ronin-vulns 0.1.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.github/workflows/ruby.yml +31 -0
- data/.gitignore +13 -0
- data/.rspec +1 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +22 -0
- data/Gemfile +34 -0
- data/README.md +328 -0
- data/Rakefile +34 -0
- data/bin/ronin-vulns +19 -0
- data/data/rfi_test.asp +21 -0
- data/data/rfi_test.aspx +25 -0
- data/data/rfi_test.cfm +27 -0
- data/data/rfi_test.jsp +19 -0
- data/data/rfi_test.php +24 -0
- data/data/rfi_test.pl +25 -0
- data/gemspec.yml +41 -0
- data/lib/ronin/vulns/cli/command.rb +39 -0
- data/lib/ronin/vulns/cli/commands/lfi.rb +145 -0
- data/lib/ronin/vulns/cli/commands/open_redirect.rb +119 -0
- data/lib/ronin/vulns/cli/commands/reflected_xss.rb +99 -0
- data/lib/ronin/vulns/cli/commands/rfi.rb +156 -0
- data/lib/ronin/vulns/cli/commands/scan.rb +316 -0
- data/lib/ronin/vulns/cli/commands/sqli.rb +133 -0
- data/lib/ronin/vulns/cli/commands/ssti.rb +126 -0
- data/lib/ronin/vulns/cli/logging.rb +78 -0
- data/lib/ronin/vulns/cli/web_vuln_command.rb +347 -0
- data/lib/ronin/vulns/cli.rb +45 -0
- data/lib/ronin/vulns/lfi/test_file.rb +91 -0
- data/lib/ronin/vulns/lfi.rb +266 -0
- data/lib/ronin/vulns/open_redirect.rb +118 -0
- data/lib/ronin/vulns/reflected_xss/context.rb +224 -0
- data/lib/ronin/vulns/reflected_xss/test_string.rb +149 -0
- data/lib/ronin/vulns/reflected_xss.rb +184 -0
- data/lib/ronin/vulns/rfi.rb +224 -0
- data/lib/ronin/vulns/root.rb +28 -0
- data/lib/ronin/vulns/sqli/error_pattern.rb +89 -0
- data/lib/ronin/vulns/sqli.rb +397 -0
- data/lib/ronin/vulns/ssti/test_expression.rb +104 -0
- data/lib/ronin/vulns/ssti.rb +203 -0
- data/lib/ronin/vulns/url_scanner.rb +218 -0
- data/lib/ronin/vulns/version.rb +26 -0
- data/lib/ronin/vulns/vuln.rb +49 -0
- data/lib/ronin/vulns/web_vuln/http_request.rb +223 -0
- data/lib/ronin/vulns/web_vuln.rb +774 -0
- data/man/ronin-vulns-lfi.1 +107 -0
- data/man/ronin-vulns-lfi.1.md +80 -0
- data/man/ronin-vulns-open-redirect.1 +98 -0
- data/man/ronin-vulns-open-redirect.1.md +73 -0
- data/man/ronin-vulns-reflected-xss.1 +95 -0
- data/man/ronin-vulns-reflected-xss.1.md +71 -0
- data/man/ronin-vulns-rfi.1 +107 -0
- data/man/ronin-vulns-rfi.1.md +80 -0
- data/man/ronin-vulns-scan.1 +138 -0
- data/man/ronin-vulns-scan.1.md +103 -0
- data/man/ronin-vulns-sqli.1 +107 -0
- data/man/ronin-vulns-sqli.1.md +80 -0
- data/man/ronin-vulns-ssti.1 +99 -0
- data/man/ronin-vulns-ssti.1.md +74 -0
- data/ronin-vulns.gemspec +60 -0
- metadata +161 -0
@@ -0,0 +1,138 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for web vulnerabilities\. The URLs to scan can be given as
|
14
|
+
additional arguments or read from a file using the \fB--input\fR option\.
|
15
|
+
.LP
|
16
|
+
.SH ARGUMENTS
|
17
|
+
.LP
|
18
|
+
.TP
|
19
|
+
\fIURL\fP
|
20
|
+
A URL to scan\.
|
21
|
+
.LP
|
22
|
+
.SH OPTIONS
|
23
|
+
.LP
|
24
|
+
.TP
|
25
|
+
\fB--first\fR
|
26
|
+
Only find the first vulnerability for each URL\.
