ronin-exploits 0.3.1 → 1.0.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (338) hide show
  1. checksums.yaml +7 -0
  2. data/.document +4 -0
  3. data/.editorconfig +11 -0
  4. data/.github/workflows/ruby.yml +31 -0
  5. data/.gitignore +13 -0
  6. data/.mailmap +1 -0
  7. data/.rspec +1 -0
  8. data/.ruby-version +1 -0
  9. data/.yardopts +1 -0
  10. data/COPYING.txt +161 -335
  11. data/{History.txt → ChangeLog.md} +119 -16
  12. data/Gemfile +50 -0
  13. data/README.md +454 -0
  14. data/Rakefile +37 -23
  15. data/bin/ronin-exploits +13 -6
  16. data/data/new/exploit.rb.erb +158 -0
  17. data/gemspec.yml +44 -0
  18. data/lib/ronin/exploits/advisory.rb +84 -0
  19. data/lib/ronin/exploits/cli/command.rb +39 -0
  20. data/lib/ronin/exploits/cli/commands/irb.rb +57 -0
  21. data/lib/ronin/exploits/cli/commands/list.rb +80 -0
  22. data/lib/ronin/exploits/cli/commands/new.rb +332 -0
  23. data/lib/ronin/exploits/cli/commands/run.rb +396 -0
  24. data/lib/ronin/exploits/cli/commands/show.rb +290 -0
  25. data/lib/ronin/exploits/cli/exploit_command.rb +114 -0
  26. data/lib/ronin/exploits/cli/exploit_methods.rb +114 -0
  27. data/lib/ronin/exploits/cli/ruby_shell.rb +51 -0
  28. data/lib/ronin/exploits/cli.rb +51 -0
  29. data/lib/ronin/exploits/client_side_web_vuln.rb +69 -0
  30. data/lib/ronin/exploits/exceptions.rb +27 -17
  31. data/lib/ronin/exploits/exploit.rb +501 -582
  32. data/lib/ronin/exploits/heap_overflow.rb +50 -0
  33. data/lib/ronin/exploits/lfi.rb +141 -0
  34. data/lib/ronin/exploits/loot/file.rb +113 -0
  35. data/lib/ronin/exploits/loot.rb +119 -0
  36. data/lib/ronin/exploits/memory_corruption.rb +53 -0
  37. data/lib/ronin/exploits/metadata/arch.rb +83 -0
  38. data/lib/ronin/exploits/metadata/cookie_param.rb +80 -0
  39. data/lib/ronin/exploits/metadata/default_filename.rb +69 -0
  40. data/lib/ronin/exploits/metadata/default_port.rb +69 -0
  41. data/lib/ronin/exploits/metadata/header_name.rb +80 -0
  42. data/lib/ronin/exploits/metadata/os.rb +117 -0
  43. data/lib/ronin/exploits/metadata/shouts.rb +85 -0
  44. data/lib/ronin/exploits/metadata/url_path.rb +82 -0
  45. data/lib/ronin/exploits/metadata/url_query_param.rb +80 -0
  46. data/lib/ronin/exploits/mixins/binary.rb +106 -0
  47. data/lib/ronin/exploits/mixins/build_dir.rb +61 -0
  48. data/lib/ronin/exploits/mixins/file_builder.rb +102 -0
  49. data/lib/ronin/exploits/mixins/format_string.rb +87 -0
  50. data/lib/ronin/exploits/mixins/has_payload.rb +202 -0
  51. data/lib/ronin/exploits/mixins/has_targets.rb +297 -0
  52. data/lib/ronin/exploits/mixins/html.rb +213 -0
  53. data/lib/ronin/exploits/mixins/http.rb +866 -0
  54. data/lib/ronin/exploits/mixins/loot.rb +84 -0
  55. data/lib/ronin/exploits/mixins/nops.rb +121 -0
  56. data/lib/ronin/exploits/mixins/remote_tcp.rb +272 -0
  57. data/lib/ronin/exploits/mixins/remote_udp.rb +264 -0
  58. data/lib/ronin/exploits/mixins/seh.rb +136 -0
  59. data/lib/ronin/exploits/mixins/stack_overflow.rb +124 -0
  60. data/lib/ronin/exploits/mixins/text.rb +65 -0
  61. data/lib/ronin/exploits/mixins.rb +32 -0
  62. data/lib/ronin/exploits/open_redirect.rb +103 -0
  63. data/lib/ronin/exploits/params/base_url.rb +84 -0
  64. data/lib/ronin/exploits/params/bind_host.rb +53 -0
  65. data/lib/ronin/exploits/params/bind_port.rb +53 -0
  66. data/lib/ronin/exploits/params/filename.rb +71 -0
  67. data/lib/ronin/exploits/params/host.rb +56 -0
  68. data/lib/ronin/exploits/params/port.rb +71 -0
  69. data/lib/ronin/exploits/registry.rb +32 -0
  70. data/lib/ronin/exploits/rfi.rb +106 -0
  71. data/lib/ronin/exploits/root.rb +28 -0
  72. data/lib/ronin/exploits/seh_overflow.rb +90 -0
  73. data/lib/ronin/exploits/sqli.rb +172 -0
  74. data/lib/ronin/exploits/ssti.rb +108 -0
  75. data/lib/ronin/exploits/stack_overflow.rb +90 -0
  76. data/lib/ronin/exploits/target.rb +63 -103
  77. data/lib/ronin/exploits/test_result.rb +80 -0
  78. data/lib/ronin/exploits/use_after_free.rb +50 -0
  79. data/lib/ronin/exploits/version.rb +11 -12
  80. data/lib/ronin/exploits/web.rb +18 -89
  81. data/lib/ronin/exploits/web_vuln.rb +378 -0
  82. data/lib/ronin/exploits/xss.rb +102 -0
  83. data/lib/ronin/exploits.rb +19 -26
  84. data/man/ronin-exploits-irb.1 +31 -0
  85. data/man/ronin-exploits-irb.1.md +22 -0
  86. data/man/ronin-exploits-list.1 +37 -0
  87. data/man/ronin-exploits-list.1.md +27 -0
  88. data/man/ronin-exploits-new.1 +98 -0
  89. data/man/ronin-exploits-new.1.md +73 -0
  90. data/man/ronin-exploits-run.1 +117 -0
  91. data/man/ronin-exploits-run.1.md +87 -0
  92. data/man/ronin-exploits-show.1 +45 -0
  93. data/man/ronin-exploits-show.1.md +33 -0
  94. data/man/ronin-exploits.1 +55 -0
  95. data/man/ronin-exploits.1.md +41 -0
  96. data/ronin-exploits.gemspec +62 -0
  97. data/spec/advisory_spec.rb +71 -0
  98. data/spec/cli/exploit_command_spec.rb +68 -0
  99. data/spec/cli/exploit_methods_spec.rb +208 -0
  100. data/spec/cli/ruby_shell_spec.rb +14 -0
  101. data/spec/client_side_web_vuln_spec.rb +117 -0
  102. data/spec/exploit_spec.rb +538 -0
  103. data/spec/exploits_spec.rb +3 -4
  104. data/spec/heap_overflow_spec.rb +14 -0
  105. data/spec/lfi_spec.rb +162 -0
