ronin-exploits 1.0.0.beta2 → 1.0.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ruby.yml +1 -0
  3. data/README.md +4 -0
  4. data/gemspec.yml +3 -1
  5. data/lib/ronin/exploits/cli/commands/run.rb +55 -5
  6. data/lib/ronin/exploits/version.rb +1 -1
  7. data/ronin-exploits.gemspec +2 -1
  8. metadata +10 -115
  9. data/spec/advisory_spec.rb +0 -71
  10. data/spec/cli/exploit_command_spec.rb +0 -68
  11. data/spec/cli/exploit_methods_spec.rb +0 -208
  12. data/spec/cli/ruby_shell_spec.rb +0 -14
  13. data/spec/client_side_web_vuln_spec.rb +0 -117
  14. data/spec/exploit_spec.rb +0 -538
  15. data/spec/exploits_spec.rb +0 -8
  16. data/spec/heap_overflow_spec.rb +0 -14
  17. data/spec/lfi_spec.rb +0 -162
  18. data/spec/loot/file_spec.rb +0 -131
  19. data/spec/loot_spec.rb +0 -138
  20. data/spec/memory_corruption_spec.rb +0 -22
  21. data/spec/metadata/arch_spec.rb +0 -82
  22. data/spec/metadata/cookie_param_spec.rb +0 -67
  23. data/spec/metadata/default_filename_spec.rb +0 -62
  24. data/spec/metadata/default_port_spec.rb +0 -62
  25. data/spec/metadata/header_name_spec.rb +0 -67
  26. data/spec/metadata/os_spec.rb +0 -164
  27. data/spec/metadata/shouts_spec.rb +0 -100
  28. data/spec/metadata/url_path_spec.rb +0 -67
  29. data/spec/metadata/url_query_param_spec.rb +0 -67
  30. data/spec/mixins/binary_spec.rb +0 -129
  31. data/spec/mixins/build_dir.rb +0 -66
  32. data/spec/mixins/file_builder_spec.rb +0 -67
  33. data/spec/mixins/format_string_spec.rb +0 -44
  34. data/spec/mixins/has_payload_spec.rb +0 -333
  35. data/spec/mixins/has_targets_spec.rb +0 -434
  36. data/spec/mixins/html_spec.rb +0 -772
  37. data/spec/mixins/http_spec.rb +0 -1227
  38. data/spec/mixins/loot_spec.rb +0 -20
  39. data/spec/mixins/nops_spec.rb +0 -165
  40. data/spec/mixins/remote_tcp_spec.rb +0 -217
  41. data/spec/mixins/remote_udp_spec.rb +0 -217
  42. data/spec/mixins/seh_spec.rb +0 -89
  43. data/spec/mixins/stack_overflow_spec.rb +0 -87
  44. data/spec/mixins/text_spec.rb +0 -43
  45. data/spec/open_redirect_spec.rb +0 -71
  46. data/spec/params/base_url_spec.rb +0 -71
  47. data/spec/params/bind_host_spec.rb +0 -34
  48. data/spec/params/bind_port_spec.rb +0 -35
  49. data/spec/params/filename_spec.rb +0 -77
  50. data/spec/params/host_spec.rb +0 -34
  51. data/spec/params/port_spec.rb +0 -77
  52. data/spec/rfi_spec.rb +0 -107
  53. data/spec/seh_overflow_spec.rb +0 -18
  54. data/spec/spec_helper.rb +0 -8
  55. data/spec/sqli_spec.rb +0 -306
  56. data/spec/ssti_spec.rb +0 -121
  57. data/spec/stack_overflow_spec.rb +0 -18
  58. data/spec/target_spec.rb +0 -92
  59. data/spec/test_result_spec.rb +0 -32
  60. data/spec/use_after_free_spec.rb +0 -14
  61. data/spec/web_spec.rb +0 -12
  62. data/spec/web_vuln_spec.rb +0 -854
  63. data/spec/xss_spec.rb +0 -69
@@ -1,66 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/mixins/build_dir'
3
-
4
- require 'ronin/exploits/exploit'
5
-
6
- describe Ronin::Exploits::Mixins::BuildDir do
7
- module TestBuildDirMixin
8
- class TestExploit < Ronin::Exploits::Exploit
9
- include Ronin::Exploits::Mixins::BuildDir
10
-
11
- id 'test-exploit'
12
-
13
- def build
14
- @exploit = 'built exploit'
15
- end
16
- end
17
- end
18
-
19
- let(:exploit_class) { TestBuildDirMixin::TestExploit }
20
- subject { exploit_class.new }
21
-
22
- describe "#perform_build" do
23
- it "must set #build_dir to a temporary directory using the exploit ID then build the exploit" do
24
- expect(subject).to receive(:build)
25
-
26
