ronin-scanners 0.1.1 → 0.1.2

data/History.txt

@@ -1,3 +1,9 @@
+=== 0.1.2 / 2009-02-08
+
+* Added a Rubyful interface to the Nikto web scanner:
+  * Ronin::Scanners::Nikto.
+  * Ronin::Scanners::NiktoTask.
+
 === 0.1.1 / 2009-01-09
 
 * Require ScanDB >= 0.1.3 for the latest bug fixes.

data/Manifest.txt

@@ -2,9 +2,14 @@ History.txt
 Manifest.txt
 README.txt
 Rakefile
+bin/ronin-scanners
 lib/ronin/scanners.rb
 lib/ronin/scanners/nmap.rb
-lib/ronin/scanners/nmap_task.rb
+lib/ronin/scanners/nmap/nmap.rb
+lib/ronin/scanners/nmap/nmap_task.rb
+lib/ronin/scanners/nikto.rb
+lib/ronin/scanners/nikto/nikto.rb
+lib/ronin/scanners/nikto/nikto_task.rb
 lib/ronin/scanners/version.rb
 tasks/spec.rb
 spec/spec_helper.rb

data/README.txt

@@ -41,17 +41,49 @@ of Ronin.
 
 * Provides a Rubyful interface to Nmap.
 * Allows for recording of Nmap scan results using ScanDB.
+* Provides a Rubyful interface to Nikto.
 
 == REQUIREMENTS:
 
-* Scandb
-* RProgram >= 0.1.4
-* Ronin >= 0.1.2
+* {scandb}[http://scandb.rubyforge.org/]
+* {rprogram}[http://rprogram.rubyforge.org/] >= 0.1.4
+* {ronin}[http://ronin.rubyforge.org/] >= 0.1.2
 
 == INSTALL:
 
   $ sudo gem install ronin-scanners
 
+== SYNOPSIS:
+
+* Start the Ronin console with Ronin Scanners preloaded:
+
+  $ ronin-scanners
+
+== EXAMPLES:
+
+* Calling Nmap from Ruby:
+
+    require 'ronin/scanners/nmap'
+  
+    Scanners::Nmap.scan(:targets => 'www.google.com', :ports => [80,21,25], :service_scan => true)
+    # Starting Nmap 4.68 ( http://nmap.org ) at 2009-01-09 16:51 PST
+    # Interesting ports on mh-in-f99.google.com (209.85.173.99):
+    # PORT   STATE    SERVICE VERSION
+    # 21/tcp filtered ftp
+    # 25/tcp filtered smtp
+    # 80/tcp open     http    Google httpd 1.3 (GFE)
+    # Service Info: OS: Linux
+    #
+    # Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
+    # Nmap done: 1 IP address (1 host up) scanned in 11.627 seconds
+    # => nil
+
+* Calling Nikto from Ruby:
+
+  require 'ronin/scanners/nikto'
+  
+  Scanners::Nikto.scan(:host => 'www.example.com')
+
 == LICENSE:
 
 Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to

data/bin/ronin-scanners

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+
+require 'ronin/ui/command_line/commands/default'
+require 'ronin/ui/console'
+
+Ronin::UI::Console.auto_load << 'ronin/scanners'
+Ronin::UI::CommandLine::DefaultCommand.run(*ARGV)

data/lib/ronin/scanners.rb

@@ -22,4 +22,5 @@
 #
 
 require 'ronin/scanners/nmap'
+require 'ronin/scanners/nikto'
 require 'ronin/scanners/version'

data/lib/ronin/scanners/nikto.rb

@@ -0,0 +1,25 @@
+#
+#--
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/scanners/nikto/nikto_task'
+require 'ronin/scanners/nikto/nikto'

data/lib/ronin/scanners/nikto/nikto.rb

@@ -0,0 +1,54 @@
+#
+#--
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/scanners/nikto/nikto_task'
+
+require 'rprogram/program'
+
+module Ronin
+  module Scanners
+    class Nikto < RProgram::Program
+      
+      name_program 'nikto'
+      alias_program 'nikto.pl'
+
+      #
+      # Perform a Nikto scan using the given _options_ and _block_.
+      # If a _block_ is given, it will be passed a newly created
+      # NiktoTask object.
+      #
+      def self.scan(options={},&block)
+        self.find.scan(options,&block)
+      end
+
+      #
+      # Perform a Nikto scan using the given _options_ and _block_.
+      # If a _block_ is given, it will be passed a newly created
+      # NiktoTask object.
+      #
+      def scan(options={},&block)
+        run_task(NiktoTask.new(options,&block))
+      end
+    end
+  end
+end

