ronin-vulns 0.1.0.beta1

data/man/ronin-vulns-lfi.1

@@ -0,0 +1,107 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for Local File Inclusion (LFI) vulnerabilities\. The URLs to scan
+can be given as additional arguments or read from a file using the \fB--input\fR
+option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.TP
+\fB-O\fR, \fB--os\fR \fBunix\fR\[or]\fBwindows\fR
+Sets the OS to test for\.
+.LP
+.TP
+\fB-D\fR, \fB--depth\fR \fICOUNT\fP
+Sets the directory depth to escape up\.
+.LP
+.TP
+\fB-B\fR, \fB--filter-bypass\fR \fBnull_byte\fR\[or]\fBdouble_escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
+Sets the filter bypass strategy to use\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-rfi(1) ronin\-vulns\-scan(1)

data/man/ronin-vulns-lfi.1.md

@@ -0,0 +1,80 @@
+# ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns lfi` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for Local File Inclusion (LFI) vulnerabilities. The URLs to scan
+can be given as additional arguments or read from a file using the `--input`
+option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`-O`, `--os` `unix`|`windows`
+  Sets the OS to test for.
+
+`-D`, `--depth` *COUNT*
+  Sets the directory depth to escape up.
+
+`-B`, `--filter-bypass` `null_byte`\|`double_escape`\|`base64`\|`rot13`\|`zlib`
+  Sets the filter bypass strategy to use.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-rfi(1) ronin-vulns-scan(1)

data/man/ronin-vulns-open-redirect.1

@@ -0,0 +1,98 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns open-redirect\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for Open Redirect vulnerabilities\. The URLs to scan can be given
+as additional arguments or read from a file using the \fB--input\fR option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.TP
+\fB-T\fR, \fB--test-url\fR \fIURL\fP
+Optional test \fIURL\fP to try to redirect to\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-scan(1)

data/man/ronin-vulns-open-redirect.1.md

@@ -0,0 +1,73 @@
+# ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns open-redirect` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for Open Redirect vulnerabilities. The URLs to scan can be given
+as additional arguments or read from a file using the `--input` option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`-T`, `--test-url` *URL*
+  Optional test *URL* to try to redirect to.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-scan(1)

data/man/ronin-vulns-reflected-xss.1

@@ -0,0 +1,95 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns reflected-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for reflected Cross Site Scripting (XSS) vulnerabilities\. The URLs
+to scan can be given as additional arguments or read from a file using the
+\fB--input\fR option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-scan(1)

data/man/ronin-vulns-reflected-xss.1.md

@@ -0,0 +1,71 @@
+# ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns reflected-xss` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for reflected Cross Site Scripting (XSS) vulnerabilities. The URLs
+to scan can be given as additional arguments or read from a file using the
+`--input` option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-scan(1)

data/man/ronin-vulns-rfi.1

@@ -0,0 +1,107 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities\. The URLs to scan
+can be given as additional arguments or read from a file using the \fB--input\fR
+option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.TP
+\fB-B\fR, \fB--filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
+Optional filter\-bypass strategy to use\.
+.LP
+.HP
+\fB-S\fR, \fB--script-lang\fR \fBasp\|\fRasp\.net\fB\|\fRcoldfusion\fB\|\fRjsp\fB\|\fRphp\fB\|\fRperl\`
+Explicitly specify the scripting language to test for\.
+.LP
+.TP
+\fB-T\fR, \fB--test-script-url\fR \fIURL\fP
+Use an altnerative test script \fIURL\fP\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-scan(1)

data/man/ronin-vulns-rfi.1.md

@@ -0,0 +1,80 @@
+# ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns rfi` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities. The URLs to scan
+can be given as additional arguments or read from a file using the `--input`
+option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`-B`, `--filter-bypass` `double-encode`\|`suffix-escape`\|`null-byte`
+  Optional filter-bypass strategy to use.
+
+`-S`, `--script-lang` `asp\|`asp.net`\|`coldfusion`\|`jsp`\|`php`\|`perl`
+  Explicitly specify the scripting language to test for.
+
+`-T`, `--test-script-url` *URL*
+  Use an altnerative test script *URL*.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-scan(1)