RubyGems - ronin-app - Versions diffs - 0.1.0.rc1 - Mend

ronin-app 0.1.0.rc1

Files changed (163) hide show

checksums.yaml +7 -0
data/.dockerignore +3 -0
data/.document +6 -0
data/.env.dev +1 -0
data/.github/workflows/ruby.yml +44 -0
data/.gitignore +16 -0
data/.rspec +1 -0
data/.rubocop.yml +26 -0
data/.ruby-version +1 -0
data/.yardopts +1 -0
data/CONTRIBUTING.md +34 -0
data/COPYING.txt +661 -0
data/ChangeLog.md +38 -0
data/Dockerfile +27 -0
data/Gemfile +61 -0
data/Procfile +2 -0
data/Procfile.dev +2 -0
data/README.md +215 -0
data/Rakefile +44 -0
data/app/db.rb +680 -0
data/app/scanning.rb +173 -0
data/app.rb +372 -0
data/bin/ronin-app +34 -0
data/config/database.rb +17 -0
data/config/puma.rb +24 -0
data/config/redis.rb +4 -0
data/config/sidekiq.rb +23 -0
data/config/sidekiq.yml +12 -0
data/config.ru +33 -0
data/docker-compose.yml +45 -0
data/etc/systemd/user/ronin-app-sidekiq.1.service +17 -0
data/etc/systemd/user/ronin-app-web.1.service +18 -0
data/etc/systemd/user/ronin-app.target +5 -0
data/gemspec.yml +55 -0
data/lib/middleware/sidekiq/active_record_connection_pool.rb +47 -0
data/lib/ronin/app/cli.rb +197 -0
data/lib/ronin/app/helpers/html.rb +71 -0
data/lib/ronin/app/root.rb +28 -0
data/lib/ronin/app/schemas/params_schema.rb +66 -0
data/lib/ronin/app/schemas/payloads/build_schema.rb +56 -0
data/lib/ronin/app/schemas/payloads/encoders/encode_schema.rb +60 -0
data/lib/ronin/app/types/import.rb +35 -0
data/lib/ronin/app/types/nmap.rb +81 -0
data/lib/ronin/app/types/spider.rb +49 -0
data/lib/ronin/app/types/vulns.rb +69 -0
data/lib/ronin/app/types.rb +66 -0
data/lib/ronin/app/validations/import_params.rb +71 -0
data/lib/ronin/app/validations/install_repo_params.rb +78 -0
data/lib/ronin/app/validations/masscan_params.rb +122 -0
data/lib/ronin/app/validations/nmap_params.rb +183 -0
data/lib/ronin/app/validations/recon_params.rb +86 -0
data/lib/ronin/app/validations/spider_params.rb +103 -0
data/lib/ronin/app/validations/vulns_params.rb +83 -0
data/lib/ronin/app/version.rb +26 -0
data/log/.gitkeep +0 -0
data/man/ronin-app.1 +63 -0
data/man/ronin-app.1.md +61 -0
data/public/images/favicon.png +0 -0
data/public/images/favicon.svg +78 -0
data/public/images/logo.svg +78 -0
data/public/images/sidekiq.svg +24 -0
data/public/javascript/app.js +60 -0
data/public/javascript/notes.js +28 -0
data/public/javascript/tabs.js +40 -0
data/public/stylesheets/app.css +216 -0
data/public/stylesheets/bulma.min.css +1 -0
data/ronin-app.gemspec +63 -0
data/scripts/console +7 -0
data/scripts/server +134 -0
data/scripts/setup +447 -0
data/scripts/update +55 -0
data/tmp/.gitkeep +0 -0
data/views/_authors.erb +62 -0
data/views/_delete.erb +4 -0
data/views/_delete_all.erb +4 -0
data/views/_encoding_tabs.erb +25 -0
data/views/_notes.erb +33 -0
data/views/_pagination.erb +1 -0
data/views/_param_fields.erb +66 -0
data/views/_params.erb +35 -0
data/views/about.erb +30 -0
data/views/db/advisories/index.erb +30 -0
data/views/db/advisories/show.erb +105 -0
data/views/db/asns/index.erb +19 -0
data/views/db/asns/show.erb +61 -0
data/views/db/credentials/index.erb +30 -0
data/views/db/credentials/show.erb +51 -0
data/views/db/email_addresses/index.erb +30 -0
data/views/db/email_addresses/show.erb +44 -0
data/views/db/host_names/index.erb +30 -0
data/views/db/host_names/show.erb +52 -0
data/views/db/ip_addresses/index.erb +19 -0
data/views/db/ip_addresses/show.erb +98 -0
data/views/db/mac_addresses/index.erb +19 -0
data/views/db/mac_addresses/show.erb +62 -0
data/views/db/open_ports/index.erb +19 -0
data/views/db/open_ports/show.erb +87 -0
data/views/db/organizations/departments/show.erb +82 -0
data/views/db/organizations/index.erb +28 -0
data/views/db/organizations/members/show.erb +87 -0
data/views/db/organizations/show.erb +111 -0
data/views/db/oses/index.erb +19 -0
data/views/db/oses/show.erb +46 -0
data/views/db/passwords/index.erb +30 -0
data/views/db/passwords/show.erb +52 -0
data/views/db/people/index.erb +31 -0
data/views/db/people/show.erb +120 -0
data/views/db/phone_numbers/index.erb +30 -0
data/views/db/phone_numbers/show.erb +63 -0
data/views/db/ports/index.erb +30 -0
data/views/db/ports/show.erb +70 -0
data/views/db/services/index.erb +30 -0
data/views/db/services/show.erb +65 -0
data/views/db/software/index.erb +19 -0
data/views/db/software/show.erb +52 -0
data/views/db/software_vendors/index.erb +19 -0
data/views/db/software_vendors/show.erb +36 -0
data/views/db/street_addresses/index.erb +19 -0
data/views/db/street_addresses/show.erb +63 -0
