ronin-exploits 0.3.1 → 1.0.0.beta2

data/man/ronin-exploits-show.1.md

@@ -0,0 +1,33 @@
+# ronin-exploits-show 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-exploits show` [*options*] {*NAME* \| --file *FILE*}
+
+## DESCRIPTION
+
+Prints information about an exploit.
+
+## ARGUMENTS
+
+*NAME*
+  The name of the exploit to load.
+
+## OPTIONS
+
+`-v`, `--verbose`
+  Prints additional information about the exploit.
+
+`-f`, `--file` *FILE*
+  Optionally loads the exploit from the file.
+
+`-h`, `--help`
+  Print help information
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-exploits-list(1) ronin-exploits-run(1)

data/man/ronin-exploits.1

@@ -0,0 +1,55 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-exploits 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-exploits\fR \[lB]\fIoptions\fP\[rB] \[lB]\fICOMMAND\fP \[lB]\.\.\.\[rB]\[rB]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Runs a \fBronin-exploits\fR \fICOMMAND\fP\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fICOMMAND\fP
+The \fBronin-exploits\fR command to execute\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information
+.LP
+.SH COMMANDS
+.LP
+.TP
+\fIirb\fP
+Starts ronin\-exploits interactive Ruby shell\.
+.LP
+.TP
+\fIlist\fP
+Lists available exploits\.
+.LP
+.TP
+\fIrun\fP
+Runs an exploit\.
+.LP
+.TP
+\fIhelp\fP
+Lists available commands or shows help about a specific command\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-exploits\-console(1) ronin\-exploits\-list(1) ronin\-exploits\-run(1)

data/man/ronin-exploits.1.md

@@ -0,0 +1,41 @@
+# ronin-exploits 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-exploits` [*options*] [*COMMAND* [...]]
+
+## DESCRIPTION
+
+Runs a `ronin-exploits` *COMMAND*.
+
+## ARGUMENTS
+
+*COMMAND*
+	The `ronin-exploits` command to execute.
+
+## OPTIONS
+
+`-h`, `--help`
+  Print help information
+
+## COMMANDS
+
+*irb*
+  Starts ronin-exploits interactive Ruby shell.
+
+*list*
+  Lists available exploits.
+
+*run*
+  Runs an exploit.
+
+*help*
+  Lists available commands or shows help about a specific command.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-exploits-console(1) ronin-exploits-list(1) ronin-exploits-run(1)

data/ronin-exploits.gemspec

@@ -0,0 +1,62 @@
+# encoding: utf-8
+
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require 'ronin/exploits/version'
+                  Ronin::Exploits::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+  gem.metadata    = gemspec['metadata'] if gemspec['metadata']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files  = `git ls-files`.split($/)
+  gem.files  = glob[gemspec['files']] if gemspec['files']
+  gem.files += Array(gemspec['generated_files'])
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+  gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.test_files       = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = gemspec['requirements']
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end

data/spec/advisory_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+require 'ronin/exploits/advisory'
+
+describe Ronin::Exploits::Advisory do
+  let(:id)  { 'CVE-2022-1234' }
+  let(:url) { "https://nvd.nist.gov/vuln/detail/#{id}" }
+
+  subject { described_class.new(id,url) }
+
+  describe "#initialize" do
+    context "when given only an id" do
+      subject { described_class.new(id) }
+
+      it "must set #id" do
+        expect(subject.id).to eq(id)
+      end
+
+      it "must default #url to .url_for(id)" do
+        expect(subject.url).to eq(described_class.url_for(id))
+      end
+    end
+
+    context "when given an id and a url" do
+      subject { described_class.new(id,url) }
+
+      it "must set #id" do
+        expect(subject.id).to eq(id)
+      end
+
+      it "must set #url" do
+        expect(subject.url).to eq(url)
+      end
+    end
+  end
+
+  describe ".url_for" do
+    subject { described_class }
+
+    context "when given a CVE-YYYY-NNNN id" do
+      let(:id) { 'CVE-2022-1234' }
+
+      it "must return 'https://nvd.nist.gov/vuln/detail/CVE-YYYY-NNNN'" do
+        expect(subject.url_for(id)).to eq(
+          "https://nvd.nist.gov/vuln/detail/#{id}"
+        )
+      end
+    end
+
+    context "when given a GHSA-XXXX id" do
+      let(:id) { 'GHSA-1234abcd' }
+
+      it "must return 'https://github.com/advisories/GHSA-XXXX'" do
+        expect(subject.url_for(id)).to eq("https://github.com/advisories/#{id}")
+      end
+    end
+
+    context "when given any other kind of id" do
+      let(:id) { 'XYZ-123' }
+
+      it "must return nil" do
+        expect(subject.url_for(id)).to be(nil)
+      end
+    end
+  end
+
+  describe "#to_s" do
+    it "must return the advisory #id" do
+      expect(subject.to_s).to eq(id)
+    end
+  end
+end

