ronin-vulns 0.1.5 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/ChangeLog.md +43 -0
  5. data/Gemfile +14 -4
  6. data/README.md +7 -3
  7. data/Rakefile +9 -0
  8. data/data/completions/ronin-vulns +139 -0
  9. data/gemspec.yml +7 -1
  10. data/lib/ronin/vulns/cli/command.rb +1 -1
  11. data/lib/ronin/vulns/cli/commands/command_injection.rb +163 -0
  12. data/lib/ronin/vulns/cli/commands/completion.rb +63 -0
  13. data/lib/ronin/vulns/cli/commands/irb.rb +59 -0
  14. data/lib/ronin/vulns/cli/commands/lfi.rb +21 -9
  15. data/lib/ronin/vulns/cli/commands/open_redirect.rb +13 -1
  16. data/lib/ronin/vulns/cli/commands/reflected_xss.rb +13 -1
  17. data/lib/ronin/vulns/cli/commands/rfi.rb +13 -1
  18. data/lib/ronin/vulns/cli/commands/scan.rb +21 -9
  19. data/lib/ronin/vulns/cli/commands/sqli.rb +13 -1
  20. data/lib/ronin/vulns/cli/commands/ssti.rb +13 -1
  21. data/lib/ronin/vulns/cli/importable.rb +76 -0
  22. data/lib/ronin/vulns/cli/printing.rb +184 -0
  23. data/lib/ronin/vulns/cli/ruby_shell.rb +53 -0
  24. data/lib/ronin/vulns/cli/web_vuln_command.rb +216 -20
  25. data/lib/ronin/vulns/cli.rb +5 -2
  26. data/lib/ronin/vulns/command_injection.rb +267 -0
  27. data/lib/ronin/vulns/importer.rb +116 -0
  28. data/lib/ronin/vulns/lfi/test_file.rb +1 -1
  29. data/lib/ronin/vulns/lfi.rb +1 -1
  30. data/lib/ronin/vulns/open_redirect.rb +1 -1
  31. data/lib/ronin/vulns/reflected_xss/context.rb +1 -1
  32. data/lib/ronin/vulns/reflected_xss/test_string.rb +1 -1
  33. data/lib/ronin/vulns/reflected_xss.rb +1 -1
  34. data/lib/ronin/vulns/rfi.rb +64 -9
  35. data/lib/ronin/vulns/root.rb +1 -1
  36. data/lib/ronin/vulns/sqli/error_pattern.rb +1 -1
  37. data/lib/ronin/vulns/sqli.rb +36 -28
  38. data/lib/ronin/vulns/ssti/test_expression.rb +1 -1
  39. data/lib/ronin/vulns/ssti.rb +69 -53
  40. data/lib/ronin/vulns/url_scanner.rb +10 -1
  41. data/lib/ronin/vulns/version.rb +2 -2
  42. data/lib/ronin/vulns/vuln.rb +1 -1
  43. data/lib/ronin/vulns/web_vuln/http_request.rb +40 -1
  44. data/lib/ronin/vulns/web_vuln.rb +86 -16
  45. data/man/ronin-vulns-command-injection.1 +109 -0
  46. data/man/ronin-vulns-command-injection.1.md +112 -0
  47. data/man/ronin-vulns-completion.1 +76 -0
  48. data/man/ronin-vulns-completion.1.md +78 -0
  49. data/man/ronin-vulns-irb.1 +27 -0
  50. data/man/ronin-vulns-irb.1.md +26 -0
  51. data/man/ronin-vulns-lfi.1 +54 -51
  52. data/man/ronin-vulns-lfi.1.md +52 -20
  53. data/man/ronin-vulns-open-redirect.1 +51 -47
  54. data/man/ronin-vulns-open-redirect.1.md +50 -18
  55. data/man/ronin-vulns-reflected-xss.1 +50 -45
  56. data/man/ronin-vulns-reflected-xss.1.md +49 -17
  57. data/man/ronin-vulns-rfi.1 +54 -52
  58. data/man/ronin-vulns-rfi.1.md +52 -20
  59. data/man/ronin-vulns-scan.1 +68 -69
  60. data/man/ronin-vulns-scan.1.md +61 -29
  61. data/man/ronin-vulns-sqli.1 +54 -52
  62. data/man/ronin-vulns-sqli.1.md +52 -20
  63. data/man/ronin-vulns-ssti.1 +52 -48
  64. data/man/ronin-vulns-ssti.1.md +50 -18
  65. data/man/ronin-vulns.1 +73 -0
  66. data/man/ronin-vulns.1.md +69 -0
  67. data/scripts/setup +58 -0
  68. metadata +37 -6
  69. data/lib/ronin/vulns/cli/logging.rb +0 -81
@@ -1,95 +1,100 @@
1
- .\" Generated by kramdown-man 0.1.9
1
+ .\" Generated by kramdown-man 1.0.1
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
4
- .LP
4
+ .SH NAME
5
+ .PP
6
+ ronin\-vulns\-reflected\-xss \- Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities
5
7
  .SH SYNOPSIS
6
- .LP
7
8
  .PP
8
- \fBronin-vulns reflected-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
- .LP
9
+ \fBronin\-vulns reflected\-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
10
10
  .SH DESCRIPTION
11
- .LP
12
11
  .PP
13
12
  Scans URL(s) for reflected Cross Site Scripting (XSS) vulnerabilities\. The URLs
14
13
  to scan can be given as additional arguments or read from a file using the
