ronin-exploits 0.3.1 → 1.0.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (338) hide show
  1. checksums.yaml +7 -0
  2. data/.document +4 -0
  3. data/.editorconfig +11 -0
  4. data/.github/workflows/ruby.yml +31 -0
  5. data/.gitignore +13 -0
  6. data/.mailmap +1 -0
  7. data/.rspec +1 -0
  8. data/.ruby-version +1 -0
  9. data/.yardopts +1 -0
  10. data/COPYING.txt +161 -335
  11. data/{History.txt → ChangeLog.md} +119 -16
  12. data/Gemfile +50 -0
  13. data/README.md +454 -0
  14. data/Rakefile +37 -23
  15. data/bin/ronin-exploits +13 -6
  16. data/data/new/exploit.rb.erb +158 -0
  17. data/gemspec.yml +44 -0
  18. data/lib/ronin/exploits/advisory.rb +84 -0
  19. data/lib/ronin/exploits/cli/command.rb +39 -0
  20. data/lib/ronin/exploits/cli/commands/irb.rb +57 -0
  21. data/lib/ronin/exploits/cli/commands/list.rb +80 -0
  22. data/lib/ronin/exploits/cli/commands/new.rb +332 -0
  23. data/lib/ronin/exploits/cli/commands/run.rb +396 -0
  24. data/lib/ronin/exploits/cli/commands/show.rb +290 -0
  25. data/lib/ronin/exploits/cli/exploit_command.rb +114 -0
  26. data/lib/ronin/exploits/cli/exploit_methods.rb +114 -0
  27. data/lib/ronin/exploits/cli/ruby_shell.rb +51 -0
  28. data/lib/ronin/exploits/cli.rb +51 -0
  29. data/lib/ronin/exploits/client_side_web_vuln.rb +69 -0
  30. data/lib/ronin/exploits/exceptions.rb +27 -17
  31. data/lib/ronin/exploits/exploit.rb +501 -582
  32. data/lib/ronin/exploits/heap_overflow.rb +50 -0
  33. data/lib/ronin/exploits/lfi.rb +141 -0
  34. data/lib/ronin/exploits/loot/file.rb +113 -0
  35. data/lib/ronin/exploits/loot.rb +119 -0
  36. data/lib/ronin/exploits/memory_corruption.rb +53 -0
  37. data/lib/ronin/exploits/metadata/arch.rb +83 -0
  38. data/lib/ronin/exploits/metadata/cookie_param.rb +80 -0
  39. data/lib/ronin/exploits/metadata/default_filename.rb +69 -0
  40. data/lib/ronin/exploits/metadata/default_port.rb +69 -0
  41. data/lib/ronin/exploits/metadata/header_name.rb +80 -0
  42. data/lib/ronin/exploits/metadata/os.rb +117 -0
  43. data/lib/ronin/exploits/metadata/shouts.rb +85 -0
  44. data/lib/ronin/exploits/metadata/url_path.rb +82 -0
  45. data/lib/ronin/exploits/metadata/url_query_param.rb +80 -0
  46. data/lib/ronin/exploits/mixins/binary.rb +106 -0
  47. data/lib/ronin/exploits/mixins/build_dir.rb +61 -0
  48. data/lib/ronin/exploits/mixins/file_builder.rb +102 -0
  49. data/lib/ronin/exploits/mixins/format_string.rb +87 -0
  50. data/lib/ronin/exploits/mixins/has_payload.rb +202 -0
  51. data/lib/ronin/exploits/mixins/has_targets.rb +297 -0
  52. data/lib/ronin/exploits/mixins/html.rb +213 -0
  53. data/lib/ronin/exploits/mixins/http.rb +866 -0
  54. data/lib/ronin/exploits/mixins/loot.rb +84 -0
  55. data/lib/ronin/exploits/mixins/nops.rb +121 -0
  56. data/lib/ronin/exploits/mixins/remote_tcp.rb +272 -0
  57. data/lib/ronin/exploits/mixins/remote_udp.rb +264 -0
  58. data/lib/ronin/exploits/mixins/seh.rb +136 -0
  59. data/lib/ronin/exploits/mixins/stack_overflow.rb +124 -0
  60. data/lib/ronin/exploits/mixins/text.rb +65 -0
  61. data/lib/ronin/exploits/mixins.rb +32 -0
  62. data/lib/ronin/exploits/open_redirect.rb +103 -0
  63. data/lib/ronin/exploits/params/base_url.rb +84 -0
  64. data/lib/ronin/exploits/params/bind_host.rb +53 -0
  65. data/lib/ronin/exploits/params/bind_port.rb +53 -0
  66. data/lib/ronin/exploits/params/filename.rb +71 -0
  67. data/lib/ronin/exploits/params/host.rb +56 -0
  68. data/lib/ronin/exploits/params/port.rb +71 -0
  69. data/lib/ronin/exploits/registry.rb +32 -0
  70. data/lib/ronin/exploits/rfi.rb +106 -0
  71. data/lib/ronin/exploits/root.rb +28 -0
  72. data/lib/ronin/exploits/seh_overflow.rb +90 -0
  73. data/lib/ronin/exploits/sqli.rb +172 -0
  74. data/lib/ronin/exploits/ssti.rb +108 -0
  75. data/lib/ronin/exploits/stack_overflow.rb +90 -0
  76. data/lib/ronin/exploits/target.rb +63 -103
  77. data/lib/ronin/exploits/test_result.rb +80 -0
  78. data/lib/ronin/exploits/use_after_free.rb +50 -0
  79. data/lib/ronin/exploits/version.rb +11 -12
  80. data/lib/ronin/exploits/web.rb +18 -89
  81. data/lib/ronin/exploits/web_vuln.rb +378 -0
  82. data/lib/ronin/exploits/xss.rb +102 -0
  83. data/lib/ronin/exploits.rb +19 -26
  84. data/man/ronin-exploits-irb.1 +31 -0