- subject.perform_build
27
-
28
- expect(subject.build_dir).to match(%r{\A/tmp/ronin-exploit-#{exploit_class.id}-\d+-\d+-[a-z0-9]+\z})
29
- expect(File.directory?(subject.build_dir)).to be(true)
30
- end
31
-
32
- context "when the exploit ID contains a '/'" do
33
- module TestBuildDirmixin
34
- class TestExploitWithDirSeparatorInID < Ronin::Exploits::Exploit
35
- include Ronin::Exploits::Mixins::BuildDir
36
-
37
- id 'test/exploit'
38
-
39
- def build
40
- @exploit = 'built exploit'
41
- end
42
- end
43
- end
44
-
45
- let(:exploit_class) { TestBuildDirmixin::TestExploitWithDirSeparatorInID }
46
-
47
- it "must replace any '/' characters with a '-'" do
48
- subject.perform_build
49
-
50
- expect(subject.build_dir).to match(%r{\A/tmp/ronin-exploit-test-exploit-\d+-\d+-[a-z0-9]+\z})
51
- end
52
- end
53
- end
54
-
55
- describe "#perform_cleanup" do
56
- it "must delete #build_dir" do
57
- subject.perform_build
58
-
59
- build_dir = subject.build_dir
60
-
61
- subject.perform_cleanup
62
-
63
- expect(File.exist?(build_dir)).to be(false)
64
- end
65
- end
66
- end
@@ -1,67 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/mixins/file_builder'
3
-
4
- require 'ronin/exploits/exploit'
5
- require 'fileutils'
6
- require 'tmpdir'
7
-
8
- describe Ronin::Exploits::Mixins::FileBuilder do
9
- module TestFileBuilder
10
- class TestExploit < Ronin::Exploits::Exploit
11
- include Ronin::Exploits::Mixins::FileBuilder
12
- end
13
- end
14
-
15
- let(:exploit_class) { TestFileBuilder::TestExploit }
16
-
17
- it "must also include Ronin::Exploits::Params::Filename" do
18
- expect(exploit_class).to include(Ronin::Exploits::Params::Filename)
19
- end
20
-
21
- subject { exploit_class.new }
22
-
23
- describe "#build_file" do
24
- before(:all) do
25
- @old_cwd = Dir.pwd
26
- Dir.chdir(Dir.tmpdir)
27
- end
28
-
29
- let(:contents) { 'hello world' }
30
-
31
- context "when given no arguments are given" do
32
- context "when #filename returns a filename" do
33
- let(:filename) { 'test-file.txt' }
34
-
35
- subject do
36
- exploit_class.new(params: {filename: filename})
37
- end
38
-
39
- it "must open a file for #filename in the current directory for writing" do
40
- subject.build_file do |file|
41
- file.write(contents)
42
- end
43
-
44
- expect(File.read(filename)).to eq(contents)
45
- end
46
-
47
- after { FileUtils.rm(filename) }
48
- end
49
- end
50
-
51
- context "when a name argument is given" do
52
- let(:name) { 'explicit-test-file.txt' }
53
-
54
- it "must open a file with the given name in the current directory for writing" do
55
- subject.build_file(name) do |file|
56
- file.write(contents)
57
- end
58
-
59
- expect(File.read(name)).to eq(contents)
60
- end
61
-
62
- after { FileUtils.rm(name) }
63
- end
64
-
65
- after { Dir.chdir(@old_cwd) }
66
- end
67
- end
@@ -1,44 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/mixins/format_string'
3
-
4
- require 'ronin/exploits/exploit'
5
- require 'ronin/exploits/metadata/arch'
6
- require 'ronin/exploits/metadata/os'
7
-
8
- describe Ronin::Exploits::Mixins::FormatString do
9
- module TestFormatString
10
- class TestExploit < Ronin::Exploits::Exploit
11
- include Ronin::Exploits::Metadata::Arch
12
- include Ronin::Exploits::Metadata::OS
13
- include Ronin::Exploits::Mixins::FormatString
14
-
15
- arch :x86
16
- os :linux
17
- end
18
- end
19
-
20
- let(:exploit_class) { TestFormatString::TestExploit }
21
- subject { exploit_class.new }
22
-
23
- describe "#build_format_string" do
24
- let(:pop_length) { 256 }
25
