ronin-vulns 0.1.0.beta1 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -0
- data/.yardopts +1 -1
- data/ChangeLog.md +6 -1
- data/Gemfile +2 -2
- data/README.md +3 -2
- data/gemspec.yml +4 -4
- data/lib/ronin/vulns/cli/command.rb +1 -1
- data/lib/ronin/vulns/cli/commands/lfi.rb +3 -3
- data/lib/ronin/vulns/cli/commands/open_redirect.rb +3 -3
- data/lib/ronin/vulns/cli/commands/reflected_xss.rb +3 -3
- data/lib/ronin/vulns/cli/commands/rfi.rb +5 -5
- data/lib/ronin/vulns/cli/commands/scan.rb +5 -5
- data/lib/ronin/vulns/cli/commands/sqli.rb +3 -3
- data/lib/ronin/vulns/cli/commands/ssti.rb +3 -3
- data/lib/ronin/vulns/cli/logging.rb +1 -1
- data/lib/ronin/vulns/cli/web_vuln_command.rb +8 -8
- data/lib/ronin/vulns/cli.rb +6 -1
- data/lib/ronin/vulns/lfi/test_file.rb +1 -1
- data/lib/ronin/vulns/lfi.rb +1 -1
- data/lib/ronin/vulns/open_redirect.rb +2 -2
- data/lib/ronin/vulns/reflected_xss/context.rb +1 -1
- data/lib/ronin/vulns/reflected_xss/test_string.rb +1 -1
- data/lib/ronin/vulns/reflected_xss.rb +1 -1
- data/lib/ronin/vulns/rfi.rb +2 -2
- data/lib/ronin/vulns/root.rb +1 -1
- data/lib/ronin/vulns/sqli/error_pattern.rb +2 -2
- data/lib/ronin/vulns/sqli.rb +2 -2
- data/lib/ronin/vulns/ssti/test_expression.rb +1 -1
- data/lib/ronin/vulns/ssti.rb +1 -1
- data/lib/ronin/vulns/url_scanner.rb +1 -1
- data/lib/ronin/vulns/version.rb +2 -2
- data/lib/ronin/vulns/vuln.rb +1 -1
- data/lib/ronin/vulns/web_vuln/http_request.rb +1 -1
- data/lib/ronin/vulns/web_vuln.rb +1 -1
- data/man/ronin-vulns-rfi.1 +1 -1
- data/man/ronin-vulns-rfi.1.md +1 -1
- data/man/ronin-vulns-scan.1 +1 -1
- data/man/ronin-vulns-scan.1.md +1 -1
- data/ronin-vulns.gemspec +2 -2
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4b883fd15ba88606984046997827e571053dc77cc7309cb228746435706789fe
|
4
|
+
data.tar.gz: 1090624e7a3dbb9d1b212052a1f300f454620cdb5508f4605e3124b8432698b1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ba3fecaec4b2dcba4043c8cd95d67b0443011c04f0f83296d86f2cbef4b364d30359093ebee289076a1cbf8e55b77e3a03ca9bcd8b6aea6a972390571ff14910
|
7
|
+
data.tar.gz: ffb84a729dbab47c6df0bde5f4a7df8f9c0e345de58bb9ddc36d6c6420c87b77f615b0b1d1d7caa5f8edfc456bcca909b3dbf28d32dab2ddde83bd3ec066adec
|
data/.github/workflows/ruby.yml
CHANGED
data/.yardopts
CHANGED
@@ -1 +1 @@
|
|
1
|
-
--markup markdown --title '
|
1
|
+
--markup markdown --title 'Ronin::Vulns Documentation' --protected
|
data/ChangeLog.md
CHANGED
data/Gemfile
CHANGED
@@ -29,6 +29,6 @@ group :development do
|
|
29
29
|
gem 'yard-spellcheck', require: false
|
30
30
|
|
31
31
|
gem 'dead_end', require: false
|
32
|
-
gem 'sord', require: false
|
33
|
-
