Class: Arachni::OptionGroups::Scope

Inherits:
Arachni::OptionGroup show all
Defined in:
lib/arachni/option_groups/scope.rb

Overview

Scan scope options, maintains rules used to decide which resources should be considered for crawling/auditing/etc. during the scan.

Author:

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Arachni::OptionGroup

#==, attr_accessor, attributes, #attributes, #defaults, defaults, #hash, inherited, #initialize, #merge, set_defaults, #to_h, #to_hash, #update, #validate

Constructor Details

This class inherits a constructor from Arachni::OptionGroup

Instance Attribute Details

#auto_redundant_pathsBool

Returns Sets a limit to how many paths with identical query parameter names to process. Helps avoid processing redundant/identical resources like entries in calendars and catalogs.

Returns:

  • (Bool)

    Sets a limit to how many paths with identical query parameter names to process. Helps avoid processing redundant/identical resources like entries in calendars and catalogs.

See Also:



75
76
77
# File 'lib/arachni/option_groups/scope.rb', line 75

def auto_redundant_paths
  @auto_redundant_paths
end

#directory_depth_limitInteger

Note:

‘nil` is infinite – default is `nil`.

Returns How deep to go into the site’s directory tree.

Returns:

  • (Integer)

    How deep to go into the site’s directory tree.

See Also:



23
24
25
# File 'lib/arachni/option_groups/scope.rb', line 23

def directory_depth_limit
  @directory_depth_limit
end

#dom_depth_limitInteger

Note:

‘nil` is infinite – default is `10`.

Returns How deep to go into each page’s DOM tree.

Returns:

  • (Integer)

    How deep to go into each page’s DOM tree.

See Also:



31
32
33
# File 'lib/arachni/option_groups/scope.rb', line 31

def dom_depth_limit
  @dom_depth_limit
end

#exclude_binariesBool Also known as: exclude_binaries?

Note:

Default is ‘false`.

Returns Exclude pages with binary content from the audit. Mainly used to avoid having grep checks confused by random binary content.

Returns:

  • (Bool)

    Exclude pages with binary content from the audit. Mainly used to avoid having grep checks confused by random binary content.

See Also:

  • HTTP::Response::Scope#exclude_as_binary?


104
105
106
# File 'lib/arachni/option_groups/scope.rb', line 104

def exclude_binaries
  @exclude_binaries
end

#exclude_content_patternsArray<Regexp>

Returns Page/HTTP::Response bodies matching any of these patterns will be are ignored.

Returns:

See Also:

  • HTTP::Response::Scope#exclude_content?


95
96
97
# File 'lib/arachni/option_groups/scope.rb', line 95

def exclude_content_patterns
  @exclude_content_patterns
end

#exclude_path_patternsArray<Regexp>

Returns Path exclusion patterns, resources that match any of the specified patterns will not be considered.

Returns:

  • (Array<Regexp>)

    Path exclusion patterns, resources that match any of the specified patterns will not be considered.

See Also:



89
90
91
# File 'lib/arachni/option_groups/scope.rb', line 89

def exclude_path_patterns
  @exclude_path_patterns
end

#extend_pathsArray<String>

Returns Paths to use in addition to crawling.

Returns:

  • (Array<String>)

    Paths to use in addition to crawling.

See Also:

  • Framework#push_to_page_queue
  • Framework#push_to_url_queue


55
56
57
# File 'lib/arachni/option_groups/scope.rb', line 55

def extend_paths
  @extend_paths
end

#https_onlyBool Also known as: https_only?

Returns If an HTTPS Arachni::Options#url has been provided, **do not** downgrade to to a insecure link.

Returns:

  • (Bool)

    If an HTTPS Arachni::Options#url has been provided, **do not** downgrade to to a insecure link.

See Also:



121
122
123
# File 'lib/arachni/option_groups/scope.rb', line 121

def https_only
  @https_only
end

#include_path_patternsArray<Regexp>

Returns Path inclusion patterns, only resources that match any of the specified patterns will be considered.

Returns:

  • (Array<Regexp>)

    Path inclusion patterns, only resources that match any of the specified patterns will be considered.