- let(:overwrite) { 0xffffaaaa }
26
- let(:address) { 0xffffbbbb }
27
- let(:payload) { "shellcode here".b }
28
-
29
- it "must create a '%.DDDd%DDD$hn%.DDDd%DDD$hn' format string using the pop_length, overwrite, address, and payload" do
30
- format_string = subject.build_format_string(
31
- overwrite: overwrite,
32
- pop_length: pop_length,
33
- address: address,
34
- payload: payload
35
- )
36
-
37
- expect(format_string).to eq(
38
- [overwrite, overwrite+2].pack('L<2') +
39
- "%.16759731d%256$hn%.1056965709d%257$hn" +
40
- payload
41
- )
42
- end
43
- end
44
- end
@@ -1,333 +0,0 @@
1
- require 'spec_helper'
2
- require 'ronin/exploits/mixins/has_payload'
3
- require 'ronin/exploits/exploit'
4
- require 'ronin/payloads/payload'
5
-
6
- describe Ronin::Exploits::Mixins::HasPayload do
7
- module TestHasPayload
8
- class TestPayload < Ronin::Payloads::Payload
9
- end
10
-
11
- class InheritedPayload < TestPayload
12
- end
13
-
14
- class TestOtherPayload < Ronin::Payloads::Payload
15
- end
16
-
17
- class WithNoPayloadClass < Ronin::Exploits::Exploit
18
- include Ronin::Exploits::Mixins::HasPayload
19
- end
20
-
21
- class WithPayloadClass < Ronin::Exploits::Exploit
22
- include Ronin::Exploits::Mixins::HasPayload
23
-
24
- payload_class TestPayload
25
- end
26
-
27
- class InheritesPayloadClass < WithPayloadClass
28
- end
29
-
30
- class InheritesAndOverridesPayloadClass < WithPayloadClass
31
- payload_class TestOtherPayload
32
- end
33
- end
34
-
35
- describe ".payload_class" do
36
- subject { test_class }
37
-
38
- context "when there is no payload_class set in the Exploit class" do
39
- let(:test_class) { TestHasPayload::WithNoPayloadClass }
40
-
41
- it "must default to Ronin::Payloads::Payload" do
42
- expect(subject.payload_class).to be(Ronin::Payloads::Payload)
43
- end
44
- end
45
-
46
- context "when the payload_class has been set in the Exploit class" do
47
- let(:test_class) { TestHasPayload::WithPayloadClass }
48
-
49
- it "must contain Ronin::Exploits::Target objects" do
50
- expect(subject.payload_class).to be(TestHasPayload::TestPayload)
51
- end
52
- end
53
-
54
- context "when the super-class sets the payload_class" do
55
- let(:test_class) { TestHasPayload::InheritesPayloadClass }
56
- let(:super_class) { test_class.superclass }
57
-
58
- it "must inherit the targets from the super-class" do
59
- expect(subject.payload_class).to be(super_class.payload_class)
60
- end
61
-
62
- context "but the sub-class overrides the payload_class" do
63
- let(:test_class) { TestHasPayload::InheritesAndOverridesPayloadClass }
64
-
65
- it "must override the payload_class" do
66
- expect(subject.payload_class).to be(TestHasPayload::TestOtherPayload)
67
- end
68
-
69
- it "must not modify the superclass'es payload_class" do
70
- expect(super_class.payload_class).to be(TestHasPayload::TestPayload)
71
- end
72
- end
73
- end
74
- end
75
-
76
- let(:test_class) { TestHasPayload::WithPayloadClass }
77
-
78
- describe "#initialize" do
79
- context "when no payload: keyword argument is given" do
80
- subject { test_class.new }
81
-
82
- it "must set #payload to nil" do
83
- expect(subject.payload).to be(nil)
84
- end
85
- end
86
-
87
- context "when the payload: keyword argument is given" do
88
- subject { test_class.new(payload: payload) }
89
-
90
- context "and it's a Ronin::Payloads::Payload type object" do
91
- context "and the Exploit class has not defined a payload_class" do
92
- let(:test_class) { TestHasPayload::WithNoPayloadClass }
93
