ronin-exploits 1.0.0.beta3 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 850efd0369626bc57a83bf7d51ab1d8fc471bfe1472feee5720c80d7f064fdb5
-  data.tar.gz: b185d3383dc0549dd4aa9aa5e9df990a9554081028fb4cf2e49fd47332ffba7a
+  metadata.gz: 7c482725859543f95754cb4e3fd61e31326eec9a63c2f8d5f5f1e7a64e2bb29e
+  data.tar.gz: e35da617d9f8301d4fb5a3fff6eb77a17615c0477cdbbaa2e26e4b152a05af6b
 SHA512:
-  metadata.gz: 958a1be608668de05fd28d2baeb44d1e7be1765cae684a4110a3183d92647582e6d51921ea24347a562685750717faf5e6e33d62102947f7f11afa3c9b8e7d3b
-  data.tar.gz: 8dbb0fc9782bced0ea57d49f9f65181ee752776c52ae31f437c368affecbb7a44e288c4e6568ea030d48ee1afde343b3c2cef56d9c9ad2e0c66af68519e216ab
+  metadata.gz: 7a1b389e0283581e586a65729bb5994f1f8c0ccddee570117bf1746638a09d07b30eed9c13f777d064b436bec418df0697c9e86f39fbf7db1c86bb5e25b5755c
+  data.tar.gz: 857e56f993e8c55580ef358c8021ae526431607f3ed6188f1813e81dee6a91308dfe95cd2d32b1bf5284e5945f64abddd93893bc3e6211b5d0d350d6d99e31a7

data/.github/workflows/ruby.yml

@@ -30,3 +30,17 @@ jobs:
         run: bundle install --jobs 4 --retry 3
       - name: Run tests
         run: bundle exec rake test
+
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.rubocop.yml

@@ -0,0 +1,61 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+
+#
+# ronin-exploits specific exceptions
+#
+
+# Exploit#initialize exists for documentation purposes
+Lint/UselessMethodDefinition:
+  Exclude:
+    - 'lib/ronin/exploits/exploit.rb'
+
+# make an exception for the Vulnerable, NotVulnerable, and Unknown methods.
+Naming/MethodName:
+  AllowedPatterns:
+    - Vulnerable
+    - NotVulnerable
+    - Unknown
+
+# robucop mistakes :x86_64 for a "symbol number"
+Naming/VariableNumber:
+  AllowedIdentifiers:
+    - x86_64
+
+# we actually want to use OpenStruct for Ronin::Exploits::Target
+Style/OpenStructUse:
+  Exclude:
+    - 'lib/ronin/exploits/target.rb'
+    - 'spec/target_spec.rb'
+
+# aligning rows of columns vertically actually helps with readability
+Layout/SpaceInsideArrayPercentLiteral:
+  Exclude:
+    - 'spec/loot/file_spec.rb'
+
+# aligning rows of columns vertically actually helps with readability
+Layout/SpaceInsidePercentLiteralDelimiters:
+  Exclude:
+    - 'spec/loot/file_spec.rb'
+
+# I cannot think of good format string annotation names for the format-string
+Style/FormatStringToken:
+  Exclude:
+    - 'lib/ronin/exploits/mixins/format_string.rb'
+
+# `bp:` and `ip:` are OK keyword argument names
+Naming/MethodParameterName:
+  Exclude:
+    - 'lib/ronin/exploits/mixins/stack_overflow.rb'
+
+# `if !value.nil? ... else ...` and `if !value.empty?` ... else ...` are
+# acceptable. Otherwise prefer `unless ... else ...`.
+Style/NegatedIfElseCondition:
+  Exclude:
+    - 'lib/ronin/exploits/sqli.rb'
+    - 'lib/ronin/exploits/mixins/html.rb'

data/ChangeLog.md

@@ -1,4 +1,15 @@
-### 1.0.0 / 2023-XX-XX
+### 1.0.1 / 2023-03-01
+
+* Require [ronin-support] ~> 1.0, >= 1.0.1.
+* Require [ronin-payloads] ~> 0.1, >= 0.1.1.
+* Require [ronin-vulns] ~> 0.1, >= 0.1.1.
+
+#### CLI
+
+* Fixed multiple bugs in the `--encoder-param` option of the
+  `ronin-exploits run ` command.
+
+### 1.0.0 / 2023-02-01
 
