ronin-vulns 0.1.5 → 0.2.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/ChangeLog.md +43 -0
  4. data/Gemfile +14 -4
  5. data/README.md +7 -3
  6. data/Rakefile +9 -0
  7. data/data/completions/ronin-vulns +139 -0
  8. data/gemspec.yml +7 -1
  9. data/lib/ronin/vulns/cli/command.rb +1 -1
  10. data/lib/ronin/vulns/cli/commands/command_injection.rb +163 -0
  11. data/lib/ronin/vulns/cli/commands/completion.rb +63 -0
  12. data/lib/ronin/vulns/cli/commands/irb.rb +59 -0
  13. data/lib/ronin/vulns/cli/commands/lfi.rb +21 -9
  14. data/lib/ronin/vulns/cli/commands/open_redirect.rb +13 -1
  15. data/lib/ronin/vulns/cli/commands/reflected_xss.rb +13 -1
  16. data/lib/ronin/vulns/cli/commands/rfi.rb +13 -1
  17. data/lib/ronin/vulns/cli/commands/scan.rb +21 -9
  18. data/lib/ronin/vulns/cli/commands/sqli.rb +13 -1
  19. data/lib/ronin/vulns/cli/commands/ssti.rb +13 -1
  20. data/lib/ronin/vulns/cli/importable.rb +76 -0
  21. data/lib/ronin/vulns/cli/printing.rb +184 -0
  22. data/lib/ronin/vulns/cli/ruby_shell.rb +53 -0
  23. data/lib/ronin/vulns/cli/web_vuln_command.rb +216 -20
  24. data/lib/ronin/vulns/cli.rb +3 -2
  25. data/lib/ronin/vulns/command_injection.rb +267 -0
  26. data/lib/ronin/vulns/importer.rb +116 -0
  27. data/lib/ronin/vulns/lfi/test_file.rb +1 -1
  28. data/lib/ronin/vulns/lfi.rb +1 -1
  29. data/lib/ronin/vulns/open_redirect.rb +1 -1
  30. data/lib/ronin/vulns/reflected_xss/context.rb +1 -1
  31. data/lib/ronin/vulns/reflected_xss/test_string.rb +1 -1
  32. data/lib/ronin/vulns/reflected_xss.rb +1 -1
  33. data/lib/ronin/vulns/rfi.rb +64 -9
  34. data/lib/ronin/vulns/root.rb +1 -1
  35. data/lib/ronin/vulns/sqli/error_pattern.rb +1 -1
  36. data/lib/ronin/vulns/sqli.rb +36 -28
  37. data/lib/ronin/vulns/ssti/test_expression.rb +1 -1
  38. data/lib/ronin/vulns/ssti.rb +69 -53
  39. data/lib/ronin/vulns/url_scanner.rb +10 -1
  40. data/lib/ronin/vulns/version.rb +2 -2
  41. data/lib/ronin/vulns/vuln.rb +1 -1
  42. data/lib/ronin/vulns/web_vuln/http_request.rb +40 -1
  43. data/lib/ronin/vulns/web_vuln.rb +86 -16
  44. data/man/ronin-vulns-command-injection.1 +109 -0
  45. data/man/ronin-vulns-command-injection.1.md +112 -0
  46. data/man/ronin-vulns-completion.1 +76 -0
  47. data/man/ronin-vulns-completion.1.md +78 -0
  48. data/man/ronin-vulns-irb.1 +27 -0
  49. data/man/ronin-vulns-irb.1.md +26 -0
  50. data/man/ronin-vulns-lfi.1 +54 -51
  51. data/man/ronin-vulns-lfi.1.md +52 -20
  52. data/man/ronin-vulns-open-redirect.1 +51 -47
  53. data/man/ronin-vulns-open-redirect.1.md +50 -18
  54. data/man/ronin-vulns-reflected-xss.1 +50 -45
  55. data/man/ronin-vulns-reflected-xss.1.md +49 -17
  56. data/man/ronin-vulns-rfi.1 +54 -52
  57. data/man/ronin-vulns-rfi.1.md +52 -20
  58. data/man/ronin-vulns-scan.1 +68 -69
  59. data/man/ronin-vulns-scan.1.md +61 -29
  60. data/man/ronin-vulns-sqli.1 +54 -52
  61. data/man/ronin-vulns-sqli.1.md +52 -20
  62. data/man/ronin-vulns-ssti.1 +52 -48
  63. data/man/ronin-vulns-ssti.1.md +50 -18
  64. data/man/ronin-vulns.1 +73 -0
  65. data/man/ronin-vulns.1.md +69 -0
  66. data/scripts/setup +58 -0
  67. metadata +36 -5
  68. data/lib/ronin/vulns/cli/logging.rb +0 -81
@@ -2,7 +2,7 @@
2
2
  #
3
3
  # ronin-vulns - A Ruby library for blind vulnerability testing.
4
4
  #
5
- # Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
5
+ # Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
6
6
  #
7
7
  # ronin-vulns is free software: you can redistribute it and/or modify
8
8
  # it under the terms of the GNU Lesser General Public License as published
@@ -20,6 +20,7 @@
20
20
 