- let(:payload) { TestHasPayload::TestPayload.new }
94
-
95
- it "must set #payload" do
96
- expect(subject.payload).to be(payload)
97
- end
98
- end
99
-
100
- context "but the Exploit has defined a payload_class" do
101
- let(:test_class) { TestHasPayload::WithPayloadClass }
102
-
103
- context "and the given payload object is a kind of payload_class" do
104
- let(:payload) { test_class.payload_class.new }
105
-
106
- it "must set #payload" do
107
- expect(subject.payload).to be(payload)
108
- end
109
- end
110
-
111
- context "and the given payload object inherits from payload_class" do
112
- let(:payload) { TestHasPayload::InheritedPayload.new }
113
-
114
- it "must set #payload" do
115
- expect(subject.payload).to be(payload)
116
- end
117
- end
118
-
119
- context "but the given payload is not a kind of payload_class" do
120
- let(:payload) { TestHasPayload::TestOtherPayload.new }
121
-
122
- it do
123
- expect {
124
- test_class.new(payload: payload)
125
- }.to raise_error(Ronin::Exploits::IncompatiblePayload,"incompatible payload, must be a #{test_class.payload_class} payload: #{payload.inspect}")
126
- end
127
- end
128
- end
129
- end
130
-
131
- context "and it's a String" do
132
- let(:payload) { "the payload" }
133
-
134
- subject { test_class.new(payload: payload) }
135
-
136
- it "must set #payload to the String" do
137
- expect(subject.payload).to be(payload)
138
- end
139
- end
140
- end
141
- end
142
-
143
- describe "#payload=" do
144
- subject { test_class.new }
145
-
146
- context "and it's a Ronin::Payloads::Payload type object" do
147
- context "and the Exploit class has not defined a payload_class" do
148
- let(:test_class) { TestHasPayload::WithNoPayloadClass }
149
- let(:payload) { TestHasPayload::TestPayload.new }
150
-
151
- before { subject.payload = payload }
152
-
153
- it "must set #payload" do
154
- expect(subject.payload).to be(payload)
155
- end
156
- end
157
-
158
- context "but the Exploit has defined a payload_class" do
159
- let(:test_class) { TestHasPayload::WithPayloadClass }
160
-
161
- context "and the given payload object is a kind of payload_class" do
162
- let(:payload) { test_class.payload_class.new }
163
-
164
- before { subject.payload = payload }
165
-
166
- it "must set #payload" do
167
- expect(subject.payload).to be(payload)
168
- end
169
- end
170
-
171
- context "and the given payload object inherits from payload_class" do
172
- let(:payload) { TestHasPayload::InheritedPayload.new }
173
-
174
- before { subject.payload = payload }
175
-
176
- it "must set #payload" do
177
- expect(subject.payload).to be(payload)
178
- end
179
- end
180
-
181
- context "but the given payload is not a kind of payload_class" do
182
- let(:payload) { TestHasPayload::TestOtherPayload.new }
183
-
184
- it do
185
- expect {
186
- subject.payload = payload
187
- }.to raise_error(Ronin::Exploits::IncompatiblePayload,"incompatible payload, must be a #{test_class.payload_class} payload: #{payload.inspect}")
188
- end
189
- end
190
- end
191
- end
192
-
193
- context "and it's a String" do
194
- let(:payload) { "the payload" }
195
-
196
- before { subject.payload = payload }
197
-
198
- it "must set #payload to the String" do
199
- expect(subject.payload).to be(payload)
200
- end
201
- end
202
- end
203
-
204
- describe "#perform_validate" do
205
- subject { test_class.new(payload: payload) }
206
-
207
- context "when #payload is nil" do
208
- let(:payload) { nil }
209
-
210
- it do
211
- expect {
212
- subject.perform_validate
213