  106. data/spec/loot/file_spec.rb +131 -0
  107. data/spec/loot_spec.rb +138 -0
  108. data/spec/memory_corruption_spec.rb +22 -0
  109. data/spec/metadata/arch_spec.rb +82 -0
  110. data/spec/metadata/cookie_param_spec.rb +67 -0
  111. data/spec/metadata/default_filename_spec.rb +62 -0
  112. data/spec/metadata/default_port_spec.rb +62 -0
  113. data/spec/metadata/header_name_spec.rb +67 -0
  114. data/spec/metadata/os_spec.rb +164 -0
  115. data/spec/metadata/shouts_spec.rb +100 -0
  116. data/spec/metadata/url_path_spec.rb +67 -0
  117. data/spec/metadata/url_query_param_spec.rb +67 -0
  118. data/spec/mixins/binary_spec.rb +129 -0
  119. data/spec/mixins/build_dir.rb +66 -0
  120. data/spec/mixins/file_builder_spec.rb +67 -0
  121. data/spec/mixins/format_string_spec.rb +44 -0
  122. data/spec/mixins/has_payload_spec.rb +333 -0
  123. data/spec/mixins/has_targets_spec.rb +434 -0
  124. data/spec/mixins/html_spec.rb +772 -0
  125. data/spec/mixins/http_spec.rb +1227 -0
  126. data/spec/mixins/loot_spec.rb +20 -0
  127. data/spec/mixins/nops_spec.rb +165 -0
  128. data/spec/mixins/remote_tcp_spec.rb +217 -0
  129. data/spec/mixins/remote_udp_spec.rb +217 -0
  130. data/spec/mixins/seh_spec.rb +89 -0
  131. data/spec/mixins/stack_overflow_spec.rb +87 -0
  132. data/spec/mixins/text_spec.rb +43 -0
  133. data/spec/open_redirect_spec.rb +71 -0
  134. data/spec/params/base_url_spec.rb +71 -0
  135. data/spec/params/bind_host_spec.rb +34 -0
  136. data/spec/params/bind_port_spec.rb +35 -0
  137. data/spec/params/filename_spec.rb +77 -0
  138. data/spec/params/host_spec.rb +34 -0
  139. data/spec/params/port_spec.rb +77 -0
  140. data/spec/rfi_spec.rb +107 -0
  141. data/spec/seh_overflow_spec.rb +18 -0
  142. data/spec/spec_helper.rb +6 -10
  143. data/spec/sqli_spec.rb +306 -0
  144. data/spec/ssti_spec.rb +121 -0
  145. data/spec/stack_overflow_spec.rb +18 -0
  146. data/spec/target_spec.rb +92 -0
  147. data/spec/test_result_spec.rb +32 -0
  148. data/spec/use_after_free_spec.rb +14 -0
  149. data/spec/web_spec.rb +12 -0
  150. data/spec/web_vuln_spec.rb +854 -0
  151. data/spec/xss_spec.rb +69 -0
  152. metadata +361 -324
  153. data/Manifest.txt +0 -196
  154. data/README.txt +0 -274
  155. data/bin/ronin-exploit +0 -12
  156. data/bin/ronin-gen-binary-payload +0 -12
  157. data/bin/ronin-gen-exploit +0 -12
  158. data/bin/ronin-gen-ftp-exploit +0 -12
  159. data/bin/ronin-gen-http-exploit +0 -12
  160. data/bin/ronin-gen-local-exploit +0 -12
  161. data/bin/ronin-gen-nops +0 -12
  162. data/bin/ronin-gen-payload +0 -12
  163. data/bin/ronin-gen-remote-exploit +0 -12
  164. data/bin/ronin-gen-remote-tcp-exploit +0 -12
  165. data/bin/ronin-gen-remote-udp-exploit +0 -12
  166. data/bin/ronin-gen-shellcode +0 -12
  167. data/bin/ronin-gen-web-exploit +0 -12
  168. data/bin/ronin-payload +0 -12
  169. data/bin/ronin-payloads +0 -12
  170. data/lib/ronin/controls/behaviors.rb +0 -133
  171. data/lib/ronin/controls/exceptions/not_implemented.rb +0 -27
  172. data/lib/ronin/controls/exceptions/program_not_found.rb +0 -27
  173. data/lib/ronin/controls/exceptions.rb +0 -23
  174. data/lib/ronin/controls/file_system.rb +0 -145
  175. data/lib/ronin/controls/helpers/command_exec.rb +0 -143
  176. data/lib/ronin/controls/helpers/dir_create.rb +0 -42
  177. data/lib/ronin/controls/helpers/dir_listing.rb +0 -62
  178. data/lib/ronin/controls/helpers/dir_remove.rb +0 -42
  179. data/lib/ronin/controls/helpers/file_ctime.rb +0 -52
  180. data/lib/ronin/controls/helpers/file_mtime.rb +0 -53
  181. data/lib/ronin/controls/helpers/file_ownership.rb +0 -53
  182. data/lib/ronin/controls/helpers/file_read.rb +0 -62
  183. data/lib/ronin/controls/helpers/file_remove.rb +0 -51
  184. data/lib/ronin/controls/helpers/file_write.rb +0 -62
  185. data/lib/ronin/controls/helpers/memory_read.rb +0 -39
  186. data/lib/ronin/controls/helpers/memory_write.rb +0 -39
  187. data/lib/ronin/controls/helpers.rb +0 -33
  188. data/lib/ronin/controls.rb +0 -23
  189. data/lib/ronin/exploits/control.rb +0 -47
  190. data/lib/ronin/exploits/exceptions/exception.rb +0 -27
  191. data/lib/ronin/exploits/exceptions/exploit_not_built.rb +0 -29
  192. data/lib/ronin/exploits/exceptions/payload_size.rb +0 -29
  193. data/lib/ronin/exploits/exceptions/restricted_char.rb +0 -29
  194. data/lib/ronin/exploits/exceptions/target_data_missing.rb +0 -29
  195. data/lib/ronin/exploits/exceptions/target_unspecified.rb +0 -29
  196. data/lib/ronin/exploits/exceptions/unknown_helper.rb +0 -29
  197. data/lib/ronin/exploits/exploit_author.rb +0 -33
  198. data/lib/ronin/exploits/ftp.rb +0 -42
  199. data/lib/ronin/exploits/helpers/binary.rb +0 -50
  200. data/lib/ronin/exploits/helpers/buffer_overflow.rb +0 -115
  201. data/lib/ronin/exploits/helpers/file_based.rb +0 -112
  202. data/lib/ronin/exploits/helpers/format_string.rb +0 -117
  203. data/lib/ronin/exploits/helpers/padding.rb +0 -101
  204. data/lib/ronin/exploits/helpers.rb +0 -26
  205. data/lib/ronin/exploits/http.rb +0 -49
  206. data/lib/ronin/exploits/local.rb +0 -40
  207. data/lib/ronin/exploits/remote.rb +0 -40
  208. data/lib/ronin/exploits/remote_tcp.rb +0 -87
