ronin-exploits 1.0.0.beta2 → 1.0.0.beta3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -0
- data/README.md +4 -0
- data/gemspec.yml +3 -1
- data/lib/ronin/exploits/cli/commands/run.rb +55 -5
- data/lib/ronin/exploits/version.rb +1 -1
- data/ronin-exploits.gemspec +2 -1
- metadata +10 -115
- data/spec/advisory_spec.rb +0 -71
- data/spec/cli/exploit_command_spec.rb +0 -68
- data/spec/cli/exploit_methods_spec.rb +0 -208
- data/spec/cli/ruby_shell_spec.rb +0 -14
- data/spec/client_side_web_vuln_spec.rb +0 -117
- data/spec/exploit_spec.rb +0 -538
- data/spec/exploits_spec.rb +0 -8
- data/spec/heap_overflow_spec.rb +0 -14
- data/spec/lfi_spec.rb +0 -162
- data/spec/loot/file_spec.rb +0 -131
- data/spec/loot_spec.rb +0 -138
- data/spec/memory_corruption_spec.rb +0 -22
- data/spec/metadata/arch_spec.rb +0 -82
- data/spec/metadata/cookie_param_spec.rb +0 -67
- data/spec/metadata/default_filename_spec.rb +0 -62
- data/spec/metadata/default_port_spec.rb +0 -62
- data/spec/metadata/header_name_spec.rb +0 -67
- data/spec/metadata/os_spec.rb +0 -164
- data/spec/metadata/shouts_spec.rb +0 -100
- data/spec/metadata/url_path_spec.rb +0 -67
- data/spec/metadata/url_query_param_spec.rb +0 -67
- data/spec/mixins/binary_spec.rb +0 -129
- data/spec/mixins/build_dir.rb +0 -66
- data/spec/mixins/file_builder_spec.rb +0 -67
- data/spec/mixins/format_string_spec.rb +0 -44
- data/spec/mixins/has_payload_spec.rb +0 -333
- data/spec/mixins/has_targets_spec.rb +0 -434
- data/spec/mixins/html_spec.rb +0 -772
- data/spec/mixins/http_spec.rb +0 -1227
- data/spec/mixins/loot_spec.rb +0 -20
- data/spec/mixins/nops_spec.rb +0 -165
- data/spec/mixins/remote_tcp_spec.rb +0 -217
- data/spec/mixins/remote_udp_spec.rb +0 -217
- data/spec/mixins/seh_spec.rb +0 -89
- data/spec/mixins/stack_overflow_spec.rb +0 -87
- data/spec/mixins/text_spec.rb +0 -43
- data/spec/open_redirect_spec.rb +0 -71
- data/spec/params/base_url_spec.rb +0 -71
- data/spec/params/bind_host_spec.rb +0 -34
- data/spec/params/bind_port_spec.rb +0 -35
- data/spec/params/filename_spec.rb +0 -77
- data/spec/params/host_spec.rb +0 -34
- data/spec/params/port_spec.rb +0 -77
- data/spec/rfi_spec.rb +0 -107
- data/spec/seh_overflow_spec.rb +0 -18
- data/spec/spec_helper.rb +0 -8
- data/spec/sqli_spec.rb +0 -306
- data/spec/ssti_spec.rb +0 -121
- data/spec/stack_overflow_spec.rb +0 -18
- data/spec/target_spec.rb +0 -92
- data/spec/test_result_spec.rb +0 -32
- data/spec/use_after_free_spec.rb +0 -14
- data/spec/web_spec.rb +0 -12
- data/spec/web_vuln_spec.rb +0 -854
- data/spec/xss_spec.rb +0 -69
data/spec/web_vuln_spec.rb
DELETED
@@ -1,854 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
require 'ronin/exploits/web_vuln'
|
3
|
-
|
4
|
-
describe Ronin::Exploits::WebVuln do
|
5
|
-
it "must include Ronin::Exploits::Mixins::HasPayload" do
|
6
|
-
expect(described_class).to include(Ronin::Exploits::Mixins::HasPayload)
|
7
|
-
end
|
8
|
-
|
9
|
-
describe ".request_method" do
|
10
|
-
subject { exploit_class }
|
11
|
-
|
12
|
-
context "and when request_method is not set in the class" do
|
13
|
-
module TestWebVuln
|
14
|
-
class WithNoRequestMethodSet < Ronin::Exploits::WebVuln
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
let(:exploit_class) { TestWebVuln::WithNoRequestMethodSet }
|
19
|
-
|
20
|
-
it "must default to :get" do
|
21
|
-
expect(subject.request_method).to eq(:get)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
context "and when request_method is set in the class" do
|
26
|
-
module TestWebVuln
|
27
|
-
class WithRequestMethodSet < Ronin::Exploits::WebVuln
|
28
|
-
request_method :post
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
let(:exploit_class) { TestWebVuln::WithRequestMethodSet }
