ronin-vulns 0.1.0.beta1

data/man/ronin-vulns-scan.1

@@ -0,0 +1,138 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for web vulnerabilities\. The URLs to scan can be given as
+additional arguments or read from a file using the \fB--input\fR option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.TP
+\fB--lfi-os\fR \fBunix\fR\[or]\fBwindows\fR
+Sets the OS to test for\.
+.LP
+.TP
+\fB--lfi-depth\fR \fINUM\fP
+Sets the directory depth to escape up\.
+.LP
+.TP
+\fB--lfi-filter-bypass\fR \fBnull_byte\fR\[or]\fBdouble_escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
+Sets the filter bypass strategy to use\.
+.LP
+.TP
+\fB--rfi-filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
+Optional filter\-bypass strategy to use\.
+.LP
+.TP
+\fB--rfi-script-lang\fR \fBasp\fR\[or]\fBasp.net\fR\[or]\fBcoldfusion\fR\[or]\fBjsp\fR\[or]\fBphp\fR\[or]\fBperl\fR
+Explicitly specify the scripting language to test for\.
+.LP
+.TP
+\fB--rfi-test-script-url\fR \fIURL\fP
+Use an altnerative test script URL\.
+.LP
+.TP
+\fB--sqli-escape-quote\fR
+Escapes quotation marks\.
+.LP
+.TP
+\fB--sqli-escape-parens\fR
+Escapes parenthesis\.
+.LP
+.TP
+\fB--sqli-terminate\fR
+Terminates the SQL expression with a \fB--\fR\.
+.LP
+.HP
+\fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
+Optional numeric test to use\.
+.LP
+.TP
+\fB--open-redirect-url\fR \fIURL\fP
+Optional test URL to try to redirect to\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-lfi(1) ronin\-vulns\-rfi(1) ronin\-vulns\-sqli(1) ronin\-vulns\-ssti(1) ronin\-vulns\-open\-redirect(1) ronin\-vulns\-reflected\-xss(1)

data/man/ronin-vulns-scan.1.md

@@ -0,0 +1,103 @@
+# ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns scan` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for web vulnerabilities. The URLs to scan can be given as
+additional arguments or read from a file using the `--input` option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`--lfi-os` `unix`\|`windows`
+  Sets the OS to test for.
+
+`--lfi-depth` *NUM*
+  Sets the directory depth to escape up.
+
+`--lfi-filter-bypass` `null_byte`\|`double_escape`\|`base64`\|`rot13`\|`zlib`
+  Sets the filter bypass strategy to use.
+
+`--rfi-filter-bypass` `double-encode`\|`suffix-escape`\|`null-byte`
+  Optional filter-bypass strategy to use.
+
+`--rfi-script-lang` `asp`\|`asp.net`\|`coldfusion`\|`jsp`\|`php`\|`perl`
+  Explicitly specify the scripting language to test for.
+
+`--rfi-test-script-url` *URL*
+  Use an altnerative test script URL.
+
+`--sqli-escape-quote`
+  Escapes quotation marks.
+
+`--sqli-escape-parens`
+  Escapes parenthesis.
+
+`--sqli-terminate`
+  Terminates the SQL expression with a `--`.
+
+`--ssti-test-expr` {*X*\**Y* \| *X*/*Z* \| *X*+*Y* \| *X*-*Y*}
+  Optional numeric test to use.
+
+`--open-redirect-url` *URL*
+  Optional test URL to try to redirect to.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-lfi(1) ronin-vulns-rfi(1) ronin-vulns-sqli(1) ronin-vulns-ssti(1) ronin-vulns-open-redirect(1) ronin-vulns-reflected-xss(1)

data/man/ronin-vulns-sqli.1

@@ -0,0 +1,107 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for SQL injection (SQLi) vulnerabilities\. The URLs to scan
+can be given as additional arguments or read from a file using the \fB--input\fR
+option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.TP
+\fB-Q\fR, \fB--escape-quote\fR
+Escapes quotation marks\.
+.LP
+.TP
+\fB-P\fR, \fB--escape-parens\fR
+Escapes parenthesis\.
+.LP
+.TP
+\fB-T\fR, \fB--terminate\fR
+Terminates the SQL expression with a \fB--\fR\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-scan(1)

