Class: Arachni::Options

Inherits:

Object

• Object
• Arachni::Options

Includes:

Singleton

Defined in:

lib/arachni/options.rb

Overview

Options storage class.

Implements the Singleton pattern and formally defines all of Arachni’s runtime options.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@gmail.com>

Constant Summary

PROFILE_EXT =

The extension of the profile files.

'.afp'

Instance Attribute Summary

• #arachni_verbose ⇒ Bool

  Be verbose?.

• #audit_cookies ⇒ Bool

  Should Arachni audit cookies?.

• #audit_cookies_extensively ⇒ Object (also: #audit_cookies_extensively?)

  Returns the value of attribute audit_cookies_extensively.

• #audit_forms ⇒ Bool

  Should Arachni audit forms?.

• #audit_headers ⇒ Bool

  Should Arachni audit HTTP headers?.

• #audit_links ⇒ Bool

  Should Arachni audit links?.

• #authed_by ⇒ String

  The person that authorized the scan<br/> It will be added to the HTTP “user-agent” and “from” headers.

• #auto_redundant ⇒ Bool

  Configure the Spider‘s auto-redundant feature.

• #cookie_jar ⇒ String

  Location of the cookiejar.

• #cookie_string ⇒ String

  Cookies in the form of “name=value; name2=value2”.

• #cookies ⇒ Hash

  To be populated by the framework.

• #cost ⇒ Float

  Cost of using the Dispatcher.

• #custom_headers ⇒ Hash<String, String>

  Custom HTTP headers to be included for every HTTP Request.

• #datastore ⇒ Hash

  General purpose datastore.

• #debug ⇒ Bool

  Output debugging messages?.

• #delta_time ⇒ Integer

  To be populated by the framework.

• #depth_limit ⇒ Integer

  How deep to go in the site structure?<br/> If nil, depth_limit = inf.

• #dir ⇒ Hash

  Holds absolute paths for the directory structure of the framework.

• #exclude ⇒ Array

  Exclusion filters.

• #exclude_binaries ⇒ Object

  Returns the value of attribute exclude_binaries.

• #exclude_cookies ⇒ Array

  Cookies to exclude from the audit.

• #exclude_vectors ⇒ Array

  Vectors to exclude from the audit.

• #extend_paths ⇒ Array<String>

  Paths to use in addition to crawling the webapp.

• #extend_paths_filepath ⇒ String

  Path to file containing #extend_paths.

• #finish_datetime ⇒ Time

  To be populated by the framework.

• #follow_subdomains ⇒ Bool

  Should the crawler follow subdomains?.

• #fuzz_methods ⇒ Object

  Returns the value of attribute fuzz_methods.

• #grid_mode ⇒ String

  Supported values: * high_performance.

• #help ⇒ Bool

  Show help?.

• #http_req_limit ⇒ Integer

  How many concurrent HTTP requests?.

• #http_timeout ⇒ Integer

  HTTP request timeout in milliseconds.

• #include ⇒ Array

  Inclusion filters.

• #link_count_limit ⇒ Integer

  How many links to follow? If -1, link_count_limit = inf.

• #load_profile ⇒ Array

  Location of Arachni Framework Profile (.afp) files to load.

• #login_check_pattern ⇒ Object

  Returns the value of attribute login_check_pattern.

• #login_check_url ⇒ Object

  Returns the value of attribute login_check_url.

• #lsmod ⇒ Array<Regexp>

  List modules, based on regexps, and exit?.

• #lsplug ⇒ Array<Regexp>

  Regexps to use to select which plugins to list.

• #lsrep ⇒ Bool

  List reports and exit?.

• #max_retries ⇒ Integer

  Maximum retries for failed RPC calls.

• #max_slaves ⇒ Integer

  Maximum amount of slave Instances to use.

• #min_pages_per_instance ⇒ Integer

  Minimum pages per RPC Instance when in High Performance Mode.

• #mods ⇒ Array (also: #modules)

  Array of modules to load.

• #neighbour ⇒ String

  The URL of a neighbouring Dispatcher.

• #nickname ⇒ String

  Dispatcher nickname.

• #node_ping_interval ⇒ Float

  How soon to check for neighbour node status.

• #node_ssl_cert ⇒ String

  Path to a client PEM certificate key for the grid nodes.

• #node_ssl_pkey ⇒ String

  Path to a client PEM private key for the grid nodes.

• #obey_robots_txt ⇒ Bool

  Should the crawler obery robots.txt files?.

• #only_positives ⇒ Bool

  Output only positive results during the audit?.

• #pipe_id ⇒ String

  A string identifying this bandwidth pipe.

• #plugins ⇒ Array<String>

  Plugins to load, by name.

• #pool_size ⇒ Integer

  Amount of Instances to keep in the pool.

• #proxy_host ⇒ String

  The address of the proxy server.

• #proxy_password ⇒ String

  The proxy password.

• #proxy_port ⇒ String

  The port to connect on the proxy server.

• #proxy_type ⇒ String

  The proxy type.

• #proxy_username ⇒ String

  The proxy user.

• #redirect_limit ⇒ Integer

  How many redirects to follow? If -1, redirect_limit = inf.

• #redundant ⇒ Hash[Regexp, Integer]

  Filters for redundant links in the form of (pattern => counter).

• #repload ⇒ String

  Location of an Arachni Framework Report (.afr) file to load.

• #reports ⇒ Array

  Array of reports to load.

• #reroute_to_logfile ⇒ Bool

  true if the output of the RPC instances should be redirected to a file, false otherwise.

