ronin-vulns 0.1.5 → 0.2.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (68) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/ChangeLog.md +43 -0
  4. data/Gemfile +14 -4
  5. data/README.md +7 -3
  6. data/Rakefile +9 -0
  7. data/data/completions/ronin-vulns +139 -0
  8. data/gemspec.yml +7 -1
  9. data/lib/ronin/vulns/cli/command.rb +1 -1
  10. data/lib/ronin/vulns/cli/commands/command_injection.rb +163 -0
  11. data/lib/ronin/vulns/cli/commands/completion.rb +63 -0
  12. data/lib/ronin/vulns/cli/commands/irb.rb +59 -0
  13. data/lib/ronin/vulns/cli/commands/lfi.rb +21 -9
  14. data/lib/ronin/vulns/cli/commands/open_redirect.rb +13 -1
  15. data/lib/ronin/vulns/cli/commands/reflected_xss.rb +13 -1
  16. data/lib/ronin/vulns/cli/commands/rfi.rb +13 -1
  17. data/lib/ronin/vulns/cli/commands/scan.rb +21 -9
  18. data/lib/ronin/vulns/cli/commands/sqli.rb +13 -1
  19. data/lib/ronin/vulns/cli/commands/ssti.rb +13 -1
  20. data/lib/ronin/vulns/cli/importable.rb +76 -0
  21. data/lib/ronin/vulns/cli/printing.rb +184 -0
  22. data/lib/ronin/vulns/cli/ruby_shell.rb +53 -0
  23. data/lib/ronin/vulns/cli/web_vuln_command.rb +216 -20
  24. data/lib/ronin/vulns/cli.rb +3 -2
  25. data/lib/ronin/vulns/command_injection.rb +267 -0
  26. data/lib/ronin/vulns/importer.rb +116 -0
  27. data/lib/ronin/vulns/lfi/test_file.rb +1 -1
  28. data/lib/ronin/vulns/lfi.rb +1 -1
  29. data/lib/ronin/vulns/open_redirect.rb +1 -1
  30. data/lib/ronin/vulns/reflected_xss/context.rb +1 -1
  31. data/lib/ronin/vulns/reflected_xss/test_string.rb +1 -1
  32. data/lib/ronin/vulns/reflected_xss.rb +1 -1
  33. data/lib/ronin/vulns/rfi.rb +64 -9
  34. data/lib/ronin/vulns/root.rb +1 -1
  35. data/lib/ronin/vulns/sqli/error_pattern.rb +1 -1
  36. data/lib/ronin/vulns/sqli.rb +36 -28
  37. data/lib/ronin/vulns/ssti/test_expression.rb +1 -1
  38. data/lib/ronin/vulns/ssti.rb +69 -53
  39. data/lib/ronin/vulns/url_scanner.rb +10 -1
  40. data/lib/ronin/vulns/version.rb +2 -2
  41. data/lib/ronin/vulns/vuln.rb +1 -1
  42. data/lib/ronin/vulns/web_vuln/http_request.rb +40 -1
  43. data/lib/ronin/vulns/web_vuln.rb +86 -16
  44. data/man/ronin-vulns-command-injection.1 +109 -0
  45. data/man/ronin-vulns-command-injection.1.md +112 -0
  46. data/man/ronin-vulns-completion.1 +76 -0
  47. data/man/ronin-vulns-completion.1.md +78 -0
  48. data/man/ronin-vulns-irb.1 +27 -0
  49. data/man/ronin-vulns-irb.1.md +26 -0
  50. data/man/ronin-vulns-lfi.1 +54 -51
  51. data/man/ronin-vulns-lfi.1.md +52 -20
  52. data/man/ronin-vulns-open-redirect.1 +51 -47
  53. data/man/ronin-vulns-open-redirect.1.md +50 -18
  54. data/man/ronin-vulns-reflected-xss.1 +50 -45
  55. data/man/ronin-vulns-reflected-xss.1.md +49 -17
  56. data/man/ronin-vulns-rfi.1 +54 -52
  57. data/man/ronin-vulns-rfi.1.md +52 -20
  58. data/man/ronin-vulns-scan.1 +68 -69
  59. data/man/ronin-vulns-scan.1.md +61 -29
  60. data/man/ronin-vulns-sqli.1 +54 -52
  61. data/man/ronin-vulns-sqli.1.md +52 -20
  62. data/man/ronin-vulns-ssti.1 +52 -48
  63. data/man/ronin-vulns-ssti.1.md +50 -18
  64. data/man/ronin-vulns.1 +73 -0
  65. data/man/ronin-vulns.1.md +69 -0
  66. data/scripts/setup +58 -0
  67. metadata +36 -5
  68. data/lib/ronin/vulns/cli/logging.rb +0 -81
@@ -1,138 +1,137 @@
1
- .\" Generated by kramdown-man 0.1.9
1
+ .\" Generated by kramdown-man 1.0.1
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
4
- .LP
4