 * Upgraded to the LGPL-3 license.
 * Require `ruby` >= 3.0.0.
@@ -291,7 +302,7 @@
     * Added the Exploit#target which will return the current selected
       target, or the first target of the exploit.
     * Added the Exploit#arch, Exploit#os and Exploit#product methods.
-    * Added the Exploit#verify_target!, Exploit#verify_arch!, 
+    * Added the Exploit#verify_target!, Exploit#verify_arch!,
       Exploit#verify_os! and Exploit#verify_product! methods.
     * Added Exploit#encoded_payload.
     * Added Exploit#encode_payload!.

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
@@ -37,7 +39,7 @@ group :development do
   gem 'rspec',           '~> 3.0'
   gem 'simplecov',       '~> 0.20'
 
-  gem 'kramdown',	       '~> 2.0'
+  gem 'kramdown',        '~> 2.0'
   gem 'kramdown-man',    '~> 0.1'
 
   gem 'redcarpet',       platform: :mri
@@ -47,4 +49,6 @@ group :development do
   gem 'dead_end',        require: false
   gem 'sord',            require: false, platform: :mri
   gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   '~> 0.2', require: false, platform: :mri
 end

data/README.md

@@ -18,7 +18,7 @@ ronin-exploits allows one to write exploits as plain old Ruby classes.
 ronin-exploits can be distributed as Ruby files or as git repositories that can
 be installed using [ronin-repos].
 
-**tl;dr** It's like a simpler version of
+**tl;dr** It's like a simpler and more modular version of
 [Metasploit](https://www.metasploit.com/).
 
 ronin-exploits is part of the [ronin-rb] project, a [Ruby] toolkit for security
@@ -26,22 +26,22 @@ research and development.
 
 ## Features
 
-* Provides a succinct syntax and API for writing exploits in as few lines as
-  possible.
-* Supports defining exploits as plain old Ruby classes.
+* Provides a succinct [syntax](#examples) and [API][docs-exploit] for writing
+  exploits in as few lines as possible.
+* Supports [defining exploits as plain old Ruby classes][docs-exploit].
 * Supports loading exploits from Ruby files or from installed 3rd-party
   git repositories.
 * Provides base classes and mixin modules for a variety of exploit types:
-  * Stack Overflows
-  * SEH Overflows
-  * Heap Overflows
-  * Use After Free (UAF)
-  * Open Redirect
-  * Local File Inclusions (LFI)
-  * Remote File Inclusions (RFI)
-  * SQL injections (SQLi)
-  * Cross-Site Scripting (XSS)
-  * Server-Side Template Injection (SSTI)
+  * [Stack Overflows][docs-stack-overflow]
+  * [SEH Overflows][docs-seh-overflow]
+  * [Heap Overflows][docs-heap-overflow]
+  * [Use After Free (UAF)][docs-use-after-free]
+  * [Open Redirect][docs-open-redirect]
+  * [Local File Inclusions (LFI)][docs-lfi]
+  * [Remote File Inclusions (RFI)][docs-rfi]
+  * [SQL injections (SQLi)][docs-sqli]
+  * [Cross-Site Scripting (XSS)][docs-xss]
+  * [Server-Side Template Injection (SSTI)][docs-ssti]
 * Uses the [ronin-payloads] library for exploit payloads.
 * Uses the [ronin-post_ex] library for post-exploitation.
 * Provides a simple CLI for listing, displaying, running, and generating new
@@ -50,6 +50,18 @@ research and development.
 * Has 86% documentation coverage.
 * Small memory footprint (~47Kb).
 