data/views/db/url_query_param_names/index.erb +19 -0
data/views/db/url_query_param_names/show.erb +50 -0
data/views/db/url_schemes/index.erb +19 -0
data/views/db/url_schemes/show.erb +36 -0
data/views/db/urls/index.erb +30 -0
data/views/db/urls/show.erb +103 -0
data/views/db/user_names/index.erb +30 -0
data/views/db/user_names/show.erb +48 -0
data/views/db/vulns/index.erb +19 -0
data/views/db/vulns/show.erb +104 -0
data/views/db.erb +152 -0
data/views/exploits/index.erb +9 -0
data/views/exploits/show.erb +100 -0
data/views/import.erb +30 -0
data/views/index.erb +7 -0
data/views/layout.erb +98 -0
data/views/masscan.erb +459 -0
data/views/nmap.erb +1009 -0
data/views/payloads/build.erb +19 -0
data/views/payloads/encoders/encode.erb +35 -0
data/views/payloads/encoders/index.erb +9 -0
data/views/payloads/encoders/show.erb +47 -0
data/views/payloads/index.erb +9 -0
data/views/payloads/show.erb +47 -0
data/views/queue.erb +28 -0
data/views/recon.erb +55 -0
data/views/repos/index.erb +30 -0
data/views/repos/install.erb +45 -0
data/views/repos/show.erb +39 -0
data/views/spider.erb +372 -0
data/views/vulns.erb +214 -0
data/workers/import.rb +96 -0
data/workers/install_repo.rb +40 -0
data/workers/masscan.rb +135 -0
data/workers/nmap.rb +216 -0
data/workers/purge_repos.rb +40 -0
data/workers/recon.rb +95 -0
data/workers/remove_repo.rb +40 -0
data/workers/spider.rb +148 -0
data/workers/update_repo.rb +42 -0
data/workers/update_repos.rb +40 -0
data/workers/vulns.rb +111 -0
data/workers.rb +37 -0
metadata +538 -0

data/views/spider.erb ADDED Viewed

@@ -0,0 +1,372 @@
+<script type="text/javascript" src="/javascript/tabs.js"></script>
+<h1>Spider</h1>
+<form action="/spider" method="post">
+  <div class="field has-addons">
+    <div class="control">
+      <div class="select">
+        <select name="type">
+          <option value="host" <%= "selected" if params[:type] == 'host' %>>Host</option>
+          <option value="domain" <%= "selected" if params[:type] == 'domain' %>>Domain</option>
+          <option value="site" <%= "selected" if params[:type] == 'site' %>>Site</option>
+        </select>
+      </div>
+    </div>
+    <div class="control is-required">
+      <% if @errors && @errors[:target] %>
+        <input class="input is-danger" type="text" name="target" placeholder="example.com OR www.example.com OR https://example.com/" value="<%=hattr params[:target] %>">
+        <% @errors[:target].each do |error| %>
+        <p class="help is-danger"><%=h error %></p>
+        <% end %>
+      <% else %>
+        <input class="input" type="text" name="target" placeholder="example.com OR www.example.com OR https://example.com/" value="<%=hattr params[:target] %>">
+      <% end %>
+    </div>
+  </div>
+  <div class="field">
+    <button type="submit" class="button is-primary">Spider</button>
+  </div>
+  <div class="tabs is-centered">
+    <ul>
+      <li class="is-active"><a data-tab-id="general">General</a></li>
+      <li><a data-tab-id="header">Header</a></li>
+      <li><a data-tab-id="timeout">Timeout</a></li>
+      <li><a data-tab-id="limit">Limit</a></li>
+      <li><a data-tab-id="uri-normalization">URI Normalization</a></li>
+      <li><a data-tab-id="allow-ignore">Allow/Ignore</a></li>
+    </ul>
+  </div>
+  <div class="tabs-content">
+    <div id="general" class="content-tab is-active">
+      <div class="field">
+        <label class="label">Proxy:</label>
+        <div class="control">
+          <% if @errors && @errors[:proxy] %>
+            <input class="input is-danger" type="text" name="proxy" placeholder="http://www.example.com:8080" value="<%=hattr params[:proxy] %>">
+            <% @errors[:proxy].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="proxy" placeholder="http://www.example.com:8080" value="<%=hattr params[:proxy] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Delay:</label>
+        <div class="control">
+          <% if @errors && @errors[:delay] %>
+            <input class="input is-danger" type="text" name="delay" placeholder="SECS" value="<%=hattr params[:delay] %>">
+            <% @errors[:delay].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="delay" placeholder="SECS" value="<%=hattr params[:delay] %>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+    <div id="header" class="content-tab">
+      <div class="field">
+        <label class="label">Host Header:</label>
+        <div class="control">
+          <% if @errors && @errors[:host_header] %>
