ronin-vulns 0.1.5 → 0.2.0.rc1

data/lib/ronin/vulns/web_vuln/http_request.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -20,6 +20,7 @@
 
 require 'ronin/vulns/vuln'
 require 'ronin/support/network/http/cookie'
+require 'ronin/support/network/http/user_agents'
 
 require 'uri/query_params'
 
@@ -55,6 +56,19 @@ module Ronin
         # @return [String, nil]
         attr_reader :password
 
+        # The optional HTTP `User-Agent` header to send with each request.
+        #
+        # @return [String, :random, :chrome, :chrome_linux, :chrome_macos,
+        #          :chrome_windows, :chrome_iphone, :chrome_ipad,
+        #          :chrome_android, :firefox, :firefox_linux, :firefox_macos,
+        #          :firefox_windows, :firefox_iphone, :firefox_ipad,
+        #          :firefox_android, :safari, :safari_macos, :safari_iphone,
+        #          :safari_ipad, :edge, :linux, :macos, :windows, :iphone,
+        #          :ipad, :android, nil]
+        #
+        # @since 0.2.0
+        attr_reader :user_agent
+
         # The optional HTTP `Referer` header for the request.
         #
         # @return [String, nil]
@@ -103,6 +117,9 @@ module Ronin
         # @param [Hash{Symbol,String => String}, nil] headers
         #   Additional HTTP header names and values to add to the request.
         #
+        # @param [String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil] user_agent
+        #   Optional `User-Agent` header to send with requests.
+        #
         # @param [String, Hash{String => String}, nil] cookie
         #   Additional `Cookie` header for the request..
         #
@@ -112,6 +129,7 @@ module Ronin
         def initialize(url, request_method: :get,
                             user:           nil,
                             password:       nil,
+                            user_agent:     nil,
                             referer:        nil,
                             query_params:   nil,
                             headers:        nil,
@@ -128,6 +146,7 @@ module Ronin
           @request_method = request_method
           @user           = user
           @password       = password
+          @user_agent     = user_agent
           @referer        = referer
 
           @query_params = query_params
@@ -138,6 +157,21 @@ module Ronin
           @form_data    = form_data
         end
 
+        #
+        # The `User-Agent` string for the request.
+        #
+        # @return [String, nil]
+        #
+        # @since 0.2.0
+        #
+        def user_agent_string
+          case @user_agent
+          when String, nil then @user_agent
+          else
+            Support::Network::HTTP::UserAgents[@user_agent]
+          end
+        end
+
         #
         # Converts the HTTP request to a `curl` command.
         #
@@ -156,6 +190,10 @@ module Ronin
             command << '--user' << escape.call("#{@user}:#{@password}")
           end
 
+          if @user_agent
+            command << '--user-agent' << escape.call(user_agent_string)
+          end
+
           if @referer
             command << '--referer' << escape.call(@referer)
           end
@@ -201,6 +239,7 @@ module Ronin
             request << "Authorization: Basic #{basic_auth}"
           end
 
+          request << "User-Agent: #{user_agent_string}" if @user_agent
           request << "Referer: #{@referer}" if @referer
           request << "Cookie: #{@cookie}"   if (@cookie && !@cookie.empty?)
 

data/lib/ronin/vulns/web_vuln.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
@@ -88,6 +88,19 @@ module Ronin
       # @return [Hash{Symbol,String => String}, nil]
       attr_reader :headers
 
