ronin-exploits 1.0.0.beta2 → 1.0.0.beta3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b7d601e1580ea5719c365a686d579659df4deb60d77eff285d74ac1280d93b3
-  data.tar.gz: 87e9cef6168d40862c0442aabdaaa69d51563cbae6ff93abb8a3c4c0ef0b6704
+  metadata.gz: 850efd0369626bc57a83bf7d51ab1d8fc471bfe1472feee5720c80d7f064fdb5
+  data.tar.gz: b185d3383dc0549dd4aa9aa5e9df990a9554081028fb4cf2e49fd47332ffba7a
 SHA512:
-  metadata.gz: 37e77fed488fdcfed0357d792738b3bb231cbeae749631291aa12544a8b225ca14fe548cf70985ae88d9946f5e1f8ead8c1d0078d486fa4d0ed837b33fca9aa6
-  data.tar.gz: e032ca57e0b63ca63b93e79d6479c631a8939eaa5406d4d4d68bafebfd5b16ffdfc5e6f58f245440036ec0f2869937709c84cf915ce78e10efc4fb03c0bcc303
+  metadata.gz: 958a1be608668de05fd28d2baeb44d1e7be1765cae684a4110a3183d92647582e6d51921ea24347a562685750717faf5e6e33d62102947f7f11afa3c9b8e7d3b
+  data.tar.gz: 8dbb0fc9782bced0ea57d49f9f65181ee752776c52ae31f437c368affecbb7a44e288c4e6568ea030d48ee1afde343b3c2cef56d9c9ad2e0c66af68519e216ab

data/.github/workflows/ruby.yml

@@ -21,6 +21,7 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
       - name: Install libsqlite3
         run: |
           sudo apt update -y && \

data/README.md

@@ -2,6 +2,7 @@
 
 [![CI](https://github.com/ronin-rb/ronin-exploits/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-exploits/actions/workflows/ruby.yml)
 [![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-exploits.svg)](https://codeclimate.com/github/ronin-rb/ronin-exploits)
+[![Gem Version](https://badge.fury.io/rb/ronin-exploits.svg)](https://badge.fury.io/rb/ronin-exploits)
 
 * [Source](https://github.com/ronin-rb/ronin-exploits)
 * [Issues](https://github.com/ronin-rb/ronin-exploits/issues)
@@ -17,6 +18,9 @@ ronin-exploits allows one to write exploits as plain old Ruby classes.
 ronin-exploits can be distributed as Ruby files or as git repositories that can
 be installed using [ronin-repos].
 
+**tl;dr** It's like a simpler version of
+[Metasploit](https://www.metasploit.com/).
+
 ronin-exploits is part of the [ronin-rb] project, a [Ruby] toolkit for security
 research and development.
 

data/gemspec.yml

@@ -1,11 +1,13 @@
 name: ronin-exploits
 summary: A Ruby micro-framework for writing and running exploits and payloads.
-description:
+description: |
   ronin-exploits is a Ruby micro-framework for writing and running exploits.
   ronin-exploits allows one to write exploits as plain old Ruby classes.
   ronin-exploits can be distributed as Ruby files or as git repositories that
   can be installed using ronin-reps.
 
+  It's like a simpler version of Metasploit.
+
 license: LGPL-3.0
 authors: Postmodern
 email: postmodern.mod3@gmail.com

data/lib/ronin/exploits/cli/commands/run.rb

@@ -118,7 +118,11 @@ module Ronin
                                    type: /\A[^=\s]+=.+\z/,
                                    usage: 'NAME=VALUE'
                                  },
-                                 desc: 'Sets a param on the payload'
+                                 desc: 'Sets a param on the payload' do |param|
+                                   name, value = param.split('=',2)
+
+                                   @payload_params[name.to_sym] = value
+                                 end
 
