ronin-vulns 0.1.0 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc8b11abf863d2340c92c0b15fea6261a433541d67b8e9f31c644a013c3b7736
-  data.tar.gz: d801f3f82d4cfdc55666353d0cdbf0e95e3dd205e93bc182be0922cccefcd0a4
+  metadata.gz: c80dfbe1e5e0f67d7f6ae908b5514f937004354a809a4e408025ad47f96bf8e7
+  data.tar.gz: 7af7ed3b5e0abed7e2f0bdf0fc4b774ed568412369f4db44971fd2520d663bd5
 SHA512:
-  metadata.gz: 2bfbc57fee417d64e50330e218c103bde61e7a7d33c71e18bfbc60b021ad02f6976a3ea3d7151db9d7e0f777c0ae5cd38728789a99e5a349d9ad8f215c02c4db
-  data.tar.gz: f1effc752165f25c7d605d605f942f3f6f27e16f1587da22805d3d8e3e8bb9c60a6e9fc5445cfefc67419ae2d217d1bd52ffc198debb1ff2fe868245ff9978fb
+  metadata.gz: b06b563a221760c4f58fb55394ccdf01b510ed240b78d51f12dfd7bf122513f42d512f17bf3d5eb0857f61eda1b3db981c2d4583d9bedbb186c108216eec709f
+  data.tar.gz: 905e0de6182206b232358dab499af99f7849513bb09585e9242445505791dcc8a6c23a381be314f9078cf20848f388ca0c277b6d1647c845c7a56a9c6e10fcec

data/.github/workflows/ruby.yml

@@ -30,3 +30,17 @@ jobs:
         run: bundle install --jobs 4 --retry 3
       - name: Run tests
         run: bundle exec rake test
+
+  # rubocop linting
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run rubocop
+        run: bundle exec rubocop --parallel

data/.rubocop.yml

@@ -0,0 +1,28 @@
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+
+inherit_gem:
+  rubocop-ronin: rubocop.yml
+
+# we need to make the branching logic extremely explicit here
+Lint/DuplicateBranch:
+  Exclude:
+    - 'lib/ronin/vulns/lfi.rb'
+
+# we need to use eval() in the specs to test the SSTI test expression
+Security/Eval:
+  Exclude:
+    - 'spec/ssti_spec.rb'
+
+# we need to call URLScanner.scan with a block
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/reflected_xss_spec.rb'
+    - 'spec/url_scanner_spec.rb'
+
+# Ronin::Vulns::Vuln does not define an #initialize method
+Lint/MissingSuper:
+  Exclude:
+    - 'lib/ronin/vulns/web_vuln.rb'

data/ChangeLog.md

@@ -1,4 +1,20 @@
-### 0.1.0 / 2023-XX-XX
+### 0.1.2 / 2023-03-01
+
+* Require `ronin-support` ~> 1.0, >= 1.0.1
+
+#### CLI
+
+* Validate that given URLs start with either `http://` or `https://`, and print
+  an error message otherwise.
+* Print a `No vulnerabilities found` message when no vulnerabilities were
+  discovered.
+
+### 0.1.1 / 2023-02-02
+
+* Fixed typo in {Ronin::Vulns::CLI::WebVulnCommand#process_url} which effected
+  the `ronin-vulns lfi` command and others.
+
+### 0.1.0 / 2023-02-01
 
 * Initial release:
   * Require `ruby` >= 3.0.0.