• #restrict_paths ⇒ Array<String>

  Paths to use instead of crawling the webapp.

• #restrict_paths_filepath ⇒ String

  Path to file containing #restrict_paths.

• #rpc_address ⇒ String

  (hostname or IP) address for the RPC server to bind to.

• #rpc_instance_port_range ⇒ Array<Integer>

  Range of ports to use when spawning instances, first element should be the lowest port number, last the max port number.

• #rpc_port ⇒ Integer

  Port for the RPC server to listen to.

• #save_profile ⇒ String

  Where to save the Arachni Framework Profile (.afp) file.

• #server ⇒ String

  URL of an RPC dispatcher (used by the CLI RPC client interface).

• #show_profile ⇒ Object

  Returns the value of attribute show_profile.

• #ssl ⇒ Bool

  true if SSL should be enabled, false otherwise.

• #ssl_ca ⇒ String

  Path to a PEM CA file.

• #ssl_cert ⇒ String

  Path to a PEM certificate.

• #ssl_pkey ⇒ String

  Path to a PEM private key.

• #start_datetime ⇒ Time

  To be populated by the framework.

• #url ⇒ String, URI

  The URL to audit.

• #user_agent ⇒ String

  The HTTP user-agent to use.

• #webui_password ⇒ String

  Password for the WebUI.

• #webui_username ⇒ String

  Username for the WebUI.

• #weight ⇒ Float

  Dispatcher weight.

Class Method Summary

• .method_missing(sym, *args, &block) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Bool

  Compares 2 Options objects.

• #audit(*element_types) ⇒ Object

  Enables auditing of element types.

• #audit?(*element_types) ⇒ Bool

  Get audit settings for the given element types.

• #auto_redundant? ⇒ Boolean
• #crawl ⇒ Object
• #crawl? ⇒ Boolean
• #do_not_crawl ⇒ Object
• #dont_audit(*element_types) ⇒ Object

  Disables auditing of element types.

• #exclude_binaries? ⇒ Boolean
• #fuzz_methods? ⇒ Boolean
• #initialize ⇒ Options constructor

  A new instance of Options.

• #load(filepath) ⇒ Arachni::Options

  Loads a file created by #save.

• #merge!(options) ⇒ Arachni::Options

  Merges self with the object in options, skipping nils and empty Arrays or Hashes.

• #no_protocol_for_url ⇒ Object
• #no_protocol_for_url? ⇒ Boolean
• #parse(require_url = true) ⇒ Object
• #paths_from_file(file) ⇒ Object
• #redundant?(url, &block) ⇒ Bool

  Checks is the provided URL matches a redundant filter and decreases its counter if so.

• #reset ⇒ Object
• #root_path ⇒ String

  Root path of the framework.

• #save(file) ⇒ Object

  Saves ‘self’ to file.

• #serialize ⇒ String

  Single-line, Base64 encoded serialized version of self.

• #set(options) ⇒ TrueClass

  Configures options via a Hash object.

• #to_arg(key) ⇒ Object
• #to_args ⇒ Object
• #to_h ⇒ Hash (also: #to_hash)

  Converts the Options object to hash.

• #unserialize(str) ⇒ Arachni::Options

  Unserializes what is returned by #serialize.

Constructor Details

#initialize ⇒ Options

# File 'lib/arachni/options.rb', line 475

def initialize
    reset
end

Instance Attribute Details

#arachni_verbose ⇒ Bool

Be verbose?

# File 'lib/arachni/options.rb', line 133

def arachni_verbose
  @arachni_verbose
end

#audit_cookies ⇒ Bool

Should Arachni audit cookies?

# File 'lib/arachni/options.rb', line 220

def audit_cookies
  @audit_cookies
end

#audit_cookies_extensively ⇒ Object Also known as: audit_cookies_extensively?

Returns the value of attribute audit_cookies_extensively.

# File 'lib/arachni/options.rb', line 222

def audit_cookies_extensively
  @audit_cookies_extensively
end

#audit_forms ⇒ Bool

Should Arachni audit forms?

# File 'lib/arachni/options.rb', line 213

def audit_forms
  @audit_forms
end

#audit_headers ⇒ Bool

Should Arachni audit HTTP headers?

# File 'lib/arachni/options.rb', line 230

def audit_headers
  @audit_headers
end

#audit_links ⇒ Bool

Should Arachni audit links?

# File 'lib/arachni/options.rb', line 206

def audit_links
  @audit_links
end

#authed_by ⇒ String

The person that authorized the scan<br/> It will be added to the HTTP “user-agent” and “from” headers.

# File 'lib/arachni/options.rb', line 276

def authed_by
  @authed_by
end

#auto_redundant ⇒ Bool

# File 'lib/arachni/options.rb', line 467

def auto_redundant
  @auto_redundant
end

#cookie_jar ⇒ String

Location of the cookiejar

# File 'lib/arachni/options.rb', line 327

def cookie_jar
  @cookie_jar
end

#cookie_string ⇒ String

# File 'lib/arachni/options.rb', line 332

def cookie_string
  @cookie_string
end

#cookies ⇒ Hash

To be populated by the framework

Parsed cookiejar cookies

# File 'lib/arachni/options.rb', line 320

def cookies
  @cookies
end

#cost ⇒ Float

# File 'lib/arachni/options.rb', line 83

def cost
  @cost
end

#custom_headers ⇒ Hash<String, String>

# File 'lib/arachni/options.rb', line 442

def custom_headers
  @custom_headers
end

#datastore ⇒ Hash

General purpose datastore.