|
33
|
-
|
34
|
-
it "must return the set request_method" do
|
35
|
-
expect(subject.request_method).to eq(:post)
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
context "but when the request_method was set in the superclass" do
|
40
|
-
module TestWebVuln
|
41
|
-
class InheritsItsRequestMethod < WithRequestMethodSet
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
let(:exploit_class) { TestWebVuln::InheritsItsRequestMethod }
|
46
|
-
|
47
|
-
it "must return the request_method set in the superclass" do
|
48
|
-
expect(subject.request_method).to eq(:post)
|
49
|
-
end
|
50
|
-
|
51
|
-
context "but the request_method is overridden in the sub-class" do
|
52
|
-
module TestWebVuln
|
53
|
-
class OverridesItsInheritedRequestMethod < WithRequestMethodSet
|
54
|
-
request_method :put
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
let(:exploit_class) do
|
59
|
-
TestWebVuln::OverridesItsInheritedRequestMethod
|
60
|
-
end
|
61
|
-
|
62
|
-
it "must return the request_method set in the sub-class" do
|
63
|
-
expect(subject.request_method).to eq(:put)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
describe ".base_path" do
|
70
|
-
subject { exploit_class }
|
71
|
-
|
72
|
-
context "and when base_path is not set in the class" do
|
73
|
-
module TestWebVuln
|
74
|
-
class WithNoBasePathSet < Ronin::Exploits::WebVuln
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
let(:exploit_class) { TestWebVuln::WithNoBasePathSet }
|
79
|
-
|
80
|
-
it do
|
81
|
-
expect {
|
82
|
-
subject.base_path
|
83
|
-
}.to raise_error(NotImplementedError,"#{subject} did not set base_path")
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
context "and when base_path is set in the class" do
|
88
|
-
module TestWebVuln
|
89
|
-
class WithBasePathSet < Ronin::Exploits::WebVuln
|
90
|
-
base_path '/test'
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
let(:exploit_class) { TestWebVuln::WithBasePathSet }
|
95
|
-
|
96
|
-
it "must return the set base_path" do
|
97
|
-
expect(subject.base_path).to eq("/test")
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
context "but when the base_path was set in the superclass" do
|
102
|
-
module TestWebVuln
|
103
|
-
class InheritsItsBasePath < WithBasePathSet
|
104
|
-
end
|
105
|
-
end
|
106
|
-
|
107
|
-
let(:exploit_class) { TestWebVuln::InheritsItsBasePath }
|
108
|
-
|
109
|
-
it "must return the base_path set in the superclass" do
|
110
|
-
expect(subject.base_path).to eq("/test")
|
111
|
-
end
|
112
|
-
|
113
|
-
context "but the base_path is overridden in the sub-class" do
|
114
|
-
module TestWebVuln
|
115
|
-
class OverridesItsInheritedBasePath < WithBasePathSet
|
116
|
-
base_path "/test2"
|
117
|
-
end
|
118
|
-
end
|
119
|
-
|
120
|
-
let(:exploit_class) do
|
121
|
-
TestWebVuln::OverridesItsInheritedBasePath
|
122
|
-
end
|
123
|
-
|
124
|
-
it "must return the base_path set in the sub-class" do
|
125
|
-
expect(subject.base_path).to eq("/test2")
|
126
|
-
end
|
127
|
-
end
|
128
|
-
end
|
129
|
-
end
|
130
|
-
|
131
|
-
describe ".query_param" do
|
132
|
-
subject { exploit_class }
|
133
|
-
|
134
|
-
context "and when query_param is not set in the class" do
|
135
|
-
module TestWebVuln
|
136
|
-
class WithNoQueryParamSet < Ronin::Exploits::WebVuln
|
137
|
-
end
|
138
|
-
end
|
139
|
-
|
140
|
-
let(:exploit_class) { TestWebVuln::WithNoQueryParamSet }
|
141
|
-
|
142
|
-
it "must default to nil" do
|
143
|
-
expect(subject.query_param).to be(nil)
|
144
|
-
end
|
145
|
-
end
|
146
|
-
|
147
|
-
context "and when query_param is set in the class" do
|
148
|
-
module TestWebVuln
|
149
|
-
class WithQueryParamSet < Ronin::Exploits::WebVuln
|
150
|
-
query_param 'test'