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 gemspec
@@ -29,6 +31,8 @@ group :development do
   gem 'yard-spellcheck', require: false
 
   gem 'dead_end',        require: false
-  gem 'sord',            require: false
-  gem 'stackprof',       require: false
+  gem 'sord',            require: false, platform: :mri
+  gem 'stackprof',       require: false, platform: :mri
+  gem 'rubocop',         require: false, platform: :mri
+  gem 'rubocop-ronin',   require: false, platform: :mri
 end

data/README.md

@@ -307,7 +307,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
 
 ## License
 
-Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 
 ronin-vulns is free software: you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published

data/Rakefile

@@ -1,11 +1,11 @@
-require 'rubygems'
+# frozen_string_literal: true
 
 begin
   require 'bundler'
 rescue LoadError => e
   warn e.message
   warn "Run `gem install bundler` to install Bundler"
-  exit -1
+  exit(-1)
 end
 
 begin

data/bin/ronin-vulns

@@ -1,17 +1,16 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'rubygems'
 
 root = File.expand_path(File.join(File.dirname(__FILE__),'..'))
 if File.file?(File.join(root,'Gemfile.lock'))
   Dir.chdir(root) do
-    begin
-      require 'bundler/setup'
-    rescue LoadError => e
-      warn e.message
-      warn "Run `gem install bundler` to install Bundler"
-      exit -1
-    end
+    require 'bundler/setup'
+  rescue LoadError => e
+    warn e.message
+    warn "Run `gem install bundler` to install Bundler"
+    exit(-1)
   end
 end
 

data/gemspec.yml

@@ -34,7 +34,7 @@ generated_files:
   - man/ronin-vulns-scan.1
 
 dependencies:
-  ronin-support: ~> 1.0
+  ronin-support: ~> 1.0, >= 1.0.1
   ronin-core: ~> 0.1
 
 development_dependencies:

data/lib/ronin/vulns/cli/commands/open_redirect.rb

@@ -78,6 +78,7 @@ module Ronin
           #
           def scan_kwargs
             kwargs = super()
+
             kwargs[:test_url] = options[:test_url] if options[:test_url]
             return kwargs
           end

data/lib/ronin/vulns/cli/commands/rfi.rb

@@ -69,7 +69,7 @@ module Ronin
                                      'double-encode' => :double_encode,
                                      'suffix-escape' => :suffix_escape,
                                      'null-byte'     => :null_byte
-                                   },
+                                   }
                                  },
                                  desc: 'Optional filter-bypass strategy to use'
 

data/lib/ronin/vulns/cli/commands/scan.rb

@@ -98,7 +98,7 @@ module Ronin
                                          'double-encode' => :double_encode,
                                          'suffix-escape' => :suffix_escape,
                                          'null-byte'     => :null_byte
-                                       },
+                                       }
                                      },
                                      desc: 'Optional filter-bypass strategy to use'
 
@@ -127,7 +127,7 @@ module Ronin
           option :sqli_terminate, desc: 'Terminates the SQL expression with a --'
 
           option :ssti_test_expr, value: {
-                                    type: /\A\d+\s*[\*\/\+\-]\s*\d+\z/,
+                                    type: %r{\A\d+\s*[\*/\+\-]\s*\d+\z},
                                     usage: '{X*Y | X/Z | X+Y | X-Y}'
                                   },
                                   desc: 'Optional numeric test to use' do |expr|
@@ -260,10 +260,10 @@ module Ronin
           def scan_kwargs
             kwargs = super()
 
-            kwargs[:lfi]  = lfi_kwargs
-            kwargs[:rfi]  = rfi_kwargs
-            kwargs[:sqli] = sqli_kwargs
-            kwargs[:ssti] = ssti_kwargs
+            kwargs[:lfi]           = lfi_kwargs
+            kwargs[:rfi]           = rfi_kwargs
+            kwargs[:sqli]          = sqli_kwargs
+            kwargs[:ssti]          = ssti_kwargs
             kwargs[:open_redirect] = open_redirect_kwargs
             kwargs[:reflected_xss] = reflected_xss_kwargs
 