See Also:



82
83
84
# File 'lib/arachni/option_groups/scope.rb', line 82

def include_path_patterns
  @include_path_patterns
end

#include_subdomainsBool

Note:

Default if ‘false`.

Returns Take into consideration URLs pointing to different subdomains from the seed URL.

Returns:

  • (Bool)

    Take into consideration URLs pointing to different subdomains from the seed URL.

See Also:



114
115
116
# File 'lib/arachni/option_groups/scope.rb', line 114

def include_subdomains
  @include_subdomains
end

#page_limitInteger

Note:

‘nil` is infinite – default is `nil`.

Returns How many pages to consider (crawl/audit)?.

Returns:

  • (Integer)

    How many pages to consider (crawl/audit)?

See Also:

  • Framework#push_to_page_queue
  • Framework#push_to_url_queue
  • Framework#audit_page
  • Trainer#push


42
43
44
# File 'lib/arachni/option_groups/scope.rb', line 42

def page_limit
  @page_limit
end

#redundant_path_patternsHash{Regexp => Integer}

Returns Filters for redundant paths in the form of ‘{ pattern => counter }`. Once the `pattern` has matched a path `counter` amount of times, the resource will be ignored from then on.

Useful when scanning pages that dynamically generate a large number of pages like galleries and calendars.

Returns:

  • (Hash{Regexp => Integer})

    Filters for redundant paths in the form of ‘{ pattern => counter }`. Once the `pattern` has matched a path `counter` amount of times, the resource will be ignored from then on.

    Useful when scanning pages that dynamically generate a large number of pages like galleries and calendars.

See Also:



66
67
68
# File 'lib/arachni/option_groups/scope.rb', line 66

def redundant_path_patterns
  @redundant_path_patterns
end

#restrict_pathsArray<String>

Returns Paths to use instead of crawling.

Returns:

  • (Array<String>)

    Paths to use instead of crawling.

See Also:

  • Framework#push_to_url_queue


48
49
50
# File 'lib/arachni/option_groups/scope.rb', line 48

def restrict_paths
  @restrict_paths
end

#url_rewritesHash<Regexp => String>

Returns Regular expression and substitution pairs, used to rewrite Element::Capabilities::Submittable#action.

Returns:

See Also:



130
131
132
# File 'lib/arachni/option_groups/scope.rb', line 130

def url_rewrites
  @url_rewrites
end

Instance Method Details

#auto_redundant?Boolean

Returns:

  • (Boolean)


170
171
172
# File 'lib/arachni/option_groups/scope.rb', line 170

def auto_redundant?
    !!@auto_redundant_paths
end

#auto_redundant_counterObject



174
175
176
# File 'lib/arachni/option_groups/scope.rb', line 174

def auto_redundant_counter
    @auto_redundant_counter ||= Hash.new( 0 )
end

#crawlObject



182
183
184
# File 'lib/arachni/option_groups/scope.rb', line 182

def crawl
    self.page_limit = nil
end

#crawl?Boolean

Returns:

  • (Boolean)


186
187
188
# File 'lib/arachni/option_groups/scope.rb', line 186

def crawl?
    !page_limit || page_limit != 0
end

#do_not_crawlObject



178
179
180
# File 'lib/arachni/option_groups/scope.rb', line 178

def do_not_crawl
    self.page_limit = 0
end

#page_limit_reached?(count) ⇒ Boolean

Returns:

  • (Boolean)


190
191
192
# File 'lib/arachni/option_groups/scope.rb', line 190

def page_limit_reached?( count )
    page_limit && page_limit.to_i > 0 && count >= page_limit
end

#to_rpc_dataObject



218
219
220
221
222
223
224
225
226
227
228
229
230
# File 'lib/arachni/option_groups/scope.rb', line 218

def to_rpc_data
    d = super

    %w(redundant_path_patterns url_rewrites).each do |k|
        d[k] = d[k].my_stringify
    end

    %w(exclude_path_patterns exclude_content_patterns include_path_patterns).each do |k|
        d[k] = d[k].map(&:to_s)
    end

    d
end