RubyGems - ronin-payloads - Versions diffs - 0.1.0 → 0.1.1 - Mend

ronin-payloads 0.1.0 → 0.1.1

Files changed (95) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07561b5d1c24b065edf8f865ebfe2c68f0646ca7bdb64815f0208792a75cf930
-  data.tar.gz: 9168b42d9147d245dcc08d3125f7e84037c7d0cf306024e69e5c8cdd65ca3215
+  metadata.gz: 6fddb2f659bbde5b22104a0199430583326dd28ff4183121da3e25e88a94fe8a
+  data.tar.gz: 5e2f20bca62fcd8d43f4bc82eb33c1098cac1e20269d49b847e793dcd186a978
 SHA512:
-  metadata.gz: 50b73eaed5e5a285d369d330a7301979c715665c5e68a1fb7d0d6ad67adbc154922bbbb609fb3bc9583f643fd26293a9c21ce36bcc5071313029cfe47d808dbc
-  data.tar.gz: a9112a634a9de0c0adb4cd117ed63f2d2ee848ae7ea043cf91cb449824d932ba07e14c8a7f893d3b416de14923731db540ea61f58e069e1c614e66fc82a6a332
+  metadata.gz: 0d75e548fc4782f995dbba42e62f4a1a485d3fc2fbdf005c479fe6beda75b2006d9f8132fe98125586d5b4877604c251ad1fe284ea13dccb04476b4edecfc4e4
+  data.tar.gz: 36384af31fb5ba8e407c1b7ebe5777974b966a005c42ebe57a499fea46e450b82987ce3e117c07def7c515fe7f099caa1e760db1ca06ca077ccd2590a3cef8df

data/.github/workflows/ruby.yml CHANGED Viewed

@@ -12,7 +12,7 @@ jobs:
           - '3.0'
           - '3.1'
           - '3.2'
-          # - jruby
+          - jruby
           - truffleruby
     name: Ruby ${{ matrix.ruby }}
     steps:
@@ -30,3 +30,17 @@ jobs:
         run: bundle install --jobs 4 --retry 3
       - name: Run tests
         run: bundle exec rake test
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.rubocop.yml ADDED Viewed

@@ -0,0 +1,37 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+#
+# ronin-payload specific exceptions:
+#
+Layout/ArgumentAlignment: { Exclude: ['spec/rust_payload_spec.rb'] }
+# the placeholder API methods are meant to be empty
+Style/EmptyMethod:
+  Exclude:
+    - 'lib/ronin/payloads/payload.rb'
+    - 'spec/**/*'
+# rubocop does not support constants that contain multiple numbers
+Naming/ClassAndModuleCamelCase:
+  AllowedNames:
+    - X86_64
+# robucop mistakes :x86_64 for a "symbol number"
+Naming/VariableNumber:
+  AllowedIdentifiers:
+    - x86_64
+# this is a bug in rubocop
+Style/FormatStringToken:
+  Exclude:
+    - 'lib/ronin/payloads/builtin/cmd/powershell/reverse_shell.rb'
+    - 'spec/builtin/cmd/powershell/reverse_shell_spec.rb'
+# rubocop does not recognize empty-line continuations
+Layout/LineContinuationSpacing: { Exclude: ['lib/ronin/payloads/builtin/shellcode/**/*.rb'] }

data/ChangeLog.md CHANGED Viewed

@@ -1,4 +1,16 @@
-### 0.1.0 / 2023-XX-XX
+### 0.1.1 / 2023-03-01
+* Default the `host` param defined by {Ronin::Payloads::Mixins::BindShell} to
+  `0.0.0.0`.
+#### CLI
+* Fixed multiple bugs in the `--param` option of the `ronin-payloads encode`
+  comand.
+* Fixed multiple bugs in the `--encoder-param` option of
+  the `ronin-payloads build` command.
+### 0.1.0 / 2023-02-01
 * Initial release:
   * Require `ruby` >= 3.0.0.

