ronin-vulns 0.1.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.github/workflows/ruby.yml +31 -0
- data/.gitignore +13 -0
- data/.rspec +1 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +22 -0
- data/Gemfile +34 -0
- data/README.md +328 -0
- data/Rakefile +34 -0
- data/bin/ronin-vulns +19 -0
- data/data/rfi_test.asp +21 -0
- data/data/rfi_test.aspx +25 -0
- data/data/rfi_test.cfm +27 -0
- data/data/rfi_test.jsp +19 -0
- data/data/rfi_test.php +24 -0
- data/data/rfi_test.pl +25 -0
- data/gemspec.yml +41 -0
- data/lib/ronin/vulns/cli/command.rb +39 -0
- data/lib/ronin/vulns/cli/commands/lfi.rb +145 -0
- data/lib/ronin/vulns/cli/commands/open_redirect.rb +119 -0
- data/lib/ronin/vulns/cli/commands/reflected_xss.rb +99 -0
- data/lib/ronin/vulns/cli/commands/rfi.rb +156 -0
- data/lib/ronin/vulns/cli/commands/scan.rb +316 -0
- data/lib/ronin/vulns/cli/commands/sqli.rb +133 -0
- data/lib/ronin/vulns/cli/commands/ssti.rb +126 -0
- data/lib/ronin/vulns/cli/logging.rb +78 -0
- data/lib/ronin/vulns/cli/web_vuln_command.rb +347 -0
- data/lib/ronin/vulns/cli.rb +45 -0
- data/lib/ronin/vulns/lfi/test_file.rb +91 -0
- data/lib/ronin/vulns/lfi.rb +266 -0
- data/lib/ronin/vulns/open_redirect.rb +118 -0
- data/lib/ronin/vulns/reflected_xss/context.rb +224 -0
- data/lib/ronin/vulns/reflected_xss/test_string.rb +149 -0
- data/lib/ronin/vulns/reflected_xss.rb +184 -0
- data/lib/ronin/vulns/rfi.rb +224 -0
- data/lib/ronin/vulns/root.rb +28 -0
- data/lib/ronin/vulns/sqli/error_pattern.rb +89 -0
- data/lib/ronin/vulns/sqli.rb +397 -0
- data/lib/ronin/vulns/ssti/test_expression.rb +104 -0
- data/lib/ronin/vulns/ssti.rb +203 -0
- data/lib/ronin/vulns/url_scanner.rb +218 -0
- data/lib/ronin/vulns/version.rb +26 -0
- data/lib/ronin/vulns/vuln.rb +49 -0
- data/lib/ronin/vulns/web_vuln/http_request.rb +223 -0
- data/lib/ronin/vulns/web_vuln.rb +774 -0
- data/man/ronin-vulns-lfi.1 +107 -0
- data/man/ronin-vulns-lfi.1.md +80 -0
- data/man/ronin-vulns-open-redirect.1 +98 -0
- data/man/ronin-vulns-open-redirect.1.md +73 -0
- data/man/ronin-vulns-reflected-xss.1 +95 -0
- data/man/ronin-vulns-reflected-xss.1.md +71 -0
- data/man/ronin-vulns-rfi.1 +107 -0
- data/man/ronin-vulns-rfi.1.md +80 -0
- data/man/ronin-vulns-scan.1 +138 -0
- data/man/ronin-vulns-scan.1.md +103 -0
- data/man/ronin-vulns-sqli.1 +107 -0
- data/man/ronin-vulns-sqli.1.md +80 -0
- data/man/ronin-vulns-ssti.1 +99 -0
- data/man/ronin-vulns-ssti.1.md +74 -0
- data/ronin-vulns.gemspec +60 -0
- metadata +161 -0
@@ -0,0 +1,107 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for Local File Inclusion (LFI) vulnerabilities\. The URLs to scan
|
14
|
+
can be given as additional arguments or read from a file using the \fB--input\fR
|
15
|
+
option\.
|
16
|
+
.LP
|
17
|
+
.SH ARGUMENTS
|
18
|
+
.LP
|
19
|
+
.TP
|
20
|
+
\fIURL\fP
|
21
|
+
A URL to scan\.