Since this class is a Singleton and is passed to pretty much everything it’s a good candidate for message passing or obscure options that the user doesn’t need to know.

# File 'lib/arachni/options.rb', line 56

def datastore
  @datastore
end

#debug ⇒ Bool

Output debugging messages?

# File 'lib/arachni/options.rb', line 140

def debug
  @debug
end

#delta_time ⇒ Integer

# File 'lib/arachni/options.rb', line 387

def delta_time
  @delta_time
end

#depth_limit ⇒ Integer

How deep to go in the site structure?<br/> If nil, depth_limit = inf

# File 'lib/arachni/options.rb', line 162

def depth_limit
  @depth_limit
end

#dir ⇒ Hash

Holds absolute paths for the directory structure of the framework

# File 'lib/arachni/options.rb', line 105

def dir
  @dir
end

#exclude ⇒ Array

Exclusion filters.

URLs matching any of these patterns won’t be followed or audited.

# File 'lib/arachni/options.rb', line 348

def exclude
  @exclude
end

#exclude_binaries ⇒ Object

Returns the value of attribute exclude_binaries.

# File 'lib/arachni/options.rb', line 464

def exclude_binaries
  @exclude_binaries
end

#exclude_cookies ⇒ Array

Cookies to exclude from the audit

# File 'lib/arachni/options.rb', line 355

def exclude_cookies
  @exclude_cookies
end

#exclude_vectors ⇒ Array

Vectors to exclude from the audit

# File 'lib/arachni/options.rb', line 362

def exclude_vectors
  @exclude_vectors
end

#extend_paths ⇒ Array<String>

# File 'lib/arachni/options.rb', line 451

def extend_paths
  @extend_paths
end

#extend_paths_filepath ⇒ String

# File 'lib/arachni/options.rb', line 454

def extend_paths_filepath
  @extend_paths_filepath
end

#finish_datetime ⇒ Time

# File 'lib/arachni/options.rb', line 384

def finish_datetime
  @finish_datetime
end

#follow_subdomains ⇒ Bool

Should the crawler follow subdomains?

# File 'lib/arachni/options.rb', line 378

def follow_subdomains
  @follow_subdomains
end

#fuzz_methods ⇒ Object

Returns the value of attribute fuzz_methods.

# File 'lib/arachni/options.rb', line 462

def fuzz_methods
  @fuzz_methods
end

#grid_mode ⇒ String

Supported values:

• high_performance

If nil, it won’t make use of the Grid.

# File 'lib/arachni/options.rb', line 68

def grid_mode
  @grid_mode
end

#help ⇒ Bool

Show help?

# File 'lib/arachni/options.rb', line 119

def help
  @help
end

#http_req_limit ⇒ Integer

How many concurrent HTTP requests?

# File 'lib/arachni/options.rb', line 199

def http_req_limit
  @http_req_limit
end

#http_timeout ⇒ Integer

# File 'lib/arachni/options.rb', line 473

def http_timeout
  @http_timeout
end

#include ⇒ Array

Inclusion filters.

Only URLs that match any of these patterns will be followed.

# File 'lib/arachni/options.rb', line 371

def include
  @include
end

#link_count_limit ⇒ Integer

How many links to follow? If -1, link_count_limit = inf

# File 'lib/arachni/options.rb', line 170

def link_count_limit
  @link_count_limit
end

#load_profile ⇒ Array

Location of Arachni Framework Profile (.afp) files to load

# File 'lib/arachni/options.rb', line 265

def load_profile
  @load_profile
end

#login_check_pattern ⇒ Object

Returns the value of attribute login_check_pattern.

# File 'lib/arachni/options.rb', line 470

def login_check_pattern
  @login_check_pattern
end

#login_check_url ⇒ Object

Returns the value of attribute login_check_url.

# File 'lib/arachni/options.rb', line 469

def login_check_url
  @login_check_url
end

#lsmod ⇒ Array<Regexp>

List modules, based on regexps, and exit?

# File 'lib/arachni/options.rb', line 185

def lsmod
  @lsmod
end

#lsplug ⇒ Array<Regexp>

# File 'lib/arachni/options.rb', line 390

def lsplug
  @lsplug
end

#lsrep ⇒ Bool

List reports and exit?

# File 'lib/arachni/options.rb', line 192

def lsrep
  @lsrep
end

#max_retries ⇒ Integer

# File 'lib/arachni/options.rb', line 59

def max_retries
  @max_retries
end

#max_slaves ⇒ Integer

# File 'lib/arachni/options.rb', line 460

def max_slaves
  @max_slaves
end

#min_pages_per_instance ⇒ Integer

# File 'lib/arachni/options.rb', line 457

def min_pages_per_instance
  @min_pages_per_instance
end

#mods ⇒ Array Also known as: modules

Array of modules to load

# File 'lib/arachni/options.rb', line 237

def mods
  @mods
end

#neighbour ⇒ String

# File 'lib/arachni/options.rb', line 73

def neighbour
  @neighbour
end

#nickname ⇒ String

# File 'lib/arachni/options.rb', line 98

def nickname
  @nickname
end

#node_ping_interval ⇒ Float

# File 'lib/arachni/options.rb', line 78

def node_ping_interval
  @node_ping_interval
end

#node_ssl_cert ⇒ String

# File 'lib/arachni/options.rb', line 422

def node_ssl_cert
  @node_ssl_cert
end

#node_ssl_pkey ⇒ String

# File 'lib/arachni/options.rb', line 419

def node_ssl_pkey
  @node_ssl_pkey
end

#obey_robots_txt ⇒ Bool

Should the crawler obery robots.txt files?