|
151
|
-
end
|
152
|
-
end
|
153
|
-
|
154
|
-
let(:exploit_class) { TestWebVuln::WithQueryParamSet }
|
155
|
-
|
156
|
-
it "must return the set query_param" do
|
157
|
-
expect(subject.query_param).to eq("test")
|
158
|
-
end
|
159
|
-
end
|
160
|
-
|
161
|
-
context "but when the query_param was set in the superclass" do
|
162
|
-
module TestWebVuln
|
163
|
-
class InheritsItsQueryParam < WithQueryParamSet
|
164
|
-
end
|
165
|
-
end
|
166
|
-
|
167
|
-
let(:exploit_class) { TestWebVuln::InheritsItsQueryParam }
|
168
|
-
|
169
|
-
it "must return the query_param set in the superclass" do
|
170
|
-
expect(subject.query_param).to eq("test")
|
171
|
-
end
|
172
|
-
|
173
|
-
context "but the query_param is overridden in the sub-class" do
|
174
|
-
module TestWebVuln
|
175
|
-
class OverridesItsInheritedQueryParam < WithQueryParamSet
|
176
|
-
query_param "test2"
|
177
|
-
end
|
178
|
-
end
|
179
|
-
|
180
|
-
let(:exploit_class) do
|
181
|
-
TestWebVuln::OverridesItsInheritedQueryParam
|
182
|
-
end
|
183
|
-
|
184
|
-
it "must return the query_param set in the sub-class" do
|
185
|
-
expect(subject.query_param).to eq("test2")
|
186
|
-
end
|
187
|
-
end
|
188
|
-
end
|
189
|
-
end
|
190
|
-
|
191
|
-
describe ".header_name" do
|
192
|
-
subject { exploit_class }
|
193
|
-
|
194
|
-
context "and when header_name is not set in the class" do
|
195
|
-
module TestWebVuln
|
196
|
-
class WithNoHeaderNameSet < Ronin::Exploits::WebVuln
|
197
|
-
end
|
198
|
-
end
|
199
|
-
|
200
|
-
let(:exploit_class) { TestWebVuln::WithNoHeaderNameSet }
|
201
|
-
|
202
|
-
it "must default to nil" do
|
203
|
-
expect(subject.header_name).to be(nil)
|
204
|
-
end
|
205
|
-
end
|
206
|
-
|
207
|
-
context "and when header_name is set in the class" do
|
208
|
-
module TestWebVuln
|
209
|
-
class WithHeaderNameSet < Ronin::Exploits::WebVuln
|
210
|
-
header_name 'test'
|
211
|
-
end
|
212
|
-
end
|
213
|
-
|
214
|
-
let(:exploit_class) { TestWebVuln::WithHeaderNameSet }
|
215
|
-
|
216
|
-
it "must return the set header_name" do
|
217
|
-
expect(subject.header_name).to eq("test")
|
218
|
-
end
|
219
|
-
end
|
220
|
-
|
221
|
-
context "but when the header_name was set in the superclass" do
|
222
|
-
module TestWebVuln
|
223
|
-
class InheritsItsHeaderName < WithHeaderNameSet
|
224
|
-
end
|
225
|
-
end
|
226
|
-
|
227
|
-
let(:exploit_class) { TestWebVuln::InheritsItsHeaderName }
|
228
|
-
|
229
|
-
it "must return the header_name set in the superclass" do
|
230
|
-
expect(subject.header_name).to eq("test")
|
231
|
-
end
|
232
|
-
|
233
|
-
context "but the header_name is overridden in the sub-class" do
|
234
|
-
module TestWebVuln
|
235
|
-
class OverridesItsInheritedHeaderName < WithHeaderNameSet
|
236
|
-
header_name "test2"
|
237
|
-
end
|
238
|
-
end
|
239
|
-
|
240
|
-
let(:exploit_class) do
|
241
|
-
TestWebVuln::OverridesItsInheritedHeaderName
|
242
|
-
end
|
243
|
-
|
244
|
-
it "must return the header_name set in the sub-class" do
|
245
|
-
expect(subject.header_name).to eq("test2")
|
246
|
-
end
|
247
|
-
end
|
248
|
-
end
|
249
|
-
end
|
250
|
-
|
251
|
-
describe ".cookie_param" do
|
252
|
-
subject { exploit_class }
|
253
|
-
|
254
|
-
context "and when cookie_param is not set in the class" do
|
255
|
-
module TestWebVuln
|
256
|
-
class WithNoCookieParamSet < Ronin::Exploits::WebVuln
|
257
|
-
end
|
258
|
-
end
|
259
|
-
|
260
|
-
let(:exploit_class) { TestWebVuln::WithNoCookieParamSet }
|
261
|
-
|
262
|
-
it "must default to nil" do
|
263
|
-
expect(subject.cookie_param).to be(nil)
|
264
|
-
end
|
265
|
-
end
|
266
|
-
|
267
|
-
context "and when cookie_param is set in the class" do
|
268
|
-
module TestWebVuln
|
269
|
-