+      # The optional HTTP `User-Agent` header to send with each request.
+      #
+      # @return [String, :random, :chrome, :chrome_linux, :chrome_macos,
+      #          :chrome_windows, :chrome_iphone, :chrome_ipad,
+      #          :chrome_android, :firefox, :firefox_linux, :firefox_macos,
+      #          :firefox_windows, :firefox_iphone, :firefox_ipad,
+      #          :firefox_android, :safari, :safari_macos, :safari_iphone,
+      #          :safari_ipad, :edge, :linux, :macos, :windows, :iphone,
+      #          :ipad, :android, nil]
+      #
+      # @since 0.2.0
+      attr_reader :user_agent
+
       # Additional `Cookie` header. If a `Hash` is given, it will be converted
       # to a `String` using `Ronin::Support::Network::HTTP::Cookie`.
       #
@@ -139,6 +152,15 @@ module Ronin
       # @param [Hash{Symbol,String => String}, nil] headers
       #   Additional HTTP header names and values to add to the request.
       #
+      # @param [String, :random, :chrome, :chrome_linux, :chrome_macos,
+      #          :chrome_windows, :chrome_iphone, :chrome_ipad,
+      #          :chrome_android, :firefox, :firefox_linux, :firefox_macos,
+      #          :firefox_windows, :firefox_iphone, :firefox_ipad,
+      #          :firefox_android, :safari, :safari_macos, :safari_iphone,
+      #          :safari_ipad, :edge, :linux, :macos, :windows, :iphone,
+      #          :ipad, :android, nil] user_agent
+      #   The optional HTTP `User-Agent` header to send with each request.
+      #
       # @param [Hash{String => String}, nil] cookie
       #   Additional `Cookie` header. If a `Hash` is given, it will be
       #   converted to a `String` using `Ronin::Support::Network::HTTP::Cookie`.
@@ -159,6 +181,7 @@ module Ronin
                           user:           nil,
                           password:       nil,
                           headers:        nil,
+                          user_agent:     nil,
                           cookie:         nil,
                           form_data:      nil,
                           referer:        nil)
@@ -176,11 +199,51 @@ module Ronin
         @user           = user
         @password       = password
         @headers        = headers
+        @user_agent     = user_agent
         @cookie         = cookie
         @form_data      = form_data
         @referer        = referer
       end
 
+      #
+      # Internal method that tests combinations of configurations for a specific
+      # query param, header name, cookie param, or form param.
+      #
+      # @param [URI::HTTP] url
+      #   The URL to test.
+      #
+      # @param [Ronin::Support::Network::HTTP, nil] http
+      #   An HTTP session to use for testing the URL.
+      #
+      # @param [Hash{Symbol => Object}] kwargs
+      #   Additional keyword arguments for {#initialize}.
+      #
+      # @option kwargs [Symbol, String, nil] :query_param
+      #   The query param name to test.
+      #
+      # @option kwargs [Symbol, String, nil] :header_name
+      #   The header name to test.
+      #
+      # @option kwargs [Symbol, String, true, nil] :cookie_param
+      #   The cookie param name to test.
+      #
+      # @option kwargs [Symbol, String, nil] :form_param
+      #   The form param name to test.
+      #
+      # @return [WebVuln, nil]
+      #   The first discovered web vulnerability for the specific query param,
+      #   header name, cookie param, or form param.
+      #
+      # @api private
+      #
+      # @since 0.2.0
+      #
+      def self.test_param(url, http: , **kwargs)
+        vuln = new(url, http: http, **kwargs)
+
+        return vuln if vuln.vulnerable?
+      end
+
       #
       # Scans the query parameters of the URL.
       #
@@ -212,9 +275,7 @@ module Ronin
         vulns          = []
 
         query_params.each do |param|
-          vuln = new(url, query_param: param, http: http, **kwargs)
-
-          if vuln.vulnerable?
+          if (vuln = test_param(url, query_param: param, http: http, **kwargs))
             yield vuln if block_given?
             vulns << vuln
           end
@@ -252,9 +313,7 @@ module Ronin
         vulns = []
 
         header_names.each do |header_name|
-          vuln = new(url, header_name: header_name, http: http, **kwargs)
-
-          if vuln.vulnerable?
+          if (vuln = test_param(url, header_name: header_name, http: http, **kwargs))
             yield vuln if block_given?
             vulns << vuln
           end
@@ -303,9 +362,7 @@ module Ronin
         vulns = []
 