+ .SH NAME
5
+ .PP
6
+ ronin\-vulns\-scan \- Scans URL(s) for web vulnerabilities
5
7
  .SH SYNOPSIS
6
- .LP
7
8
  .PP
8
- \fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
- .LP
9
+ \fBronin\-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
10
10
  .SH DESCRIPTION
11
- .LP
12
11
  .PP
13
12
  Scans URL(s) for web vulnerabilities\. The URLs to scan can be given as
14
- additional arguments or read from a file using the \fB--input\fR option\.
15
- .LP
13
+ additional arguments or read from a file using the \fB\-\-input\fR option\.
16
14
  .SH ARGUMENTS
17
- .LP
18
15
  .TP
19
16
  \fIURL\fP
20
17
  A URL to scan\.
21
- .LP
22
18
  .SH OPTIONS
23
- .LP
24
19
  .TP
25
- \fB--first\fR
20
+ \fB\-\-db\fR \fINAME\fP
21
+ The database name to connect to\. Defaults to \fBdefault\fR if not given\.
22
+ .TP
23
+ \fB\-\-db\-uri\fR \fIURI\fP
24
+ The database URI to connect to
25
+ (ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
26
+ .TP
27
+ \fB\-\-db\-file\fR \fIPATH\fP
28
+ The sqlite3 database file to use\.
29
+ .TP
30
+ \fB\-\-import\fR
31
+ Imports discovered vulnerabilities into the database\.
32
+ .TP
33
+ \fB\-\-first\fR
26
34
  Only find the first vulnerability for each URL\.
27
- .LP
28
35
  .TP
29
- \fB-A\fR, \fB--all\fR
36
+ \fB\-A\fR, \fB\-\-all\fR
30
37
  Find all vulnerabilities for each URL\.
31
- .LP
32
38
  .TP
33
- \fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
39
+ \fB\-\-print\-curl\fR
40
+ Also prints an example \fBcurl\fR command for each vulnerability\.
41
+ .TP
42
+ \fB\-\-print\-http\fR
43
+ Also prints an example HTTP request for each vulnerability\.
44
+ .TP
45
+ \fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
46
+ Sets the HTTP request method to use\.
47
+ .TP
48
+ \fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
34
49
  Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
35
- .LP
36
50
  .TP
37
- \fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
51
+ \fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
52
+ Sets the \fBUser\-Agent\fR header string\.
53
+ .TP
54
+ \fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
55
+ Sets the \fBUser\-Agent\fR header\.
56
+ .TP
57
+ \fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
38
58
  Sets the raw \fBCookie\fR header\.
39
- .LP
40
59
  .TP
41
- \fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
60
+ \fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
42
61
  Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
43
- .LP
44
62
  .TP
45
- \fB-R\fR, \fB--referer\fR \fIURL\fP
63
+ \fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
46
64
  Sets the \fBReferer\fR header\.
47
- .LP
48
65
  .TP
49
- \fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
66
+ \fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
50
67
  Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
51
- .LP
52
68
  .TP
53
- \fB--test-query-param\fR \fINAME\fP
69
+ \fB\-\-test\-query\-param\fR \fINAME\fP
54
70
  Tests the URL query param name\.
55
- .LP
56
71
  .TP
57
- \fB--test-all-query-params\fR
72
+ \fB\-\-test\-all\-query\-params\fR
58
73
  Test all URL query param names\.
59
- .LP
60
74
  .TP
61
- \fB--test-header-name\fR \fINAME\fP
75
+ \fB\-\-test\-header\-name\fR \fINAME\fP
62
76
  Tests the HTTP Header name\.
63
- .LP
64
77
  .TP
65
- \fB--test-cookie-param\fR \fINAME\fP
78
+ \fB\-\-test\-cookie\-param\fR \fINAME\fP
66
79