  209. data/lib/ronin/exploits/remote_udp.rb +0 -87
  210. data/lib/ronin/exploits/targets/buffer_overflow.rb +0 -46
  211. data/lib/ronin/exploits/targets/format_string.rb +0 -43
  212. data/lib/ronin/exploits/targets.rb +0 -27
  213. data/lib/ronin/exploits/verifiers.rb +0 -121
  214. data/lib/ronin/generators/exploits/exploit.rb +0 -70
  215. data/lib/ronin/generators/exploits/ftp.rb +0 -42
  216. data/lib/ronin/generators/exploits/http.rb +0 -42
  217. data/lib/ronin/generators/exploits/local.rb +0 -42
  218. data/lib/ronin/generators/exploits/remote.rb +0 -42
  219. data/lib/ronin/generators/exploits/remote_tcp.rb +0 -44
  220. data/lib/ronin/generators/exploits/remote_udp.rb +0 -44
  221. data/lib/ronin/generators/exploits/static.rb +0 -30
  222. data/lib/ronin/generators/exploits/web.rb +0 -45
  223. data/lib/ronin/generators/exploits.rb +0 -23
  224. data/lib/ronin/generators/payloads/binary_payload.rb +0 -42
  225. data/lib/ronin/generators/payloads/nops.rb +0 -42
  226. data/lib/ronin/generators/payloads/payload.rb +0 -66
  227. data/lib/ronin/generators/payloads/shellcode.rb +0 -42
  228. data/lib/ronin/generators/payloads/static.rb +0 -30
  229. data/lib/ronin/generators/payloads.rb +0 -23
  230. data/lib/ronin/model/has_default_port.rb +0 -54
  231. data/lib/ronin/model/targets_arch.rb +0 -68
  232. data/lib/ronin/model/targets_os.rb +0 -69
  233. data/lib/ronin/model/targets_product.rb +0 -68
  234. data/lib/ronin/payloads/asm_payload.rb +0 -40
  235. data/lib/ronin/payloads/binary_payload.rb +0 -42
  236. data/lib/ronin/payloads/control.rb +0 -47
  237. data/lib/ronin/payloads/encoders/encoder.rb +0 -92
  238. data/lib/ronin/payloads/encoders/xor.rb +0 -79
  239. data/lib/ronin/payloads/encoders.rb +0 -32
  240. data/lib/ronin/payloads/exceptions/exception.rb +0 -27
  241. data/lib/ronin/payloads/exceptions/not_implemented.rb +0 -29
  242. data/lib/ronin/payloads/exceptions/unknown_helper.rb +0 -29
  243. data/lib/ronin/payloads/exceptions.rb +0 -23
  244. data/lib/ronin/payloads/has_payload.rb +0 -111
  245. data/lib/ronin/payloads/helpers/chained.rb +0 -61
  246. data/lib/ronin/payloads/helpers/rpc.rb +0 -93
  247. data/lib/ronin/payloads/helpers.rb +0 -23
  248. data/lib/ronin/payloads/nops.rb +0 -39
  249. data/lib/ronin/payloads/payload.rb +0 -350
  250. data/lib/ronin/payloads/payload_author.rb +0 -33
  251. data/lib/ronin/payloads/shellcode.rb +0 -40
  252. data/lib/ronin/payloads/web_payload.rb +0 -41
  253. data/lib/ronin/payloads.rb +0 -36
  254. data/lib/ronin/ui/command_line/commands/exploit.rb +0 -193
  255. data/lib/ronin/ui/command_line/commands/exploits.rb +0 -154
  256. data/lib/ronin/ui/command_line/commands/gen_binary_payload.rb +0 -34
  257. data/lib/ronin/ui/command_line/commands/gen_exploit.rb +0 -34
  258. data/lib/ronin/ui/command_line/commands/gen_ftp_exploit.rb +0 -34
  259. data/lib/ronin/ui/command_line/commands/gen_http_exploit.rb +0 -34
  260. data/lib/ronin/ui/command_line/commands/gen_local_exploit.rb +0 -34
  261. data/lib/ronin/ui/command_line/commands/gen_nops.rb +0 -34
  262. data/lib/ronin/ui/command_line/commands/gen_payload.rb +0 -34
  263. data/lib/ronin/ui/command_line/commands/gen_remote_exploit.rb +0 -34
  264. data/lib/ronin/ui/command_line/commands/gen_remote_tcp_exploit.rb +0 -34
  265. data/lib/ronin/ui/command_line/commands/gen_remote_udp_exploit.rb +0 -34
  266. data/lib/ronin/ui/command_line/commands/gen_shellcode.rb +0 -34
  267. data/lib/ronin/ui/command_line/commands/gen_web_exploit.rb +0 -34
  268. data/lib/ronin/ui/command_line/commands/payload.rb +0 -129
  269. data/lib/ronin/ui/command_line/commands/payloads.rb +0 -128
  270. data/lib/ronin/vuln/behavior.rb +0 -165
  271. data/spec/controls/behaviors_examples.rb +0 -38
  272. data/spec/exploits/binary_exploit_spec.rb +0 -44
  273. data/spec/exploits/buffer_overflow_exploit_spec.rb +0 -70
  274. data/spec/exploits/exploit_spec.rb +0 -313
  275. data/spec/exploits/file_based_exploit_spec.rb +0 -48
  276. data/spec/exploits/format_string_exploit_spec.rb +0 -32
  277. data/spec/exploits/ftp_spec.rb +0 -13
  278. data/spec/exploits/http_spec.rb +0 -17
  279. data/spec/exploits/padding_exploit_spec.rb +0 -44
  280. data/spec/exploits/remote_tcp_spec.rb +0 -28
  281. data/spec/exploits/remote_udp_spec.rb +0 -28
  282. data/spec/exploits/target_spec.rb +0 -98
  283. data/spec/exploits/targets/buffer_overflow_spec.rb +0 -22
  284. data/spec/exploits/web_spec.rb +0 -35
  285. data/spec/generators/exploits/exploit_examples.rb +0 -24
  286. data/spec/generators/exploits/exploit_spec.rb +0 -42
  287. data/spec/generators/exploits/ftp_spec.rb +0 -42
  288. data/spec/generators/exploits/http_spec.rb +0 -42
  289. data/spec/generators/exploits/local_spec.rb +0 -42
  290. data/spec/generators/exploits/remote_spec.rb +0 -42
  291. data/spec/generators/exploits/remote_tcp_spec.rb +0 -47
  292. data/spec/generators/exploits/remote_udp_spec.rb +0 -47
  293. data/spec/generators/exploits/web_spec.rb +0 -52
  294. data/spec/generators/payloads/binary_payload_spec.rb +0 -31
  295. data/spec/generators/payloads/nops_spec.rb +0 -31
  296. data/spec/generators/payloads/payload_examples.rb +0 -16