  85. data/man/ronin-exploits-irb.1.md +22 -0
  86. data/man/ronin-exploits-list.1 +37 -0
  87. data/man/ronin-exploits-list.1.md +27 -0
  88. data/man/ronin-exploits-new.1 +98 -0
  89. data/man/ronin-exploits-new.1.md +73 -0
  90. data/man/ronin-exploits-run.1 +117 -0
  91. data/man/ronin-exploits-run.1.md +87 -0
  92. data/man/ronin-exploits-show.1 +45 -0
  93. data/man/ronin-exploits-show.1.md +33 -0
  94. data/man/ronin-exploits.1 +55 -0
  95. data/man/ronin-exploits.1.md +41 -0
  96. data/ronin-exploits.gemspec +62 -0
  97. data/spec/advisory_spec.rb +71 -0
  98. data/spec/cli/exploit_command_spec.rb +68 -0
  99. data/spec/cli/exploit_methods_spec.rb +208 -0
  100. data/spec/cli/ruby_shell_spec.rb +14 -0
  101. data/spec/client_side_web_vuln_spec.rb +117 -0
  102. data/spec/exploit_spec.rb +538 -0
  103. data/spec/exploits_spec.rb +3 -4
  104. data/spec/heap_overflow_spec.rb +14 -0
  105. data/spec/lfi_spec.rb +162 -0
  106. data/spec/loot/file_spec.rb +131 -0
  107. data/spec/loot_spec.rb +138 -0
  108. data/spec/memory_corruption_spec.rb +22 -0
  109. data/spec/metadata/arch_spec.rb +82 -0
  110. data/spec/metadata/cookie_param_spec.rb +67 -0
  111. data/spec/metadata/default_filename_spec.rb +62 -0
  112. data/spec/metadata/default_port_spec.rb +62 -0
  113. data/spec/metadata/header_name_spec.rb +67 -0
  114. data/spec/metadata/os_spec.rb +164 -0
  115. data/spec/metadata/shouts_spec.rb +100 -0
  116. data/spec/metadata/url_path_spec.rb +67 -0
  117. data/spec/metadata/url_query_param_spec.rb +67 -0
  118. data/spec/mixins/binary_spec.rb +129 -0
  119. data/spec/mixins/build_dir.rb +66 -0
  120. data/spec/mixins/file_builder_spec.rb +67 -0
  121. data/spec/mixins/format_string_spec.rb +44 -0
  122. data/spec/mixins/has_payload_spec.rb +333 -0
  123. data/spec/mixins/has_targets_spec.rb +434 -0
  124. data/spec/mixins/html_spec.rb +772 -0
  125. data/spec/mixins/http_spec.rb +1227 -0
  126. data/spec/mixins/loot_spec.rb +20 -0
  127. data/spec/mixins/nops_spec.rb +165 -0
  128. data/spec/mixins/remote_tcp_spec.rb +217 -0
  129. data/spec/mixins/remote_udp_spec.rb +217 -0
  130. data/spec/mixins/seh_spec.rb +89 -0
  131. data/spec/mixins/stack_overflow_spec.rb +87 -0
  132. data/spec/mixins/text_spec.rb +43 -0
  133. data/spec/open_redirect_spec.rb +71 -0
  134. data/spec/params/base_url_spec.rb +71 -0
  135. data/spec/params/bind_host_spec.rb +34 -0
  136. data/spec/params/bind_port_spec.rb +35 -0
  137. data/spec/params/filename_spec.rb +77 -0
  138. data/spec/params/host_spec.rb +34 -0
  139. data/spec/params/port_spec.rb +77 -0
  140. data/spec/rfi_spec.rb +107 -0
  141. data/spec/seh_overflow_spec.rb +18 -0
  142. data/spec/spec_helper.rb +6 -10
  143. data/spec/sqli_spec.rb +306 -0
  144. data/spec/ssti_spec.rb +121 -0
  145. data/spec/stack_overflow_spec.rb +18 -0
  146. data/spec/target_spec.rb +92 -0
  147. data/spec/test_result_spec.rb +32 -0
  148. data/spec/use_after_free_spec.rb +14 -0
  149. data/spec/web_spec.rb +12 -0
  150. data/spec/web_vuln_spec.rb +854 -0
  151. data/spec/xss_spec.rb +69 -0
  152. metadata +361 -324
  153. data/Manifest.txt +0 -196
  154. data/README.txt +0 -274
  155. data/bin/ronin-exploit +0 -12
  156. data/bin/ronin-gen-binary-payload +0 -12
  157. data/bin/ronin-gen-exploit +0 -12
  158. data/bin/ronin-gen-ftp-exploit +0 -12
  159. data/bin/ronin-gen-http-exploit +0 -12
  160. data/bin/ronin-gen-local-exploit +0 -12
  161. data/bin/ronin-gen-nops +0 -12
  162. data/bin/ronin-gen-payload +0 -12
  163. data/bin/ronin-gen-remote-exploit +0 -12
  164. data/bin/ronin-gen-remote-tcp-exploit +0 -12
  165. data/bin/ronin-gen-remote-udp-exploit +0 -12
  166. data/bin/ronin-gen-shellcode +0 -12
  167. data/bin/ronin-gen-web-exploit +0 -12
  168. data/bin/ronin-payload +0 -12
  169. data/bin/ronin-payloads +0 -12
  170. data/lib/ronin/controls/behaviors.rb +0 -133
  171. data/lib/ronin/controls/exceptions/not_implemented.rb +0 -27
  172. data/lib/ronin/controls/exceptions/program_not_found.rb +0 -27
  173. data/lib/ronin/controls/exceptions.rb +0 -23
  174. data/lib/ronin/controls/file_system.rb +0 -145
  175. data/lib/ronin/controls/helpers/command_exec.rb +0 -143
  176. data/lib/ronin/controls/helpers/dir_create.rb +0 -42
