ronin-support 0.3.0 → 0.4.0.rc1

data/ChangeLog.md

@@ -1,3 +1,73 @@
+### 0.4.0 / 2012-01-01
+
+* Require uri-query_params ~> 0.6.
+* Require parameters ~> 0.4.
+* Added {Regexp::DELIM}.
+* Added {Regexp::IDENTIFIER}.
+* Added {Regexp::OCTET}.
+* Added {Regexp::FILE_EXT}.
+* Added {Regexp::FILE_NAME}.
+* Added {Regexp::FILE}.
+* Added {Regexp::DIRECTORY}.
+* Added {Regexp::LOCAL_UNIX_PATH}.
+* Added {Regexp::ABSOLUTE_UNIX_PATH}.
+* Added {Regexp::UNIX_PATH}.
+* Added {Regexp::LOCAL_WINDOWS_PATH}.
+* Added {Regexp::ABSOLUTE_WINDOWS_PATH}.
+* Added {Regexp::WINDOWS_PATH}.
+* Added {Regexp::LOCAL_PATH}.
+* Added {Regexp::ABSOLUTE_PATH}.
+* Added {Regexp::PATH}.
+* Added {String#repeating}.
+* Added {String#sql_inject}.
+* Added {String#mutate}.
+* Added {Ronin::Fuzzing}.
+  * Added {Ronin::Fuzzing.[]}.
+  * Added {Ronin::Fuzzing.bad_strings}.
+  * Added {Ronin::Fuzzing.format_strings}.
+  * Added {Ronin::Fuzzing.bad_paths}.
+  * Added {Ronin::Fuzzing.bit_fields}.
+  * Added {Ronin::Fuzzing.signed_bit_fields}.
+  * Added {Ronin::Fuzzing.uint8}.
+  * Added {Ronin::Fuzzing.uint16}.
+  * Added {Ronin::Fuzzing.uint32}.
+  * Added {Ronin::Fuzzing.uint64}.
+  * Added {Ronin::Fuzzing.int8}.
+  * Added {Ronin::Fuzzing.int16}.
+  * Added {Ronin::Fuzzing.int32}.
+  * Added {Ronin::Fuzzing.int64}.
+  * Added {Ronin::Fuzzing.sint8}.
+  * Added {Ronin::Fuzzing.sint16}.
+  * Added {Ronin::Fuzzing.sint32}.
+  * Added {Ronin::Fuzzing.sint64}.
+* Added {Ronin::Wordlist}.
+* Added {Ronin::Network::Mixins::Mixin}.
+* Added {Ronin::UI::Output::Helpers#print_exception}.
+* Made {Regexp::HOST_NAME} case-insensitive.
+* Refactored {Regexp::IPv4} to not match invalid IPv4 addresses.
+* Require `ronin/formatting/html` in `ronin/formatting`.
+* Allow {String#base64_encode} and {String#base64_decode} to accept a formatting
+  argument.
+  * `:normal`
+  * `:strict`
+  * `:url` / `:urlsafe`
+* Fixed a bug in {String#js_unescape}, where `%uXX` chars were not being
+  unescaped (thanks isis!).
+* Have {String#fuzz} only accept `Regexp` and `String` objects.
+* Moved {String#fuzz} and {String.generate} into `ronin/fuzzing`.
+* Moved `Net.*` methods into the {Ronin::Network} modules.
+* Fixed bugs in {Ronin::Network::UDP#udp_connect} and
+  {Ronin::Network::UDP#udp_server}.
+* Fixed a bug in {Ronin::Network::Mixins::HTTP#http_session}, where
+  normalized options were not being yielded.
+* Allow {Ronin::Templates::Erb} to use `<%- -%>` syntax.
+* Alias `<<` to `write` in {Ronin::UI::Output::Helpers}.
+* Fixed bugs in {Ronin::UI::Shell}.
+* Warning messages are printed by {Ronin::UI::Output::Helpers}, unless output
+  is silenced.
+* {Ronin::UI::Output::Helpers} and {Ronin::Network} modules are included into
+  {Ronin::Support}.
+
 ### 0.3.0 / 2011-10-16
 
