from the module’s “self.info()” hash. <br/> If no elements have been specified in ‘opts’ or “self.info()” it will use the elements in OPTIONS. <br/>

Parameters:

  • injection_str (String)

    the string to be injected

  • opts (Hash) (defaults to: { })

    options as described in OPTIONS

  • &block (Block)

    block to be passed the:

    • HTTP response

    • name of the input vector

    • updated opts

    The block will be called as soon as the
HTTP response is received.



266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
 
# File 'lib/module/auditor.rb', line 266

def audit( injection_str, opts = { }, &block )

    if( !opts.include?( :elements) || !opts[:elements] || opts[:elements].empty? )
        opts[:elements] = self.class.info[:elements]
    end

    if( !opts.include?( :elements) || !opts[:elements] || opts[:elements].empty? )
        opts[:elements] = OPTIONS[:elements]
    end

    opts  = OPTIONS.merge( opts )

    opts[:elements].each {
        |elem|

        case elem

            when  Element::LINK
                audit_links( injection_str, opts, &block )

            when  Element::FORM
                audit_forms( injection_str, opts, &block )

            when  Element::COOKIE
                audit_cookies( injection_str, opts, &block )

            when  Element::HEADER
                audit_headers( injection_str, opts, &block )
            else
                raise( 'Unknown element to audit:  ' + elem.to_s )

        end

    }
end