data/lib/ronin/vulns/cli/commands/ssti.rb

@@ -63,7 +63,7 @@ module Ronin
 
           option :test_expr, short: '-T',
                              value: {
-                               type: /\A\d+\s*[\*\/\+\-]\s*\d+\z/,
+                               type: %r{\A\d+\s*[\*/\+\-]\s*\d+\z},
                                usage: '{X*Y | X/Z | X+Y | X-Y}'
                              },
                              desc: 'Optional numeric test to use' do |expr|
@@ -86,6 +86,7 @@ module Ronin
           #
           def scan_kwargs
             kwargs = super()
+
             kwargs[:test_expr] = @test_expr if @test_expr
             return kwargs
           end

data/lib/ronin/vulns/cli/logging.rb

@@ -23,6 +23,9 @@ require 'ronin/core/cli/logging'
 module Ronin
   module Vulns
     class CLI
+      #
+      # Mixin that adds methods for logging discovered web vulnerabilities.
+      #
       module Logging
         include Core::CLI::Logging
 

data/lib/ronin/vulns/cli/web_vuln_command.rb

@@ -53,7 +53,9 @@ module Ronin
                         desc: 'Sets an additional header' do |header|
                           name, value = header.split(/:\s*/,2)
 
+                          # lazy initialize the headers
                           @headers ||= {}
+
                           @headers[name] = value
                         end
 
@@ -74,14 +76,16 @@ module Ronin
                               desc: 'Sets an additional cookie param' do |param|
                                 name, value = param.split('=',2)
 
+                                # lazy initialize the cookie
                                 @cookie ||= Support::Network::HTTP::Cookie.new
+
                                 @cookie[name] = value
                               end
 
         option :referer, short: '-R',
                          value: {
                            type: String,
-                           usage: 'URL',
+                           usage: 'URL'
                          },
                          desc: 'Sets the Referer header' do |referer|
                            @referer = referer
@@ -95,7 +99,9 @@ module Ronin
                             desc: 'Sets an additional form param' do |param|
                               name, value = param.split('=',2)
 
+                              # lazy initialize the form data
                               @form_data ||= {}
+
                               @form_data[name] = value
                             end
 
@@ -104,7 +110,9 @@ module Ronin
                                     usage: 'NAME'
                                   },
                                   desc: 'Tests the URL query param name' do |name|
+                                    # lazy initialize the test query params
                                     @test_query_params ||= Set.new
+
                                     @test_query_params << name
                                   end
 
@@ -117,7 +125,9 @@ module Ronin
                                     usage: 'NAME'
                                   },
                                   desc: 'Tests the HTTP Header name' do |name|
+                                    # lazy initialize the test heade rnames
                                     @test_header_names ||= Set.new
+
                                     @test_header_names << name
                                   end
 
@@ -126,7 +136,9 @@ module Ronin
                                      usage: 'NAME'
                                    },
                                    desc: 'Tests the HTTP Cookie name' do |name|
+                                     # lazy initialize the test cookie params
                                      @test_cookie_params ||= Set.new
+
                                      @test_cookie_params << name
                                    end
 
@@ -135,11 +147,13 @@ module Ronin
         end
 
         option :test_form_param, value: {
-                                     type: String,
+                                   type: String,
                                      usage: 'NAME'
-                                   },
+                                 },
                                    desc: 'Tests the form param name' do |name|
+                                     # lazy initialize the test form params
                                      @test_form_params ||= Set.new
+
                                      @test_form_params << name
                                    end
 
@@ -235,19 +249,27 @@ module Ronin
         #   The URL(s) to scan.
         #
         def run(*urls)
+          unless (options[:input] || !urls.empty?)
+            print_error "must specify URL(s) or --input"
+            exit(-1)
+          end
+
+          vulns_discovered = false
+
           if options[:input]
             File.open(options[:input]) do |file|
               file.each_line(chomp: true) do |url|
-                process_url(url)
+                vulns_discovered ||= process_url(url)
               end
             end
           elsif !urls.empty?
             urls.each do |url|
-              process_url(url)
+              vulns_discovered ||= process_url(url)
             end
-          else
-            print_error "must specify URL(s) or --input"
-            exit(-1)
+          end
+
+          unless vulns_discovered
+            puts colors.green("No vulnerabilities found")
           end
         end
 