|
22
|
+
.LP
|
23
|
+
.SH OPTIONS
|
24
|
+
.LP
|
25
|
+
.TP
|
26
|
+
\fB--first\fR
|
27
|
+
Only find the first vulnerability for each URL\.
|
28
|
+
.LP
|
29
|
+
.TP
|
30
|
+
\fB-A\fR, \fB--all\fR
|
31
|
+
Find all vulnerabilities for each URL\.
|
32
|
+
.LP
|
33
|
+
.TP
|
34
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
35
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
36
|
+
.LP
|
37
|
+
.TP
|
38
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
39
|
+
Sets the raw \fBCookie\fR header\.
|
40
|
+
.LP
|
41
|
+
.TP
|
42
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
43
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
44
|
+
.LP
|
45
|
+
.TP
|
46
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
47
|
+
Sets the \fBReferer\fR header\.
|
48
|
+
.LP
|
49
|
+
.TP
|
50
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
51
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
52
|
+
.LP
|
53
|
+
.TP
|
54
|
+
\fB--test-query-param\fR \fINAME\fP
|
55
|
+
Tests the URL query param name\.
|
56
|
+
.LP
|
57
|
+
.TP
|
58
|
+
\fB--test-all-query-params\fR
|
59
|
+
Test all URL query param names\.
|
60
|
+
.LP
|
61
|
+
.TP
|
62
|
+
\fB--test-header-name\fR \fINAME\fP
|
63
|
+
Tests the HTTP Header name\.
|
64
|
+
.LP
|
65
|
+
.TP
|
66
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
67
|
+
Tests the HTTP Cookie name\.
|
68
|
+
.LP
|
69
|
+
.TP
|
70
|
+
\fB--test-all-cookie-params\fR
|
71
|
+
Test all Cookie param names\.
|
72
|
+
.LP
|
73
|
+
.TP
|
74
|
+
\fB--test-form-param\fR \fINAME\fP
|
75
|
+
Tests the form param name\.
|
76
|
+
.LP
|
77
|
+
.TP
|
78
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
79
|
+
Reads URLs from the given \fIFILE\fP\.
|
80
|
+
.LP
|
81
|
+
.TP
|
82
|
+
\fB-O\fR, \fB--os\fR \fBunix\fR\[or]\fBwindows\fR
|
83
|
+
Sets the OS to test for\.
|
84
|
+
.LP
|
85
|
+
.TP
|
86
|
+
\fB-D\fR, \fB--depth\fR \fICOUNT\fP
|
87
|
+
Sets the directory depth to escape up\.
|
88
|
+
.LP
|
89
|
+
.TP
|
90
|
+
\fB-B\fR, \fB--filter-bypass\fR \fBnull_byte\fR\[or]\fBdouble_escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
|
91
|
+
Sets the filter bypass strategy to use\.
|
92
|
+
.LP
|
93
|
+
.TP
|
94
|
+
\fB-h\fR, \fB--help\fR
|
95
|
+
Print help information\.
|
96
|
+
.LP
|
97
|
+
.SH AUTHOR
|
98
|
+
.LP
|
99
|
+
.PP
|
100
|
+
Postmodern
|
101
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
102
|
+
.ME
|
103
|
+
.LP
|
104
|
+
.SH SEE ALSO
|
105
|
+
.LP
|
106
|
+
.PP
|
107
|
+
ronin\-vulns\-rfi(1) ronin\-vulns\-scan(1)
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns lfi` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for Local File Inclusion (LFI) vulnerabilities. The URLs to scan
|
10
|
+
can be given as additional arguments or read from a file using the `--input`
|
11
|
+
option.
|
12
|
+
|
13
|
+
## ARGUMENTS
|
14
|
+
|
15
|
+
*URL*
|
16
|
+
A URL to scan.
|
17
|
+
|
18
|
+
## OPTIONS
|
19
|
+
|
20
|
+
`--first`
|
21
|
+
Only find the first vulnerability for each URL.
|
22
|
+
|
23
|
+
`-A`, `--all`
|
24
|
+
Find all vulnerabilities for each URL.
