RubyGems - ronin-exploits - Versions diffs - 1.0.0.beta2 → 1.0.0.beta3 - Mend

ronin-exploits 1.0.0.beta2 → 1.0.0.beta3

Files changed (63) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +1 -0
data/README.md +4 -0
data/gemspec.yml +3 -1
data/lib/ronin/exploits/cli/commands/run.rb +55 -5
data/lib/ronin/exploits/version.rb +1 -1
data/ronin-exploits.gemspec +2 -1
metadata +10 -115
data/spec/advisory_spec.rb +0 -71
data/spec/cli/exploit_command_spec.rb +0 -68
data/spec/cli/exploit_methods_spec.rb +0 -208
data/spec/cli/ruby_shell_spec.rb +0 -14
data/spec/client_side_web_vuln_spec.rb +0 -117
data/spec/exploit_spec.rb +0 -538
data/spec/exploits_spec.rb +0 -8
data/spec/heap_overflow_spec.rb +0 -14
data/spec/lfi_spec.rb +0 -162
data/spec/loot/file_spec.rb +0 -131
data/spec/loot_spec.rb +0 -138
data/spec/memory_corruption_spec.rb +0 -22
data/spec/metadata/arch_spec.rb +0 -82
data/spec/metadata/cookie_param_spec.rb +0 -67
data/spec/metadata/default_filename_spec.rb +0 -62
data/spec/metadata/default_port_spec.rb +0 -62
data/spec/metadata/header_name_spec.rb +0 -67
data/spec/metadata/os_spec.rb +0 -164
data/spec/metadata/shouts_spec.rb +0 -100
data/spec/metadata/url_path_spec.rb +0 -67
data/spec/metadata/url_query_param_spec.rb +0 -67
data/spec/mixins/binary_spec.rb +0 -129
data/spec/mixins/build_dir.rb +0 -66
data/spec/mixins/file_builder_spec.rb +0 -67
data/spec/mixins/format_string_spec.rb +0 -44
data/spec/mixins/has_payload_spec.rb +0 -333
data/spec/mixins/has_targets_spec.rb +0 -434
data/spec/mixins/html_spec.rb +0 -772
data/spec/mixins/http_spec.rb +0 -1227
data/spec/mixins/loot_spec.rb +0 -20
data/spec/mixins/nops_spec.rb +0 -165
data/spec/mixins/remote_tcp_spec.rb +0 -217
data/spec/mixins/remote_udp_spec.rb +0 -217
data/spec/mixins/seh_spec.rb +0 -89
data/spec/mixins/stack_overflow_spec.rb +0 -87
data/spec/mixins/text_spec.rb +0 -43
data/spec/open_redirect_spec.rb +0 -71
data/spec/params/base_url_spec.rb +0 -71
data/spec/params/bind_host_spec.rb +0 -34
data/spec/params/bind_port_spec.rb +0 -35
data/spec/params/filename_spec.rb +0 -77
data/spec/params/host_spec.rb +0 -34
data/spec/params/port_spec.rb +0 -77
data/spec/rfi_spec.rb +0 -107
data/spec/seh_overflow_spec.rb +0 -18
data/spec/spec_helper.rb +0 -8
data/spec/sqli_spec.rb +0 -306
data/spec/ssti_spec.rb +0 -121
data/spec/stack_overflow_spec.rb +0 -18
data/spec/target_spec.rb +0 -92
data/spec/test_result_spec.rb +0 -32
data/spec/use_after_free_spec.rb +0 -14
data/spec/web_spec.rb +0 -12
data/spec/web_vuln_spec.rb +0 -854
data/spec/xss_spec.rb +0 -69

