ronin-exploits 1.0.0.beta3 → 1.0.1

data/lib/ronin/exploits/exploit.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -52,7 +53,7 @@ module Ronin
     # The {Exploit} class defines six key parts:
     #
     # 1. Metadata - defines information about the exploit.
-    # 2. Params - user configurable parameters.
+    # 2. [Params] - user configurable parameters.
     # 3. {Exploit#test test} - optional method that tests whether the target is
     #    vulnerable or not.
     # 4. {Exploit#build build} - method which builds the exploit.
@@ -60,28 +61,30 @@ module Ronin
     # 6. {Exploit#cleanup cleanup} - optional Method which performs additional
     #    cleanup steps.
     #
+    # [Params]: https://ronin-rb.dev/docs/ronin-core/Ronin/Core/Params/Mixin.html
+    #
     # ## Example
-    # 
+    #
     #     require 'ronin/exploits/exploit'
     #     require 'ronin/exploits/mixins/remote_tcp'
-    #     
+    #
     #     module Ronin
     #       module Exploits
     #         class MyExploit < Exploit
     #
     #           include Mixins::RemoteTCP
-    #     
+    #
     #           register 'my_exploit'
-    #     
+    #
     #           summary 'My first exploit'
     #           description <<~EOS
     #             This is my first exploit.
     #             Bla bla bla bla.
     #           EOS
-    #     
+    #
     #           author '...'
     #           author '...', email: '...', twitter: '...'
-    #     
+    #
     #           disclosure_date 'YYY-MM-DD'
     #           release_date 'YYYY-MM-DD'
     #
@@ -119,7 +122,7 @@ module Ronin
     #     register 'my_exploit'
     #
     # ### quality
-    # 
+    #
     # Defines the quality level of the exploit. Accepted values are:
     #
     # * `:testing`
@@ -136,7 +139,7 @@ module Ronin
     #
     # ### description
     #
-    # Defines a longer multi-paragraph escription of the exploit.
+    # Defines a longer multi-paragraph description of the exploit.
     #
     #     description <<~EOS
     #       This is my first exploit.
@@ -155,7 +158,7 @@ module Ronin
     #     author 'doctor_doom', email: '...', twitter: '...'
     #
     # ### software
-    # 
+    #
     # Defines the software which the exploit targets.
     #
     #     software 'TestApp'
@@ -179,33 +182,33 @@ module Ronin
     # default to `String`. Params must have a one-line description.
     #
     #     param :str, desc: 'A basic string param'
-    #     
+    #
     #     param :feature_flag, Boolean, desc: 'A boolean param'
-    #     
+    #
     #     param :enum, Enum[:one, :two, :three],
     #                  desc: 'An enum param'
     #
     #     param :num1, Integer, desc: 'An integer param'
-    #     
+    #
     #     param :num2, Integer, default: 42,
     #                          desc: 'A param with a default value'
-    #     
+    #
     #     param :num3, Integer, default: ->{ rand(42) },
     #                           desc: 'A param with a dynamic default value'
-    #     
+    #
     #     param :float, Float, 'Floating point param'
     #
     #     param :url, URI, desc: 'URL param'
     #
     #     param :pattern, Regexp, desc: 'Regular Expression param'
-    # 
+    #
     # Params may then be accessed in instance methods using `params` Hash.
     #
     #     param :padding, Integer, desc: 'Amount of additional padding'
     #
     #     def build
     #       # ...
-    #     
+    #
     #       if params[:padding]
     #         @buffer << 'A' * params[:padding]
     #       end
@@ -229,7 +232,7 @@ module Ronin
     #     end
     #
     # ### build
-    # 
+    #
     # The method which defines the logic that builds the exploit before
     # launching it.
     #
@@ -313,7 +316,7 @@ module Ronin
       end
 
