ronin-db 0.1.3 → 0.2.0.rc1

data/lib/ronin/db/cli/commands/web_vulns.rb

@@ -0,0 +1,235 @@
+# frozen_string_literal: true
+#
+# ronin-db - A common database library for managing and querying security data.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-db is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-db is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-db.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/db/cli/model_command'
+
+module Ronin
+  module DB
+    class CLI
+      module Commands
+        #
+        # Manages all PhoneNumbers in the database.
+        #
+        # ## Usage
+        #
+        #     ronin-db phone-numbers [options]
+        #
+        # ## Options
+        #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #     -v, --verbose                    Enables verbose output
+        #     -t lfi|rfi|sqli|ssti|open-redirect|reflected-xss|command-injection,
+        #         --with-type                  Searches for all web vulns of the given type
+        #     -H, --for-host HOST              Searches for web vulns effecting the host
+        #     -d, --for-domain DOMAIN          Searches for web vulns effecting the domain
+        #     -p, --for-path PATH              Searches for web vulns effecting the given path
+        #     -q, --with-query-param NAME      Searches for web vulns effecting the query param name
+        #         --with-header-name NAME      Searches for web vulns effecting the HTTP header name
+        #     -c, --with-cookie-param NAME     Searches for web vulns effecting the cookie param name
+        #     -f, --with-form-param NAME       Searches for web vulns effecting the form param name
+        #     -M HTTP_METHOD,                  Searches for all web vulns with the HTTP request method
+        #         --with-request-method
+        #     -h, --help                       Print help information
+        #
+        # @since 0.2.0
+        #
+        class WebVulns < ModelCommand
+
+          command_name 'web-vulns'
+
+          model_file 'ronin/db/web_vuln'
+          model_name 'WebVuln'
+
+          option :with_type, short: '-t',
+                             value: {
+                               type: {
+                                 lfi:               'lfi',
+                                 rfi:               'rfi',
+                                 sqli:              'sqli',
+                                 ssti:              'ssti',
+
+                                 :"open-redirect"     => 'open_redirect',
+                                 :"reflected-xss"     => 'reflected_xss',
+                                 :"command-injection" => 'command_injection'
+                               }
+                             },
+                             desc: 'Searches for all web vulns of the given type' do |type|
+                               @query_method_calls << [:with_type, type]
+                             end
+
+          option :for_host, short: '-H',
+                            value: {
+                              type:  String,
+                              usage: 'HOST'
+                            },
+                            desc: 'Searches for web vulns effecting the host' do |host|
+                              @query_method_calls << [:for_host, host]
+                            end
+
+          option :for_domain, short: '-d',
+                              value: {
+                                type:  String,
+                                usage: 'DOMAIN'
+                              },
+                              desc: 'Searches for web vulns effecting the domain' do |domain|
+                                @query_method_calls << [:for_domain, domain]
+                              end
+
+          option :for_path, short: '-p',
+                            value: {
+                              type:  String,
+                              usage: 'PATH'
+                            },
+                            desc: 'Searches for web vulns effecting the given path' do |path|
+                              @query_method_calls << [:for_path, path]
+                            end
+
+          option :with_query_param, short: '-q',
+                                    value: {
+                                      type:  String,
+                                      usage: 'NAME'
+                                    },
+                                    desc: 'Searches for web vulns effecting the query param name' do |name|
+                                      @query_method_calls << [:with_query_param, name]
+                                    end
+
+          option :with_header_name, value: {
+                                      type:  String,
+                                      usage: 'NAME'
+                                    },
+                                    desc: 'Searches for web vulns effecting the HTTP header name' do |name|
+                                      @query_method_calls << [:with_header_name, name]
+                                    end
+
+          option :with_cookie_param, short: '-c',
+                                    value: {
+                                      type:  String,
+                                      usage: 'NAME'
+                                    },
+                                    desc: 'Searches for web vulns effecting the cookie param name' do |name|
+                                      @query_method_calls << [:with_cookie_param, name]
+                                    end
+
+          option :with_form_param, short: '-f',
+                                    value: {
+                                      type:  String,
+                                      usage: 'NAME'
+                                    },
+                                    desc: 'Searches for web vulns effecting the form param name' do |name|
+                                      @query_method_calls << [:with_form_param, name]
+                                    end
+
