Class: Arachni::Module::Manager

Inherits:

Component::Manager

• Object
• Hash
• Component::Manager
• Arachni::Module::Manager

Extended by:

Utilities

Includes:

Utilities

Defined in:

lib/arachni/module/manager.rb

Overview

Holds and manages the modules and their results.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@gmail.com>

Direct Known Subclasses

RPC::Server::Module::Manager

Constant Summary

NAMESPACE =

::Arachni::Modules

Constants inherited from Component::Manager

Component::Manager::EXCLUDE, Component::Manager::WILDCARD

Instance Attribute Summary

Attributes inherited from Component::Manager

#lib, #namespace

Class Method Summary

• .dedup(issues) ⇒ Object
• .do_not_store ⇒ Object
• .issue_set ⇒ Object
• .issues ⇒ Object
• .on_register_results(&block) ⇒ Object
• .on_register_results_blocks ⇒ Object
• .on_register_results_blocks_raw ⇒ Object
• .on_register_results_raw(&block) ⇒ Object
• .register_results(results) ⇒ Integer

  De-duplicates and registers module results (issues).

• .reset ⇒ Object
• .results ⇒ Object

  Class method.

• .store ⇒ Object
• .store? ⇒ Boolean

Instance Method Summary

• #dedup(issues) ⇒ Object
• #do_not_store ⇒ Object
• #initialize(framework) ⇒ Manager constructor

  A new instance of Manager.

• #issue_set ⇒ Object
• #on_register_results(&block) ⇒ Object
• #on_register_results_blocks ⇒ Object
• #on_register_results_blocks_raw ⇒ Object
• #on_register_results_raw(&block) ⇒ Object
• #register_results(results) ⇒ Object
• #reset ⇒ Object
• #results ⇒ Object (also: #issues)
• #run(page) ⇒ Object

  Runs all modules against ‘page’.

• #run_module?(mod, page) ⇒ Bool

  Determines whether or not to run the module against the given page depending on which elements exist in the page, which elements the module is configured to audit and user options.

• #run_one(mod, page) ⇒ Object

  Runs a single module against ‘page’.

• #schedule ⇒ Array

  Returns the modules in proper running order.

• #store ⇒ Object
• #store? ⇒ Boolean

Methods included from Utilities

cookie_encode, cookies_from_document, cookies_from_file, cookies_from_response, exception_jail, exclude_path?, extract_domain, form_decode, form_encode, form_parse_request_body, forms_from_document, forms_from_response, get_path, hash_keys_to_str, html_decode, html_encode, include_path?, links_from_document, links_from_response, normalize_url, page_from_response, page_from_url, parse_query, parse_set_cookie, parse_url_vars, path_in_domain?, path_too_deep?, remove_constants, seed, skip_path?, to_absolute, uri_decode, uri_encode, uri_parse, uri_parser, url_sanitize

Methods included from Utilities

#read_file

Methods inherited from Component::Manager

#[], #available, #clear, #delete, #include?, #load, #load_all, #load_by_tags, #loaded, #name_to_path, #parse, #path_to_name, #paths, #prep_opts

Methods included from UI::Output

#debug?, #debug_off, #debug_on, #disable_only_positives, #flush_buffer, #mute, #muted?, old_reset_output_options, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_buffer_cap, #uncap_buffer, #unmute, #verbose, #verbose?

Constructor Details

#initialize(framework) ⇒ Manager

Returns a new instance of Manager.

Parameters:

• framework (Arachni::Framework)

# File 'lib/arachni/module/manager.rb', line 45

def initialize( framework )
    @framework = framework
    @opts = @framework.opts
    super( @opts.dir['modules'], NAMESPACE )
end

Class Method Details

.dedup(issues) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 247

def self.dedup( issues )
    issues.uniq.reject { |issue| issue_set.include?( issue.unique_id ) }
end

.do_not_store ⇒ Object

# File 'lib/arachni/module/manager.rb', line 170

def self.do_not_store
    @@do_not_store = true
end

.issue_set ⇒ Object

# File 'lib/arachni/module/manager.rb', line 209

def self.issue_set
    @@issue_set
end

.issues ⇒ Object

# File 'lib/arachni/module/manager.rb', line 231

def self.issues
    results
end

.on_register_results(&block) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 135

def self.on_register_results( &block )
    on_register_results_blocks << block
end

.on_register_results_blocks ⇒ Object

# File 'lib/arachni/module/manager.rb', line 142

def self.on_register_results_blocks
    @@on_register_results_blocks
end

.on_register_results_blocks_raw ⇒ Object

# File 'lib/arachni/module/manager.rb', line 156

def self.on_register_results_blocks_raw
    @@on_register_results_blocks_raw
end

.on_register_results_raw(&block) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 149

def self.on_register_results_raw( &block )
    on_register_results_blocks_raw << block
end

.register_results(results) ⇒ Integer

De-duplicates and registers module results (issues).