class WithCookieParamSet < Ronin::Exploits::WebVuln
|
270
|
-
cookie_param 'test'
|
271
|
-
end
|
272
|
-
end
|
273
|
-
|
274
|
-
let(:exploit_class) { TestWebVuln::WithCookieParamSet }
|
275
|
-
|
276
|
-
it "must return the set cookie_param" do
|
277
|
-
expect(subject.cookie_param).to eq("test")
|
278
|
-
end
|
279
|
-
end
|
280
|
-
|
281
|
-
context "but when the cookie_param was set in the superclass" do
|
282
|
-
module TestWebVuln
|
283
|
-
class InheritsItsCookieParam < WithCookieParamSet
|
284
|
-
end
|
285
|
-
end
|
286
|
-
|
287
|
-
let(:exploit_class) { TestWebVuln::InheritsItsCookieParam }
|
288
|
-
|
289
|
-
it "must return the cookie_param set in the superclass" do
|
290
|
-
expect(subject.cookie_param).to eq("test")
|
291
|
-
end
|
292
|
-
|
293
|
-
context "but the cookie_param is overridden in the sub-class" do
|
294
|
-
module TestWebVuln
|
295
|
-
class OverridesItsInheritedCookieParam < WithCookieParamSet
|
296
|
-
cookie_param "test2"
|
297
|
-
end
|
298
|
-
end
|
299
|
-
|
300
|
-
let(:exploit_class) do
|
301
|
-
TestWebVuln::OverridesItsInheritedCookieParam
|
302
|
-
end
|
303
|
-
|
304
|
-
it "must return the cookie_param set in the sub-class" do
|
305
|
-
expect(subject.cookie_param).to eq("test2")
|
306
|
-
end
|
307
|
-
end
|
308
|
-
end
|
309
|
-
end
|
310
|
-
|
311
|
-
describe ".form_param" do
|
312
|
-
subject { exploit_class }
|
313
|
-
|
314
|
-
context "and when form_param is not set in the class" do
|
315
|
-
module TestWebVuln
|
316
|
-
class WithNoFormParamSet < Ronin::Exploits::WebVuln
|
317
|
-
end
|
318
|
-
end
|
319
|
-
|
320
|
-
let(:exploit_class) { TestWebVuln::WithNoFormParamSet }
|
321
|
-
|
322
|
-
it "must default to nil" do
|
323
|
-
expect(subject.form_param).to be(nil)
|
324
|
-
end
|
325
|
-
end
|
326
|
-
|
327
|
-
context "and when form_param is set in the class" do
|
328
|
-
module TestWebVuln
|
329
|
-
class WithFormParamSet < Ronin::Exploits::WebVuln
|
330
|
-
form_param 'test'
|
331
|
-
end
|
332
|
-
end
|
333
|
-
|
334
|
-
let(:exploit_class) { TestWebVuln::WithFormParamSet }
|
335
|
-
|
336
|
-
it "must return the set form_param" do
|
337
|
-
expect(subject.form_param).to eq("test")
|
338
|
-
end
|
339
|
-
end
|
340
|
-
|
341
|
-
context "but when the form_param was set in the superclass" do
|
342
|
-
module TestWebVuln
|
343
|
-
class InheritsItsFormParam < WithFormParamSet
|
344
|
-
end
|
345
|
-
end
|
346
|
-
|
347
|
-
let(:exploit_class) { TestWebVuln::InheritsItsFormParam }
|
348
|
-
|
349
|
-
it "must return the form_param set in the superclass" do
|
350
|
-
expect(subject.form_param).to eq("test")
|
351
|
-
end
|
352
|
-
|
353
|
-
context "but the form_param is overridden in the sub-class" do
|
354
|
-
module TestWebVuln
|
355
|
-
class OverridesItsInheritedFormParam < WithFormParamSet
|
356
|
-
form_param "test2"
|
357
|
-
end
|
358
|
-
end
|
359
|
-
|
360
|
-
let(:exploit_class) do
|
361
|
-
TestWebVuln::OverridesItsInheritedFormParam
|
362
|
-
end
|
363
|
-
|
364
|
-
it "must return the form_param set in the sub-class" do
|
365
|
-
expect(subject.form_param).to eq("test2")
|
366
|
-
end
|
367
|
-
end
|
368
|
-
end
|
369
|
-
end
|
370
|
-
|
371
|
-
describe ".headers" do
|
372
|
-
subject { exploit_class }
|
373
|
-
|
374
|
-
context "and when headers is not set in the class" do
|
375
|
-
module TestWebVuln
|
376
|
-
class WithNoHeadersSet < Ronin::Exploits::WebVuln
|
377
|
-
end
|
378
|
-
end
|
379
|
-
|
380
|
-
let(:exploit_class) { TestWebVuln::WithNoHeadersSet }
|
381
|
-
|
382
|
-
it "must default to nil" do
|
383
|
-
expect(subject.headers).to be(nil)
|
384
|
-
end
|
385
|
-
end
|
386
|
-
|
387
|
-
context "and when headers is set in the class" do
|
388
|
-
module TestWebVuln
