ronin-exploits 1.0.0.beta2 → 1.0.0.beta3

data/spec/lfi_spec.rb

@@ -1,162 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/lfi'
-
-describe Ronin::Exploits::LFI do
-  module TestLFI
-    class TestExploit < Ronin::Exploits::LFI
-      base_path   '/Templatize.asp'
-      query_param 'item'
-    end
-  end
-
-  let(:exploit_class) { TestLFI::TestExploit }
-  let(:base_url)      { 'http://testasp.vulnweb.com/' }
-  let(:query)         { 'item=html/about.html' }
-  let(:query_param)   { 'item' }
-
-  subject do
-    exploit_class.new(
-      params: {
-        base_url: base_url
-      }
-    )
-  end
-
-  describe ".depth" do
-    subject { exploit_class }
-
-    context "and when depth is not set in the class" do
-      module TestLFI
-        class WithNoDepthSet < Ronin::Exploits::LFI
-        end
-      end
-
-      let(:exploit_class) { TestLFI::WithNoDepthSet }
-
-      it "must default to Ronin::Vulns::LFI::DEFAULT_DEPTH" do
-        expect(subject.depth).to be(Ronin::Vulns::LFI::DEFAULT_DEPTH)
-      end
-    end
-
-    context "and when depth is set in the class" do
-      module TestLFI
-        class WithDepthSet < Ronin::Exploits::LFI
-          depth 5
-        end
-      end
-
-      let(:exploit_class) { TestLFI::WithDepthSet }
-
-      it "must return the set depth" do
-        expect(subject.depth).to eq(5)
-      end
-    end
-
-    context "but when the depth was set in the superclass" do
-      module TestLFI
-        class InheritsItsDepth < WithDepthSet
-        end
-      end
-
-      let(:exploit_class) { TestLFI::InheritsItsDepth }
-
-      it "must return the depth set in the superclass" do
-        expect(subject.depth).to eq(5)
-      end
-
-      context "but the depth is overridden in the sub-class" do
-        module TestLFI
-          class OverridesItsInheritedDepth < WithDepthSet
-            depth 7
-          end
-        end
-
-        let(:exploit_class) do
-          TestLFI::OverridesItsInheritedDepth
-        end
-
-        it "must return the depth set in the sub-class" do
-          expect(subject.depth).to eq(7)
-        end
-      end
-    end
-  end
-
-  describe ".exploit_type" do
-    subject { described_class }
-
-    it { expect(subject.exploit_type).to eq(:lfi) }
-  end
-
-  describe "#vuln" do
-    it "must return a Ronin::Vulns::LFI object" do
-      expect(subject.vuln).to be_kind_of(Ronin::Vulns::LFI)
-    end
-
-    it "must set the #url attribute of the LFI vuln object" do
-      expect(subject.vuln.url).to eq(subject.url)
-    end
-
-    it "must default the #os attribute of the LFI vuln object to :unix" do
-      expect(subject.vuln.os).to be(:unix)
-    end
-
-    context "when the 'os' param is set" do
-      let(:os) { :windows }
-
-      subject do
-        exploit_class.new(
-          params: {
-            base_url: base_url,
-            os:       os
-          }
-        )
-      end
-
-      it "must set the #os attribute of the LFI vuln object to the 'os' param" do
-        expect(subject.vuln.os).to eq(os)
-      end
-    end
-
-    it "must default the #depth attribute of the LFI vuln object to Ronin::Vulns::DEFAULT_DEPTH" do
-      expect(subject.vuln.depth).to be(Ronin::Vulns::LFI::DEFAULT_DEPTH)
-    end
-
-    context "when the exploit class defines a custom depth" do
-      module TestLFI
-        class TestExploitWithDepth < Ronin::Exploits::LFI
-          base_path   '/Templatize.asp'
-          query_param 'item'
-          depth       10
-        end
-      end
-
-      let(:exploit_class) { TestLFI::TestExploitWithDepth }
-
-      it "must set the #depth attribute of the LFI vuln object to the exploit class'es depth" do
-        expect(subject.vuln.depth).to eq(exploit_class.depth)
-      end
-    end
-
-    it "must not set the #filter_bypass attribute of the LFI vuln object by default" do
-      expect(subject.vuln.filter_bypass).to be(nil)
-    end
-
-    context "when the 'filter_bypass' param is set" do
-      let(:filter_bypass) { :base64 }
-
-      subject do
-        exploit_class.new(
-          params: {
-            base_url:      base_url,
-            filter_bypass: filter_bypass
-          }
-        )
-      end
-
-      it "must set the #filter_bypass attribute of the LFI vuln object to the 'filter_bypass' param" do
-        expect(subject.vuln.filter_bypass).to eq(filter_bypass)
-      end
-    end
-  end
-end