# File 'lib/arachni/options.rb', line 154

def obey_robots_txt
  @obey_robots_txt
end

#only_positives ⇒ Bool

Output only positive results during the audit?

# File 'lib/arachni/options.rb', line 126

def only_positives
  @only_positives
end

#pipe_id ⇒ String

# File 'lib/arachni/options.rb', line 88

def pipe_id
  @pipe_id
end

#plugins ⇒ Array<String>

# File 'lib/arachni/options.rb', line 393

def plugins
  @plugins
end

#pool_size ⇒ Integer

# File 'lib/arachni/options.rb', line 432

def pool_size
  @pool_size
end

#proxy_host ⇒ String

The address of the proxy server

# File 'lib/arachni/options.rb', line 283

def proxy_host
  @proxy_host
end

#proxy_password ⇒ String

The proxy password

# File 'lib/arachni/options.rb', line 297

def proxy_password
  @proxy_password
end

#proxy_port ⇒ String

The port to connect on the proxy server

# File 'lib/arachni/options.rb', line 290

def proxy_port
  @proxy_port
end

#proxy_type ⇒ String

The proxy type

# File 'lib/arachni/options.rb', line 311

def proxy_type
  @proxy_type
end

#proxy_username ⇒ String

The proxy user

# File 'lib/arachni/options.rb', line 304

def proxy_username
  @proxy_username
end

#redirect_limit ⇒ Integer

How many redirects to follow? If -1, redirect_limit = inf

# File 'lib/arachni/options.rb', line 178

def redirect_limit
  @redirect_limit
end

#redundant ⇒ Hash[Regexp, Integer]

Filters for redundant links in the form of (pattern => counter).

# File 'lib/arachni/options.rb', line 147

def redundant
  @redundant
end

#repload ⇒ String

Location of an Arachni Framework Report (.afr) file to load

# File 'lib/arachni/options.rb', line 251

def repload
  @repload
end

#reports ⇒ Array

Array of reports to load

# File 'lib/arachni/options.rb', line 244

def reports
  @reports
end

#reroute_to_logfile ⇒ Bool

# File 'lib/arachni/options.rb', line 429

def reroute_to_logfile
  @reroute_to_logfile
end

#restrict_paths ⇒ Array<String>

# File 'lib/arachni/options.rb', line 445

def restrict_paths
  @restrict_paths
end

#restrict_paths_filepath ⇒ String

# File 'lib/arachni/options.rb', line 448

def restrict_paths_filepath
  @restrict_paths_filepath
end

#rpc_address ⇒ String

# File 'lib/arachni/options.rb', line 399

def rpc_address
  @rpc_address
end

#rpc_instance_port_range ⇒ Array<Integer>

# File 'lib/arachni/options.rb', line 404

def rpc_instance_port_range
  @rpc_instance_port_range
end

#rpc_port ⇒ Integer

# File 'lib/arachni/options.rb', line 396

def rpc_port
  @rpc_port
end

#save_profile ⇒ String

Where to save the Arachni Framework Profile (.afp) file

# File 'lib/arachni/options.rb', line 258

def save_profile
  @save_profile
end

#server ⇒ String

# File 'lib/arachni/options.rb', line 425

def server
  @server
end

#show_profile ⇒ Object

Returns the value of attribute show_profile.

# File 'lib/arachni/options.rb', line 268

def show_profile
  @show_profile
end

#ssl ⇒ Bool

# File 'lib/arachni/options.rb', line 407

def ssl
  @ssl
end

#ssl_ca ⇒ String

# File 'lib/arachni/options.rb', line 416

def ssl_ca
  @ssl_ca
end

#ssl_cert ⇒ String

# File 'lib/arachni/options.rb', line 413

def ssl_cert
  @ssl_cert
end

#ssl_pkey ⇒ String

# File 'lib/arachni/options.rb', line 410

def ssl_pkey
  @ssl_pkey
end

#start_datetime ⇒ Time

# File 'lib/arachni/options.rb', line 381

def start_datetime
  @start_datetime
end

#url ⇒ String, URI

The URL to audit

# File 'lib/arachni/options.rb', line 112

def url
  @url
end

#user_agent ⇒ String

The HTTP user-agent to use

# File 'lib/arachni/options.rb', line 339

def user_agent
  @user_agent
end

#webui_password ⇒ String

# File 'lib/arachni/options.rb', line 438

def webui_password
  @webui_password
end

#webui_username ⇒ String

# File 'lib/arachni/options.rb', line 435

def webui_username
  @webui_username
end

#weight ⇒ Float

# File 'lib/arachni/options.rb', line 93

def weight
  @weight
end

Class Method Details

.method_missing(sym, *args, &block) ⇒ Object

# File 'lib/arachni/options.rb', line 1318

def self.method_missing( sym, *args, &block )
    instance.send( sym, *args, &block )
end

Instance Method Details

#==(other) ⇒ Bool

Compares 2 Arachni::Options objects.

# File 'lib/arachni/options.rb', line 1211

def ==( other )
    to_hash == other.to_hash
end

#audit(*element_types) ⇒ Object

Enables auditing of element types.

# File 'lib/arachni/options.rb', line 624

def audit( *element_types )
    element_types.flatten.compact.each do |type|
        begin
            self.send( "audit_#{type}=", true )
        rescue
            begin
                self.send( "audit_#{type}s=", true )
            rescue
            end
        end
    end
    true
end

#audit?(*element_types) ⇒ Bool

Get audit settings for the given element types.