         cookie_params.each do |cookie_param|
-          vuln = new(url, cookie_param: cookie_param, http: http, **kwargs)
-
-          if vuln.vulnerable?
+          if (vuln = test_param(url, cookie_param: cookie_param, http: http, **kwargs))
             yield vuln if block_given?
             vulns << vuln
           end
@@ -336,16 +393,15 @@ module Ronin
       # @return [Array<Web>]
       #   All discovered web vulnerabilities.
       #
-      def self.scan_form_params(url,form_params, http: nil, **kwargs)
+      def self.scan_form_params(url,form_params=nil, http: nil, form_data: {}, **kwargs)
         url    = URI(url)
         http ||= Support::Network::HTTP.connect_uri(url)
 
-        vulns = []
+        form_params ||= form_data.keys
+        vulns         = []
 
         form_params.each do |form_param|
-          vuln = new(url, form_param: form_param, http: http, **kwargs)
-
-          if vuln.vulnerable?
+          if (vuln = test_param(url, form_param: form_param, form_data: form_data, http: http, **kwargs))
             yield vuln if block_given?
             vulns << vuln
           end
@@ -392,6 +448,9 @@ module Ronin
       # @option kwargs [Hash{String => String}, nil] :headers
       #   Additional headers to send with requests.
       #
+      # @option kwargs [String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil] :user_agent
+      #   Optional `User-Agent` header to send with requests.
+      #
       # @option kwargs [Hash{String => String}, Ronin::Support::Network::HTTP::Cookie, nil] :cookie
       #   Additional cookie params to send with requests.
       #
@@ -455,7 +514,12 @@ module Ronin
 
           if form_params
             vulns.concat(
-              scan_form_params(url,form_params, http: http, **kwargs,&block)
+              case form_params
+              when true
+                scan_form_params(url, http: http, **kwargs,&block)
+              else
+                scan_form_params(url,form_params, http: http, **kwargs,&block)
+              end
             )
           end
         end
@@ -502,6 +566,9 @@ module Ronin
       # @option kwargs [Hash{String => String}, nil] :headers
       #   Additional headers to send with requests.
       #
+      # @option kwargs [String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil] :user_agent
+      #   Optional `User-Agent` header to send with requests.
+      #
       # @option kwargs [Hash{String => String}, Ronin::Support::Network::HTTP::Cookie, nil] :cookie
       #   Additional cookie params to send with requests.
       #
@@ -537,6 +604,7 @@ module Ronin
           @request_method, @url.path, user:         @user,
                                       password:     @password,
                                       query_params: @query_params,
+                                      user_agent:   @user_agent,
                                       cookie:       @cookie,
                                       referer:      @referer,
                                       headers:      @headers,
@@ -738,6 +806,7 @@ module Ronin
           @url, request_method: @request_method,
                 user:           @user,
                 password:       @password,
+                user_agent:     @user_agent,
                 referer:        @referer,
                 query_params:   exploit_query_params(payload),
                 cookie:         exploit_cookie(payload),
@@ -761,6 +830,7 @@ module Ronin
           @url, request_method: @request_method,
                 user:           @user,
                 password:       @password,
+                user_agent:     @user_agent,
                 referer:        @referer,
                 query_params:   exploit_query_params(payload),
                 cookie:         exploit_cookie(payload),