21
21
  require 'ronin/vulns/vuln'
22
22
  require 'ronin/support/network/http/cookie'
23
+ require 'ronin/support/network/http/user_agents'
23
24
 
24
25
  require 'uri/query_params'
25
26
 
@@ -55,6 +56,19 @@ module Ronin
55
56
  # @return [String, nil]
56
57
  attr_reader :password
57
58
 
59
+ # The optional HTTP `User-Agent` header to send with each request.
60
+ #
61
+ # @return [String, :random, :chrome, :chrome_linux, :chrome_macos,
62
+ # :chrome_windows, :chrome_iphone, :chrome_ipad,
63
+ # :chrome_android, :firefox, :firefox_linux, :firefox_macos,
64
+ # :firefox_windows, :firefox_iphone, :firefox_ipad,
65
+ # :firefox_android, :safari, :safari_macos, :safari_iphone,
66
+ # :safari_ipad, :edge, :linux, :macos, :windows, :iphone,
67
+ # :ipad, :android, nil]
68
+ #
69
+ # @since 0.2.0
70
+ attr_reader :user_agent
71
+
58
72
  # The optional HTTP `Referer` header for the request.
59
73
  #
60
74
  # @return [String, nil]
@@ -103,6 +117,9 @@ module Ronin
103
117
  # @param [Hash{Symbol,String => String}, nil] headers
104
118
  # Additional HTTP header names and values to add to the request.
105
119
  #
120
+ # @param [String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil] user_agent
121
+ # Optional `User-Agent` header to send with requests.
122
+ #
106
123
  # @param [String, Hash{String => String}, nil] cookie
107
124
  # Additional `Cookie` header for the request..
108
125
  #
@@ -112,6 +129,7 @@ module Ronin
112
129
  def initialize(url, request_method: :get,
113
130
  user: nil,
114
131
  password: nil,
132
+ user_agent: nil,
115
133
  referer: nil,
116
134
  query_params: nil,
117
135
  headers: nil,
@@ -128,6 +146,7 @@ module Ronin
128
146
  @request_method = request_method
129
147
  @user = user
130
148
  @password = password
149
+ @user_agent = user_agent
131
150
  @referer = referer
132
151
 
133
152
  @query_params = query_params
@@ -138,6 +157,21 @@ module Ronin
138
157
  @form_data = form_data
139
158
  end
140
159
 
160
+ #
161
+ # The `User-Agent` string for the request.
162
+ #
163
+ # @return [String, nil]
164
+ #
165
+ # @since 0.2.0
166
+ #
167
+ def user_agent_string
168
+ case @user_agent
169
+ when String, nil then @user_agent
170
+ else
171
+ Support::Network::HTTP::UserAgents[@user_agent]
172
+ end
173
+ end
174
+
141
175
  #
142
176
  # Converts the HTTP request to a `curl` command.
143
177
  #
@@ -156,6 +190,10 @@ module Ronin
156
190
  command << '--user' << escape.call("#{@user}:#{@password}")
157
191
  end
158
192
 
