Module: Arachni::Framework::Parts::Audit
- Includes:
- Support::Mixins::Observable
- Included in:
- Arachni::Framework
- Defined in:
- lib/arachni/framework/parts/audit.rb
Overview
Instance Attribute Summary collapse
-
#failures ⇒ Array<String>
readonly
Page URLs which elicited no response from the server and were not audited.
- #http ⇒ Arachni::HTTP readonly
-
#session ⇒ Session
readonly
Web application session manager.
- #trainer ⇒ Trainer readonly
Instance Method Summary collapse
- #after_page_audit(&block) ⇒ Object
- #audit_page(page) ⇒ Object
- #initialize ⇒ Object
- #on_page_audit(&block) ⇒ Object
Methods included from Support::Mixins::Observable
Methods included from Utilities
#available_port, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Instance Attribute Details
#failures ⇒ Array<String> (readonly)
Returns Page URLs which elicited no response from the server and were not audited. Not determined by HTTP status codes, we’re talking network failures here.
39 40 41 |
# File 'lib/arachni/framework/parts/audit.rb', line 39 def failures @failures end |
#http ⇒ Arachni::HTTP (readonly)
34 35 36 |
# File 'lib/arachni/framework/parts/audit.rb', line 34 def http @http end |
#session ⇒ Session (readonly)
Returns Web application session manager.
31 32 33 |
# File 'lib/arachni/framework/parts/audit.rb', line 31 def session @session end |
#trainer ⇒ Trainer (readonly)
27 28 29 |
# File 'lib/arachni/framework/parts/audit.rb', line 27 def trainer @trainer end |
Instance Method Details
#after_page_audit(&block) ⇒ Object
24 |
# File 'lib/arachni/framework/parts/audit.rb', line 24 advertise :after_page_audit |
#audit_page(page) ⇒ Object
Will update the HTTP::Client#cookie_jar with Page#cookie_jar.
It will audit just the given ‘page` and not any subsequent pages discovered by the Trainer – i.e. ignore any new elements that might appear as a result.
It will pass the ‘page` to the BrowserCluster for analysis if the DOM depth limit has not been reached and push resulting pages to #push_to_page_queue but will not audit those pages either.
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
# File 'lib/arachni/framework/parts/audit.rb', line 67 def audit_page( page ) return if !page if page.scope.out? print_info "Ignoring page due to exclusion criteria: #{page.dom.url}" return false end # Initialize the BrowserCluster. browser_cluster state.audited_page_count += 1 add_to_sitemap( page ) sitemap.merge!( browser_sitemap ) print_line print_status "[HTTP: #{page.code}] #{page.dom.url}" if page.platforms.any? print_info "Identified as: #{page.platforms.to_a.join( ', ' )}" end if crawl? pushed = push_paths_from_page( page ) print_info "Analysis resulted in #{pushed.size} usable paths." end if host_has_browser? print_info "DOM depth: #{page.dom.depth} (Limit: #{options.scope.dom_depth_limit})" if page.dom.transitions.any? print_info ' Transitions:' page.dom.print_transitions( method(:print_info), ' ' ) end end # Aside from plugins and whatnot, the Trainer hooks here to update the # ElementFilter so that it'll know if new elements appear during the # audit, so it's a big deal. notify_on_page_audit( page ) @current_url = page.dom.url.to_s http.( page. ) perform_browser_analysis( page ) # Remove elements which have already passed through here. pre_audit_element_filter( page ) # Run checks which **don't** benefit from fingerprinting first, so that # we can use the responses of their HTTP requests to fingerprint the # webapp platforms, so that the checks which **do** benefit from knowing # the remote platforms can run more efficiently. ran = false @checks.without_platforms.values.each do |check| ran = true if check_page( check, page ) end harvest_http_responses if ran run_http = ran ran = false @checks.with_platforms.values.each do |check| ran = true if check_page( check, page ) end harvest_http_responses if ran run_http ||= ran if Arachni::Check::Auditor.has_timeout_candidates? print_line print_status "Verifying timeout-analysis candidates for: #{page.dom.url}" print_info '---------------------------------------' Arachni::Check::Auditor.timeout_audit_run run_http = true end # Makes it easier on the GC. page.clear_cache notify_after_page_audit( page ) run_http end |
#initialize ⇒ Object
41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/arachni/framework/parts/audit.rb', line 41 def initialize super @http = HTTP::Client.instance # Holds page URLs which returned no response. @failures = [] @retries = {} @current_url = '' reset_session reset_trainer end |
#on_page_audit(&block) ⇒ Object
21 |
# File 'lib/arachni/framework/parts/audit.rb', line 21 advertise :on_page_audit |