ronin-exploits 1.0.0.beta2 → 1.0.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +1 -0
  3. data/README.md +4 -0
  4. data/gemspec.yml +3 -1
  5. data/lib/ronin/exploits/cli/commands/run.rb +55 -5
  6. data/lib/ronin/exploits/version.rb +1 -1
  7. data/ronin-exploits.gemspec +2 -1
  8. metadata +10 -115
  9. data/spec/advisory_spec.rb +0 -71
  10. data/spec/cli/exploit_command_spec.rb +0 -68
  11. data/spec/cli/exploit_methods_spec.rb +0 -208
  12. data/spec/cli/ruby_shell_spec.rb +0 -14
  13. data/spec/client_side_web_vuln_spec.rb +0 -117
  14. data/spec/exploit_spec.rb +0 -538
  15. data/spec/exploits_spec.rb +0 -8
  16. data/spec/heap_overflow_spec.rb +0 -14
  17. data/spec/lfi_spec.rb +0 -162
  18. data/spec/loot/file_spec.rb +0 -131
  19. data/spec/loot_spec.rb +0 -138
  20. data/spec/memory_corruption_spec.rb +0 -22
  21. data/spec/metadata/arch_spec.rb +0 -82
  22. data/spec/metadata/cookie_param_spec.rb +0 -67
  23. data/spec/metadata/default_filename_spec.rb +0 -62
  24. data/spec/metadata/default_port_spec.rb +0 -62
  25. data/spec/metadata/header_name_spec.rb +0 -67
  26. data/spec/metadata/os_spec.rb +0 -164
  27. data/spec/metadata/shouts_spec.rb +0 -100
  28. data/spec/metadata/url_path_spec.rb +0 -67
  29. data/spec/metadata/url_query_param_spec.rb +0 -67
  30. data/spec/mixins/binary_spec.rb +0 -129
  31. data/spec/mixins/build_dir.rb +0 -66
  32. data/spec/mixins/file_builder_spec.rb +0 -67
  33. data/spec/mixins/format_string_spec.rb +0 -44
  34. data/spec/mixins/has_payload_spec.rb +0 -333
  35. data/spec/mixins/has_targets_spec.rb +0 -434
  36. data/spec/mixins/html_spec.rb +0 -772
  37. data/spec/mixins/http_spec.rb +0 -1227
  38. data/spec/mixins/loot_spec.rb +0 -20
  39. data/spec/mixins/nops_spec.rb +0 -165
  40. data/spec/mixins/remote_tcp_spec.rb +0 -217
  41. data/spec/mixins/remote_udp_spec.rb +0 -217
  42. data/spec/mixins/seh_spec.rb +0 -89
  43. data/spec/mixins/stack_overflow_spec.rb +0 -87
  44. data/spec/mixins/text_spec.rb +0 -43
  45. data/spec/open_redirect_spec.rb +0 -71
  46. data/spec/params/base_url_spec.rb +0 -71
  47. data/spec/params/bind_host_spec.rb +0 -34
  48. data/spec/params/bind_port_spec.rb +0 -35
  49. data/spec/params/filename_spec.rb +0 -77
  50. data/spec/params/host_spec.rb +0 -34
  51. data/spec/params/port_spec.rb +0 -77
  52. data/spec/rfi_spec.rb +0 -107
  53. data/spec/seh_overflow_spec.rb +0 -18
  54. data/spec/spec_helper.rb +0 -8
  55. data/spec/sqli_spec.rb +0 -306
  56. data/spec/ssti_spec.rb +0 -121
  57. data/spec/stack_overflow_spec.rb +0 -18
  58. data/spec/target_spec.rb +0 -92
  59. data/spec/test_result_spec.rb +0 -32
  60. data/spec/use_after_free_spec.rb +0 -14
  61. data/spec/web_spec.rb +0 -12
  62. data/spec/web_vuln_spec.rb +0 -854
  63. data/spec/xss_spec.rb +0 -69
@@ -1,854 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/web_vuln'
3
-
4
- describe Ronin::Exploits::WebVuln do
5
- it "must include Ronin::Exploits::Mixins::HasPayload" do
6
- expect(described_class).to include(Ronin::Exploits::Mixins::HasPayload)
7
- end
8
-
9
- describe ".request_method" do
10
- subject { exploit_class }
11
-
12
- context "and when request_method is not set in the class" do
13
- module TestWebVuln
14
- class WithNoRequestMethodSet < Ronin::Exploits::WebVuln
