modules/audit/rfi.rb in arachni-0.3 vs modules/audit/rfi.rb in arachni-0.4
- old
+ new
@@ -1,19 +1,16 @@
=begin
- $Id$
-
Arachni
- Copyright (c) 2010-2011 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+ Copyright (c) 2010-2012 Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
This is free software; you can copy and distribute and modify
this program under the term of the GPL v2.0 License
(See LICENSE file for details)
=end
module Arachni
-
module Modules
#
# Simple Remote File Inclusion tutorial module.
#
@@ -22,64 +19,27 @@
#
#
# @author: Tasos "Zapotek" Laskos
# <tasos.laskos@gmail.com>
# <zapotek@segfault.gr>
-# @version: 0.1.3
+# @version: 0.1.4
#
# @see http://cwe.mitre.org/data/definitions/94.html
# @see http://projects.webappsec.org/Remote-File-Inclusion
# @see http://en.wikipedia.org/wiki/Remote_File_Inclusion
#
class RFI < Arachni::Module::Base # *always* extend Arachni::Module::Base
#
- # Arachni::Module::HTTP instance
- #
- # You don't really need to declare this,
- # you inherit it from Arachni::Module
- #
- # It's an initialized object of the Arachni::Module::HTTP instance
- # class configured with proxy, authentication, SSL settings etc.
- #
- # Look at Arachni::Module::HTTP instance doc to see what you get.
- #
- # If you need direct access to the Net::HTTP session you can get
- # it from @http.session
- #
- # @return [Arachni::Module::HTTP]
- #
- attr_reader :http
-
- #
- # REQUIRED
- #
- # Initializes the module and the parent.
- #
- # @see Arachni::Module::Base
- # @see Page
- #
- # @param [Page] page you can always expect this to be provided
- # by the system.
- #
- def initialize( page )
- # unless you want to do something freaky
- # *do not* ommit the following line
- super( page )
-
- # init your stuff here
- end
-
- #
# OPTIONAL
#
# Gets called before any other method, right after initialization.
# It provides you with a way to setup your module's data.
#
# It may be redundant but it's optional anyways...
#
- def prepare( )
+ def prepare
#
# You can use print_debug() for debugging.
# Don't over-do ti though, debugging messages are supposed to
# be helpful don't flood the output.
#
@@ -110,11 +70,11 @@
#
# REQUIRED
#
# This is used to deliver the module's payload whatever it may be.
#
- def run( )
+ def run
print_debug( 'In run()' )
audit( @__injection_url, @__opts )
end
@@ -124,11 +84,11 @@
# This is called after run() has finished executing,
# it allows you to clean up after yourself.
#
# May also be redundant but, once again, it's optional
#
- def clean_up( )
+ def clean_up
print_debug( 'In clean_up()' )
end
#
# REQUIRED
@@ -153,10 +113,10 @@
Issue::Element::LINK,
Issue::Element::COOKIE,
Issue::Element::HEADER
],
:author => 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com> ',
- :version => '0.1.3',
+ :version => '0.1.4',
:references => {
'WASC' => 'http://projects.webappsec.org/Remote-File-Inclusion',
'Wikipedia' => 'http://en.wikipedia.org/wiki/Remote_File_Inclusion'
},
:targets => { 'Generic' => 'all' },