193
+ if @user_agent
194
+ command << '--user-agent' << escape.call(user_agent_string)
195
+ end
196
+
159
197
  if @referer
160
198
  command << '--referer' << escape.call(@referer)
161
199
  end
@@ -201,6 +239,7 @@ module Ronin
201
239
  request << "Authorization: Basic #{basic_auth}"
202
240
  end
203
241
 
242
+ request << "User-Agent: #{user_agent_string}" if @user_agent
204
243
  request << "Referer: #{@referer}" if @referer
205
244
  request << "Cookie: #{@cookie}" if (@cookie && !@cookie.empty?)
206
245
 
@@ -2,7 +2,7 @@
2
2
  #
3
3
  # ronin-vulns - A Ruby library for blind vulnerability testing.
4
4
  #
5
- # Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
5
+ # Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
6
6
  #
7
7
  # ronin-vulns is free software: you can redistribute it and/or modify
8
8
  # it under the terms of the GNU Lesser General Public License as published
@@ -88,6 +88,19 @@ module Ronin
88
88
  # @return [Hash{Symbol,String => String}, nil]
89
89
  attr_reader :headers
90
90
 
91
+ # The optional HTTP `User-Agent` header to send with each request.
92
+ #
93
+ # @return [String, :random, :chrome, :chrome_linux, :chrome_macos,
94
+ # :chrome_windows, :chrome_iphone, :chrome_ipad,
95
+ # :chrome_android, :firefox, :firefox_linux, :firefox_macos,
96
+ # :firefox_windows, :firefox_iphone, :firefox_ipad,
97
+ # :firefox_android, :safari, :safari_macos, :safari_iphone,
98
+ # :safari_ipad, :edge, :linux, :macos, :windows, :iphone,
99
+ # :ipad, :android, nil]
100
+ #
101
+ # @since 0.2.0
102
+ attr_reader :user_agent
103
+
91
104
  # Additional `Cookie` header. If a `Hash` is given, it will be converted
92
105
  # to a `String` using `Ronin::Support::Network::HTTP::Cookie`.
93
106
  #
@@ -139,6 +152,15 @@ module Ronin
139
152
  # @param [Hash{Symbol,String => String}, nil] headers
140
153
  # Additional HTTP header names and values to add to the request.
141
154
  #
155
+ # @param [String, :random, :chrome, :chrome_linux, :chrome_macos,
156
+ # :chrome_windows, :chrome_iphone, :chrome_ipad,
157
+ # :chrome_android, :firefox, :firefox_linux, :firefox_macos,
158
+ # :firefox_windows, :firefox_iphone, :firefox_ipad,
159
+ # :firefox_android, :safari, :safari_macos, :safari_iphone,
160
+ # :safari_ipad, :edge, :linux, :macos, :windows, :iphone,
161
+ # :ipad, :android, nil] user_agent
162
+ # The optional HTTP `User-Agent` header to send with each request.
163
+ #
142
164
  # @param [Hash{String => String}, nil] cookie
143
165
  # Additional `Cookie` header. If a `Hash` is given, it will be
144
166
  # converted to a `String` using `Ronin::Support::Network::HTTP::Cookie`.
@@ -159,6 +181,7 @@ module Ronin
159
181
  user: nil,
160
182
  password: nil,
161
183
  headers: nil,
184
+ user_agent: nil,
162
185
  cookie: nil,
163
186
  form_data: nil,
164
187
  referer: nil)
@@ -176,11 +199,51 @@ module Ronin
176
199
  @user = user
177
200
  @password = password
178
201
  @headers = headers
202
+ @user_agent = user_agent
179
203
  @cookie = cookie
180
204
  @form_data = form_data
181
205
  @referer = referer
182
206
  end
183
207
 
