ronin-vulns 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a034edd07851be44f796a03f47cc5583969734943d5ec23c0073e9dc92f62bd7
4
- data.tar.gz: 223f844d4ead3779a13d981a6998c46a5cf7f445d5b95044ae30997f546642e5
3
+ metadata.gz: 782fb72c980f9466dd49b736e941d1d4bf092066bdb2894c776f7610bb0ee049
4
+ data.tar.gz: 732c6cf18098e86aa1d600e7607fb8110a903ea76391901977574faff167b550
5
5
  SHA512:
6
- metadata.gz: 0db7e162bc9e7294be2d5a89660c3fd3b5892d4e2595b56704bcd8725bccb3041b38a8621c1daab77471236d2a17c1075bdf8ce7f4f233afee43d7277b6afc94
7
- data.tar.gz: 9a5e1f7513231f294ca5f328f79921dc66c1072b301ccfbf3ac72844b75b492a0ccd76a171d507d82b002824522f79cf6d9e08e7bf99c7624e47375993064176
6
+ metadata.gz: a636b00ea3642dadf7ee2f1c1b4a498f5b8e107d46c7ed64aac115cb1788b395de343c5ac7683eef0b3556128e9466e8228782ae453d337cae46ef0c280369fa
7
+ data.tar.gz: e610ebe869ae47cc6ea5ab6c6cd548838da9873943f3d64317ff4682d36bfa172de79df5fff4a53a8d37936a83ada614d4fdc4c1d374eed08cb51a3f9ab421a0
@@ -12,11 +12,12 @@ jobs:
12
12
  - '3.0'
13
13
  - '3.1'
14
14
  - '3.2'
15
+ - '3.3'
15
16
  # - jruby
16
17
  - truffleruby
17
18
  name: Ruby ${{ matrix.ruby }}
18
19
  steps:
19
- - uses: actions/checkout@v2
20
+ - uses: actions/checkout@v4
20
21
  - name: Set up Ruby
21
22
  uses: ruby/setup-ruby@v1
22
23
  with:
@@ -35,7 +36,7 @@ jobs:
35
36
  rubocop:
36
37
  runs-on: ubuntu-latest
37
38
  steps:
38
- - uses: actions/checkout@v2
39
+ - uses: actions/checkout@v4
39
40
  - name: Set up Ruby
40
41
  uses: ruby/setup-ruby@v1
41
42
  with:
data/ChangeLog.md CHANGED
@@ -1,3 +1,12 @@
1
+ ### 0.1.5 / 2024-06-19
2
+
3
+ * Improve the accuracy of {Ronin::Vulns::OpenRedirect#vulnerable?} when
4
+ detecting open redirects in meta-refresh HTML tags.
5
+ * Match the test URL when it ends with `?...`, `&...`, or `&...`.
6
+ * Detect when the test URL has an additional string appended to it
7
+ (ex: `.html`). The appended string can easily be bypassed by adding a
8
+ `?`, `&`, or `#` character to the end of the test URL.
9
+
1
10
  ### 0.1.4 / 2023-09-19
2
11
 
3
12
  #### CLI
@@ -80,7 +80,7 @@ module Ronin
80
80
  when '301', '302', '303', '307', '308'
81
81
  if (locations = response.get_fields('Location'))
82
82
  escaped_test_url = Regexp.escape(@test_url)
83
- regexp = /\A#{escaped_test_url}(?:[\?&].+)?\z/
83
+ regexp = /\A#{escaped_test_url}.*\z/
84
84
 