|
25
|
+
|
26
|
+
`-H`, `--header` "*Name*: *value*"
|
27
|
+
Sets an additional header using the given *Name* and *value*.
|
28
|
+
|
29
|
+
`-C`, `--cookie` *COOKIE*
|
30
|
+
Sets the raw `Cookie` header.
|
31
|
+
|
32
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
33
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
34
|
+
|
35
|
+
`-R`, `--referer` *URL*
|
36
|
+
Sets the `Referer` header.
|
37
|
+
|
38
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
39
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
40
|
+
|
41
|
+
`--test-query-param` *NAME*
|
42
|
+
Tests the URL query param name.
|
43
|
+
|
44
|
+
`--test-all-query-params`
|
45
|
+
Test all URL query param names.
|
46
|
+
|
47
|
+
`--test-header-name` *NAME*
|
48
|
+
Tests the HTTP Header name.
|
49
|
+
|
50
|
+
`--test-cookie-param` *NAME*
|
51
|
+
Tests the HTTP Cookie name.
|
52
|
+
|
53
|
+
`--test-all-cookie-params`
|
54
|
+
Test all Cookie param names.
|
55
|
+
|
56
|
+
`--test-form-param` *NAME*
|
57
|
+
Tests the form param name.
|
58
|
+
|
59
|
+
`-i`, `--input` *FILE*
|
60
|
+
Reads URLs from the given *FILE*.
|
61
|
+
|
62
|
+
`-O`, `--os` `unix`|`windows`
|
63
|
+
Sets the OS to test for.
|
64
|
+
|
65
|
+
`-D`, `--depth` *COUNT*
|
66
|
+
Sets the directory depth to escape up.
|
67
|
+
|
68
|
+
`-B`, `--filter-bypass` `null_byte`\|`double_escape`\|`base64`\|`rot13`\|`zlib`
|
69
|
+
Sets the filter bypass strategy to use.
|
70
|
+
|
71
|
+
`-h`, `--help`
|
72
|
+
Print help information.
|
73
|
+
|
74
|
+
## AUTHOR
|
75
|
+
|
76
|
+
Postmodern <postmodern.mod3@gmail.com>
|
77
|
+
|
78
|
+
## SEE ALSO
|
79
|
+
|
80
|
+
ronin-vulns-rfi(1) ronin-vulns-scan(1)
|
@@ -0,0 +1,98 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns open-redirect\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for Open Redirect vulnerabilities\. The URLs to scan can be given
|
14
|
+
as additional arguments or read from a file using the \fB--input\fR option\.
|
15
|
+
.LP
|
16
|
+
.SH ARGUMENTS
|
17
|
+
.LP
|
18
|
+
.TP
|
19
|
+
\fIURL\fP
|
20
|
+
A URL to scan\.
|
21
|
+
.LP
|
22
|
+
.SH OPTIONS
|
23
|
+
.LP
|
24
|
+
.TP
|
25
|
+
\fB--first\fR
|
26
|
+
Only find the first vulnerability for each URL\.
|
27
|
+
.LP
|
28
|
+
.TP
|
29
|
+
\fB-A\fR, \fB--all\fR
|
30
|
+
Find all vulnerabilities for each URL\.
|
31
|
+
.LP
|
32
|
+
.TP
|
33
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
34
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
35
|
+
.LP
|
36
|
+
.TP
|
37
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
38
|
+
Sets the raw \fBCookie\fR header\.
|
39
|
+
.LP
|
40
|
+
.TP
|
41
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
42
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
43
|
+
.LP
|
44
|
+
.TP
|
45
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
46
|
+
Sets the \fBReferer\fR header\.
|
47
|
+
.LP
|
48
|
+
.TP
|
49
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
50
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
51
|
+
.LP
|
52
|
+
.TP
|
53
|
+
\fB--test-query-param\fR \fINAME\fP
|
54
|
+
Tests the URL query param name\.
|
55
|
+
.LP
|
56
|
+
.TP
|
57
|
+
\fB--test-all-query-params\fR
|
58
|
+
Test all URL query param names\.
|
59
|
+
.LP
|
60
|
+
.TP
|
61
|
+
\fB--test-header-name\fR \fINAME\fP
|
62
|
+
Tests the HTTP Header name\.