208
+ #
209
+ # Internal method that tests combinations of configurations for a specific
210
+ # query param, header name, cookie param, or form param.
211
+ #
212
+ # @param [URI::HTTP] url
213
+ # The URL to test.
214
+ #
215
+ # @param [Ronin::Support::Network::HTTP, nil] http
216
+ # An HTTP session to use for testing the URL.
217
+ #
218
+ # @param [Hash{Symbol => Object}] kwargs
219
+ # Additional keyword arguments for {#initialize}.
220
+ #
221
+ # @option kwargs [Symbol, String, nil] :query_param
222
+ # The query param name to test.
223
+ #
224
+ # @option kwargs [Symbol, String, nil] :header_name
225
+ # The header name to test.
226
+ #
227
+ # @option kwargs [Symbol, String, true, nil] :cookie_param
228
+ # The cookie param name to test.
229
+ #
230
+ # @option kwargs [Symbol, String, nil] :form_param
231
+ # The form param name to test.
232
+ #
233
+ # @return [WebVuln, nil]
234
+ # The first discovered web vulnerability for the specific query param,
235
+ # header name, cookie param, or form param.
236
+ #
237
+ # @api private
238
+ #
239
+ # @since 0.2.0
240
+ #
241
+ def self.test_param(url, http: , **kwargs)
242
+ vuln = new(url, http: http, **kwargs)
243
+
244
+ return vuln if vuln.vulnerable?
245
+ end
246
+
184
247
  #
185
248
  # Scans the query parameters of the URL.
186
249
  #
@@ -212,9 +275,7 @@ module Ronin
212
275
  vulns = []
213
276
 
214
277
  query_params.each do |param|
215
- vuln = new(url, query_param: param, http: http, **kwargs)
216
-
217
- if vuln.vulnerable?
278
+ if (vuln = test_param(url, query_param: param, http: http, **kwargs))
218
279
  yield vuln if block_given?
219
280
  vulns << vuln
220
281
  end
@@ -252,9 +313,7 @@ module Ronin
252
313
  vulns = []
253
314
 
254
315
  header_names.each do |header_name|
255
- vuln = new(url, header_name: header_name, http: http, **kwargs)
256
-
257
- if vuln.vulnerable?
316
+ if (vuln = test_param(url, header_name: header_name, http: http, **kwargs))
258
317
  yield vuln if block_given?
259
318
  vulns << vuln
260
319
  end
@@ -303,9 +362,7 @@ module Ronin
303
362
  vulns = []
304
363
 
305
364
  cookie_params.each do |cookie_param|
306
- vuln = new(url, cookie_param: cookie_param, http: http, **kwargs)
307
-
308
- if vuln.vulnerable?
365
+ if (vuln = test_param(url, cookie_param: cookie_param, http: http, **kwargs))
309
366
  yield vuln if block_given?
310
367
  vulns << vuln
311
368
  end
@@ -336,16 +393,15 @@ module Ronin
336
393
  # @return [Array<Web>]
337
394
  # All discovered web vulnerabilities.
338
395
  #
339
- def self.scan_form_params(url,form_params, http: nil, **kwargs)
396
+ def self.scan_form_params(url,form_params=nil, http: nil, form_data: {}, **kwargs)
340
397
  url = URI(url)
341
398
  http ||= Support::Network::HTTP.connect_uri(url)
342
399
 
343
- vulns = []
400
+ form_params ||= form_data.keys
401
+ vulns = []
344
402
 
345
403
  form_params.each do |form_param|
346
- vuln = new(url, form_param: form_param, http: http, **kwargs)
347
-
348
- if vuln.vulnerable?
404
+ if (vuln = test_param(url, form_param: form_param, form_data: form_data, http: http, **kwargs))
349
405
  yield vuln if block_given?
350
406
  vulns << vuln
351
407
  end
@@ -392,6 +448,9 @@ module Ronin
392
448
  # @option kwargs [Hash{String => String}, nil] :headers
393
449
  # Additional headers to send with requests.
394
450
  #
451
+ # @option kwargs [String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil] :user_agent
452
+ # Optional `User-Agent` header to send with requests.
453
+ #
395
454
  # @option kwargs [Hash{String => String}, Ronin::Support::Network::HTTP::Cookie, nil] :cookie
396
455
  # Additional cookie params to send with requests.
397
456
  #
@@ -455,7 +514,12 @@ module Ronin
455
514
 
