RubyGems - ronin-payloads - Versions diffs - 0.1.0 → 0.1.1 - Mend

ronin-payloads 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07561b5d1c24b065edf8f865ebfe2c68f0646ca7bdb64815f0208792a75cf930
-  data.tar.gz: 9168b42d9147d245dcc08d3125f7e84037c7d0cf306024e69e5c8cdd65ca3215
+  metadata.gz: 6fddb2f659bbde5b22104a0199430583326dd28ff4183121da3e25e88a94fe8a
+  data.tar.gz: 5e2f20bca62fcd8d43f4bc82eb33c1098cac1e20269d49b847e793dcd186a978
 SHA512:
-  metadata.gz: 50b73eaed5e5a285d369d330a7301979c715665c5e68a1fb7d0d6ad67adbc154922bbbb609fb3bc9583f643fd26293a9c21ce36bcc5071313029cfe47d808dbc
-  data.tar.gz: a9112a634a9de0c0adb4cd117ed63f2d2ee848ae7ea043cf91cb449824d932ba07e14c8a7f893d3b416de14923731db540ea61f58e069e1c614e66fc82a6a332
+  metadata.gz: 0d75e548fc4782f995dbba42e62f4a1a485d3fc2fbdf005c479fe6beda75b2006d9f8132fe98125586d5b4877604c251ad1fe284ea13dccb04476b4edecfc4e4
+  data.tar.gz: 36384af31fb5ba8e407c1b7ebe5777974b966a005c42ebe57a499fea46e450b82987ce3e117c07def7c515fe7f099caa1e760db1ca06ca077ccd2590a3cef8df

data/.github/workflows/ruby.yml CHANGED Viewed

@@ -12,7 +12,7 @@ jobs:
           - '3.0'
           - '3.1'
           - '3.2'
-          # - jruby
+          - jruby
           - truffleruby
     name: Ruby ${{ matrix.ruby }}
     steps:
@@ -30,3 +30,17 @@ jobs:
         run: bundle install --jobs 4 --retry 3
       - name: Run tests
         run: bundle exec rake test
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,37 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+#
+# ronin-payload specific exceptions:
+#
+Layout/ArgumentAlignment: { Exclude: ['spec/rust_payload_spec.rb'] }
+# the placeholder API methods are meant to be empty
+Style/EmptyMethod:
+  Exclude:
+    - 'lib/ronin/payloads/payload.rb'
+    - 'spec/**/*'
+# rubocop does not support constants that contain multiple numbers
+Naming/ClassAndModuleCamelCase:
+  AllowedNames:
+    - X86_64
+# robucop mistakes :x86_64 for a "symbol number"
+Naming/VariableNumber:
+  AllowedIdentifiers:
+    - x86_64
+# this is a bug in rubocop
+Style/FormatStringToken:
+  Exclude:
+    - 'lib/ronin/payloads/builtin/cmd/powershell/reverse_shell.rb'
+    - 'spec/builtin/cmd/powershell/reverse_shell_spec.rb'
+# rubocop does not recognize empty-line continuations
+Layout/LineContinuationSpacing: { Exclude: ['lib/ronin/payloads/builtin/shellcode/**/*.rb'] }

data/ChangeLog.md CHANGED Viewed

@@ -1,4 +1,16 @@
-### 0.1.0 / 2023-XX-XX
+### 0.1.1 / 2023-03-01
+* Default the `host` param defined by {Ronin::Payloads::Mixins::BindShell} to
+  `0.0.0.0`.
+#### CLI
+* Fixed multiple bugs in the `--param` option of the `ronin-payloads encode`
+  comand.
+* Fixed multiple bugs in the `--encoder-param` option of
+  the `ronin-payloads build` command.
+### 0.1.0 / 2023-02-01
 * Initial release:
   * Require `ruby` >= 3.0.0.