15
- \fB--input\fR option\.
16
- .LP
14
+ \fB\-\-input\fR option\.
17
15
  .SH ARGUMENTS
18
- .LP
19
16
  .TP
20
17
  \fIURL\fP
21
18
  A URL to scan\.
22
- .LP
23
19
  .SH OPTIONS
24
- .LP
25
20
  .TP
26
- \fB--first\fR
21
+ \fB\-\-db\fR \fINAME\fP
22
+ The database name to connect to\. Defaults to \fBdefault\fR if not given\.
23
+ .TP
24
+ \fB\-\-db\-uri\fR \fIURI\fP
25
+ The database URI to connect to
26
+ (ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
27
+ .TP
28
+ \fB\-\-db\-file\fR \fIPATH\fP
29
+ The sqlite3 database file to use\.
30
+ .TP
31
+ \fB\-\-import\fR
32
+ Imports discovered vulnerabilities into the database\.
33
+ .TP
34
+ \fB\-\-first\fR
27
35
  Only find the first vulnerability for each URL\.
28
- .LP
29
36
  .TP
30
- \fB-A\fR, \fB--all\fR
37
+ \fB\-A\fR, \fB\-\-all\fR
31
38
  Find all vulnerabilities for each URL\.
32
- .LP
33
39
  .TP
34
- \fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
40
+ \fB\-\-print\-curl\fR
41
+ Also prints an example \fBcurl\fR command for each vulnerability\.
42
+ .TP
43
+ \fB\-\-print\-http\fR
44
+ Also prints an example HTTP request for each vulnerability\.
45
+ .TP
46
+ \fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
47
+ Sets the HTTP request method to use\.
48
+ .TP
49
+ \fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
35
50
  Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
36
- .LP
37
51
  .TP
38
- \fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
52
+ \fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
53
+ Sets the \fBUser\-Agent\fR header string\.
54
+ .TP
55
+ \fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
56
+ Sets the \fBUser\-Agent\fR header\.
57
+ .TP
58
+ \fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
39
59
  Sets the raw \fBCookie\fR header\.
40
- .LP
41
60
  .TP
42
- \fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
61
+ \fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
43
62
  Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
44
- .LP
45
63
  .TP
46
- \fB-R\fR, \fB--referer\fR \fIURL\fP
64
+ \fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
47
65
  Sets the \fBReferer\fR header\.
48
- .LP
49
66
  .TP
50
- \fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
67
+ \fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
51
68
  Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
52
- .LP
53
69
  .TP
54
- \fB--test-query-param\fR \fINAME\fP
70
+ \fB\-\-test\-query\-param\fR \fINAME\fP
55
71
  Tests the URL query param name\.
56
- .LP
57
72
  .TP
58
- \fB--test-all-query-params\fR
73
+ \fB\-\-test\-all\-query\-params\fR
59
74
  Test all URL query param names\.
60
- .LP
61
75
  .TP
62
- \fB--test-header-name\fR \fINAME\fP
76
+ \fB\-\-test\-header\-name\fR \fINAME\fP
63
77
  Tests the HTTP Header name\.
64
- .LP
65
78
  .TP
66
- \fB--test-cookie-param\fR \fINAME\fP
79
+ \fB\-\-test\-cookie\-param\fR \fINAME\fP
67
80
  Tests the HTTP Cookie name\.
68
- .LP
69
81
  .TP
70
- \fB--test-all-cookie-params\fR
82
+ \fB\-\-test\-all\-cookie\-params\fR
71
83
  Test all Cookie param names\.
72
- .LP
73
84
  .TP
74
- \fB--test-form-param\fR \fINAME\fP
85
+ \fB\-\-test\-form\-param\fR \fINAME\fP
75
86
  Tests the form param name\.
76
- .LP
77
87
  .TP
78
- \fB-i\fR, \fB--input\fR \fIFILE\fP
88
+ \fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
79
89
  Reads URLs from the given \fIFILE\fP\.
80
- .LP
81
90
  .TP
82
- \fB-h\fR, \fB--help\fR
91
+ \fB\-h\fR, \fB\-\-help\fR
83
92
  Print help information\.
84
- .LP
85
93
  .SH AUTHOR
86
- .LP
87
94
  .PP
88
95
  Postmodern
89
96
  .MT postmodern\.mod3\[at]gmail\.com
90
97
  .ME
91
- .LP
92
98
  .SH SEE ALSO
93
- .LP
94
99
  .PP
95
- ronin\-vulns\-scan(1)
100
+ .BR ronin\-vulns\-scan (1)
@@ -1,5 +1,9 @@
1
1
  # ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
2
2
 