|
389
|
-
class WithHeadersSet < Ronin::Exploits::WebVuln
|
390
|
-
headers 'X-Foo' => 'foo'
|
391
|
-
end
|
392
|
-
end
|
393
|
-
|
394
|
-
let(:exploit_class) { TestWebVuln::WithHeadersSet }
|
395
|
-
|
396
|
-
it "must return the set headers" do
|
397
|
-
expect(subject.headers).to eq({'X-Foo' => 'foo'})
|
398
|
-
end
|
399
|
-
end
|
400
|
-
|
401
|
-
context "but when the headers was set in the superclass" do
|
402
|
-
module TestWebVuln
|
403
|
-
class InheritsItsHeaders < WithHeadersSet
|
404
|
-
end
|
405
|
-
end
|
406
|
-
|
407
|
-
let(:exploit_class) { TestWebVuln::InheritsItsHeaders }
|
408
|
-
|
409
|
-
it "must return the headers set in the superclass" do
|
410
|
-
expect(subject.headers).to eq({'X-Foo' => 'foo'})
|
411
|
-
end
|
412
|
-
|
413
|
-
context "but the headers is overridden in the sub-class" do
|
414
|
-
module TestWebVuln
|
415
|
-
class OverridesItsInheritedHeaders < WithHeadersSet
|
416
|
-
headers 'X-Bar' => 'bar'
|
417
|
-
end
|
418
|
-
end
|
419
|
-
|
420
|
-
let(:exploit_class) do
|
421
|
-
TestWebVuln::OverridesItsInheritedHeaders
|
422
|
-
end
|
423
|
-
|
424
|
-
it "must return the headers set in the sub-class" do
|
425
|
-
expect(subject.headers).to eq({'X-Bar' => 'bar'})
|
426
|
-
end
|
427
|
-
end
|
428
|
-
end
|
429
|
-
end
|
430
|
-
|
431
|
-
describe ".cookie" do
|
432
|
-
subject { exploit_class }
|
433
|
-
|
434
|
-
context "and when cookie is not set in the class" do
|
435
|
-
module TestWebVuln
|
436
|
-
class WithNoCookieSet < Ronin::Exploits::WebVuln
|
437
|
-
end
|
438
|
-
end
|
439
|
-
|
440
|
-
let(:exploit_class) { TestWebVuln::WithNoCookieSet }
|
441
|
-
|
442
|
-
it "must default to nil" do
|
443
|
-
expect(subject.cookie).to be(nil)
|
444
|
-
end
|
445
|
-
end
|
446
|
-
|
447
|
-
context "and when cookie is set in the class" do
|
448
|
-
module TestWebVuln
|
449
|
-
class WithCookieSet < Ronin::Exploits::WebVuln
|
450
|
-
cookie 'foo' => '1'
|
451
|
-
end
|
452
|
-
end
|
453
|
-
|
454
|
-
let(:exploit_class) { TestWebVuln::WithCookieSet }
|
455
|
-
|
456
|
-
it "must return the set cookie" do
|
457
|
-
expect(subject.cookie).to eq({'foo' => '1'})
|
458
|
-
end
|
459
|
-
end
|
460
|
-
|
461
|
-
context "but when the cookie was set in the superclass" do
|
462
|
-
module TestWebVuln
|
463
|
-
class InheritsItsCookie < WithCookieSet
|
464
|
-
end
|
465
|
-
end
|
466
|
-
|
467
|
-
let(:exploit_class) { TestWebVuln::InheritsItsCookie }
|
468
|
-
|
469
|
-
it "must return the cookie set in the superclass" do
|
470
|
-
expect(subject.cookie).to eq({'foo' => '1'})
|
471
|
-
end
|
472
|
-
|
473
|
-
context "but the cookie is overridden in the sub-class" do
|
474
|
-
module TestWebVuln
|
475
|
-
class OverridesItsInheritedCookie < WithCookieSet
|
476
|
-
cookie 'bar' => '2'
|
477
|
-
end
|
478
|
-
end
|
479
|
-
|
480
|
-
let(:exploit_class) do
|
481
|
-
TestWebVuln::OverridesItsInheritedCookie
|
482
|
-
end
|
483
|
-
|
484
|
-
it "must return the cookie set in the sub-class" do
|
485
|
-
expect(subject.cookie).to eq({'bar' => '2'})
|
486
|
-
end
|
487
|
-
end
|
488
|
-
end
|
489
|
-
end
|
490
|
-
|
491
|
-
describe ".form_data" do
|
492
|
-
subject { exploit_class }
|
493
|
-
|
494
|
-
context "and when form_data is not set in the class" do
|
495
|
-
module TestWebVuln
|
496
|
-
class WithNoFormDataSet < Ronin::Exploits::WebVuln
|
497
|
-
end
|
498
|
-
end
|
499
|
-
|
500
|
-
let(:exploit_class) { TestWebVuln::WithNoFormDataSet }
|
501
|
-
|
502
|
-
it "must default to nil" do
|
503
|
-
expect(subject.form_data).to be(nil)
|
504
|
-
end
|
505
|
-
end
|
506
|
-
|
507
|
-
context "and when form_data is set in the class" do
|
508
|
-
module TestWebVuln
|
509
|
-
class WithFormDataSet < Ronin::Exploits::WebVuln