+            <input class="input is-danger" type="text" name="host_header" placeholder="www.example.com" value="<%=hattr params[:host_header] %>">
+            <% @errors[:host_header].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="host_header" placeholder="www.example.com" value="<%=hattr params[:host_header] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">User-Agent Header:</label>
+        <div class="control">
+          <% if @errors && @errors[:user_agent] %>
+            <input class="input is-danger" type="text" name="user_agent" placeholder="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" value="<%=hattr params[:user_agent] %>">
+            <% @errors[:user_agent].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="user_agent" placeholder="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" value="<%=hattr params[:user_agent] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Referer Header:</label>
+        <div class="control">
+          <% if @errors && @errors[:referer] %>
+            <input class="input is-danger" type="text" name="referer" placeholder="https://www.example.com/..." value="<%=hattr params[:referer] %>">
+            <% @errors[:referer].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="referer" placeholder="https://www.example.com/..." value="<%=hattr params[:referer] %>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+    <div id="timeout" class="content-tab">
+      <div class="field">
+        <label class="label">Open Timeout:</label>
+        <div class="control">
+          <% if @errors && @errors[:open_timeout] %>
+            <input class="input is-danger" type="text" name="open_timeout" placeholder="SECS" value="<%=hattr params[:open_timeout] %>">
+            <% @errors[:open_timeout].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="open_timeout" placeholder="SECS" value="<%=hattr params[:open_timeout] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Read Timeout:</label>
+        <div class="control">
+          <% if @errors && @errors[:read_timeout] %>
+            <input class="input is-danger" type="text" name="read_timeout" placeholder="SECS" value="<%=hattr params[:read_timeout] %>">
+            <% @errors[:read_timeout].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="read_timeout" placeholder="SECS" value="<%=hattr params[:read_timeout] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">SSL Timeout:</label>
+        <div class="control">
+          <% if @errors && @errors[:ssl_timeout] %>
+            <input class="input is-danger" type="text" name="ssl_timeout" placeholder="SECS" value="<%=hattr params[:ssl_timeout] %>">
+            <% @errors[:ssl_timeout].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="ssl_timeout" placeholder="SECS" value="<%=hattr params[:ssl_timeout] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Continue Timeout:</label>
+        <div class="control">
+          <% if @errors && @errors[:continue_timeout] %>
+            <input class="input is-danger" type="text" name="continue_timeout" placeholder="SECS" value="<%=hattr params[:continue_timeout] %>">
+            <% @errors[:continue_timeout].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="continue_timeout" placeholder="SECS" value="<%=hattr params[:continue_timeout] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Keep-Alive Timeout:</label>
+        <div class="control">
+          <% if @errors && @errors[:keep_alive_timeout] %>
+            <input class="input is-danger" type="text" name="keep_alive_timeout" placeholder="SECS" value="<%=hattr params[:keep_alive_timeout] %>">
+            <% @errors[:keep_alive_timeout].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="keep_alive_timeout" placeholder="SECS" value="<%=hattr params[:keep_alive_timeout] %>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+    <div id="limit" class="content-tab">
+      <div class="field">
+        <label class="label">Limit:</label>
+        <div class="control">
+          <% if @errors && @errors[:limit] %>
+            <input class="input is-danger" type="text" name="limit" placeholder="NUM" value="<%=hattr params[:limit] %>">
+            <% @errors[:limit].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="limit" placeholder="NUM" value="<%=hattr params[:limit] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Max Depth:</label>
+        <div class="control">
+          <% if @errors && @errors[:max_depth] %>
