ronin-exploits 1.0.6 → 1.1.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4dda20bce8921145f78d25820e4a8cbeee9093e8bfa1ae2284e590b527be6c76
-  data.tar.gz: b081649e7e59db4556ab4d889af42613d50eb2103ac390b0df7a7a4f86cb00a8
+  metadata.gz: 1ffd8a91a46c0ef7c6f51b67d888982105e70c89dd5426ef8618ab100ce7e85e
+  data.tar.gz: c606a18604302c7f7525c5e694a739aa9a8f27d7e27dd6ade459d7afe85493c4
 SHA512:
-  metadata.gz: f140e2a3b0e00e2e0189958c121f1d9f27eaac216f57a102f8008f20ff5cd25524ff5886cd08152c539ae33e43912d3b8fd9c0044b651682b7c24a5606398f59
-  data.tar.gz: fdbd1ec9d694ce1072f6aed1c6e88d53563eeab355c015ba1a918d4b3b9c9a582eb43831c0fa8ade0d07ff58090b214abf46eaf4fe41edcbda7f595dae5e34e0
+  metadata.gz: bb0f78b1aebef5d68bb442b89bd710a839e4d983718fcf86d3a77841351f6b5d068e3846e866cde1130562bb416a60fb7fbfa115ebe1a2693fac2d2367eab04b
+  data.tar.gz: b5164f3d77bc186c788dea751591d9a76469157b3d3fc390d37ef6c1c21343e24564ed4c7d0e84e878e4f56447acd5f21ae6f2161f1737e68c38a682c33be8c9

data/.gitignore

@@ -1,4 +1,5 @@
 /coverage
+/data/completions/ronin-exploits
 /doc
 /man/*.[0-9]
 /pkg

data/ChangeLog.md

@@ -1,3 +1,21 @@
+### 1.1.0 / 2024-XX-XX
+
+* Added {Ronin::Exploits::CommandInjection}.
+* Allow `:untested` as a value for {Ronin::Exploits::Exploit.quality}.
+* Renamed the `raw_user_agent` param to `user_agent_string` in
+  {Ronin::Exploits::Mixins::HTTP}.
+
+#### CLI
+
+* Added the `-T,--test` option to `ronin-exploits run` which will only run the
+  exploits {Ronin::Exploits::Exploit#test test} method to determine if the
+  target is vulnerable or not.
+* Added the `ronin-exploits completion` command to install shell completion
+  files for all `ronin-exploits` commands for Bash and Zsh shells.
+* The `ronin-exploits show` command can now print an example
+  `ronin-exploits run` command for the given exploit.
+* Use hyphenated values for `ronin-exploits new` options.
+
 ### 1.0.6 / 2024-06-28
 
 #### CLI

data/Gemfile

@@ -11,7 +11,7 @@ end
 # gem 'fake_io', '~> 0.1', github: 'postmodern/fake_io.rb',
 #                          branch: 'main'
 
-# gem 'command_kit', '~> 0.4', github: 'postmodern/command_kit.rb',
+# gem 'command_kit', '~> 0.5', github: 'postmodern/command_kit.rb',
 #                              branch: 'main'
 
 # Ronin dependencies
@@ -23,8 +23,8 @@ end
 #                                 branch: 'main'
 # gem 'ronin-post_ex',  '~> 0.1', github: 'ronin-rb/ronin-post_ex',
 #                                 branch: 'main'
-# gem 'ronin-core',     '~> 0.1', github: 'ronin-rb/ronin-core',
-#                                 branch: 'main'
+# gem 'ronin-core', '~> 0.2', github: 'ronin-rb/ronin-core',
+#                             branch: 'main'
 # gem 'ronin-repos',    '~> 0.1', github: 'ronin-rb/ronin-repos',
 #                                 branch: 'main'
 # gem 'ronin-code-asm', '~> 1.0', github: 'ronin-rb/ronin-code-asm',
@@ -40,7 +40,7 @@ group :development do
   gem 'simplecov',       '~> 0.20'
 