data/spec/loot/file_spec.rb

@@ -1,131 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/loot/file'
-
-require 'tmpdir'
-
-describe Ronin::Exploits::Loot::File do
-  let(:path)     { 'test.txt' }
-  let(:contents) { 'this is a test' }
-
-  subject { described_class.new(path,contents) }
-
-  describe "#initialize" do
-    it "must set #path" do
-      expect(subject.path).to eq(path)
-    end
-
-    it "must set #contents" do
-      expect(subject.contents).to eq(contents)
-    end
-
-    it "must default #format to nil" do
-      expect(subject.format).to be(nil)
-    end
-
-    context "when given the format: keyword argument" do
-      let(:format) { :json }
-
-      subject { described_class.new(path,contents, format: format) }
-
-      it "must set #format" do
-        expect(subject.format).to be(format)
-      end
-    end
-  end
-
-  describe "#to_s" do
-    context "when #format is nil" do
-      it "must return the #contents" do
-        expect(subject.contents).to eq(contents)
-      end
-
-      context "when #contents is not a String" do
-        let(:contents) { 42 }
-
-        it "must call #to_s on #contents" do
-          expect(subject.to_s).to eq(contents.to_s)
-        end
-      end
-    end
-
-    context "when #format is :json" do
-      let(:contents) do
-        [true, 42, 1.0, [], {}]
-      end
-      let(:format) { :json }
-
-      subject { described_class.new(path,contents, format: format) }
-
-      it "must convert #contents to pretty JSON" do
-        expect(subject.to_s).to eq(JSON.pretty_generate(contents))
-      end
-    end
-
-    context "when #format is :yaml" do
-      let(:contents) do
-        {foo: true, bar: {baz: 42}}
-      end
-      let(:format) { :yaml }
-
-      subject { described_class.new(path,contents, format: format) }
-
-      it "must convert #contents to YAML" do
-        expect(subject.to_s).to eq(YAML.dump(contents))
-      end
-    end
-
-    context "when #format is :csv" do
-      let(:contents) do
-        [
-          %w[A   B   C  ],
-          %w[foo bar baz]
-        ]
-      end
-      let(:format) { :csv }
-
-      subject { described_class.new(path,contents, format: format) }
-
-      it "must convert #contents to CSV" do
-        expect(subject.to_s).to eq(
-          contents.map(&:to_csv).join
-        )
-      end
-    end
-
-    context "when #format is an unknown value" do
-      let(:format) { :foo }
-
-      subject { described_class.new(path,contents, format: format) }
-
-      it do
-        expect {
-          subject.to_s
-        }.to raise_error(NotImplementedError,"unsupported loot format: #{format.inspect}")
-      end
-    end
-  end
-
-  describe "#save" do
-    let(:output_dir) { Dir.mktmpdir('ronin-exploits-loot') }
-
-    before { subject.save(output_dir) }
-
-    it "must write the #contents to the #path within the output directory" do
-      expect(File.read(File.join(output_dir,path))).to eq(contents)
-    end
-
-    context "when the path is a multi-directory relative path" do
-      let(:path) { 'path/to/test.txt' }
-
-      it "must create the parent directories" do
-        parent_dir = File.dirname(File.join(output_dir,path))
-
-        expect(File.directory?(parent_dir)).to be(true)
-      end
-
-      it "must write the #contents to the #path within the output directory" do
-        expect(File.read(File.join(output_dir,path))).to eq(contents)
-      end
-    end
-  end
-end