+            <input class="input is-danger" type="text" name="max_depth" placeholder="NUM" value="<%=hattr params[:max_depth] %>">
+            <% @errors[:max_depth].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="max_depth" placeholder="NUM" value="<%=hattr params[:max_depth] %>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+    <div id="uri-normalization" class="content-tab">
+      <div class="field">
+        <label class="has-text-weight-semibold">Strip Fragment:</label>
+        <input class="checkbox" type="checkbox" name="strip_fragment"<%= " checked" if params[:strip_fragment] %>>
+      </div>
+      <div class="field">
+        <label class="has-text-weight-semibold">Strip Query:</label>
+        <input class="checkbox" type="checkbox" name="strip_query"<%= " checked" if params[:strip_query] %>>
+      </div>
+    </div>
+    <div id="allow-ignore" class="content-tab">
+      <div class="field">
+        <label class="label">Allow Hosts:</label>
+        <div class="control">
+          <% if @errors && @errors[:hosts] %>
+            <input class="input is-danger" type="text" name="hosts" placeholder="www.example.com, ..." value="<%=hattr params[:hosts] %>">
+            <% @errors[:hosts].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="hosts" placeholder="www.example.com, ..." value="<%=hattr params[:hosts] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Ignore Hosts:</label>
+        <div class="control">
+          <% if @errors && @errors[:ignore_hosts] %>
+            <input class="input is-danger" type="text" name="ignore_hosts" placeholder="www.example.com, ..." value="<%=hattr params[:ignore_hosts] %>">
+            <% @errors[:ignore_hosts].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="ignore_hosts" placeholder="www.example.com, ..." value="<%=hattr params[:ignore_hosts] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Allow Ports:</label>
+        <div class="control">
+          <% if @errors && @errors[:ports] %>
+            <input class="input is-danger" type="text" name="ports" placeholder="PORT, ..." value="<%=hattr params[:ports] %>">
+            <% @errors[:ports].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="ports" placeholder="PORT, ..." value="<%=hattr params[:ports] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Ignore Ports:</label>
+        <div class="control">
+          <% if @errors && @errors[:ignore_ports] %>
+            <input class="input is-danger" type="text" name="ignore_ports" placeholder="PORT, ..." value="<%=hattr params[:ignore_ports] %>">
+            <% @errors[:ignore_ports].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="ignore_ports" placeholder="PORT, ..." value="<%=hattr params[:ignore_ports] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Allow URLs:</label>
+        <div class="control">
+          <% if @errors && @errors[:urls] %>
+            <input class="input is-danger" type="text" name="urls" placeholder="https://www.example.com/..., ..." value="<%=hattr params[:urls] %>">
+            <% @errors[:urls].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="urls" placeholder="https://www.example.com/..., ..." value="<%=hattr params[:urls] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Ignore URLs:</label>
+        <div class="control">
+          <% if @errors && @errors[:ignore_urls] %>
+            <input class="input is-danger" type="text" name="ignore_urls" placeholder="https://www.example.com/..., ..." value="<%=hattr params[:ignore_urls] %>">
+            <% @errors[:ignore_urls].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="ignore_urls" placeholder="https://www.example.com/..., ..." value="<%=hattr params[:ignore_urls] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Allow EXTs:</label>
+        <div class="control">
+          <% if @errors && @errors[:exts] %>
+            <input class="input is-danger" type="text" name="exts" placeholder=".xml, ..." value="<%=hattr params[:exts] %>">
+            <% @errors[:exts].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="exts" placeholder=".xml, ..." value="<%=hattr params[:exts] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Ignore EXTs:</label>
+        <div class="control">
+          <% if @errors && @errors[:ignore_exts] %>
+            <input class="input is-danger" type="text" name="ignore_exts" placeholder=".zip, ..." value="<%=hattr params[:ignore_exts] %>">