 * Require combinatorics ~> 0.4.
@@ -52,13 +122,13 @@
 * Added {String#js_escape}.
 * Added {String#js_unescape}.
 * Added {String#format_js}.
-* Added {Net.smtp_send_message}.
-* Added {Net.http_status}.
-* Added {Net.http_get_headers}.
-* Added {Net.http_post_headers}.
+* Added `Net.smtp_send_message`.
+* Added `Net.http_status`.
+* Added `Net.http_get_headers`.
+* Added `Net.http_post_headers`.
 * Added YARD `@api` tags to define the public, semi-public and private APIs.
 * Renamed `Kernel#attempt` to {Kernel#try}.
-* Allow `:method` to be used with {Net.http_ok?}.
+* Allow `:method` to be used with `Net.http_ok?`.
 * Fixed a bug in {Ronin::Network::HTTP.expand_url} where `:host` and `:port`
   options were being overridden.
 * Improved the performance of {Integer#bytes}.
@@ -68,8 +138,8 @@
   for unicode characters.
 * Deprecated {String#common_postfix}, in favor of {String#common_suffix}.
   {String#common_postfix} will be removed in ronin-support 1.0.0.
-* {Net.http_get_body} no longer accepts a block.
-* {Net.http_post_body} no longer accepts a block.
+* `Net.http_get_body` no longer accepts a block.
+* `Net.http_post_body` no longer accepts a block.
 
 ### 0.1.0 / 2011-03-20
 

data/README.md

@@ -26,7 +26,7 @@ or payloads over many common Source-Code-Management (SCM) systems.
     * HTML
     * JavaScript
     * SQL
-  * Generating random text.
+  * Fuzzing
   * Networking:
     * TCP
     * UDP
@@ -40,6 +40,13 @@ or payloads over many common Source-Code-Management (SCM) systems.
     * CIDR / globbed ranges.
   * (Un-)Hexdumping data.
   * Handling exceptions.
+* Provides Modules/Classes for:
+  * Paths
+  * Wordlists
+  * Erb Templates
+  * UI:
+    * Terminal Output
+    * Custom Shells
 
 ## Examples
 
@@ -56,16 +63,25 @@ please see [Everyday Ronin](http://ronin-ruby.github.com/guides/everyday_ronin.h
 * [combinatorics](http://github.com/postmodern/combinatorics#readme)
   ~> 0.4
 * [uri-query_params](http://github.com/postmodern/uri-query_params#readme)
-  ~> 0.5, >= 0.5.2
+  ~> 0.6
 * [data_paths](http://github.com/postmodern/data_paths#readme)
   ~> 0.3
 * [parameters](http://github.com/postmodern/parameters#readme)
-  ~> 0.2, >= 0.2.3
+  ~> 0.4
 
 ## Install
 
+### Stable
+
     $ gem install ronin-support
 
+### Edge
+
+    $ git clone git://github.com/ronin-ruby/ronin-support.git
+    $ cd ronin-support/
+    $ bundle install
+    $ rake console
+
 ## License
 
 Copyright (c) 2006-2011 Hal Brodigan (postmodern.mod3 at gmail.com)

data/gemspec.yml

@@ -16,9 +16,9 @@ dependencies:
   chars: ~> 0.2
   hexdump: ~> 0.1
   combinatorics: ~> 0.4
-  uri-query_params: ~> 0.5, >= 0.5.2
+  uri-query_params: ~> 0.6
   data_paths: ~> 0.3
-  parameters: ~> 0.2, >= 0.2.3
+  parameters: ~> 0.4
 
 development_dependencies:
   bundler: ~> 1.0.10

data/lib/ronin/extensions/regexp.rb

@@ -21,11 +21,14 @@ require 'ronin/extensions/resolv'
 
 class Regexp
 
+  # Regular expression for finding a decimal octet (0 - 255)
+  OCTET = /25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9]/
+
   # Regular expression for finding MAC addresses in text
   MAC = /[0-9a-fA-F]{2}(?::[0-9a-fA-F]{2}){5}/
 
   # A regular expression for matching IPv4 Addresses.
-  IPv4 = /[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}/
+  IPv4 = /#{OCTET}(?:\.#{OCTET}){3}/
 
   # A regular expression for matching IPv6 Addresses.
   IPv6 = /:(:[0-9a-f]{1,4}){1,7}|([0-9a-f]{1,4}::?){1,7}[0-9a-f]{1,4}(:#{IPv4})?/
@@ -34,7 +37,7 @@ class Regexp
   IP = /#{IPv4}|#{IPv6}/
 
   # Regular expression used to find host-names in text
-  HOST_NAME = /(?:[a-zA-Z0-9]+(?:[_-][a-zA-Z0-9]+)*\.)+(?:#{union(Resolv::TLDS)})/
+  HOST_NAME = /(?:[a-zA-Z0-9]+(?:[_-][a-zA-Z0-9]+)*\.)+(?:#{union(Resolv::TLDS)})/i
 