|
510
|
-
form_data 'foo' => 'a'
|
511
|
-
end
|
512
|
-
end
|
513
|
-
|
514
|
-
let(:exploit_class) { TestWebVuln::WithFormDataSet }
|
515
|
-
|
516
|
-
it "must return the set form_data" do
|
517
|
-
expect(subject.form_data).to eq({'foo' => 'a'})
|
518
|
-
end
|
519
|
-
end
|
520
|
-
|
521
|
-
context "but when the form_data was set in the superclass" do
|
522
|
-
module TestWebVuln
|
523
|
-
class InheritsItsFormData < WithFormDataSet
|
524
|
-
end
|
525
|
-
end
|
526
|
-
|
527
|
-
let(:exploit_class) { TestWebVuln::InheritsItsFormData }
|
528
|
-
|
529
|
-
it "must return the form_data set in the superclass" do
|
530
|
-
expect(subject.form_data).to eq({'foo' => 'a'})
|
531
|
-
end
|
532
|
-
|
533
|
-
context "but the form_data is overridden in the sub-class" do
|
534
|
-
module TestWebVuln
|
535
|
-
class OverridesItsInheritedFormData < WithFormDataSet
|
536
|
-
form_data 'bar' => 'b'
|
537
|
-
end
|
538
|
-
end
|
539
|
-
|
540
|
-
let(:exploit_class) do
|
541
|
-
TestWebVuln::OverridesItsInheritedFormData
|
542
|
-
end
|
543
|
-
|
544
|
-
it "must return the form_data set in the sub-class" do
|
545
|
-
expect(subject.form_data).to eq({'bar' => 'b'})
|
546
|
-
end
|
547
|
-
end
|
548
|
-
end
|
549
|
-
end
|
550
|
-
|
551
|
-
describe ".referer" do
|
552
|
-
subject { exploit_class }
|
553
|
-
|
554
|
-
context "and when referer is not set in the class" do
|
555
|
-
module TestWebVuln
|
556
|
-
class WithNoRefererSet < Ronin::Exploits::WebVuln
|
557
|
-
end
|
558
|
-
end
|
559
|
-
|
560
|
-
let(:exploit_class) { TestWebVuln::WithNoRefererSet }
|
561
|
-
|
562
|
-
it "must default to nil" do
|
563
|
-
expect(subject.referer).to be(nil)
|
564
|
-
end
|
565
|
-
end
|
566
|
-
|
567
|
-
context "and when referer is set in the class" do
|
568
|
-
module TestWebVuln
|
569
|
-
class WithRefererSet < Ronin::Exploits::WebVuln
|
570
|
-
referer '/previous/page'
|
571
|
-
end
|
572
|
-
end
|
573
|
-
|
574
|
-
let(:exploit_class) { TestWebVuln::WithRefererSet }
|
575
|
-
|
576
|
-
it "must return the set referer" do
|
577
|
-
expect(subject.referer).to eq('/previous/page')
|
578
|
-
end
|
579
|
-
end
|
580
|
-
|
581
|
-
context "but when the referer was set in the superclass" do
|
582
|
-
module TestWebVuln
|
583
|
-
class InheritsItsReferer < WithRefererSet
|
584
|
-
end
|
585
|
-
end
|
586
|
-
|
587
|
-
let(:exploit_class) { TestWebVuln::InheritsItsReferer }
|
588
|
-
|
589
|
-
it "must return the referer set in the superclass" do
|
590
|
-
expect(subject.referer).to eq('/previous/page')
|
591
|
-
end
|
592
|
-
|
593
|
-
context "but the referer is overridden in the sub-class" do
|
594
|
-
module TestWebVuln
|
595
|
-
class OverridesItsInheritedReferer < WithRefererSet
|
596
|
-
referer '/previous/page2'
|
597
|
-
end
|
598
|
-
end
|
599
|
-
|
600
|
-
let(:exploit_class) do
|
601
|
-
TestWebVuln::OverridesItsInheritedReferer
|
602
|
-
end
|
603
|
-
|
604
|
-
it "must return the referer set in the sub-class" do
|
605
|
-
expect(subject.referer).to eq('/previous/page2')
|
606
|
-
end
|
607
|
-
end
|
608
|
-
end
|
609
|
-
end
|
610
|
-
|
611
|
-
module TestWebVuln
|
612
|
-
class TestExploit < Ronin::Exploits::WebVuln
|
613
|
-
|
614
|
-
base_path '/path/to/vuln'
|
615
|
-
|
616
|
-
query_param 'id'
|
617
|
-
|
618
|
-
end
|
619
|
-
end
|
620
|
-
|
621
|
-
let(:exploit_class) { TestWebVuln::TestExploit }
|
622
|
-
|
623
|
-
let(:base_url) { 'https://www.example.com/' }
|
624
|
-
|
625
|
-
subject do
|
626
|
-
exploit_class.new(
|
627
|
-
params: {
|
628
|
-
base_url: base_url
|
629
|
-
}
|
630
|
-
)
|
631
|
-
end
|
632
|
-
|
633
|
-
describe "#url" do
|
634
|
-
let(:expected_url) do
|
635
|
-
URI(base_url).merge(exploit_class.base_path)
