ronin-vulns 0.1.0.beta1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a7f0f97531b93caf6893b805e9326dc9836d903db94b0b5387d96b3d555986b
-  data.tar.gz: ea9163ac70cac3ebb7ad3ee66090e1e0a1c90f6f66c04d9112fe5c093632ed7f
+  metadata.gz: fc8b11abf863d2340c92c0b15fea6261a433541d67b8e9f31c644a013c3b7736
+  data.tar.gz: d801f3f82d4cfdc55666353d0cdbf0e95e3dd205e93bc182be0922cccefcd0a4
 SHA512:
-  metadata.gz: d307c996fa6692769a953a53e9931c6fd067ea4f13d2a642be8a575a1020766aa85be7dbdc1b02b1dcf123013be3859aff61562b17528609e68d3d37b4cd60e5
-  data.tar.gz: '048a760dbbbb9dcd3dedcbe2ba8730e819d8441065e7df2c2a0cead82f694f26c9c78141590b1455d44f64ac09554f64b57c8ca71c643473da09f9c99d8f1463'
+  metadata.gz: 2bfbc57fee417d64e50330e218c103bde61e7a7d33c71e18bfbc60b021ad02f6976a3ea3d7151db9d7e0f777c0ae5cd38728789a99e5a349d9ad8f215c02c4db
+  data.tar.gz: f1effc752165f25c7d605d605f942f3f6f27e16f1587da22805d3d8e3e8bb9c60a6e9fc5445cfefc67419ae2d217d1bd52ffc198debb1ff2fe868245ff9978fb

data/.github/workflows/ruby.yml

@@ -21,6 +21,7 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
       - name: Install libsqlite3
         run: |
           sudo apt update -y && \

data/.yardopts

@@ -1 +1 @@
---markup markdown --title 'ronin-vulns Documentation' --protected
+--markup markdown --title 'Ronin::Vulns Documentation' --protected

data/README.md

@@ -2,6 +2,7 @@
 
 [![CI](https://github.com/ronin-rb/ronin-vulns/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-vulns/actions/workflows/ruby.yml)
 [![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-vulns.svg)](https://codeclimate.com/github/ronin-rb/ronin-vulns)
+[![Gem Version](https://badge.fury.io/rb/ronin-vulns.svg)](https://badge.fury.io/rb/ronin-vulns)
 
 * [Website](https://ronin-rb.dev/)
 * [Source](https://github.com/ronin-rb/ronin-vulns)
@@ -15,7 +16,7 @@
 
 ronin-vulns is a Ruby library for blind vulnerability testing. It currently
 supports testing for Local File Inclusion (LFI), Remote File Inclusion (RFI),
-SQL injection (SQLi), reflective Cross Site Scripting (XSS), and Server Side
+SQL injection (SQLi), reflective Cross Site Scripting (XSS), Server Side
 Template Injection (SSTI), and Open Redirects.
 
 ronin-vulns is part of the [ronin-rb] project, a [Ruby] toolkit for security

data/gemspec.yml

@@ -16,10 +16,10 @@ homepage: https://ronin-rb.dev/
 has_yard: true
 
 metadata:
-  documentation_uri: https://rubydoc.info/gems/ronin-vulns
+  documentation_uri: https://ronin-rb.dev/docs/ronin-vulns
   source_code_uri:   https://github.com/ronin-rb/ronin-vulns
   bug_tracker_uri:   https://github.com/ronin-rb/ronin-vulns/issues
-  changelog_uri:     https://github.com/ronin-rb/ronin-vulns/blob/master/ChangeLog.md
+  changelog_uri:     https://github.com/ronin-rb/ronin-vulns/blob/main/ChangeLog.md
   rubygems_mfa_required: 'true'
 
 required_ruby_version: ">= 3.0.0"
@@ -34,8 +34,8 @@ generated_files:
   - man/ronin-vulns-scan.1
 
 dependencies:
-  ronin-support: ~> 1.0.0.beta1
-  ronin-core: ~> 0.1.0.beta1
+  ronin-support: ~> 1.0
+  ronin-core: ~> 0.1
 
 development_dependencies:
   bundler: ~> 2.0

data/lib/ronin/vulns/cli/command.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/cli/commands/lfi.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -110,7 +110,7 @@ module Ronin
           end
 
           #
-          # Scans a URL for LFI vulnerabiltiies.
+          # Scans a URL for LFI vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -126,7 +126,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for LFI vulnerabiltiies.
+          # Tests a URL for LFI vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/commands/open_redirect.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -83,7 +83,7 @@ module Ronin
           end
 
           #
-          # Scans a URL for Open Redirect vulnerabiltiies.
+          # Scans a URL for Open Redirect vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -100,7 +100,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for Open Redirect vulnerabiltiies.
+          # Tests a URL for Open Redirect vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/commands/reflected_xss.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -63,7 +63,7 @@ module Ronin
           man_page 'ronin-vulns-reflected-xss.1'
 