15
- end
16
- end
17
-
18
- let(:exploit_class) { TestWebVuln::WithNoRequestMethodSet }
19
-
20
- it "must default to :get" do
21
- expect(subject.request_method).to eq(:get)
22
- end
23
- end
24
-
25
- context "and when request_method is set in the class" do
26
- module TestWebVuln
27
- class WithRequestMethodSet < Ronin::Exploits::WebVuln
28
- request_method :post
29
- end
30
- end
31
-
32
- let(:exploit_class) { TestWebVuln::WithRequestMethodSet }
33
-
34
- it "must return the set request_method" do
35
- expect(subject.request_method).to eq(:post)
36
- end
37
- end
38
-
39
- context "but when the request_method was set in the superclass" do
40
- module TestWebVuln
41
- class InheritsItsRequestMethod < WithRequestMethodSet
42
- end
43
- end
44
-
45
- let(:exploit_class) { TestWebVuln::InheritsItsRequestMethod }
46
-
47
- it "must return the request_method set in the superclass" do
48
- expect(subject.request_method).to eq(:post)
49
- end
50
-
51
- context "but the request_method is overridden in the sub-class" do
52
- module TestWebVuln
53
- class OverridesItsInheritedRequestMethod < WithRequestMethodSet
54
- request_method :put
55
- end
56
- end
57
-
58
- let(:exploit_class) do
59
- TestWebVuln::OverridesItsInheritedRequestMethod
60
- end
61
-
62
- it "must return the request_method set in the sub-class" do
63
- expect(subject.request_method).to eq(:put)
64
- end
65
- end
66
- end
67
- end
68
-
69
- describe ".base_path" do
70
- subject { exploit_class }
71
-
72
- context "and when base_path is not set in the class" do
73
- module TestWebVuln
74
- class WithNoBasePathSet < Ronin::Exploits::WebVuln
75
- end
76
- end
77
-
78
- let(:exploit_class) { TestWebVuln::WithNoBasePathSet }
79
-
80
- it do
81
- expect {
82
- subject.base_path
83
- }.to raise_error(NotImplementedError,"#{subject} did not set base_path")
84
- end
85
- end
86
-
87
- context "and when base_path is set in the class" do
88
- module TestWebVuln
89
- class WithBasePathSet < Ronin::Exploits::WebVuln
90
- base_path '/test'
91
- end
92
- end
93
-
94
- let(:exploit_class) { TestWebVuln::WithBasePathSet }
95
-
96
- it "must return the set base_path" do
97
- expect(subject.base_path).to eq("/test")
98
- end
99
- end
100
-
101
- context "but when the base_path was set in the superclass" do
102
- module TestWebVuln
103
- class InheritsItsBasePath < WithBasePathSet
104
- end
105
- end
106
-
107
- let(:exploit_class) { TestWebVuln::InheritsItsBasePath }
108
-
109
- it "must return the base_path set in the superclass" do
110
- expect(subject.base_path).to eq("/test")
111
- end
112
-
113
- context "but the base_path is overridden in the sub-class" do
114
- module TestWebVuln
115
- class OverridesItsInheritedBasePath < WithBasePathSet
116
- base_path "/test2"
117
- end
118
- end
119
-
120
- let(:exploit_class) do
121
- TestWebVuln::OverridesItsInheritedBasePath
122
- end
123
-
124
- it "must return the base_path set in the sub-class" do
125
- expect(subject.base_path).to eq("/test2")
126
- end
127
- end
128
- end
129
- end
130
-
131
- describe ".query_param" do
132
- subject { exploit_class }
133
-
134
- context "and when query_param is not set in the class" do
135
- module TestWebVuln
136
- class WithNoQueryParamSet < Ronin::Exploits::WebVuln
137
- end
138
- end
139
-