data/man/ronin-vulns-command-injection.1

@@ -0,0 +1,109 @@
+.\" Generated by kramdown-man 1.0.1
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-command-injection 1 "May 2023" Ronin "User Manuals"
+.SH NAME
+.PP
+ronin\-vulns\-command\-injection \- Scans URL(s) for Command Injection vulnerabilities
+.SH SYNOPSIS
+.PP
+\fBronin\-vulns command\-injection\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
+.SH DESCRIPTION
+.PP
+Scans URL(s) for Command Injection vulnerabilities\. The URLs to scan
+can be given as additional arguments or read from a file using the \fB\-\-input\fR
+option\.
+.SH ARGUMENTS
+.TP
+\fIURL\fP
+A URL to scan\.
+.SH OPTIONS
+.TP
+\fB\-\-db\fR \fINAME\fP
+The database name to connect to\. Defaults to \fBdefault\fR if not given\.
+.TP
+\fB\-\-db\-uri\fR \fIURI\fP
+The database URI to connect to
+(ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
+.TP
+\fB\-\-db\-file\fR \fIPATH\fP
+The sqlite3 database file to use\.
+.TP
+\fB\-\-import\fR
+Imports discovered vulnerabilities into the database\.
+.TP
+\fB\-\-first\fR
+Only find the first vulnerability for each URL\.
+.TP
+\fB\-A\fR, \fB\-\-all\fR
+Find all vulnerabilities for each URL\.
+.TP
+\fB\-\-print\-curl\fR
+Also prints an example \fBcurl\fR command for each vulnerability\.
+.TP
+\fB\-\-print\-http\fR
+Also prints an example HTTP request for each vulnerability\.
+.TP
+\fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
+Sets the HTTP request method to use\.
+.TP
+\fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
+Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
+.TP
+\fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
+Sets the \fBUser\-Agent\fR header string\.
+.TP
+\fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
+Sets the \fBUser\-Agent\fR header\.
+.TP
+\fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
+Sets the raw \fBCookie\fR header\.
+.TP
+\fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
+Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
+.TP
+\fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
+Sets the \fBReferer\fR header\.
+.TP
+\fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
+Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
+.TP
+\fB\-\-test\-query\-param\fR \fINAME\fP
+Tests the URL query param name\.
+.TP
+\fB\-\-test\-all\-query\-params\fR
+Test all URL query param names\.
+.TP
+\fB\-\-test\-header\-name\fR \fINAME\fP
+Tests the HTTP Header name\.
+.TP
+\fB\-\-test\-cookie\-param\fR \fINAME\fP
+Tests the HTTP Cookie name\.
+.TP
+\fB\-\-test\-all\-cookie\-params\fR
+Test all Cookie param names\.
+.TP
+\fB\-\-test\-form\-param\fR \fINAME\fP
+Tests the form param name\.
+.TP
+\fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
+Reads URLs from the given \fIFILE\fP\.
+.TP
+\fB\-Q\fR, \fB\-\-escape\-quote\fR \fICHAR\fP
+The string quotation character to use to escape the command\.
+.TP
+\fB\-O\fR, \fB\-\-escape\-operator\fR \fICHAR\fP
+The command operator character to use to escape the command\.
+.TP
+\fB\-T\fR, \fB\-\-terminator\fR \fICHAR\fP
+The command termination character to use\.
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Print help information\.
+.SH AUTHOR
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME
+.SH SEE ALSO
+.PP
+.BR ronin\-vulns\-scan (1)