456
515
  if form_params
457
516
  vulns.concat(
458
- scan_form_params(url,form_params, http: http, **kwargs,&block)
517
+ case form_params
518
+ when true
519
+ scan_form_params(url, http: http, **kwargs,&block)
520
+ else
521
+ scan_form_params(url,form_params, http: http, **kwargs,&block)
522
+ end
459
523
  )
460
524
  end
461
525
  end
@@ -502,6 +566,9 @@ module Ronin
502
566
  # @option kwargs [Hash{String => String}, nil] :headers
503
567
  # Additional headers to send with requests.
504
568
  #
569
+ # @option kwargs [String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil] :user_agent
570
+ # Optional `User-Agent` header to send with requests.
571
+ #
505
572
  # @option kwargs [Hash{String => String}, Ronin::Support::Network::HTTP::Cookie, nil] :cookie
506
573
  # Additional cookie params to send with requests.
507
574
  #
@@ -537,6 +604,7 @@ module Ronin
537
604
  @request_method, @url.path, user: @user,
538
605
  password: @password,
539
606
  query_params: @query_params,
607
+ user_agent: @user_agent,
540
608
  cookie: @cookie,
541
609
  referer: @referer,
542
610
  headers: @headers,
@@ -738,6 +806,7 @@ module Ronin
738
806
  @url, request_method: @request_method,
739
807
  user: @user,
740
808
  password: @password,
809
+ user_agent: @user_agent,
741
810
  referer: @referer,
742
811
  query_params: exploit_query_params(payload),
743
812
  cookie: exploit_cookie(payload),
@@ -761,6 +830,7 @@ module Ronin
761
830
  @url, request_method: @request_method,
762
831
  user: @user,
763
832
  password: @password,
833
+ user_agent: @user_agent,
764
834
  referer: @referer,
765
835
  query_params: exploit_query_params(payload),
766
836
  cookie: exploit_cookie(payload),
@@ -0,0 +1,109 @@
1
+ .\" Generated by kramdown-man 1.0.1
2
+ .\" https://github.com/postmodern/kramdown-man#readme
3
+ .TH ronin-vulns-command-injection 1 "May 2023" Ronin "User Manuals"
4
+ .SH NAME
5
+ .PP
6
+ ronin\-vulns\-command\-injection \- Scans URL(s) for Command Injection vulnerabilities
7
+ .SH SYNOPSIS
8
+ .PP
9
+ \fBronin\-vulns command\-injection\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
10
+ .SH DESCRIPTION
11
+ .PP
12
+ Scans URL(s) for Command Injection vulnerabilities\. The URLs to scan
13
+ can be given as additional arguments or read from a file using the \fB\-\-input\fR
14
+ option\.
15
+ .SH ARGUMENTS
16
+ .TP
17
+ \fIURL\fP
18
+ A URL to scan\.
19
+ .SH OPTIONS
20
+ .TP
21
+ \fB\-\-db\fR \fINAME\fP
22
+ The database name to connect to\. Defaults to \fBdefault\fR if not given\.
23
+ .TP
24
+ \fB\-\-db\-uri\fR \fIURI\fP
25
+ The database URI to connect to
26
+ (ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
27
+ .TP
28
+ \fB\-\-db\-file\fR \fIPATH\fP
29
+ The sqlite3 database file to use\.
30
+ .TP
31
+ \fB\-\-import\fR
32
+ Imports discovered vulnerabilities into the database\.
33
+ .TP
34
+ \fB\-\-first\fR
35
+ Only find the first vulnerability for each URL\.
36
+ .TP
37
+ \fB\-A\fR, \fB\-\-all\fR
38
+ Find all vulnerabilities for each URL\.
39
+ .TP
40
+ \fB\-\-print\-curl\fR
41
+ Also prints an example \fBcurl\fR command for each vulnerability\.
42
+ .TP
43
+ \fB\-\-print\-http\fR
44
+ Also prints an example HTTP request for each vulnerability\.
45
+ .TP
46
+ \fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
47
+ Sets the HTTP request method to use\.
48
+ .TP
49
+ \fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