data/spec/cli/exploit_command_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+require 'ronin/exploits/cli/exploit_command'
+require 'ronin/exploits/exploit'
+
+describe Ronin::Exploits::CLI::ExploitCommand do
+  module TestExploitCommand
+    class TestExploit < Ronin::Exploits::Exploit
+      register 'test_exploit_command'
+    end
+
+    class TestCommand < Ronin::Exploits::CLI::ExploitCommand
+    end
+  end
+
+  let(:exploit_class) { TestExploitCommand::TestExploit }
+  let(:command_class) { TestExploitCommand::TestCommand }
+  subject { command_class.new }
+
+  describe "#load_exploit" do
+    let(:id) { exploit_class.id }
+
+    before do
+      expect(Ronin::Exploits).to receive(:load_class).with(id).and_return(exploit_class)
+    end
+
+    it "must load the exploit class and return the exploit class" do
+      expect(subject.load_exploit(id)).to be(exploit_class)
+    end
+
+    it "must also set #exploit_class" do
+      subject.load_exploit(id)
+
+      expect(subject.exploit_class).to be(exploit_class)
+    end
+  end
+
+  describe "#load_exploit_from" do
+    let(:file) { "path/to/exploit/file.rb" }
+
+    before do
+      expect(Ronin::Exploits).to receive(:load_class_from_file).with(file).and_return(exploit_class)
+    end
+
+    it "must load the exploit class and return the exploit class" do
+      expect(subject.load_exploit_from(file)).to be(exploit_class)
+    end
+
+    it "must also set #exploit_class" do
+      subject.load_exploit_from(file)
+
+      expect(subject.exploit_class).to be(exploit_class)
+    end
+ end
+
+  describe "#initialize_exploit" do
+    before { subject.load_exploit(exploit_class.id) }
+
+    it "must initialize a new exploit object using #exploit_class" do
+      expect(subject.initialize_exploit).to be_kind_of(exploit_class)
+    end
+
+    it "must also set #exploit" do
+      subject.initialize_exploit
+
+      expect(subject.exploit).to be_kind_of(exploit_class)
+    end
+  end
+end