@@ -257,16 +279,32 @@ module Ronin
         # @param [String] url
         #   A URL to scan.
         #
+        # @return [Boolean]
+        #   Indicates whether a vulnerability was discovered in the URL.
+        #
         def process_url(url)
+          unless url.start_with?('http://') || url.start_with?('https://')
+            print_error("URL must start with http:// or https://: #{url.inspect}")
+            exit(-1)
+          end
+
+          vuln_discovered = false
+
           if @scan_mode == :first
             if (first_vuln = test_url(url))
-              print_vuln(first_vuln)
+              log_vuln(first_vuln)
+
+              vuln_discovered = true
             end
           else
             scan_url(url) do |vuln|
-              print_vuln(vuln)
+              log_vuln(vuln)
+
+              vuln_discovered = true
             end
           end
+
+          return vuln_discovered
         end
 
         #
@@ -295,7 +333,7 @@ module Ronin
             kwargs[:query_params]  = true
           end
 
-          kwargs[:header_names]  = @test_header_names  if @test_header_names
+          kwargs[:header_names] = @test_header_names if @test_header_names
 
           if @test_cookie_params
             kwargs[:cookie_params] = @test_cookie_params
@@ -303,7 +341,7 @@ module Ronin
             kwargs[:cookie_params] = true
           end
 
-          kwargs[:form_params]   = @test_form_params   if @test_form_params
+          kwargs[:form_params] = @test_form_params if @test_form_params
 
           return kwargs
         end

data/lib/ronin/vulns/lfi/test_file.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library to blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/lfi.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -57,7 +57,7 @@ module Ronin
       attr_reader :os
 
       # Optional filter bypass technique to use.
-      # 
+      #
       # @return [:null_byte, :base64, :rot13, :zlib, nil]
       attr_reader :filter_bypass
 
@@ -176,7 +176,7 @@ module Ronin
           "#{@escape_path}#{path[3..]}"
         elsif @os == :windows && path =~ /\A[A-Z]:/
           # pass through absolute Windows paths to other drives
-            path
+          path
         elsif path.start_with?(@separator)
           # escape absolute paths
           "#{@escape_path}#{path[1..]}"
@@ -234,10 +234,9 @@ module Ronin
           Crypto.rot(body,-13) =~ @test_file
         when :zlib
           body.scan(Text::Patterns::BASE64).any? do |string|
-            begin
-              Compression.zlib_inflate(Base64.decode64(string)) =~ @test_file
-            rescue Zlib::DataError
-            end
+            Compression.zlib_inflate(Base64.decode64(string)) =~ @test_file
+          rescue Zlib::DataError
+            # not zlib compressed Base64, ignore
           end
         else
           body =~ @test_file

data/lib/ronin/vulns/open_redirect.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -80,7 +80,7 @@ module Ronin
         when '301', '302', '303', '307', '308'
           if (locations = response.get_fields('Location'))
             escaped_test_url = Regexp.escape(@test_url)
-            regexp = %r{\A#{escaped_test_url}(?:[\?&].+)?\z}
+            regexp           = /\A#{escaped_test_url}(?:[\?&].+)?\z/
 