+          option :with_request_method, short: '-M',
+                                       value: {
+                                         type: {
+                                           'COPY'      => :copy,
+                                           'DELETE'    => :delete,
+                                           'GET'       => :get,
+                                           'HEAD'      => :head,
+                                           'LOCK'      => :lock,
+                                           'MKCOL'     => :mkcol,
+                                           'MOVE'      => :move,
+                                           'OPTIONS'   => :options,
+                                           'PATCH'     => :patch,
+                                           'POST'      => :post,
+                                           'PROPFIND'  => :propfind,
+                                           'PROPPATCH' => :proppatch,
+                                           'PUT'       => :put,
+                                           'TRACE'     => :trace,
+                                           'UNLOCK'    => :unlock
+                                         },
+                                         usage: 'HTTP_METHOD'
+                                       },
+                                       desc: 'Searches for all web vulns with the HTTP request method' do |http_method|
+                                         @query_method_calls << [:with_request_method, http_method]
+                                       end
+
+          description 'Queries and manages WebVulns'
+
+          man_page 'ronin-db-web-vulns.1'
+
+          # Mapping of web vulnerability types and their printable names.
+          TYPE_NAMES = {
+            'lfi'  => 'LFI',
+            'rfi'  => 'RFI',
+            'sqli' => 'SQLi',
+            'ssti' => 'SSTI',
+
+            'open_redirect'     => 'Open Redirect',
+            'reflected_xss'     => 'Reflected XSS',
+            'command_injection' => 'Command Injection'
+          }
+
+          #
+          # Returns the printable vulnerability type for the vulnerability.
+          #
+          # @param [Ronin::DB::WebVuln] web_vuln
+          #
+          # @return [String]
+          #
+          def web_vuln_type(web_vuln)
+            TYPE_NAMES.fetch(web_vuln.type) do
+              raise(NotImplementedError,"unknown web vulnerability type: #{web_vuln.type.inspect}")
+            end
+          end
+
+          #
+          # Determines the location of the web vulnerability.
+          #
+          # @param [Ronin::DB::WebVuln] web_vuln
+          #
+          # @return [String, nil]
+          #
+          def web_vuln_location(web_vuln)
+            if web_vuln.query_param
+              "query param '#{web_vuln.query_param}'"
+            elsif web_vuln.header_name
+              "Header '#{web_vuln.header_name}'"
+            elsif web_vuln.cookie_param
+              "Cookie param '#{web_vuln.cookie_param}'"
+            elsif web_vuln.form_param
+              "form param '#{web_vuln.form_param}'"
+            end
+          end
+
+          #
+          # Prints a web vulnerability record from the database.
+          #
+          # @param [Ronin::DB::WebVuln] web_vuln
+          #   The web vulnerability record to print.
+          #
+          def print_record(web_vuln)
+            type     = web_vuln_type(web_vuln)
+            location = web_vuln_location(web_vuln)
+
+            if location
+              puts "#{type} on #{web_vuln.url} via #{location}"
+            else
+              puts "#{type} on #{web_vuln.url}"
+            end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/db/cli/database_options.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+#
+# ronin-db - A common database library for managing and querying security data.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-db is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-db is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-db.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/db/cli/uri_methods'
+require 'ronin/db'
+
+module Ronin
+  module DB
+    class CLI
+      #
+      # Base class for all commands that access the database.
+      #
+      # @since 0.2.0
+      #
+      module DatabaseOptions
+        include URIMethods
+
+        #
+        # Adds the `--db`, `--db-uri`, and `--db-file` options to the command
+        # class including the {DatabaseOptions} module.
+        #
+        # @param [Class<Ronin::Core::CLI::Command>] command
+        #   The command class including {DatabaseOptions}.
+        #
+        def self.included(command)
+          command.option :db, value: {
+                                type:    DB.config.keys,
+                                default: :default,
+                                usage:   'NAME'
+                              },
+                              desc: 'The database to connect to'
+
+          command.option :db_uri, value: {
+                                    type:  String,
+                                    usage: 'URI'
+                                  },
+                                  desc: 'The database URI to connect to'
+
+          command.option :db_file, value: {
+                                     type:  String,
+                                     usage: 'PATH'
+                                   },
+                                   desc: 'The sqlite3 database file to use'
+        end
+
+        #
+        # The database connection configuration.
+        #
+        # @return [Hash{Symbol => String,Integer}]
+        #
+        def db_config
+          if options[:db_file]
+            {sqlite3: normalize_sqlite3_path(options[:db_file])}
+          elsif options[:db_uri]
+            parse_uri(options[:db_uri])
+          else
+            DB.config[options[:db]]
+          end
+        end
+
+        #
+        # Connects to the database.
+        #
+        def db_connect
+          DB.connect(db_config)
+        end
+      end
+    end
+  end
+end