data/spec/cli/exploit_methods_spec.rb

@@ -0,0 +1,208 @@
+require 'spec_helper'
+require 'ronin/exploits/cli/exploit_methods'
+require 'ronin/exploits/cli/command'
+
+describe Ronin::Exploits::CLI::ExploitMethods do
+  module TestExploitMethods
+    class TestCommand < Ronin::Exploits::CLI::Command
+      include Ronin::Exploits::CLI::ExploitMethods
+    end
+  end
+
+  let(:command_class) { TestExploitMethods::TestCommand }
+  subject { command_class.new }
+
+  describe "#load_exploit" do
+    let(:exploit_id) { 'html/encode' }
+
+    it "must call Exploits.load_class with the given ID" do
+      expect(Ronin::Exploits).to receive(:load_class).with(exploit_id)
+      expect(subject).to_not receive(:exit)
+
+      subject.load_exploit(exploit_id)
+    end
+
+    context "when Ronin::Exploits::ClassNotfound is raised" do
+      let(:message) { "class not found" }
+      let(:exception) do
+        Ronin::Exploits::ClassNotFound.new(message)
+      end
+
+      it "must print an error message and exit with an error code" do
+        expect(Ronin::Exploits).to receive(:load_class).with(exploit_id).and_raise(exception)
+        expect(subject).to receive(:exit).with(1)
+
+        expect {
+          subject.load_exploit(exploit_id)
+        }.to output("#{subject.command_name}: #{message}#{$/}").to_stderr
+      end
+    end
+
+    context "when another type of exception is raised" do
+      let(:message)   { "unexpected error" }
+      let(:exception) { RuntimeError.new(message) }
+
+      it "must print the exception, an error message, and exit with -1" do
+        expect(Ronin::Exploits).to receive(:load_class).with(exploit_id).and_raise(exception)
+        expect(subject).to receive(:print_exception).with(exception)
+        expect(subject).to receive(:exit).with(-1)
+
+        expect {
+          subject.load_exploit(exploit_id)
+        }.to output("#{subject.command_name}: an unhandled exception occurred while loading exploit #{exploit_id}#{$/}").to_stderr
+      end
+    end
+  end
+
+  describe "#load_exploit_from" do
+    let(:file) { '/path/to/html/encode.rb' }
+
+    it "must call Exploits.load_class with the given ID and file" do
+      expect(Ronin::Exploits).to receive(:load_class_from_file).with(file)
+      expect(subject).to_not receive(:exit)
+
+      subject.load_exploit_from(file)
+    end
+
+    context "when Ronin::Exploits::ClassNotfound is raised" do
+      let(:message) { "class not found" }
+      let(:exception) do
+        Ronin::Exploits::ClassNotFound.new(message)
+      end
+
+      it "must print an error message and exit with an error code" do
+        expect(Ronin::Exploits).to receive(:load_class_from_file).with(file).and_raise(exception)
+        expect(subject).to receive(:exit).with(1)
+
+        expect {
+          subject.load_exploit_from(file)
+        }.to output("#{subject.command_name}: #{message}#{$/}").to_stderr
+      end
+    end
+
+    context "when another type of exception is raised" do
+      let(:message)   { "unexpected error" }
+      let(:exception) { RuntimeError.new(message) }
+
+      it "must print the exception, an error message, and exit with -1" do
+        expect(Ronin::Exploits).to receive(:load_class_from_file).with(file).and_raise(exception)
+        expect(subject).to receive(:print_exception).with(exception)
+        expect(subject).to receive(:exit).with(-1)
+
+        expect {
+          subject.load_exploit_from(file)
+        }.to output(
+          "#{subject.command_name}: an unhandled exception occurred while loading exploit from file #{file}#{$/}"
+        ).to_stderr
+      end
+    end
+  end
+
+  describe "#initialie_exploit" do
+    let(:exploit_id)    { 'test' }
+    let(:exploit_class) { double('Encoder class', id: exploit_id) }
+
+    it "must return a new instance of the given exploit class" do
+      expect(exploit_class).to receive(:new)
+
+      subject.initialize_exploit(exploit_class)
+    end
+
+    context "when additional keyword arguments are given" do
+      let(:kwargs) do
+        {foo: 1, bar: 2}
+      end
+
+      it "must pass them to new()" do
+        expect(exploit_class).to receive(:new).with(**kwargs)
+
+        subject.initialize_exploit(exploit_class,**kwargs)
+      end
+    end
+
+    context "when a Core::Params::ParamError is raised" do
+      let(:message)   { "param foo was not set" }
+      let(:exception) { Ronin::Core::Params::RequiredParam.new(message) }
+
+      it "must print an error message and exit with 1" do
+        expect(exploit_class).to receive(:new).and_raise(exception)
+        expect(subject).to receive(:exit).with(1)
+
+        expect {
+          subject.initialize_exploit(exploit_class)
+        }.to output("#{subject.command_name}: #{message}#{$/}").to_stderr
+      end
+    end
+
+    context "when another type of exception is raised" do
+      let(:message)   { "unexpected error" }
+      let(:exception) { RuntimeError.new(message) }
+
+      it "must print the exception, an error message, and exit with -1" do
+        expect(exploit_class).to receive(:new).and_raise(exception)
+        expect(subject).to receive(:print_exception).with(exception)
+        expect(subject).to receive(:exit).with(-1)
+
+        expect {
+          subject.initialize_exploit(exploit_class)
+        }.to output("#{subject.command_name}: an unhandled exception occurred while initializing exploit #{exploit_id}#{$/}").to_stderr
+      end
+    end
+  end
+
+  describe "#validate_exploit" do
+    let(:exploit_id) { 'test' }
+    let(:exploit)    { double('Encoder instance', class_id: exploit_id) }
+
+    it "must call #perform_validate on #exploit" do
+      expect(exploit).to receive(:perform_validate)
+
+      subject.validate_exploit(exploit)
+    end
+
+    context "when a Core::Params::ParamError is raised" do
+      let(:message)   { "param foo was not set" }
+      let(:exception) { Ronin::Core::Params::RequiredParam.new(message) }
+
+      it "must print an error message and exit with 1" do
+        expect(exploit).to receive(:perform_validate).and_raise(exception)
+        expect(subject).to receive(:exit).with(1)
+
+        expect {
+          subject.validate_exploit(exploit)
+        }.to output("#{subject.command_name}: failed to validate the exploit #{exploit_id}: #{message}#{$/}").to_stderr
+      end
+    end
+
+    context "when a Ronin::Exploits::ValidationError is raised" do
+      let(:message)   { "param foo was not set" }
+      let(:exception) do
+        Ronin::Exploits::ValidationError.new(message)
+      end
+
+      it "must print an error message and exit with 1" do
+        expect(exploit).to receive(:perform_validate).and_raise(exception)
+        expect(subject).to receive(:exit).with(1)
+
+        expect {
+          subject.validate_exploit(exploit)
+        }.to output("#{subject.command_name}: failed to validate the exploit #{exploit_id}: #{message}#{$/}").to_stderr
+      end
+    end
+
+    context "when another type of exception is raised" do
+      let(:message)   { "unexpected error" }
+      let(:exception) { RuntimeError.new(message) }
+
+      it "must print the exception, an error message, and exit with -1" do
+        expect(exploit).to receive(:perform_validate).and_raise(exception)
+        expect(subject).to receive(:print_exception).with(exception)
+        expect(subject).to receive(:exit).with(-1)
+
+        expect {
+          subject.validate_exploit(exploit)
+        }.to output("#{subject.command_name}: an unhandled exception occurred while validating the exploit #{exploit_id}#{$/}").to_stderr
+      end
+    end
+  end
+end