50
+ Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
51
+ .TP
52
+ \fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
53
+ Sets the \fBUser\-Agent\fR header string\.
54
+ .TP
55
+ \fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
56
+ Sets the \fBUser\-Agent\fR header\.
57
+ .TP
58
+ \fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
59
+ Sets the raw \fBCookie\fR header\.
60
+ .TP
61
+ \fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
62
+ Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
63
+ .TP
64
+ \fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
65
+ Sets the \fBReferer\fR header\.
66
+ .TP
67
+ \fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
68
+ Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
69
+ .TP
70
+ \fB\-\-test\-query\-param\fR \fINAME\fP
71
+ Tests the URL query param name\.
72
+ .TP
73
+ \fB\-\-test\-all\-query\-params\fR
74
+ Test all URL query param names\.
75
+ .TP
76
+ \fB\-\-test\-header\-name\fR \fINAME\fP
77
+ Tests the HTTP Header name\.
78
+ .TP
79
+ \fB\-\-test\-cookie\-param\fR \fINAME\fP
80
+ Tests the HTTP Cookie name\.
81
+ .TP
82
+ \fB\-\-test\-all\-cookie\-params\fR
83
+ Test all Cookie param names\.
84
+ .TP
85
+ \fB\-\-test\-form\-param\fR \fINAME\fP
86
+ Tests the form param name\.
87
+ .TP
88
+ \fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
89
+ Reads URLs from the given \fIFILE\fP\.
90
+ .TP
91
+ \fB\-Q\fR, \fB\-\-escape\-quote\fR \fICHAR\fP
92
+ The string quotation character to use to escape the command\.
93
+ .TP
94
+ \fB\-O\fR, \fB\-\-escape\-operator\fR \fICHAR\fP
95
+ The command operator character to use to escape the command\.
96
+ .TP
97
+ \fB\-T\fR, \fB\-\-terminator\fR \fICHAR\fP
98
+ The command termination character to use\.
99
+ .TP
100
+ \fB\-h\fR, \fB\-\-help\fR
101
+ Print help information\.
102
+ .SH AUTHOR
103
+ .PP
104
+ Postmodern
105
+ .MT postmodern\.mod3\[at]gmail\.com
106
+ .ME
107
+ .SH SEE ALSO
108
+ .PP
109
+ .BR ronin\-vulns\-scan (1)
@@ -0,0 +1,112 @@
1
+ # ronin-vulns-command-injection 1 "May 2023" Ronin "User Manuals"
2
+
3
+ ## NAME
4
+
5
+ ronin-vulns-command-injection - Scans URL(s) for Command Injection vulnerabilities
6
+
7
+ ## SYNOPSIS
8
+
9
+ `ronin-vulns command-injection` [*options*] {*URL* ... \| `--input` *FILE*}
10
+
11
+ ## DESCRIPTION
12
+
13
+ Scans URL(s) for Command Injection vulnerabilities. The URLs to scan
14
+ can be given as additional arguments or read from a file using the `--input`
15
+ option.
16
+
17
+ ## ARGUMENTS
18
+
19
+ *URL*
20
+ : A URL to scan.
21
+
22
+ ## OPTIONS
23
+
24
+ `--db` *NAME*
25
+ : The database name to connect to. Defaults to `default` if not given.
26
+
27
+ `--db-uri` *URI*
28
+ : The database URI to connect to
29
+ (ex: `postgres://user:password@host/db`).
30
+
31
+ `--db-file` *PATH*
32
+ : The sqlite3 database file to use.
33
+
34
+ `--import`
35
+ : Imports discovered vulnerabilities into the database.
36
+
37
+ `--first`
38
+ : Only find the first vulnerability for each URL.
39
+
40
+ `-A`, `--all`
41
+ : Find all vulnerabilities for each URL.
42
+
43
+ `--print-curl`
44
+ : Also prints an example `curl` command for each vulnerability.
45
+
46
+ `--print-http`
47
+ : Also prints an example HTTP request for each vulnerability.
48
+
49
+ `-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
50