           #
-          # Scans a URL for Reflected XSS vulnerabiltiies.
+          # Scans a URL for Reflected XSS vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -80,7 +80,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for Reflected XSS vulnerabiltiies.
+          # Tests a URL for Reflected XSS vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/commands/rfi.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -52,7 +52,7 @@ module Ronin
         #         --filter-bypass              Optional filter-bypass strategy to use
         #     -S asp|asp.net|coldfusion|jsp|php|perl,
         #         --script-lang                Explicitly specify the scripting language to test for
-        #     -T, --test-script-url URL        Use an altnerative test script URL
+        #     -T, --test-script-url URL        Use an alternative test script URL
         #     -h, --help                       Print help information
         #
         # ## Arguments
@@ -91,7 +91,7 @@ module Ronin
                                      type:  String,
                                      usage: 'URL'
                                    },
-                                   desc: 'Use an altnerative test script URL'
+                                   desc: 'Use an alternative test script URL'
 
           description 'Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities'
 
@@ -121,7 +121,7 @@ module Ronin
           end
 
           #
-          # Scans a URL for RFI vulnerabiltiies.
+          # Scans a URL for RFI vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -137,7 +137,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for RFI vulnerabiltiies.
+          # Tests a URL for RFI vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/commands/scan.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -54,7 +54,7 @@ module Ronin
         #                                      Optional filter-bypass strategy to use
         #         --rfi-script-lang asp|asp.net|coldfusion|jsp|php|perl
         #                                      Explicitly specify the scripting language to test for
-        #         --rfi-test-script-url URL    Use an altnerative test script URL
+        #         --rfi-test-script-url URL    Use an alternative test script URL
         #         --sqli-escape-quote          Escapes quotation marks
         #         --sqli-escape-parens         Escapes parenthesis
         #         --sqli-terminate             Terminates the SQL expression with a --
@@ -118,7 +118,7 @@ module Ronin
                                          type:  String,
                                          usage: 'URL'
                                        },
-                                       desc: 'Use an altnerative test script URL'
+                                       desc: 'Use an alternative test script URL'
 
           option :sqli_escape_quote, desc: 'Escapes quotation marks'
 
@@ -271,7 +271,7 @@ module Ronin
           end
 
           #
-          # Scans a URL for all web vulnerabiltiies.
+          # Scans a URL for all web vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -292,7 +292,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for any web vulnerabiltiies.
+          # Tests a URL for any web vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/commands/sqli.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -98,7 +98,7 @@ module Ronin
           end
 
           #
-          # Scans a URL for SQLi vulnerabiltiies.
+          # Scans a URL for SQLi vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -114,7 +114,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for SQLi vulnerabiltiies.
+          # Tests a URL for SQLi vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/commands/ssti.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -91,7 +91,7 @@ module Ronin
           end
 
           #
-          # Scans a URL for SSTI vulnerabiltiies.
+          # Scans a URL for SSTI vulnerabilities.
           #
           # @param [String] url
           #   The URL to scan.
@@ -107,7 +107,7 @@ module Ronin
           end
 
           #
-          # Tests a URL for SSTI vulnerabiltiies.
+          # Tests a URL for SSTI vulnerabilities.
           #
           # @param [String] url
           #   The URL to test.

data/lib/ronin/vulns/cli/logging.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/cli/web_vuln_command.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -191,7 +191,7 @@ module Ronin
         # @return [Set<String>, nil]
         attr_reader :test_query_params
 
-        # Indiciates whether to test all of the query params of the URL.
+        # Indicates whether to test all of the query params of the URL.
         #
         # @return [Boolean, nil]
         attr_reader :test_all_query_params
@@ -206,7 +206,7 @@ module Ronin
         # @return [Set<String>, nil]
         attr_reader :test_cookie_params
 
-        # Indiciates whether to test all `Cookie` params for the URL.
+        # Indicates whether to test all `Cookie` params for the URL.
         #
         # @return [Boolean, nil]
         attr_reader :test_all_cookie_params
@@ -252,7 +252,7 @@ module Ronin
         end
 
         #
-        # Prcesses a URL.
+        # Processes a URL.
         #
         # @param [String] url
         #   A URL to scan.
@@ -309,7 +309,7 @@ module Ronin
         end
 
         #
-        # Scans a URL for web vulnerabiltiies.
+        # Scans a URL for web vulnerabilities.
         #
         # @param [String] url
         #   The URL to scan.
@@ -327,7 +327,7 @@ module Ronin
         end
 
         #
-        # Tests a URL for web vulnerabiltiies.
+        # Tests a URL for web vulnerabilities.
         #
         # @param [String] url
         #   The URL to test.

data/lib/ronin/vulns/cli.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -18,8 +18,11 @@
 # along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
 #
 