           # Encoder options
           option :encoder_file, value: {
@@ -228,6 +232,7 @@ module Ronin
 
             @load_encoders  = []
             @encoder_params = Hash.new { |hash,key| hash[key] = {} }
+            @payload_params = {}
             @target_kwargs  = {}
           end
 
@@ -244,6 +249,7 @@ module Ronin
             load_payload
             initialize_encoders
             initialize_payload
+            validate_payload
             initialize_exploit
             validate_exploit
             run_exploit
@@ -257,6 +263,10 @@ module Ronin
             perform_cleanup
           end
 
+          #
+          # Loads the payload encoder classes specified by `--encoder` or
+          # `--encoder-file`.
+          #
           def load_encoders
             @encoder_classes = @load_encoders.map do |(type,value)|
               case type
@@ -266,12 +276,20 @@ module Ronin
             end
           end
 
+          #
+          # Initializes the payload encoders specified by `--encoder` or
+          # `--encoder-file`.
+          #
           def initialize_encoders
             @encoders = @encoder_classes.map do |encoder_class|
               encoder_class.new(params: @encoder_params[encoder_class.id])
             end
           end
 
+          #
+          # Loads the payload class specified by `--payload` or
+          # `--payload-file`.
+          #
           def load_payload
             @payload_class = if options[:payload]
                                super(options[:payload])
@@ -280,6 +298,10 @@ module Ronin
                              end
           end
 
+          #
+          # Initializes the payload specified by `--payload`, `--payload-file`,
+          # `--read-payload`, or `--payload-string`.
+          #
           def initialize_payload
             @payload = if @payload_class
                          super(@payload_class, params:   @payload_params,
@@ -291,6 +313,16 @@ module Ronin
                        end
           end
 
+          #
+          # Validates the payload.
+          #
+          def validate_payload
+            super(@payload)
+          end
+
+          #
+          # Initializes the exploit.
+          #
           def initialize_exploit
             kwargs = {params: @params}
 
@@ -309,13 +341,16 @@ module Ronin
             super(**kwargs)
           end
 
+          #
+          # Runs the exploit.
+          #
           def run_exploit
             log_info "Running exploit #{@exploit.class_id} ..."
 
             begin
               @exploit.exploit(dry_run: options[:dry_run])
             rescue ExploitError => error
-              print_error("failed to run exploit #{@exploit.class_id}: #{error.message}")
+              print_error "failed to run exploit #{@exploit.class_id}: #{error.message}"
               exit(1)
             rescue => error
               print_exception(error)
@@ -324,6 +359,9 @@ module Ronin
             end
           end
 
+          #
+          # Starts an interactive ruby shell within the exploit object.
+          #
           def start_shell
             log_info "Exploit #{@exploit.class_id} launched!"
             log_info "Starting interactive Ruby shell ..."
@@ -331,12 +369,15 @@ module Ronin
             RubyShell.start(name: @exploit_class.name, context: @exploit)
           end
 
+          #
+          # Performs the post-exploitation stage.
+          #
           def post_exploitation
             if @exploit_class.include?(Mixins::HasPayload) &&
                @exploit.payload.kind_of?(Ronin::Payloads::Payload) &&
-               @exploit.payload.kind_of?(Ronin::Payloads::Mixins::PostExt)
+               @exploit.payload.kind_of?(Ronin::Payloads::Mixins::PostEx)
               unless @exploit.payload.session
-                print_error("payload (#{@exploit.payload.class_id}) did not create a post-exploitation session")
+                print_error "payload (#{@exploit.payload.class_id}) did not create a post-exploitation session"
 
                 perform_cleanup
                 eixt(1)
@@ -349,6 +390,9 @@ module Ronin
             end
           end
 
+          #
+          # Prints any loot collected by the exploit.
+          #
           def print_loot
             unless @exploit.loot.empty?
               log_info "Exploit found the following loot:"
@@ -372,15 +416,21 @@ module Ronin
             end
           end
 
+          #
+          # Saves the collected loot to the `--save-loot` directory.
+          #
           def save_loot
             @exploit.loot.save(options.fetch(:save_loot))
           end
 