|
63
|
+
.LP
|
64
|
+
.TP
|
65
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
66
|
+
Tests the HTTP Cookie name\.
|
67
|
+
.LP
|
68
|
+
.TP
|
69
|
+
\fB--test-all-cookie-params\fR
|
70
|
+
Test all Cookie param names\.
|
71
|
+
.LP
|
72
|
+
.TP
|
73
|
+
\fB--test-form-param\fR \fINAME\fP
|
74
|
+
Tests the form param name\.
|
75
|
+
.LP
|
76
|
+
.TP
|
77
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
78
|
+
Reads URLs from the given \fIFILE\fP\.
|
79
|
+
.LP
|
80
|
+
.TP
|
81
|
+
\fB-T\fR, \fB--test-url\fR \fIURL\fP
|
82
|
+
Optional test \fIURL\fP to try to redirect to\.
|
83
|
+
.LP
|
84
|
+
.TP
|
85
|
+
\fB-h\fR, \fB--help\fR
|
86
|
+
Print help information\.
|
87
|
+
.LP
|
88
|
+
.SH AUTHOR
|
89
|
+
.LP
|
90
|
+
.PP
|
91
|
+
Postmodern
|
92
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
93
|
+
.ME
|
94
|
+
.LP
|
95
|
+
.SH SEE ALSO
|
96
|
+
.LP
|
97
|
+
.PP
|
98
|
+
ronin\-vulns\-scan(1)
|
@@ -0,0 +1,73 @@
|
|
1
|
+
# ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns open-redirect` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for Open Redirect vulnerabilities. The URLs to scan can be given
|
10
|
+
as additional arguments or read from a file using the `--input` option.
|
11
|
+
|
12
|
+
## ARGUMENTS
|
13
|
+
|
14
|
+
*URL*
|
15
|
+
A URL to scan.
|
16
|
+
|
17
|
+
## OPTIONS
|
18
|
+
|
19
|
+
`--first`
|
20
|
+
Only find the first vulnerability for each URL.
|
21
|
+
|
22
|
+
`-A`, `--all`
|
23
|
+
Find all vulnerabilities for each URL.
|
24
|
+
|
25
|
+
`-H`, `--header` "*Name*: *value*"
|
26
|
+
Sets an additional header using the given *Name* and *value*.
|
27
|
+
|
28
|
+
`-C`, `--cookie` *COOKIE*
|
29
|
+
Sets the raw `Cookie` header.
|
30
|
+
|
31
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
32
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
33
|
+
|
34
|
+
`-R`, `--referer` *URL*
|
35
|
+
Sets the `Referer` header.
|
36
|
+
|
37
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
38
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
39
|
+
|
40
|
+
`--test-query-param` *NAME*
|
41
|
+
Tests the URL query param name.
|
42
|
+
|
43
|
+
`--test-all-query-params`
|
44
|
+
Test all URL query param names.
|
45
|
+
|
46
|
+
`--test-header-name` *NAME*
|
47
|
+
Tests the HTTP Header name.
|
48
|
+
|
49
|
+
`--test-cookie-param` *NAME*
|
50
|
+
Tests the HTTP Cookie name.
|
51
|
+
|
52
|
+
`--test-all-cookie-params`
|
53
|
+
Test all Cookie param names.
|
54
|
+
|
55
|
+
`--test-form-param` *NAME*
|
56
|
+
Tests the form param name.
|
57
|
+
|
58
|
+
`-i`, `--input` *FILE*
|
59
|
+
Reads URLs from the given *FILE*.
|
60
|
+
|
61
|
+
`-T`, `--test-url` *URL*
|
62
|
+
Optional test *URL* to try to redirect to.
|
63
|
+
|
64
|
+
`-h`, `--help`
|
65
|
+
Print help information.
|
66
|
+
|
67
|
+
## AUTHOR
|
68
|
+
|
69
|
+
Postmodern <postmodern.mod3@gmail.com>
|
70
|
+
|
71
|
+
## SEE ALSO
|
72
|
+
|
73
|
+
ronin-vulns-scan(1)
|
@@ -0,0 +1,95 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns reflected-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for reflected Cross Site Scripting (XSS) vulnerabilities\. The URLs
|
14
|
+
to scan can be given as additional arguments or read from a file using the
|
15
|
+
\fB--input\fR option\.