  177. data/lib/ronin/controls/helpers/dir_listing.rb +0 -62
  178. data/lib/ronin/controls/helpers/dir_remove.rb +0 -42
  179. data/lib/ronin/controls/helpers/file_ctime.rb +0 -52
  180. data/lib/ronin/controls/helpers/file_mtime.rb +0 -53
  181. data/lib/ronin/controls/helpers/file_ownership.rb +0 -53
  182. data/lib/ronin/controls/helpers/file_read.rb +0 -62
  183. data/lib/ronin/controls/helpers/file_remove.rb +0 -51
  184. data/lib/ronin/controls/helpers/file_write.rb +0 -62
  185. data/lib/ronin/controls/helpers/memory_read.rb +0 -39
  186. data/lib/ronin/controls/helpers/memory_write.rb +0 -39
  187. data/lib/ronin/controls/helpers.rb +0 -33
  188. data/lib/ronin/controls.rb +0 -23
  189. data/lib/ronin/exploits/control.rb +0 -47
  190. data/lib/ronin/exploits/exceptions/exception.rb +0 -27
  191. data/lib/ronin/exploits/exceptions/exploit_not_built.rb +0 -29
  192. data/lib/ronin/exploits/exceptions/payload_size.rb +0 -29
  193. data/lib/ronin/exploits/exceptions/restricted_char.rb +0 -29
  194. data/lib/ronin/exploits/exceptions/target_data_missing.rb +0 -29
  195. data/lib/ronin/exploits/exceptions/target_unspecified.rb +0 -29
  196. data/lib/ronin/exploits/exceptions/unknown_helper.rb +0 -29
  197. data/lib/ronin/exploits/exploit_author.rb +0 -33
  198. data/lib/ronin/exploits/ftp.rb +0 -42
  199. data/lib/ronin/exploits/helpers/binary.rb +0 -50
  200. data/lib/ronin/exploits/helpers/buffer_overflow.rb +0 -115
  201. data/lib/ronin/exploits/helpers/file_based.rb +0 -112
  202. data/lib/ronin/exploits/helpers/format_string.rb +0 -117
  203. data/lib/ronin/exploits/helpers/padding.rb +0 -101
  204. data/lib/ronin/exploits/helpers.rb +0 -26
  205. data/lib/ronin/exploits/http.rb +0 -49
  206. data/lib/ronin/exploits/local.rb +0 -40
  207. data/lib/ronin/exploits/remote.rb +0 -40
  208. data/lib/ronin/exploits/remote_tcp.rb +0 -87
  209. data/lib/ronin/exploits/remote_udp.rb +0 -87
  210. data/lib/ronin/exploits/targets/buffer_overflow.rb +0 -46
  211. data/lib/ronin/exploits/targets/format_string.rb +0 -43
  212. data/lib/ronin/exploits/targets.rb +0 -27
  213. data/lib/ronin/exploits/verifiers.rb +0 -121
  214. data/lib/ronin/generators/exploits/exploit.rb +0 -70
  215. data/lib/ronin/generators/exploits/ftp.rb +0 -42
  216. data/lib/ronin/generators/exploits/http.rb +0 -42
  217. data/lib/ronin/generators/exploits/local.rb +0 -42
  218. data/lib/ronin/generators/exploits/remote.rb +0 -42
  219. data/lib/ronin/generators/exploits/remote_tcp.rb +0 -44
  220. data/lib/ronin/generators/exploits/remote_udp.rb +0 -44
  221. data/lib/ronin/generators/exploits/static.rb +0 -30
  222. data/lib/ronin/generators/exploits/web.rb +0 -45
  223. data/lib/ronin/generators/exploits.rb +0 -23
  224. data/lib/ronin/generators/payloads/binary_payload.rb +0 -42
  225. data/lib/ronin/generators/payloads/nops.rb +0 -42
  226. data/lib/ronin/generators/payloads/payload.rb +0 -66
  227. data/lib/ronin/generators/payloads/shellcode.rb +0 -42
  228. data/lib/ronin/generators/payloads/static.rb +0 -30
  229. data/lib/ronin/generators/payloads.rb +0 -23
  230. data/lib/ronin/model/has_default_port.rb +0 -54
  231. data/lib/ronin/model/targets_arch.rb +0 -68
  232. data/lib/ronin/model/targets_os.rb +0 -69
  233. data/lib/ronin/model/targets_product.rb +0 -68
  234. data/lib/ronin/payloads/asm_payload.rb +0 -40
  235. data/lib/ronin/payloads/binary_payload.rb +0 -42
  236. data/lib/ronin/payloads/control.rb +0 -47
  237. data/lib/ronin/payloads/encoders/encoder.rb +0 -92
  238. data/lib/ronin/payloads/encoders/xor.rb +0 -79
  239. data/lib/ronin/payloads/encoders.rb +0 -32
  240. data/lib/ronin/payloads/exceptions/exception.rb +0 -27
  241. data/lib/ronin/payloads/exceptions/not_implemented.rb +0 -29
  242. data/lib/ronin/payloads/exceptions/unknown_helper.rb +0 -29
  243. data/lib/ronin/payloads/exceptions.rb +0 -23
  244. data/lib/ronin/payloads/has_payload.rb +0 -111
  245. data/lib/ronin/payloads/helpers/chained.rb +0 -61
  246. data/lib/ronin/payloads/helpers/rpc.rb +0 -93
  247. data/lib/ronin/payloads/helpers.rb +0 -23
  248. data/lib/ronin/payloads/nops.rb +0 -39
  249. data/lib/ronin/payloads/payload.rb +0 -350
  250. data/lib/ronin/payloads/payload_author.rb +0 -33