  Tests the HTTP Cookie name\.
67
- .LP
68
80
  .TP
69
- \fB--test-all-cookie-params\fR
81
+ \fB\-\-test\-all\-cookie\-params\fR
70
82
  Test all Cookie param names\.
71
- .LP
72
83
  .TP
73
- \fB--test-form-param\fR \fINAME\fP
84
+ \fB\-\-test\-form\-param\fR \fINAME\fP
74
85
  Tests the form param name\.
75
- .LP
76
86
  .TP
77
- \fB-i\fR, \fB--input\fR \fIFILE\fP
87
+ \fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
78
88
  Reads URLs from the given \fIFILE\fP\.
79
- .LP
80
89
  .TP
81
- \fB--lfi-os\fR \fBunix\fR\[or]\fBwindows\fR
90
+ \fB\-\-lfi\-os\fR \fBunix\fR\[or]\fBwindows\fR
82
91
  Sets the OS to test for\.
83
- .LP
84
92
  .TP
85
- \fB--lfi-depth\fR \fINUM\fP
93
+ \fB\-\-lfi\-depth\fR \fINUM\fP
86
94
  Sets the directory depth to escape up\.
87
- .LP
88
95
  .TP
89
- \fB--lfi-filter-bypass\fR \fBnull_byte\fR\[or]\fBdouble_escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
96
+ \fB\-\-lfi\-filter\-bypass\fR \fBnull\-byte\fR\[or]\fBdouble\-escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
90
97
  Sets the filter bypass strategy to use\.
91
- .LP
92
98
  .TP
93
- \fB--rfi-filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
99
+ \fB\-\-rfi\-filter\-bypass\fR \fBdouble\-encode\fR\[or]\fBsuffix\-escape\fR\[or]\fBnull\-byte\fR
94
100
  Optional filter\-bypass strategy to use\.
95
- .LP
96
101
  .TP
97
- \fB--rfi-script-lang\fR \fBasp\fR\[or]\fBasp.net\fR\[or]\fBcoldfusion\fR\[or]\fBjsp\fR\[or]\fBphp\fR\[or]\fBperl\fR
102
+ \fB\-\-rfi\-script\-lang\fR \fBasp\fR\[or]\fBasp\.net\fR\[or]\fBcoldfusion\fR\[or]\fBjsp\fR\[or]\fBphp\fR\[or]\fBperl\fR
98
103
  Explicitly specify the scripting language to test for\.
99
- .LP
100
104
  .TP
101
- \fB--rfi-test-script-url\fR \fIURL\fP
105
+ \fB\-\-rfi\-test\-script\-url\fR \fIURL\fP
102
106
  Use an alternative test script URL\.
103
- .LP
104
107
  .TP
105
- \fB--sqli-escape-quote\fR
108
+ \fB\-\-sqli\-escape\-quote\fR
106
109
  Escapes quotation marks\.
107
- .LP
108
110
  .TP
109
- \fB--sqli-escape-parens\fR
111
+ \fB\-\-sqli\-escape\-parens\fR
110
112
  Escapes parenthesis\.
111
- .LP
112
113
  .TP
113
- \fB--sqli-terminate\fR
114
- Terminates the SQL expression with a \fB--\fR\.
115
- .LP
116
- .PP
117
- \fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
114
+ \fB\-\-sqli\-terminate\fR
115
+ Terminates the SQL expression with a \fB\-\-\fR\.
116
+ .TP
117
+ \fB\-\-ssti\-test\-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
118
118
  Optional numeric test to use\.
119
- .LP
120
119
  .TP
121
- \fB--open-redirect-url\fR \fIURL\fP
120
+ \fB\-\-open\-redirect\-url\fR \fIURL\fP
122
121
  Optional test URL to try to redirect to\.
123
- .LP
124
122
  .TP
125
- \fB-h\fR, \fB--help\fR
123
+ \fB\-h\fR, \fB\-\-help\fR
126
124
  Print help information\.
127
- .LP
128
125
  .SH AUTHOR
129
- .LP
130
126
  .PP
131
127
  Postmodern
132
128
  .MT postmodern\.mod3\[at]gmail\.com
133
129
  .ME
134
- .LP
135
130
  .SH SEE ALSO
136
- .LP
137
131
  .PP
138
- ronin\-vulns\-lfi(1) ronin\-vulns\-rfi(1) ronin\-vulns\-sqli(1) ronin\-vulns\-ssti(1) ronin\-vulns\-open\-redirect(1) ronin\-vulns\-reflected\-xss(1)
132
+ .BR ronin\-vulns\-lfi (1)
133
+ .BR ronin\-vulns\-rfi (1)
134
+ .BR ronin\-vulns\-sqli (1)
135
+ .BR ronin\-vulns\-ssti (1)
136
+ .BR ronin\-vulns\-open\-redirect (1)
137
+ .BR ronin\-vulns\-reflected\-xss (1)
@@ -1,5 +1,9 @@
1
1
  # ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
2
2
 
