=begin Arachni Copyright (c) 2010-2011 Tasos "Zapotek" Laskos This is free software; you can copy and distribute and modify this program under the term of the GPL v2.0 License (See LICENSE file for details) =end module Arachni module Plugins # # Logs content-types of all server responses. # # @author: Tasos "Zapotek" Laskos # # # @version: 0.1.1 # class ContentTypes < Arachni::Plugin::Base # # @param [Arachni::Framework] framework # @param [Hash] options options passed to the plugin # def initialize( framework, options ) @framework = framework @options = options end def prepare @results = {} @exclude = Regexp.new( @options['exclude'] ) @logged = Set.new end def run( ) @framework.http.add_on_complete { |res| next if @logged.include?( res.request.method.to_s.upcase + res.effective_url ) next if !(type = res.headers_hash['Content-type'] ) || type.empty? if( !@options['exclude'].empty? && !type.match( @exclude ) ) || @options['exclude'].empty? @results[type] ||= [] @results[type] << { :url => res.effective_url, :method => res.request.method.to_s.upcase, :params => res.request.params } @logged << res.request.method.to_s.upcase + res.effective_url end } end def clean_up # we need to wait until the framework has finished running # before logging the results while( @framework.running? ) ::IO.select( nil, nil, nil, 1 ) end register_results( @results ) end def self.info { :name => 'Content-types', :description => %q{Logs content-types of server responses. It can help you categorize and identify publicly available file-types which in turn can help you identify accidentally leaked files.}, :author => 'Tasos "Zapotek" Laskos ', :version => '0.1', :options => [ Arachni::OptString.new( 'exclude', [ false, 'Exclude content-types that match this regular expression.', 'text' ] ) ] } end end end end