  251. data/lib/ronin/payloads/shellcode.rb +0 -40
  252. data/lib/ronin/payloads/web_payload.rb +0 -41
  253. data/lib/ronin/payloads.rb +0 -36
  254. data/lib/ronin/ui/command_line/commands/exploit.rb +0 -193
  255. data/lib/ronin/ui/command_line/commands/exploits.rb +0 -154
  256. data/lib/ronin/ui/command_line/commands/gen_binary_payload.rb +0 -34
  257. data/lib/ronin/ui/command_line/commands/gen_exploit.rb +0 -34
  258. data/lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb +0 -34
  259. data/lib/ronin/ui/command_line/commands/gen_http_exploit.rb +0 -34
  260. data/lib/ronin/ui/command_line/commands/gen_local_exploit.rb +0 -34
  261. data/lib/ronin/ui/command_line/commands/gen_nops.rb +0 -34
  262. data/lib/ronin/ui/command_line/commands/gen_payload.rb +0 -34
  263. data/lib/ronin/ui/command_line/commands/gen_remote_exploit.rb +0 -34
  264. data/lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb +0 -34
  265. data/lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb +0 -34
  266. data/lib/ronin/ui/command_line/commands/gen_shellcode.rb +0 -34
  267. data/lib/ronin/ui/command_line/commands/gen_web_exploit.rb +0 -34
  268. data/lib/ronin/ui/command_line/commands/payload.rb +0 -129
  269. data/lib/ronin/ui/command_line/commands/payloads.rb +0 -128
  270. data/lib/ronin/vuln/behavior.rb +0 -165
  271. data/spec/controls/behaviors_examples.rb +0 -38
  272. data/spec/exploits/binary_exploit_spec.rb +0 -44
  273. data/spec/exploits/buffer_overflow_exploit_spec.rb +0 -70
  274. data/spec/exploits/exploit_spec.rb +0 -313
  275. data/spec/exploits/file_based_exploit_spec.rb +0 -48
  276. data/spec/exploits/format_string_exploit_spec.rb +0 -32
  277. data/spec/exploits/ftp_spec.rb +0 -13
  278. data/spec/exploits/http_spec.rb +0 -17
  279. data/spec/exploits/padding_exploit_spec.rb +0 -44
  280. data/spec/exploits/remote_tcp_spec.rb +0 -28
  281. data/spec/exploits/remote_udp_spec.rb +0 -28
  282. data/spec/exploits/target_spec.rb +0 -98
  283. data/spec/exploits/targets/buffer_overflow_spec.rb +0 -22
  284. data/spec/exploits/web_spec.rb +0 -35
  285. data/spec/generators/exploits/exploit_examples.rb +0 -24
  286. data/spec/generators/exploits/exploit_spec.rb +0 -42
  287. data/spec/generators/exploits/ftp_spec.rb +0 -42
  288. data/spec/generators/exploits/http_spec.rb +0 -42
  289. data/spec/generators/exploits/local_spec.rb +0 -42
  290. data/spec/generators/exploits/remote_spec.rb +0 -42
  291. data/spec/generators/exploits/remote_tcp_spec.rb +0 -47
  292. data/spec/generators/exploits/remote_udp_spec.rb +0 -47
  293. data/spec/generators/exploits/web_spec.rb +0 -52
  294. data/spec/generators/payloads/binary_payload_spec.rb +0 -31
  295. data/spec/generators/payloads/nops_spec.rb +0 -31
  296. data/spec/generators/payloads/payload_examples.rb +0 -16
  297. data/spec/generators/payloads/payload_spec.rb +0 -31
  298. data/spec/generators/payloads/shellcode_spec.rb +0 -31
  299. data/spec/helpers/database.rb +0 -5
  300. data/spec/helpers/objects.rb +0 -22
  301. data/spec/model/has_default_port_spec.rb +0 -27
  302. data/spec/model/models/default_port_model.rb +0 -13
  303. data/spec/model/models/non_default_port_model.rb +0 -11
  304. data/spec/model/models/targets_arch_model.rb +0 -11
  305. data/spec/model/models/targets_os_model.rb +0 -11
  306. data/spec/model/models/targets_product_model.rb +0 -11
  307. data/spec/model/targets_arch_spec.rb +0 -32
  308. data/spec/model/targets_os_spec.rb +0 -33
  309. data/spec/model/targets_product_spec.rb +0 -35
  310. data/spec/objects/exploits/example.rb +0 -25
  311. data/spec/objects/exploits/simple.rb +0 -24
  312. data/spec/objects/payloads/simple.rb +0 -19
  313. data/spec/payloads/encoders/encoder_spec.rb +0 -30
  314. data/spec/payloads/encoders/xor_spec.rb +0 -20
  315. data/spec/payloads/payload_spec.rb +0 -156
  316. data/spec/vuln/behavior_spec.rb +0 -15
  317. data/static/ronin/generators/exploits/_cache.erb +0 -14
  318. data/static/ronin/generators/exploits/_header.erb +0 -1
  319. data/static/ronin/generators/exploits/_helpers.erb +0 -4
  320. data/static/ronin/generators/exploits/exploit.erb +0 -24
  321. data/static/ronin/generators/exploits/ftp.erb +0 -24
  322. data/static/ronin/generators/exploits/http.erb +0 -26