3
+ ## NAME
4
+
5
+ ronin-vulns-scan - Scans URL(s) for web vulnerabilities
6
+
3
7
  ## SYNOPSIS
4
8
 
5
9
  `ronin-vulns scan` [*options*] {*URL* ... \| `--input` *FILE*}
@@ -12,87 +16,115 @@ additional arguments or read from a file using the `--input` option.
12
16
  ## ARGUMENTS
13
17
 
14
18
  *URL*
15
- A URL to scan.
19
+ : A URL to scan.
16
20
 
17
21
  ## OPTIONS
18
22
 
23
+ `--db` *NAME*
24
+ : The database name to connect to. Defaults to `default` if not given.
25
+
26
+ `--db-uri` *URI*
27
+ : The database URI to connect to
28
+ (ex: `postgres://user:password@host/db`).
29
+
30
+ `--db-file` *PATH*
31
+ : The sqlite3 database file to use.
32
+
33
+ `--import`
34
+ : Imports discovered vulnerabilities into the database.
35
+
19
36
  `--first`
20
- Only find the first vulnerability for each URL.
37
+ : Only find the first vulnerability for each URL.
21
38
 
22
39
  `-A`, `--all`
23
- Find all vulnerabilities for each URL.
40
+ : Find all vulnerabilities for each URL.
41
+
42
+ `--print-curl`
43
+ : Also prints an example `curl` command for each vulnerability.
44
+
45
+ `--print-http`
46
+ : Also prints an example HTTP request for each vulnerability.
47
+
48
+ `-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
49
+ : Sets the HTTP request method to use.
24
50
 
25
51
  `-H`, `--header` "*Name*: *value*"
26
- Sets an additional header using the given *Name* and *value*.
52
+ : Sets an additional header using the given *Name* and *value*.
53
+
54
+ `-U`, `--user-agent-string` *STRING*
55
+ : Sets the `User-Agent` header string.
56
+
57
+ `-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
58
+ : Sets the `User-Agent` header.
27
59
 