|
27
|
+
.LP
|
28
|
+
.TP
|
29
|
+
\fB-A\fR, \fB--all\fR
|
30
|
+
Find all vulnerabilities for each URL\.
|
31
|
+
.LP
|
32
|
+
.TP
|
33
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
34
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
35
|
+
.LP
|
36
|
+
.TP
|
37
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
38
|
+
Sets the raw \fBCookie\fR header\.
|
39
|
+
.LP
|
40
|
+
.TP
|
41
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
42
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
43
|
+
.LP
|
44
|
+
.TP
|
45
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
46
|
+
Sets the \fBReferer\fR header\.
|
47
|
+
.LP
|
48
|
+
.TP
|
49
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
50
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
51
|
+
.LP
|
52
|
+
.TP
|
53
|
+
\fB--test-query-param\fR \fINAME\fP
|
54
|
+
Tests the URL query param name\.
|
55
|
+
.LP
|
56
|
+
.TP
|
57
|
+
\fB--test-all-query-params\fR
|
58
|
+
Test all URL query param names\.
|
59
|
+
.LP
|
60
|
+
.TP
|
61
|
+
\fB--test-header-name\fR \fINAME\fP
|
62
|
+
Tests the HTTP Header name\.
|
63
|
+
.LP
|
64
|
+
.TP
|
65
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
66
|
+
Tests the HTTP Cookie name\.
|
67
|
+
.LP
|
68
|
+
.TP
|
69
|
+
\fB--test-all-cookie-params\fR
|
70
|
+
Test all Cookie param names\.
|
71
|
+
.LP
|
72
|
+
.TP
|
73
|
+
\fB--test-form-param\fR \fINAME\fP
|
74
|
+
Tests the form param name\.
|
75
|
+
.LP
|
76
|
+
.TP
|
77
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
78
|
+
Reads URLs from the given \fIFILE\fP\.
|
79
|
+
.LP
|
80
|
+
.TP
|
81
|
+
\fB--lfi-os\fR \fBunix\fR\[or]\fBwindows\fR
|
82
|
+
Sets the OS to test for\.
|
83
|
+
.LP
|
84
|
+
.TP
|
85
|
+
\fB--lfi-depth\fR \fINUM\fP
|
86
|
+
Sets the directory depth to escape up\.
|
87
|
+
.LP
|
88
|
+
.TP
|
89
|
+
\fB--lfi-filter-bypass\fR \fBnull_byte\fR\[or]\fBdouble_escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
|
90
|
+
Sets the filter bypass strategy to use\.
|
91
|
+
.LP
|
92
|
+
.TP
|
93
|
+
\fB--rfi-filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
|
94
|
+
Optional filter\-bypass strategy to use\.
|
95
|
+
.LP
|
96
|
+
.TP
|
97
|
+
\fB--rfi-script-lang\fR \fBasp\fR\[or]\fBasp.net\fR\[or]\fBcoldfusion\fR\[or]\fBjsp\fR\[or]\fBphp\fR\[or]\fBperl\fR
|
98
|
+
Explicitly specify the scripting language to test for\.
|
99
|
+
.LP
|
100
|
+
.TP
|
101
|
+
\fB--rfi-test-script-url\fR \fIURL\fP
|
102
|
+
Use an altnerative test script URL\.
|
103
|
+
.LP
|
104
|
+
.TP
|
105
|
+
\fB--sqli-escape-quote\fR
|
106
|
+
Escapes quotation marks\.
|
107
|
+
.LP
|
108
|
+
.TP
|
109
|
+
\fB--sqli-escape-parens\fR
|
110
|
+
Escapes parenthesis\.
|
111
|
+
.LP
|
112
|
+
.TP
|
113
|
+
\fB--sqli-terminate\fR
|
114
|
+
Terminates the SQL expression with a \fB--\fR\.
|
115
|
+
.LP
|
116
|
+
.HP
|
117
|
+
\fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
|
118
|
+
Optional numeric test to use\.
|
119
|
+
.LP
|
120
|
+
.TP
|
121
|
+
\fB--open-redirect-url\fR \fIURL\fP
|
122
|
+
Optional test URL to try to redirect to\.
|
123
|
+
.LP
|
124
|
+
.TP
|
125
|
+
\fB-h\fR, \fB--help\fR
|
126
|
+
Print help information\.