+ : Sets the HTTP request method to use.
51
+
52
+ `-H`, `--header` "*Name*: *value*"
53
+ : Sets an additional header using the given *Name* and *value*.
54
+
55
+ `-U`, `--user-agent-string` *STRING*
56
+ : Sets the `User-Agent` header string.
57
+
58
+ `-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
59
+ : Sets the `User-Agent` header.
60
+
61
+ `-C`, `--cookie` *COOKIE*
62
+ : Sets the raw `Cookie` header.
63
+
64
+ `-c`, `--cookie-param` *NAME*`=`*VALUE*
65
+ : Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
66
+
67
+ `-R`, `--referer` *URL*
68
+ : Sets the `Referer` header.
69
+
70
+ `-F`, `--form-param` *NAME*`=`*VALUE*
71
+ : Sets an additional form param using the given *NAME* and *VALUE*.
72
+
73
+ `--test-query-param` *NAME*
74
+ : Tests the URL query param name.
75
+
76
+ `--test-all-query-params`
77
+ : Test all URL query param names.
78
+
79
+ `--test-header-name` *NAME*
80
+ : Tests the HTTP Header name.
81
+
82
+ `--test-cookie-param` *NAME*
83
+ : Tests the HTTP Cookie name.
84
+
85
+ `--test-all-cookie-params`
86
+ : Test all Cookie param names.
87
+
88
+ `--test-form-param` *NAME*
89
+ : Tests the form param name.
90
+
91
+ `-i`, `--input` *FILE*
92
+ : Reads URLs from the given *FILE*.
93
+
94
+ `-Q`, `--escape-quote` *CHAR*
95
+ : The string quotation character to use to escape the command.
96
+
97
+ `-O`, `--escape-operator` *CHAR*
98
+ : The command operator character to use to escape the command.
99
+
100
+ `-T`, `--terminator` *CHAR*
101
+ : The command termination character to use.
102
+
103
+ `-h`, `--help`
104
+ : Print help information.
105
+
106
+ ## AUTHOR
107
+
108
+ Postmodern <postmodern.mod3@gmail.com>
109
+
110
+ ## SEE ALSO
111
+
112
+ [ronin-vulns-scan](ronin-vulns-scan.1.md)
@@ -0,0 +1,76 @@
1
+ .\" Generated by kramdown-man 1.0.1
2
+ .\" https://github.com/postmodern/kramdown-man#readme
3
+ .TH ronin-vulns-completion 1 "2024-01-01" Ronin Vulns "User Manuals"
4
+ .SH NAME
5
+ .PP
6
+ ronin\-vulns\-completion \- Manages shell completion rules for \fBronin\-vulns\fR
7
+ .SH SYNOPSIS
8
+ .PP
9
+ \fBronin\-vulns completion\fR \[lB]\fIoptions\fP\[rB]
10
+ .SH DESCRIPTION
11
+ .PP
12
+ The \fBronin\-vulns completion\fR command can print, install, or uninstall shell
13
+ completion rules for the \fBronin\-vulns\fR command\.
14
+ .PP
15
+ Supports installing completion rules for Bash or Zsh shells\.
16
+ Completion rules for the Fish shell is currently not supported\.
17
+ .SS ZSH SUPPORT
18
+ .PP
19
+ Zsh users will have to add the following lines to their \fB\[ti]\[sl]\.zshrc\fR file in
20
+ order to enable Zsh\[cq]s Bash completion compatibility layer:
21
+ .PP
22
+ .RS 4
23
+ .EX
24
+ autoload \-Uz \[pl]X compinit && compinit
25
+ autoload \-Uz \[pl]X bashcompinit && bashcompinit
26
+ .EE
27
+ .RE
28
+ .SH OPTIONS
29
+ .TP
30
+ \fB\-\-print\fR
31
+ Prints the shell completion file\.
32
+ .TP
33
+ \fB\-\-install\fR
34
+ Installs the shell completion file\.
35
+ .TP
36
+ \fB\-\-uninstall\fR
37
+ Uninstalls the shell completion file\.
38
+ .TP
39
+ \fB\-h\fR, \fB\-\-help\fR
40
+ Prints help information\.
41
+ .SH ENVIRONMENT
42
+ .TP
43
+ \fIPREFIX\fP
44
+ Specifies the root prefix for the file system\.
45
+ .TP
46
+ \fIHOME\fP
47
+ Specifies the home directory of the user\. Ronin will search for the
48
+ \fB\[ti]\[sl]\.cache\[sl]ronin\-vulns\fR cache directory within the home directory\.