140
- let(:exploit_class) { TestWebVuln::WithNoQueryParamSet }
141
-
142
- it "must default to nil" do
143
- expect(subject.query_param).to be(nil)
144
- end
145
- end
146
-
147
- context "and when query_param is set in the class" do
148
- module TestWebVuln
149
- class WithQueryParamSet < Ronin::Exploits::WebVuln
150
- query_param 'test'
151
- end
152
- end
153
-
154
- let(:exploit_class) { TestWebVuln::WithQueryParamSet }
155
-
156
- it "must return the set query_param" do
157
- expect(subject.query_param).to eq("test")
158
- end
159
- end
160
-
161
- context "but when the query_param was set in the superclass" do
162
- module TestWebVuln
163
- class InheritsItsQueryParam < WithQueryParamSet
164
- end
165
- end
166
-
167
- let(:exploit_class) { TestWebVuln::InheritsItsQueryParam }
168
-
169
- it "must return the query_param set in the superclass" do
170
- expect(subject.query_param).to eq("test")
171
- end
172
-
173
- context "but the query_param is overridden in the sub-class" do
174
- module TestWebVuln
175
- class OverridesItsInheritedQueryParam < WithQueryParamSet
176
- query_param "test2"
177
- end
178
- end
179
-
180
- let(:exploit_class) do
181
- TestWebVuln::OverridesItsInheritedQueryParam
182
- end
183
-
184
- it "must return the query_param set in the sub-class" do
185
- expect(subject.query_param).to eq("test2")
186
- end
187
- end
188
- end
189
- end
190
-
191
- describe ".header_name" do
192
- subject { exploit_class }
193
-
194
- context "and when header_name is not set in the class" do
195
- module TestWebVuln
196
- class WithNoHeaderNameSet < Ronin::Exploits::WebVuln
197
- end
198
- end
199
-
200
- let(:exploit_class) { TestWebVuln::WithNoHeaderNameSet }
201
-
202
- it "must default to nil" do
203
- expect(subject.header_name).to be(nil)
204
- end
205
- end
206
-
207
- context "and when header_name is set in the class" do
208
- module TestWebVuln
209
- class WithHeaderNameSet < Ronin::Exploits::WebVuln
210
- header_name 'test'
211
- end
212
- end
213
-
214
- let(:exploit_class) { TestWebVuln::WithHeaderNameSet }
215
-
216
- it "must return the set header_name" do
217
- expect(subject.header_name).to eq("test")
218
- end
219
- end
220
-
221
- context "but when the header_name was set in the superclass" do
222
- module TestWebVuln
223
- class InheritsItsHeaderName < WithHeaderNameSet
224
- end
225
- end
226
-
227
- let(:exploit_class) { TestWebVuln::InheritsItsHeaderName }
228
-
229
- it "must return the header_name set in the superclass" do
230
- expect(subject.header_name).to eq("test")
231
- end
232
-
233
- context "but the header_name is overridden in the sub-class" do
234
- module TestWebVuln
235
- class OverridesItsInheritedHeaderName < WithHeaderNameSet
236
- header_name "test2"
237
- end
238
- end
239
-
240
- let(:exploit_class) do
241
- TestWebVuln::OverridesItsInheritedHeaderName
242
- end
243
-
244
- it "must return the header_name set in the sub-class" do
245
- expect(subject.header_name).to eq("test2")
246
- end
247
- end
248
- end
249
- end
250
-
251
- describe ".cookie_param" do
252
- subject { exploit_class }
253
-
254
- context "and when cookie_param is not set in the class" do
255
- module TestWebVuln
256
- class WithNoCookieParamSet < Ronin::Exploits::WebVuln
257
- end
258
- end
259
-
260