  297. data/spec/generators/payloads/payload_spec.rb +0 -31
  298. data/spec/generators/payloads/shellcode_spec.rb +0 -31
  299. data/spec/helpers/database.rb +0 -5
  300. data/spec/helpers/objects.rb +0 -22
  301. data/spec/model/has_default_port_spec.rb +0 -27
  302. data/spec/model/models/default_port_model.rb +0 -13
  303. data/spec/model/models/non_default_port_model.rb +0 -11
  304. data/spec/model/models/targets_arch_model.rb +0 -11
  305. data/spec/model/models/targets_os_model.rb +0 -11
  306. data/spec/model/models/targets_product_model.rb +0 -11
  307. data/spec/model/targets_arch_spec.rb +0 -32
  308. data/spec/model/targets_os_spec.rb +0 -33
  309. data/spec/model/targets_product_spec.rb +0 -35
  310. data/spec/objects/exploits/example.rb +0 -25
  311. data/spec/objects/exploits/simple.rb +0 -24
  312. data/spec/objects/payloads/simple.rb +0 -19
  313. data/spec/payloads/encoders/encoder_spec.rb +0 -30
  314. data/spec/payloads/encoders/xor_spec.rb +0 -20
  315. data/spec/payloads/payload_spec.rb +0 -156
  316. data/spec/vuln/behavior_spec.rb +0 -15
  317. data/static/ronin/generators/exploits/_cache.erb +0 -14
  318. data/static/ronin/generators/exploits/_header.erb +0 -1
  319. data/static/ronin/generators/exploits/_helpers.erb +0 -4
  320. data/static/ronin/generators/exploits/exploit.erb +0 -24
  321. data/static/ronin/generators/exploits/ftp.erb +0 -24
  322. data/static/ronin/generators/exploits/http.erb +0 -26
  323. data/static/ronin/generators/exploits/local.erb +0 -24
  324. data/static/ronin/generators/exploits/remote.erb +0 -24
  325. data/static/ronin/generators/exploits/remote_tcp.erb +0 -26
  326. data/static/ronin/generators/exploits/remote_udp.erb +0 -26
  327. data/static/ronin/generators/exploits/web.erb +0 -28
  328. data/static/ronin/generators/payloads/_cache.erb +0 -10
  329. data/static/ronin/generators/payloads/_header.erb +0 -1
  330. data/static/ronin/generators/payloads/_helpers.erb +0 -2
  331. data/static/ronin/generators/payloads/binary_payload.erb +0 -25
  332. data/static/ronin/generators/payloads/nops.erb +0 -19
  333. data/static/ronin/generators/payloads/payload.erb +0 -25
  334. data/static/ronin/generators/payloads/shellcode.erb +0 -25
  335. data/tasks/spec.rb +0 -10
  336. data/tasks/yard.rb +0 -13
  337. data.tar.gz.sig +0 -0
  338. metadata.gz.sig +0 -0
@@ -0,0 +1,854 @@
1
+ require 'spec_helper'
2
+ require 'ronin/exploits/web_vuln'
3
+
4
+ describe Ronin::Exploits::WebVuln do
5
+ it "must include Ronin::Exploits::Mixins::HasPayload" do
6
+ expect(described_class).to include(Ronin::Exploits::Mixins::HasPayload)
7
+ end
8
+
9
+ describe ".request_method" do
10
+ subject { exploit_class }
11
+
12
+ context "and when request_method is not set in the class" do
13
+ module TestWebVuln
14
+ class WithNoRequestMethodSet < Ronin::Exploits::WebVuln
15
+ end
16
+ end
17
+
18
+ let(:exploit_class) { TestWebVuln::WithNoRequestMethodSet }
19
+
20
+ it "must default to :get" do
21
+ expect(subject.request_method).to eq(:get)
22
+ end
23
+ end
24
+
25
+ context "and when request_method is set in the class" do
26
+ module TestWebVuln
27
+ class WithRequestMethodSet < Ronin::Exploits::WebVuln
28
+ request_method :post
29
+ end
30
+ end
31
+
32
+ let(:exploit_class) { TestWebVuln::WithRequestMethodSet }
33
+
34
+ it "must return the set request_method" do
35
+ expect(subject.request_method).to eq(:post)
36
+ end
37
+ end
38
+
39
+ context "but when the request_method was set in the superclass" do
40
+ module TestWebVuln
41
+ class InheritsItsRequestMethod < WithRequestMethodSet
42
+ end
43
+ end
44
+
45
+ let(:exploit_class) { TestWebVuln::InheritsItsRequestMethod }
46
+
47
+ it "must return the request_method set in the superclass" do
48
+ expect(subject.request_method).to eq(:post)
49
+ end
50
+
51
+ context "but the request_method is overridden in the sub-class" do
52
+ module TestWebVuln
53
+ class OverridesItsInheritedRequestMethod < WithRequestMethodSet
54
+ request_method :put
55
+ end
56
+ end
57
+
58
+ let(:exploit_class) do
59
+ TestWebVuln::OverridesItsInheritedRequestMethod
60
+ end
61
+
62
+ it "must return the request_method set in the sub-class" do
63
+ expect(subject.request_method).to eq(:put)
64
+ end
65
+ end
66
+ end
67
+ end
68
+
69
+ describe ".base_path" do
70
+ subject { exploit_class }
71
+
72
+ context "and when base_path is not set in the class" do
73
+ module TestWebVuln
74
+ class WithNoBasePathSet < Ronin::Exploits::WebVuln
75
+ end
76
+ end
77
+
78
+ let(:exploit_class) { TestWebVuln::WithNoBasePathSet }
79
+
80
+ it do
81
+ expect {
82
+ subject.base_path
83
+ }.to raise_error(NotImplementedError,"#{subject} did not set base_path")
84
+ end
85
+ end
86
+
87
+ context "and when base_path is set in the class" do
88
+ module TestWebVuln
89
+ class WithBasePathSet < Ronin::Exploits::WebVuln
90
+ base_path '/test'
91
+ end
92
+ end
93
+
94
+ let(:exploit_class) { TestWebVuln::WithBasePathSet }
95
+
96
+ it "must return the set base_path" do
97
+ expect(subject.base_path).to eq("/test")
98
+ end
99
+ end
100
+
101
+ context "but when the base_path was set in the superclass" do
102
+ module TestWebVuln