data/lib/ronin/scanners/nikto/nikto_task.rb

@@ -0,0 +1,183 @@
+#
+#--
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'rprogram/task'
+
+module Ronin
+  module Scanners
+    #
+    # == Nikto options:
+    # <tt>-h</tt>:: <tt>nikto.host</tt>
+    # <tt>-config</tt>:: <tt>nikto.config</tt>
+    # <tt>-Cgidirs</tt>:: <tt>nikto.cgi_dirs</tt>
+    # <tt>-cookies</tt>:: <tt>nikto.print_cookies</tt>
+    # <tt>-evasion</tt>:: <tt>nikto.evasion</tt>
+    # <tt>-findonly</tt>:: <tt>nikto.evasion</tt>
+    # <tt>-Format</tt>:: <tt>nikto.format</tt>
+    # <tt>-generic</tt>:: <tt>nikto.full_scan</tt>
+    # <tt>-id</tt>:: <tt>nikto.http_auth</tt>
+    # <tt>-mutate</tt>:: <tt>nikto.mutate_checks</tt>
+    # <tt>-nolookup</tt>:: <tt>nikto.no_lookup</tt>
+    # <tt>-output</tt>:: <tt>nikto.output</tt>
+    # <tt>-port</tt>:: <tt>nikto.port</tt>
+    # <tt>-root</tt>:: <tt>nikto.root</tt>
+    # <tt>-ssl</tt>:: <tt>nikto.ssl</tt>
+    # <tt>-timeout</tt>:: <tt>nikto.timeout</tt>
+    # <tt>-useproxy</tt>:: <tt>nikto.enable_proxy</tt>
+    # <tt>-vhost</tt>:: <tt>nikto.vhost</tt>
+    # <tt>-Version</tt>:: <tt>nikto.version</tt>
+    # <tt>-404</tt>:: <tt>nikto.not_found_message</tt>
+    # <tt>-dbcheck</tt>:: <tt>nikto.validate_checks</tt>
+    # <tt>-debug</tt>:: <tt>nikto.debug</tt>
+    # <tt>-update</tt>:: <tt>nikto.update</tt>
+    # <tt>-verbose</tt>:: <tt>nikto.verbose</tt>
+    #
+    class NiktoTask < RProgram::Task
+
+      short_option :flag => '-h', :name => :host
+      short_option :flag => '-config', :name => :config
+      short_option :flag => '-Cgidirs', :name => :cgi_dirs
+      short_option :flag => '-cookies', :name => :print_cookies
+      short_option :flag => '-evasion', :name => :evasion
+
+      #
+      # Enable random URI encoding.
+      #
+      def random_uri_encoding!
+        self.evasion ||= ''
+        self.evasion << '1'
+      end
+
+      #
+      # Enable adding self-referencing directories (<tt>/./</tt>) to the
+      # request.
+      #
+      def directory_self_reference!
+        self.evasion ||= ''
+        self.evasion << '2'
+      end
+
+      #
+      # Enable premature URL ending.
+      #
+      def premature_url_ending!
+        self.evasion ||= ''
+        self.evasion << '3'
+      end
+
+      #
+      # Enable prepend long random strings to the request.
+      #
+      def prepend_random_strings!
+        self.evasion ||= ''
+        self.evasion << '4'
+      end
+
+      #
+      # Enable fake parameters to files.
+      #
+      def fake_params_to_files!
+        self.evasion ||= ''
+        self.evasion << '5'
+      end
+
+      #
+      # Enable using a tab character as the request spacer, instead of
+      # spaces.
+      #
+      def tab_request_spacer!
+        self.evasion ||= ''
+        self.evasion << '6'
+      end
+
+      #
+      # Enable random case sensitivity.
+      #
+      def random_casing!
+        self.evasion ||= ''
+        self.evasion << '7'
+      end
+
+      #
+      # Enable use of Windows style directory separators
+      # (<tt>\\</tt> instead of <tt>/</tt>).
+      #
+      def windows_directories!
+        self.evasion ||= ''
+        self.evasion << '8'
+      end
+
+      #
+      # Enable session splicing.
+      #
+      def session_splicing!
+        self.evasion ||= ''
+        self.evasion << '9'
+      end
+
+      short_option :flag => '-findonly', :name => :only_find
+      short_option :flag => '-Format', :name => :format
+
+      #
+      # Sets the report format to +HTM+.
+      #
+      def html_format!
+        self.format = 'HTM'
+      end
+
+      #
+      # Sets the report format to +TXT+.
+      #
+      def text_format!
+        self.format = 'TXT'
+      end
+
+      #
+      # Sets the report format to +CVS+.
+      #
+      def csv_format!
+        self.format = 'CSV'
+      end
+
+      short_option :flag => '-generic', :name => :full_scan
+      short_option :flag => '-id', :name => :http_auth
+      short_option :flag => '-mutate', :name => :mutate_checks
+      short_option :flag => '-nolookup', :name => :no_lookup
+      short_option :flag => '-output', :name => :output
+      short_option :flag => '-port', :name => :port
+      short_option :flag => '-root', :name => :root
+      short_option :flag => '-ssl', :name => :ssl
+      short_option :flag => '-timeout', :name => :timeout
+      short_option :flag => '-useproxy', :name => :enable_proxy
+      short_option :flag => '-vhost', :name => :vhost
+      short_option :flag => '-Version', :name => :version
+
+      short_option :flag => '-404', :name => :not_found_message
+      short_option :flag => '-dbcheck', :name => :validate_checks
+      short_option :flag => '-debug', :name => :debug
+      short_option :flag => '-update', :name => :update
+      short_option :flag => '-verbose', :name => :verbose
+
+    end
+  end
+end