- let(:exploit_class) { TestWebVuln::WithNoCookieParamSet }
261
-
262
- it "must default to nil" do
263
- expect(subject.cookie_param).to be(nil)
264
- end
265
- end
266
-
267
- context "and when cookie_param is set in the class" do
268
- module TestWebVuln
269
- class WithCookieParamSet < Ronin::Exploits::WebVuln
270
- cookie_param 'test'
271
- end
272
- end
273
-
274
- let(:exploit_class) { TestWebVuln::WithCookieParamSet }
275
-
276
- it "must return the set cookie_param" do
277
- expect(subject.cookie_param).to eq("test")
278
- end
279
- end
280
-
281
- context "but when the cookie_param was set in the superclass" do
282
- module TestWebVuln
283
- class InheritsItsCookieParam < WithCookieParamSet
284
- end
285
- end
286
-
287
- let(:exploit_class) { TestWebVuln::InheritsItsCookieParam }
288
-
289
- it "must return the cookie_param set in the superclass" do
290
- expect(subject.cookie_param).to eq("test")
291
- end
292
-
293
- context "but the cookie_param is overridden in the sub-class" do
294
- module TestWebVuln
295
- class OverridesItsInheritedCookieParam < WithCookieParamSet
296
- cookie_param "test2"
297
- end
298
- end
299
-
300
- let(:exploit_class) do
301
- TestWebVuln::OverridesItsInheritedCookieParam
302
- end
303
-
304
- it "must return the cookie_param set in the sub-class" do
305
- expect(subject.cookie_param).to eq("test2")
306
- end
307
- end
308
- end
309
- end
310
-
311
- describe ".form_param" do
312
- subject { exploit_class }
313
-
314
- context "and when form_param is not set in the class" do
315
- module TestWebVuln
316
- class WithNoFormParamSet < Ronin::Exploits::WebVuln
317
- end
318
- end
319
-
320
- let(:exploit_class) { TestWebVuln::WithNoFormParamSet }
321
-
322
- it "must default to nil" do
323
- expect(subject.form_param).to be(nil)
324
- end
325
- end
326
-
327
- context "and when form_param is set in the class" do
328
- module TestWebVuln
329
- class WithFormParamSet < Ronin::Exploits::WebVuln
330
- form_param 'test'
331
- end
332
- end
333
-
334
- let(:exploit_class) { TestWebVuln::WithFormParamSet }
335
-
336
- it "must return the set form_param" do
337
- expect(subject.form_param).to eq("test")
338
- end
339
- end
340
-
341
- context "but when the form_param was set in the superclass" do
342
- module TestWebVuln
343
- class InheritsItsFormParam < WithFormParamSet
344
- end
345
- end
346
-
347
- let(:exploit_class) { TestWebVuln::InheritsItsFormParam }
348
-
349
- it "must return the form_param set in the superclass" do
350
- expect(subject.form_param).to eq("test")
351
- end
352
-
353
- context "but the form_param is overridden in the sub-class" do
354
- module TestWebVuln
355
- class OverridesItsInheritedFormParam < WithFormParamSet
356
- form_param "test2"
357
- end
358
- end
359
-
360
- let(:exploit_class) do
361
- TestWebVuln::OverridesItsInheritedFormParam
362
- end
363
-
364
- it "must return the form_param set in the sub-class" do
365
- expect(subject.form_param).to eq("test2")
366
- end
367
- end
368
- end
369
- end
370
-
371
- describe ".headers" do
372
- subject { exploit_class }
373
-
374
- context "and when headers is not set in the class" do
375
- module TestWebVuln
376
- class WithNoHeadersSet < Ronin::Exploits::WebVuln
377
- end
378
- end
379
-
380
- let(:exploit_class) { TestWebVuln::WithNoHeadersSet }