103
+ class InheritsItsBasePath < WithBasePathSet
104
+ end
105
+ end
106
+
107
+ let(:exploit_class) { TestWebVuln::InheritsItsBasePath }
108
+
109
+ it "must return the base_path set in the superclass" do
110
+ expect(subject.base_path).to eq("/test")
111
+ end
112
+
113
+ context "but the base_path is overridden in the sub-class" do
114
+ module TestWebVuln
115
+ class OverridesItsInheritedBasePath < WithBasePathSet
116
+ base_path "/test2"
117
+ end
118
+ end
119
+
120
+ let(:exploit_class) do
121
+ TestWebVuln::OverridesItsInheritedBasePath
122
+ end
123
+
124
+ it "must return the base_path set in the sub-class" do
125
+ expect(subject.base_path).to eq("/test2")
126
+ end
127
+ end
128
+ end
129
+ end
130
+
131
+ describe ".query_param" do
132
+ subject { exploit_class }
133
+
134
+ context "and when query_param is not set in the class" do
135
+ module TestWebVuln
136
+ class WithNoQueryParamSet < Ronin::Exploits::WebVuln
137
+ end
138
+ end
139
+
140
+ let(:exploit_class) { TestWebVuln::WithNoQueryParamSet }
141
+
142
+ it "must default to nil" do
143
+ expect(subject.query_param).to be(nil)
144
+ end
145
+ end
146
+
147
+ context "and when query_param is set in the class" do
148
+ module TestWebVuln
149
+ class WithQueryParamSet < Ronin::Exploits::WebVuln
150
+ query_param 'test'
151
+ end
152
+ end
153
+
154
+ let(:exploit_class) { TestWebVuln::WithQueryParamSet }
155
+
156
+ it "must return the set query_param" do
157
+ expect(subject.query_param).to eq("test")
158
+ end
159
+ end
160
+
161
+ context "but when the query_param was set in the superclass" do
162
+ module TestWebVuln
163
+ class InheritsItsQueryParam < WithQueryParamSet
164
+ end
165
+ end
166
+
167
+ let(:exploit_class) { TestWebVuln::InheritsItsQueryParam }
168
+
169
+ it "must return the query_param set in the superclass" do
170
+ expect(subject.query_param).to eq("test")
171
+ end
172
+
173
+ context "but the query_param is overridden in the sub-class" do
174
+ module TestWebVuln
175
+ class OverridesItsInheritedQueryParam < WithQueryParamSet
176
+ query_param "test2"
177
+ end
178
+ end
179
+
180
+ let(:exploit_class) do
181
+ TestWebVuln::OverridesItsInheritedQueryParam
182
+ end
183
+
184
+ it "must return the query_param set in the sub-class" do
185
+ expect(subject.query_param).to eq("test2")
186
+ end
187
+ end
188
+ end
189
+ end
190
+
191
+ describe ".header_name" do
192
+ subject { exploit_class }
193
+
194
+ context "and when header_name is not set in the class" do
195
+ module TestWebVuln
196
+ class WithNoHeaderNameSet < Ronin::Exploits::WebVuln
197
+ end
198
+ end
199
+
200
+ let(:exploit_class) { TestWebVuln::WithNoHeaderNameSet }
201
+
202
+ it "must default to nil" do
203
+ expect(subject.header_name).to be(nil)
204
+ end
205
+ end
206
+
207
+ context "and when header_name is set in the class" do
208
+ module TestWebVuln
209
+ class WithHeaderNameSet < Ronin::Exploits::WebVuln
210
+ header_name 'test'
211
+ end
212
+ end
213
+
214
+ let(:exploit_class) { TestWebVuln::WithHeaderNameSet }
215
+
216
+ it "must return the set header_name" do
217
+ expect(subject.header_name).to eq("test")
218
+ end
219
+ end
220
+
221
+ context "but when the header_name was set in the superclass" do
222
+ module TestWebVuln
223
+ class InheritsItsHeaderName < WithHeaderNameSet
224
+ end
225
+ end
226
+
227
+ let(:exploit_class) { TestWebVuln::InheritsItsHeaderName }
228
+
229
+ it "must return the header_name set in the superclass" do
230
+ expect(subject.header_name).to eq("test")
231
+ end
232
+
233
+ context "but the header_name is overridden in the sub-class" do
234
+ module TestWebVuln
235
+ class OverridesItsInheritedHeaderName < WithHeaderNameSet
236
+ header_name "test2"
237
+ end
238
+ end
239
+
240
+ let(:exploit_class) do
241
+ TestWebVuln::OverridesItsInheritedHeaderName
242
+ end
243
+
244
+ it "must return the header_name set in the sub-class" do
245
+ expect(subject.header_name).to eq("test2")
246
+ end
247
+ end
248
+ end
249
+ end
250
+
251
+ describe ".cookie_param" do
252
+ subject { exploit_class }
253
+
254
+ context "and when cookie_param is not set in the class" do
255
+ module TestWebVuln
256
+ class WithNoCookieParamSet < Ronin::Exploits::WebVuln
257
+ end
258
+ end
259
+
260
+ let(:exploit_class) { TestWebVuln::WithNoCookieParamSet }
261
+
262
+ it "must default to nil" do
263
+ expect(subject.cookie_param).to be(nil)
264
+ end
265
+ end
266
+
267
+ context "and when cookie_param is set in the class" do
268
+ module TestWebVuln
269
+ class WithCookieParamSet < Ronin::Exploits::WebVuln
270
+ cookie_param 'test'
271
+ end
272
+ end
273
+
274
+ let(:exploit_class) { TestWebVuln::WithCookieParamSet }
275
+
276
+ it "must return the set cookie_param" do
277
+ expect(subject.cookie_param).to eq("test")
278
+ end
279
+ end
280
+
281
+ context "but when the cookie_param was set in the superclass" do
282
+ module TestWebVuln
283
+ class InheritsItsCookieParam < WithCookieParamSet
284
+ end
285
+ end
286
+
287
+ let(:exploit_class) { TestWebVuln::InheritsItsCookieParam }
288
+
289
+ it "must return the cookie_param set in the superclass" do
290
+ expect(subject.cookie_param).to eq("test")