       #
-      # Determines whether the exploit has been publically released yet.
+      # Determines whether the exploit has been publicly released yet.
       #
       # @return [Boolean]
       #
@@ -438,6 +441,9 @@ module Ronin
       # @param [Hash{Symbol => Object}] kwargs
       #   Additional keyword arguments.
       #
+      # @option kwargs [Hash{Symbol => Object}] :params
+      #   The param values for the exploit.
+      #
       def initialize(**kwargs)
         super(**kwargs)
       end
@@ -526,7 +532,7 @@ module Ronin
       end
 
       #
-      # Builds the exploit and then launchs the exploit.
+      # Builds the exploit and then launches the exploit.
       #
       # @param [Boolean] dry_run
       #   If `true` performs a dry-run by only calling {#build} and **not**
@@ -633,7 +639,7 @@ module Ronin
       end
 
       #
-      # Place holder method for testing whether the targeet is vulnerable.
+      # Place holder method for testing whether the target is vulnerable.
       #
       # @return [Test::Vulnerable, Test::NotVulnerable, Test::Unknown]
       #

data/lib/ronin/exploits/heap_overflow.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/lfi.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -32,17 +33,17 @@ module Ronin
     # ## Example
     #
     #     require 'ronin/exploits/lfi'
-    #     
+    #
     #     module Ronin
     #       module Exploits
     #         class MyExploit < LFI
-    #     
+    #
     #           register 'my_exploit'
-    #    
+    #
     #           base_path '/path/to/page.php'
     #           query_param 'template'
     #           depth 7
-    #    
+    #
     #         end
     #       end
     #     end
@@ -66,14 +67,13 @@ module Ronin
                               :base64,
                               :rot13,
                               :zlib
-                            ],
-                            desc: 'Optional filter-bypass strategy to use'
+                            ], desc: 'Optional filter-bypass strategy to use'
 
       #
       # Gets or sets the directory traversal depth for the LFI vulnerability.
       #
       # @param [Integer, nil] new_depth
-      #   The optional new directory trasversal depth to set.
+      #   The optional new directory traversal depth to set.
       #
       # @return [Integer]
       #   The LFI vulnerability's directory traverse depth.

data/lib/ronin/exploits/loot/file.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -81,7 +82,7 @@ module Ronin
           case @format
           when :json then JSON.pretty_generate(@contents)
           when :yaml then YAML.dump(@contents)
-          when :csv 
+          when :csv
             CSV.generate do |csv|
               @contents.each do |row|
                 csv << row

data/lib/ronin/exploits/loot.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/memory_corruption.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/metadata/arch.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,9 +39,12 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
-          # Gets or sets the exploits's targetted architecture.
+          # Gets or sets the exploit's targeted architecture.
           #
           # @param [:x86, :x86_64, :ia64, :amd64, :ppc, :ppc64, :mips, :mips_le, :mips_be, :mips64, :mips64_le, :mips64_be, :arm, :arm_le, :arm_be, :arm64, :arm64_le, :arm64_be, nil] new_arch
           #   The optional new architecture to set.

data/lib/ronin/exploits/metadata/cookie_param.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,6 +39,9 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
           # Get or sets the target Cookie param of the exploit.

data/lib/ronin/exploits/metadata/default_filename.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,9 +39,12 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
-          # Gets or sets the exploits's default filename.
+          # Gets or sets the exploit's default filename.
           #
           # @param [Integer, nil] new_default_filename
           #   The optional new default filename to set.

data/lib/ronin/exploits/metadata/default_port.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,9 +39,12 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
-          # Gets or sets the exploits's default port.
+          # Gets or sets the exploit's default port.
           #
           # @param [Integer, nil] new_default_port
           #   The optional new default port number to set.

data/lib/ronin/exploits/metadata/header_name.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,6 +39,9 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
           # Get or sets the target HTTP Header name of the exploit.

data/lib/ronin/exploits/metadata/os.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -39,6 +40,9 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
           # Gets or sets the exploit's targeted Operating System (OS).