             locations.last =~ regexp
           end
@@ -89,7 +89,18 @@ module Ronin
 
           if content_type && content_type.include?('text/html')
             escaped_test_url = Regexp.escape(CGI.escapeHTML(@test_url))
-            regexp = %r{<meta\s+http-equiv\s*=\s*(?:"refresh"|'refresh'|refresh)\s+content\s*=\s*(?:"\s*\d+\s*;\s*url\s*=\s*'\s*#{escaped_test_url}\s*'\s*"|'\s*\d+\s*;\s*url\s*=\s*"\s*#{escaped_test_url}\s*"\s*'|\s*\d+;url=(?:"#{escaped_test_url}"|'#{escaped_test_url}'))\s*(?:/\s*)?>}i
+
+            regexp = %r{
+              <meta\s+
+                http-equiv\s*=\s*(?: "refresh" | 'refresh' | refresh )\s+
+                content\s*=\s*
+                (?:
+                 "\s*\d+\s*;\s*url\s*=\s*'\s*#{escaped_test_url}\s*'\s*"|
+                 '\s*\d+\s*;\s*url\s*=\s*"\s*#{escaped_test_url}\s*"\s*'|
+                 \s*\d+;url=(?: "#{escaped_test_url}" | '#{escaped_test_url}' )
+                )\s*
+                (?:/\s*)?>
+            }xi
 
             response.body =~ regexp
           end

data/lib/ronin/vulns/reflected_xss/context.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
-# frozen_string_literal: true
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -115,33 +114,33 @@ module Ronin
         # value.
         #
         # @api private
-        IN_DOUBLE_QUOTED_ATTR_VALUE = %r{<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})\s*=\s*"[^"]+\z}
+        IN_DOUBLE_QUOTED_ATTR_VALUE = /<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})\s*=\s*"[^"]+\z/
 
         # Regexp matching when an XSS occurs within a single-quoted attribute
         # value.
         #
         # @api private
-        IN_SINGLE_QUOTED_ATTR_VALUE = %r{<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})\s*=\s*'[^']+\z}
+        IN_SINGLE_QUOTED_ATTR_VALUE = /<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})\s*=\s*'[^']+\z/
 
         # Regexp matching when an XSS occurs within an unquoted attribute value.
         #
         # @api private
-        IN_UNQUOTED_ATTR_VALUE = %r{<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})=[^"'\s]+\z}
+        IN_UNQUOTED_ATTR_VALUE = /<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})=[^"'\s]+\z/
 
         # Regexp matching when an XSS occurs within an attribute's name.
         #
         # @api private
-        IN_ATTR_NAME = %r{<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})\z}
+        IN_ATTR_NAME = /<(#{TAG_NAME})#{ATTR_LIST}\s+(#{ATTR_NAME})\z/
 
         # Regexp matching when an XSS occurs within a tag's attribute list.
         #
         # @api private
-        IN_ATTR_LIST = %r{<(#{TAG_NAME})#{ATTR_LIST}\s+\z}
+        IN_ATTR_LIST = /<(#{TAG_NAME})#{ATTR_LIST}\s+\z/
 
         # Regexp matching when an XSS occurs within a tag's name.
         #
         # @api private
-        IN_TAG_NAME = %r{<(#{TAG_NAME})\z}
+        IN_TAG_NAME = /<(#{TAG_NAME})\z/
 
         #
         # Determine the context of the XSS by checking the characters that come
@@ -161,7 +160,7 @@ module Ronin
         def self.identify(body,index)
           prefix = body[0,index]
 
-          if (match = prefix.match(IN_TAG_BODY))
+          if    (match = prefix.match(IN_TAG_BODY))
             new(:tag_body, tag: match[1])
           elsif (match = prefix.match(IN_DOUBLE_QUOTED_ATTR_VALUE))
             new(:double_quoted_attr_value, tag: match[1], attr: match[2])

data/lib/ronin/vulns/reflected_xss/test_string.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
-# frozen_string_literal: true
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -67,7 +66,7 @@ module Ronin
           '/' => ['%2F'],
           '<' => ['%3C', '&lt;'],
           '>' => ['%3E', '&gt;'],
-          '&' => ['%26', '&amp;'],
+          '&' => ['%26', '&amp;']
         }
 