   # Regular expression to match a word in the username of an email address
   USER_NAME = /[A-Za-z](?:[A-Za-z0-9]+[\._-])*[A-Za-z0-9]+/
@@ -42,4 +45,49 @@ class Regexp
   # Regular expression to find email addresses in text
   EMAIL_ADDR = /#{USER_NAME}(?:\.#{USER_NAME})*\@#{HOST_NAME}/
 
+  # Regular expression to find deliminators in text
+  DELIM = /[;&\n\r]/
+
+  # Regular expression to find identifier in text
+  IDENTIFIER = /[_a-zA-Z][a-zA-Z0-9_-]*/
+
+  # Regular expression to find File extensions in text
+  FILE_EXT = /(?:\.[A-Za-z0-9_-]+)+/
+
+  # Regular expression to find File names in text
+  FILE_NAME = /(?:[^\/\\\. ]|\\[\/\\ ])+/
+
+  # Regular expression to find Files in text
+  FILE = /#{FILE_NAME}(?:#{FILE_EXT})?/
+
+  # Regular expression to find Directory names in text
+  DIRECTORY = /(?:\.\.|\.|#{FILE})/
+
+  # Regular expression to find local UNIX Paths in text
+  LOCAL_UNIX_PATH = /(?:#{DIRECTORY}\/)+#{DIRECTORY}\/?/
+
+  # Regular expression to find absolute UNIX Paths in text
+  ABSOLUTE_UNIX_PATH = /(?:\/#{FILE})+\/?/
+
+  # Regular expression to find UNIX Paths in text
+  UNIX_PATH = /#{ABSOLUTE_UNIX_PATH}|#{LOCAL_UNIX_PATH}/
+
+  # Regular expression to find local Windows Paths in text
+  LOCAL_WINDOWS_PATH = /(?:#{DIRECTORY}\\)+#{DIRECTORY}\\?/
+
+  # Regular expression to find absolute Windows Paths in text
+  ABSOLUTE_WINDOWS_PATH = /[A-Za-z]:(?:\\#{DIRECTORY})+\\?/
+
+  # Regular expression to find Windows Paths in text
+  WINDOWS_PATH = /#{ABSOLUTE_WINDOWS_PATH}|#{LOCAL_WINDOWS_PATH}/
+
+  # Regular expression to find local Paths in text
+  LOCAL_PATH = /#{LOCAL_UNIX_PATH}|#{LOCAL_WINDOWS_PATH}/
+
+  # Regular expression to find absolute Paths in text
+  ABSOLUTE_PATH = /#{ABSOLUTE_UNIX_PATH}|#{ABSOLUTE_WINDOWS_PATH}/
+
+  # Regular expression to find Paths in text
+  PATH = /#{UNIX_PATH}|#{WINDOWS_PATH}/
+
 end

data/lib/ronin/extensions/string.rb

@@ -194,6 +194,7 @@ class String
   end
 
   if RUBY_VERSION < '1.9.'
+    # Special ASCII bytes and their escaped character forms
     ESCAPE_BYTES = Hash.new do |escape,byte|
       escape[byte] = if (byte >= 0x20 && byte <= 0x7e)
                        byte.chr

data/lib/ronin/formatting.rb

@@ -22,3 +22,4 @@ require 'ronin/formatting/digest'
 require 'ronin/formatting/binary'
 require 'ronin/formatting/text'
 require 'ronin/formatting/http'
+require 'ronin/formatting/html'

data/lib/ronin/formatting/extensions.rb

@@ -21,3 +21,4 @@ require 'ronin/formatting/extensions/binary'
 require 'ronin/formatting/extensions/text'
 require 'ronin/formatting/extensions/digest'
 require 'ronin/formatting/extensions/http'
+require 'ronin/formatting/extensions/html'

data/lib/ronin/formatting/extensions/binary/string.rb

@@ -232,6 +232,13 @@ class String
   #
   # Base64 encodes a string.
   #
+  # @param [Symbol, nil] mode
+  #   The base64 mode to use. May be either:
+  #
+  #   * `:normal`
+  #   * `:strict`
+  #   * `:url` / `:urlsafe`
+  #
   # @return [String]
   #   The base64 encoded form of the string.
   #
@@ -241,24 +248,68 @@ class String
   #
   # @api public
   #
-  def base64_encode
-    Base64.encode64(self)
+  def base64_encode(mode=nil)
+    case mode
+    when :strict
+      if RUBY_VERSION < '1.9'
+        # backported from Ruby 1.9.2
+        [self].pack("m")
+      else
+        Base64.strict_encode64(self)
+      end
+    when :url, :urlsafe
+      if RUBY_VERSION < '1.9'
+        # backported from Ruby 1.9.2
+        [self].pack("m").tr("+/", "-_")
+      else
+        Base64.urlsafe_encode64(self)
+      end
+    else
+      Base64.encode64(self)
+    end
   end
 