data/lib/ronin/exploits/metadata/shouts.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -28,13 +29,13 @@ module Ronin
       # ### Example
       #
       #     require 'ronin/exploits/metadata/shouts'
-      #     
+      #
       #     class MyExploit < Exploit
-      #     
+      #
       #       include Metadata::Shouts
-      #     
+      #
       #       shouts ['Ultra Laser', 'Dr.Doom']
-      #     
+      #
       #     end
       #
       module Shouts
@@ -50,6 +51,9 @@ module Ronin
           base.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
           # Gets or sets the exploit's shouts.
@@ -69,13 +73,17 @@ module Ronin
           #
           def shouts(new_shouts=nil)
             if new_shouts
-              @shouts = shouts() + new_shouts
+              @shouts = if superclass.kind_of?(ClassMethods)
+                          superclass.shouts + new_shouts
+                        else
+                          new_shouts
+                        end
             else
               @shouts || if superclass.kind_of?(ClassMethods)
-                               superclass.shouts
-                             else
-                               []
-                             end
+                           superclass.shouts
+                         else
+                           []
+                         end
             end
           end
         end

data/lib/ronin/exploits/metadata/url_path.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,6 +39,9 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
           # Get or sets the target URL path of the exploit.

data/lib/ronin/exploits/metadata/url_query_param.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -38,6 +39,9 @@ module Ronin
           exploit.extend ClassMethods
         end
 
+        #
+        # Class-methods.
+        #
         module ClassMethods
           #
           # Get or sets the target URL query param of the exploit.

data/lib/ronin/exploits/mixins/binary.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/mixins/file_builder.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -24,8 +25,8 @@ module Ronin
   module Exploits
     module Mixins
       #
-      # Adds methods for building exploit files. Also adds a `filenam`
-      # param and a
+      # Adds methods for building exploit files. Also adds a `filename` param
+      # and a
       # {Metadata::DefaultFilename::ClassMethods#default_filename default_filename}
       # class method.
       #
@@ -37,13 +38,13 @@ module Ronin
       #
       #     def build
       #       # ...
-      #     
+      #
       #       build_file do |file|
       #         # ...
       #         file.write(buffer)
       #         # ...
       #       end
-      #     
+      #
       #       # ...
       #     end
       #

data/lib/ronin/exploits/mixins/format_string.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -56,7 +57,7 @@ module Ronin
 
           buffer = String.new(encoding: Encoding::ASCII_8BIT)
           buffer << pack(:machine_word,overwrite)
-          buffer << pack(:machine_word,overwrite + (machine_word.size  / 2))
+          buffer << pack(:machine_word,overwrite + (machine_word.size / 2))
 
           low_mask = 0xff
 
@@ -72,10 +73,10 @@ module Ronin
 
           if low < high
             low    -= (machine_word.size * 2)
-            buffer << format("%%.%ud%%%u$hn%%.%ud%%%u$hn",low,pop_length,high-low,pop_length+1)
+            buffer << format("%%.%ud%%%u$hn%%.%ud%%%u$hn",low,pop_length,high - low,pop_length + 1)
           else
             high   -= (machine_word.size * 2)
-            buffer << format("%%.%ud%%%u$hn%%.%ud%%%u$hn",high,pop_length+1,low-high,pop_length)
+            buffer << format("%%.%ud%%%u$hn%%.%ud%%%u$hn",high,pop_length + 1,low - high,pop_length)
           end
 
           buffer << payload.to_s

data/lib/ronin/exploits/mixins/has_payload.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -32,11 +33,11 @@ module Ronin
       #     module Ronin
       #       module Exploits
       #         class MyExploit < Exploit
-      #     
+      #
       #           include Mixins::HasPayload
-      #     
+      #
       #           payload_class Ronin::Payloads::JavaScriptPayload
-      #     
+      #
       #         end
       #       end
       #     end

data/lib/ronin/exploits/mixins/has_targets.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.

data/lib/ronin/exploits/mixins/html.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -24,6 +25,9 @@ require 'ronin/support/text/core_ext'
 module Ronin
   module Exploits
     module Mixins
+      #
+      # Mixin which adds methods for building HTML.
+      #
       module HTML
         #
         # Formats an HTML attribute name.