data/lib/ronin/db/cli/deletable.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+#
+# ronin-db - A common database library for managing and querying security data.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-db is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-db is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-db.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module DB
+    class CLI
+      #
+      # Allows a {ModelCommand} to delete a single record or all records.
+      #
+      # @since 0.2.0
+      #
+      module Deletable
+        #
+        # Adds the `--delete` and `--delete-all` options to the command.
+        #
+        # @param [Class<ModelCommand>] command
+        #   The command class including {Deletable}.
+        #
+        def self.included(command)
+          command.option :delete, value: {
+                                    type: String,
+                                    usage: 'VALUE'
+                                  },
+                                  desc: 'Deletes a value from the database'
+
+          command.option :delete_all, desc: 'Deletes all values from the database'
+        end
+
+        #
+        # Runs the command.
+        #
+        def run
+          if options[:delete]
+            db_connect
+            delete(options[:delete])
+          elsif options[:delete_all]
+            db_connect
+            delete_all
+          else
+            super
+          end
+        end
+
+        #
+        # Deletes a value from the database.
+        #
+        # @param [String] value
+        #   The value to lookup and delete.
+        #
+        def delete(value)
+          if (record = model.lookup(value))
+            record.destroy
+          else
+            print_error "value does not exist in the database: #{value}"
+            exit(-1)
+          end
+        end
+
+        #
+        # Deletes all values from the database.
+        #
+        def delete_all
+          model.destroy_all
+        end
+      end
+    end
+  end
+end

data/lib/ronin/db/cli/importable.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+#
+# ronin-db - A common database library for managing and querying security data.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-db is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-db is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-db.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+module Ronin
+  module DB
+    class CLI
+      #
+      # Allows a {ModelCommand} to add or import records from a file.
+      #
+      # @since 0.2.0
+      #
+      module Importable
+        #
+        # Adds the `--add` and `--import` options to the command.
+        #
+        # @param [Class<ModelCommand>] command
+        #   The command class including {Importable}.
+        #
+        def self.included(command)
+          command.option :add, value: {
+                                 type: String,
+                                 usage: 'VALUE'
+                               },
+                               desc: 'Adds a value to the database'
+
+          command.option :import, value: {
+                                    type:  String,
+                                    usage: 'FILE'
+                                  },
+                                  desc: 'Imports the values from the FILE into the database'
+        end
+
+        #
+        # Runs the command.
+        #
+        def run
+          if options[:add]
+            db_connect
+            add(options[:add])
+          elsif options[:import]
+            db_connect
+            import_file(options[:import])
+          else
+            super
+          end
+        end
+
+        #
+        # Adds a value to the database.
+        #
+        # @param [String] value
+        #   The value to add.
+        #
+        def add(value)
+          record = model.import(value)
+
+          unless record.valid?
+            print_error "failed to import #{value}!"
+
+            record.errors.full_messages.each do |message|
+              print_error " - #{message}"
+            end
+          end
+        end
+
+        #
+        # Imports the values from the given file.
+        #
+        # @param [String] path
+        #   The path to the file.
+        #
+        def import_file(path)
+          unless File.file?(path)
+            print_error "no such file or directory: #{path}"
+            exit(-1)
+          end
+
+          File.open(path) do |file|
+            model.transaction do
+              file.each_line(chomp: true) do |value|
+                log_info "Importing #{value} ..." if verbose?
+
+                add(value)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ronin/db/cli/model_command.rb

@@ -2,7 +2,7 @@
 #
 # ronin-db - A common database library for managing and querying security data.
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-db is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,7 +18,8 @@
 # along with ronin-db.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-require 'ronin/db/cli/database_command'
+require 'ronin/db/cli/command'
+require 'ronin/db/cli/database_options'
 require 'ronin/core/cli/logging'
 
 require 'command_kit/options/verbose'
@@ -29,8 +30,9 @@ module Ronin
       #
       # A base-command for database models commands.
       #
-      class ModelCommand < DatabaseCommand
+      class ModelCommand < Command
 
+        include DatabaseOptions
         include CommandKit::Options::Verbose
         include Core::CLI::Logging
 
@@ -112,16 +114,16 @@ module Ronin
         # Runs the command.
         #
         def run
-          connect
+          db_connect
           list
         end
 
         #
         # Connects to the database.
         #
-        def connect
+        def db_connect
           # connect to the database but do not load other models.
-          DB.connect(config, load_models: false)
+          DB.connect(db_config, load_models: false)
 
           # load and connect the model
           model.connection