data/Gemfile CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 gemspec
@@ -41,6 +42,8 @@ group :development do
   gem 'yard-spellcheck', require: false
   gem 'dead_end',        require: false
-  gem 'sord',            require: false
-  gem 'stackprof',       require: false
+  gem 'sord',            require: false, platform: :mri
+  gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   require: false, platform: :mri
 end

data/Rakefile CHANGED Viewed

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
 begin
   require 'bundler'
 rescue LoadError => e
   warn e.message
   warn "Run `gem install bundler` to install Bundler"
-  exit -1
+  exit(-1)
 end
 begin

data/bin/ronin-payloads CHANGED Viewed

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 #
 # ronin-payloads - A Ruby micro-framework for writing and running exploit
 # payloads.
@@ -22,13 +23,11 @@
 root = File.expand_path(File.join(File.dirname(__FILE__),'..'))
 if File.file?(File.join(root,'Gemfile.lock'))
   Dir.chdir(root) do
-    begin
-      require 'bundler/setup'
-    rescue LoadError => e
-      warn e.message
-      warn "Run `gem install bundler` to install Bundler"
-      exit -1
-    end
+    require 'bundler/setup'
+  rescue LoadError => e
+    warn e.message
+    warn "Run `gem install bundler` to install Bundler"
+    exit(-1)
   end
 end

data/examples/bin_sh.rb CHANGED Viewed

@@ -1,9 +1,13 @@
 #!/usr/bin/env -S ronin-payloads build -f
+# frozen_string_literal: true
 require 'ronin/payloads/shellcode_payload'
 module Ronin
   module Payloads
+    #
+    # An example `execve()` `/bin/sh` shellcode payload.
+    #
     class BinSh < ShellcodePayload
       register 'examples/bin_sh'

data/lib/ronin/payloads/asm_payload.rb CHANGED Viewed

@@ -61,7 +61,7 @@ module Ronin
       end
       param :assembler, required: true,
-                        default:  ->{ assembler },
+                        default:  -> { assembler },
                         desc:     'The assmebler command to use'
       #

data/lib/ronin/payloads/builtin/php/cmd_exec.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-payloads - A Ruby micro-framework for writing and running exploit
 # payloads.
@@ -32,9 +33,9 @@ module Ronin
         summary 'PHP command exec payload'
         description <<~DESC
-        A basic injectable PHP payload which executes a command passed in via a
-        URL query parameter. The output of the commend will be returned in the
-        response body wrapped in `<exec>...</exec>` tags.
+          A basic injectable PHP payload which executes a command passed in via a
+          URL query parameter. The output of the commend will be returned in the
+          response body wrapped in `<exec>...</exec>` tags.
         DESC
         param :query_param, String, default: 'cmd',

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86 bind shell shellcode'
             description <<~DESC
-            FreeBSD x86 shellcode that binds a shell to a port.
+              FreeBSD x86 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86 execve() shellcode'
             description <<~DESC
-            FreeBSD x86 shellcode that calls execve() with "/bin/sh".
+              FreeBSD x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86 reverse shell shellcode'
             description <<~DESC
-            FreeBSD x86 shellcode that spawns a connect back reverse shell.
+              FreeBSD x86 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86-64 execve() shellcode'
             description <<~DESC
-            FreeBSD x86-64 shellcode that calls execve() with "/bin/sh".
+              FreeBSD x86-64 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux ARM bind shell shellcode'
             description <<~DESC
-            Linux ARM shellcode that binds a shell to a port.
+              Linux ARM shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'Linux ARM execve() shellcode'
             description <<~DESC
-            Linux ARM shellcode that calls execve() with "/bin/sh".
+              Linux ARM shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux ARM reverse shell shellcode'
             description <<~DESC
-            Linux ARM shellcode that spawns a connect back reverse shell.
+              Linux ARM shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux ARM bind shell shellcode'
             description <<~DESC
-            Linux ARM shellcode that binds a shell to a port.
+              Linux ARM shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux MIPS execve() shellcode'
             description <<~DESC
-            Linux MIPS shellcode that calls execve() with "/bin/sh".
+              Linux MIPS shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux MIPS reverse shell shellcode'
             description <<~DESC
-            Linux MIPS shellcode that spawns a connect back reverse shell.
+              Linux MIPS shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux PPC execve() shellcode'
             description <<~DESC
-            Linux PPC shellcode that calls execve() with "/bin/sh".
+              Linux PPC shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb CHANGED Viewed