|
16
|
+
.LP
|
17
|
+
.SH ARGUMENTS
|
18
|
+
.LP
|
19
|
+
.TP
|
20
|
+
\fIURL\fP
|
21
|
+
A URL to scan\.
|
22
|
+
.LP
|
23
|
+
.SH OPTIONS
|
24
|
+
.LP
|
25
|
+
.TP
|
26
|
+
\fB--first\fR
|
27
|
+
Only find the first vulnerability for each URL\.
|
28
|
+
.LP
|
29
|
+
.TP
|
30
|
+
\fB-A\fR, \fB--all\fR
|
31
|
+
Find all vulnerabilities for each URL\.
|
32
|
+
.LP
|
33
|
+
.TP
|
34
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
35
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
36
|
+
.LP
|
37
|
+
.TP
|
38
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
39
|
+
Sets the raw \fBCookie\fR header\.
|
40
|
+
.LP
|
41
|
+
.TP
|
42
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
43
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
44
|
+
.LP
|
45
|
+
.TP
|
46
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
47
|
+
Sets the \fBReferer\fR header\.
|
48
|
+
.LP
|
49
|
+
.TP
|
50
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
51
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
52
|
+
.LP
|
53
|
+
.TP
|
54
|
+
\fB--test-query-param\fR \fINAME\fP
|
55
|
+
Tests the URL query param name\.
|
56
|
+
.LP
|
57
|
+
.TP
|
58
|
+
\fB--test-all-query-params\fR
|
59
|
+
Test all URL query param names\.
|
60
|
+
.LP
|
61
|
+
.TP
|
62
|
+
\fB--test-header-name\fR \fINAME\fP
|
63
|
+
Tests the HTTP Header name\.
|
64
|
+
.LP
|
65
|
+
.TP
|
66
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
67
|
+
Tests the HTTP Cookie name\.
|
68
|
+
.LP
|
69
|
+
.TP
|
70
|
+
\fB--test-all-cookie-params\fR
|
71
|
+
Test all Cookie param names\.
|
72
|
+
.LP
|
73
|
+
.TP
|
74
|
+
\fB--test-form-param\fR \fINAME\fP
|
75
|
+
Tests the form param name\.
|
76
|
+
.LP
|
77
|
+
.TP
|
78
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
79
|
+
Reads URLs from the given \fIFILE\fP\.
|
80
|
+
.LP
|
81
|
+
.TP
|
82
|
+
\fB-h\fR, \fB--help\fR
|
83
|
+
Print help information\.
|
84
|
+
.LP
|
85
|
+
.SH AUTHOR
|
86
|
+
.LP
|
87
|
+
.PP
|
88
|
+
Postmodern
|
89
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
90
|
+
.ME
|
91
|
+
.LP
|
92
|
+
.SH SEE ALSO
|
93
|
+
.LP
|
94
|
+
.PP
|
95
|
+
ronin\-vulns\-scan(1)
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns reflected-xss` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for reflected Cross Site Scripting (XSS) vulnerabilities. The URLs
|
10
|
+
to scan can be given as additional arguments or read from a file using the
|
11
|
+
`--input` option.
|
12
|
+
|
13
|
+
## ARGUMENTS
|
14
|
+
|
15
|
+
*URL*
|
16
|
+
A URL to scan.
|
17
|
+
|
18
|
+
## OPTIONS
|
19
|
+
|
20
|
+
`--first`
|
21
|
+
Only find the first vulnerability for each URL.
|
22
|
+
|
23
|
+
`-A`, `--all`
|
24
|
+
Find all vulnerabilities for each URL.
|
25
|
+
|
26
|
+
`-H`, `--header` "*Name*: *value*"
|
27
|
+
Sets an additional header using the given *Name* and *value*.
|
28
|
+
|
29
|
+
`-C`, `--cookie` *COOKIE*
|
30
|
+
Sets the raw `Cookie` header.
