Class: Arachni::Modules::Audit::SimpleRFI

Inherits:
Arachni::Module::Base show all
Includes:
Arachni::Module::Registrar, Arachni::UI::Output
Defined in:
modules/audit/simple_rfi.rb

Overview

Simple Remote File Inclusion tutorial module.

It audits links, forms and cookies and will give you a good idea
of how to write modules for Arachni.

@author: Anastasios “Zapotek” Laskos 

                                     <tasos.laskos@gmail.com>
                                     <zapotek@segfault.gr>

@version: $Rev: 371 $

See Also:

Instance Attribute Summary (collapse)

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from Arachni::Module::Registrar

#add_storage, #get_storage, #get_store, included, #register_results

Methods included from Arachni::UI::Output

#debug!, #debug?, #only_positives!, #only_positives?, #print_debug, #print_debug_backtrace, #print_debug_pp, #print_error, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #verbose!, #verbose?

Methods inherited from Arachni::Module::Base

#get_cookie_simple, #get_cookies, #get_cookies_simple, #get_data_file, #get_form_simple, #get_forms, #get_forms_simple, #get_links, #get_links_simple, #get_request_headers, #get_response_headers

Methods included from Arachni::Module::Auditor

#audit_cookies, #audit_forms, #audit_headers, #audit_links, #get_matches, #inject_each_var

Methods included from Arachni::Module::Trainer

#train

Methods included from Arachni::Module::ElementDB

#init_cookies, #init_forms, #init_links, #update_cookies, #update_forms, #update_links, #work_on_cookies, #work_on_forms, #work_on_links

Constructor Details

- (SimpleRFI) initialize(page)

REQUIRED

Initializes the module and the parent.

Parameters:

  • (Page) page

    you can always expect this to be provided by the system.

See Also:



81
82
83
84
85
86
87
 
# File 'modules/audit/simple_rfi.rb', line 81

def initialize( page )
    # unless you want to do something freaky
    # *do not* ommit the following line
    super( page )

    # init your stuff here
end

Instance Attribute Details

- (Arachni::Module::HTTP) http (readonly)

Arachni::Module::HTTP instance

You don’t really need to declare this, you inherit it from Arachni::Module

It’s an initialized object of the Arachni::Module::HTTP instance class configured with proxy, authentication, SSL settings etc.

Look at Arachni::Module::HTTP instance doc to see what you get.

If you need direct access to the Net::HTTP session you can get it from @http.session

Returns:



52
53
54
 
# File 'modules/audit/simple_rfi.rb', line 52

def http
  @http
end

Class Method Details

+ (Object) deps

OPTIONAL

In case you depend on other modules you can return an array of their names (not their class names, the module names as they appear by the “-l” CLI argument) and they will be loaded for you.

This is also great for creating audit/discovery/whatever profiles. 



237
238
239
240
241
 
# File 'modules/audit/simple_rfi.rb', line 237

def self.deps
    # example:
    # ['eval', 'sqli']
    []
end

+ (Object) info

REQUIRED

Do not ommit any of the info. 



182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'modules/audit/simple_rfi.rb', line 182

def self.info
    {
        'Name'           => 'SimpleRFI',
        'Description'    => %q{Simple Remote File Inclusion recon module},
        #
        # Arachni needs to know what elements the module plans to audit
        # before invoking it. If a page doesn't have any of those elements
        # there's no point putting the module in the thread queue.
        #
        # If you want the module to run no-matter what leave the array
        # empty or don't define it at all.
        # 
        'Elements'       => [
            Vulnerability::Element::FORM,
            Vulnerability::Element::LINK,
            Vulnerability::Element::COOKIE
        ],
        'Author'         => 'zapotek',
        'Version'        => '$Rev: 371 $',
        'References'     => {
            'WASC'       => 'http://projects.webappsec.org/Remote-File-Inclusion',
            'Wikipedia'  => 'http://en.wikipedia.org/wiki/Remote_File_Inclusion'
        },
        'Targets'        => { 'PHP' => 'all' },
        
        'Vulnerability'   => {
            'Name'        => %q{Remote file inclusion},
            'Description' => %q{A remote file inclusion vulnerability exists.},
            'CWE'         => '94',
            #
            # Severity can be:
            #
            # Vulnerability::Severity::HIGH
            # Vulnerability::Severity::MEDIUM
            # Vulnerability::Severity::LOW
            # Vulnerability::Severity::INFORMATIONAL
            #
            'Severity'    => Vulnerability::Severity::HIGH,
            'CVSSV2'       => '7.5',
            'Remedy_Guidance'    => '',
            'Remedy_Code' => '',
        }
        
    }
end

Instance Method Details

- (Object) clean_up

OPTIONAL

This is called after run() has finished executing, it allows you to clean up after yourself.

May also be redundant but, once again, it’s optional 



163
164
165
166
167
168
169
170
171
172
173
174
175
 
# File 'modules/audit/simple_rfi.rb', line 163

def clean_up( )
    print_debug( 'In SimpleRFI.clean_up()' )

    #
    # REQUIRED
    #
    # Register our results with the ModuleRegistry
    # via the ModuleRegistrar.
    #
    # Doesn't *have* to be in clean_up().
    #
    register_results( @results )
end

- (Object) prepare

OPTIONAL

Gets called before any other method, right after initialization. It provides you with a way to setup your module’s data.

It may be redundant but it’s optional anyways… 



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'modules/audit/simple_rfi.rb', line 97

def prepare( )
    #
    # You can use print debug for debugging.
    # Don't over-do ti though, debugging messages are supposed to
    # be helpful don't flood the output.
    #
    # Debugging output will only appear if "--debug" is enabled.
    #
    print_debug( 'In SimpleRFI.prepare()' )

    #
    # you can setup your modules environment as you wish
    # but it's good practice to prefix your attributes and methods
    # with 2 underscores ( @__foo_attr, __foo_meth() )
    #

    # this is our RFI id signature, we'll look for it
    # in the HTTP response body
    #
        @__rfi_id_regex = /<title>Google<\/title>/ixm
        @__rfi_id = '<title>Google</title>'
#        @__rfi_id_regex = /d3612e6ae8c17e46fa8592c8bdb8f2f3/ixm
#        @__rfi_id = 'd3612e6ae8c17e46fa8592c8bdb8f2f3'

    # inject this url to asses RFI
        @__injection_url = 'hTtP://google.com'
#        @__injection_url = 'http://localhost/zapotek/fis/file.txt'

    #
    # the module can be made to detect XSS and many other kinds 
    # of attack just as easily if you adjust the above attributes
    # accordingly.
    #

    #
    # this array will hold the audit results to be registered
    # with the system, using:
    #
    # register_results( @results )
    #
    # Should be an array of Vulnerability objects
    #
    @results = []
end

- (Object) run

REQUIRED

This is used to deliver the module’s payload whatever it may be. 



147
148
149
150
151
152
153
 
# File 'modules/audit/simple_rfi.rb', line 147

def run( )
    print_debug(  'In SimpleRFI.run()' )

    __audit_links()
    __audit_forms( )
    __audit_cookies()
end