Class: Arachni::Module::Base Abstract

Inherits:

Object

• Object
• Arachni::Module::Base

Extended by:

Utilities

Includes:

Arachni, Auditor, Utilities

Defined in:

lib/arachni/module/base.rb

Overview

This class is abstract.

Base module class to be extended by all modules.

Defines basic structure and provides utilities to modules.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@gmail.com>

Constant Summary

Constants included from Auditor

Auditor::Format, Auditor::OPTIONS

Constants included from Arachni

BANNER, Cookie, Form, Header, Link, Severity, VERSION, WEBSITE, WIKI

Instance Attribute Summary

Attributes included from Auditor

#framework, #page

Class Method Summary

• .info ⇒ Object abstract

  REQUIRED.

• .prefer(*args) ⇒ Array

  Schedules self to be run after the specified modules and prevents auditing elements that have been previously logged by any of these modules.

• .preferred ⇒ Array

  Names of modules which should be preferred over this one.

Instance Method Summary

• #clean_up ⇒ Object abstract

  OPTIONAL.

• #initialize(page, framework) ⇒ Base constructor

  Initializes the module attributes and HTTP.

• #plugins ⇒ Arachni::PluginManager

  Provides access to the plugin manager.

• #preferred ⇒ Object
• #prepare ⇒ Object abstract

  OPTIONAL.

• #run ⇒ Object abstract

  REQUIRED.

• #session ⇒ Object

Methods included from Utilities

available_port, cookie_encode, cookies_from_document, cookies_from_file, cookies_from_response, exception_jail, exclude_path?, extract_domain, follow_protocol?, form_decode, form_encode, form_parse_request_body, forms_from_document, forms_from_response, generate_token, get_path, html_decode, html_encode, include_path?, links_from_document, links_from_response, normalize_url, page_from_response, page_from_url, parse_query, parse_set_cookie, parse_url_vars, path_in_domain?, path_too_deep?, port_available?, rand_port, redundant_path?, remove_constants, seed, skip_page?, skip_path?, skip_resource?, to_absolute, uri_decode, uri_encode, uri_parse, uri_parser, url_sanitize

Methods included from Auditor

#audit, #audit_rdiff, #audit_taint, #audit_timeout, #audited, #audited?, current_timeout_audit_operations_cnt, #each_candidate_element, #http, included, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, on_timing_attacks, #override_instance_scope?, #register_results, #remote_file_exist?, reset, running_timeout_attacks?, #skip?, timeout_audit_blocks, timeout_audit_operations_cnt, timeout_audit_run, timeout_candidates, timeout_loaded_modules

Methods included from Output

#fancy_name, #print_bad, #print_debug, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose

Methods included from UI::Output

#debug?, #debug_off, #debug_on, #disable_only_positives, #error_logfile, #flush_buffer, #log_error, #mute, #muted?, old_reset_output_options, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_buffer_cap, #set_error_logfile, #uncap_buffer, #unmute, #verbose, #verbose?

Methods included from Arachni

URI, profile?

Constructor Details

#initialize(page, framework) ⇒ Base

Initializes the module attributes and HTTP.

Parameters:

• page (Page)
• framework (Arachni::Framework)

# File 'lib/arachni/module/base.rb', line 49

def initialize( page, framework )
    http.update_cookies( page.cookiejar )

    @page       = page
    @framework  = framework
end

Class Method Details

.info ⇒ Object

This method is abstract.

REQUIRED

Provides information about the module. Don’t take this lightly and don’t ommit any of the info.

# File 'lib/arachni/module/base.rb', line 115

def self.info
    {
        name:        'Base module abstract class',
        description: %q{Provides an abstract class the modules should implement.},
        #
        # Arachni needs to know what elements the module plans to audit
        # before invoking it.
        # If a page doesn't have any of those elements
        # there's no point in instantiating the module.
        #
        # If you want the module to run no-matter what, leave the array
        # empty.
        #
        # elements: [
        #     Element::FORM,
        #     Element::LINK,
        #     Element::COOKIE,
        #     Element::HEADER
        # ],
        elements:    [],
        author:      'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
        version:     '0.1',
        references:  {
            'Title' => 'http://ref.url'
        },
        targets:     %W(Generic),
        issue:       {
            name:           %q{Serious issue},
            description:    %q{This issue is a serious issue and you
                should consider it seriously},
            # CWE ID number
            cwe:            '',
            #
            # Severity can be:
            #
            # Severity::HIGH
            # Severity::MEDIUM
            # Severity::LOW
            # Severity::INFORMATIONAL
            #
            severity:        Severity::HIGH,
            cvssv2:          '', # CVSSV2 score
            remedy_guidance: %q{Paint it blue and throw it in the sea.},
            remedy_code:     %q{sudo rm -rf /}
        }
    }
end

.prefer(*args) ⇒ Array

Schedules self to be run after the specified modules and prevents auditing elements that have been previously logged by any of these modules.

Returns:

• (Array) —

  module names

# File 'lib/arachni/module/base.rb', line 169

def self.prefer( *args )
    @preferred = args.flatten.compact
end

.preferred ⇒ Array

Returns names of modules which should be preferred over this one.

Returns:

• (Array) —

  names of modules which should be preferred over this one

See Also:

• #prefer

# File 'lib/arachni/module/base.rb', line 178

def self.preferred
    @preferred ||= []
end

Instance Method Details

#clean_up ⇒ Object

This method is abstract.

OPTIONAL

This is called after run() has finished executing,

# File 'lib/arachni/module/base.rb', line 83

def clean_up
end

#plugins ⇒ Arachni::PluginManager

Provides access to the plugin manager

You can use it to gain access to the instances of running plugins like so:

p plugins.get( 'profiler' )
# => #<Thread:0x000000025b2ff0 sleep>

p plugins.get( 'profiler' )[:instance]
# => #<Arachni::Plugins::Profiler>

Returns:

• (Arachni::PluginManager)

# File 'lib/arachni/module/base.rb', line 99

def plugins
    framework.plugins if framework
end

#preferred ⇒ Object

# File 'lib/arachni/module/base.rb', line 181

def preferred
    self.class.preferred
end

#prepare ⇒ Object

This method is abstract.

OPTIONAL

It provides you with a way to setup your module’s data and methods.

# File 'lib/arachni/module/base.rb', line 63

def prepare
end

#run ⇒ Object

This method is abstract.

REQUIRED

This is used to deliver the module’s payload whatever it may be.

# File 'lib/arachni/module/base.rb', line 73

def run
end

#session ⇒ Object

# File 'lib/arachni/module/base.rb', line 103

def session
    framework.session if framework
end