         #

data/lib/ronin/vulns/reflected_xss.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
-# frozen_string_literal: true
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -91,7 +90,7 @@ module Ronin
       #   The test string to send.
       #
       # @yield [body, match]
-      #   If a block is given, it will be passed the response body and the 
+      #   If a block is given, it will be passed the response body and the
       #   regular expression match data, if the response contains the test
       #   string.
       #
@@ -119,7 +118,7 @@ module Ronin
       # Tests which HTML characters are accepted or escaped/filtered.
       #
       # @yield [body, match]
-      #   If a block is given, it will be passed the response body and the 
+      #   If a block is given, it will be passed the response body and the
       #   regular expression match data, if the response contains the test
       #   string.
       #

data/lib/ronin/vulns/rfi.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -65,7 +65,7 @@ module Ronin
       attr_reader :filter_bypass
 
       # URL of the Remote File Inclusion (RFI) Test script
-      # 
+      #
       # @return [URI::HTTP, String]
       attr_reader :test_script_url
 

data/lib/ronin/vulns/sqli/error_pattern.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/sqli.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
-# frozen_string_literal: true
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -42,7 +41,7 @@ module Ronin
       attr_reader :escape_quote
 
       # Specifies whether to escape parenthesis.
-      # 
+      #
       # @return [Boolean]
       attr_reader :escape_parens
 
@@ -205,7 +204,7 @@ module Ronin
           /ERROR: parser: parse error at or near/,
           /PostgreSQL query failed/,
           /org\.postgresql\.jdbc/,
-          /Pdo[.\/_\\]Pgsql/,
+          %r{Pdo[\./_\\]Pgsql},
           /PSQLException/
         ],
 
@@ -219,12 +218,12 @@ module Ronin
           /MySqlClient\./,
           /com\.mysql\.jdbc/,
           /Zend_Db_(?:Adapter|Statement)_Mysqli_Exception/,
-          /Pdo[.\/_\\]Mysql/,
+          %r{Pdo[\./_\\]Mysql},
           /MySqlException/
         ],
 
         sqlite: ErrorPattern[
-          /SQLite\/JDBCDriver/,
+          %r{SQLite/JDBCDriver},
           /SQLite\.Exception/,
           /(Microsoft|System)\.Data\.SQLite\.SQLiteException/,
           /Warning.*\W(?:sqlite_|SQLite3::)/,
@@ -233,7 +232,7 @@ module Ronin
           /sqlite3\.OperationalError:/,
           /SQLite3::SQLException/,
           /org\.sqlite\.JDBC/,
-          /Pdo[.\/_\\]Sqlite/,
+          %r{Pdo[\./_\\]Sqlite},
           /SQLiteException/
         ],
 
@@ -254,7 +253,7 @@ module Ronin
           /macromedia\.jdbc\.sqlserver/,
           /Zend_Db_(?:Adapter|Statement)_Sqlsrv_Exception/,
           /com\.microsoft\.sqlserver\.jdbc/,
-          /Pdo[.\/_\\](?:Mssql|SqlSrv)/,
+          %r{Pdo[\./_\\](?:Mssql|SqlSrv)},
           /SQL(?:Srv|Server)Exception/
         ],
 
@@ -268,7 +267,7 @@ module Ronin
           /macromedia\.jdbc\.oracle/,
           /oracle\.jdbc/,
           /Zend_Db_(?:Adapter|Statement)_Oracle_Exception/,
-          /Pdo[.\/_\\](?:Oracle|OCI)/,
+          %r{Pdo[\./_\\](?:Oracle|OCI)},
           /OracleException/
         ]
       }
@@ -304,7 +303,7 @@ module Ronin
       # @api private
       #
       def random_id
-        rand(8_999) + 1_000
+        rand(8_999..9999)
       end
 