|
127
|
+
.LP
|
128
|
+
.SH AUTHOR
|
129
|
+
.LP
|
130
|
+
.PP
|
131
|
+
Postmodern
|
132
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
133
|
+
.ME
|
134
|
+
.LP
|
135
|
+
.SH SEE ALSO
|
136
|
+
.LP
|
137
|
+
.PP
|
138
|
+
ronin\-vulns\-lfi(1) ronin\-vulns\-rfi(1) ronin\-vulns\-sqli(1) ronin\-vulns\-ssti(1) ronin\-vulns\-open\-redirect(1) ronin\-vulns\-reflected\-xss(1)
|
@@ -0,0 +1,103 @@
|
|
1
|
+
# ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns scan` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for web vulnerabilities. The URLs to scan can be given as
|
10
|
+
additional arguments or read from a file using the `--input` option.
|
11
|
+
|
12
|
+
## ARGUMENTS
|
13
|
+
|
14
|
+
*URL*
|
15
|
+
A URL to scan.
|
16
|
+
|
17
|
+
## OPTIONS
|
18
|
+
|
19
|
+
`--first`
|
20
|
+
Only find the first vulnerability for each URL.
|
21
|
+
|
22
|
+
`-A`, `--all`
|
23
|
+
Find all vulnerabilities for each URL.
|
24
|
+
|
25
|
+
`-H`, `--header` "*Name*: *value*"
|
26
|
+
Sets an additional header using the given *Name* and *value*.
|
27
|
+
|
28
|
+
`-C`, `--cookie` *COOKIE*
|
29
|
+
Sets the raw `Cookie` header.
|
30
|
+
|
31
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
32
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
33
|
+
|
34
|
+
`-R`, `--referer` *URL*
|
35
|
+
Sets the `Referer` header.
|
36
|
+
|
37
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
38
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
39
|
+
|
40
|
+
`--test-query-param` *NAME*
|
41
|
+
Tests the URL query param name.
|
42
|
+
|
43
|
+
`--test-all-query-params`
|
44
|
+
Test all URL query param names.
|
45
|
+
|
46
|
+
`--test-header-name` *NAME*
|
47
|
+
Tests the HTTP Header name.
|
48
|
+
|
49
|
+
`--test-cookie-param` *NAME*
|
50
|
+
Tests the HTTP Cookie name.
|
51
|
+
|
52
|
+
`--test-all-cookie-params`
|
53
|
+
Test all Cookie param names.
|
54
|
+
|
55
|
+
`--test-form-param` *NAME*
|
56
|
+
Tests the form param name.
|
57
|
+
|
58
|
+
`-i`, `--input` *FILE*
|
59
|
+
Reads URLs from the given *FILE*.
|
60
|
+
|
61
|
+
`--lfi-os` `unix`\|`windows`
|
62
|
+
Sets the OS to test for.
|
63
|
+
|
64
|
+
`--lfi-depth` *NUM*
|
65
|
+
Sets the directory depth to escape up.
|
66
|
+
|
67
|
+
`--lfi-filter-bypass` `null_byte`\|`double_escape`\|`base64`\|`rot13`\|`zlib`
|
68
|
+
Sets the filter bypass strategy to use.
|
69
|
+
|
70
|
+
`--rfi-filter-bypass` `double-encode`\|`suffix-escape`\|`null-byte`
|
71
|
+
Optional filter-bypass strategy to use.
|
72
|
+
|
73
|
+
`--rfi-script-lang` `asp`\|`asp.net`\|`coldfusion`\|`jsp`\|`php`\|`perl`
|
74
|
+
Explicitly specify the scripting language to test for.
|
75
|
+
|
76
|
+
`--rfi-test-script-url` *URL*
|
77
|
+
Use an altnerative test script URL.
|
78
|
+
|
79
|
+
`--sqli-escape-quote`
|
80
|
+
Escapes quotation marks.
|
81
|
+
|
82
|
+
`--sqli-escape-parens`
|
83
|
+
Escapes parenthesis.
|
84
|
+
|
85
|
+
`--sqli-terminate`
|
86
|
+
Terminates the SQL expression with a `--`.
|
87
|
+
|
88
|
+
`--ssti-test-expr` {*X*\**Y* \| *X*/*Z* \| *X*+*Y* \| *X*-*Y*}
|
89
|
+
Optional numeric test to use.
|
90
|
+
|
91
|
+
`--open-redirect-url` *URL*
|
92
|
+
Optional test URL to try to redirect to.