gem 'stackprof', require: false
|
32
|
+
gem 'sord', require: false, platform: :mri
|
33
|
+
gem 'stackprof', require: false, platform: :mri
|
34
34
|
end
|
data/README.md
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
[![CI](https://github.com/ronin-rb/ronin-vulns/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-vulns/actions/workflows/ruby.yml)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-vulns.svg)](https://codeclimate.com/github/ronin-rb/ronin-vulns)
|
5
|
+
[![Gem Version](https://badge.fury.io/rb/ronin-vulns.svg)](https://badge.fury.io/rb/ronin-vulns)
|
5
6
|
|
6
7
|
* [Website](https://ronin-rb.dev/)
|
7
8
|
* [Source](https://github.com/ronin-rb/ronin-vulns)
|
@@ -15,7 +16,7 @@
|
|
15
16
|
|
16
17
|
ronin-vulns is a Ruby library for blind vulnerability testing. It currently
|
17
18
|
supports testing for Local File Inclusion (LFI), Remote File Inclusion (RFI),
|
18
|
-
SQL injection (SQLi), reflective Cross Site Scripting (XSS),
|
19
|
+
SQL injection (SQLi), reflective Cross Site Scripting (XSS), Server Side
|
19
20
|
Template Injection (SSTI), and Open Redirects.
|
20
21
|
|
21
22
|
ronin-vulns is part of the [ronin-rb] project, a [Ruby] toolkit for security
|
@@ -306,7 +307,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
|
|
306
307
|
|
307
308
|
## License
|
308
309
|
|
309
|
-
Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
310
|
+
Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
310
311
|
|
311
312
|
ronin-vulns is free software: you can redistribute it and/or modify
|
312
313
|
it under the terms of the GNU Lesser General Public License as published
|
data/gemspec.yml
CHANGED
@@ -16,10 +16,10 @@ homepage: https://ronin-rb.dev/
|
|
16
16
|
has_yard: true
|
17
17
|
|
18
18
|
metadata:
|
19
|
-
documentation_uri: https://
|
19
|
+
documentation_uri: https://ronin-rb.dev/docs/ronin-vulns
|
20
20
|
source_code_uri: https://github.com/ronin-rb/ronin-vulns
|
21
21
|
bug_tracker_uri: https://github.com/ronin-rb/ronin-vulns/issues
|
22
|
-
changelog_uri: https://github.com/ronin-rb/ronin-vulns/blob/
|
22
|
+
changelog_uri: https://github.com/ronin-rb/ronin-vulns/blob/main/ChangeLog.md
|
23
23
|
rubygems_mfa_required: 'true'
|
24
24
|
|
25
25
|
required_ruby_version: ">= 3.0.0"
|
@@ -34,8 +34,8 @@ generated_files:
|
|
34
34
|
- man/ronin-vulns-scan.1
|
35
35
|
|
36
36
|
dependencies:
|
37
|
-
ronin-support: ~> 1.0
|
38
|
-
ronin-core: ~> 0.1
|
37
|
+
ronin-support: ~> 1.0
|
38
|
+
ronin-core: ~> 0.1
|
39
39
|
|
40
40
|
development_dependencies:
|
41
41
|
bundler: ~> 2.0
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -110,7 +110,7 @@ module Ronin