+[docs-exploit]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/Exploit.html
+[docs-stack-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/StackOverflow.html
+[docs-seh-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SEHOverflow.html
+[docs-heap-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/HeapOverflow.html
+[docs-use-after-free]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/UseAfterFree.html
+[docs-open-redirect]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/OpenRedirect.html
+[docs-lfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/LFI.html
+[docs-rfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/RFI.html
+[docs-sqli]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SQLI.html
+[docs-xss]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/XSS.html
+[docs-ssti]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SSTI.html
+
 ## Anti-Features
 
 * No magic: exploits are defined as classes in files.

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rubygems'
 
 begin
@@ -5,7 +7,7 @@ begin
 rescue LoadError => e
   warn e.message
   warn "Run `gem install bundler` to install Bundler."
-  exit -1
+  exit(-1)
 end
 
 begin

data/bin/ronin-exploits

@@ -1,17 +1,16 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'rubygems'
 
 root = File.expand_path(File.join(File.dirname(__FILE__),'..'))
 if File.file?(File.join(root,'Gemfile.lock'))
   Dir.chdir(root) do
-    begin
-      require 'bundler/setup'
-    rescue LoadError => e
-      warn e.message
-      warn "Run `gem install bundler` to install Bundler"
-      exit -1
-    end
+    require 'bundler/setup'
+  rescue LoadError => e
+    warn e.message
+    warn "Run `gem install bundler` to install Bundler"
+    exit(-1)
   end
 end
 

data/gemspec.yml

@@ -34,13 +34,13 @@ generated_files:
 dependencies:
   uri-query_params: ~> 0.6
   # Ronin dependencies:
-  ronin-support: ~> 1.0.0.beta1
-  ronin-code-sql: ~> 2.0.0.beta1
-  ronin-payloads: ~> 0.1.0.beta1
-  ronin-vulns: ~> 0.1.0.beta1
-  ronin-post_ex: ~> 0.1.0.beta1
-  ronin-core: ~> 0.1.0.beta1
-  ronin-repos: ~> 0.1.0.beta1
+  ronin-support: ~> 1.0, >= 1.0.1
+  ronin-code-sql: ~> 2.0
+  ronin-payloads: ~> 0.1, >= 0.1.1
+  ronin-vulns: ~> 0.1, >= 0.1.1
+  ronin-post_ex: ~> 0.1
+  ronin-core: ~> 0.1
+  ronin-repos: ~> 0.1
 
 development_dependencies:
   bundler: ~> 2.0

data/lib/ronin/exploits/advisory.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/command.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/commands/irb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/commands/list.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli/commands/new.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -44,7 +45,7 @@ module Ronin
         #     ronin-exploit new [options] FILE
         #
         # ## Options
-        # 
+        #
         #     -t exploit|heap_overflow|stack_overflow|web|open_redirect|lfi|rfi|sqli|ssti|xss,
         #         --type                       The type for the new exploit
         #     -a, --author NAME                The name of the author
@@ -198,7 +199,9 @@ module Ronin
                           type: Core::CLI::Options::Values::ARCHES
                         },
                         desc: 'The architecture to target' do |arch|
+                          # lazy initialize @target
                           @target ||= {}
+
                           @target[:arch] = arch
                         end
 
@@ -207,7 +210,9 @@ module Ronin
                         type: Core::CLI::Options::Values::OSES
                       },
                       desc: 'The Operating System (OS) to target' do |os|
+                        # lazy initialize @target
                         @target ||= {}
+
                         @target[:os] = os
                       end
 
@@ -216,7 +221,9 @@ module Ronin
                                 usage: 'VERSION'
                               },
                               desc: 'The OS version to target' do |ver|
+                                # lazy initialize @target
                                 @target ||= {}
+
                                 @target[:os_version] = ver
                               end
 