# File 'lib/arachni/options.rb', line 665

def audit?( *element_types )
    !element_types.flatten.compact.map do |type|
        !!begin
            self.send( "audit_#{type}" )
        rescue
            begin
                self.send( "audit_#{type}s" )
            rescue
            end
        end
    end.uniq.include?( false )
end

#auto_redundant? ⇒ Boolean

# File 'lib/arachni/options.rb', line 574

def auto_redundant?
    !!@auto_redundant
end

#crawl ⇒ Object

# File 'lib/arachni/options.rb', line 586

def crawl
    self.link_count_limit = -1
end

#crawl? ⇒ Boolean

# File 'lib/arachni/options.rb', line 590

def crawl?
    self.link_count_limit != 0
end

#do_not_crawl ⇒ Object

# File 'lib/arachni/options.rb', line 582

def do_not_crawl
    self.link_count_limit = 0
end

#dont_audit(*element_types) ⇒ Object

Disables auditing of element types.

# File 'lib/arachni/options.rb', line 643

def dont_audit( *element_types )
    element_types.flatten.compact.each do |type|
        begin
            self.send( "audit_#{type}=", false )
        rescue
            begin
                self.send( "audit_#{type}s=", false )
            rescue
            end
        end
    end
    true
end

#exclude_binaries? ⇒ Boolean

# File 'lib/arachni/options.rb', line 570

def exclude_binaries?
    self.exclude_binaries
end

#fuzz_methods? ⇒ Boolean

# File 'lib/arachni/options.rb', line 578

def fuzz_methods?
    self.fuzz_methods
end

#load(filepath) ⇒ Arachni::Options

Loads a file created by #save.

# File 'lib/arachni/options.rb', line 1176

def load( filepath )
    opts = YAML::load( IO.read( filepath ) )

    if opts.restrict_paths_filepath
        opts.restrict_paths = paths_from_file( opts.restrict_paths_filepath )
    end

    if opts.extend_paths_filepath
        opts.extend_paths   = paths_from_file( opts.extend_paths_filepath )
    end

    opts
end

#merge!(options) ⇒ Arachni::Options

Merges self with the object in options, skipping nils and empty Arrays or Hashes.

# File 'lib/arachni/options.rb', line 1222

def merge!( options )
    options.to_hash.each_pair do |k, v|
        next if !v
        next if ( v.is_a?( Array ) || v.is_a?( Hash ) ) && v.empty?
        send( "#{k.to_s}=", v )
    end
    self
end