data/man/ronin-vulns-command-injection.1.md

@@ -0,0 +1,112 @@
+# ronin-vulns-command-injection 1 "May 2023" Ronin "User Manuals"
+
+## NAME
+
+ronin-vulns-command-injection - Scans URL(s) for Command Injection vulnerabilities
+
+## SYNOPSIS
+
+`ronin-vulns command-injection` [*options*] {*URL* ... \| `--input` *FILE*}
+
+## DESCRIPTION
+
+Scans URL(s) for Command Injection vulnerabilities. The URLs to scan
+can be given as additional arguments or read from a file using the `--input`
+option.
+
+## ARGUMENTS
+
+*URL*
+: A URL to scan.
+
+## OPTIONS
+
+`--db` *NAME*
+: The database name to connect to. Defaults to `default` if not given.
+
+`--db-uri` *URI*
+: The database URI to connect to
+  (ex: `postgres://user:password@host/db`).
+
+`--db-file` *PATH*
+: The sqlite3 database file to use.
+
+`--import`
+: Imports discovered vulnerabilities into the database.
+
+`--first`
+: Only find the first vulnerability for each URL.
+
+`-A`, `--all`
+: Find all vulnerabilities for each URL.
+
+`--print-curl`
+: Also prints an example `curl` command for each vulnerability.
+
+`--print-http`
+: Also prints an example HTTP request for each vulnerability.
+
+`-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
+: Sets the HTTP request method to use.
+
+`-H`, `--header` "*Name*: *value*"
+: Sets an additional header using the given *Name* and *value*.
+
+`-U`, `--user-agent-string` *STRING*
+: Sets the `User-Agent` header string.
+
+`-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
+: Sets the `User-Agent` header.
+
+`-C`, `--cookie` *COOKIE*
+: Sets the raw `Cookie` header.
+
+`-c`, `--cookie-param` *NAME*`=`*VALUE*
+: Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
+
+`-R`, `--referer` *URL*
+: Sets the `Referer` header.
+
+`-F`, `--form-param` *NAME*`=`*VALUE*
+: Sets an additional form param using the given *NAME* and *VALUE*.
+
+`--test-query-param` *NAME*
+: Tests the URL query param name.
+
+`--test-all-query-params`
+: Test all URL query param names.
+
+`--test-header-name` *NAME*
+: Tests the HTTP Header name.
+
+`--test-cookie-param` *NAME*
+: Tests the HTTP Cookie name.
+
+`--test-all-cookie-params`
+: Test all Cookie param names.
+
+`--test-form-param` *NAME*
+: Tests the form param name.
+
+`-i`, `--input` *FILE*
+: Reads URLs from the given *FILE*.
+
+`-Q`, `--escape-quote` *CHAR*
+: The string quotation character to use to escape the command.
+
+`-O`, `--escape-operator` *CHAR*
+: The command operator character to use to escape the command.
+
+`-T`, `--terminator` *CHAR*
+: The command termination character to use.
+
+`-h`, `--help`
+: Print help information.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+[ronin-vulns-scan](ronin-vulns-scan.1.md)

data/man/ronin-vulns-completion.1

@@ -0,0 +1,76 @@
+.\" Generated by kramdown-man 1.0.1
+.\" https://github.com/postmodern/kramdown-man#readme
+.TH ronin-vulns-completion 1 "2024-01-01" Ronin Vulns "User Manuals"
+.SH NAME
+.PP
+ronin\-vulns\-completion \- Manages shell completion rules for \fBronin\-vulns\fR
+.SH SYNOPSIS
+.PP
+\fBronin\-vulns completion\fR \[lB]\fIoptions\fP\[rB]
+.SH DESCRIPTION
+.PP
+The \fBronin\-vulns completion\fR command can print, install, or uninstall shell
+completion rules for the \fBronin\-vulns\fR command\.
+.PP
+Supports installing completion rules for Bash or Zsh shells\.
+Completion rules for the Fish shell is currently not supported\.
+.SS ZSH SUPPORT
+.PP
+Zsh users will have to add the following lines to their \fB\[ti]\[sl]\.zshrc\fR file in
+order to enable Zsh\[cq]s Bash completion compatibility layer:
+.PP
+.RS 4
+.EX
+autoload \-Uz \[pl]X compinit && compinit
+autoload \-Uz \[pl]X bashcompinit && bashcompinit
+.EE
+.RE
+.SH OPTIONS
+.TP
+\fB\-\-print\fR
+Prints the shell completion file\.
+.TP
+\fB\-\-install\fR
+Installs the shell completion file\.
+.TP
+\fB\-\-uninstall\fR
+Uninstalls the shell completion file\.
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Prints help information\.
+.SH ENVIRONMENT
+.TP
+\fIPREFIX\fP
+Specifies the root prefix for the file system\.
+.TP
+\fIHOME\fP
+Specifies the home directory of the user\. Ronin will search for the
+\fB\[ti]\[sl]\.cache\[sl]ronin\-vulns\fR cache directory within the home directory\.
+.TP
+\fIXDG\[ru]DATA\[ru]HOME\fP
+Specifies the data directory to use\. Defaults to \fB\[Do]HOME\[sl]\.local\[sl]share\fR\.
+.SH FILES
+.TP
+\fB\[ti]\[sl]\.local\[sl]share\[sl]bash\-completion\[sl]completions\[sl]\fR
+The user\-local installation directory for Bash completion files\.
+.TP
+\fB\[sl]usr\[sl]local\[sl]share\[sl]bash\-completion\[sl]completions\[sl]\fR
+The system\-wide installation directory for Bash completions files\.
+.TP
+\fB\[sl]usr\[sl]local\[sl]share\[sl]zsh\[sl]site\-functions\[sl]\fR
+The installation directory for Zsh completion files\.
+.SH EXAMPLES
+.TP
+\fBronin\-vulns completion \-\-print\fR
+Prints the shell completion rules instead of installing them\.
+.TP
+\fBronin\-vulns completion \-\-install\fR
+Installs the shell completion rules for \fBronin\-vulns\fR\.
+.TP
+\fBronin\-vulns completion \-\-uninstall\fR
+Uninstalls the shell completion rules for \fBronin\-vulns\fR\.
+.SH AUTHOR
+.PP
+Postmodern 
+.MT postmodern\.mod3\[at]gmail\.com
+.ME