|
93
|
+
|
94
|
+
`-h`, `--help`
|
95
|
+
Print help information.
|
96
|
+
|
97
|
+
## AUTHOR
|
98
|
+
|
99
|
+
Postmodern <postmodern.mod3@gmail.com>
|
100
|
+
|
101
|
+
## SEE ALSO
|
102
|
+
|
103
|
+
ronin-vulns-lfi(1) ronin-vulns-rfi(1) ronin-vulns-sqli(1) ronin-vulns-ssti(1) ronin-vulns-open-redirect(1) ronin-vulns-reflected-xss(1)
|
@@ -0,0 +1,107 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for SQL injection (SQLi) vulnerabilities\. The URLs to scan
|
14
|
+
can be given as additional arguments or read from a file using the \fB--input\fR
|
15
|
+
option\.
|
16
|
+
.LP
|
17
|
+
.SH ARGUMENTS
|
18
|
+
.LP
|
19
|
+
.TP
|
20
|
+
\fIURL\fP
|
21
|
+
A URL to scan\.
|
22
|
+
.LP
|
23
|
+
.SH OPTIONS
|
24
|
+
.LP
|
25
|
+
.TP
|
26
|
+
\fB--first\fR
|
27
|
+
Only find the first vulnerability for each URL\.
|
28
|
+
.LP
|
29
|
+
.TP
|
30
|
+
\fB-A\fR, \fB--all\fR
|
31
|
+
Find all vulnerabilities for each URL\.
|
32
|
+
.LP
|
33
|
+
.TP
|
34
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
35
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
36
|
+
.LP
|
37
|
+
.TP
|
38
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
39
|
+
Sets the raw \fBCookie\fR header\.
|
40
|
+
.LP
|
41
|
+
.TP
|
42
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
43
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
44
|
+
.LP
|
45
|
+
.TP
|
46
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
47
|
+
Sets the \fBReferer\fR header\.
|
48
|
+
.LP
|
49
|
+
.TP
|
50
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
51
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
52
|
+
.LP
|
53
|
+
.TP
|
54
|
+
\fB--test-query-param\fR \fINAME\fP
|
55
|
+
Tests the URL query param name\.
|
56
|
+
.LP
|
57
|
+
.TP
|
58
|
+
\fB--test-all-query-params\fR
|
59
|
+
Test all URL query param names\.
|
60
|
+
.LP
|
61
|
+
.TP
|
62
|
+
\fB--test-header-name\fR \fINAME\fP
|
63
|
+
Tests the HTTP Header name\.
|
64
|
+
.LP
|
65
|
+
.TP
|
66
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
67
|
+
Tests the HTTP Cookie name\.
|
68
|
+
.LP
|
69
|
+
.TP
|
70
|
+
\fB--test-all-cookie-params\fR
|
71
|
+
Test all Cookie param names\.
|
72
|
+
.LP
|
73
|
+
.TP
|
74
|
+
\fB--test-form-param\fR \fINAME\fP
|
75
|
+
Tests the form param name\.
|
76
|
+
.LP
|
77
|
+
.TP
|
78
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
79
|
+
Reads URLs from the given \fIFILE\fP\.
|
80
|
+
.LP
|
81
|
+
.TP
|
82
|
+
\fB-Q\fR, \fB--escape-quote\fR
|
83
|
+
Escapes quotation marks\.
|
84
|
+
.LP
|
85
|
+
.TP
|
86
|
+
\fB-P\fR, \fB--escape-parens\fR
|
87
|
+
Escapes parenthesis\.
|
88
|
+
.LP
|
89
|
+
.TP
|
90
|
+
\fB-T\fR, \fB--terminate\fR
|
91
|
+
Terminates the SQL expression with a \fB--\fR\.
|
92
|
+
.LP
|
93
|
+
.TP
|
94
|
+
\fB-h\fR, \fB--help\fR
|
95
|
+
Print help information\.
|
96
|
+
.LP
|
97
|
+
.SH AUTHOR
|
98
|
+
.LP
|
99
|
+
.PP
|
100
|
+
Postmodern
|
101
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
102
|
+
.ME
|
103
|
+
.LP
|
104
|
+
.SH SEE ALSO
|
105
|
+
.LP
|
106
|
+
.PP
|
107
|
+
ronin\-vulns\-scan(1)
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns sqli` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for SQL injection (SQLi) vulnerabilities. The URLs to scan
|
10
|
+
can be given as additional arguments or read from a file using the `--input`
|
11
|
+
option.