291
+ end
292
+
293
+ context "but the cookie_param is overridden in the sub-class" do
294
+ module TestWebVuln
295
+ class OverridesItsInheritedCookieParam < WithCookieParamSet
296
+ cookie_param "test2"
297
+ end
298
+ end
299
+
300
+ let(:exploit_class) do
301
+ TestWebVuln::OverridesItsInheritedCookieParam
302
+ end
303
+
304
+ it "must return the cookie_param set in the sub-class" do
305
+ expect(subject.cookie_param).to eq("test2")
306
+ end
307
+ end
308
+ end
309
+ end
310
+
311
+ describe ".form_param" do
312
+ subject { exploit_class }
313
+
314
+ context "and when form_param is not set in the class" do
315
+ module TestWebVuln
316
+ class WithNoFormParamSet < Ronin::Exploits::WebVuln
317
+ end
318
+ end
319
+
320
+ let(:exploit_class) { TestWebVuln::WithNoFormParamSet }
321
+
322
+ it "must default to nil" do
323
+ expect(subject.form_param).to be(nil)
324
+ end
325
+ end
326
+
327
+ context "and when form_param is set in the class" do
328
+ module TestWebVuln
329
+ class WithFormParamSet < Ronin::Exploits::WebVuln
330
+ form_param 'test'
331
+ end
332
+ end
333
+
334
+ let(:exploit_class) { TestWebVuln::WithFormParamSet }
335
+
336
+ it "must return the set form_param" do
337
+ expect(subject.form_param).to eq("test")
338
+ end
339
+ end
340
+
341
+ context "but when the form_param was set in the superclass" do
342
+ module TestWebVuln
343
+ class InheritsItsFormParam < WithFormParamSet
344
+ end
345
+ end
346
+
347
+ let(:exploit_class) { TestWebVuln::InheritsItsFormParam }
348
+
349
+ it "must return the form_param set in the superclass" do
350
+ expect(subject.form_param).to eq("test")
351
+ end
352
+
353
+ context "but the form_param is overridden in the sub-class" do
354
+ module TestWebVuln
355
+ class OverridesItsInheritedFormParam < WithFormParamSet
356
+ form_param "test2"
357
+ end
358
+ end
359
+
360
+ let(:exploit_class) do
361
+ TestWebVuln::OverridesItsInheritedFormParam
362
+ end
363
+
364
+ it "must return the form_param set in the sub-class" do
365
+ expect(subject.form_param).to eq("test2")
366
+ end
367
+ end
368
+ end
369
+ end
370
+
371
+ describe ".headers" do
372
+ subject { exploit_class }
373
+
374
+ context "and when headers is not set in the class" do
375
+ module TestWebVuln
376
+ class WithNoHeadersSet < Ronin::Exploits::WebVuln
377
+ end
378
+ end
379
+
380
+ let(:exploit_class) { TestWebVuln::WithNoHeadersSet }
381
+
382
+ it "must default to nil" do
383
+ expect(subject.headers).to be(nil)
384
+ end
385
+ end
386
+
387
+ context "and when headers is set in the class" do
388
+ module TestWebVuln
389
+ class WithHeadersSet < Ronin::Exploits::WebVuln
390
+ headers 'X-Foo' => 'foo'
391
+ end
392
+ end
393
+
394
+ let(:exploit_class) { TestWebVuln::WithHeadersSet }
395
+
396
+ it "must return the set headers" do
397
+ expect(subject.headers).to eq({'X-Foo' => 'foo'})
398
+ end
399
+ end
400
+
401
+ context "but when the headers was set in the superclass" do
402
+ module TestWebVuln
403
+ class InheritsItsHeaders < WithHeadersSet
404
+ end
405
+ end
406
+
407
+ let(:exploit_class) { TestWebVuln::InheritsItsHeaders }
408
+
409
+ it "must return the headers set in the superclass" do
410
+ expect(subject.headers).to eq({'X-Foo' => 'foo'})
411
+ end
412
+
413
+ context "but the headers is overridden in the sub-class" do
414
+ module TestWebVuln
415
+ class OverridesItsInheritedHeaders < WithHeadersSet
416
+ headers 'X-Bar' => 'bar'
417
+ end
418
+ end
419
+
420
+ let(:exploit_class) do
421
+ TestWebVuln::OverridesItsInheritedHeaders
422
+ end
423
+
424
+ it "must return the headers set in the sub-class" do
425
+ expect(subject.headers).to eq({'X-Bar' => 'bar'})
426
+ end
427
+ end
428
+ end
429
+ end
430
+
431
+ describe ".cookie" do
432
+ subject { exploit_class }
433
+
434
+ context "and when cookie is not set in the class" do
435
+ module TestWebVuln
436
+ class WithNoCookieSet < Ronin::Exploits::WebVuln
437
+ end
438
+ end
439
+
440
+ let(:exploit_class) { TestWebVuln::WithNoCookieSet }
441
+
442
+ it "must default to nil" do
443
+ expect(subject.cookie).to be(nil)
444
+ end
445
+ end
446
+
447
+ context "and when cookie is set in the class" do
448
+ module TestWebVuln
449
+ class WithCookieSet < Ronin::Exploits::WebVuln
450
+ cookie 'foo' => '1'
451
+ end
452
+ end
453
+
454
+ let(:exploit_class) { TestWebVuln::WithCookieSet }
455
+
456
+ it "must return the set cookie" do
457
+ expect(subject.cookie).to eq({'foo' => '1'})
458
+ end
459
+ end
460
+
461
+ context "but when the cookie was set in the superclass" do
462
+ module TestWebVuln
463
+ class InheritsItsCookie < WithCookieSet
464
+ end
465
+ end
466
+
467
+ let(:exploit_class) { TestWebVuln::InheritsItsCookie }
468
+
469
+ it "must return the cookie set in the superclass" do
470
+ expect(subject.cookie).to eq({'foo' => '1'})
471
+ end
472
+
473
+ context "but the cookie is overridden in the sub-class" do
474
+ module TestWebVuln
475
+ class OverridesItsInheritedCookie < WithCookieSet
476
+ cookie 'bar' => '2'
477
+ end
478
+ end
479
+
480
+ let(:exploit_class) do
481
+ TestWebVuln::OverridesItsInheritedCookie
482
+ end
483
+
484
+ it "must return the cookie set in the sub-class" do