+          #
+          # Performs the cleanup stage of the exploit.
+          #
           def perform_cleanup
             begin
               @exploit.perform_cleanup
             rescue ExploitError => error
-              print_error("failed to cleanup exploit #{@exploit.class_id}: #{error.message}")
+              print_error "failed to cleanup exploit #{@exploit.class_id}: #{error.message}"
               exit(1)
             rescue => error
               print_exception(error)

data/lib/ronin/exploits/version.rb

@@ -21,6 +21,6 @@
 module Ronin
   module Exploits
     # ronin-exploits version
-    VERSION = '1.0.0.beta2'
+    VERSION = '1.0.0.beta3'
   end
 end

data/ronin-exploits.gemspec

@@ -27,6 +27,8 @@ Gem::Specification.new do |gem|
   gem.files  = `git ls-files`.split($/)
   gem.files  = glob[gemspec['files']] if gemspec['files']
   gem.files += Array(gemspec['generated_files'])
+  # exclude test files from the packages gem
+  gem.files -= glob[gemspec['test_files'] || 'spec/{**/}*']
 
   gem.executables = gemspec.fetch('executables') do
     glob['bin/*'].map { |path| File.basename(path) }
@@ -34,7 +36,6 @@ Gem::Specification.new do |gem|
   gem.default_executable = gem.executables.first if Gem::VERSION < '1.7.'
 
   gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
-  gem.test_files       = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
   gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
 