|
|
110
110
|
end
|
111
111
|
|
112
112
|
#
|
113
|
-
# Scans a URL for LFI
|
113
|
+
# Scans a URL for LFI vulnerabilities.
|
114
114
|
#
|
115
115
|
# @param [String] url
|
116
116
|
# The URL to scan.
|
@@ -126,7 +126,7 @@ module Ronin
|
|
126
126
|
end
|
127
127
|
|
128
128
|
#
|
129
|
-
# Tests a URL for LFI
|
129
|
+
# Tests a URL for LFI vulnerabilities.
|
130
130
|
#
|
131
131
|
# @param [String] url
|
132
132
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -83,7 +83,7 @@ module Ronin
|
|
83
83
|
end
|
84
84
|
|
85
85
|
#
|
86
|
-
# Scans a URL for Open Redirect
|
86
|
+
# Scans a URL for Open Redirect vulnerabilities.
|
87
87
|
#
|
88
88
|
# @param [String] url
|
89
89
|
# The URL to scan.
|
@@ -100,7 +100,7 @@ module Ronin
|
|
100
100
|
end
|
101
101
|
|
102
102
|
#
|
103
|
-
# Tests a URL for Open Redirect
|
103
|
+
# Tests a URL for Open Redirect vulnerabilities.
|
104
104
|
#
|
105
105
|
# @param [String] url
|
106
106
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -63,7 +63,7 @@ module Ronin
|
|
63
63
|
man_page 'ronin-vulns-reflected-xss.1'
|
64
64
|
|
65
65
|
#
|
66
|
-
# Scans a URL for Reflected XSS
|
66
|
+
# Scans a URL for Reflected XSS vulnerabilities.
|
67
67
|
#
|
68
68
|
# @param [String] url
|
69
69
|
# The URL to scan.
|
@@ -80,7 +80,7 @@ module Ronin
|
|
80
80
|
end
|
81
81
|
|
82
82
|
#
|
83
|
-
# Tests a URL for Reflected XSS
|
83
|
+
# Tests a URL for Reflected XSS vulnerabilities.
|
84
84
|
#
|
85
85
|
# @param [String] url
|
86
86
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -52,7 +52,7 @@ module Ronin
|
|
52
52
|
# --filter-bypass Optional filter-bypass strategy to use
|
53
53
|
# -S asp|asp.net|coldfusion|jsp|php|perl,
|
54
54
|
# --script-lang Explicitly specify the scripting language to test for
|
55
|
-
# -T, --test-script-url URL Use an
|
55
|
+
# -T, --test-script-url URL Use an alternative test script URL
|
56
56
|
# -h, --help Print help information
|
57
57
|
#
|
58
58
|
# ## Arguments
|
@@ -91,7 +91,7 @@ module Ronin
|
|
91
91
|
type: String,
|
92
92
|
usage: 'URL'
|
93
93
|
},
|
94
|
-
desc: 'Use an
|
94
|
+
desc: 'Use an alternative test script URL'
|
95
95
|
|
96
96
|
description 'Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities'
|
97
97
|
|
@@ -121,7 +121,7 @@ module Ronin
|
|
121
121
|
end
|
122
122
|
|
123
123
|
#
|
124
|
-
# Scans a URL for RFI
|
124
|
+
# Scans a URL for RFI vulnerabilities.
|
125
125
|
#
|
126
126
|
# @param [String] url
|
127
127
|
# The URL to scan.
|
@@ -137,7 +137,7 @@ module Ronin
|
|
137
137
|
end
|
138
138
|
|
139
139
|
#
|
140
|
-
# Tests a URL for RFI
|
140
|
+
# Tests a URL for RFI vulnerabilities.
|
141
141
|
#
|
142
142
|
# @param [String] url
|
143
143
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -54,7 +54,7 @@ module Ronin
|
|
54
54
|
# Optional filter-bypass strategy to use
|
55
55
|
# --rfi-script-lang asp|asp.net|coldfusion|jsp|php|perl
|
56
56
|
# Explicitly specify the scripting language to test for
|
57
|
-
# --rfi-test-script-url URL Use an
|
57
|
+
# --rfi-test-script-url URL Use an alternative test script URL
|
58
58
|
# --sqli-escape-quote Escapes quotation marks
|
59
59
|
# --sqli-escape-parens Escapes parenthesis
|
60
60
|
# --sqli-terminate Terminates the SQL expression with a --
|
@@ -118,7 +118,7 @@ module Ronin
|
|
118
118
|
type: String,
|
119
119
|
usage: 'URL'
|
120
120
|
},
|
121
|
-
desc: 'Use an
|
121
|
+
desc: 'Use an alternative test script URL'
|
122
122
|
|
123
123
|
option :sqli_escape_quote, desc: 'Escapes quotation marks'