85
85
  locations.last =~ regexp
86
86
  end
@@ -95,10 +95,34 @@ module Ronin
95
95
  http-equiv\s*=\s*(?: "refresh" | 'refresh' | refresh )\s+
96
96
  content\s*=\s*
97
97
  (?:
98
- "\s*\d+\s*;\s*url\s*=\s*'\s*#{escaped_test_url}\s*'\s*"|
99
- '\s*\d+\s*;\s*url\s*=\s*"\s*#{escaped_test_url}\s*"\s*'|
100
- \s*\d+;url=(?: "#{escaped_test_url}" | '#{escaped_test_url}' )
101
- )\s*
98
+ # content="..."
99
+ "\s*\d+\s*;\s*url\s*=\s*
100
+ (?:
101
+ # content="0; url='...'"
102
+ '\s*#{escaped_test_url}[^'"]*' |
103
+ # content="0; url=..."
104
+ #{escaped_test_url}[^"]*
105
+ )\s*" |
106
+ # content='...'
107
+ '\s*\d+\s*;\s*url\s*=\s*
108
+ (?:
109
+ # content='0; url="..."'
110
+ "\s*#{escaped_test_url}[^"']*" |
111
+ # content='0; url=...'
112
+ #{escaped_test_url}[^']*
113
+ )\s*' |
114
+ # content=...
115
+ \s*\d+;url=(?:
116
+ # content=0;url="..."
117
+ "\s*#{escaped_test_url}[^\s"]*" |
118
+ # content=0;url='...'
119
+ '\s*#{escaped_test_url}[^\s']*' |
120
+ # content=0;url=...
121
+ #{escaped_test_url}[^\s/>]*
122
+ )
123
+ )
124
+ \s*
125
+ # /> or / >
102
126
  (?:/\s*)?>
103
127
  }xi
104
128
 
@@ -296,7 +296,7 @@ module Ronin
296
296
  #
297
297
  def check_for_sql_errors(response)
298
298
  if response.code == '500'
299
- ERROR_PATTERNS.each do |database,error_pattern|
299
+ ERROR_PATTERNS.each_value do |error_pattern|
300
300
  if error_pattern =~ response.body
301
301
  return true
302
302
  end
@@ -30,6 +30,16 @@ module Ronin
30
30
  #
31
31
  # Top-level module which scans a URL for all web vulnerabilities.
32
32
  #
33
+ # ## Examples
34
+ #
35
+ # require 'ronin/vulns/url_scanner'
36
+ #
37
+ # Ronin::Vulns::URLScanner.scan(url) do |vuln|
38
+ # # ...
39
+ # end
40
+ #
41
+ # vuln = Ronin::Vulns::URLScanner.test(url)
42
+ #
33
43
  module URLScanner
34
44
  #
35
45
  # Scans a URL for web vulnerabilities.
@@ -21,6 +21,6 @@
21
21
  module Ronin
22
22
  module Vulns
23
23
  # The ronin-vulns version
24
- VERSION = '0.1.4'
24
+ VERSION = '0.1.5'
25
25
  end
26
26
  end
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns open-redirect\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns reflected-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -82,7 +82,7 @@ Reads URLs from the given \fIFILE\fP\.
82
82
  \fB-B\fR, \fB--filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
83
83
  Optional filter\-bypass strategy to use\.
84
84
  .LP
85
- .HP
85
+ .PP
86
86
  \fB-S\fR, \fB--script-lang\fR \fBasp\|\fRasp\.net\fB\|\fRcoldfusion\fB\|\fRjsp\fB\|\fRphp\fB\|\fRperl\`
87
87
  Explicitly specify the scripting language to test for\.
88
88
  .LP
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -113,7 +113,7 @@ Escapes parenthesis\.
113
113
  \fB--sqli-terminate\fR
114
114
  Terminates the SQL expression with a \fB--\fR\.
115
115
  .LP
116
- .HP
116
+ .PP
117
117
  \fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
118
118
  Optional numeric test to use\.
119
119
  .LP
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -78,7 +78,7 @@ Tests the form param name\.
78
78
  \fB-i\fR, \fB--input\fR \fIFILE\fP
79
79
  Reads URLs from the given \fIFILE\fP\.
80
80
  .LP
81
- .HP
81
+ .PP
82
82
  \fB-T\fR, \fB--test-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
83
83
  Optional numeric test to use\.
84
84
  .LP
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ronin-vulns
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Postmodern
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-19 00:00:00.000000000 Z
11
+ date: 2024-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ronin-support
@@ -159,7 +159,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
159
159
  - !ruby/object:Gem::Version
160
160
  version: '0'
161
161
  requirements: []
162
- rubygems_version: 3.3.26
162
+ rubygems_version: 3.3.27
163
163
  signing_key:
164
164
  specification_version: 4
165
165
  summary: Tests URLs for Local File Inclusion (LFI), Remove File Inclusion (RFI), SQL