@@ -226,7 +233,9 @@ module Ronin
                               usage: 'NAME'
                             },
                             desc: 'The software to target' do |name|
+                              # lazy initialize @target
                               @target ||= {}
+
                               @target[:software] = name
                             end
 
@@ -236,7 +245,9 @@ module Ronin
                                       usage: 'ARCH'
                                     },
                                     desc: 'The software version to target' do |ver|
+                                      # lazy initialize @target
                                       @target ||= {}
+
                                       @target[:version] = ver
                                     end
 
@@ -252,7 +263,7 @@ module Ronin
           man_page 'ronin-exploits-new.1'
 
           #
-          # Initialies the `ronin-exploits new` command.
+          # Initializes the `ronin-exploits new` command.
           #
           # @param [Hash{Symbol => Object}] kwargs
           #   Additional keyword arguments.

data/lib/ronin/exploits/cli/commands/run.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -92,7 +93,7 @@ module Ronin
           # Payload options
           option :payload_file, value: {
                                   type: String,
-                                  usage: 'FILE',
+                                  usage: 'FILE'
                                 },
                                 desc: 'Load the payload from the given Ruby file'
           option :read_payload, value: {
@@ -130,7 +131,7 @@ module Ronin
                                   usage: 'FILE'
                                 },
                                 desc: 'Load the payload encoder from the Ruby file' do |file|
-                                  @load_encoders << [:file, file]
+                                  @encoders_to_load << [:file, file]
                                 end
 
           option :encoder, short: '-E',
@@ -139,18 +140,18 @@ module Ronin
                              usage: 'NAME'
                            },
                            desc: 'Loads the payload encoder by name' do |name|
-                             @load_encoders << [:name, name]
+                             @encoders_to_load << [:name, name]
                            end
 
           option :encoder_param, value: {
                                    type: /\A[^\.\=\s]+\.[^=\s]+=.+\z/,
                                    usage: 'ENCODER.NAME=VALUE'
                                  },
-                                 desc: 'Sets a param on the ENCODER' do
+                                 desc: 'Sets a param on the ENCODER' do |str|
                                    prefix, value = str.split('=',2)
-                                   ecndoer, name = prefix.split('.',2)
+                                   encoder, name = prefix.split('.',2)
 
-                                   @encodeer_params[encoder][name] = value
+                                   @encoder_params[encoder][name.to_sym] = value
                                  end
 
           # Target options
@@ -221,6 +222,26 @@ module Ronin
 
           man_page 'ronin-exploits-run.1'
 
+          # Thte encoder names and paths to load.
+          #
+          # @return [Array<(Symbol, String)>]
+          attr_reader :encoders_to_load
+
+          # The encoder params.
+          #
+          # @return [Hash{String => Hash{String => String}}]
+          attr_reader :encoder_params
+
+          # The payload params.
+          #
+          # @return [Hash{Hash{String => String}]
+          attr_reader :payload_params
+
+          # The keyword arguments to select a target with.
+          #
+          # @return [Hash{Hash{Symbol => Object}]
+          attr_reader :target_kwargs
+
           #
           # Initializes the `ronin-exploits run` command.
           #
@@ -230,10 +251,10 @@ module Ronin
           def initialize(**kwargs)
             super(**kwargs)
 
-            @load_encoders  = []
-            @encoder_params = Hash.new { |hash,key| hash[key] = {} }
-            @payload_params = {}
-            @target_kwargs  = {}
+            @encoders_to_load  = []
+            @encoder_params    = Hash.new { |hash,key| hash[key] = {} }
+            @payload_params    = {}
+            @target_kwargs     = {}
           end
 