|
636
|
-
end
|
637
|
-
|
638
|
-
it "must return a URL built from the exploit's .base_path" do
|
639
|
-
expect(subject.url).to eq(expected_url)
|
640
|
-
end
|
641
|
-
end
|
642
|
-
|
643
|
-
describe "#web_vuln_kwargs" do
|
644
|
-
subject do
|
645
|
-
exploit_class.new(
|
646
|
-
params: {
|
647
|
-
base_url: base_url
|
648
|
-
}
|
649
|
-
)
|
650
|
-
end
|
651
|
-
|
652
|
-
it "must set the :http keyword to #http" do
|
653
|
-
expect(subject.web_vuln_kwargs[:http]).to be(subject.http)
|
654
|
-
end
|
655
|
-
|
656
|
-
context "when the exploit class defines a query_param value" do
|
657
|
-
module TestWebVuln
|
658
|
-
class TestExploitWithQueryParam < Ronin::Exploits::WebVuln
|
659
|
-
query_param 'id'
|
660
|
-
end
|
661
|
-
end
|
662
|
-
|
663
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithQueryParam }
|
664
|
-
|
665
|
-
it "must set the :query_param value" do
|
666
|
-
expect(subject.web_vuln_kwargs[:query_param]).to eq(exploit_class.query_param)
|
667
|
-
end
|
668
|
-
end
|
669
|
-
|
670
|
-
context "when the exploit class defines a header_name value" do
|
671
|
-
module TestWebVuln
|
672
|
-
class TestExploitWithHeaderName < Ronin::Exploits::WebVuln
|
673
|
-
header_name 'X-Foo'
|
674
|
-
end
|
675
|
-
end
|
676
|
-
|
677
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithHeaderName }
|
678
|
-
|
679
|
-
it "must set the :header_name value" do
|
680
|
-
expect(subject.web_vuln_kwargs[:header_name]).to eq(exploit_class.header_name)
|
681
|
-
end
|
682
|
-
end
|
683
|
-
|
684
|
-
context "when the exploit class defines a cookie_param value" do
|
685
|
-
module TestWebVuln
|
686
|
-
class TestExploitWithCookieParam < Ronin::Exploits::WebVuln
|
687
|
-
cookie_param 'foo'
|
688
|
-
end
|
689
|
-
end
|
690
|
-
|
691
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithCookieParam }
|
692
|
-
|
693
|
-
it "must set the :cookie_param value" do
|
694
|
-
expect(subject.web_vuln_kwargs[:cookie_param]).to eq(exploit_class.cookie_param)
|
695
|
-
end
|
696
|
-
end
|
697
|
-
|
698
|
-
context "when the exploit class defines a form_param value" do
|
699
|
-
module TestWebVuln
|
700
|
-
class TestExploitWithFormParam < Ronin::Exploits::WebVuln
|
701
|
-
form_param 'bar'
|
702
|
-
end
|
703
|
-
end
|
704
|
-
|
705
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithFormParam }
|
706
|
-
|
707
|
-
it "must set the :form_param value" do
|
708
|
-
expect(subject.web_vuln_kwargs[:form_param]).to eq(exploit_class.form_param)
|
709
|
-
end
|
710
|
-
end
|
711
|
-
|
712
|
-
context "when the exploit class defines a request_method value" do
|
713
|
-
module TestWebVuln
|
714
|
-
class TestExploitWithRequestMethod < Ronin::Exploits::WebVuln
|
715
|
-
request_method :post
|
716
|
-
end
|
717
|
-
end
|
718
|
-
|
719
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithRequestMethod }
|
720
|
-
|
721
|
-
it "must set the :request_method value" do
|
722
|
-
expect(subject.web_vuln_kwargs[:request_method]).to eq(exploit_class.request_method)
|
723
|
-
end
|
724
|
-
end
|
725
|
-
|
726
|
-
context "when the exploit has the 'http_user' param set" do
|
727
|
-
let(:http_user) { 'bob' }
|
728
|
-
|
729
|
-
subject do
|
730
|
-
exploit_class.new(
|
731
|
-
params: {
|
732
|
-
base_url: base_url,
|
733
|
-
http_user: http_user
|
734
|
-
}
|
735
|
-
)
|
736
|
-
end
|
737
|
-
|
738
|
-
it "must set the :user value to the 'http_user' param" do
|
739
|
-
expect(subject.web_vuln_kwargs[:user]).to eq(http_user)
|
740
|
-
end
|
741
|
-
end
|
742
|
-
|
743
|
-
context "when the exploit has the 'http_password' param set" do
|
744
|
-
let(:http_password) { 'secret' }
|
745
|
-
|
746
|
-
subject do
|
747
|
-
exploit_class.new(
|
748
|
-