data/lib/ronin/exploits/mixins/http.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -32,6 +33,22 @@ module Ronin
       # @since 1.0.0
       #
       module HTTP
+        # Possible values for the `user_agent` param.
+        #
+        # @api private
+        HTTP_USER_AGENT_ALIASES = [
+          :random,
+          :chrome,
+          :firefox,
+          :safari,
+          :linux,
+          :macos,
+          :windows,
+          :iphone,
+          :ipad,
+          :android
+        ] + Support::Network::HTTP::UserAgents::ALIASES.keys
+
         #
         # Adds the required `base_url` params to the exploit class.
         #
@@ -49,19 +66,7 @@ module Ronin
 
           exploit.param :http_password, desc: 'The HTTP Basic-Auth password'
 
-          user_agent_ids = [
-                             :random,
-                             :chrome,
-                             :firefox,
-                             :safari,
-                             :linux,
-                             :macos,
-                             :windows,
-                             :iphone,
-                             :ipad,
-                             :android
-                           ] + Support::Network::HTTP::UserAgents::ALIASES.keys
-          exploit.param :user_agent, Core::Params::Types::Enum.new(user_agent_ids), desc: 'The HTTP User-Agent to select'
+          exploit.param :user_agent, Core::Params::Types::Enum.new(HTTP_USER_AGENT_ALIASES), desc: 'The HTTP User-Agent to select'
 
           exploit.param :raw_user_agent, desc: 'The raw HTTP User-Agent string to use'
 
@@ -145,22 +150,22 @@ module Ronin
         #
         #   @option kwargs [String, nil] :query
         #     The query-string to append to the request path.
-        #   
+        #
         #   @option kwargs [Hash, nil] :query_params
         #     The query-params to append to the request path.
-        #   
+        #
         #   @option kwargs [String, nil] :body
         #     The body of the request.
-        #   
+        #
         #   @option kwargs [Hash, String, nil] :form_data
         #     The form data that may be sent in the body of the request.
-        #   
+        #
         #   @option kwargs [String, nil] :user (http_user)
         #     The user to authenticate as.
-        #   
+        #
         #   @option kwargs [String, nil] :password (http_password)
         #     The password to authenticate with.
-        #   
+        #
         #   @option kwargs [Hash{Symbol,String => String}, nil] :headers
         #     Additional HTTP headers to use for the request.
         #

data/lib/ronin/exploits/mixins/loot.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -31,7 +32,7 @@ module Ronin
       #     module Ronin
       #       module Exploits
       #         class MyExploit < Exploit
-      #     
+      #
       #           include Mixins::Loot
       #
       #           def launch
@@ -52,7 +53,7 @@ module Ronin
       #             # add CSV data
       #             loot.add('foo.csv',  data, format: :csv)
       #           end
-      #     
+      #
       #         end
       #       end
       #     end

data/lib/ronin/exploits/mixins/nops.rb

@@ -45,10 +45,10 @@ module Ronin
         #
         # @api private
         NOPS = {
-          x86:    "\x90".b,             # nop
-          x86_64: "\x90".b,             # nop
-          arm:    "\x05P\xa0\xe1".b,    # mov r5, r5
-          arm64:  "\xe5\x03\x05\xaa".b, # mov x5, x5
+          x86:    "\x90".b,            # nop
+          x86_64: "\x90".b,            # nop
+          arm:    "\x05P\xa0\xe1".b,   # mov r5, r5
+          arm64:  "\xe5\x03\x05\xaa".b # mov x5, x5
           # TODO: mips
           # TODO: mips64
           # TODO: ppc
@@ -81,7 +81,7 @@ module Ronin
         end
 
         #
-        # An individual NOP instructure for the target architecture of the
+        # An individual NOP instruction for the target architecture of the
         # exploit.
         #
         # @return [String]

data/lib/ronin/exploits/mixins/remote_tcp.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
@@ -129,7 +130,7 @@ module Ronin
         # @example
         #   @socket = tcp_connect
         #   # => TCPSocket
-        #   
+        #
         # @example
         #   tcp_connect do |socket|
         #     socket.write("GET /\n\n")