   gem.require_paths = Array(gemspec.fetch('require_paths') {

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-exploits
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta2
+  version: 1.0.0.beta3
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-09 00:00:00.000000000 Z
+date: 2023-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uri-query_params
@@ -136,10 +136,13 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-description: ronin-exploits is a Ruby micro-framework for writing and running exploits.
-  ronin-exploits allows one to write exploits as plain old Ruby classes. ronin-exploits
-  can be distributed as Ruby files or as git repositories that can be installed using
-  ronin-reps.
+description: |
+  ronin-exploits is a Ruby micro-framework for writing and running exploits.
+  ronin-exploits allows one to write exploits as plain old Ruby classes.
+  ronin-exploits can be distributed as Ruby files or as git repositories that
+  can be installed using ronin-reps.
+
+  It's like a simpler version of Metasploit.
 email: postmodern.mod3@gmail.com
 executables:
 - ronin-exploits
@@ -244,61 +247,6 @@ files:
 - man/ronin-exploits.1
 - man/ronin-exploits.1.md
 - ronin-exploits.gemspec
-- spec/advisory_spec.rb
-- spec/cli/exploit_command_spec.rb
-- spec/cli/exploit_methods_spec.rb
-- spec/cli/ruby_shell_spec.rb
-- spec/client_side_web_vuln_spec.rb
-- spec/exploit_spec.rb
-- spec/exploits_spec.rb
-- spec/heap_overflow_spec.rb
-- spec/lfi_spec.rb
-- spec/loot/file_spec.rb
-- spec/loot_spec.rb
-- spec/memory_corruption_spec.rb
-- spec/metadata/arch_spec.rb
-- spec/metadata/cookie_param_spec.rb
-- spec/metadata/default_filename_spec.rb
-- spec/metadata/default_port_spec.rb
-- spec/metadata/header_name_spec.rb
-- spec/metadata/os_spec.rb
-- spec/metadata/shouts_spec.rb
-- spec/metadata/url_path_spec.rb
-- spec/metadata/url_query_param_spec.rb
-- spec/mixins/binary_spec.rb
-- spec/mixins/build_dir.rb
-- spec/mixins/file_builder_spec.rb
-- spec/mixins/format_string_spec.rb
-- spec/mixins/has_payload_spec.rb
-- spec/mixins/has_targets_spec.rb
-- spec/mixins/html_spec.rb
-- spec/mixins/http_spec.rb
-- spec/mixins/loot_spec.rb
-- spec/mixins/nops_spec.rb
-- spec/mixins/remote_tcp_spec.rb
-- spec/mixins/remote_udp_spec.rb
-- spec/mixins/seh_spec.rb
-- spec/mixins/stack_overflow_spec.rb
-- spec/mixins/text_spec.rb
-- spec/open_redirect_spec.rb
-- spec/params/base_url_spec.rb
-- spec/params/bind_host_spec.rb
-- spec/params/bind_port_spec.rb
-- spec/params/filename_spec.rb
-- spec/params/host_spec.rb
-- spec/params/port_spec.rb
-- spec/rfi_spec.rb
-- spec/seh_overflow_spec.rb
-- spec/spec_helper.rb
-- spec/sqli_spec.rb
-- spec/ssti_spec.rb
-- spec/stack_overflow_spec.rb
-- spec/target_spec.rb
-- spec/test_result_spec.rb
-- spec/use_after_free_spec.rb
-- spec/web_spec.rb
-- spec/web_vuln_spec.rb
-- spec/xss_spec.rb
 homepage: https://ronin-rb.dev/exploits/
 licenses:
 - LGPL-3.0
@@ -327,57 +275,4 @@ rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: A Ruby micro-framework for writing and running exploits and payloads.
-test_files:
-- spec/advisory_spec.rb
-- spec/cli/exploit_command_spec.rb
-- spec/cli/exploit_methods_spec.rb
-- spec/cli/ruby_shell_spec.rb
-- spec/client_side_web_vuln_spec.rb
-- spec/exploit_spec.rb
-- spec/exploits_spec.rb
-- spec/heap_overflow_spec.rb
-- spec/lfi_spec.rb
-- spec/loot/file_spec.rb
-- spec/loot_spec.rb
-- spec/memory_corruption_spec.rb
-- spec/metadata/arch_spec.rb
-- spec/metadata/cookie_param_spec.rb
-- spec/metadata/default_filename_spec.rb
-- spec/metadata/default_port_spec.rb
-- spec/metadata/header_name_spec.rb
-- spec/metadata/os_spec.rb
-- spec/metadata/shouts_spec.rb
-- spec/metadata/url_path_spec.rb
-- spec/metadata/url_query_param_spec.rb
-- spec/mixins/binary_spec.rb
-- spec/mixins/file_builder_spec.rb
-- spec/mixins/format_string_spec.rb
-- spec/mixins/has_payload_spec.rb
-- spec/mixins/has_targets_spec.rb
-- spec/mixins/html_spec.rb
-- spec/mixins/http_spec.rb
-- spec/mixins/loot_spec.rb
-- spec/mixins/nops_spec.rb
-- spec/mixins/remote_tcp_spec.rb
-- spec/mixins/remote_udp_spec.rb
-- spec/mixins/seh_spec.rb
-- spec/mixins/stack_overflow_spec.rb
-- spec/mixins/text_spec.rb
-- spec/open_redirect_spec.rb
-- spec/params/base_url_spec.rb
-- spec/params/bind_host_spec.rb
-- spec/params/bind_port_spec.rb
-- spec/params/filename_spec.rb
-- spec/params/host_spec.rb
-- spec/params/port_spec.rb
-- spec/rfi_spec.rb
-- spec/seh_overflow_spec.rb
-- spec/sqli_spec.rb
-- spec/ssti_spec.rb
-- spec/stack_overflow_spec.rb
-- spec/target_spec.rb
-- spec/test_result_spec.rb
-- spec/use_after_free_spec.rb
-- spec/web_spec.rb
-- spec/web_vuln_spec.rb
-- spec/xss_spec.rb
+test_files: []