@@ -40,9 +40,9 @@ module Ronin
             summary 'Linux PPC reverse shell shellcode'
             description <<~DESC
-            Linux PPC shellcode that spawns a connect back reverse shell.
+              Linux PPC shellcode that spawns a connect back reverse shell.
-            Note: disabling with_stderr will save 16 bytes, but lose stderr.
+              Note: disabling with_stderr will save 16 bytes, but lose stderr.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'Linux x86 bind shell shellcode'
             description <<~DESC
-            Linux x86 shellcode that binds a shell to a port.
+              Linux x86 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'Linux x86 execve() shellcode'
             description <<~DESC
-            Linux x86 shellcode that calls execve() with "/bin/sh".
+              Linux x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86 reverse shell shellcode'
             description <<~DESC
-            Linux x86 shellcode that spawns a connect back reverse shell.
+              Linux x86 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86-64 bind shell shellcode'
             description <<~DESC
-            Linux x86-64 shellcode that binds a shell to a port.
+              Linux x86-64 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86-64 execve() shellcode'
             description <<~DESC
-            Linux x86-64 shellcode that calls execve() with "/bin/sh".
+              Linux x86-64 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86-64 reverse shell shellcode'
             description <<~DESC
-            Linux x86-64 shellcode that spawns a connect back reverse shell.
+              Linux x86-64 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'macOS x86-64 execve() shellcode'
             description <<~DESC
-            macOS x86-64 shellcode that calls execve() with "/bin/sh".
+              macOS x86-64 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'macOS x86-64 reverse shell shellcode'
             description <<~DESC
-            macOS x86-64 shellcode that spawns a connect back reverse shell.
+              macOS x86-64 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'NetBSD x86 execve() shellcode'
             description <<~DESC
-            NetBSD x86 shellcode that calls execve() with "/bin/sh".
+              NetBSD x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/reverse_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'NetBSD x86 reverse shell shellcode'
             description <<~DESC
-            NetBSD x86 shellcode that spawns a connect back reverse shell.
+              NetBSD x86 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'OpenBSD x86 bind shell shellcode'
             description <<~DESC
-            OpenBSD x86 shellcode that binds a shell to a port.
+              OpenBSD x86 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'OpenBSD x86 execve() shellcode'
             description <<~DESC
-            OpenBSD x86 shellcode that calls execve() with "/bin/sh".
+              OpenBSD x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb CHANGED Viewed

@@ -37,11 +37,11 @@ module Ronin
             os :windows
             os_version '7'
-            author "agix"
+            author "agix"
             summary 'Windows x86-64 cmd shellcode'
             description <<~DESC
-            Windows x86-64 shellcode that executes "cmd"
+              Windows x86-64 shellcode that executes "cmd"
             DESC
             references [

data/lib/ronin/payloads/builtin/test/open_redirect.rb CHANGED Viewed

@@ -33,10 +33,10 @@ module Ronin
         summary 'An Open Redirect test payload'
         description <<~DESC
-        A non-malicious test payload for testing Open Redirect vulnerabilities.
-        Simply redirects to https://google.com/.
+          A non-malicious test payload for testing Open Redirect vulnerabilities.
+          Simply redirects to https://google.com/.
         DESC
         #
         # Builds the Open Redirect test payload.
         #

data/lib/ronin/payloads/builtin/test/xss.rb CHANGED Viewed

@@ -33,10 +33,10 @@ module Ronin
         summary 'A XSS test payload'
         description <<~DESC
-        A non-malicious test payload for testing Cross Site Scripting (XSS).
-        Simply calls `alert(1)`.
+          A non-malicious test payload for testing Cross Site Scripting (XSS).
+          Simply calls `alert(1)`.
         DESC
         #
         # Builds the XSS test payload.
         #

data/lib/ronin/payloads/c_payload.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module Ronin
       end
       param :cc, required: true,
-                 default:  ->{ cc },
+                 default:  -> { cc },
                  desc:     'The C compiler to use'
       #