#no_protocol_for_url ⇒ Object

# File 'lib/arachni/options.rb', line 1086

def no_protocol_for_url
    @no_protocol_for_url = true
end

#no_protocol_for_url? ⇒ Boolean

# File 'lib/arachni/options.rb', line 1090

def no_protocol_for_url?
    !!@no_protocol_for_url
end

#parse(require_url = true) ⇒ Object

# File 'lib/arachni/options.rb', line 752

def parse( require_url = true )
    # Construct getops struct
    opts = GetoptLong.new(
        [ '--help',              '-h', GetoptLong::NO_ARGUMENT ],
        [ '--verbosity',         '-v', GetoptLong::NO_ARGUMENT ],
        [ '--only-positives',    '-k', GetoptLong::NO_ARGUMENT ],
        [ '--lsmod',                   GetoptLong::OPTIONAL_ARGUMENT ],
        [ '--lsrep',                   GetoptLong::OPTIONAL_ARGUMENT ],
        [ '--audit-links',       '-g', GetoptLong::NO_ARGUMENT ],
        [ '--audit-forms',       '-p', GetoptLong::NO_ARGUMENT ],
        [ '--audit-cookies',     '-c', GetoptLong::NO_ARGUMENT ],
        [ '--audit-cookie-jar',        GetoptLong::NO_ARGUMENT ],
        [ '--audit-headers',           GetoptLong::NO_ARGUMENT ],
        [ '--spider-first',            GetoptLong::NO_ARGUMENT ],
        [ '--obey-robots-txt',   '-o', GetoptLong::NO_ARGUMENT ],
        [ '--redundant',               GetoptLong::REQUIRED_ARGUMENT ],
        [ '--depth',             '-d', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--redirect-limit',    '-q', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--link-count',        '-u', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--mods',              '-m', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--modules',                 GetoptLong::REQUIRED_ARGUMENT ],
        [ '--report',                  GetoptLong::REQUIRED_ARGUMENT ],
        [ '--repload',                 GetoptLong::REQUIRED_ARGUMENT ],
        [ '--authed-by',               GetoptLong::REQUIRED_ARGUMENT ],
        [ '--load-profile',            GetoptLong::REQUIRED_ARGUMENT ],
        [ '--save-profile',            GetoptLong::REQUIRED_ARGUMENT ],
        [ '--show-profile',            GetoptLong::NO_ARGUMENT ],
        [ '--proxy',             '-z', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--proxy-auth',        '-x', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--proxy-type',        '-y', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--cookie-jar',        '-j', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--cookie-string'          , GetoptLong::REQUIRED_ARGUMENT ],
        [ '--user-agent',        '-b', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--exclude',           '-e', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--include',           '-i', GetoptLong::REQUIRED_ARGUMENT ],
        [ '--exclude-cookie',          GetoptLong::REQUIRED_ARGUMENT ],
        [ '--exclude-vector',          GetoptLong::REQUIRED_ARGUMENT ],
        [ '--http-req-limit',          GetoptLong::REQUIRED_ARGUMENT ],
        [ '--http-timeout',            GetoptLong::REQUIRED_ARGUMENT ],
        [ '--follow-subdomains', '-f', GetoptLong::NO_ARGUMENT ],
        [ '--debug',             '-w', GetoptLong::NO_ARGUMENT ],
        [ '--server',                  GetoptLong::REQUIRED_ARGUMENT ],
        [ '--plugin',                  GetoptLong::OPTIONAL_ARGUMENT ],
        [ '--lsplug',                  GetoptLong::OPTIONAL_ARGUMENT ],
        [ '--serialized-opts',         GetoptLong::REQUIRED_ARGUMENT ],
        [ '--ssl',                     GetoptLong::NO_ARGUMENT ],
        [ '--ssl-pkey',                GetoptLong::REQUIRED_ARGUMENT ],
        [ '--ssl-cert',                GetoptLong::REQUIRED_ARGUMENT ],
        [ '--node-ssl-pkey',          GetoptLong::REQUIRED_ARGUMENT ],
        [ '--node-ssl-cert',          GetoptLong::REQUIRED_ARGUMENT ],
        [ '--ssl-ca',                 GetoptLong::REQUIRED_ARGUMENT ],
        [ '--address',                GetoptLong::REQUIRED_ARGUMENT ],
        [ '--reroute-to-logfile',     GetoptLong::NO_ARGUMENT ],
        [ '--pool-size',              GetoptLong::REQUIRED_ARGUMENT ],
        [ '--neighbour',              GetoptLong::REQUIRED_ARGUMENT ],
        [ '--weight',                 GetoptLong::REQUIRED_ARGUMENT ],
        [ '--cost',                   GetoptLong::REQUIRED_ARGUMENT ],
        [ '--pipe-id',                GetoptLong::REQUIRED_ARGUMENT ],
        [ '--nickname',               GetoptLong::REQUIRED_ARGUMENT ],
        [ '--username',               GetoptLong::REQUIRED_ARGUMENT ],
        [ '--password',               GetoptLong::REQUIRED_ARGUMENT ],
        [ '--port',                   GetoptLong::REQUIRED_ARGUMENT ],
        [ '--host',                   GetoptLong::REQUIRED_ARGUMENT ],
        [ '--custom-header',          GetoptLong::REQUIRED_ARGUMENT ],
        [ '--restrict-paths',         GetoptLong::REQUIRED_ARGUMENT ],
        [ '--extend-paths',           GetoptLong::REQUIRED_ARGUMENT ],
        [ '--port-range',             GetoptLong::REQUIRED_ARGUMENT ],
        [ '--http-harvest-last',      GetoptLong::NO_ARGUMENT ],
        [ '--fuzz-methods',           GetoptLong::NO_ARGUMENT ],
        [ '--audit-cookies-extensively',      GetoptLong::NO_ARGUMENT ],
        [ '--exclude-binaries',       GetoptLong::NO_ARGUMENT ],
        [ '--auto-redundant',         GetoptLong::OPTIONAL_ARGUMENT ],
        [ '--login-check-url',        GetoptLong::REQUIRED_ARGUMENT ],
        [ '--login-check-pattern',    GetoptLong::REQUIRED_ARGUMENT ]
    )

    opts.quiet = true

    begin
        opts.each do |opt, arg|

            case opt

                when '--help'
                    @help = true

                when '--serialized-opts'
                    merge!( unserialize( arg ) )

                when '--only-positives'
                    @only_positives = true

                when '--verbosity'
                    @arachni_verbose = true

                when '--debug'
                    @debug = true

                when '--plugin'
                    plugin, opt_str = arg.split( ':', 2 )

                    opts = {}
                    if opt_str
                        opt_arr = opt_str.split( ',' )
                        opt_arr.each {
                            |c_opt|
                            name, val = c_opt.split( '=', 2 )
                            opts[name] = val
                        }
                    end

                    @plugins[plugin] = opts

                when '--redundant'
                    regexp, counter = arg.to_s.split( ':', 2 )
                    @redundant[ Regexp.new( regexp ) ] = Integer( counter )

                when '--port-range'
                    first, last = arg.to_s.split( '-' )
                    @rpc_instance_port_range = [ Integer( first ), Integer( last ) ]

                when '--custom-header'
                    header, val = arg.to_s.split( /=/, 2 )
                    @custom_headers[header] = val

                when '--restrict-paths'
                    @restrict_paths |= paths_from_file( arg )
                    @restrict_paths_filepath = arg

                when '--extend-paths'
                    @extend_paths |= paths_from_file( arg )
                    @extend_paths_filepath = arg

                when '--obey_robots_txt'
                    @obey_robots_txt = true

                when '--depth'
                    @depth_limit = arg.to_i

                when '--link-count'
                    @link_count_limit = arg.to_i

                when '--redirect-limit'
                    @redirect_limit = arg.to_i

                when '--lsmod'
                    @lsmod << Regexp.new( arg.to_s )

                when '--lsplug'
                    @lsplug << Regexp.new( arg.to_s )

                when '--lsrep'
                    @lsrep << Regexp.new( arg.to_s )

                when '--http-req-limit'
                    @http_req_limit = arg.to_i

                when '--http-timeout'
                    @http_timeout = arg.to_i

                when '--audit-links'
                    @audit_links = true

                when '--audit-forms'
                    @audit_forms = true

                when '--audit-cookies'
                    @audit_cookies = true

                when '--audit-cookie-jar'
                    @audit_cookie_jar = true

                when '--audit-headers'
                    @audit_headers = true

                when '--mods', '--modules'
                    @mods = arg.to_s.split( /,/ )

                when '--report'
                    report, opt_str = arg.split( ':' )

                    opts = {}
                    if opt_str
                        opt_arr = opt_str.split( ',' )
                        opt_arr.each {
                            |c_opt|
                            name, val = c_opt.split( '=' )
                            opts[name] = val
                        }
                    end