49
+ .TP
50
+ \fIXDG\[ru]DATA\[ru]HOME\fP
51
+ Specifies the data directory to use\. Defaults to \fB\[Do]HOME\[sl]\.local\[sl]share\fR\.
52
+ .SH FILES
53
+ .TP
54
+ \fB\[ti]\[sl]\.local\[sl]share\[sl]bash\-completion\[sl]completions\[sl]\fR
55
+ The user\-local installation directory for Bash completion files\.
56
+ .TP
57
+ \fB\[sl]usr\[sl]local\[sl]share\[sl]bash\-completion\[sl]completions\[sl]\fR
58
+ The system\-wide installation directory for Bash completions files\.
59
+ .TP
60
+ \fB\[sl]usr\[sl]local\[sl]share\[sl]zsh\[sl]site\-functions\[sl]\fR
61
+ The installation directory for Zsh completion files\.
62
+ .SH EXAMPLES
63
+ .TP
64
+ \fBronin\-vulns completion \-\-print\fR
65
+ Prints the shell completion rules instead of installing them\.
66
+ .TP
67
+ \fBronin\-vulns completion \-\-install\fR
68
+ Installs the shell completion rules for \fBronin\-vulns\fR\.
69
+ .TP
70
+ \fBronin\-vulns completion \-\-uninstall\fR
71
+ Uninstalls the shell completion rules for \fBronin\-vulns\fR\.
72
+ .SH AUTHOR
73
+ .PP
74
+ Postmodern
75
+ .MT postmodern\.mod3\[at]gmail\.com
76
+ .ME
@@ -0,0 +1,78 @@
1
+ # ronin-vulns-completion 1 "2024-01-01" Ronin Vulns "User Manuals"
2
+
3
+ ## NAME
4
+
5
+ ronin-vulns-completion - Manages shell completion rules for `ronin-vulns`
6
+
7
+ ## SYNOPSIS
8
+
9
+ `ronin-vulns completion` [*options*]
10
+
11
+ ## DESCRIPTION
12
+
13
+ The `ronin-vulns completion` command can print, install, or uninstall shell
14
+ completion rules for the `ronin-vulns` command.
15
+
16
+ Supports installing completion rules for Bash or Zsh shells.
17
+ Completion rules for the Fish shell is currently not supported.
18
+
19
+ ### ZSH SUPPORT
20
+
21
+ Zsh users will have to add the following lines to their `~/.zshrc` file in
22
+ order to enable Zsh's Bash completion compatibility layer:
23
+
24
+ autoload -Uz +X compinit && compinit
25
+ autoload -Uz +X bashcompinit && bashcompinit
26
+
27
+ ## OPTIONS
28
+
29
+ `--print`
30
+ : Prints the shell completion file.
31
+
32
+ `--install`
33
+ : Installs the shell completion file.
34
+
35
+ `--uninstall`
36
+ : Uninstalls the shell completion file.
37
+
38
+ `-h`, `--help`
39
+ : Prints help information.
40
+
41
+ ## ENVIRONMENT
42
+
43
+ *PREFIX*
44
+ : Specifies the root prefix for the file system.
45
+
46
+ *HOME*
47
+ : Specifies the home directory of the user. Ronin will search for the
48
+ `~/.cache/ronin-vulns` cache directory within the home directory.
49
+
50
+ *XDG_DATA_HOME*
51
+ : Specifies the data directory to use. Defaults to `$HOME/.local/share`.
52
+
53
+ ## FILES
54
+
55
+ `~/.local/share/bash-completion/completions/`
56
+ : The user-local installation directory for Bash completion files.
57
+
58
+ `/usr/local/share/bash-completion/completions/`
59
+ : The system-wide installation directory for Bash completions files.
60
+
61
+ `/usr/local/share/zsh/site-functions/`
62
+ : The installation directory for Zsh completion files.
63
+
64
+ ## EXAMPLES
65
+
66
+ `ronin-vulns completion --print`
67
+ : Prints the shell completion rules instead of installing them.
68
+
69
+ `ronin-vulns completion --install`
70
+ : Installs the shell completion rules for `ronin-vulns`.
71
+
72
+ `ronin-vulns completion --uninstall`
73
+ : Uninstalls the shell completion rules for `ronin-vulns`.
74
+
75
+ ## AUTHOR
76
+
77
+ Postmodern <postmodern.mod3@gmail.com>
78
+