data/man/ronin-vulns-completion.1.md

@@ -0,0 +1,78 @@
+# ronin-vulns-completion 1 "2024-01-01" Ronin Vulns "User Manuals"
+
+## NAME
+
+ronin-vulns-completion - Manages shell completion rules for `ronin-vulns`
+
+## SYNOPSIS
+
+`ronin-vulns completion` [*options*]
+
+## DESCRIPTION
+
+The `ronin-vulns completion` command can print, install, or uninstall shell
+completion rules for the `ronin-vulns` command.
+
+Supports installing completion rules for Bash or Zsh shells.
+Completion rules for the Fish shell is currently not supported.
+
+### ZSH SUPPORT
+
+Zsh users will have to add the following lines to their `~/.zshrc` file in
+order to enable Zsh's Bash completion compatibility layer:
+
+    autoload -Uz +X compinit && compinit
+    autoload -Uz +X bashcompinit && bashcompinit
+
+## OPTIONS
+
+`--print`
+: Prints the shell completion file.
+
+`--install`
+: Installs the shell completion file.
+
+`--uninstall`
+: Uninstalls the shell completion file.
+
+`-h`, `--help`
+: Prints help information.
+
+## ENVIRONMENT
+
+*PREFIX*
+: Specifies the root prefix for the file system.
+
+*HOME*
+: Specifies the home directory of the user. Ronin will search for the
+  `~/.cache/ronin-vulns` cache directory within the home directory.
+
+*XDG_DATA_HOME*
+: Specifies the data directory to use. Defaults to `$HOME/.local/share`.
+
+## FILES
+
+`~/.local/share/bash-completion/completions/`
+: The user-local installation directory for Bash completion files.
+
+`/usr/local/share/bash-completion/completions/`
+: The system-wide installation directory for Bash completions files.
+
+`/usr/local/share/zsh/site-functions/`
+: The installation directory for Zsh completion files.
+
+## EXAMPLES
+
+`ronin-vulns completion --print`
+: Prints the shell completion rules instead of installing them.
+
+`ronin-vulns completion --install`
+: Installs the shell completion rules for `ronin-vulns`.
+
+`ronin-vulns completion --uninstall`
+: Uninstalls the shell completion rules for `ronin-vulns`.
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+