+            <% @errors[:ignore_exts].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="ignore_exts" placeholder=".zip, ..." value="<%=hattr params[:ignore_exts] %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Robots:</label>
+        <input class="checkbox" type="checkbox" name="robots"<%= " checked" if params[:robots] %>>
+      </div>
+    </div>
+  </div>
+</form>

data/views/vulns.erb ADDED Viewed

@@ -0,0 +1,214 @@
+<script type="text/javascript" src="/javascript/tabs.js"></script>
+<h1>Vulnerabilities</h1>
+<form id="recon" action="/vulns" method="post">
+  <div class="field">
+    <label class="label is-required">URL</label>
+    <div class="control">
+      <% if @errors && @errors[:url] %>
+        <input class="input is-danger" name="url" required><%=h params[:url] %></input>
+        <% @errors[:url].each do |error| %>
+        <p class="help is-danger"><%=h error %></p>
+        <% end %>
+      <% else %>
+        <input class="input" name="url" placeholder="https://example.com" required><%=h params[:url] %></input>
+      <% end %>
+    </div>
+  </div>
+  <div class="field">
+    <button type="submit" class="button is-primary">Scan</button>
+  </div>
+  <div class="tabs is-centered">
+    <ul>
+      <li class="is-active"><a data-tab-id="lfi">LFI</a></li>
+      <li><a data-tab-id="rfi">RFI</a></li>
+      <li><a data-tab-id="sqli">SQLI</a></li>
+      <li><a data-tab-id="ssti">SSTI</a></li>
+      <li><a data-tab-id="command-injection">Command Injection</a></li>
+      <li><a data-tab-id="open-redirect">Open Redirect</a></li>
+    </ul>
+  </div>
+  <div class="tabs-content">
+    <div id="lfi" class="content-tab is-active">
+      <div class="field">
+        <label class="label">Os</label>
+        <div class="control">
+          <select class="select" name="lfi[os]">
+            <option value="unix" <%= " checked" if params.dig(:lfi, :os)  == 'unix' %>>unix</option>
+            <option value="windows" <%= " checked" if params.dig(:lfi, :os)  == 'windows' %>>windows</option>
+          </select>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Depth</label>
+        <div class="control">
+          <% if @errors && @errors[:lfi]&.dig(:depth) %>
+            <input class="input is-danger" type="text" name="lfi[depth]" value="<%=hattr params.dig(:lfi, :depth) %>">
+            <% @errors[:lfi][:depth].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="lfi[depth]" placeholder="6" value="<%=hattr params.dig(:lfi, :depth) %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Filter Bypass</label>
+        <div class="control">
+          <select class="select" name="lfi[filter_bypass]">
+            <option value="" />
+            <option value="nullbyte"<%= " checked" if params.dig(:lfi, :filter_bypass)  == 'nullbyte' %>>nullbyte</option>
+            <option value="double_escape"<%= " checked" if params.dig(:lfi, :filter_bypass)  == 'double_escape' %>>double_escape</option>
+            <option value="base64"<%= " checked" if params.dig(:lfi, :filter_bypass)  == 'base64' %>>base64</option>
+            <option value="rot13"<%= " checked" if params.dig(:lfi, :filter_bypass)  == 'rot13' %>>rot13</option>
+            <option value="zlib"<%= " checked" if params.dig(:lfi, :filter_bypass)  == 'zlib' %>>zlib</option>
+          </select>
+        </div>
+      </div>
+    </div>
+    <div id="rfi" class="content-tab">
+      <div class="field">
+        <label class="label">Filter Bypass</label>
+        <div class="control">
+          <select class="select" name="rfi[filter_bypass]">
+            <option value="" />
+            <option value="double_encode"<%= " checked" if params.dig(:rfi, :filter_bypass)  == 'double_encode' %>>double_encode</option>
+            <option value="suffix_escape"<%= " checked" if params.dig(:rfi, :filter_bypass)  == 'suffix_escape' %>>suffix_escape</option>
+            <option value="null_byte"<%= " checked" if params.dig(:rfi, :filter_bypass)  == 'null_byte' %>>null_byte</option>
+          </select>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Test Script URL</label>
+        <div class="control">
+          <% if @errors && @errors[:rfi]&.dig(:test_script_url) %>
+            <input class="input is-danger" type="text" name="rfi[test_script_url]" value="<%=hattr params.dig(:rfi, :test_script_url)%>">
+            <% @errors[:rfi][:test_script_url].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="rfi[test_script_url]" value="<%=hattr params.dig(:rfi, :test_script_url) %>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+    <div id="sqli" class="content-tab">