data/spec/cli/exploit_methods_spec.rb DELETED Viewed

@@ -1,208 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/cli/exploit_methods'
-require 'ronin/exploits/cli/command'
-describe Ronin::Exploits::CLI::ExploitMethods do
-  module TestExploitMethods
-    class TestCommand < Ronin::Exploits::CLI::Command
-      include Ronin::Exploits::CLI::ExploitMethods
-    end
-  end
-  let(:command_class) { TestExploitMethods::TestCommand }
-  subject { command_class.new }
-  describe "#load_exploit" do
-    let(:exploit_id) { 'html/encode' }
-    it "must call Exploits.load_class with the given ID" do
-      expect(Ronin::Exploits).to receive(:load_class).with(exploit_id)
-      expect(subject).to_not receive(:exit)
-      subject.load_exploit(exploit_id)
-    end
-    context "when Ronin::Exploits::ClassNotfound is raised" do
-      let(:message) { "class not found" }
-      let(:exception) do
-        Ronin::Exploits::ClassNotFound.new(message)
-      end
-      it "must print an error message and exit with an error code" do
-        expect(Ronin::Exploits).to receive(:load_class).with(exploit_id).and_raise(exception)
-        expect(subject).to receive(:exit).with(1)
-        expect {
-          subject.load_exploit(exploit_id)
-        }.to output("#{subject.command_name}: #{message}#{$/}").to_stderr
-      end
-    end
-    context "when another type of exception is raised" do
-      let(:message)   { "unexpected error" }
-      let(:exception) { RuntimeError.new(message) }
-      it "must print the exception, an error message, and exit with -1" do
-        expect(Ronin::Exploits).to receive(:load_class).with(exploit_id).and_raise(exception)
-        expect(subject).to receive(:print_exception).with(exception)
-        expect(subject).to receive(:exit).with(-1)
-        expect {
-          subject.load_exploit(exploit_id)
-        }.to output("#{subject.command_name}: an unhandled exception occurred while loading exploit #{exploit_id}#{$/}").to_stderr
-      end
-    end
-  end
-  describe "#load_exploit_from" do
-    let(:file) { '/path/to/html/encode.rb' }
-    it "must call Exploits.load_class with the given ID and file" do
-      expect(Ronin::Exploits).to receive(:load_class_from_file).with(file)
-      expect(subject).to_not receive(:exit)
-      subject.load_exploit_from(file)
-    end
-    context "when Ronin::Exploits::ClassNotfound is raised" do
-      let(:message) { "class not found" }
-      let(:exception) do
-        Ronin::Exploits::ClassNotFound.new(message)
-      end
-      it "must print an error message and exit with an error code" do
-        expect(Ronin::Exploits).to receive(:load_class_from_file).with(file).and_raise(exception)
-        expect(subject).to receive(:exit).with(1)
-        expect {
-          subject.load_exploit_from(file)
-        }.to output("#{subject.command_name}: #{message}#{$/}").to_stderr
-      end
-    end
-    context "when another type of exception is raised" do
-      let(:message)   { "unexpected error" }
-      let(:exception) { RuntimeError.new(message) }
-      it "must print the exception, an error message, and exit with -1" do
-        expect(Ronin::Exploits).to receive(:load_class_from_file).with(file).and_raise(exception)
-        expect(subject).to receive(:print_exception).with(exception)
-        expect(subject).to receive(:exit).with(-1)
-        expect {
-          subject.load_exploit_from(file)
-        }.to output(
-          "#{subject.command_name}: an unhandled exception occurred while loading exploit from file #{file}#{$/}"
-        ).to_stderr
-      end
-    end
-  end
-  describe "#initialie_exploit" do
-    let(:exploit_id)    { 'test' }
-    let(:exploit_class) { double('Encoder class', id: exploit_id) }
-    it "must return a new instance of the given exploit class" do
-      expect(exploit_class).to receive(:new)
-      subject.initialize_exploit(exploit_class)
-    end
-    context "when additional keyword arguments are given" do
-      let(:kwargs) do
-        {foo: 1, bar: 2}
-      end
-      it "must pass them to new()" do
-        expect(exploit_class).to receive(:new).with(**kwargs)
-        subject.initialize_exploit(exploit_class,**kwargs)
-      end
-    end
-    context "when a Core::Params::ParamError is raised" do
-      let(:message)   { "param foo was not set" }
-      let(:exception) { Ronin::Core::Params::RequiredParam.new(message) }
-      it "must print an error message and exit with 1" do
-        expect(exploit_class).to receive(:new).and_raise(exception)
-        expect(subject).to receive(:exit).with(1)
-        expect {
-          subject.initialize_exploit(exploit_class)
-        }.to output("#{subject.command_name}: #{message}#{$/}").to_stderr
-      end
-    end
-    context "when another type of exception is raised" do
-      let(:message)   { "unexpected error" }
-      let(:exception) { RuntimeError.new(message) }
-      it "must print the exception, an error message, and exit with -1" do
-        expect(exploit_class).to receive(:new).and_raise(exception)
-        expect(subject).to receive(:print_exception).with(exception)
-        expect(subject).to receive(:exit).with(-1)
-        expect {
-          subject.initialize_exploit(exploit_class)
-        }.to output("#{subject.command_name}: an unhandled exception occurred while initializing exploit #{exploit_id}#{$/}").to_stderr
-      end
-    end
-  end
-  describe "#validate_exploit" do
-    let(:exploit_id) { 'test' }
-    let(:exploit)    { double('Encoder instance', class_id: exploit_id) }
-    it "must call #perform_validate on #exploit" do
-      expect(exploit).to receive(:perform_validate)
-      subject.validate_exploit(exploit)
-    end
-    context "when a Core::Params::ParamError is raised" do
-      let(:message)   { "param foo was not set" }
-      let(:exception) { Ronin::Core::Params::RequiredParam.new(message) }
-      it "must print an error message and exit with 1" do
-        expect(exploit).to receive(:perform_validate).and_raise(exception)
-        expect(subject).to receive(:exit).with(1)
-        expect {
-          subject.validate_exploit(exploit)
-        }.to output("#{subject.command_name}: failed to validate the exploit #{exploit_id}: #{message}#{$/}").to_stderr
-      end
-    end
-    context "when a Ronin::Exploits::ValidationError is raised" do
-      let(:message)   { "param foo was not set" }
-      let(:exception) do
-        Ronin::Exploits::ValidationError.new(message)
-      end
-      it "must print an error message and exit with 1" do
-        expect(exploit).to receive(:perform_validate).and_raise(exception)
-        expect(subject).to receive(:exit).with(1)
-        expect {
-          subject.validate_exploit(exploit)
-        }.to output("#{subject.command_name}: failed to validate the exploit #{exploit_id}: #{message}#{$/}").to_stderr
-      end
-    end
-    context "when another type of exception is raised" do
-      let(:message)   { "unexpected error" }
-      let(:exception) { RuntimeError.new(message) }
-      it "must print the exception, an error message, and exit with -1" do
-        expect(exploit).to receive(:perform_validate).and_raise(exception)
-        expect(subject).to receive(:print_exception).with(exception)
-        expect(subject).to receive(:exit).with(-1)
-        expect {
-          subject.validate_exploit(exploit)
-        }.to output("#{subject.command_name}: an unhandled exception occurred while validating the exploit #{exploit_id}#{$/}").to_stderr
-      end
-    end
-  end
-end