485
+ expect(subject.cookie).to eq({'bar' => '2'})
486
+ end
487
+ end
488
+ end
489
+ end
490
+
491
+ describe ".form_data" do
492
+ subject { exploit_class }
493
+
494
+ context "and when form_data is not set in the class" do
495
+ module TestWebVuln
496
+ class WithNoFormDataSet < Ronin::Exploits::WebVuln
497
+ end
498
+ end
499
+
500
+ let(:exploit_class) { TestWebVuln::WithNoFormDataSet }
501
+
502
+ it "must default to nil" do
503
+ expect(subject.form_data).to be(nil)
504
+ end
505
+ end
506
+
507
+ context "and when form_data is set in the class" do
508
+ module TestWebVuln
509
+ class WithFormDataSet < Ronin::Exploits::WebVuln
510
+ form_data 'foo' => 'a'
511
+ end
512
+ end
513
+
514
+ let(:exploit_class) { TestWebVuln::WithFormDataSet }
515
+
516
+ it "must return the set form_data" do
517
+ expect(subject.form_data).to eq({'foo' => 'a'})
518
+ end
519
+ end
520
+
521
+ context "but when the form_data was set in the superclass" do
522
+ module TestWebVuln
523
+ class InheritsItsFormData < WithFormDataSet
524
+ end
525
+ end
526
+
527
+ let(:exploit_class) { TestWebVuln::InheritsItsFormData }
528
+
529
+ it "must return the form_data set in the superclass" do
530
+ expect(subject.form_data).to eq({'foo' => 'a'})
531
+ end
532
+
533
+ context "but the form_data is overridden in the sub-class" do
534
+ module TestWebVuln
535
+ class OverridesItsInheritedFormData < WithFormDataSet
536
+ form_data 'bar' => 'b'
537
+ end
538
+ end
539
+
540
+ let(:exploit_class) do
541
+ TestWebVuln::OverridesItsInheritedFormData
542
+ end
543
+
544
+ it "must return the form_data set in the sub-class" do
545
+ expect(subject.form_data).to eq({'bar' => 'b'})
546
+ end
547
+ end
548
+ end
549
+ end
550
+
551
+ describe ".referer" do
552
+ subject { exploit_class }
553
+
554
+ context "and when referer is not set in the class" do
555
+ module TestWebVuln
556
+ class WithNoRefererSet < Ronin::Exploits::WebVuln
557
+ end
558
+ end
559
+
560
+ let(:exploit_class) { TestWebVuln::WithNoRefererSet }
561
+
562
+ it "must default to nil" do
563
+ expect(subject.referer).to be(nil)
564
+ end
565
+ end
566
+
567
+ context "and when referer is set in the class" do
568
+ module TestWebVuln
569
+ class WithRefererSet < Ronin::Exploits::WebVuln
570
+ referer '/previous/page'
571
+ end
572
+ end
573
+
574
+ let(:exploit_class) { TestWebVuln::WithRefererSet }
575
+
576
+ it "must return the set referer" do
577
+ expect(subject.referer).to eq('/previous/page')
578
+ end
579
+ end
580
+
581
+ context "but when the referer was set in the superclass" do
582
+ module TestWebVuln
583
+ class InheritsItsReferer < WithRefererSet
584
+ end
585
+ end
586
+
587
+ let(:exploit_class) { TestWebVuln::InheritsItsReferer }
588
+
589
+ it "must return the referer set in the superclass" do
590
+ expect(subject.referer).to eq('/previous/page')
591
+ end
592
+
593
+ context "but the referer is overridden in the sub-class" do
594
+ module TestWebVuln
595
+ class OverridesItsInheritedReferer < WithRefererSet
596
+ referer '/previous/page2'
597
+ end
598
+ end
599
+
600
+ let(:exploit_class) do
601
+ TestWebVuln::OverridesItsInheritedReferer
602
+ end
603
+
604
+ it "must return the referer set in the sub-class" do
605
+ expect(subject.referer).to eq('/previous/page2')
606
+ end
607
+ end
608
+ end
609
+ end
610
+
611
+ module TestWebVuln
612
+ class TestExploit < Ronin::Exploits::WebVuln
613
+
614
+ base_path '/path/to/vuln'
615
+
616
+ query_param 'id'
617
+
618
+ end
619
+ end
620
+
621
+ let(:exploit_class) { TestWebVuln::TestExploit }
622
+
623
+ let(:base_url) { 'https://www.example.com/' }
624
+
625
+ subject do
626
+ exploit_class.new(
627
+ params: {
628
+ base_url: base_url
629
+ }
630
+ )
631
+ end
632
+
633
+ describe "#url" do
634
+ let(:expected_url) do
635
+ URI(base_url).merge(exploit_class.base_path)
636
+ end
637
+
638
+ it "must return a URL built from the exploit's .base_path" do
639
+ expect(subject.url).to eq(expected_url)
640
+ end
641
+ end
642
+
643
+ describe "#web_vuln_kwargs" do
644
+ subject do
645
+ exploit_class.new(
646
+ params: {
647
+ base_url: base_url
648
+ }
649
+ )
650
+ end
651
+
652
+ it "must set the :http keyword to #http" do
653
+ expect(subject.web_vuln_kwargs[:http]).to be(subject.http)
654
+ end
655
+
656
+ context "when the exploit class defines a query_param value" do
657
+ module TestWebVuln
658
+ class TestExploitWithQueryParam < Ronin::Exploits::WebVuln
659
+ query_param 'id'
660
+ end
661
+ end
662
+
663
+ let(:exploit_class) { TestWebVuln::TestExploitWithQueryParam }
664
+
665
+ it "must set the :query_param value" do
666
+ expect(subject.web_vuln_kwargs[:query_param]).to eq(exploit_class.query_param)
667
+ end
668
+ end
669
+
670
+ context "when the exploit class defines a header_name value" do
671
+ module TestWebVuln
672
+ class TestExploitWithHeaderName < Ronin::Exploits::WebVuln
673
+ header_name 'X-Foo'
674
+ end
675
+ end
676
+
677
+ let(:exploit_class) { TestWebVuln::TestExploitWithHeaderName }
678
+
679
+ it "must set the :header_name value" do
680
+ expect(subject.web_vuln_kwargs[:header_name]).to eq(exploit_class.header_name)
681
+ end
682
+ end
683
+
684