   gem 'kramdown',        '~> 2.0'
-  gem 'kramdown-man',    '~> 0.1'
+  gem 'kramdown-man',    '~> 1.0'
 
   gem 'redcarpet',       platform: :mri
   gem 'yard',            '~> 0.9'
@@ -51,4 +51,6 @@ group :development do
   gem 'stackprof',       require: false, platform: :mri
   gem 'rubocop',         require: false, platform: :mri
   gem 'rubocop-ronin',   '~> 0.2', require: false, platform: :mri
+
+  gem 'command_kit-completion', '~> 0.2', require: false
 end

data/README.md

@@ -35,6 +35,7 @@ research and development.
   * [SEH Overflows][docs-seh-overflow]
   * [Heap Overflows][docs-heap-overflow]
   * [Use After Free (UAF)][docs-use-after-free]
+  * [Command Injection][docs-command-injection]
   * [Open Redirect][docs-open-redirect]
   * [Local File Inclusions (LFI)][docs-lfi]
   * [Remote File Inclusions (RFI)][docs-rfi]
@@ -54,6 +55,7 @@ research and development.
 [docs-seh-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SEHOverflow.html
 [docs-heap-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/HeapOverflow.html
 [docs-use-after-free]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/UseAfterFree.html
+[docs-command-injection]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/CommandInjection.html
 [docs-open-redirect]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/OpenRedirect.html
 [docs-lfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/LFI.html
 [docs-rfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/RFI.html
@@ -84,6 +86,7 @@ Arguments:
     [ARGS ...]                       Additional arguments for the command
 
 Commands:
+    completion
     help
     irb
     list, ls
@@ -95,7 +98,7 @@ Commands:
 Generate a new exploit file:
 
 ```shell
-$ ronin-exploits new example_exploit.rb --type stack_overflow \
+$ ronin-exploits new example_exploit.rb --type stack-overflow \
     --arch x86 --os linux --software ExampleWare --software-version 1.2.3 \
     --author Postmodern --author-email "postmodern.mod3@gmail.com" \
     --summary "Example exploit" --description "This is an example."
@@ -157,7 +160,7 @@ Generate a ronin repository of your own exploits (and/or payloads):
 $ ronin-repos new my-repo
 $ cd my-repo/
 $ mkdir exploits
-$ ronin-exploits new exploits/my_exploit.rb --type stack_overflow \
+$ ronin-exploits new exploits/my_exploit.rb --type stack-overflow \
     --arch x86 --os linux --software ExampleWare --software-version 1.2.3 \
     --author You --author-email "you@example.com" \
     --summary "My exploit" --description "This is my example."
@@ -283,6 +286,29 @@ module Ronin
 end
 ```
 