data/spec/cli/ruby_shell_spec.rb DELETED Viewed

@@ -1,14 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/cli/ruby_shell'
-describe Ronin::Exploits::CLI::RubyShell do
-  describe "#initialize" do
-    it "must default #name to 'ronin-exploits'" do
-      expect(subject.name).to eq('ronin-exploits')
-    end
-    it "must default #context to Ronin::Exploits" do
-      expect(subject.context).to be(Ronin::Exploits)
-    end
-  end
-end

data/spec/client_side_web_vuln_spec.rb DELETED Viewed

@@ -1,117 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/client_side_web_vuln'
-require 'ronin/vulns/web_vuln'
-describe Ronin::Exploits::ClientSideWebVuln do
-  module TestClientSideWebVuln
-    class TestExploit < Ronin::Exploits::ClientSideWebVuln
-      base_path   '/Templatize.asp'
-      query_param 'item'
-      def vuln
-        @vuln ||= Ronin::Vulns::WebVuln.new(url, **web_vuln_kwargs)
-      end
-    end
-  end
-  let(:exploit_class) { TestClientSideWebVuln::TestExploit }
-  let(:base_url)      { 'http://testasp.vulnweb.com/' }
-  let(:query)         { 'item=html/about.html' }
-  let(:query_param)   { 'item' }
-  let(:payload)       { 'test payload' }
-  subject do
-    exploit_class.new(
-      payload: payload,
-      params: {
-        base_url: base_url
-      }
-    )
-  end
-  it "must define a 'format' param" do
-    expect(described_class.params[:format]).to_not be(nil)
-    expect(described_class.params[:format].type).to be_kind_of(Ronin::Core::Params::Types::Enum)
-    expect(described_class.params[:format].type.values).to eq([:http, :curl])
-    expect(described_class.params[:format].desc).to eq('Output format')
-  end
-  describe "#format_exploit" do
-    context "when the 'format' param is :http" do
-      subject do
-        exploit_class.new(
-          payload: payload,
-          params: {
-            base_url: base_url,
-            format:   :http
-          }
-        )
-      end
-      it "must call #to_http on the #vuln object" do
-        expect(subject.format_exploit).to eq(subject.vuln.to_http(payload))
-      end
-    end
-    context "when the 'format' param is :curl" do
-      subject do
-        exploit_class.new(
-          payload: payload,
-          params: {
-            base_url: base_url,
-            format:   :curl
-          }
-        )
-      end
-      it "must call #to_curl on the #vuln object" do
-        expect(subject.format_exploit).to eq(subject.vuln.to_curl(payload))
-      end
-    end
-  end
-  describe "#launch" do
-    context "when the 'format' param is :http" do
-      subject do
-        exploit_class.new(
-          payload: payload,
-          params: {
-            base_url: base_url,
-            format:   :http
-          }
-        )
-      end
-      it "must print out a message and the exploit formatted as an HTTP request" do
-        expect(subject).to receive(:print_info).with("Copy and paste the following exploit:")
-        expect(subject).to receive(:puts)
-        expect(subject).to receive(:puts).with(subject.vuln.to_http(payload))
-        expect(subject).to receive(:puts)
-        subject.launch
-      end
-    end
-    context "when the 'format' param is :curl" do
-      subject do
-        exploit_class.new(
-          payload: payload,
-          params: {
-            base_url: base_url,
-            format:   :curl
-          }
-        )
-      end
-      it "must print out a message and the exploit formatted as an HTTP request" do
-        expect(subject).to receive(:print_info).with("Copy and paste the following exploit:")
-        expect(subject).to receive(:puts)
-        expect(subject).to receive(:puts).with(subject.vuln.to_curl(payload))
-        expect(subject).to receive(:puts)
-        subject.launch
-      end
-    end
-  end
-end