|
124
124
|
|
@@ -271,7 +271,7 @@ module Ronin
|
|
271
271
|
end
|
272
272
|
|
273
273
|
#
|
274
|
-
# Scans a URL for all web
|
274
|
+
# Scans a URL for all web vulnerabilities.
|
275
275
|
#
|
276
276
|
# @param [String] url
|
277
277
|
# The URL to scan.
|
@@ -292,7 +292,7 @@ module Ronin
|
|
292
292
|
end
|
293
293
|
|
294
294
|
#
|
295
|
-
# Tests a URL for any web
|
295
|
+
# Tests a URL for any web vulnerabilities.
|
296
296
|
#
|
297
297
|
# @param [String] url
|
298
298
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -98,7 +98,7 @@ module Ronin
|
|
98
98
|
end
|
99
99
|
|
100
100
|
#
|
101
|
-
# Scans a URL for SQLi
|
101
|
+
# Scans a URL for SQLi vulnerabilities.
|
102
102
|
#
|
103
103
|
# @param [String] url
|
104
104
|
# The URL to scan.
|
@@ -114,7 +114,7 @@ module Ronin
|
|
114
114
|
end
|
115
115
|
|
116
116
|
#
|
117
|
-
# Tests a URL for SQLi
|
117
|
+
# Tests a URL for SQLi vulnerabilities.
|
118
118
|
#
|
119
119
|
# @param [String] url
|
120
120
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -91,7 +91,7 @@ module Ronin
|
|
91
91
|
end
|
92
92
|
|
93
93
|
#
|
94
|
-
# Scans a URL for SSTI
|
94
|
+
# Scans a URL for SSTI vulnerabilities.
|
95
95
|
#
|
96
96
|
# @param [String] url
|
97
97
|
# The URL to scan.
|
@@ -107,7 +107,7 @@ module Ronin
|
|
107
107
|
end
|
108
108
|
|
109
109
|
#
|
110
|
-
# Tests a URL for SSTI
|
110
|
+
# Tests a URL for SSTI vulnerabilities.
|
111
111
|
#
|
112
112
|
# @param [String] url
|
113
113
|
# The URL to test.
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -191,7 +191,7 @@ module Ronin