+      <div class="field">
+        <label class="has-text-weight-semibold">Escape Quote: </label>
+        <input class="checkbox" type="checkbox" name="sqli[escape_quote]"<%= " checked" if params.dig(:sqli, :terminate) %>>
+      </div>
+      <div class="field">
+        <label class="has-text-weight-semibold">Escape Parens: </label>
+        <input class="checkbox" type="checkbox" name="sqli[escape_parens]"<%= " checked" if params.dig(:sqli, :terminate) %>>
+      </div>
+      <div class="field">
+        <label class="has-text-weight-semibold">Terminate: </label>
+        <input class="checkbox" type="checkbox" name="sqli[terminate]"<%= " checked" if params.dig(:sqli, :terminate) %>>
+      </div>
+    </div>
+    <div id="ssti" class="content-tab">
+      <div class="field">
+        <label class="label">Escape</label>
+        <div class="control">
+          <select class="select" name="ssti[escape]">
+            <option value="" />
+            <option value="double_curly_braces"<%= " checked" if params.dig(:ssti, :escape)  == 'double_curly_braces' %>>double_curly_braces</option>
+            <option value="dollar_curly_braces"<%= " checked" if params.dig(:ssti, :escape)  == 'dollar_curly_braces' %>>dollar_curly_braces</option>
+            <option value="dollar_double_curly_braces"<%= " checked" if params.dig(:ssti, :escape)  == 'dollar_double_curly_braces' %>>dollar_double_curly_braces</option>
+            <option value="pound_curly_braces"<%= " checked" if params.dig(:ssti, :escape)  == 'pound_curly_braces' %>>pound_curly_braces</option>
+            <option value="angle_brackets_percent"<%= " checked" if params.dig(:ssti, :escape)  == 'angle_brackets_percent' %>>angle_brackets_percent</option>
+          </select>
+        </div>
+      </div>
+    </div>
+    <div id="command-injection" class="content-tab">
+      <div class="field">
+        <label class="label">Escape Quote Character</label>
+        <div class="control">
+          <% if @errors && @errors[:command_injection]&.dig(:escape_quote) %>
+            <input class="input is-danger" type="text" name="command_injection[escape_quote]" size="1" value="<%=hattr params.dig(:command_injection, :escape_quote)%>">
+            <% @errors[:command_injection][:escape_quote].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="command_injection[escape_quote]" size="1" value="<%=hattr params.dig(:command_injection, :escape_quote) %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Escape Operator Character</label>
+        <div class="control">
+          <% if @errors && @errors[:command_injection]&.dig(:escape_operator) %>
+            <input class="input is-danger" type="text" name="command_injection[escape_operator]" size="1" value="<%=hattr params.dig(:command_injection, :escape_operator)%>">
+            <% @errors[:command_injection][:escape_operator].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="command_injection[escape_operator]" size="1" value="<%=hattr params.dig(:command_injection, :escape_operator) %>">
+          <% end %>
+        </div>
+      </div>
+      <div class="field">
+        <label class="label">Terminator Character</label>
+        <div class="control">
+          <% if @errors && @errors[:command_injection]&.dig(:terminator) %>
+            <input class="input is-danger" type="text" name="command_injection[terminator]" size="1" value="<%=hattr params.dig(:command_injection, :terminator)%>">
+            <% @errors[:command_injection][:terminator].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="command_injection[terminator]" size="1" value="<%=hattr params.dig(:command_injection, :terminator) %>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+    <div id="open-redirect" class="content-tab">
+      <div class="field">
+        <label class="label">Test URL</label>
+        <div class="control">
+          <% if @errors && @errors[:open_redirect]&.dig(:test_url) %>
+            <input class="input is-danger" type="text" name="open_redirect[test_url]" value="<%=hattr params.dig(:open_redirect, :test_url)%>">
+            <% @errors[:open_redirect][:test_url].each do |error| %>
+              <p class="help is-danger"><%=h error %></p>
+            <% end %>
+          <% else %>
+            <input class="input" type="text" name="open_redirect[test_url]" value="<%=hattr params.dig(:open_redirect, :test_url)%>">
+          <% end %>
+        </div>
+      </div>
+    </div>
+  </div>
+</form>