- }.to raise_error(Ronin::Exploits::MissingPayload,"exploit requires a payload")
214
- end
215
- end
216
-
217
- context "when #payload is a Ronin::Payloads::Payload object" do
218
- let(:payload) { TestHasPayload::TestPayload.new }
219
-
220
- it "must also call the #payload's #validate_params" do
221
- expect(payload).to receive(:validate_params)
222
-
223
- subject.perform_validate
224
- end
225
- end
226
-
227
- context "when #payload is not a Ronin::Payloads::Payload object" do
228
- let(:payload) { "the payload" }
229
-
230
- it "must not call the #payload's #validate_params method" do
231
- expect(payload).to_not receive(:validate_params)
232
-
233
- subject.perform_validate
234
- end
235
- end
236
- end
237
-
238
- describe "#perform_build" do
239
- subject { test_class.new(payload: payload) }
240
-
241
- context "when #payload is a Ronin::Payloads::Payload object" do
242
- let(:payload) { TestHasPayload::TestPayload.new }
243
-
244
- it "must also call the #payload's #perform_build" do
245
- expect(payload).to receive(:perform_build)
246
-
247
- subject.perform_build
248
- end
249
- end
250
-
251
- context "when #payload is not a Ronin::Payloads::Payload object" do
252
- let(:payload) { "the payload" }
253
-
254
- it "must not call the #payload's #perform_build method" do
255
- expect(payload).to_not receive(:perform_build)
256
-
257
- subject.perform_build
258
- end
259
- end
260
- end
261
-
262
- describe "#perform_launch" do
263
- subject { test_class.new(payload: payload) }
264
-
265
- context "when #payload is a Ronin::Payloads::Payload object" do
266
- let(:payload) { TestHasPayload::TestPayload.new }
267
-
268
- it "must also call the #payload's #perform_prelaunch" do
269
- expect(payload).to receive(:perform_prelaunch)
270
-
271
- subject.perform_launch
272
- end
273
-
274
- context "but the Exploit's #launch method raises an exception" do
275
- module TestHasPayload
276
- class ExploitThatFailsToLaunch < Ronin::Exploits::Exploit
277
- include Ronin::Exploits::Mixins::HasPayload
278
-
279
- payload_class TestPayload
280
-
281
- def launch
282
- raise("error!")
283
- end
284
- end
285
- end
286
-
287
- let(:test_class) { TestHasPayload::ExploitThatFailsToLaunch }
288
-
289
- it "must call the #payload's #perform_cleanup method then re-raise the exception" do
290
- expect(payload).to receive(:perform_cleanup)
291
-
292
- expect {
293
- subject.perform_launch
294
- }.to raise_error("error!")
295
- end
296
- end
297
- end
298
-
299
- context "when #payload is not a Ronin::Payloads::Payload object" do
300
- let(:payload) { "the payload" }
301
-
302
- it "must not call the #payload's #perform_prelaunch method" do
303
- expect(payload).to_not receive(:perform_prelaunch)
304
-
305
- subject.perform_launch
306
- end
307
- end
308
- end
309
-
310
- describe "#perform_cleanup" do
311
- subject { test_class.new(payload: payload) }
312
-
313
- context "when #payload is a Ronin::Payloads::Payload object" do
314
- let(:payload) { TestHasPayload::TestPayload.new }
315
-
316
- it "must also call the #payload's #perform_cleanup" do
317
- expect(payload).to receive(:perform_cleanup)
318
-
319
- subject.perform_cleanup
320
- end
321
- end
322
-
323
- context "when #payload is not a Ronin::Payloads::Payload object" do
324
- let(:payload) { "the payload" }
325
-
326
- it "must not call the #payload's #perform_cleanup method" do
327
- expect(payload).to_not receive(:perform_cleanup)
328
-
329
- subject.perform_cleanup
330
- end
331
- end
332
- end
333
- end