381
-
382
- it "must default to nil" do
383
- expect(subject.headers).to be(nil)
384
- end
385
- end
386
-
387
- context "and when headers is set in the class" do
388
- module TestWebVuln
389
- class WithHeadersSet < Ronin::Exploits::WebVuln
390
- headers 'X-Foo' => 'foo'
391
- end
392
- end
393
-
394
- let(:exploit_class) { TestWebVuln::WithHeadersSet }
395
-
396
- it "must return the set headers" do
397
- expect(subject.headers).to eq({'X-Foo' => 'foo'})
398
- end
399
- end
400
-
401
- context "but when the headers was set in the superclass" do
402
- module TestWebVuln
403
- class InheritsItsHeaders < WithHeadersSet
404
- end
405
- end
406
-
407
- let(:exploit_class) { TestWebVuln::InheritsItsHeaders }
408
-
409
- it "must return the headers set in the superclass" do
410
- expect(subject.headers).to eq({'X-Foo' => 'foo'})
411
- end
412
-
413
- context "but the headers is overridden in the sub-class" do
414
- module TestWebVuln
415
- class OverridesItsInheritedHeaders < WithHeadersSet
416
- headers 'X-Bar' => 'bar'
417
- end
418
- end
419
-
420
- let(:exploit_class) do
421
- TestWebVuln::OverridesItsInheritedHeaders
422
- end
423
-
424
- it "must return the headers set in the sub-class" do
425
- expect(subject.headers).to eq({'X-Bar' => 'bar'})
426
- end
427
- end
428
- end
429
- end
430
-
431
- describe ".cookie" do
432
- subject { exploit_class }
433
-
434
- context "and when cookie is not set in the class" do
435
- module TestWebVuln
436
- class WithNoCookieSet < Ronin::Exploits::WebVuln
437
- end
438
- end
439
-
440
- let(:exploit_class) { TestWebVuln::WithNoCookieSet }
441
-
442
- it "must default to nil" do
443
- expect(subject.cookie).to be(nil)
444
- end
445
- end
446
-
447
- context "and when cookie is set in the class" do
448
- module TestWebVuln
449
- class WithCookieSet < Ronin::Exploits::WebVuln
450
- cookie 'foo' => '1'
451
- end
452
- end
453
-
454
- let(:exploit_class) { TestWebVuln::WithCookieSet }
455
-
456
- it "must return the set cookie" do
457
- expect(subject.cookie).to eq({'foo' => '1'})
458
- end
459
- end
460
-
461
- context "but when the cookie was set in the superclass" do
462
- module TestWebVuln
463
- class InheritsItsCookie < WithCookieSet
464
- end
465
- end
466
-
467
- let(:exploit_class) { TestWebVuln::InheritsItsCookie }
468
-
469
- it "must return the cookie set in the superclass" do
470
- expect(subject.cookie).to eq({'foo' => '1'})
471
- end
472
-
473
- context "but the cookie is overridden in the sub-class" do
474
- module TestWebVuln
475
- class OverridesItsInheritedCookie < WithCookieSet
476
- cookie 'bar' => '2'
477
- end
478
- end
479
-
480
- let(:exploit_class) do
481
- TestWebVuln::OverridesItsInheritedCookie
482
- end
483
-
484
- it "must return the cookie set in the sub-class" do
485
- expect(subject.cookie).to eq({'bar' => '2'})
486
- end
487
- end
488
- end
489
- end
490
-
491
- describe ".form_data" do
492
- subject { exploit_class }
493
-
494
- context "and when form_data is not set in the class" do
495
- module TestWebVuln
496
- class WithNoFormDataSet < Ronin::Exploits::WebVuln
497
- end
498
- end
499
-
500
- let(:exploit_class) { TestWebVuln::WithNoFormDataSet }
501
-
502
- it "must default to nil" do
503
- expect(subject.form_data).to be(nil)