data/Gemfile CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 gemspec
@@ -41,6 +42,8 @@ group :development do
   gem 'yard-spellcheck', require: false
   gem 'dead_end',        require: false
-  gem 'sord',            require: false
-  gem 'stackprof',       require: false
+  gem 'sord',            require: false, platform: :mri
+  gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   require: false, platform: :mri
 end

data/Rakefile CHANGED Viewed

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
 begin
   require 'bundler'
 rescue LoadError => e
   warn e.message
   warn "Run `gem install bundler` to install Bundler"
-  exit -1
+  exit(-1)
 end
 begin

data/bin/ronin-payloads CHANGED Viewed

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 #
 # ronin-payloads - A Ruby micro-framework for writing and running exploit
 # payloads.
@@ -22,13 +23,11 @@
 root = File.expand_path(File.join(File.dirname(__FILE__),'..'))
 if File.file?(File.join(root,'Gemfile.lock'))
   Dir.chdir(root) do
-    begin
-      require 'bundler/setup'
-    rescue LoadError => e
-      warn e.message
-      warn "Run `gem install bundler` to install Bundler"
-      exit -1
-    end
+    require 'bundler/setup'
+  rescue LoadError => e
+    warn e.message
+    warn "Run `gem install bundler` to install Bundler"
+    exit(-1)
   end
 end

data/examples/bin_sh.rb CHANGED Viewed

@@ -1,9 +1,13 @@
 #!/usr/bin/env -S ronin-payloads build -f
+# frozen_string_literal: true
 require 'ronin/payloads/shellcode_payload'
 module Ronin
   module Payloads
+    #
+    # An example `execve()` `/bin/sh` shellcode payload.
+    #
     class BinSh < ShellcodePayload
       register 'examples/bin_sh'

data/lib/ronin/payloads/asm_payload.rb CHANGED Viewed

@@ -61,7 +61,7 @@ module Ronin
       end
       param :assembler, required: true,
-                        default:  ->{ assembler },
+                        default:  -> { assembler },
                         desc:     'The assmebler command to use'
       #

data/lib/ronin/payloads/builtin/php/cmd_exec.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-payloads - A Ruby micro-framework for writing and running exploit
 # payloads.
@@ -32,9 +33,9 @@ module Ronin
         summary 'PHP command exec payload'
         description <<~DESC
-        A basic injectable PHP payload which executes a command passed in via a
-        URL query parameter. The output of the commend will be returned in the
-        response body wrapped in `<exec>...</exec>` tags.
+          A basic injectable PHP payload which executes a command passed in via a
+          URL query parameter. The output of the commend will be returned in the
+          response body wrapped in `<exec>...</exec>` tags.
         DESC
         param :query_param, String, default: 'cmd',

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86 bind shell shellcode'
             description <<~DESC
-            FreeBSD x86 shellcode that binds a shell to a port.
+              FreeBSD x86 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86 execve() shellcode'
             description <<~DESC
-            FreeBSD x86 shellcode that calls execve() with "/bin/sh".
+              FreeBSD x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86 reverse shell shellcode'
             description <<~DESC
-            FreeBSD x86 shellcode that spawns a connect back reverse shell.
+              FreeBSD x86 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/freebsd/x86_64/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'FreeBSD x86-64 execve() shellcode'
             description <<~DESC
-            FreeBSD x86-64 shellcode that calls execve() with "/bin/sh".
+              FreeBSD x86-64 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/arm/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux ARM bind shell shellcode'
             description <<~DESC
-            Linux ARM shellcode that binds a shell to a port.
+              Linux ARM shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/arm/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'Linux ARM execve() shellcode'
             description <<~DESC
-            Linux ARM shellcode that calls execve() with "/bin/sh".
+              Linux ARM shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/arm/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux ARM reverse shell shellcode'
             description <<~DESC
-            Linux ARM shellcode that spawns a connect back reverse shell.
+              Linux ARM shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/mips/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux ARM bind shell shellcode'
             description <<~DESC
-            Linux ARM shellcode that binds a shell to a port.
+              Linux ARM shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/mips/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux MIPS execve() shellcode'
             description <<~DESC
-            Linux MIPS shellcode that calls execve() with "/bin/sh".
+              Linux MIPS shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/mips/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux MIPS reverse shell shellcode'
             description <<~DESC
-            Linux MIPS shellcode that spawns a connect back reverse shell.
+              Linux MIPS shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/ppc/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux PPC execve() shellcode'
             description <<~DESC
-            Linux PPC shellcode that calls execve() with "/bin/sh".
+              Linux PPC shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/ppc/reverse_shell.rb CHANGED Viewed