                    @reports[report] = opts

                when '--repload'
                    @repload = arg

                when '--save-profile'
                    @save_profile = arg

                when '--load-profile'
                    @load_profile << arg

                when '--show-profile'
                    @show_profile = true

                when '--authed-by'
                    @authed_by = arg

                when '--proxy'
                    @proxy_host, @proxy_port =
                        arg.to_s.split( /:/ )

                when '--proxy-auth'
                    @proxy_username, @proxy_password =
                        arg.to_s.split( /:/ )

                when '--proxy-type'
                    @proxy_type = arg.to_s

                when '--cookie-jar'
                    @cookie_jar = arg.to_s

                when '--cookie-string'
                    @cookie_string = arg.to_s

                when '--user-agent'
                    @user_agent = arg.to_s

                when '--exclude'
                    @exclude << Regexp.new( arg )

                when '--include'
                    @include << Regexp.new( arg )

                when '--exclude-cookie'
                    @exclude_cookies << arg

                when '--exclude-vector'
                    @exclude_vectors << arg

                when '--follow-subdomains'
                    @follow_subdomains = true

                when '--http-harvest-last'
                    puts 'The http-harvest-last option has been removed.'
                    puts 'Please adjust your command-line arguments and try again.'
                    exit

                when '--ssl'
                    @ssl = true

                when '--ssl-pkey'
                    @ssl_pkey = arg.to_s

                when '--ssl-cert'
                    @ssl_cert = arg.to_s

                when '--ssl-ca'
                    @ssl_ca = arg.to_s

                when '--server'
                    @server = arg.to_s

                when '--reroute-to-logfile'
                    @reroute_to_logfile = true

                when '--port'
                    @rpc_port = arg.to_i

                when '--address'
                    @rpc_address = arg.to_s

                when '--pool-size'
                    @pool_size = arg.to_i

                when '--neighbour'
                    @neighbour = arg.to_s

                when '--cost'
                    @cost = arg.to_s

                when '--weight'
                    @weight = arg.to_s

                when '--pipe-id'
                    @pipe_id = arg.to_s

                when '--nickname'
                    @nickname = arg.to_s

                when '--host'
                    @server = arg.to_s

                when '--username'
                    @webui_username = arg.to_s

                when '--password'
                    @webui_password = arg.to_s

                when '--fuzz-methods'
                    @fuzz_methods = true

                when '--audit-cookies-extensively'
                    @audit_cookies_extensively = true

                when '--exclude-binaries'
                    @exclude_binaries = true

                when '--auto-redundant'
                    @auto_redundant = arg.empty? ? 10 : arg.to_i

                when '--login-check-url'
                    @login_check_url = arg

                when '--login-check-pattern'
                    @login_check_pattern = arg
            end
        end

        if (!@login_check_url && @login_check_pattern) ||
            (@login_check_url && !@login_check_pattern)
            fail "Both '--login-check-url' and '--login-check-pattern' options are required."
        end

    rescue => e
        puts BANNER
        puts
        puts e
        exit
    end

    self.url = ARGV.shift if require_url
end

#paths_from_file(file) ⇒ Object

# File 'lib/arachni/options.rb', line 1314

def paths_from_file( file )
    IO.read( file ).lines.map { |p| p.strip }
end

#redundant?(url, &block) ⇒ Bool

Checks is the provided URL matches a redundant filter and decreases its counter if so.

If a filter’s counter has reached 0 the method returns true.

# File 'lib/arachni/options.rb', line 558

def redundant?( url, &block )
    redundant.each do |regexp, count|
        next if !(url =~ regexp)
        return true if count == 0

        block.call( count, regexp, url ) if block_given?

        redundant[regexp] -= 1
    end
    false
end

#reset ⇒ Object

# File 'lib/arachni/options.rb', line 479

def reset
    # nil everything out
    self.instance_variables.each { |var| instance_variable_set( var.to_s, nil ) }

    @dir            = {}
    @dir['root']    = root_path
    @dir['gfx']     = @dir['root'] + 'gfx/'
    @dir['conf']    = @dir['root'] + 'conf/'
    @dir['logs']    = @dir['root'] + 'logs/'
    @dir['data']    = @dir['root'] + 'data/'
    @dir['modules'] = @dir['root'] + 'modules/'
    @dir['reports'] = @dir['root'] + 'reports/'
    @dir['plugins'] = @dir['root'] + 'plugins/'
    @dir['rpcd_handlers']   = @dir['root'] + 'rpcd_handlers/'
    @dir['path_extractors'] = @dir['root'] + 'path_extractors/'

    @dir['lib']     = @dir['root'] + 'lib/arachni/'
    @dir['mixins']  = @dir['lib'] + 'mixins/'
    @dir['arachni'] = @dir['lib'][0...-1]

    # we must add default values for everything because that can serve
    # both as a default configuration and as an inexpensive way to declare
    # their data types for later verification