data/lib/ronin/payloads/cli/commands/build.rb CHANGED Viewed

@@ -80,9 +80,9 @@ module Ronin
                                  },
                                  desc: 'Sets a param for one of the encoders' do |str|
                                    name, value              = str.split('=',2)
-                                   ecndoer_name, param_name = name.split('.',2)
+                                   encoder_name, param_name = name.split('.',2)
-                                   @encoder_params[encoder_name][param_name] = value
+                                   @encoder_params[encoder_name][param_name.to_sym] = value
                                  end
           option :debug, short: '-D',
@@ -162,16 +162,14 @@ module Ronin
           # Builds the {#payload}.
           #
           def build_payload
-            begin
-              @payload.perform_build
-            rescue PayloadError => error
-              print_error "failed to build the payload #{@payload_class.id}: #{error.message}"
-              exit(-1)
-            rescue => error
-              print_exception(error)
-              print_error "an unhandled exception occurred while building the payload #{@payload.class_id}"
-              exit(-1)
-            end
+            @payload.perform_build
+          rescue PayloadError => error
+            print_error "failed to build the payload #{@payload_class.id}: #{error.message}"
+            exit(-1)
+          rescue => error
+            print_exception(error)
+            print_error "an unhandled exception occurred while building the payload #{@payload.class_id}"
+            exit(-1)
           end
           #

data/lib/ronin/payloads/cli/commands/encode.rb CHANGED Viewed

@@ -71,15 +71,15 @@ module Ronin
                          },
                          desc: 'Sets a param on an encoder' do |str|
                            prefix, value = str.split('=',2)
-                           ecndoer, name = prefix.split('.',2)
+                           encoder, name = prefix.split('.',2)
-                           @params[encoder][name] = value
+                           @params[encoder][name.to_sym] = value
                          end
           option :string, short: '-s',
                           value: {
                             type:  String,
-                            usage: 'STRING',
+                            usage: 'STRING'
                           },
                           desc: 'The string to encode'
@@ -157,16 +157,14 @@ module Ronin
           #   Another encoder validation error occurred.
           #
           def validate_encoder(encoder)
-            begin
-              encoder.validate
-            rescue Core::Params::ParamError, ValidationError => error
-              print_error "failed to validate the encoder #{encoder.class_id}: #{error.message}"
-              exit(1)
-            rescue => error
-              print_error "an unhandled exception occurred while validating the encoder #{encoder.class_id}"
-              print_exception(error)
-              exit(-1)
-            end
+            encoder.validate
+          rescue Core::Params::ParamError, ValidationError => error
+            print_error "failed to validate the encoder #{encoder.class_id}: #{error.message}"
+            exit(1)
+          rescue => error
+            print_error "an unhandled exception occurred while validating the encoder #{encoder.class_id}"
+            print_exception(error)
+            exit(-1)
           end
           #
@@ -197,13 +195,11 @@ module Ronin
           # @return [String]
           #
           def encode_data(data)
-            begin
-              @pipeline.encode(data)
-            rescue => error
-              print_error "unhandled exception occurred while encoding data"
-              print_exception(error)
-              exit(1)
-            end
+            @pipeline.encode(data)
+          rescue => error
+            print_error "unhandled exception occurred while encoding data"
+            print_exception(error)
+            exit(1)
           end
         end

data/lib/ronin/payloads/cli/commands/launch.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Ronin
         #     ronin-payloads launch [options] {-f FILE | NAME}
         #
         # ## Options
-        #
+        #
         #     -f, --file FILE                  The payload file to load
         #     -p, --param NAME=VALUE           Sets a param
         #     -D, --debug                      Enables debugging messages
@@ -90,7 +90,7 @@ module Ronin
             begin
               @payload.perform_prelaunch
               @payload.perform_postlaunch
-            rescue  PayloadError => error
+            rescue PayloadError => error
               print_error("failed to launch payload #{@payload.class_id}: #{error.message}")
               exit(1)
             rescue => error

data/lib/ronin/payloads/cli/commands/new.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
         #     ronin-payload new [options] FILE
         #
         # ## Options
-        #
+        #
         #     -t asm|shellcode|c|go|rust|shell|powershell|html|javascript|typescript|java|sql|php|python|ruby|nodejs,
         #         --type                       The type for the new payload
         #     -a, --author NAME                The name of the author

data/lib/ronin/payloads/cli/commands/show.rb CHANGED Viewed

@@ -87,6 +87,7 @@ module Ronin
             indent do
               fields = {}
               fields['Type']    = payload_type(payload)
               fields['Summary'] = payload.summary if payload.summary

data/lib/ronin/payloads/cli/encoder_methods.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-payloads - A Ruby micro-framework for writing and running exploit
 # payloads.