+require 'ronin/vulns/version'
+
 require 'command_kit/commands'
 require 'command_kit/commands/auto_load'
+require 'command_kit/options/version'
 
 module Ronin
   module Vulns
@@ -35,8 +38,10 @@ module Ronin
         dir:       "#{__dir__}/cli/commands",
         namespace: "#{self}::Commands"
       )
+      include CommandKit::Options::Version
 
       command_name 'ronin-vulns'
+      version Ronin::Vulns::VERSION
 
       command_aliases['xss'] = 'reflected-xss'
 

data/lib/ronin/vulns/open_redirect.rb

@@ -69,7 +69,7 @@ module Ronin
       end
 
       #
-      # Tests whther the URL has a vulnerable Open Redirect.
+      # Tests whether the URL has a vulnerable Open Redirect.
       #
       # @return [Boolean]
       #

data/lib/ronin/vulns/rfi.rb

@@ -162,7 +162,7 @@ module Ronin
       # Optionally applies a filter bypass technique to the RFI URL.
       #
       # @param [URI::HTTP, String] url
-      #   The RFI URL to optionall encode before it will be injected into a
+      #   The RFI URL to optionally encode before it will be injected into a
       #   HTTP request.
       #
       # @return [String]

data/lib/ronin/vulns/root.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/sqli/error_pattern.rb

@@ -57,7 +57,7 @@ module Ronin
         end
 
         #
-        # Tests whether the respones body contains a SQL error.
+        # Tests whether the response body contains a SQL error.
         #
         # @param [String] response_body
         #   The HTTP response body.

data/lib/ronin/vulns/sqli.rb

@@ -280,7 +280,7 @@ module Ronin
       #   The HTTP response object to check.
       #
       # @return [Boolean]
-      #   Indicates whether the response was a `500` and if the respones body
+      #   Indicates whether the response was a `500` and if the response body
       #   contained a SQL error message.
       #
       def check_for_sql_errors(response)

data/lib/ronin/vulns/url_scanner.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/version.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -21,6 +21,6 @@
 module Ronin
   module Vulns
     # The ronin-vulns version
-    VERSION = '0.1.0.beta1'
+    VERSION = '0.1.0'
   end
 end

data/man/ronin-vulns-rfi.1

@@ -88,7 +88,7 @@ Explicitly specify the scripting language to test for\.
 .LP
 .TP
 \fB-T\fR, \fB--test-script-url\fR \fIURL\fP
-Use an altnerative test script \fIURL\fP\.
+Use an alternative test script \fIURL\fP\.
 .LP
 .TP
 \fB-h\fR, \fB--help\fR

data/man/ronin-vulns-rfi.1.md

@@ -66,7 +66,7 @@ option.
   Explicitly specify the scripting language to test for.
 
 `-T`, `--test-script-url` *URL*
-  Use an altnerative test script *URL*.
+  Use an alternative test script *URL*.
 
 `-h`, `--help`
   Print help information.

data/man/ronin-vulns-scan.1

@@ -99,7 +99,7 @@ Explicitly specify the scripting language to test for\.
 .LP
 .TP
 \fB--rfi-test-script-url\fR \fIURL\fP
-Use an altnerative test script URL\.
+Use an alternative test script URL\.
 .LP
 .TP
 \fB--sqli-escape-quote\fR

data/man/ronin-vulns-scan.1.md

@@ -74,7 +74,7 @@ additional arguments or read from a file using the `--input` option.
   Explicitly specify the scripting language to test for.
 
 `--rfi-test-script-url` *URL*
-  Use an altnerative test script URL.
+  Use an alternative test script URL.
 
 `--sqli-escape-quote`
   Escapes quotation marks.

data/ronin-vulns.gemspec

@@ -25,14 +25,14 @@ Gem::Specification.new do |gem|
   gem.files  = `git ls-files`.split($/)
   gem.files  = glob[gemspec['files']] if gemspec['files']
   gem.files += Array(gemspec['generated_files'])
-  gem.files -= glob[gemspec['test_files'] || '{test,spec}/{**/}*']
+  # exclude test files from the packages gem
+  gem.files -= glob[gemspec['test_files'] || 'spec/{**/}*']
 
   gem.executables = gemspec.fetch('executables') do
     glob['bin/*'].map { |path| File.basename(path) }
   end
 
   gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
-  gem.test_files       = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
   gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
 
   gem.require_paths = Array(gemspec.fetch('require_paths') {

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-vulns
 version: !ruby/object:Gem::Version
-  version: 0.1.0.beta1
+  version: 0.1.0
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-01 00:00:00.000000000 Z
+date: 2023-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ronin-support
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0.beta1
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0.beta1
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: ronin-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.0.beta1
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.0.beta1
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -132,10 +132,10 @@ homepage: https://ronin-rb.dev/
 licenses:
 - LGPL-3.0
 metadata:
-  documentation_uri: https://rubydoc.info/gems/ronin-vulns
+  documentation_uri: https://ronin-rb.dev/docs/ronin-vulns
   source_code_uri: https://github.com/ronin-rb/ronin-vulns
   bug_tracker_uri: https://github.com/ronin-rb/ronin-vulns/issues
-  changelog_uri: https://github.com/ronin-rb/ronin-vulns/blob/master/ChangeLog.md
+  changelog_uri: https://github.com/ronin-rb/ronin-vulns/blob/main/ChangeLog.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []