modules/recon/interesting_responses.rb in arachni-0.4.1.3 vs modules/recon/interesting_responses.rb in arachni-0.4.2
- old
+ new
@@ -1,7 +1,7 @@
=begin
- Copyright 2010-2012 Tasos Laskos <tasos.laskos@gmail.com>
+ Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@@ -22,36 +22,19 @@
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
#
class Arachni::Modules::InterestingResponses < Arachni::Module::Base
IGNORE_CODES = [ 200, 404 ].to_set
- MAX_ENTRIES = 100
def self.ran?
@ran ||= false
end
def self.ran
@ran = true
end
- def self.counter
- @counter ||= 0
- end
-
- def self.counter=( int )
- @counter = int
- end
-
- def increment
- self.class.counter += 1
- end
-
- def limit_reached?
- self.class.counter >= MAX_ENTRIES
- end
-
def run
return if self.class.ran?
# tell the HTTP interface to call this block every-time a request completes
http.add_on_complete { |res| check_and_log( res ) }
@@ -61,20 +44,19 @@
self.class.ran
end
def check_and_log( res )
return if IGNORE_CODES.include?( res.code ) || res.body.to_s.empty? ||
- limit_reached?
+ issue_limit_reached?
digest = Digest::MD5.hexdigest( res.body )
path = uri_parse( res.effective_url ).path
return if audited?( path ) || audited?( digest )
audited( path )
audited( digest )
- increment
log( { id: "Code: #{res.code}", element: Element::SERVER }, res )
print_ok "Found an interesting response -- Code: #{res.code}."
end
@@ -88,14 +70,15 @@
targets: %w(Generic),
references: {
'w3.org' => 'http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html'
},
issue: {
- name: %q{Interesting server response.},
+ name: %q{Interesting response},
description: %q{The server responded with a non 200 (OK) code. },
tags: %w(interesting response server),
severity: Severity::INFORMATIONAL
- }
+ },
+ max_issues: 25
}
end
def self.acceptable
[ 102, 200, 201, 202, 203, 206, 207, 208, 226, 300, 301, 302,