Class: Arachni::Module::Base Abstract

Inherits:
Object
  • Object
show all
Includes:
Auditor, Output
Defined in:
lib/module/base.rb

Overview

This class is abstract.

Arachni’s base module class<br/> To be extended by Arachni::Modules.

Defines basic structure and provides utilities to modules.

@author: Tasos “Zapotek” Laskos

<tasos.laskos@gmail.com>
<zapotek@segfault.gr>

@version: 0.2

Constant Summary

Constants included from Auditor

Auditor::OPTIONS

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Auditor

#audit, #audit_elems, #audit_timeout, #audit_timeout_debug_msg, #audit_timeout_phase_2, #log, #match_and_log, #method_missing, #timing_attack

Methods included from Output

#o_print_debug, #o_print_error, #o_print_info, #o_print_line, #o_print_ok, #o_print_status, #o_print_verbose, #print_debug, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose

Methods included from UI::Output

#buffer, #debug!, #debug?, #flush_buffer, #mute!, #muted?, #only_positives!, #only_positives?, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, #unmute!, #verbose!, #verbose?

Constructor Details

#initialize(page) ⇒ Base

Initializes the module attributes, HTTP client and Trainer

Parameters:

  • page (Page)

See Also:



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/module/base.rb', line 62

def initialize( page )

    @page  = page
    @http  = Arachni::HTTP.instance
    @http.trainer.page = @page.dup

    # update the cookies
    if( !@page.cookiejar.empty? )
        @http.update_cookies( @page.cookiejar )
    end

    #
    # This is slightly tricky...
    #
    # Each loaded module is instantiated for each page,
    # however modules share the elements of each page and access them
    # via the ElementsDB.
    #
    # Since the ElementDB is dynamically updated by the Trainer
    # during the audit, is should only be initialized *once*
    # for each page and not overwritten every single time a module is instantiated.
    #
    @@__last_url ||= ''
    if( @@__last_url != @page.url )
        @http.trainer.page = @page.dup
        @http.trainer.init_forms( @page.forms )
        @http.trainer.init_links( @page.links )
        @http.trainer.init_cookies( @page.cookies )
        @@__last_url = @page.url
    end
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Arachni::Module::Auditor

Instance Attribute Details

#httpArachni::Module::HTTP (readonly)

Arachni::HTTP instance for the modules

Returns:

  • (Arachni::Module::HTTP) 


45
46
47
 
# File 'lib/module/base.rb', line 45

def http
  @http
end

#pagePage (readonly)

Arachni::Page instance

Returns:

  • (Page) 


52
53
54
 
# File 'lib/module/base.rb', line 52

def page
  @page
end

Class Method Details

.infoObject

ABSTRACT - REQUIRED

Provides information about the module. Don’t take this lightly and don’t ommit any of the info.



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
 
# File 'lib/module/base.rb', line 138

def self.info
    {
        :name           => 'Base module abstract class',
        :description    => %q{Provides an abstract class the modules should implement.},
        #
        # Arachni needs to know what elements the module plans to audit
        # before invoking it.
        # If a page doesn't have any of those elements
        # there's no point in instantiating the module.
        #
        # If you want the module to run no-matter what leave the array
        # empty.
        #
        # 'Elements'       => [
        #     Issue::Element::FORM,
        #     Issue::Element::LINK,
        #     Issue::Element::COOKIE,
        #     Issue::Element::HEADER
        # ],
        :elements       => [],
        :author         => 'zapotek',
        :version        => '0.1',
        :references     => {
        },
        :targets        => { 'Generic' => 'all' },
        :issue   => {
            :description => %q{},
            :cwe         => '',
            #
            # Severity can be:
            #
            # Issue::Severity::HIGH
            # Issue::Severity::MEDIUM
            # Issue::Severity::LOW
            # Issue::Severity::INFORMATIONAL
            #
            :severity    => '',
            :cvssv2       => '',
            :remedy_guidance    => '',
            :remedy_code => '',
        }
    }
end

Instance Method Details

#clean_upObject

ABSTRACT - OPTIONAL

This is called after run() has finished executing,



129
130
 
# File 'lib/module/base.rb', line 129

def clean_up( )
end

#prepareObject

ABSTRACT - OPTIONAL

It provides you with a way to setup your module’s data and methods.



99
100
 
# File 'lib/module/base.rb', line 99

def prepare( )
end

#register_results(results) ⇒ Object 



182
183
184
 
# File 'lib/module/base.rb', line 182

def register_results( results )
    Arachni::Module::Manager.register_results( results )
end

#runObject

ABSTRACT - REQUIRED

This is used to deliver the module’s payload whatever it may be.



107
108
 
# File 'lib/module/base.rb', line 107

def run( )
end

#skip?(elem) ⇒ Boolean

ABSTRACT - OPTIONAL

This is called right before an [Arachni::Parser::Element] is submitted/auditted and is used to determine whether to skip it or not.

Implementation details are left up to the running module.

Parameters:

Returns:

  • (Boolean) 


120
121
122
 
# File 'lib/module/base.rb', line 120

def skip?( elem )
    return false
end