data/spec/advisory_spec.rb

@@ -1,71 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/advisory'
-
-describe Ronin::Exploits::Advisory do
-  let(:id)  { 'CVE-2022-1234' }
-  let(:url) { "https://nvd.nist.gov/vuln/detail/#{id}" }
-
-  subject { described_class.new(id,url) }
-
-  describe "#initialize" do
-    context "when given only an id" do
-      subject { described_class.new(id) }
-
-      it "must set #id" do
-        expect(subject.id).to eq(id)
-      end
-
-      it "must default #url to .url_for(id)" do
-        expect(subject.url).to eq(described_class.url_for(id))
-      end
-    end
-
-    context "when given an id and a url" do
-      subject { described_class.new(id,url) }
-
-      it "must set #id" do
-        expect(subject.id).to eq(id)
-      end
-
-      it "must set #url" do
-        expect(subject.url).to eq(url)
-      end
-    end
-  end
-
-  describe ".url_for" do
-    subject { described_class }
-
-    context "when given a CVE-YYYY-NNNN id" do
-      let(:id) { 'CVE-2022-1234' }
-
-      it "must return 'https://nvd.nist.gov/vuln/detail/CVE-YYYY-NNNN'" do
-        expect(subject.url_for(id)).to eq(
-          "https://nvd.nist.gov/vuln/detail/#{id}"
-        )
-      end
-    end
-
-    context "when given a GHSA-XXXX id" do
-      let(:id) { 'GHSA-1234abcd' }
-
-      it "must return 'https://github.com/advisories/GHSA-XXXX'" do
-        expect(subject.url_for(id)).to eq("https://github.com/advisories/#{id}")
-      end
-    end
-
-    context "when given any other kind of id" do
-      let(:id) { 'XYZ-123' }
-
-      it "must return nil" do
-        expect(subject.url_for(id)).to be(nil)
-      end
-    end
-  end
-
-  describe "#to_s" do
-    it "must return the advisory #id" do
-      expect(subject.to_s).to eq(id)
-    end
-  end
-end

data/spec/cli/exploit_command_spec.rb

@@ -1,68 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/cli/exploit_command'
-require 'ronin/exploits/exploit'
-
-describe Ronin::Exploits::CLI::ExploitCommand do
-  module TestExploitCommand
-    class TestExploit < Ronin::Exploits::Exploit
-      register 'test_exploit_command'
-    end
-
-    class TestCommand < Ronin::Exploits::CLI::ExploitCommand
-    end
-  end
-
-  let(:exploit_class) { TestExploitCommand::TestExploit }
-  let(:command_class) { TestExploitCommand::TestCommand }
-  subject { command_class.new }
-
-  describe "#load_exploit" do
-    let(:id) { exploit_class.id }
-
-    before do
-      expect(Ronin::Exploits).to receive(:load_class).with(id).and_return(exploit_class)
-    end
-
-    it "must load the exploit class and return the exploit class" do
-      expect(subject.load_exploit(id)).to be(exploit_class)
-    end
-
-    it "must also set #exploit_class" do
-      subject.load_exploit(id)
-
-      expect(subject.exploit_class).to be(exploit_class)
-    end
-  end
-
-  describe "#load_exploit_from" do
-    let(:file) { "path/to/exploit/file.rb" }
-
-    before do
-      expect(Ronin::Exploits).to receive(:load_class_from_file).with(file).and_return(exploit_class)
-    end
-
-    it "must load the exploit class and return the exploit class" do
-      expect(subject.load_exploit_from(file)).to be(exploit_class)
-    end
-
-    it "must also set #exploit_class" do
-      subject.load_exploit_from(file)
-
-      expect(subject.exploit_class).to be(exploit_class)
-    end
- end
-
-  describe "#initialize_exploit" do
-    before { subject.load_exploit(exploit_class.id) }
-
-    it "must initialize a new exploit object using #exploit_class" do
-      expect(subject.initialize_exploit).to be_kind_of(exploit_class)
-    end
-
-    it "must also set #exploit" do
-      subject.initialize_exploit
-
-      expect(subject.exploit).to be_kind_of(exploit_class)
-    end
-  end
-end