28
60
  `-C`, `--cookie` *COOKIE*
29
- Sets the raw `Cookie` header.
61
+ : Sets the raw `Cookie` header.
30
62
 
31
63
  `-c`, `--cookie-param` *NAME*`=`*VALUE*
32
- Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
64
+ : Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
33
65
 
34
66
  `-R`, `--referer` *URL*
35
- Sets the `Referer` header.
67
+ : Sets the `Referer` header.
36
68
 
37
69
  `-F`, `--form-param` *NAME*`=`*VALUE*
38
- Sets an additional form param using the given *NAME* and *VALUE*.
70
+ : Sets an additional form param using the given *NAME* and *VALUE*.
39
71
 
40
72
  `--test-query-param` *NAME*
41
- Tests the URL query param name.
73
+ : Tests the URL query param name.
42
74
 
43
75
  `--test-all-query-params`
44
- Test all URL query param names.
76
+ : Test all URL query param names.
45
77
 
46
78
  `--test-header-name` *NAME*
47
- Tests the HTTP Header name.
79
+ : Tests the HTTP Header name.
48
80
 
49
81
  `--test-cookie-param` *NAME*
50
- Tests the HTTP Cookie name.
82
+ : Tests the HTTP Cookie name.
51
83
 
52
84
  `--test-all-cookie-params`
53
- Test all Cookie param names.
85
+ : Test all Cookie param names.
54
86
 
55
87
  `--test-form-param` *NAME*
56
- Tests the form param name.
88
+ : Tests the form param name.
57
89
 
58
90
  `-i`, `--input` *FILE*
59
- Reads URLs from the given *FILE*.
91
+ : Reads URLs from the given *FILE*.
60
92
 
61
93
  `--lfi-os` `unix`\|`windows`
62
- Sets the OS to test for.
94
+ : Sets the OS to test for.
63
95
 
64
96
  `--lfi-depth` *NUM*
65
- Sets the directory depth to escape up.
97
+ : Sets the directory depth to escape up.
66
98
 
67
- `--lfi-filter-bypass` `null_byte`\|`double_escape`\|`base64`\|`rot13`\|`zlib`
68
- Sets the filter bypass strategy to use.
99
+ `--lfi-filter-bypass` `null-byte`\|`double-escape`\|`base64`\|`rot13`\|`zlib`
100
+ : Sets the filter bypass strategy to use.
69
101
 
70
102
  `--rfi-filter-bypass` `double-encode`\|`suffix-escape`\|`null-byte`
71
- Optional filter-bypass strategy to use.
103
+ : Optional filter-bypass strategy to use.
72
104
 
73
105
  `--rfi-script-lang` `asp`\|`asp.net`\|`coldfusion`\|`jsp`\|`php`\|`perl`
74
- Explicitly specify the scripting language to test for.
106
+ : Explicitly specify the scripting language to test for.
75
107
 
76
108
  `--rfi-test-script-url` *URL*
77
- Use an alternative test script URL.
109
+ : Use an alternative test script URL.
78
110
 
79
111
  `--sqli-escape-quote`
80
- Escapes quotation marks.
112
+ : Escapes quotation marks.
81
113
 
82
114
  `--sqli-escape-parens`
83
- Escapes parenthesis.
115
+ : Escapes parenthesis.
84
116
 
85
117
  `--sqli-terminate`
86
- Terminates the SQL expression with a `--`.
118
+ : Terminates the SQL expression with a `--`.
87
119
 
88
120
  `--ssti-test-expr` {*X*\**Y* \| *X*/*Z* \| *X*+*Y* \| *X*-*Y*}
89
- Optional numeric test to use.
121
+ : Optional numeric test to use.
90
122
 
91
123
  `--open-redirect-url` *URL*
92
- Optional test URL to try to redirect to.
124
+ : Optional test URL to try to redirect to.
93
125
 
