Components of Mangle:

Mangle proxy

Mangle Analysis

Exodus GUI

Communicate via a pipeline, from proxy, through analysis, branch to VulnXML
end up in GUI.

Suggest three major log files:
* proxy log (+ associated files)
* Analysis log (+ associated files, e.g. extracted comments, FORMS, SCRIPTS, 
  etc)
* VulnXML results log

Analysis program tails the proxy log, reads all the unique (MD5) HTML 
responses, extracts:

* Links (for spider)
* SCRIPTs (and only writes them if they have a unique MD5 sum)
* Comments (and only writes them if they have a unique MD5 sum)
* Possible XSS (looks for 1 char or longer in the response)
* FORMs (and only writes them if there is a unique MD5 sum)

and logs what it finds according to the PID

It also generates VulnXML events such as new scheme_host_port, path, files
as it sees them, as well as logging any info it determines about the servers 
under test.

It could also create new VulnXML tests, depending on the variables passed in 
a request, etc and notify VulnXML of new VulnXML tests to run.

VulnXML tails the analysis log, and executes VulnXML tests as per the
events seen, and the VulnXML tests defined. It logs which tests have 
been executed, and which have been successful.

The GUI tails the proxy log to show URLs retrieved. It monitors the analysis
log to highlight URLs that have interesting properties, and show links
that have not been followed. It also allows for resubmission of requests
with or without modification.

It also allows for review of the output of the analysis program,
i.e. reviewing FORMs, SCRIPTs, Comments, etc.

It also tails the VulnXML results log to show which tests are being executed,
and which were successful.

The spider tails the proxy log and the analysis log to determine which URLs
have not yet been retrieved. It also looks for Cookies sent by the server,
and maintains a cookiejar, as well as monitoring any BasicAuth headers
and ProxyAuth headers sent. It reads its config file to determine where
the mangle proxy is, any FORM Auth credentials it can use, etc.

A typical run might look like:

./mangle.pl -c configfile -f ../logdir &
./analyse.pl ../logdir &
./vulnxml.pl -c configfile  ../logdir &
./exodus.pl -c configfile ../logdir &
# cat logdir/unseen | grep site | ./crawl.pl -c configfile ../logdir http://subtree/ # as/when required