+Define a Command Injection exploit:
+
+```ruby
+require 'ronin/exploits/command_injection'
+require 'ronin/exploits/mixins/http'
+
+module Ronin
+  module Exploits
+    class MyExploit < CommandInjection
+
+      register 'my_exploit'
+
+      include Mixins::HTTP
+
+      def launch
+        http_post '/form.php', post_data: {var: "';#{payload}#"}
+      end
+
+    end
+  end
+end
+```
+
 Define an Open Redirect exploit:
 
 ```ruby
@@ -410,7 +436,7 @@ For real-world example ronin exploits, see the [example-exploits] repository.
 * [uri-query_params] ~> 0.6
 * [ronin-support] ~> 1.0
 * [ronin-code-sql] ~> 2.0
-* [ronin-core] ~> 0.1
+* [ronin-core] ~> 0.2
 * [ronin-repos] ~> 0.1
 * [ronin-payloads] ~> 0.1
 * [ronin-vulns] ~> 0.1
@@ -427,7 +453,7 @@ $ gem install ronin-exploits
 1. [Fork It!](https://github.com/ronin-rb/ronin-exploits/fork)
 2. Clone It!
 3. `cd ronin-exploits`
-4. `bundle install`
+4. `./scripts/setup`
 5. `git checkout -b my_feature`
 6. Code It!
 7. `bundle exec rake spec`
@@ -445,7 +471,7 @@ to be malicious software (malware) or malicious in nature.
 ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 payload crafting functionality.
 
-Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 
 ronin-exploits is free software: you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published
@@ -470,4 +496,4 @@ along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
 [ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme
 [ronin-payloads]: https://github.com/ronin-rb/ronin-payloads#readme
 [ronin-post_ex]: https://github.com/ronin-rb/ronin-post_ex#readme
-[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme
+[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readm

data/Rakefile

@@ -40,3 +40,13 @@ YARD::Rake::YardocTask.new
 
 require 'kramdown/man/task'
 Kramdown::Man::Task.new
+
+require 'command_kit/completion/task'
+CommandKit::Completion::Task.new(
+  class_file:  'ronin/exploits/cli',
+  class_name:  'Ronin::Exploits::CLI',
+  input_file:  'data/completions/ronin-exploits.yml',
+  output_file: 'data/completions/ronin-exploits'
+)
+
+task :setup => %w[man command_kit:completion]

data/data/completions/ronin-exploits

@@ -0,0 +1,111 @@
+# ronin-exploits completion                                -*- shell-script -*-
+
+# This bash completions script was generated by
+# completely (https://github.com/dannyben/completely)
+# Modifying it manually is not recommended
+
+_ronin-exploits_completions_filter() {
+  local words="$1"
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  local result=()
+
+  if [[ "${cur:0:1}" == "-" ]]; then
+    echo "$words"
+  
+  else
+    for word in $words; do
+      [[ "${word:0:1}" != "-" ]] && result+=("$word")
+    done
+
+    echo "${result[*]}"
+
+  fi
+}
+
+_ronin-exploits_completions() {
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")
+  local compline="${compwords[*]}"
+
+  case "$compline" in
+    'run'*'--payload-file')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'run'*'--read-payload')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'run'*'--encoder-file')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'run'*'--save-loot')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+
+    'run'*'--encoder')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "$(ronin-payloads encoders)")" -- "$cur" )
+      ;;
+
+    'run'*'--payload')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "$(ronin-payloads list)")" -- "$cur" )
+      ;;
+
+    'show'*'--file')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'completion'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "--print --install --uninstall")" -- "$cur" )
+      ;;
+
+    'run'*'--file')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'show'*'-f')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'run'*'-f')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'run'*'-L')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+
+    'run'*'-E')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "$(ronin-payloads encoders)")" -- "$cur" )
+      ;;
+
+    'run'*'-P')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "$(ronin-payloads list)")" -- "$cur" )
+      ;;
+
+    'show'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "--file -f --verbose -v $(ronin-exploits list)")" -- "$cur" )
+      ;;
+
+    'info'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "$(ronin-exploits list)")" -- "$cur" )
+      ;;
+
+    'new'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -W "$(_ronin-exploits_completions_filter "--type -t --author -a --author-email -e --summary -S --description -D --advisory-id -I --reference -R --has-payload -P --networking -N --arch -A --os -O --os-version --software -S --software-version -V --loot -L")" -- "$cur" )
+      ;;
+