data/spec/cli/ruby_shell_spec.rb

@@ -0,0 +1,14 @@
+require 'spec_helper'
+require 'ronin/exploits/cli/ruby_shell'
+
+describe Ronin::Exploits::CLI::RubyShell do
+  describe "#initialize" do
+    it "must default #name to 'ronin-exploits'" do
+      expect(subject.name).to eq('ronin-exploits')
+    end
+
+    it "must default #context to Ronin::Exploits" do
+      expect(subject.context).to be(Ronin::Exploits)
+    end
+  end
+end

data/spec/client_side_web_vuln_spec.rb

@@ -0,0 +1,117 @@
+require 'spec_helper'
+require 'ronin/exploits/client_side_web_vuln'
+require 'ronin/vulns/web_vuln'
+
+describe Ronin::Exploits::ClientSideWebVuln do
+  module TestClientSideWebVuln
+    class TestExploit < Ronin::Exploits::ClientSideWebVuln
+      base_path   '/Templatize.asp'
+      query_param 'item'
+
+      def vuln
+        @vuln ||= Ronin::Vulns::WebVuln.new(url, **web_vuln_kwargs)
+      end
+    end
+  end
+
+  let(:exploit_class) { TestClientSideWebVuln::TestExploit }
+  let(:base_url)      { 'http://testasp.vulnweb.com/' }
+  let(:query)         { 'item=html/about.html' }
+  let(:query_param)   { 'item' }
+  let(:payload)       { 'test payload' }
+
+  subject do
+    exploit_class.new(
+      payload: payload,
+      params: {
+        base_url: base_url
+      }
+    )
+  end
+
+  it "must define a 'format' param" do
+    expect(described_class.params[:format]).to_not be(nil)
+    expect(described_class.params[:format].type).to be_kind_of(Ronin::Core::Params::Types::Enum)
+    expect(described_class.params[:format].type.values).to eq([:http, :curl])
+    expect(described_class.params[:format].desc).to eq('Output format')
+  end
+
+  describe "#format_exploit" do
+    context "when the 'format' param is :http" do
+      subject do
+        exploit_class.new(
+          payload: payload,
+          params: {
+            base_url: base_url,
+            format:   :http
+          }
+        )
+      end
+
+      it "must call #to_http on the #vuln object" do
+        expect(subject.format_exploit).to eq(subject.vuln.to_http(payload))
+      end
+    end
+
+    context "when the 'format' param is :curl" do
+      subject do
+        exploit_class.new(
+          payload: payload,
+          params: {
+            base_url: base_url,
+            format:   :curl
+          }
+        )
+      end
+
+      it "must call #to_curl on the #vuln object" do
+        expect(subject.format_exploit).to eq(subject.vuln.to_curl(payload))
+      end
+    end
+  end
+
+  describe "#launch" do
+    context "when the 'format' param is :http" do
+      subject do
+        exploit_class.new(
+          payload: payload,
+          params: {
+            base_url: base_url,
+            format:   :http
+          }
+        )
+      end
+
+      it "must print out a message and the exploit formatted as an HTTP request" do
+        expect(subject).to receive(:print_info).with("Copy and paste the following exploit:")
+        expect(subject).to receive(:puts)
+        expect(subject).to receive(:puts).with(subject.vuln.to_http(payload))
+        expect(subject).to receive(:puts)
+
+        subject.launch
+      end
+    end
+
+    context "when the 'format' param is :curl" do
+      subject do
+        exploit_class.new(
+          payload: payload,
+          params: {
+            base_url: base_url,
+            format:   :curl
+          }
+        )
+      end
+
+
+      it "must print out a message and the exploit formatted as an HTTP request" do
+        expect(subject).to receive(:print_info).with("Copy and paste the following exploit:")
+        expect(subject).to receive(:puts)
+        expect(subject).to receive(:puts).with(subject.vuln.to_curl(payload))
+        expect(subject).to receive(:puts)
+
+        subject.launch
+      end
+    end
+  end
+end