|
|
191
191
|
# @return [Set<String>, nil]
|
192
192
|
attr_reader :test_query_params
|
193
193
|
|
194
|
-
#
|
194
|
+
# Indicates whether to test all of the query params of the URL.
|
195
195
|
#
|
196
196
|
# @return [Boolean, nil]
|
197
197
|
attr_reader :test_all_query_params
|
@@ -206,7 +206,7 @@ module Ronin
|
|
206
206
|
# @return [Set<String>, nil]
|
207
207
|
attr_reader :test_cookie_params
|
208
208
|
|
209
|
-
#
|
209
|
+
# Indicates whether to test all `Cookie` params for the URL.
|
210
210
|
#
|
211
211
|
# @return [Boolean, nil]
|
212
212
|
attr_reader :test_all_cookie_params
|
@@ -252,7 +252,7 @@ module Ronin
|
|
252
252
|
end
|
253
253
|
|
254
254
|
#
|
255
|
-
#
|
255
|
+
# Processes a URL.
|
256
256
|
#
|
257
257
|
# @param [String] url
|
258
258
|
# A URL to scan.
|
@@ -260,11 +260,11 @@ module Ronin
|
|
260
260
|
def process_url(url)
|
261
261
|
if @scan_mode == :first
|
262
262
|
if (first_vuln = test_url(url))
|
263
|
-
|
263
|
+
log_vuln(first_vuln)
|
264
264
|
end
|
265
265
|
else
|
266
266
|
scan_url(url) do |vuln|
|
267
|
-
|
267
|
+
log_vuln(vuln)
|
268
268
|
end
|
269
269
|
end
|
270
270
|
end
|
@@ -309,7 +309,7 @@ module Ronin
|
|
309
309
|
end
|
310
310
|
|
311
311
|
#
|
312
|
-
# Scans a URL for web
|
312
|
+
# Scans a URL for web vulnerabilities.
|
313
313
|
#
|
314
314
|
# @param [String] url
|
315
315
|
# The URL to scan.
|
@@ -327,7 +327,7 @@ module Ronin
|
|
327
327
|
end
|
328
328
|
|
329
329
|
#
|
330
|
-
# Tests a URL for web
|
330
|
+
# Tests a URL for web vulnerabilities.
|
331
331
|
#
|
332
332
|
# @param [String] url
|
333
333
|
# The URL to test.
|
data/lib/ronin/vulns/cli.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -18,8 +18,11 @@
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
19
19
|
#
|
20
20
|
|
21
|
+
require 'ronin/vulns/version'
|
22
|
+
|
21
23
|
require 'command_kit/commands'
|
22
24
|
require 'command_kit/commands/auto_load'
|
25
|
+
require 'command_kit/options/version'
|
23
26
|
|
24
27
|
module Ronin
|
25
28
|
module Vulns
|
@@ -35,8 +38,10 @@ module Ronin
|
|
35
38
|
dir: "#{__dir__}/cli/commands",
|
36
39
|
namespace: "#{self}::Commands"
|
37
40
|
)
|
41
|
+
include CommandKit::Options::Version
|
38
42
|
|
39
43
|
command_name 'ronin-vulns'
|
44
|
+
version Ronin::Vulns::VERSION
|
40
45
|
|
41
46
|
command_aliases['xss'] = 'reflected-xss'
|
42
47
|
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library to blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
data/lib/ronin/vulns/lfi.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -69,7 +69,7 @@ module Ronin
|
|
69
69
|
end
|
70
70
|
|
71
71
|
#
|
72
|
-
# Tests
|
72
|
+
# Tests whether the URL has a vulnerable Open Redirect.
|
73
73
|
#
|
74
74
|
# @return [Boolean]
|
75
75
|
#
|
@@ -3,7 +3,7 @@
|
|
3
3
|
#
|
4
4
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -3,7 +3,7 @@
|
|
3
3
|
#
|
4
4
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -3,7 +3,7 @@
|
|
3
3
|
#
|
4
4
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Lesser General Public License as published
|
data/lib/ronin/vulns/rfi.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -162,7 +162,7 @@ module Ronin
|
|
162
162
|
# Optionally applies a filter bypass technique to the RFI URL.
|
163
163
|
#
|
164
164
|
# @param [URI::HTTP, String] url
|
165
|
-
# The RFI URL to
|
165
|
+
# The RFI URL to optionally encode before it will be injected into a
|
166
166
|
# HTTP request.
|
167
167
|
#
|
168
168
|
# @return [String]
|
data/lib/ronin/vulns/root.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -57,7 +57,7 @@ module Ronin
|
|
57
57
|
end
|
58
58
|
|
59
59
|
#
|
60
|
-
# Tests whether the
|
60
|
+
# Tests whether the response body contains a SQL error.
|
61
61
|
#
|
62
62
|
# @param [String] response_body
|
63
63
|
# The HTTP response body.
|
data/lib/ronin/vulns/sqli.rb
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
#
|
4
4
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -280,7 +280,7 @@ module Ronin
|
|
280
280
|
# The HTTP response object to check.
|
281
281
|
#
|
282
282
|
# @return [Boolean]
|
283
|
-
# Indicates whether the response was a `500` and if the
|
283
|
+
# Indicates whether the response was a `500` and if the response body
|
284
284
|
# contained a SQL error message.
|
285
285
|
#
|
286
286
|
def check_for_sql_errors(response)
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
data/lib/ronin/vulns/ssti.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
data/lib/ronin/vulns/version.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -21,6 +21,6 @@
|
|
21
21
|
module Ronin
|
22
22
|
module Vulns
|
23
23
|
# The ronin-vulns version
|
24
|
-
VERSION = '0.1.