+    'run'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "--file -f --param -p --dry-run -D --test -T --payload-file --read-payload --payload-string --payload -P --payload-param --encoder-file --encoder -E --encoder-param --target -t --target-arch -A --target-os -O --target-os-version --target-software -S --target-version -V --save-loot -L --debug -d --irb $(ronin-exploits list)")" -- "$cur" )
+      ;;
+
+    *)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-exploits_completions_filter "--version -V help completion irb list new run show ls info")" -- "$cur" )
+      ;;
+
+  esac
+} &&
+complete -F _ronin-exploits_completions ronin-exploits
+
+# ex: filetype=sh

data/data/completions/ronin-exploits.yml

@@ -0,0 +1,12 @@
+---
+ronin-exploits show: &show
+  - $(ronin-exploits list)
+ronin-exploits info: *show
+ronin-exploits run:
+  - $(ronin-exploits list)
+ronin-exploits run*--encoder: &run_encoder
+  - $(ronin-payloads encoders)
+ronin-exploits run*-E: *run_encoder
+ronin-exploits run*--payload: &run_payload
+  - $(ronin-payloads list)
+ronin-exploits run*-P: *run_payload

data/gemspec.yml

@@ -24,7 +24,9 @@ metadata:
   rubygems_mfa_required: 'true'
 
 generated_files:
+  - data/completions/ronin-exploits
   - man/ronin-exploits.1
+  - man/ronin-exploits-completion.1
   - man/ronin-exploits-irb.1
   - man/ronin-exploits-list.1
   - man/ronin-exploits-new.1
@@ -39,7 +41,7 @@ dependencies:
   ronin-payloads: ~> 0.1, >= 0.1.1
   ronin-vulns: ~> 0.1, >= 0.1.1
   ronin-post_ex: ~> 0.1
-  ronin-core: ~> 0.1
+  ronin-core: ~> 0.2.0.rc1
   ronin-repos: ~> 0.1
 
 development_dependencies:

data/lib/ronin/exploits/advisory.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/exploits/cli/command.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/exploits/cli/commands/completion.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/root'
+require 'ronin/core/cli/completion_command'
+
+module Ronin
+  module Exploits
+    class CLI
+      module Commands
+        #
+        # Manages the shell completion rules for `ronin-exploits`.
+        #
+        # ## Usage
+        #
+        #     ronin-exploits completion [options]
+        #
+        # ## Options
+        #
+        #         --print                      Prints the shell completion file
+        #         --install                    Installs the shell completion file
+        #         --uninstall                  Uninstalls the shell completion file
+        #     -h, --help                       Print help information
+        #
+        # ## Examples
+        #
+        #     ronin-exploits completion --print
+        #     ronin-exploits completion --install
+        #     ronin-exploits completion --uninstall
+        #
+        # @since 1.1.0
+        #
+        class Completion < Core::CLI::CompletionCommand
+
+          completion_file File.join(ROOT,'data','completions','ronin-exploits')
+
+          man_dir File.join(ROOT,'man')
+          man_page 'ronin-exploits-completion.1'
+
+          description 'Manages the shell completion rules for ronin-exploits'
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/exploits/cli/commands/irb.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/exploits/cli/commands/list.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/exploits/cli/commands/new.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -45,7 +45,7 @@ module Ronin
         #
         # ## Options
         #
-        #     -t exploit|heap_overflow|stack_overflow|web|open_redirect|lfi|rfi|sqli|ssti|xss,
+        #     -t exploit|heap-overflow|stack-overflow|command-injection|web|open-redirect|lfi|rfi|sqli|ssti|xss,
         #         --type                       The type for the new exploit
         #     -a, --author NAME                The name of the author
         #     -e, --author-email EMAIL         The email address of the author
@@ -84,32 +84,37 @@ module Ronin
               class: 'Exploit'
             },
 
-            heap_overflow: {
+            "heap-overflow": {
               file:  'heap_overflow',
               class: 'HeapOverflow'
             },
 
-            stack_overflow: {
+            "stack-overflow": {
               file:  'stack_overflow',
               class: 'StackOverflow'
             },
 
-            seh_overflow: {
+            "seh-overflow": {
               file:  'seh_overflow',
               class: 'SEHOverflow'
             },
 
-            user_after_free: {
+            "user-after-free": {
               file:  'use_after_free',
               class: 'UseAfterFree'
             },
 
+            "command-injection": {
+              file:  'command_injection',
+              class: 'CommandInjection'
+            },
+
             web: {
               file:  'web',
               class: 'Web'
             },
 
-            open_redirect: {
+            "open-redirect": {