data/man/ronin-vulns-sqli.1.md

@@ -0,0 +1,80 @@
+# ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns sqli` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for SQL injection (SQLi) vulnerabilities. The URLs to scan
+can be given as additional arguments or read from a file using the `--input`
+option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`-Q`, `--escape-quote`
+  Escapes quotation marks.
+
+`-P`, `--escape-parens`
+  Escapes parenthesis.
+
+`-T`, `--terminate`
+  Terminates the SQL expression with a `--`.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-scan(1)

data/man/ronin-vulns-ssti.1

@@ -0,0 +1,99 @@
+.\" Generated by kramdown-man 0.1.8
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
+.LP
+.SH SYNOPSIS
+.LP
+.HP
+\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
+.LP
+.SH DESCRIPTION
+.LP
+.PP
+Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities\. The URLs
+to scan can be given as additional arguments or read from a file using the
+\fB--input\fR option\.
+.LP
+.SH ARGUMENTS
+.LP
+.TP
+\fIURL\fP
+A URL to scan\.
+.LP
+.SH OPTIONS
+.LP
+.TP
+\fB--first\fR
+Only find the first vulnerability for each URL\.
+.LP
+.TP
+\fB-A\fR, \fB--all\fR
+Find all vulnerabilities for each URL\.
+.LP
+.TP
+\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.LP
+.TP
+\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.LP
+.TP
+\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB-R\fR, \fB--referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.LP
+.TP
+\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.LP
+.TP
+\fB--test-query-param\fR \fINAME\fP
+Tests the URL query param name\.
+.LP
+.TP
+\fB--test-all-query-params\fR
+Test all URL query param names\.
+.LP
+.TP
+\fB--test-header-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.LP
+.TP
+\fB--test-cookie-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.LP
+.TP
+\fB--test-all-cookie-params\fR
+Test all Cookie param names\.
+.LP
+.TP
+\fB--test-form-param\fR \fINAME\fP
+Tests the form param name\.
+.LP
+.TP
+\fB-i\fR, \fB--input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.LP
+.HP
+\fB-T\fR, \fB--test-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
+Optional numeric test to use\.
+.LP
+.TP
+\fB-h\fR, \fB--help\fR
+Print help information\.
+.LP
+.SH AUTHOR
+.LP
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.LP
+.SH SEE ALSO
+.LP
+.PP
+ronin\-vulns\-scan(1)

data/man/ronin-vulns-ssti.1.md

@@ -0,0 +1,74 @@
+# ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
+
+## SYNOPSIS
+
+`ronin-vulns lfi` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities. The URLs
+to scan can be given as additional arguments or read from a file using the
+`--input` option.
+
+## ARGUMENTS
+
+*URL*
+  A URL to scan.
+
+## OPTIONS
+
+`--first`
+  Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+  Find all vulnerabilities for each URL.
+
+`-H`, `--header` "*Name*: *value*"
+  Sets an additional header using the given *Name* and *value*.
+
+`-C`, `--cookie` *COOKIE*
+  Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+  Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+  Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+  Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+  Tests the URL query param name.
+
+`--test-all-query-params`
+  Test all URL query param names.
+
+`--test-header-name` *NAME*
+  Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+  Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+  Test all Cookie param names.
+
+`--test-form-param` *NAME*
+  Tests the form param name.
+
+`-i`, `--input` *FILE*
+  Reads URLs from the given *FILE*.
+
+`-T`, `--test-expr` {*X\*Y* \| *X/Z* \| *X+Y* \| *X-Y*}
+  Optional numeric test to use.
+
+`-h`, `--help`
+  Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+ronin-vulns-scan(1)

data/ronin-vulns.gemspec

@@ -0,0 +1,60 @@
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require 'ronin/vulns/version'
+                  Ronin::Vulns::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+  gem.metadata    = gemspec['metadata'] if gemspec['metadata']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files  = `git ls-files`.split($/)
+  gem.files  = glob[gemspec['files']] if gemspec['files']
+  gem.files += Array(gemspec['generated_files'])
+  gem.files -= glob[gemspec['test_files'] || '{test,spec}/{**/}*']
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.test_files       = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = gemspec['requirements']
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end