|
31
|
+
|
32
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
33
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
34
|
+
|
35
|
+
`-R`, `--referer` *URL*
|
36
|
+
Sets the `Referer` header.
|
37
|
+
|
38
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
39
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
40
|
+
|
41
|
+
`--test-query-param` *NAME*
|
42
|
+
Tests the URL query param name.
|
43
|
+
|
44
|
+
`--test-all-query-params`
|
45
|
+
Test all URL query param names.
|
46
|
+
|
47
|
+
`--test-header-name` *NAME*
|
48
|
+
Tests the HTTP Header name.
|
49
|
+
|
50
|
+
`--test-cookie-param` *NAME*
|
51
|
+
Tests the HTTP Cookie name.
|
52
|
+
|
53
|
+
`--test-all-cookie-params`
|
54
|
+
Test all Cookie param names.
|
55
|
+
|
56
|
+
`--test-form-param` *NAME*
|
57
|
+
Tests the form param name.
|
58
|
+
|
59
|
+
`-i`, `--input` *FILE*
|
60
|
+
Reads URLs from the given *FILE*.
|
61
|
+
|
62
|
+
`-h`, `--help`
|
63
|
+
Print help information.
|
64
|
+
|
65
|
+
## AUTHOR
|
66
|
+
|
67
|
+
Postmodern <postmodern.mod3@gmail.com>
|
68
|
+
|
69
|
+
## SEE ALSO
|
70
|
+
|
71
|
+
ronin-vulns-scan(1)
|
@@ -0,0 +1,107 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities\. The URLs to scan
|
14
|
+
can be given as additional arguments or read from a file using the \fB--input\fR
|
15
|
+
option\.
|
16
|
+
.LP
|
17
|
+
.SH ARGUMENTS
|
18
|
+
.LP
|
19
|
+
.TP
|
20
|
+
\fIURL\fP
|
21
|
+
A URL to scan\.
|
22
|
+
.LP
|
23
|
+
.SH OPTIONS
|
24
|
+
.LP
|
25
|
+
.TP
|
26
|
+
\fB--first\fR
|
27
|
+
Only find the first vulnerability for each URL\.
|
28
|
+
.LP
|
29
|
+
.TP
|
30
|
+
\fB-A\fR, \fB--all\fR
|
31
|
+
Find all vulnerabilities for each URL\.
|
32
|
+
.LP
|
33
|
+
.TP
|
34
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
35
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
36
|
+
.LP
|
37
|
+
.TP
|
38
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
39
|
+
Sets the raw \fBCookie\fR header\.
|
40
|
+
.LP
|
41
|
+
.TP
|
42
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
43
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
44
|
+
.LP
|
45
|
+
.TP
|
46
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
47
|
+
Sets the \fBReferer\fR header\.
|
48
|
+
.LP
|
49
|
+
.TP
|
50
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
51
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
52
|
+
.LP
|
53
|
+
.TP
|
54
|
+
\fB--test-query-param\fR \fINAME\fP
|
55
|
+
Tests the URL query param name\.
|
56
|
+
.LP
|
57
|
+
.TP
|
58
|
+
\fB--test-all-query-params\fR
|
59
|
+
Test all URL query param names\.
|
60
|
+
.LP
|
61
|
+
.TP
|
62
|
+
\fB--test-header-name\fR \fINAME\fP
|
63
|
+
Tests the HTTP Header name\.
|
64
|
+
.LP
|
65
|
+
.TP
|
66
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
67
|
+
Tests the HTTP Cookie name\.
|
68
|
+
.LP
|
69
|
+
.TP
|
70
|
+
\fB--test-all-cookie-params\fR
|
71
|
+
Test all Cookie param names\.
|
72
|
+
.LP
|
73
|
+
.TP
|
74
|
+
\fB--test-form-param\fR \fINAME\fP
|
75
|
+
Tests the form param name\.
|
76
|
+
.LP
|
77
|
+
.TP
|
78
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
79
|
+
Reads URLs from the given \fIFILE\fP\.
|
80
|
+
.LP
|
81
|
+
.TP
|
82
|
+
\fB-B\fR, \fB--filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
|
83
|
+
Optional filter\-bypass strategy to use\.