    @datastore  = {}
    @redundant  = {}

    @obey_robots_txt   = false
    @fuzz_methods      = false
    @audit_cookies_extensively = false
    @exclude_binaries  = false
    @auto_redundant    = false

    @depth_limit      = -1
    @link_count_limit = -1
    @redirect_limit   = 20

    @lsmod      = []
    @lsrep      = []

    @http_req_limit = 20

    @mods = []

    @reports    = {}

    @exclude    = []
    @exclude_cookies    = []
    @exclude_vectors    = []

    @include    = []

    @lsplug     = []
    @plugins    = {}

    @rpc_instance_port_range = [1025, 65535]

    @load_profile       = []
    @restrict_paths     = []
    @extend_paths       = []
    @custom_headers     = {}

    @min_pages_per_instance = 30
    @max_slaves = 10
    self
end

#root_path ⇒ String

# File 'lib/arachni/options.rb', line 1095

def root_path
    File.dirname( File.dirname( File.dirname( File.expand_path( File.expand_path(  __FILE__  ) ) ) ) ) + '/'
end

#save(file) ⇒ Object

Saves ‘self’ to file.

# File 'lib/arachni/options.rb', line 1126

def save( file )

    dir = @dir.clone

    load_profile    = []
    save_profile    = nil
    authed_by       = nil
    restrict_paths  = []
    extend_paths    = []

    load_profile   = @load_profile.clone    if @load_profile
    save_profile   = @save_profile.clone    if @save_profile
    authed_by      = @authed_by.clone       if @authed_by
    restrict_paths = @restrict_paths.clone  if @restrict_paths
    extend_paths   = @extend_paths.clone    if @extend_paths

    @dir            = nil
    @load_profile   = []
    @save_profile   = nil
    @authed_by      = nil
    @restrict_paths = []
    @extend_paths   = []

    begin
        f = File.open( file, 'w' )
        YAML.dump( self, f )
    rescue
        return
    ensure
        f.close

        @dir          = dir
        @load_profile = load_profile
        @save_profile = save_profile
        @authed_by    = authed_by

        @restrict_paths = restrict_paths
        @extend_paths   = extend_paths
    end

    f.path
end

#serialize ⇒ String

Returns Single-line, Base64 encoded serialized version of self.

See Also:

• #unserialize

# File 'lib/arachni/options.rb', line 1104

def serialize
    Base64.encode64( to_yaml ).split( "\n" ).join
end

#set(options) ⇒ TrueClass

Configures options via a Hash object

# File 'lib/arachni/options.rb', line 685

def set( options )
    options.each_pair do |k, v|
        begin
            send( "#{k.to_s}=", v )
        rescue => e
            #ap e
            #ap e.backtrace
        end
    end
    true
end

#to_arg(key) ⇒ Object

# File 'lib/arachni/options.rb', line 1235

def to_arg( key )

    do_not_parse = %w(show_profile url dir)

    var = self.instance_variable_get( "@#{key}" )

    return if !var
    return if ( var.is_a?( Array ) || var.is_a?( Hash ) ) && var.empty?
    return if do_not_parse.include?( key )
    return if key == 'include' && var == [/.*/]
    return if key == 'reports' && var.keys == %w(stdout)

    key = 'exclude_cookie' if key == 'exclude_cookies'
    key = 'exclude_vector' if key == 'exclude_vectors'
    key = 'report'         if key == 'reports'

    key = key.gsub( '_', '-' )

    arg = ''

    case key

        when 'mods'
            var = var.join( ',' )

        when 'restrict-paths'
            var = @restrict_paths_filepath

        when 'extend-paths'
            var = @extend_paths_filepath

        when 'rpc-instance-port-range'
            var = var.join( '-' )

        when 'arachni-verbose'
            key = 'verbosity'

        when 'redundant'
            var.each do |rule|
                arg += " --#{key}=#{rule['regexp'].source}:#{rule['count']}"
            end
            return arg

        when 'plugins','report'
            arg = ''
            var.each do |opt, val|
                arg += " --#{key.chomp( 's' )}=#{opt}"
                arg += ':' if !val.empty?

                val.each {
                    |k, v|
                    arg += "#{k}=#{v},"
                }

                arg.chomp!( ',' )
            end
            return arg

        when 'proxy-port'
            return

        when 'proxy-addr'
            return "--proxy=#{self.proxy_host}:#{self.proxy_port}"
    end

    if var.is_a?( TrueClass )
        arg = "--#{key}"
    elsif var.is_a?( String ) || var.is_a?( Fixnum )
        arg = "--#{key}=#{var.to_s}"
    elsif var.is_a?( Array )
        var.each do |i|
            i = i.source if i.is_a?( Regexp )
            arg += " --#{key}=#{i}"
        end
    end

    arg
end

#to_args ⇒ Object

# File 'lib/arachni/options.rb', line 1231

def to_args
    ' ' + to_hash.map { |key, val| to_arg( key ) if val }.compact.join( ' ' ) + " #{self.url}"
end

#to_h ⇒ Hash Also known as: to_hash

Converts the Options object to hash

# File 'lib/arachni/options.rb', line 1195

def to_h
    hash = {}
    self.instance_variables.each do |var|
        hash[normalize_name( var )] = self.instance_variable_get( var )
    end
    hash
end

#unserialize(str) ⇒ Arachni::Options

Unserializes what is returned by #serialize.

See Also:

• #serialize

# File 'lib/arachni/options.rb', line 1117

def unserialize( str )
    YAML.load( Base64.decode64( str ) )
end