504
- end
505
- end
506
-
507
- context "and when form_data is set in the class" do
508
- module TestWebVuln
509
- class WithFormDataSet < Ronin::Exploits::WebVuln
510
- form_data 'foo' => 'a'
511
- end
512
- end
513
-
514
- let(:exploit_class) { TestWebVuln::WithFormDataSet }
515
-
516
- it "must return the set form_data" do
517
- expect(subject.form_data).to eq({'foo' => 'a'})
518
- end
519
- end
520
-
521
- context "but when the form_data was set in the superclass" do
522
- module TestWebVuln
523
- class InheritsItsFormData < WithFormDataSet
524
- end
525
- end
526
-
527
- let(:exploit_class) { TestWebVuln::InheritsItsFormData }
528
-
529
- it "must return the form_data set in the superclass" do
530
- expect(subject.form_data).to eq({'foo' => 'a'})
531
- end
532
-
533
- context "but the form_data is overridden in the sub-class" do
534
- module TestWebVuln
535
- class OverridesItsInheritedFormData < WithFormDataSet
536
- form_data 'bar' => 'b'
537
- end
538
- end
539
-
540
- let(:exploit_class) do
541
- TestWebVuln::OverridesItsInheritedFormData
542
- end
543
-
544
- it "must return the form_data set in the sub-class" do
545
- expect(subject.form_data).to eq({'bar' => 'b'})
546
- end
547
- end
548
- end
549
- end
550
-
551
- describe ".referer" do
552
- subject { exploit_class }
553
-
554
- context "and when referer is not set in the class" do
555
- module TestWebVuln
556
- class WithNoRefererSet < Ronin::Exploits::WebVuln
557
- end
558
- end
559
-
560
- let(:exploit_class) { TestWebVuln::WithNoRefererSet }
561
-
562
- it "must default to nil" do
563
- expect(subject.referer).to be(nil)
564
- end
565
- end
566
-
567
- context "and when referer is set in the class" do
568
- module TestWebVuln
569
- class WithRefererSet < Ronin::Exploits::WebVuln
570
- referer '/previous/page'
571
- end
572
- end
573
-
574
- let(:exploit_class) { TestWebVuln::WithRefererSet }
575
-
576
- it "must return the set referer" do
577
- expect(subject.referer).to eq('/previous/page')
578
- end
579
- end
580
-
581
- context "but when the referer was set in the superclass" do
582
- module TestWebVuln
583
- class InheritsItsReferer < WithRefererSet
584
- end
585
- end
586
-
587
- let(:exploit_class) { TestWebVuln::InheritsItsReferer }
588
-
589
- it "must return the referer set in the superclass" do
590
- expect(subject.referer).to eq('/previous/page')
591
- end
592
-
593
- context "but the referer is overridden in the sub-class" do
594
- module TestWebVuln
595
- class OverridesItsInheritedReferer < WithRefererSet
596
- referer '/previous/page2'
597
- end
598
- end
599
-
600
- let(:exploit_class) do
601
- TestWebVuln::OverridesItsInheritedReferer
602
- end
603
-
604
- it "must return the referer set in the sub-class" do
605
- expect(subject.referer).to eq('/previous/page2')
606
- end
607
- end
608
- end
609
- end
610
-
611
- module TestWebVuln
612
- class TestExploit < Ronin::Exploits::WebVuln
613
-
614
- base_path '/path/to/vuln'
615
-
616
- query_param 'id'
617
-
618
- end
619
- end
620
-
621
- let(:exploit_class) { TestWebVuln::TestExploit }
622
-
623
- let(:base_url) { 'https://www.example.com/' }
624
-
625
- subject do
626
- exploit_class.new(
627
- params: {
628
- base_url: base_url
629
- }
630
- )
631
- end
632
-
633
- describe "#url" do
634