+ context "when the exploit class defines a cookie_param value" do
685
+ module TestWebVuln
686
+ class TestExploitWithCookieParam < Ronin::Exploits::WebVuln
687
+ cookie_param 'foo'
688
+ end
689
+ end
690
+
691
+ let(:exploit_class) { TestWebVuln::TestExploitWithCookieParam }
692
+
693
+ it "must set the :cookie_param value" do
694
+ expect(subject.web_vuln_kwargs[:cookie_param]).to eq(exploit_class.cookie_param)
695
+ end
696
+ end
697
+
698
+ context "when the exploit class defines a form_param value" do
699
+ module TestWebVuln
700
+ class TestExploitWithFormParam < Ronin::Exploits::WebVuln
701
+ form_param 'bar'
702
+ end
703
+ end
704
+
705
+ let(:exploit_class) { TestWebVuln::TestExploitWithFormParam }
706
+
707
+ it "must set the :form_param value" do
708
+ expect(subject.web_vuln_kwargs[:form_param]).to eq(exploit_class.form_param)
709
+ end
710
+ end
711
+
712
+ context "when the exploit class defines a request_method value" do
713
+ module TestWebVuln
714
+ class TestExploitWithRequestMethod < Ronin::Exploits::WebVuln
715
+ request_method :post
716
+ end
717
+ end
718
+
719
+ let(:exploit_class) { TestWebVuln::TestExploitWithRequestMethod }
720
+
721
+ it "must set the :request_method value" do
722
+ expect(subject.web_vuln_kwargs[:request_method]).to eq(exploit_class.request_method)
723
+ end
724
+ end
725
+
726
+ context "when the exploit has the 'http_user' param set" do
727
+ let(:http_user) { 'bob' }
728
+
729
+ subject do
730
+ exploit_class.new(
731
+ params: {
732
+ base_url: base_url,
733
+ http_user: http_user
734
+ }
735
+ )
736
+ end
737
+
738
+ it "must set the :user value to the 'http_user' param" do
739
+ expect(subject.web_vuln_kwargs[:user]).to eq(http_user)
740
+ end
741
+ end
742
+
743
+ context "when the exploit has the 'http_password' param set" do
744
+ let(:http_password) { 'secret' }
745
+
746
+ subject do
747
+ exploit_class.new(
748
+ params: {
749
+ base_url: base_url,
750
+ http_password: http_password
751
+ }
752
+ )
753
+ end
754
+
755
+ it "must set the :password value to the 'http_password' param" do
756
+ expect(subject.web_vuln_kwargs[:password]).to eq(http_password)
757
+ end
758
+ end
759
+
760
+ context "when the exploit class defines a headers value" do
761
+ module TestWebVuln
762
+ class TestExploitWithHeaders < Ronin::Exploits::WebVuln
763
+ headers 'X-Foo' => 'foo', 'X-Bar' => 'bar'
764
+ end
765
+ end
766
+
767
+ let(:exploit_class) { TestWebVuln::TestExploitWithHeaders }
768
+
769
+ it "must set the :headers value" do
770
+ expect(subject.web_vuln_kwargs[:headers]).to eq(exploit_class.headers)
771
+ end
772
+ end
773
+
774
+ context "when the exploit class defines a cookie value" do
775
+ module TestWebVuln
776
+ class TestExploitWithCookie < Ronin::Exploits::WebVuln
777
+ cookie 'foo' => 'a', 'bar' => 'b'
778
+ end
779
+ end
780
+
781
+ let(:exploit_class) { TestWebVuln::TestExploitWithCookie }
782
+
783
+ it "must set the :cookie value" do
784
+ expect(subject.web_vuln_kwargs[:cookie]).to eq(exploit_class.cookie)
785
+ end
786
+ end
787
+
788
+ context "when the exploit class defines a form_data value" do
789
+ module TestWebVuln
790
+ class TestExploitWithFormData < Ronin::Exploits::WebVuln
791
+ form_data 'foo' => 'a', 'bar' => 'b'
792
+ end
793
+ end
794
+
795
+ let(:exploit_class) { TestWebVuln::TestExploitWithFormData }
796
+
797
+ it "must set the :form_data value" do
798
+ expect(subject.web_vuln_kwargs[:form_data]).to eq(exploit_class.form_data)
799
+ end
800
+ end
801
+
802
+ context "when the exploit class defines a referer value" do
803
+ module TestWebVuln
804
+ class TestExploitWithReferer < Ronin::Exploits::WebVuln
805
+ referer '/page'
806
+ end
807
+ end
808
+
809
+ let(:exploit_class) { TestWebVuln::TestExploitWithReferer }
810
+
811
+ it "must set the :referer value to the expanded referer URL" do
812
+ expect(subject.web_vuln_kwargs[:referer]).to eq(subject.url_for(exploit_class.referer))
813
+ end
814
+ end
815
+ end
816
+
817
+ describe "#vuln" do
818
+ it "must raise NotImplementedError by default" do
819
+ expect {
820
+ subject.vuln
821
+ }.to raise_error(NotImplementedError,"#{subject.class}#vuln was not implemented")
822
+ end
823
+ end
824
+
825
+ describe "#test" do
826
+ let(:vuln) { double('Ronin::Vulns::WebVuln object') }
827
+
828
+ before do
829
+ expect(subject).to receive(:vuln).and_return(vuln)
830
+ end
831
+
832
+ context "when #vuln.vulnerable? returns true" do
833
+ before { allow(vuln).to receive(:vulnerable?).and_return(true) }
834
+
835
+ it "must return TestResult::Vulnerable" do
836
+ result = subject.test
837
+
838
+ expect(result).to be_kind_of(Ronin::Exploits::TestResult::Vulnerable)
839
+ expect(result.message).to eq("The target URL is vulnerable")
840
+ end
841
+ end
842
+
843
+ context "when #vuln.vulnerable? returns false" do
844
+ before { allow(vuln).to receive(:vulnerable?).and_return(false) }
845
+
846
+ it "must return TestResult::NotVulnerable" do
847
+ result = subject.test
848
+
849
+ expect(result).to be_kind_of(Ronin::Exploits::TestResult::NotVulnerable)
850
+ expect(result.message).to eq("The target URL is not vulnerable")
851
+ end
852
+ end
853
+ end
854
+ end