data/lib/ronin/scanners/nmap.rb

@@ -21,50 +21,5 @@
 #++
 #
 
-require 'ronin/scanners/nmap_task'
-
-require 'rprogram/program'
-require 'scandb'
-require 'tempfile'
-
-module Ronin
-  module Scanners
-    class Nmap < RProgram::Program
-
-      name_program 'nmap'
-
-      #
-      # Perform an Nmap scan using the given _options_ and _block_.
-      #
-      def self.scan(options={},&block)
-        self.find.scan(options,&block)
-      end
-
-      #
-      # Perform an Nmap scan using the given _options_ and _block_.
-      #
-      def scan(options={},&block)
-        run_task(NmapTask.new(options,&block))
-      end
-
-      #
-      # Perform an Nmap scan using the given _options_ and save
-      # the resulting scan information into ScanDB. If a _block_ is given,
-      # it will be passed each ScanDB::Host object from the scan.
-      #
-      def import_scan(options={},&block)
-        file = Tempfile.new('nmap',Config::TMP_DIR)
-
-        # perform the scan
-        scan(options.merge(:xml => file))
-
-        # import the xml file into ScanDB
-        hosts = ScanDB::Nmap.import_xml(file,&block)
-
-        file.delete
-        return hosts
-      end
-
-    end
-  end
-end
+require 'ronin/scanners/nmap/nmap_task'
+require 'ronin/scanners/nmap/nmap'

data/lib/ronin/scanners/nmap/nmap.rb

@@ -0,0 +1,74 @@
+#
+#--
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#++
+#
+
+require 'ronin/scanners/nmap/nmap_task'
+
+require 'rprogram/program'
+require 'scandb'
+require 'tempfile'
+
+module Ronin
+  module Scanners
+    class Nmap < RProgram::Program
+
+      name_program 'nmap'
+
+      #
+      # Perform an Nmap scan using the given _options_ and _block_.
+      # If a _block_ is given, it will be passed a newly created
+      # NmapTask object.
+      #
+      def self.scan(options={},&block)
+        self.find.scan(options,&block)
+      end
+
+      #
+      # Perform an Nmap scan using the given _options_ and _block_.
+      # If a _block_ is given, it will be passed a newly created
+      # NmapTask object.
+      #
+      def scan(options={},&block)
+        run_task(NmapTask.new(options,&block))
+      end
+
+      #
+      # Perform an Nmap scan using the given _options_ and save
+      # the resulting scan information into ScanDB. If a _block_ is given,
+      # it will be passed each ScanDB::Host object from the scan.
+      #
+      def import_scan(options={},&block)
+        file = Tempfile.new('nmap',Config::TMP_DIR)
+
+        # perform the scan
+        scan(options.merge(:xml => file))
+
+        # import the xml file into ScanDB
+        hosts = ScanDB::Nmap.import_xml(file,&block)
+
+        file.delete
+        return hosts
+      end
+
+    end
+  end
+end

data/lib/ronin/scanners/version.rb

@@ -23,6 +23,6 @@
 
 module Ronin
   module Scanners
-    VERSION = '0.1.1'
+    VERSION = '0.1.2'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: ronin-scanners
 version: !ruby/object:Gem::Version 
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors: 
 - Postmodern
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-01-09 00:00:00 -08:00
+date: 2009-02-08 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -50,13 +50,13 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.8.2
+        version: 1.8.3
     version: 
 description: Ronin Scanners is a Ruby library for Ronin that provides Ruby interfaces to various third-party security scanners.  Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.
 email: 
 - postmodern.mod3@gmail.com
-executables: []
-
+executables: 
+- ronin-scanners
 extensions: []
 
 extra_rdoc_files: 
@@ -68,9 +68,14 @@ files:
 - Manifest.txt
 - README.txt
 - Rakefile
+- bin/ronin-scanners
 - lib/ronin/scanners.rb
 - lib/ronin/scanners/nmap.rb
-- lib/ronin/scanners/nmap_task.rb
+- lib/ronin/scanners/nmap/nmap.rb
+- lib/ronin/scanners/nmap/nmap_task.rb
+- lib/ronin/scanners/nikto.rb
+- lib/ronin/scanners/nikto/nikto.rb
+- lib/ronin/scanners/nikto/nikto_task.rb
 - lib/ronin/scanners/version.rb
 - tasks/spec.rb
 - spec/spec_helper.rb