- let(:expected_url) do
635
- URI(base_url).merge(exploit_class.base_path)
636
- end
637
-
638
- it "must return a URL built from the exploit's .base_path" do
639
- expect(subject.url).to eq(expected_url)
640
- end
641
- end
642
-
643
- describe "#web_vuln_kwargs" do
644
- subject do
645
- exploit_class.new(
646
- params: {
647
- base_url: base_url
648
- }
649
- )
650
- end
651
-
652
- it "must set the :http keyword to #http" do
653
- expect(subject.web_vuln_kwargs[:http]).to be(subject.http)
654
- end
655
-
656
- context "when the exploit class defines a query_param value" do
657
- module TestWebVuln
658
- class TestExploitWithQueryParam < Ronin::Exploits::WebVuln
659
- query_param 'id'
660
- end
661
- end
662
-
663
- let(:exploit_class) { TestWebVuln::TestExploitWithQueryParam }
664
-
665
- it "must set the :query_param value" do
666
- expect(subject.web_vuln_kwargs[:query_param]).to eq(exploit_class.query_param)
667
- end
668
- end
669
-
670
- context "when the exploit class defines a header_name value" do
671
- module TestWebVuln
672
- class TestExploitWithHeaderName < Ronin::Exploits::WebVuln
673
- header_name 'X-Foo'
674
- end
675
- end
676
-
677
- let(:exploit_class) { TestWebVuln::TestExploitWithHeaderName }
678
-
679
- it "must set the :header_name value" do
680
- expect(subject.web_vuln_kwargs[:header_name]).to eq(exploit_class.header_name)
681
- end
682
- end
683
-
684
- context "when the exploit class defines a cookie_param value" do
685
- module TestWebVuln
686
- class TestExploitWithCookieParam < Ronin::Exploits::WebVuln
687
- cookie_param 'foo'
688
- end
689
- end
690
-
691
- let(:exploit_class) { TestWebVuln::TestExploitWithCookieParam }
692
-
693
- it "must set the :cookie_param value" do
694
- expect(subject.web_vuln_kwargs[:cookie_param]).to eq(exploit_class.cookie_param)
695
- end
696
- end
697
-
698
- context "when the exploit class defines a form_param value" do
699
- module TestWebVuln
700
- class TestExploitWithFormParam < Ronin::Exploits::WebVuln
701
- form_param 'bar'
702
- end
703
- end
704
-
705
- let(:exploit_class) { TestWebVuln::TestExploitWithFormParam }
706
-
707
- it "must set the :form_param value" do
708
- expect(subject.web_vuln_kwargs[:form_param]).to eq(exploit_class.form_param)
709
- end
710
- end
711
-
712
- context "when the exploit class defines a request_method value" do
713
- module TestWebVuln
714
- class TestExploitWithRequestMethod < Ronin::Exploits::WebVuln
715
- request_method :post
716
- end
717
- end
718
-
719
- let(:exploit_class) { TestWebVuln::TestExploitWithRequestMethod }
720
-
721
- it "must set the :request_method value" do
722
- expect(subject.web_vuln_kwargs[:request_method]).to eq(exploit_class.request_method)
723
- end
724
- end
725
-
726
- context "when the exploit has the 'http_user' param set" do
727
- let(:http_user) { 'bob' }
728
-
729
- subject do
730
- exploit_class.new(
731
- params: {
732
- base_url: base_url,
733
- http_user: http_user
734
- }
735
- )
736
- end
737
-
738
- it "must set the :user value to the 'http_user' param" do
739
- expect(subject.web_vuln_kwargs[:user]).to eq(http_user)
740
- end
741
- end
742
-
743
- context "when the exploit has the 'http_password' param set" do
744
- let(:http_password) { 'secret' }
745
-
746
- subject do
747
- exploit_class.new(