       #
@@ -317,6 +316,7 @@ module Ronin
       #
       def test_or_true_and_false
         id = random_id
+
         response1 = exploit("OR #{id}=#{id}")
         response2 = exploit("AND #{random_id}=#{random_id}")
 

data/lib/ronin/vulns/ssti/test_expression.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -68,7 +68,7 @@ module Ronin
         #   Could not parse the test expression.
         #
         def self.parse(string)
-          unless (match = string.match(/\A(\d+)\s*([\*\/\+\-])\s*(\d+)\z/))
+          unless (match = string.match(%r{\A(\d+)\s*([\*/\+\-])\s*(\d+)\z}))
             raise(ArgumentError,"could not parse the expression: #{string.inspect}")
           end
 

data/lib/ronin/vulns/ssti.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -87,8 +87,8 @@ module Ronin
       #   A random test expression.
       #
       def self.random_test
-        int1 = rand(999) + 1_000
-        int2 = rand(999) + 1_000
+        int1 = rand(1_000..1_999)
+        int2 = rand(1_000..1_999)
 
         string  = "#{int1}*#{int2}"
         result  = (int1 * int2).to_s
@@ -108,7 +108,7 @@ module Ronin
       # @option kwargs [Proc, nil] :escape
       #   The escape method to use. If `escape:` is not given, then all escapes
       #   in {ESCAPES} will be tested..
-      #   
+      #
       # @option kwargs [Array<Symbol, String>, Symbol, String, true, nil] :query_params
       #   The query param name(s) to test.
       #

data/lib/ronin/vulns/url_scanner.rb

@@ -27,6 +27,9 @@ require 'ronin/vulns/open_redirect'
 
 module Ronin
   module Vulns
+    #
+    # Top-level module which scans a URL for all web vulnerabilities.
+    #
     module URLScanner
       #
       # Scans a URL for web vulnerabilities.

data/lib/ronin/vulns/version.rb

@@ -21,6 +21,6 @@
 module Ronin
   module Vulns
     # The ronin-vulns version
-    VERSION = '0.1.0'
+    VERSION = '0.1.2'
   end
 end

data/lib/ronin/vulns/vuln.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/web_vuln/http_request.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
-# frozen_string_literal: true
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -119,9 +118,10 @@ module Ronin
                             cookie:         nil,
                             form_data:      nil)
           @url = url
-          
+
           if query_params && !query_params.empty?
             @url = url.dup
+
             @url.query_params = query_params
           end
 

data/lib/ronin/vulns/web_vuln.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -292,7 +292,7 @@ module Ronin
         url    = URI(url)
         http ||= Support::Network::HTTP.connect_uri(url)
 
-        unless cookie_params 
+        unless cookie_params
           cookie_params = Set.new
 
           http.get_cookies(url.request_uri).each do |set_cookie|

data/ronin-vulns.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'yaml'
 
 Gem::Specification.new do |gem|
@@ -20,7 +22,7 @@ Gem::Specification.new do |gem|
   gem.homepage    = gemspec['homepage']
   gem.metadata    = gemspec['metadata'] if gemspec['metadata']
 
-  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+  glob = ->(patterns) { gem.files & Dir[*patterns] }
 
   gem.files  = `git ls-files`.split($/)
   gem.files  = glob[gemspec['files']] if gemspec['files']
@@ -44,7 +46,7 @@ Gem::Specification.new do |gem|
   gem.required_rubygems_version = gemspec['required_rubygems_version']
   gem.post_install_message      = gemspec['post_install_message']
 
-  split = lambda { |string| string.split(/,\s*/) }
+  split = ->(string) { string.split(/,\s*/) }
 
   if gemspec['dependencies']
     gemspec['dependencies'].each do |name,versions|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-vulns
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-01 00:00:00.000000000 Z
+date: 2023-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ronin-support
@@ -17,6 +17,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -24,6 +27,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.1
 - !ruby/object:Gem::Dependency
   name: ronin-core
   requirement: !ruby/object:Gem::Requirement
@@ -70,6 +76,7 @@ files:
 - ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".ruby-version"
 - ".yardopts"
 - COPYING.txt