94
126
  `-h`, `--help`
95
- Print help information.
127
+ : Print help information.
96
128
 
97
129
  ## AUTHOR
98
130
 
@@ -100,4 +132,4 @@ Postmodern <postmodern.mod3@gmail.com>
100
132
 
101
133
  ## SEE ALSO
102
134
 
103
- ronin-vulns-lfi(1) ronin-vulns-rfi(1) ronin-vulns-sqli(1) ronin-vulns-ssti(1) ronin-vulns-open-redirect(1) ronin-vulns-reflected-xss(1)
135
+ [ronin-vulns-lfi](ronin-vulns-lfi.1.md) [ronin-vulns-rfi](ronin-vulns-rfi.1.md) [ronin-vulns-sqli](ronin-vulns-sqli.1.md) [ronin-vulns-ssti](ronin-vulns-ssti.1.md) [ronin-vulns-open-redirect](ronin-vulns-open-redirect.1.md) [ronin-vulns-reflected-xss](ronin-vulns-reflected-xss.1.md)
@@ -1,107 +1,109 @@
1
- .\" Generated by kramdown-man 0.1.9
1
+ .\" Generated by kramdown-man 1.0.1
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
4
- .LP
4
+ .SH NAME
5
+ .PP
6
+ ronin\-vulns\-sqli \- Scans URL(s) for SQL injection (SQLi) vulnerabilities
5
7
  .SH SYNOPSIS
6
- .LP
7
8
  .PP
8
- \fBronin-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
- .LP
9
+ \fBronin\-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
10
10
  .SH DESCRIPTION
11
- .LP
12
11
  .PP
13
12
  Scans URL(s) for SQL injection (SQLi) vulnerabilities\. The URLs to scan
14
- can be given as additional arguments or read from a file using the \fB--input\fR
13
+ can be given as additional arguments or read from a file using the \fB\-\-input\fR
15
14
  option\.
16
- .LP
17
15
  .SH ARGUMENTS
18
- .LP
19
16
  .TP
20
17
  \fIURL\fP
21
18
  A URL to scan\.
22
- .LP
23
19
  .SH OPTIONS
24
- .LP
25
20
  .TP
26
- \fB--first\fR
21
+ \fB\-\-db\fR \fINAME\fP
22
+ The database name to connect to\. Defaults to \fBdefault\fR if not given\.
23
+ .TP
24
+ \fB\-\-db\-uri\fR \fIURI\fP
25
+ The database URI to connect to
26
+ (ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
27
+ .TP
28
+ \fB\-\-db\-file\fR \fIPATH\fP
29
+ The sqlite3 database file to use\.
30
+ .TP
31
+ \fB\-\-import\fR
32
+ Imports discovered vulnerabilities into the database\.
33
+ .TP
34
+ \fB\-\-first\fR
27
35
  Only find the first vulnerability for each URL\.
28
- .LP
29
36
  .TP
30
- \fB-A\fR, \fB--all\fR
37
+ \fB\-A\fR, \fB\-\-all\fR
31
38
  Find all vulnerabilities for each URL\.
32
- .LP
33
39
  .TP
34
- \fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
40
+ \fB\-\-print\-curl\fR
41
+ Also prints an example \fBcurl\fR command for each vulnerability\.
42
+ .TP
43
+ \fB\-\-print\-http\fR
44
+ Also prints an example HTTP request for each vulnerability\.
45
+ .TP
46
+ \fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
47
+ Sets the HTTP request method to use\.
48
+ .TP
49
+ \fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
35
50
  Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
36
- .LP
37
51
  .TP
38
- \fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
52