  323. data/static/ronin/generators/exploits/local.erb +0 -24
  324. data/static/ronin/generators/exploits/remote.erb +0 -24
  325. data/static/ronin/generators/exploits/remote_tcp.erb +0 -26
  326. data/static/ronin/generators/exploits/remote_udp.erb +0 -26
  327. data/static/ronin/generators/exploits/web.erb +0 -28
  328. data/static/ronin/generators/payloads/_cache.erb +0 -10
  329. data/static/ronin/generators/payloads/_header.erb +0 -1
  330. data/static/ronin/generators/payloads/_helpers.erb +0 -2
  331. data/static/ronin/generators/payloads/binary_payload.erb +0 -25
  332. data/static/ronin/generators/payloads/nops.erb +0 -19
  333. data/static/ronin/generators/payloads/payload.erb +0 -25
  334. data/static/ronin/generators/payloads/shellcode.erb +0 -25
  335. data/tasks/spec.rb +0 -10
  336. data/tasks/yard.rb +0 -13
  337. data.tar.gz.sig +0 -0
  338. metadata.gz.sig +0 -0
@@ -0,0 +1,538 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/exploit'
3
+
4
+ describe Ronin::Exploits::Exploit do
5
+ it "must include Ronin::Core::Metadata::ID" do
6
+ expect(described_class).to include(Ronin::Core::Metadata::ID)
7
+ end
8
+
9
+ it "must include Ronin::Core::Metadata::Authors" do
10
+ expect(described_class).to include(Ronin::Core::Metadata::Authors)
11
+ end
12
+
13
+ it "must include Ronin::Core::Metadata::Summary" do
14
+ expect(described_class).to include(Ronin::Core::Metadata::Summary)
15
+ end
16
+
17
+ it "must include Ronin::Core::Metadata::Description" do
18
+ expect(described_class).to include(Ronin::Core::Metadata::Description)
19
+ end
20
+
21
+ it "must include Ronin::Core::Metadata::References" do
22
+ expect(described_class).to include(Ronin::Core::Metadata::References)
23
+ end
24
+
25
+ it "must include Ronin::Core::Params::Mixin" do
26
+ expect(described_class).to include(Ronin::Core::Params::Mixin)
27
+ end
28
+
29
+ it "must include Ronin::Support::CLI::Printing" do
30
+ expect(described_class).to include(Ronin::Support::CLI::Printing)
31
+ end
32
+
33
+ describe ".register" do
34
+ context "when .register is not called in the Exploit class" do
35
+ module TestExploits
36
+ class UnregisteredExploit < Ronin::Exploits::Exploit
37
+ end
38
+ end
39
+
40
+ subject { TestExploits::UnregisteredExploit }
41
+
42
+ it "must not set .id" do
43
+ expect(subject.id).to be(nil)
44
+ end
45
+ end
46
+
47
+ context "when .register is called in the Exploit class" do
48
+ module TestExploits
49
+ class RegisteredExploit < Ronin::Exploits::Exploit
50
+ register 'registered_exploit'
51
+ end
52
+ end
53
+
54
+ subject { TestExploits::RegisteredExploit }
55
+
56
+ it "must set .id" do
57
+ expect(subject.id).to eq('registered_exploit')
58
+ end
59
+
60
+ it "must add the exploit class to Exploits.registry" do
61
+ expect(Ronin::Exploits.registry['registered_exploit']).to be(subject)
62
+ end
63
+ end
64
+ end
65
+
66
+ describe ".quality" do
67
+ context "when the quality is not set in the Exploit class" do
68
+ module TestExploits
69
+ class ExploitWithoutQuality < Ronin::Exploits::Exploit
70
+ end
71
+ end
72
+
73
+ subject { TestExploits::ExploitWithoutQuality }
74
+
75
+ it "must default to nil" do
76
+ expect(subject.quality).to be(nil)
77
+ end
78
+ end
79
+
80
+ context "when the quality is set in the Exploit class" do
81
+ module TestExploits
82
+ class ExploitWithQuality < Ronin::Exploits::Exploit
83
+ quality :high
84
+ end
85
+ end
86
+
87
+ subject { TestExploits::ExploitWithQuality }
88
+
89
+ it "must return the set quality" do
90
+ expect(subject.quality).to be(:high)
91
+ end
92
+ end
93
+ end
94
+
95
+ describe ".release_date" do
96
+ context "when the release_date is not set in the Exploit class" do
97
+ module TestExploits
98
+ class ExploitWithoutReleaseDate < Ronin::Exploits::Exploit
99
+ end
100
+ end
101
+
102
+ subject { TestExploits::ExploitWithoutReleaseDate }
103
+
104
+ it "must default to nil" do
105
+ expect(subject.release_date).to be(nil)
106
+ end
107
+ end
108
+
109
+ context "when the release_date is set in the Exploit class" do
110
+ module TestExploits
111
+ class ExploitWithReleaseDate < Ronin::Exploits::Exploit
112
+ release_date '2022-01-02'
113
+ end
114
+ end
115
+
116
+ subject { TestExploits::ExploitWithReleaseDate }