params: {
|
749
|
-
base_url: base_url,
|
750
|
-
http_password: http_password
|
751
|
-
}
|
752
|
-
)
|
753
|
-
end
|
754
|
-
|
755
|
-
it "must set the :password value to the 'http_password' param" do
|
756
|
-
expect(subject.web_vuln_kwargs[:password]).to eq(http_password)
|
757
|
-
end
|
758
|
-
end
|
759
|
-
|
760
|
-
context "when the exploit class defines a headers value" do
|
761
|
-
module TestWebVuln
|
762
|
-
class TestExploitWithHeaders < Ronin::Exploits::WebVuln
|
763
|
-
headers 'X-Foo' => 'foo', 'X-Bar' => 'bar'
|
764
|
-
end
|
765
|
-
end
|
766
|
-
|
767
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithHeaders }
|
768
|
-
|
769
|
-
it "must set the :headers value" do
|
770
|
-
expect(subject.web_vuln_kwargs[:headers]).to eq(exploit_class.headers)
|
771
|
-
end
|
772
|
-
end
|
773
|
-
|
774
|
-
context "when the exploit class defines a cookie value" do
|
775
|
-
module TestWebVuln
|
776
|
-
class TestExploitWithCookie < Ronin::Exploits::WebVuln
|
777
|
-
cookie 'foo' => 'a', 'bar' => 'b'
|
778
|
-
end
|
779
|
-
end
|
780
|
-
|
781
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithCookie }
|
782
|
-
|
783
|
-
it "must set the :cookie value" do
|
784
|
-
expect(subject.web_vuln_kwargs[:cookie]).to eq(exploit_class.cookie)
|
785
|
-
end
|
786
|
-
end
|
787
|
-
|
788
|
-
context "when the exploit class defines a form_data value" do
|
789
|
-
module TestWebVuln
|
790
|
-
class TestExploitWithFormData < Ronin::Exploits::WebVuln
|
791
|
-
form_data 'foo' => 'a', 'bar' => 'b'
|
792
|
-
end
|
793
|
-
end
|
794
|
-
|
795
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithFormData }
|
796
|
-
|
797
|
-
it "must set the :form_data value" do
|
798
|
-
expect(subject.web_vuln_kwargs[:form_data]).to eq(exploit_class.form_data)
|
799
|
-
end
|
800
|
-
end
|
801
|
-
|
802
|
-
context "when the exploit class defines a referer value" do
|
803
|
-
module TestWebVuln
|
804
|
-
class TestExploitWithReferer < Ronin::Exploits::WebVuln
|
805
|
-
referer '/page'
|
806
|
-
end
|
807
|
-
end
|
808
|
-
|
809
|
-
let(:exploit_class) { TestWebVuln::TestExploitWithReferer }
|
810
|
-
|
811
|
-
it "must set the :referer value to the expanded referer URL" do
|
812
|
-
expect(subject.web_vuln_kwargs[:referer]).to eq(subject.url_for(exploit_class.referer))
|
813
|
-
end
|
814
|
-
end
|
815
|
-
end
|
816
|
-
|
817
|
-
describe "#vuln" do
|
818
|
-
it "must raise NotImplementedError by default" do
|
819
|
-
expect {
|
820
|
-
subject.vuln
|
821
|
-
}.to raise_error(NotImplementedError,"#{subject.class}#vuln was not implemented")
|
822
|
-
end
|
823
|
-
end
|
824
|
-
|
825
|
-
describe "#test" do
|
826
|
-
let(:vuln) { double('Ronin::Vulns::WebVuln object') }
|
827
|
-
|
828
|
-
before do
|
829
|
-
expect(subject).to receive(:vuln).and_return(vuln)
|
830
|
-
end
|
831
|
-
|
832
|
-
context "when #vuln.vulnerable? returns true" do
|
833
|
-
before { allow(vuln).to receive(:vulnerable?).and_return(true) }
|
834
|
-
|
835
|
-
it "must return TestResult::Vulnerable" do
|
836
|
-
result = subject.test
|
837
|
-
|
838
|
-
expect(result).to be_kind_of(Ronin::Exploits::TestResult::Vulnerable)
|
839
|
-
expect(result.message).to eq("The target URL is vulnerable")
|
840
|
-
end
|
841
|
-
end
|
842
|
-
|
843
|
-
context "when #vuln.vulnerable? returns false" do
|
844
|
-
before { allow(vuln).to receive(:vulnerable?).and_return(false) }
|
845
|
-
|
846
|
-
it "must return TestResult::NotVulnerable" do
|
847
|
-
result = subject.test
|
848
|
-
|
849
|
-
expect(result).to be_kind_of(Ronin::Exploits::TestResult::NotVulnerable)
|
850
|
-
expect(result.message).to eq("The target URL is not vulnerable")
|
851
|
-
end
|
852
|
-
end
|
853
|
-
end
|
854
|
-
end
|