|
84
|
+
.LP
|
85
|
+
.HP
|
86
|
+
\fB-S\fR, \fB--script-lang\fR \fBasp\|\fRasp\.net\fB\|\fRcoldfusion\fB\|\fRjsp\fB\|\fRphp\fB\|\fRperl\`
|
87
|
+
Explicitly specify the scripting language to test for\.
|
88
|
+
.LP
|
89
|
+
.TP
|
90
|
+
\fB-T\fR, \fB--test-script-url\fR \fIURL\fP
|
91
|
+
Use an altnerative test script \fIURL\fP\.
|
92
|
+
.LP
|
93
|
+
.TP
|
94
|
+
\fB-h\fR, \fB--help\fR
|
95
|
+
Print help information\.
|
96
|
+
.LP
|
97
|
+
.SH AUTHOR
|
98
|
+
.LP
|
99
|
+
.PP
|
100
|
+
Postmodern
|
101
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
102
|
+
.ME
|
103
|
+
.LP
|
104
|
+
.SH SEE ALSO
|
105
|
+
.LP
|
106
|
+
.PP
|
107
|
+
ronin\-vulns\-scan(1)
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns rfi` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities. The URLs to scan
|
10
|
+
can be given as additional arguments or read from a file using the `--input`
|
11
|
+
option.
|
12
|
+
|
13
|
+
## ARGUMENTS
|
14
|
+
|
15
|
+
*URL*
|
16
|
+
A URL to scan.
|
17
|
+
|
18
|
+
## OPTIONS
|
19
|
+
|
20
|
+
`--first`
|
21
|
+
Only find the first vulnerability for each URL.
|
22
|
+
|
23
|
+
`-A`, `--all`
|
24
|
+
Find all vulnerabilities for each URL.
|
25
|
+
|
26
|
+
`-H`, `--header` "*Name*: *value*"
|
27
|
+
Sets an additional header using the given *Name* and *value*.
|
28
|
+
|
29
|
+
`-C`, `--cookie` *COOKIE*
|
30
|
+
Sets the raw `Cookie` header.
|
31
|
+
|
32
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
33
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
34
|
+
|
35
|
+
`-R`, `--referer` *URL*
|
36
|
+
Sets the `Referer` header.
|
37
|
+
|
38
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
39
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
40
|
+
|
41
|
+
`--test-query-param` *NAME*
|
42
|
+
Tests the URL query param name.
|
43
|
+
|
44
|
+
`--test-all-query-params`
|
45
|
+
Test all URL query param names.
|
46
|
+
|
47
|
+
`--test-header-name` *NAME*
|
48
|
+
Tests the HTTP Header name.
|
49
|
+
|
50
|
+
`--test-cookie-param` *NAME*
|
51
|
+
Tests the HTTP Cookie name.
|
52
|
+
|
53
|
+
`--test-all-cookie-params`
|
54
|
+
Test all Cookie param names.
|
55
|
+
|
56
|
+
`--test-form-param` *NAME*
|
57
|
+
Tests the form param name.
|
58
|
+
|
59
|
+
`-i`, `--input` *FILE*
|
60
|
+
Reads URLs from the given *FILE*.
|
61
|
+
|
62
|
+
`-B`, `--filter-bypass` `double-encode`\|`suffix-escape`\|`null-byte`
|
63
|
+
Optional filter-bypass strategy to use.
|
64
|
+
|
65
|
+
`-S`, `--script-lang` `asp\|`asp.net`\|`coldfusion`\|`jsp`\|`php`\|`perl`
|
66
|
+
Explicitly specify the scripting language to test for.
|
67
|
+
|
68
|
+
`-T`, `--test-script-url` *URL*
|
69
|
+
Use an altnerative test script *URL*.
|
70
|
+
|
71
|
+
`-h`, `--help`
|
72
|
+
Print help information.
|
73
|
+
|
74
|
+
## AUTHOR
|
75
|
+
|
76
|
+
Postmodern <postmodern.mod3@gmail.com>
|
77
|
+
|
78
|
+
## SEE ALSO
|
79
|
+
|
80
|
+
ronin-vulns-scan(1)
|