           #
@@ -268,7 +289,7 @@ module Ronin
           # `--encoder-file`.
           #
           def load_encoders
-            @encoder_classes = @load_encoders.map do |(type,value)|
+            @encoder_classes = @encoders_to_load.map do |(type,value)|
               case type
               in :name then load_encoder(value)
               in :file then load_encoder_from(value)
@@ -427,16 +448,14 @@ module Ronin
           # Performs the cleanup stage of the exploit.
           #
           def perform_cleanup
-            begin
-              @exploit.perform_cleanup
-            rescue ExploitError => error
-              print_error "failed to cleanup exploit #{@exploit.class_id}: #{error.message}"
-              exit(1)
-            rescue => error
-              print_exception(error)
-              print_error "an unhandled exception occurred while cleaning up the exploit #{@exploit.class_id}"
-              exit(-1)
-            end
+            @exploit.perform_cleanup
+          rescue ExploitError => error
+            print_error "failed to cleanup exploit #{@exploit.class_id}: #{error.message}"
+            exit(1)
+          rescue => error
+            print_exception(error)
+            print_error "an unhandled exception occurred while cleaning up the exploit #{@exploit.class_id}"
+            exit(-1)
           end
 
         end

data/lib/ronin/exploits/cli/commands/show.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -48,7 +49,7 @@ module Ronin
         #     -h, --help                       Print help information
         #
         # ## Arguments
-        # 
+        #
         #     [NAME]                           The exploit name to load
         #
         class Show < ExploitCommand
@@ -97,7 +98,7 @@ module Ronin
                  exploit.include?(Mixins::HasTargets)
                 unless exploit.targets.empty?
                   exploit.targets.each_with_index do |target,index|
-                    puts "[ Target ##{index+1} ]"
+                    puts "[ Target ##{index + 1} ]"
                     puts
 
                     indent { print_target(target) }
@@ -118,16 +119,17 @@ module Ronin
           #   The loaded exploit class.
           #
           def print_metadata(exploit)
-            fields = {}
-            fields['Type'] = exploit_type(exploit)
+            fields = {
+              'Type' => exploit_type(exploit)
+            }
 
             if defined?(Core::Metadata::Version) &&
                exploit.include?(Core::Metadata::Version)
               fields['Version'] = exploit.version if exploit.version
             end
 
-            fields['Quality']   = exploit.quality   if exploit.quality
-            fields['Released']  = exploit.release_date  if exploit.release_date
+            fields['Quality']   = exploit.quality if exploit.quality
+            fields['Released']  = exploit.release_date if exploit.release_date
             fields['Disclosed'] = exploit.disclosure_date if exploit.disclosure_date
 
             if defined?(Metadata::Arch) && exploit.include?(Metadata::Arch)
@@ -144,7 +146,7 @@ module Ronin
                                  os
                                end
               end
-           end
+            end
 
             if (software = exploit.software)
               fields['Software'] = software
@@ -164,7 +166,7 @@ module Ronin
               fields['Payload Type'] = payload_type(exploit.payload_class)
             end
 
-            fields['Summary']   = exploit.summary   if exploit.summary
+            fields['Summary'] = exploit.summary if exploit.summary
             print_fields(fields)
           end
 
@@ -252,6 +254,7 @@ module Ronin
           #
           def print_target(target)
             fields = {}
+
             fields['Arch'] = target.arch if target.arch
 
             if target.os

data/lib/ronin/exploits/cli/exploit_command.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -24,6 +25,9 @@ require 'ronin/exploits/cli/exploit_methods'
 module Ronin
   module Exploits
     class CLI
+      #
+      # Base class for all commands which load or run exploits.
+      #
       class ExploitCommand < Command
 
         include ExploitMethods

data/lib/ronin/exploits/cli/exploit_methods.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -25,6 +26,9 @@ require 'ronin/core/params/exceptions'
 module Ronin
   module Exploits
     class CLI
+      #
+      # Mixin which adds methods for loading and running exploit classes.
+      #
       module ExploitMethods
         #
         # Loads a exploit class.

data/lib/ronin/exploits/cli/ruby_shell.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/cli.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/client_side_web_vuln.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/exceptions.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.