ronin-vulns 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +3 -2
- data/ChangeLog.md +9 -0
- data/lib/ronin/vulns/open_redirect.rb +29 -5
- data/lib/ronin/vulns/sqli.rb +1 -1
- data/lib/ronin/vulns/url_scanner.rb +10 -0
- data/lib/ronin/vulns/version.rb +1 -1
- data/man/ronin-vulns-lfi.1 +2 -2
- data/man/ronin-vulns-open-redirect.1 +2 -2
- data/man/ronin-vulns-reflected-xss.1 +2 -2
- data/man/ronin-vulns-rfi.1 +3 -3
- data/man/ronin-vulns-scan.1 +3 -3
- data/man/ronin-vulns-sqli.1 +2 -2
- data/man/ronin-vulns-ssti.1 +3 -3
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 782fb72c980f9466dd49b736e941d1d4bf092066bdb2894c776f7610bb0ee049
|
4
|
+
data.tar.gz: 732c6cf18098e86aa1d600e7607fb8110a903ea76391901977574faff167b550
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a636b00ea3642dadf7ee2f1c1b4a498f5b8e107d46c7ed64aac115cb1788b395de343c5ac7683eef0b3556128e9466e8228782ae453d337cae46ef0c280369fa
|
7
|
+
data.tar.gz: e610ebe869ae47cc6ea5ab6c6cd548838da9873943f3d64317ff4682d36bfa172de79df5fff4a53a8d37936a83ada614d4fdc4c1d374eed08cb51a3f9ab421a0
|
data/.github/workflows/ruby.yml
CHANGED
@@ -12,11 +12,12 @@ jobs:
|
|
12
12
|
- '3.0'
|
13
13
|
- '3.1'
|
14
14
|
- '3.2'
|
15
|
+
- '3.3'
|
15
16
|
# - jruby
|
16
17
|
- truffleruby
|
17
18
|
name: Ruby ${{ matrix.ruby }}
|
18
19
|
steps:
|
19
|
-
- uses: actions/checkout@
|
20
|
+
- uses: actions/checkout@v4
|
20
21
|
- name: Set up Ruby
|
21
22
|
uses: ruby/setup-ruby@v1
|
22
23
|
with:
|
@@ -35,7 +36,7 @@ jobs:
|
|
35
36
|
rubocop:
|
36
37
|
runs-on: ubuntu-latest
|
37
38
|
steps:
|
38
|
-
- uses: actions/checkout@
|
39
|
+
- uses: actions/checkout@v4
|
39
40
|
- name: Set up Ruby
|
40
41
|
uses: ruby/setup-ruby@v1
|
41
42
|
with:
|
data/ChangeLog.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
### 0.1.5 / 2024-06-19
|
2
|
+
|
3
|
+
* Improve the accuracy of {Ronin::Vulns::OpenRedirect#vulnerable?} when
|
4
|
+
detecting open redirects in meta-refresh HTML tags.
|
5
|
+
* Match the test URL when it ends with `?...`, `&...`, or `&...`.
|
6
|
+
* Detect when the test URL has an additional string appended to it
|
7
|
+
(ex: `.html`). The appended string can easily be bypassed by adding a
|
8
|
+
`?`, `&`, or `#` character to the end of the test URL.
|
9
|
+
|
1
10
|
### 0.1.4 / 2023-09-19
|
2
11
|
|
3
12
|
#### CLI
|
@@ -80,7 +80,7 @@ module Ronin
|
|
80
80
|
when '301', '302', '303', '307', '308'
|
81
81
|
if (locations = response.get_fields('Location'))
|
82
82
|
escaped_test_url = Regexp.escape(@test_url)
|
83
|
-
regexp = /\A#{escaped_test_url}
|
83
|
+
regexp = /\A#{escaped_test_url}.*\z/
|
84
84
|
|
85
85
|
locations.last =~ regexp
|
86
86
|
end
|
@@ -95,10 +95,34 @@ module Ronin
|
|
95
95
|
http-equiv\s*=\s*(?: "refresh" | 'refresh' | refresh )\s+
|
96
96
|
content\s*=\s*
|
97
97
|
(?:
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
98
|
+
# content="..."
|
99
|
+
"\s*\d+\s*;\s*url\s*=\s*
|
100
|
+
(?:
|
101
|
+
# content="0; url='...'"
|
102
|
+
'\s*#{escaped_test_url}[^'"]*' |
|
103
|
+
# content="0; url=..."
|
104
|
+
#{escaped_test_url}[^"]*
|
105
|
+
)\s*" |
|
106
|
+
# content='...'
|
107
|
+
'\s*\d+\s*;\s*url\s*=\s*
|
108
|
+
(?:
|
109
|
+
# content='0; url="..."'
|
110
|
+
"\s*#{escaped_test_url}[^"']*" |
|
111
|
+
# content='0; url=...'
|
112
|
+
#{escaped_test_url}[^']*
|
113
|
+
)\s*' |
|
114
|
+
# content=...
|
115
|
+
\s*\d+;url=(?:
|
116
|
+
# content=0;url="..."
|
117
|
+
"\s*#{escaped_test_url}[^\s"]*" |
|
118
|
+
# content=0;url='...'
|
119
|
+
'\s*#{escaped_test_url}[^\s']*' |
|
120
|
+
# content=0;url=...
|
121
|
+
#{escaped_test_url}[^\s/>]*
|
122
|
+
)
|
123
|
+
)
|
124
|
+
\s*
|
125
|
+
# /> or / >
|
102
126
|
(?:/\s*)?>
|
103
127
|
}xi
|
104
128
|
|
data/lib/ronin/vulns/sqli.rb
CHANGED
@@ -30,6 +30,16 @@ module Ronin
|
|
30
30
|
#
|
31
31
|
# Top-level module which scans a URL for all web vulnerabilities.
|
32
32
|
#
|
33
|
+
# ## Examples
|
34
|
+
#
|
35
|
+
# require 'ronin/vulns/url_scanner'
|
36
|
+
#
|
37
|
+
# Ronin::Vulns::URLScanner.scan(url) do |vuln|
|
38
|
+
# # ...
|
39
|
+
# end
|
40
|
+
#
|
41
|
+
# vuln = Ronin::Vulns::URLScanner.test(url)
|
42
|
+
#
|
33
43
|
module URLScanner
|
34
44
|
#
|
35
45
|
# Scans a URL for web vulnerabilities.
|
data/lib/ronin/vulns/version.rb
CHANGED
data/man/ronin-vulns-lfi.1
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns open-redirect\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns reflected-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
data/man/ronin-vulns-rfi.1
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
@@ -82,7 +82,7 @@ Reads URLs from the given \fIFILE\fP\.
|
|
82
82
|
\fB-B\fR, \fB--filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
|
83
83
|
Optional filter\-bypass strategy to use\.
|
84
84
|
.LP
|
85
|
-
.
|
85
|
+
.PP
|
86
86
|
\fB-S\fR, \fB--script-lang\fR \fBasp\|\fRasp\.net\fB\|\fRcoldfusion\fB\|\fRjsp\fB\|\fRphp\fB\|\fRperl\`
|
87
87
|
Explicitly specify the scripting language to test for\.
|
88
88
|
.LP
|
data/man/ronin-vulns-scan.1
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
@@ -113,7 +113,7 @@ Escapes parenthesis\.
|
|
113
113
|
\fB--sqli-terminate\fR
|
114
114
|
Terminates the SQL expression with a \fB--\fR\.
|
115
115
|
.LP
|
116
|
-
.
|
116
|
+
.PP
|
117
117
|
\fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
|
118
118
|
Optional numeric test to use\.
|
119
119
|
.LP
|
data/man/ronin-vulns-sqli.1
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
data/man/ronin-vulns-ssti.1
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
.\" Generated by kramdown-man 0.1.
|
1
|
+
.\" Generated by kramdown-man 0.1.9
|
2
2
|
.\" https://github.com/postmodern/kramdown-man#readme
|
3
3
|
.TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
|
4
4
|
.LP
|
5
5
|
.SH SYNOPSIS
|
6
6
|
.LP
|
7
|
-
.
|
7
|
+
.PP
|
8
8
|
\fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
|
9
9
|
.LP
|
10
10
|
.SH DESCRIPTION
|
@@ -78,7 +78,7 @@ Tests the form param name\.
|
|
78
78
|
\fB-i\fR, \fB--input\fR \fIFILE\fP
|
79
79
|
Reads URLs from the given \fIFILE\fP\.
|
80
80
|
.LP
|
81
|
-
.
|
81
|
+
.PP
|
82
82
|
\fB-T\fR, \fB--test-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
|
83
83
|
Optional numeric test to use\.
|
84
84
|
.LP
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ronin-vulns
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Postmodern
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-06-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ronin-support
|
@@ -159,7 +159,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
159
159
|
- !ruby/object:Gem::Version
|
160
160
|
version: '0'
|
161
161
|
requirements: []
|
162
|
-
rubygems_version: 3.3.
|
162
|
+
rubygems_version: 3.3.27
|
163
163
|
signing_key:
|
164
164
|
specification_version: 4
|
165
165
|
summary: Tests URLs for Local File Inclusion (LFI), Remove File Inclusion (RFI), SQL
|