|
12
|
+
|
13
|
+
## ARGUMENTS
|
14
|
+
|
15
|
+
*URL*
|
16
|
+
A URL to scan.
|
17
|
+
|
18
|
+
## OPTIONS
|
19
|
+
|
20
|
+
`--first`
|
21
|
+
Only find the first vulnerability for each URL.
|
22
|
+
|
23
|
+
`-A`, `--all`
|
24
|
+
Find all vulnerabilities for each URL.
|
25
|
+
|
26
|
+
`-H`, `--header` "*Name*: *value*"
|
27
|
+
Sets an additional header using the given *Name* and *value*.
|
28
|
+
|
29
|
+
`-C`, `--cookie` *COOKIE*
|
30
|
+
Sets the raw `Cookie` header.
|
31
|
+
|
32
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
33
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
34
|
+
|
35
|
+
`-R`, `--referer` *URL*
|
36
|
+
Sets the `Referer` header.
|
37
|
+
|
38
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
39
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
40
|
+
|
41
|
+
`--test-query-param` *NAME*
|
42
|
+
Tests the URL query param name.
|
43
|
+
|
44
|
+
`--test-all-query-params`
|
45
|
+
Test all URL query param names.
|
46
|
+
|
47
|
+
`--test-header-name` *NAME*
|
48
|
+
Tests the HTTP Header name.
|
49
|
+
|
50
|
+
`--test-cookie-param` *NAME*
|
51
|
+
Tests the HTTP Cookie name.
|
52
|
+
|
53
|
+
`--test-all-cookie-params`
|
54
|
+
Test all Cookie param names.
|
55
|
+
|
56
|
+
`--test-form-param` *NAME*
|
57
|
+
Tests the form param name.
|
58
|
+
|
59
|
+
`-i`, `--input` *FILE*
|
60
|
+
Reads URLs from the given *FILE*.
|
61
|
+
|
62
|
+
`-Q`, `--escape-quote`
|
63
|
+
Escapes quotation marks.
|
64
|
+
|
65
|
+
`-P`, `--escape-parens`
|
66
|
+
Escapes parenthesis.
|
67
|
+
|
68
|
+
`-T`, `--terminate`
|
69
|
+
Terminates the SQL expression with a `--`.
|
70
|
+
|
71
|
+
`-h`, `--help`
|
72
|
+
Print help information.
|
73
|
+
|
74
|
+
## AUTHOR
|
75
|
+
|
76
|
+
Postmodern <postmodern.mod3@gmail.com>
|
77
|
+
|
78
|
+
## SEE ALSO
|
79
|
+
|
80
|
+
ronin-vulns-scan(1)
|
@@ -0,0 +1,99 @@
|
|
1
|
+
.\" Generated by kramdown-man 0.1.8
|
2
|
+
.\" https://github.com/postmodern/kramdown-man#readme
|
3
|
+
.TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
|
4
|
+
.LP
|
5
|
+
.SH SYNOPSIS
|
6
|
+
.LP
|
7
|
+
.HP
|
8
|
+
\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
|
+
.LP
|
10
|
+
.SH DESCRIPTION
|
11
|
+
.LP
|
12
|
+
.PP
|
13
|
+
Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities\. The URLs
|
14
|
+
to scan can be given as additional arguments or read from a file using the
|
15
|
+
\fB--input\fR option\.
|
16
|
+
.LP
|
17
|
+
.SH ARGUMENTS
|
18
|
+
.LP
|
19
|
+
.TP
|
20
|
+
\fIURL\fP
|
21
|
+
A URL to scan\.
|
22
|
+
.LP
|
23
|
+
.SH OPTIONS
|
24
|
+
.LP
|
25
|
+
.TP
|
26
|
+
\fB--first\fR
|
27
|
+
Only find the first vulnerability for each URL\.
|
28
|
+
.LP
|
29
|
+
.TP
|
30
|
+
\fB-A\fR, \fB--all\fR
|
31
|
+
Find all vulnerabilities for each URL\.
|
32
|
+
.LP
|
33
|
+
.TP
|
34
|
+
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
|
35
|
+
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
|
36
|
+
.LP
|
37
|
+
.TP
|
38
|
+
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
|
39
|
+
Sets the raw \fBCookie\fR header\.