+ \fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
53
+ Sets the \fBUser\-Agent\fR header string\.
54
+ .TP
55
+ \fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
56
+ Sets the \fBUser\-Agent\fR header\.
57
+ .TP
58
+ \fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
39
59
  Sets the raw \fBCookie\fR header\.
40
- .LP
41
60
  .TP
42
- \fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
61
+ \fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
43
62
  Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
44
- .LP
45
63
  .TP
46
- \fB-R\fR, \fB--referer\fR \fIURL\fP
64
+ \fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
47
65
  Sets the \fBReferer\fR header\.
48
- .LP
49
66
  .TP
50
- \fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
67
+ \fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
51
68
  Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
52
- .LP
53
69
  .TP
54
- \fB--test-query-param\fR \fINAME\fP
70
+ \fB\-\-test\-query\-param\fR \fINAME\fP
55
71
  Tests the URL query param name\.
56
- .LP
57
72
  .TP
58
- \fB--test-all-query-params\fR
73
+ \fB\-\-test\-all\-query\-params\fR
59
74
  Test all URL query param names\.
60
- .LP
61
75
  .TP
62
- \fB--test-header-name\fR \fINAME\fP
76
+ \fB\-\-test\-header\-name\fR \fINAME\fP
63
77
  Tests the HTTP Header name\.
64
- .LP
65
78
  .TP
66
- \fB--test-cookie-param\fR \fINAME\fP
79
+ \fB\-\-test\-cookie\-param\fR \fINAME\fP
67
80
  Tests the HTTP Cookie name\.
68
- .LP
69
81
  .TP
70
- \fB--test-all-cookie-params\fR
82
+ \fB\-\-test\-all\-cookie\-params\fR
71
83
  Test all Cookie param names\.
72
- .LP
73
84
  .TP
74
- \fB--test-form-param\fR \fINAME\fP
85
+ \fB\-\-test\-form\-param\fR \fINAME\fP
75
86
  Tests the form param name\.
76
- .LP
77
87
  .TP
78
- \fB-i\fR, \fB--input\fR \fIFILE\fP
88
+ \fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
79
89
  Reads URLs from the given \fIFILE\fP\.
80
- .LP
81
90
  .TP
82
- \fB-Q\fR, \fB--escape-quote\fR
91
+ \fB\-Q\fR, \fB\-\-escape\-quote\fR
83
92
  Escapes quotation marks\.
84
- .LP
85
93
  .TP
86
- \fB-P\fR, \fB--escape-parens\fR
94
+ \fB\-P\fR, \fB\-\-escape\-parens\fR
87
95
  Escapes parenthesis\.
88
- .LP
89
96
  .TP
90
- \fB-T\fR, \fB--terminate\fR
91
- Terminates the SQL expression with a \fB--\fR\.
92
- .LP
97
+ \fB\-T\fR, \fB\-\-terminate\fR
98
+ Terminates the SQL expression with a \fB\-\-\fR\.
93
99
  .TP
94
- \fB-h\fR, \fB--help\fR
100
+ \fB\-h\fR, \fB\-\-help\fR
95
101
  Print help information\.
96
- .LP
97
102
  .SH AUTHOR
98
- .LP
99
103
  .PP
100
104
  Postmodern
101
105
  .MT postmodern\.mod3\[at]gmail\.com
102
106
  .ME
103
- .LP
104
107
  .SH SEE ALSO
105
- .LP
106
108
  .PP
107
- ronin\-vulns\-scan(1)
109
+ .BR ronin\-vulns\-scan (1)
@@ -1,5 +1,9 @@
1
1
  # ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
2
2
 