@@ -40,9 +40,9 @@ module Ronin
             summary 'Linux PPC reverse shell shellcode'
             description <<~DESC
-            Linux PPC shellcode that spawns a connect back reverse shell.
+              Linux PPC shellcode that spawns a connect back reverse shell.
-            Note: disabling with_stderr will save 16 bytes, but lose stderr.
+              Note: disabling with_stderr will save 16 bytes, but lose stderr.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86/bind_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'Linux x86 bind shell shellcode'
             description <<~DESC
-            Linux x86 shellcode that binds a shell to a port.
+              Linux x86 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'Linux x86 execve() shellcode'
             description <<~DESC
-            Linux x86 shellcode that calls execve() with "/bin/sh".
+              Linux x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86 reverse shell shellcode'
             description <<~DESC
-            Linux x86 shellcode that spawns a connect back reverse shell.
+              Linux x86 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86-64 bind shell shellcode'
             description <<~DESC
-            Linux x86-64 shellcode that binds a shell to a port.
+              Linux x86-64 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86-64 execve() shellcode'
             description <<~DESC
-            Linux x86-64 shellcode that calls execve() with "/bin/sh".
+              Linux x86-64 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/linux/x86_64/reverse_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'Linux x86-64 reverse shell shellcode'
             description <<~DESC
-            Linux x86-64 shellcode that spawns a connect back reverse shell.
+              Linux x86-64 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'macOS x86-64 execve() shellcode'
             description <<~DESC
-            macOS x86-64 shellcode that calls execve() with "/bin/sh".
+              macOS x86-64 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/macos/x86_64/reverse_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'macOS x86-64 reverse shell shellcode'
             description <<~DESC
-            macOS x86-64 shellcode that spawns a connect back reverse shell.
+              macOS x86-64 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/exec_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'NetBSD x86 execve() shellcode'
             description <<~DESC
-            NetBSD x86 shellcode that calls execve() with "/bin/sh".
+              NetBSD x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/netbsd/x86/reverse_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'NetBSD x86 reverse shell shellcode'
             description <<~DESC
-            NetBSD x86 shellcode that spawns a connect back reverse shell.
+              NetBSD x86 shellcode that spawns a connect back reverse shell.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/bind_shell.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Ronin
             summary 'OpenBSD x86 bind shell shellcode'
             description <<~DESC
-            OpenBSD x86 shellcode that binds a shell to a port.
+              OpenBSD x86 shellcode that binds a shell to a port.
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/openbsd/x86/exec_shell.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
             summary 'OpenBSD x86 execve() shellcode'
             description <<~DESC
-            OpenBSD x86 shellcode that calls execve() with "/bin/sh".
+              OpenBSD x86 shellcode that calls execve() with "/bin/sh".
             DESC
             references [

data/lib/ronin/payloads/builtin/shellcode/windows/x86_64/cmd.rb CHANGED Viewed

@@ -37,11 +37,11 @@ module Ronin
             os :windows
             os_version '7'
-            author "agix"
+            author "agix"
             summary 'Windows x86-64 cmd shellcode'
             description <<~DESC
-            Windows x86-64 shellcode that executes "cmd"
+              Windows x86-64 shellcode that executes "cmd"
             DESC
             references [

data/lib/ronin/payloads/builtin/test/open_redirect.rb CHANGED Viewed

@@ -33,10 +33,10 @@ module Ronin
         summary 'An Open Redirect test payload'
         description <<~DESC
-        A non-malicious test payload for testing Open Redirect vulnerabilities.
-        Simply redirects to https://google.com/.
+          A non-malicious test payload for testing Open Redirect vulnerabilities.
+          Simply redirects to https://google.com/.
         DESC
         #
         # Builds the Open Redirect test payload.
         #

data/lib/ronin/payloads/builtin/test/xss.rb CHANGED Viewed

@@ -33,10 +33,10 @@ module Ronin
         summary 'A XSS test payload'
         description <<~DESC
-        A non-malicious test payload for testing Cross Site Scripting (XSS).
-        Simply calls `alert(1)`.
+          A non-malicious test payload for testing Cross Site Scripting (XSS).
+          Simply calls `alert(1)`.
         DESC
         #
         # Builds the XSS test payload.
         #

data/lib/ronin/payloads/c_payload.rb CHANGED Viewed

@@ -52,7 +52,7 @@ module Ronin
       end
       param :cc, required: true,
-                 default:  ->{ cc },
+                 default:  -> { cc },
                  desc:     'The C compiler to use'
       #