|
24
|
+
VERSION = '0.1.1'
|
25
25
|
end
|
26
26
|
end
|
data/lib/ronin/vulns/vuln.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
@@ -3,7 +3,7 @@
|
|
3
3
|
#
|
4
4
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
5
5
|
#
|
6
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
7
|
#
|
8
8
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
9
9
|
# it under the terms of the GNU Lesser General Public License as published
|
data/lib/ronin/vulns/web_vuln.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
#
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
4
4
|
#
|
5
|
-
# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
5
|
+
# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
6
|
#
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
data/man/ronin-vulns-rfi.1
CHANGED
data/man/ronin-vulns-rfi.1.md
CHANGED
data/man/ronin-vulns-scan.1
CHANGED
data/man/ronin-vulns-scan.1.md
CHANGED
@@ -74,7 +74,7 @@ additional arguments or read from a file using the `--input` option.
|
|
74
74
|
Explicitly specify the scripting language to test for.
|
75
75
|
|
76
76
|
`--rfi-test-script-url` *URL*
|
77
|
-
Use an
|
77
|
+
Use an alternative test script URL.
|
78
78
|
|
79
79
|
`--sqli-escape-quote`
|
80
80
|
Escapes quotation marks.
|
data/ronin-vulns.gemspec
CHANGED
@@ -25,14 +25,14 @@ Gem::Specification.new do |gem|
|
|
25
25
|
gem.files = `git ls-files`.split($/)
|
26
26
|
gem.files = glob[gemspec['files']] if gemspec['files']
|
27
27
|
gem.files += Array(gemspec['generated_files'])
|
28
|
-
|
28
|
+
# exclude test files from the packages gem
|
29
|
+
gem.files -= glob[gemspec['test_files'] || 'spec/{**/}*']
|
29
30
|
|
30
31
|
gem.executables = gemspec.fetch('executables') do
|
31
32
|
glob['bin/*'].map { |path| File.basename(path) }
|
32
33
|
end
|
33
34
|
|
34
35
|
gem.extensions = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
|
35
|
-
gem.test_files = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
|
36
36
|
gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
|
37
37
|
|
38
38
|
gem.require_paths = Array(gemspec.fetch('require_paths') {
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ronin-vulns
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-02-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ronin-support
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.0
|
19
|
+
version: '1.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.0
|
26
|
+
version: '1.0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: ronin-core
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.1
|
33
|
+
version: '0.1'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.1
|
40
|
+
version: '0.1'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -132,10 +132,10 @@ homepage: https://ronin-rb.dev/
|
|
132
132
|
licenses:
|
133
133
|
- LGPL-3.0
|
134
134
|
metadata:
|
135
|
-
documentation_uri: https://
|
135
|
+
documentation_uri: https://ronin-rb.dev/docs/ronin-vulns
|
136
136
|
source_code_uri: https://github.com/ronin-rb/ronin-vulns
|
137
137
|
bug_tracker_uri: https://github.com/ronin-rb/ronin-vulns/issues
|
138
|
-
changelog_uri: https://github.com/ronin-rb/ronin-vulns/blob/
|
138
|
+
changelog_uri: https://github.com/ronin-rb/ronin-vulns/blob/main/ChangeLog.md
|
139
139
|
rubygems_mfa_required: 'true'
|
140
140
|
post_install_message:
|
141
141
|
rdoc_options: []
|