3
+ ## NAME
4
+
5
+ ronin-vulns-sqli - Scans URL(s) for SQL injection (SQLi) vulnerabilities
6
+
3
7
  ## SYNOPSIS
4
8
 
5
9
  `ronin-vulns sqli` [*options*] {*URL* ... \| `--input` *FILE*}
@@ -13,63 +17,91 @@ option.
13
17
  ## ARGUMENTS
14
18
 
15
19
  *URL*
16
- A URL to scan.
20
+ : A URL to scan.
17
21
 
18
22
  ## OPTIONS
19
23
 
24
+ `--db` *NAME*
25
+ : The database name to connect to. Defaults to `default` if not given.
26
+
27
+ `--db-uri` *URI*
28
+ : The database URI to connect to
29
+ (ex: `postgres://user:password@host/db`).
30
+
31
+ `--db-file` *PATH*
32
+ : The sqlite3 database file to use.
33
+
34
+ `--import`
35
+ : Imports discovered vulnerabilities into the database.
36
+
20
37
  `--first`
21
- Only find the first vulnerability for each URL.
38
+ : Only find the first vulnerability for each URL.
22
39
 
23
40
  `-A`, `--all`
24
- Find all vulnerabilities for each URL.
41
+ : Find all vulnerabilities for each URL.
42
+
43
+ `--print-curl`
44
+ : Also prints an example `curl` command for each vulnerability.
45
+
46
+ `--print-http`
47
+ : Also prints an example HTTP request for each vulnerability.
48
+
49
+ `-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
50
+ : Sets the HTTP request method to use.
25
51
 
26
52
  `-H`, `--header` "*Name*: *value*"
27
- Sets an additional header using the given *Name* and *value*.
53
+ : Sets an additional header using the given *Name* and *value*.
54
+
55
+ `-U`, `--user-agent-string` *STRING*
56
+ : Sets the `User-Agent` header string.
57
+
58
+ `-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
59
+ : Sets the `User-Agent` header.
28
60
 
29
61
  `-C`, `--cookie` *COOKIE*
30
- Sets the raw `Cookie` header.
62
+ : Sets the raw `Cookie` header.
31
63
 
32
64
  `-c`, `--cookie-param` *NAME*`=`*VALUE*
33
- Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
65
+ : Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
34
66
 
35
67
  `-R`, `--referer` *URL*
36
- Sets the `Referer` header.
68
+ : Sets the `Referer` header.
37
69
 
38
70
  `-F`, `--form-param` *NAME*`=`*VALUE*
39
- Sets an additional form param using the given *NAME* and *VALUE*.
71
+ : Sets an additional form param using the given *NAME* and *VALUE*.
40
72
 
41
73
  `--test-query-param` *NAME*
42
- Tests the URL query param name.
74
+ : Tests the URL query param name.
43
75
 
44
76
  `--test-all-query-params`
45
- Test all URL query param names.
77
+ : Test all URL query param names.
46
78
 
47
79
  `--test-header-name` *NAME*
48
- Tests the HTTP Header name.
80
+ : Tests the HTTP Header name.
49
81
 
50
82
  `--test-cookie-param` *NAME*
51
- Tests the HTTP Cookie name.
83
+ : Tests the HTTP Cookie name.
52
84
 
53
85
  `--test-all-cookie-params`
54
- Test all Cookie param names.
86
+ : Test all Cookie param names.
55
87
 
56
88
  `--test-form-param` *NAME*
57
- Tests the form param name.
89
+ : Tests the form param name.
58
90
 
59
91
  `-i`, `--input` *FILE*
60
- Reads URLs from the given *FILE*.
92
+ : Reads URLs from the given *FILE*.
61
93
 
62
94
  `-Q`, `--escape-quote`
63
- Escapes quotation marks.
95
+ : Escapes quotation marks.
64
96
 
65
97
  `-P`, `--escape-parens`
66
- Escapes parenthesis.
98
+ : Escapes parenthesis.
67
99
 
68
100
  `-T`, `--terminate`
69
- Terminates the SQL expression with a `--`.
101
+ : Terminates the SQL expression with a `--`.
70
102
 
71
103
  `-h`, `--help`
72
- Print help information.
104
+ : Print help information.
73
105
 
74
106
  ## AUTHOR
75
107
 
@@ -77,4 +109,4 @@ Postmodern <postmodern.mod3@gmail.com>
77
109
 
78
110
  ## SEE ALSO
79
111
 
80
- ronin-vulns-scan(1)
112
+ [ronin-vulns-scan](ronin-vulns-scan.1.md)