data/lib/ronin/payloads/cli/commands/build.rb CHANGED Viewed

@@ -80,9 +80,9 @@ module Ronin
                                  },
                                  desc: 'Sets a param for one of the encoders' do |str|
                                    name, value              = str.split('=',2)
-                                   ecndoer_name, param_name = name.split('.',2)
+                                   encoder_name, param_name = name.split('.',2)
-                                   @encoder_params[encoder_name][param_name] = value
+                                   @encoder_params[encoder_name][param_name.to_sym] = value
                                  end
           option :debug, short: '-D',
@@ -162,16 +162,14 @@ module Ronin
           # Builds the {#payload}.
           #
           def build_payload
-            begin
-              @payload.perform_build
-            rescue PayloadError => error
-              print_error "failed to build the payload #{@payload_class.id}: #{error.message}"
-              exit(-1)
-            rescue => error
-              print_exception(error)
-              print_error "an unhandled exception occurred while building the payload #{@payload.class_id}"
-              exit(-1)
-            end
+            @payload.perform_build
+          rescue PayloadError => error
+            print_error "failed to build the payload #{@payload_class.id}: #{error.message}"
+            exit(-1)
+          rescue => error
+            print_exception(error)
+            print_error "an unhandled exception occurred while building the payload #{@payload.class_id}"
+            exit(-1)
           end
           #

data/lib/ronin/payloads/cli/commands/encode.rb CHANGED Viewed

@@ -71,15 +71,15 @@ module Ronin
                          },
                          desc: 'Sets a param on an encoder' do |str|
                            prefix, value = str.split('=',2)
-                           ecndoer, name = prefix.split('.',2)
+                           encoder, name = prefix.split('.',2)
-                           @params[encoder][name] = value
+                           @params[encoder][name.to_sym] = value
                          end
           option :string, short: '-s',
                           value: {
                             type:  String,
-                            usage: 'STRING',
+                            usage: 'STRING'
                           },
                           desc: 'The string to encode'
@@ -157,16 +157,14 @@ module Ronin
           #   Another encoder validation error occurred.
           #
           def validate_encoder(encoder)
-            begin
-              encoder.validate
-            rescue Core::Params::ParamError, ValidationError => error
-              print_error "failed to validate the encoder #{encoder.class_id}: #{error.message}"
-              exit(1)
-            rescue => error
-              print_error "an unhandled exception occurred while validating the encoder #{encoder.class_id}"
-              print_exception(error)
-              exit(-1)
-            end
+            encoder.validate
+          rescue Core::Params::ParamError, ValidationError => error
+            print_error "failed to validate the encoder #{encoder.class_id}: #{error.message}"
+            exit(1)
+          rescue => error
+            print_error "an unhandled exception occurred while validating the encoder #{encoder.class_id}"
+            print_exception(error)
+            exit(-1)
           end
           #
@@ -197,13 +195,11 @@ module Ronin
           # @return [String]
           #
           def encode_data(data)
-            begin
-              @pipeline.encode(data)
-            rescue => error
-              print_error "unhandled exception occurred while encoding data"
-              print_exception(error)
-              exit(1)
-            end
+            @pipeline.encode(data)
+          rescue => error
+            print_error "unhandled exception occurred while encoding data"
+            print_exception(error)
+            exit(1)
           end
         end

data/lib/ronin/payloads/cli/commands/launch.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Ronin
         #     ronin-payloads launch [options] {-f FILE | NAME}
         #
         # ## Options
-        #
+        #
         #     -f, --file FILE                  The payload file to load
         #     -p, --param NAME=VALUE           Sets a param
         #     -D, --debug                      Enables debugging messages
@@ -90,7 +90,7 @@ module Ronin
             begin
               @payload.perform_prelaunch
               @payload.perform_postlaunch
-            rescue  PayloadError => error
+            rescue PayloadError => error
               print_error("failed to launch payload #{@payload.class_id}: #{error.message}")
               exit(1)
             rescue => error

data/lib/ronin/payloads/cli/commands/new.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Ronin
         #     ronin-payload new [options] FILE
         #
         # ## Options
-        #
+        #
         #     -t asm|shellcode|c|go|rust|shell|powershell|html|javascript|typescript|java|sql|php|python|ruby|nodejs,
         #         --type                       The type for the new payload
         #     -a, --author NAME                The name of the author

data/lib/ronin/payloads/cli/commands/show.rb CHANGED Viewed

@@ -87,6 +87,7 @@ module Ronin
             indent do
               fields = {}
               fields['Type']    = payload_type(payload)
               fields['Summary'] = payload.summary if payload.summary

data/lib/ronin/payloads/cli/encoder_methods.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 #
 # ronin-payloads - A Ruby micro-framework for writing and running exploit
 # payloads.