117
+
118
+ it "must return the set release_date as a Date object" do
119
+ expect(subject.release_date).to be_kind_of(Date)
120
+ expect(subject.release_date.year).to eq(2022)
121
+ expect(subject.release_date.month).to eq(1)
122
+ expect(subject.release_date.day).to eq(2)
123
+ end
124
+ end
125
+ end
126
+
127
+ describe ".released?" do
128
+ context "when the release_date is not set in the Exploit class" do
129
+ module TestExploits
130
+ class ExploitWithoutReleaseDate < Ronin::Exploits::Exploit
131
+ end
132
+ end
133
+
134
+ subject { TestExploits::ExploitWithoutReleaseDate }
135
+
136
+ it "must return false" do
137
+ expect(subject.released?).to be(false)
138
+ end
139
+ end
140
+
141
+ context "when the release_date is set in the Exploit class" do
142
+ module TestExploits
143
+ class ExploitWithReleaseDate < Ronin::Exploits::Exploit
144
+ release_date '2022-01-02'
145
+ end
146
+ end
147
+
148
+ subject { TestExploits::ExploitWithReleaseDate }
149
+
150
+ it "must return true" do
151
+ expect(subject.released?).to be(true)
152
+ end
153
+ end
154
+ end
155
+
156
+ describe ".disclosure_date" do
157
+ context "when the disclosure_date is not set in the Exploit class" do
158
+ module TestExploits
159
+ class ExploitWithoutDisclosureDate < Ronin::Exploits::Exploit
160
+ end
161
+ end
162
+
163
+ subject { TestExploits::ExploitWithoutDisclosureDate }
164
+
165
+ it "must default to nil" do
166
+ expect(subject.disclosure_date).to be(nil)
167
+ end
168
+ end
169
+
170
+ context "when the disclosure_date is set in the Exploit class" do
171
+ module TestExploits
172
+ class ExploitWithDisclosureDate < Ronin::Exploits::Exploit
173
+ disclosure_date '2022-01-02'
174
+ end
175
+ end
176
+
177
+ subject { TestExploits::ExploitWithDisclosureDate }
178
+
179
+ it "must return the set disclosure_date as a Date object" do
180
+ expect(subject.disclosure_date).to be_kind_of(Date)
181
+ expect(subject.disclosure_date.year).to eq(2022)
182
+ expect(subject.disclosure_date.month).to eq(1)
183
+ expect(subject.disclosure_date.day).to eq(2)
184
+ end
185
+ end
186
+ end
187
+
188
+ describe ".disclosed?" do
189
+ context "when the disclosure_date is not set in the Exploit class" do
190
+ module TestExploits
191
+ class ExploitWithoutDisclosureDate < Ronin::Exploits::Exploit
192
+ end
193
+ end
194
+
195
+ subject { TestExploits::ExploitWithoutDisclosureDate }
196
+
197
+ it "must return false" do
198
+ expect(subject.disclosed?).to be(false)
199
+ end
200
+ end
201
+
202
+ context "when the disclosure_date is set in the Exploit class" do
203
+ module TestExploits
204
+ class ExploitWithDisclosureDate < Ronin::Exploits::Exploit
205
+ disclosure_date '2022-01-02'
206
+ end
207
+ end
208
+
209
+ subject { TestExploits::ExploitWithDisclosureDate }
210
+
211
+ it "must return true" do
212
+ expect(subject.disclosed?).to be(true)
213
+ end
214
+ end
215
+ end
216
+
217
+ describe ".advisries" do
218
+ module TestExploits
219
+ class ExploitWithEmptyAdvisories < Ronin::Exploits::Exploit
220
+ end
221
+ end
222
+
223
+ subject { TestExploits::ExploitWithEmptyAdvisories }
224
+
225
+ it "must default to an empty Set" do
226
+ expect(subject.advisories).to eq(Set[])
227
+ end
228
+ end
229
+
230
+ describe ".advisory" do
231
+ module TestExploits
232
+ class ExploitWithAdvisories < Ronin::Exploits::Exploit
233
+ advisory 'CVE-2022-1234'
234
+ end
235
+ end
236
+
237
+ subject { TestExploits::ExploitWithAdvisories }
238
+
239
+ it "must add an Ronin::Exploits::Advisory object to .advisories" do
240
+ expect(subject.advisories).to_not be_empty
241
+ expect(subject.advisories).to all(be_kind_of(Ronin::Exploits::Advisory))
242
+ end
243
+
244
+ context "when no URL is given" do
245
+ context "and the advisory ID begins with 'CVE-' or 'GHSA-'" do
246
+ let(:advisory) { subject.advisories.first }
247
+
248
+ it "must generate the URL based on the advisory ID" do
249
+ expect(advisory.url).to eq("https://nvd.nist.gov/vuln/detail/CVE-2022-1234")
250
+ end
251
+ end
252
+
253
+ context "but the advisory ID does is not from a recognized vendor" do
254
+ module TestExploits
255
+ class ExploitWithUnrecognizedAdvisoryID < Ronin::Exploits::Exploit
256
+ advisory 'FOO-12345'