               file:  'open_redirect',
               class: 'OpenRedirect'
             },
@@ -142,12 +147,12 @@ module Ronin
 
           # Mapping of network mixins and their file/module names.
           NETWORKING_TYPES = {
-            remote_tcp: {
+            "remote-tcp": {
               file:   'remote_tcp',
               module: 'RemoteTCP'
             },
 
-            remote_udp: {
+            "remote-udp": {
               file:   'remote_udp',
               module: 'RemoteUDP'
             },

data/lib/ronin/exploits/cli/commands/run.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -52,6 +52,7 @@ module Ronin
         #     -f, --file FILE                  The exploit file to load
         #     -p, --param NAME=VALUE           Sets a param
         #     -D, --dry-run                    Builds the exploit but does not launch it
+        #     -T  --test                       Runs only the exploit test
         #         --payload-file FILE          Load the payload from the given Ruby file
         #         --read-payload FILE          Reads the payload string from the file
         #         --payload-string STRING      Uses the raw payload string instead
@@ -85,11 +86,15 @@ module Ronin
           include Core::CLI::Options::Param
           include Core::CLI::Logging
           include CommandKit::Printing::Indent
+          include Support::CLI::Printing
 
           # Exploit options
           option :dry_run, short: '-D',
                            desc: 'Builds the exploit but does not launch it'
 
+          option :test, short: '-T',
+                        desc: 'Runs only the exploit test'
+
           # Payload options
           option :payload_file, value: {
                                   type: String,
@@ -273,15 +278,20 @@ module Ronin
             validate_payload
             initialize_exploit
             validate_exploit
-            run_exploit
 
-            if options[:irb]
-              start_shell
+            if options[:test]
+              run_test
             else
-              post_exploitation
-            end
+              run_exploit
+
+              if options[:irb]
+                start_shell
+              else
+                post_exploitation
+              end
 
-            perform_cleanup
+              perform_cleanup
+            end
           end
 
           #
@@ -382,6 +392,22 @@ module Ronin
             end
           end
 
+          #
+          # Run the exploit's test method, and print the result.
+          #
+          def run_test
+            case (result = @exploit.perform_test)
+            when TestResult::Vulnerable
+              print_positive "Vulnerable: #{result}"
+            when TestResult::NotVulnerable
+              print_negative "NotVulnerable: #{result}"
+            when TestResult::Unknown
+              print_warning "Unknown: #{result}"
+            else
+              print_error "Unexpected result: #{result.inspect}"
+            end
+          end
+
           #
           # Starts an interactive ruby shell within the exploit object.
           #

data/lib/ronin/exploits/cli/commands/show.rb

@@ -3,7 +3,7 @@
 # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
 # payload crafting functionality.
 #
-# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-exploits is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -110,6 +110,7 @@ module Ronin
             end
 
             print_params(exploit)
+            print_exploit_usage(exploit)
           end
 
           #
@@ -286,6 +287,48 @@ module Ronin
             puts
           end
 
+          #
+          # Prints an example `ronin-exploits run` command for the exploit.
+          #
+          # @param [Class<Exploit>] exploit
+          #
+          # @since 0.2.0
+          #
+          def print_exploit_usage(exploit)
+            puts "Usage:"
+            puts
+            puts "  $ #{example_run_command(exploit)}"
+            puts
+          end
+
+          #
+          # Builds an example `ronin-exploits run` command for the exploit.
+          #
+          # @param [Class<Exploit>] exploit
+          #
+          # @return [String]
+          #   The example `ronin-exploits run` command.
+          #
+          # @since 0.2.0
+          #
+          def example_run_command(exploit)
+            command = ['ronin-exploits', 'run']
+
+            if options[:file]
+              command << '-f' << options[:file]
+            else
+              command << exploit.id
+            end
+
+            exploit.params.each_value do |param|
+              if param.required? && !param.default
+                command << '-p' << "#{param.name}=#{param_usage(param)}"
+              end
+            end
+
+            return command.join(' ')
+          end
+
         end
       end
     end