|
40
|
+
.LP
|
41
|
+
.TP
|
42
|
+
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
43
|
+
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
|
44
|
+
.LP
|
45
|
+
.TP
|
46
|
+
\fB-R\fR, \fB--referer\fR \fIURL\fP
|
47
|
+
Sets the \fBReferer\fR header\.
|
48
|
+
.LP
|
49
|
+
.TP
|
50
|
+
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
|
51
|
+
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
|
52
|
+
.LP
|
53
|
+
.TP
|
54
|
+
\fB--test-query-param\fR \fINAME\fP
|
55
|
+
Tests the URL query param name\.
|
56
|
+
.LP
|
57
|
+
.TP
|
58
|
+
\fB--test-all-query-params\fR
|
59
|
+
Test all URL query param names\.
|
60
|
+
.LP
|
61
|
+
.TP
|
62
|
+
\fB--test-header-name\fR \fINAME\fP
|
63
|
+
Tests the HTTP Header name\.
|
64
|
+
.LP
|
65
|
+
.TP
|
66
|
+
\fB--test-cookie-param\fR \fINAME\fP
|
67
|
+
Tests the HTTP Cookie name\.
|
68
|
+
.LP
|
69
|
+
.TP
|
70
|
+
\fB--test-all-cookie-params\fR
|
71
|
+
Test all Cookie param names\.
|
72
|
+
.LP
|
73
|
+
.TP
|
74
|
+
\fB--test-form-param\fR \fINAME\fP
|
75
|
+
Tests the form param name\.
|
76
|
+
.LP
|
77
|
+
.TP
|
78
|
+
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
79
|
+
Reads URLs from the given \fIFILE\fP\.
|
80
|
+
.LP
|
81
|
+
.HP
|
82
|
+
\fB-T\fR, \fB--test-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
|
83
|
+
Optional numeric test to use\.
|
84
|
+
.LP
|
85
|
+
.TP
|
86
|
+
\fB-h\fR, \fB--help\fR
|
87
|
+
Print help information\.
|
88
|
+
.LP
|
89
|
+
.SH AUTHOR
|
90
|
+
.LP
|
91
|
+
.PP
|
92
|
+
Postmodern
|
93
|
+
.MT postmodern\.mod3\[at]gmail\.com
|
94
|
+
.ME
|
95
|
+
.LP
|
96
|
+
.SH SEE ALSO
|
97
|
+
.LP
|
98
|
+
.PP
|
99
|
+
ronin\-vulns\-scan(1)
|
@@ -0,0 +1,74 @@
|
|
1
|
+
# ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
|
2
|
+
|
3
|
+
## SYNOPSIS
|
4
|
+
|
5
|
+
`ronin-vulns lfi` [*options*] {*URL* ... \| `--input` *FILE*}
|
6
|
+
|
7
|
+
## DESCRIPTION
|
8
|
+
|
9
|
+
Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities. The URLs
|
10
|
+
to scan can be given as additional arguments or read from a file using the
|
11
|
+
`--input` option.
|
12
|
+
|
13
|
+
## ARGUMENTS
|
14
|
+
|
15
|
+
*URL*
|
16
|
+
A URL to scan.
|
17
|
+
|
18
|
+
## OPTIONS
|
19
|
+
|
20
|
+
`--first`
|
21
|
+
Only find the first vulnerability for each URL.
|
22
|
+
|
23
|
+
`-A`, `--all`
|
24
|
+
Find all vulnerabilities for each URL.
|
25
|
+
|
26
|
+
`-H`, `--header` "*Name*: *value*"
|
27
|
+
Sets an additional header using the given *Name* and *value*.
|
28
|
+
|
29
|
+
`-C`, `--cookie` *COOKIE*
|
30
|
+
Sets the raw `Cookie` header.
|
31
|
+
|
32
|
+
`-c`, `--cookie-param` *NAME*`=`*VALUE*
|
33
|
+
Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
|
34
|
+
|
35
|
+
`-R`, `--referer` *URL*
|
36
|
+
Sets the `Referer` header.
|
37
|
+
|
38
|
+
`-F`, `--form-param` *NAME*`=`*VALUE*
|
39
|
+
Sets an additional form param using the given *NAME* and *VALUE*.
|
40
|
+
|
41
|
+
`--test-query-param` *NAME*
|
42
|
+
Tests the URL query param name.