748
- params: {
749
- base_url: base_url,
750
- http_password: http_password
751
- }
752
- )
753
- end
754
-
755
- it "must set the :password value to the 'http_password' param" do
756
- expect(subject.web_vuln_kwargs[:password]).to eq(http_password)
757
- end
758
- end
759
-
760
- context "when the exploit class defines a headers value" do
761
- module TestWebVuln
762
- class TestExploitWithHeaders < Ronin::Exploits::WebVuln
763
- headers 'X-Foo' => 'foo', 'X-Bar' => 'bar'
764
- end
765
- end
766
-
767
- let(:exploit_class) { TestWebVuln::TestExploitWithHeaders }
768
-
769
- it "must set the :headers value" do
770
- expect(subject.web_vuln_kwargs[:headers]).to eq(exploit_class.headers)
771
- end
772
- end
773
-
774
- context "when the exploit class defines a cookie value" do
775
- module TestWebVuln
776
- class TestExploitWithCookie < Ronin::Exploits::WebVuln
777
- cookie 'foo' => 'a', 'bar' => 'b'
778
- end
779
- end
780
-
781
- let(:exploit_class) { TestWebVuln::TestExploitWithCookie }
782
-
783
- it "must set the :cookie value" do
784
- expect(subject.web_vuln_kwargs[:cookie]).to eq(exploit_class.cookie)
785
- end
786
- end
787
-
788
- context "when the exploit class defines a form_data value" do
789
- module TestWebVuln
790
- class TestExploitWithFormData < Ronin::Exploits::WebVuln
791
- form_data 'foo' => 'a', 'bar' => 'b'
792
- end
793
- end
794
-
795
- let(:exploit_class) { TestWebVuln::TestExploitWithFormData }
796
-
797
- it "must set the :form_data value" do
798
- expect(subject.web_vuln_kwargs[:form_data]).to eq(exploit_class.form_data)
799
- end
800
- end
801
-
802
- context "when the exploit class defines a referer value" do
803
- module TestWebVuln
804
- class TestExploitWithReferer < Ronin::Exploits::WebVuln
805
- referer '/page'
806
- end
807
- end
808
-
809
- let(:exploit_class) { TestWebVuln::TestExploitWithReferer }
810
-
811
- it "must set the :referer value to the expanded referer URL" do
812
- expect(subject.web_vuln_kwargs[:referer]).to eq(subject.url_for(exploit_class.referer))
813
- end
814
- end
815
- end
816
-
817
- describe "#vuln" do
818
- it "must raise NotImplementedError by default" do
819
- expect {
820
- subject.vuln
821
- }.to raise_error(NotImplementedError,"#{subject.class}#vuln was not implemented")
822
- end
823
- end
824
-
825
- describe "#test" do
826
- let(:vuln) { double('Ronin::Vulns::WebVuln object') }
827
-
828
- before do
829
- expect(subject).to receive(:vuln).and_return(vuln)
830
- end
831
-
832
- context "when #vuln.vulnerable? returns true" do
833
- before { allow(vuln).to receive(:vulnerable?).and_return(true) }
834
-
835
- it "must return TestResult::Vulnerable" do
836
- result = subject.test
837
-
838
- expect(result).to be_kind_of(Ronin::Exploits::TestResult::Vulnerable)
839
- expect(result.message).to eq("The target URL is vulnerable")
840
- end
841
- end
842
-
843
- context "when #vuln.vulnerable? returns false" do
844
- before { allow(vuln).to receive(:vulnerable?).and_return(false) }
845
-
846
- it "must return TestResult::NotVulnerable" do
847
- result = subject.test
848
-
849
- expect(result).to be_kind_of(Ronin::Exploits::TestResult::NotVulnerable)
850
- expect(result.message).to eq("The target URL is not vulnerable")
851
- end
852
- end
853
- end
854
- end