   #
   # Base64 decodes a string.
   #
+  # @param [Symbol, nil] mode
+  #   The base64 mode to use. May be either:
+  #
+  #   * `nil`
+  #   * `:strict`
+  #   * `:url` / `:urlsafe`
+  #
   # @return [String]
   #   The base64 decoded form of the string.
   #
+  # @note
+  #   `mode` argument is only available on Ruby >= 1.9.
+  #
   # @example
-  #   "aGVsbG8=\n"
+  #   "aGVsbG8=\n".base64_decode
   #   # => "hello"
   #
   # @api public
   #
-  def base64_decode
-    Base64.decode64(self)
+  def base64_decode(mode=nil)
+    case mode
+    when :strict
+      if RUBY_VERSION < '1.9'
+        # backported from Ruby 1.9.2
+        unpack("m0").first
+      else
+        Base64.strict_decode64(self)
+      end
+    when :url, :urlsafe
+      if RUBY_VERSION < '1.9'
+        # backported from Ruby 1.9.2
+        tr("-_", "+/").unpack("m0").first
+      else
+        Base64.urlsafe_decode64(self)
+      end
+    else
+      Base64.decode64(self)
+    end
   end
 
   #

data/lib/ronin/formatting/extensions/html/string.rb

@@ -152,16 +152,15 @@ class String
   def js_unescape
     unescaped = ''
 
-    scan(/([\\%]u[0-9a-fA-F]{4}|[\\%][0-9a-fA-F]{2}|\\[btnfr"\\]|.)/).each do |match|
+    scan(/([\\%]u[0-9a-fA-F]{1,4}|[\\%][0-9a-fA-F]{1,2}|\\[btnfr"\\]|.)/).each do |match|
       c = match[0]
 
-      unescaped << case c.length
-                   when 6
-                     c[2,4].to_i(16)
-                   when 3
-                     c[1,2].to_i(16)
-                   when 2
+      unescaped << if JS_BACKSLASHED_CHARS.has_key?(c)
                      JS_BACKSLASHED_CHARS[c]
+                   elsif (c.start_with?("\\u") || c.start_with?("%u"))
+                     c[2..-1].to_i(16)
+                   elsif (c.start_with?("\\") || c.start_with?("%"))
+                     c[1..-1].to_i(16)
                    else
                      c
                    end

data/lib/ronin/formatting/extensions/sql/string.rb

@@ -95,4 +95,38 @@ class String
     end
   end
 
+  #
+  # Prepares the String for injection into a SQL expression.
+  #
+  # @return [String]
+  #   The SQL injection ready String.
+  #
+  # @example
+  #   "'1' OR '1'='1'".sql_inject
+  #   # => "1' OR '1'='1"
+  #
+  # @example
+  #   "'1' OR 1=1".sql_inject
+  #   # => "1' OR 1=1 OR '"
+  #
+  # @example
+  #   "'1' OR 1=1".sql_inject(:terminate => true)
+  #   # => "1' OR 1=1 --"
+  #
+  # @api public
+  #
+  # @since 0.4.0
+  #
+  def sql_inject
+    if (start_with?("'") || start_with?('"') || start_with?('`'))
+      if self[0,1] == self[-1,1]
+        self[1..-2]
+      else
+        "#{self[1..-1]}--"
+      end
+    else
+      self
+    end
+  end
+
 end

data/lib/ronin/formatting/extensions/text/string.rb

@@ -17,190 +17,10 @@
 # along with Ronin Support.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-require 'combinatorics/list_comprehension'
-require 'combinatorics/generator'
-require 'chars'
 require 'set'
 