|
43
|
+
|
44
|
+
`--test-all-query-params`
|
45
|
+
Test all URL query param names.
|
46
|
+
|
47
|
+
`--test-header-name` *NAME*
|
48
|
+
Tests the HTTP Header name.
|
49
|
+
|
50
|
+
`--test-cookie-param` *NAME*
|
51
|
+
Tests the HTTP Cookie name.
|
52
|
+
|
53
|
+
`--test-all-cookie-params`
|
54
|
+
Test all Cookie param names.
|
55
|
+
|
56
|
+
`--test-form-param` *NAME*
|
57
|
+
Tests the form param name.
|
58
|
+
|
59
|
+
`-i`, `--input` *FILE*
|
60
|
+
Reads URLs from the given *FILE*.
|
61
|
+
|
62
|
+
`-T`, `--test-expr` {*X\*Y* \| *X/Z* \| *X+Y* \| *X-Y*}
|
63
|
+
Optional numeric test to use.
|
64
|
+
|
65
|
+
`-h`, `--help`
|
66
|
+
Print help information.
|
67
|
+
|
68
|
+
## AUTHOR
|
69
|
+
|
70
|
+
Postmodern <postmodern.mod3@gmail.com>
|
71
|
+
|
72
|
+
## SEE ALSO
|
73
|
+
|
74
|
+
ronin-vulns-scan(1)
|
data/ronin-vulns.gemspec
ADDED
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
Gem::Specification.new do |gem|
|
4
|
+
gemspec = YAML.load_file('gemspec.yml')
|
5
|
+
|
6
|
+
gem.name = gemspec.fetch('name')
|
7
|
+
gem.version = gemspec.fetch('version') do
|
8
|
+
lib_dir = File.join(File.dirname(__FILE__),'lib')
|
9
|
+
$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
|
10
|
+
|
11
|
+
require 'ronin/vulns/version'
|
12
|
+
Ronin::Vulns::VERSION
|
13
|
+
end
|
14
|
+
|
15
|
+
gem.summary = gemspec['summary']
|
16
|
+
gem.description = gemspec['description']
|
17
|
+
gem.licenses = Array(gemspec['license'])
|
18
|
+
gem.authors = Array(gemspec['authors'])
|
19
|
+
gem.email = gemspec['email']
|
20
|
+
gem.homepage = gemspec['homepage']
|
21
|
+
gem.metadata = gemspec['metadata'] if gemspec['metadata']
|
22
|
+
|
23
|
+
glob = lambda { |patterns| gem.files & Dir[*patterns] }
|
24
|
+
|
25
|
+
gem.files = `git ls-files`.split($/)
|
26
|
+
gem.files = glob[gemspec['files']] if gemspec['files']
|
27
|
+
gem.files += Array(gemspec['generated_files'])
|
28
|
+
gem.files -= glob[gemspec['test_files'] || '{test,spec}/{**/}*']
|
29
|
+
|
30
|
+
gem.executables = gemspec.fetch('executables') do
|
31
|
+
glob['bin/*'].map { |path| File.basename(path) }
|
32
|
+
end
|
33
|
+
|
34
|
+
gem.extensions = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
|
35
|
+
gem.test_files = glob[gemspec['test_files'] || 'spec/{**/}*_spec.rb']
|
36
|
+
gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
|
37
|
+
|
38
|
+
gem.require_paths = Array(gemspec.fetch('require_paths') {
|
39
|
+
%w[ext lib].select { |dir| File.directory?(dir) }
|
40
|
+
})
|
41
|
+
|
42
|
+
gem.requirements = gemspec['requirements']
|
43
|
+
gem.required_ruby_version = gemspec['required_ruby_version']
|
44
|
+
gem.required_rubygems_version = gemspec['required_rubygems_version']
|
45
|
+
gem.post_install_message = gemspec['post_install_message']
|
46
|
+
|
47
|
+
split = lambda { |string| string.split(/,\s*/) }
|
48
|
+
|
49
|
+
if gemspec['dependencies']
|
50
|
+
gemspec['dependencies'].each do |name,versions|
|
51
|
+
gem.add_dependency(name,split[versions])
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
if gemspec['development_dependencies']
|
56
|
+
gemspec['development_dependencies'].each do |name,versions|
|
57
|
+
gem.add_development_dependency(name,split[versions])
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|