Parameters:

• results (Array<Arachni::Issue>)

Returns:

• (Integer) —

  amount of (unique) issues registered

# File 'lib/arachni/module/manager.rb', line 191

def self.register_results( results )
    on_register_results_blocks_raw.each { |block| block.call( results ) }

    unique = dedup( results )
    return 0 if unique.empty?

    unique.each { |issue| issue_set << issue.unique_id if issue.var }

    on_register_results_blocks.each { |block| block.call( unique ) }
    return 0 if !store?

    unique.each { |issue| self.results << issue }
    unique.size
end

.reset ⇒ Object

# File 'lib/arachni/module/manager.rb', line 235

def self.reset
    store
    on_register_results_blocks.clear
    on_register_results_blocks_raw.clear
    issue_set.clear
    results.clear
    remove_constants( NAMESPACE )
end

.results ⇒ Object

Class method

Gets module results

Parameters:

• (Array)

# File 'lib/arachni/module/manager.rb', line 223

def self.results
    @@results ||= []
end

.store ⇒ Object

# File 'lib/arachni/module/manager.rb', line 177

def self.store
    @@do_not_store = false
end

.store? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/module/manager.rb', line 163

def self.store?
    !@@do_not_store
end

Instance Method Details

#dedup(issues) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 250

def dedup( issues )
    self.class.dedup( issues )
end

#do_not_store ⇒ Object

# File 'lib/arachni/module/manager.rb', line 173

def do_not_store
    self.class.do_not_store
end

#issue_set ⇒ Object

# File 'lib/arachni/module/manager.rb', line 212

def issue_set
    self.class.issue_set
end

#on_register_results(&block) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 138

def on_register_results( &block )
    self.class.on_register_results( &block )
end

#on_register_results_blocks ⇒ Object

# File 'lib/arachni/module/manager.rb', line 145

def on_register_results_blocks
    self.class.on_register_results_blocks
end

#on_register_results_blocks_raw ⇒ Object

# File 'lib/arachni/module/manager.rb', line 159

def on_register_results_blocks_raw
    self.class.on_register_results_blocks_raw
end

#on_register_results_raw(&block) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 152

def on_register_results_raw( &block )
    self.class.on_register_results_raw( &block )
end

#register_results(results) ⇒ Object

# File 'lib/arachni/module/manager.rb', line 205

def register_results( results )
    self.class.register_results( results )
end

#reset ⇒ Object

# File 'lib/arachni/module/manager.rb', line 243

def reset
    self.class.reset
end

#results ⇒ Object Also known as: issues

# File 'lib/arachni/module/manager.rb', line 226

def results
    self.class.results
end

#run(page) ⇒ Object

Runs all modules against ‘page’.

Parameters:

• page (::Arachni::Page) —

  page to audit

# File 'lib/arachni/module/manager.rb', line 56

def run( page )
    schedule.each { |mod| exception_jail( false ){ run_one( mod, page ) } }
end

#run_module?(mod, page) ⇒ Bool

Determines whether or not to run the module against the given page depending on which elements exist in the page, which elements the module is configured to audit and user options.

Parameters:

• mod (Class) —

  the module to run

• page (Page)

Returns:

• (Bool)

# File 'lib/arachni/module/manager.rb', line 117

def run_module?( mod, page )
    elements = mod.info[:elements]
    return true if !elements || elements.empty?

    elems = {
        Element::LINK => page.links && page.links.any? && @opts.audit_links,
        Element::FORM => page.forms && page.forms.any? && @opts.audit_forms,
        Element::COOKIE => page.cookies && page.cookies.any? && @opts.audit_cookies,
        Element::HEADER => page.headers && page.headers.any? && @opts.audit_headers,
        Element::BODY   => page.body && !page.body.empty?,
        Element::PATH   => true,
        Element::SERVER => true
    }

    elems.each_pair { |elem, expr| return true if elements.include?( elem ) && expr }
    false
end

#run_one(mod, page) ⇒ Object

Runs a single module against ‘page’.

Parameters:

• mod (::Arachni::Module::Base) —

  module to run as a class

• page (::Arachni::Page) —

  page to audit

# File 'lib/arachni/module/manager.rb', line 98

def run_one( mod, page )
    return false if !run_module?( mod, page )

    mod_new = mod.new( page, @framework )
    mod_new.prepare
    mod_new.run
    mod_new.clean_up
end

#schedule ⇒ Array

Returns the modules in proper running order.

Returns:

• (Array)

# File 'lib/arachni/module/manager.rb', line 65

def schedule
    schedule       = Set.new
    preferred_over = Hash.new([])

    preferred = self.reject do |name, klass|
        preferred_over[name] = klass.preferred if klass.preferred.any?
    end

    return self.values if preferred_over.empty? || preferred.empty?

    preferred_over.size.times do
        update = {}
        preferred.each do |name, klass|
            schedule << klass
            preferred_over.select { |_, v| v.include?( name ) }.each do |k, v|
                schedule << (update[k] = self[k])
            end
        end

        preferred.merge!( update )
    end

    schedule |= preferred_over.keys.map { |n| self[n] }

    schedule.to_a
end

#store ⇒ Object

# File 'lib/arachni/module/manager.rb', line 180

def store
    self.class.store
end

#store? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/module/manager.rb', line 166

def store?
    self.class.store
end