 class String
 
-  #
-  # Generate permutations of Strings from a format template.
-  #
-  # @param [Array(<String, Symbol, Enumerable>, <Integer, Enumerable>)] template
-  #   The template which defines the string or character sets which will
-  #   make up parts of the String.
-  #
-  # @yield [string]
-  #   The given block will be passed each unique String.
-  #
-  # @yieldparam [String] string
-  #   A newly generated String.
-  #
-  # @return [Enumerator]
-  #   If no block is given, an Enumerator will be returned.
-  #
-  # @raise [ArgumentError]
-  #   A given character set name was unknown.
-  #
-  # @raise [TypeError]
-  #   A given string set was not a String, Symbol or Enumerable.
-  #   A given string set length was not an Integer or Enumerable.
-  #
-  # @example Generate Strings with ranges of repeating sub-strings.
-  #
-  # @example Generate Strings with three alpha chars and one numeric chars.
-  #   String.generate([:alpha, 3], :numeric) do |password|
-  #     puts password
-  #   end
-  #
-  # @example Generate Strings with two to four alpha chars.
-  #   String.generate([:alpha, 2..4]) do |password|
-  #     puts password
-  #   end
-  #
-  # @example Generate Strings using alpha and punctuation chars.
-  #   String.generate([Chars.alpha + Chars.punctuation, 4]) do |password|
-  #     puts password
-  #   end
-  #
-  # @example Generate Strings from a custom char set.
-  #   String.generate([['a', 'b', 'c'], 3], [['1', '2', '3'], 3]) do |password|
-  #     puts password
-  #   end
-  #
-  # @example Generate Strings containing known Strings.
-  #   String.generate("rock", [:numeric, 4]) do |password|
-  #     puts password
-  #   end
-  #
-  # @example Generate Strings with ranges of repeating sub-strings.
-  #   String.generate(['/AA', (1..100).step(5)]) do |path|
-  #     puts path
-  #   end
-  #
-  # @since 0.3.0
-  #
-  # @api public
-  #
-  def self.generate(*template)
-    return enum_for(:generate,*template) unless block_given?
-
-    sets = []
-
-    template.each do |pattern|
-      set, length = pattern
-      set = case set
-            when String
-              [set].each
-            when Symbol
-              name = set.to_s.upcase
-
-              unless Chars.const_defined?(name)
-                raise(ArgumentError,"unknown charset #{set.inspect}")
-              end
-
-              Chars.const_get(name).each_char
-            when Enumerable
-              Chars::CharSet.new(set).each_char
-            else
-              raise(TypeError,"set must be a String, Symbol or Enumerable")
-            end
-
-      case length
-      when Integer
-        length.times { sets << set.dup }
-      when Enumerable
-        sets << Combinatorics::Generator.new do |g|
-          length.each do |sublength|
-            superset = Array.new(sublength) { set.dup }
-
-            superset.comprehension { |strings| g.yield strings.join }
-          end
-        end
-      when nil
-        sets << set
-      else
-        raise(TypeError,"length must be an Integer or Enumerable")
-      end
-    end
-
-    sets.comprehension { |strings| yield strings.join }
-    return nil
-  end
-
-  #
-  # Incrementally fuzzes the String.
-  #
-  # @param [Hash{Regexp,String,Integer,Enumerable => #each}] mutations
-  #   Patterns and their substitutions.
-  #
-  # @yield [fuzz]
-  #   The given block will be passed every fuzzed String.
-  #
-  # @yieldparam [String] fuzz
-  #   A fuzzed String.
-  #
-  # @return [Enumerator]
-  #   If no block is given, an Enumerator will be returned.
-  #
-  # @example Replace every `e`, `i`, `o`, `u` with `(`, 100 `A`s and a `\0`:
-  #   "the quick brown fox".fuzz(/[eiou]/ => ['(', ('A' * 100), "\0"]) do |str|
-  #     p str
-  #   end
-  #
-  # @example {String.generate} with {String.fuzz}:
-  #   "GET /".fuzz('/' => String.generate(['A', 1..100])) do |str|
-  #     p str
-  #   end
-  #
-  # @since 0.3.0
-  #
-  # @api public
-  #
-  def fuzz(mutations={})
-    return enum_for(:fuzz,mutations) unless block_given?
-
-    mutations.each do |pattern,substitution|
-      pattern = case pattern
-                when Regexp
-                  pattern
-                when String
-                  Regexp.new(Regexp.escape(pattern))
-                when Integer
-                  Regexp.new(pattern.chr)
-                when Enumerable
-                  Regexp.union(pattern.map { |s| Regexp.escape(s.to_s) })
-                else
-                  raise(TypeError,"cannot convert #{pattern.inspect} to a Regexp")
-                end
-
-      scanner = StringScanner.new(self)
-      indices = []
-
-      while scanner.scan_until(pattern)
-        indices << [scanner.pos - scanner.matched_size, scanner.matched_size]
-      end
-
-      indices.each do |index,length|
-        substitution.each do |substitute|
-          substitute = case substitute
-                       when Proc
-                         substitute.call(self[index,length])
-                       when Integer
-                         substitute.chr
-                       else
-                         substitute.to_s
-                       end
-
-          fuzzed = dup
-          fuzzed[index,length] = substitute
-          yield fuzzed
-        end
-      end
-    end
-  end
-
   #
   # Creates a new String by formatting each byte.
   #