data/spec/loot_spec.rb

@@ -1,138 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/loot'
-
-require 'tmpdir'
-
-describe Ronin::Exploits::Loot do
-  describe "#initialize" do
-    it "must initialize the loot store to being empty" do
-      expect(subject).to be_empty
-    end
-  end
-
-  describe "#add" do
-    let(:path)     { 'test.txt' }
-    let(:contents) { 'this is a set' }
-
-    it "must add a File to the loot store with the given path and contents" do
-      subject.add(path,contents)
-
-      expect(subject[path]).to be_kind_of(described_class::File)
-      expect(subject[path].contents).to eq(contents)
-    end
-
-    context "when the format: keyword argument is given" do
-      let(:format) { :json }
-
-      it "must set the #format of the loot file" do
-        subject.add(path,contents, format: format)
-
-        expect(subject[path]).to be_kind_of(described_class::File)
-        expect(subject[path].format).to be(format)
-      end
-    end
-  end
-
-  describe "#[]" do
-    context "when given a path of a previously added loot file" do
-      let(:path)     { 'test.txt' }
-      let(:contents) { 'this is a set' }
-
-      before { subject.add(path,contents) }
-
-      it "must return the #{described_class}::File object for the given path" do
-        expect(subject[path]).to be_kind_of(described_class::File)
-        expect(subject[path].contents).to eq(contents)
-      end
-    end
-
-    context "when the given path does not map to a loot file in the loot store" do
-      let(:path) { 'foo' }
-
-      it "must return nil" do
-        expect(subject[path]).to be(nil)
-      end
-    end
-  end
-
-  describe "#each" do
-    let(:path1)     { 'test1.txt' }
-    let(:contents1) { 'test 1' }
-
-    let(:path2)     { 'test2.txt' }
-    let(:contents2) { 'test 2' }
-
-    before do
-      subject.add(path1,contents1)
-      subject.add(path2,contents2)
-    end
-
-    context "when given a block" do
-      it "must yield every #{described_class}::File in the loot store" do
-        expect { |b|
-          subject.each(&b)
-        }.to yield_successive_args(subject[path1], subject[path2])
-      end
-    end
-
-    context "when no block is given" do
-      it "must return an Enumerator for #each" do
-        expect(subject.each.to_a).to eq([subject[path1], subject[path2]])
-      end
-    end
-  end
-
-  describe "#empty?" do
-    context "when the loot store contains loot files" do
-      let(:path)     { 'test.txt' }
-      let(:contents) { 'this is a set' }
-
-      before { subject.add(path,contents) }
-
-      it "must return false" do
-        expect(subject.empty?).to be(false)
-      end
-    end
-
-    context "when the loot store does not contain loot files" do
-      it "must return true" do
-        expect(subject.empty?).to be(true)
-      end
-    end
-  end
-
-  describe "#save" do
-    context "when the loot store contains loot files" do
-      let(:path1)     { 'test1.txt' }
-      let(:contents1) { 'test 1' }
-
-      let(:path2)     { 'test2.txt' }
-      let(:contents2) { 'test 2' }
-
-      let(:output_dir) { Dir.mktmpdir('ronin-exploits-loot') }
-
-      before do
-        subject.add(path1,contents1)
-        subject.add(path2,contents2)
-        subject.save(output_dir)
-      end
-
-      it "must save each loot file into the output directory" do
-        expect(File.read(File.join(output_dir,path1))).to eq(contents1)
-        expect(File.read(File.join(output_dir,path2))).to eq(contents2)
-      end
-    end
-
-    context "when the loot store is empty" do
-      let(:output_dir) do
-        File.join(Dir.mktmpdir('ronin-exploits-loot'),'new_dir')
-      end
-
-      before { subject.save(output_dir) }
-
-      it "must still create the output directory" do
-        expect(File.directory?(output_dir)).to be(true)
-      end
-    end
-  end
-end

data/spec/memory_corruption_spec.rb

@@ -1,22 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/memory_corruption'
-
-describe Ronin::Exploits::MemoryCorruption do
-  it "must inherit from Ronin::Exploits::Exploit" do
-    expect(described_class).to be < Ronin::Exploits::Exploit
-  end
-
-  it "must include Ronin::Exploits::Metadata::Arch" do
-    expect(described_class).to include(Ronin::Exploits::Metadata::Arch)
-  end
-
-  it "must include Ronin::Exploits::Metadata::OS" do
-    expect(described_class).to include(Ronin::Exploits::Metadata::OS)
-  end
-
-  describe ".exploit_type" do
-    subject { described_class }
-
-    it { expect(subject.exploit_type).to eq(:memory_corruption) }
-  end
-end

data/spec/metadata/arch_spec.rb

@@ -1,82 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/metadata/arch'
-
-describe Ronin::Exploits::Metadata::Arch do
-  module TestMetadataArch
-    class WithNoArchSet
-      include Ronin::Exploits::Metadata::Arch
-    end
-
-    class WithArchSet
-      include Ronin::Exploits::Metadata::Arch
-
-      arch :x86_64
-    end
-
-    class InheritsItsArch < WithArchSet
-      include Ronin::Exploits::Metadata::Arch
-    end
-
-    class OverridesItsInheritedArch < WithArchSet
-      include Ronin::Exploits::Metadata::Arch
-
-      arch :armbe
-    end
-  end
-
-  describe ".arch" do
-    subject { test_class }
-
-    context "and when arch is not set in the class" do
-      let(:test_class) { TestMetadataArch::WithNoArchSet }
-
-      it "must default to nil" do
-        expect(subject.arch).to be(nil)
-      end
-    end
-
-    context "and when arch is set in the class" do
-      let(:test_class) { TestMetadataArch::WithArchSet }
-
-      it "must return the set arch" do
-        expect(subject.arch).to eq(:x86_64)
-      end
-    end
-
-    context "but when the arch was set in the superclass" do
-      let(:test_class) { TestMetadataArch::InheritsItsArch }
-
-      it "must return the arch set in the superclass" do
-        expect(subject.arch).to eq(:x86_64)
-      end
-
-      context "but the arch is overridden in the sub-class" do
-        let(:test_class) { TestMetadataArch::OverridesItsInheritedArch }
-
-        it "must return the arch set in the sub-class" do
-          expect(subject.arch).to eq(:armbe)
-        end
-      end
-    end
-  end
-
-  describe "#arch" do
-    subject { test_class.new }
-
-    context "when the Exploit class has .arch set" do
-      let(:test_class) { TestMetadataArch::WithArchSet }
-
-      it "must return the Exploit class'es .arch" do
-        expect(subject.arch).to eq(test_class.arch)
-      end
-    end
-
-    context "when the Exploit class does not have .arch set" do
-      let(:test_class) { TestMetadataArch::WithNoArchSet }
-
-      it "must return nil" do
-        expect(subject.arch).to be(nil)
-      end
-    end
-  end
-end