257
+ end
258
+ end
259
+
260
+ subject { TestExploits::ExploitWithUnrecognizedAdvisoryID }
261
+
262
+ let(:advisory) { subject.advisories.first }
263
+
264
+ it "must default the advisory URL to nil" do
265
+ expect(advisory.url).to be(nil)
266
+ end
267
+ end
268
+ end
269
+
270
+ context "when a URL is given with the advisory ID" do
271
+ module TestExploits
272
+ class ExploitWithAdvisoryIDAndURL < Ronin::Exploits::Exploit
273
+ advisory 'FOO-12345', 'https://www.foosec.org/FOO-12345'
274
+ end
275
+ end
276
+
277
+ subject { TestExploits::ExploitWithAdvisoryIDAndURL }
278
+
279
+ let(:advisory) { subject.advisories.first }
280
+
281
+ it "must set the URL of the advisory" do
282
+ expect(advisory.url).to eq("https://www.foosec.org/FOO-12345")
283
+ end
284
+ end
285
+ end
286
+
287
+ describe ".software" do
288
+ module TestExploitSoftware
289
+ class WithNoSoftwareSet < Ronin::Exploits::Exploit
290
+ end
291
+
292
+ class WithSoftwareSet < Ronin::Exploits::Exploit
293
+ software 'TestWare'
294
+ end
295
+
296
+ class InheritsItsSoftware < WithSoftwareSet
297
+ end
298
+
299
+ class OverridesItsInheritedSoftware < WithSoftwareSet
300
+ software 'TestWare Deluxe'
301
+ end
302
+ end
303
+
304
+ subject { test_class }
305
+
306
+ context "and when software is not set in the class" do
307
+ let(:test_class) { TestExploitSoftware::WithNoSoftwareSet }
308
+
309
+ it "must default to nil" do
310
+ expect(subject.software).to be(nil)
311
+ end
312
+ end
313
+
314
+ context "and when software is set in the class" do
315
+ let(:test_class) { TestExploitSoftware::WithSoftwareSet }
316
+
317
+ it "must return the set software" do
318
+ expect(subject.software).to eq('TestWare')
319
+ end
320
+ end
321
+
322
+ context "but when the software was set in the superclass" do
323
+ let(:test_class) { TestExploitSoftware::InheritsItsSoftware }
324
+
325
+ it "must return the software set in the superclass" do
326
+ expect(subject.software).to eq('TestWare')
327
+ end
328
+
329
+ context "but the software is overridden in the sub-class" do
330
+ let(:test_class) { TestExploitSoftware::OverridesItsInheritedSoftware }
331
+
332
+ it "must return the software set in the sub-class" do
333
+ expect(subject.software).to eq('TestWare Deluxe')
334
+ end
335
+ end
336
+ end
337
+ end
338
+
339
+ describe ".software" do
340
+ module TestExploitSoftwareVersions
341
+ class WithNoSoftwareVersionsSet < Ronin::Exploits::Exploit
342
+ end
343
+
344
+ class WithSoftwareVersionsSet < Ronin::Exploits::Exploit
345
+ software_versions %w[
346
+ 0.1.0
347
+ 0.2.0
348
+ 0.3.0
349
+ ]
350
+ end
351
+
352
+ class InheritsItsSoftwareVersions < WithSoftwareVersionsSet
353
+ end
354
+
355
+ class OverridesItsInheritedSoftwareVersions < WithSoftwareVersionsSet
356
+ software_versions %w[
357
+ 1.0.0
358
+ 1.0.1
359
+ 1.0.2
360
+ ]
361
+ end
362
+ end
363
+
364
+ subject { test_class }
365
+
366
+ context "and when software versions are not set in the class" do
367
+ let(:test_class) { TestExploitSoftwareVersions::WithNoSoftwareVersionsSet }
368
+
369
+ it "must default to nil" do
370
+ expect(subject.software_versions).to be(nil)
371
+ end
372
+ end
373
+
374
+ context "and when software versions are set in the class" do
375
+ let(:test_class) { TestExploitSoftwareVersions::WithSoftwareVersionsSet }
376
+
377
+ it "must return the set software" do
378
+ expect(subject.software_versions).to eq(['0.1.0', '0.2.0', '0.3.0'])
379
+ end
380
+ end
381
+
382
+ context "but when the software versions was set in the superclass" do
383
+ let(:test_class) { TestExploitSoftwareVersions::InheritsItsSoftwareVersions }
384
+
385
+ it "must return the software versions set in the superclass" do
386
+ expect(subject.software_versions).to eq(['0.1.0', '0.2.0', '0.3.0'])
387
+ end
388
+
389
+ context "but the software versions are overridden in the sub-class" do
390
+ let(:test_class) { TestExploitSoftwareVersions::OverridesItsInheritedSoftwareVersions }
391
+
392
+ it "must return the software versions set in the sub-class" do
393
+ expect(subject.software_versions).to eq(['1.0.0', '1.0.1', '1.0.2'])
394
+ end
395
+ end
396
+ end
397
+ end
398
+
399
+ describe ".exploit_type" do
400
+ subject { described_class }
401
+