data/spec/metadata/cookie_param_spec.rb

@@ -1,67 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/metadata/cookie_param'
-
-describe Ronin::Exploits::Metadata::CookieParam do
-  describe ".cookie_param" do
-    subject { test_class }
-
-    context "and when cookie_param is not set in the class" do
-      module TestMetadataCookieParam
-        class WithNoCookieParamSet
-          include Ronin::Exploits::Metadata::CookieParam
-        end
-      end
-
-      let(:test_class) { TestMetadataCookieParam::WithNoCookieParamSet }
-
-      it "must default to nil" do
-        expect(subject.cookie_param).to be(nil)
-      end
-    end
-
-    context "and when cookie_param is set in the class" do
-      module TestMetadataCookieParam
-        class WithCookieParamSet
-          include Ronin::Exploits::Metadata::CookieParam
-
-          cookie_param 'test'
-        end
-      end
-
-      let(:test_class) { TestMetadataCookieParam::WithCookieParamSet }
-
-      it "must return the set cookie_param" do
-        expect(subject.cookie_param).to eq("test")
-      end
-    end
-
-    context "but when the cookie_param was set in the superclass" do
-      module TestMetadataCookieParam
-        class InheritsItsCookieParam < WithCookieParamSet
-        end
-      end
-
-      let(:test_class) { TestMetadataCookieParam::InheritsItsCookieParam }
-
-      it "must return the cookie_param set in the superclass" do
-        expect(subject.cookie_param).to eq("test")
-      end
-
-      context "but the cookie_param is overridden in the sub-class" do
-        module TestMetadataCookieParam
-          class OverridesItsInheritedCookieParam < WithCookieParamSet
-            cookie_param "test2"
-          end
-        end
-
-        let(:test_class) do
-          TestMetadataCookieParam::OverridesItsInheritedCookieParam
-        end
-
-        it "must return the cookie_param set in the sub-class" do
-          expect(subject.cookie_param).to eq("test2")
-        end
-      end
-    end
-  end
-end

data/spec/metadata/default_filename_spec.rb

@@ -1,62 +0,0 @@
-require 'spec_helper'
-require 'ronin/exploits/metadata/default_filename'
-
-describe Ronin::Exploits::Metadata::DefaultFilename do
-  module TestMetadataDefaultFilename
-    class WithNoDefaultFilenameSet
-      include Ronin::Exploits::Metadata::DefaultFilename
-    end
-
-    class WithDefaultFilenameSet
-      include Ronin::Exploits::Metadata::DefaultFilename
-
-      default_filename 'exploit.docx'
-    end
-
-    class InheritsItsDefaultFilename < WithDefaultFilenameSet
-      include Ronin::Exploits::Metadata::DefaultFilename
-    end
-
-    class OverridesItsInheritedDefaultFilename < WithDefaultFilenameSet
-      include Ronin::Exploits::Metadata::DefaultFilename
-
-      default_filename 'exploit2.docx'
-    end
-  end
-
-  describe ".default_filename" do
-    subject { test_class }
-
-    context "and when default filename is not set in the class" do
-      let(:test_class) { TestMetadataDefaultFilename::WithNoDefaultFilenameSet }
-
-      it "must default to nil" do
-        expect(subject.default_filename).to be(nil)
-      end
-    end
-
-    context "and when default filename is set in the class" do
-      let(:test_class) { TestMetadataDefaultFilename::WithDefaultFilenameSet }
-
-      it "must return the set default_filename" do
-        expect(subject.default_filename).to eq('exploit.docx')
-      end
-    end
-
-    context "but when the default filename was set in the superclass" do
-      let(:test_class) { TestMetadataDefaultFilename::InheritsItsDefaultFilename }
-
-      it "must return the default filename set in the superclass" do
-        expect(subject.default_filename).to eq('exploit.docx')
-      end
-
-      context "but the default filename is overridden in the sub-class" do
-        let(:test_class) { TestMetadataDefaultFilename::OverridesItsInheritedDefaultFilename }
-
-        it "must return the default filename set in the sub-class" do
-          expect(subject.default_filename).to eq('exploit2.docx')
-        end
-      end
-    end
-  end
-end