402
+ it { expect(subject.exploit_type).to eq(:exploit) }
403
+ end
404
+
405
+ describe "#perform_validate" do
406
+ it "must call #validate_params" do
407
+ expect(subject).to receive(:validate_params)
408
+
409
+ subject.perform_validate
410
+ end
411
+
412
+ it "must also call #validate" do
413
+ expect(subject).to receive(:validate)
414
+
415
+ subject.perform_validate
416
+ end
417
+ end
418
+
419
+ describe "#perform_test" do
420
+ subject { described_class.new }
421
+
422
+ it "must call #test" do
423
+ expect(subject).to receive(:test)
424
+
425
+ subject.perform_test
426
+ end
427
+ end
428
+
429
+ describe "#test" do
430
+ it "must return a Test::Unknown value" do
431
+ expect(subject.test).to be_kind_of(Ronin::Exploits::TestResult::Unknown)
432
+ expect(subject.test.message).to eq("no vulnerability testing logic defined")
433
+ end
434
+ end
435
+
436
+ describe "#build" do
437
+ subject { described_class.new }
438
+
439
+ it "must return nil by default" do
440
+ expect(subject.build).to be(nil)
441
+ end
442
+
443
+ it "must not set @payload by default" do
444
+ subject.build
445
+
446
+ expect(subject.instance_variable_get('@payload')).to be(nil)
447
+ end
448
+ end
449
+
450
+ describe "#perform_build" do
451
+ subject { described_class.new }
452
+
453
+ it "must call #build" do
454
+ expect(subject).to receive(:build)
455
+
456
+ subject.perform_build
457
+ end
458
+ end
459
+
460
+ describe "#launch" do
461
+ subject { described_class.new }
462
+
463
+ it "must return nil by default" do
464
+ expect(subject.launch).to be(nil)
465
+ end
466
+ end
467
+
468
+ describe "#perform_launch" do
469
+ subject { described_class.new }
470
+
471
+ it "must call #launch" do
472
+ expect(subject).to receive(:launch)
473
+
474
+ subject.perform_launch
475
+ end
476
+ end
477
+
478
+ describe "#cleanup" do
479
+ subject { described_class.new }
480
+
481
+ it "must return nil by default" do
482
+ expect(subject.cleanup).to be(nil)
483
+ end
484
+ end
485
+
486
+ describe "#perform_cleanup" do
487
+ subject { described_class.new }
488
+
489
+ it "must call #cleanup" do
490
+ expect(subject).to receive(:cleanup)
491
+
492
+ subject.perform_cleanup
493
+ end
494
+ end
495
+
496
+ describe "#exploit" do
497
+ it "must call #build and #launch" do
498
+ expect(subject).to receive(:build)
499
+ expect(subject).to receive(:launch)
500
+
501
+ subject.exploit
502
+ end
503
+
504
+ it "must return self" do
505
+ expect(subject.exploit).to be(subject)
506
+ end
507
+
508
+ context "when given a block" do
509
+ it "must call #build, #prelaunch, #launch, yield, then and #cleanup" do
510
+ expect(subject).to receive(:build)
511
+ expect(subject).to receive(:launch)
512
+ expect(subject).to receive(:cleanup)
513
+
514
+ expect { |b| subject.exploit(&b) }.to yield_with_args(subject)
515
+ end
516
+ end
517
+
518
+ context "when given the dry_run: true keyword argument" do
519
+ it "should not deploy during a dry-run of the exploit" do
520
+ expect(subject).to receive(:build)
521
+ expect(subject).to_not receive(:launch)
522
+ expect(subject).to_not receive(:cleanup)
523
+
524
+ subject.exploit(dry_run: true)
525
+ end
526
+ end
527
+ end
528
+
529
+ describe "#fail" do
530
+ let(:message) { "exploit failed" }
531
+
532
+ it "must raise an ExploitFailed exception with the given message" do
533
+ expect {
534
+ subject.fail(message)
535
+ }.to raise_error(Ronin::Exploits::ExploitFailed,message)
536
+ end
537
+ end
538
+ end
@@ -1,9 +1,8 @@
1
- require 'ronin/exploits/version'
2
-
3
1
  require 'spec_helper'
2
+ require 'ronin/exploits'
4
3
 
5
- describe Exploits do
4
+ describe Ronin::Exploits do
6
5
  it "should have a version" do
7
- Exploits.const_defined?('VERSION').should == true
6
+ expect(subject.const_defined?('VERSION')).to eq(true)
8
7
  end
9
8
  end
@@ -0,0 +1,14 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/heap_overflow'
3
+
4
+ describe Ronin::Exploits::HeapOverflow do
5
+ it "must inherit from Ronin::Exploits::MemoryCorruption" do
6
+ expect(described_class).to be < Ronin::Exploits::MemoryCorruption
7
+ end
8
+
9
+ describe ".exploit_type" do
10
+ subject { described_class }
11
+
12
+ it { expect(subject.exploit_type).to eq(:heap_overflow) }
13
+ end
14
+ end