3
+ ## NAME
4
+
5
+ ronin-vulns-reflected-xss - Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities
6
+
3
7
  ## SYNOPSIS
4
8
 
5
9
  `ronin-vulns reflected-xss` [*options*] {*URL* ... \| `--input` *FILE*}
@@ -13,54 +17,82 @@ to scan can be given as additional arguments or read from a file using the
13
17
  ## ARGUMENTS
14
18
 
15
19
  *URL*
16
- A URL to scan.
20
+ : A URL to scan.
17
21
 
18
22
  ## OPTIONS
19
23
 
24
+ `--db` *NAME*
25
+ : The database name to connect to. Defaults to `default` if not given.
26
+
27
+ `--db-uri` *URI*
28
+ : The database URI to connect to
29
+ (ex: `postgres://user:password@host/db`).
30
+
31
+ `--db-file` *PATH*
32
+ : The sqlite3 database file to use.
33
+
34
+ `--import`
35
+ : Imports discovered vulnerabilities into the database.
36
+
20
37
  `--first`
21
- Only find the first vulnerability for each URL.
38
+ : Only find the first vulnerability for each URL.
22
39
 
23
40
  `-A`, `--all`
24
- Find all vulnerabilities for each URL.
41
+ : Find all vulnerabilities for each URL.
42
+
43
+ `--print-curl`
44
+ : Also prints an example `curl` command for each vulnerability.
45
+
46
+ `--print-http`
47
+ : Also prints an example HTTP request for each vulnerability.
48
+
49
+ `-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
50
+ : Sets the HTTP request method to use.
25
51
 
26
52
  `-H`, `--header` "*Name*: *value*"
27
- Sets an additional header using the given *Name* and *value*.
53
+ : Sets an additional header using the given *Name* and *value*.
54
+
55
+ `-U`, `--user-agent-string` *STRING*
56
+ : Sets the `User-Agent` header string.
57
+
58
+ `-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
59
+ : Sets the `User-Agent` header.
28
60
 
29
61
  `-C`, `--cookie` *COOKIE*
30
- Sets the raw `Cookie` header.
62
+ : Sets the raw `Cookie` header.
31
63
 
32
64
  `-c`, `--cookie-param` *NAME*`=`*VALUE*
33
- Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
65
+ : Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
34
66
 
35
67
  `-R`, `--referer` *URL*
36
- Sets the `Referer` header.
68
+ : Sets the `Referer` header.
37
69
 
38
70
  `-F`, `--form-param` *NAME*`=`*VALUE*
39
- Sets an additional form param using the given *NAME* and *VALUE*.
71
+ : Sets an additional form param using the given *NAME* and *VALUE*.
40
72
 
41
73
  `--test-query-param` *NAME*
42
- Tests the URL query param name.
74
+ : Tests the URL query param name.
43
75
 
44
76
  `--test-all-query-params`
45
- Test all URL query param names.
77
+ : Test all URL query param names.
46
78
 
47
79
  `--test-header-name` *NAME*
48
- Tests the HTTP Header name.
80
+ : Tests the HTTP Header name.
49
81
 
50
82
  `--test-cookie-param` *NAME*
51
- Tests the HTTP Cookie name.
83
+ : Tests the HTTP Cookie name.
52
84
 
53
85
  `--test-all-cookie-params`
54
- Test all Cookie param names.
86
+ : Test all Cookie param names.
55
87
 
56
88
  `--test-form-param` *NAME*
57
- Tests the form param name.
89
+ : Tests the form param name.
58
90
 
59
91
  `-i`, `--input` *FILE*
60
- Reads URLs from the given *FILE*.
92
+ : Reads URLs from the given *FILE*.
61
93
 
62
94
  `-h`, `--help`
63
- Print help information.
95
+ : Print help information.
64
96
 
65
97
  ## AUTHOR
66
98
 
@@ -68,4 +100,4 @@ Postmodern <postmodern.mod3@gmail.com>
68
100
 
69
101
  ## SEE ALSO
70
102
 
71
- ronin-vulns-scan(1)
103
+ [ronin-vulns-scan](ronin-vulns-scan.1.md)
@@ -1,107 +1,109 @@
1
- .\" Generated by kramdown-man 0.1.9
1
+ .\" Generated by kramdown-man 1.0.1
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
4
- .LP
4
+ .SH NAME
5
+ .PP
6
+ ronin\-vulns\-rfi \- Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities
5
7
  .SH SYNOPSIS
6
- .LP
7
8
  .PP
8
- \fBronin-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
- .LP
9
+ \fBronin\-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB\-\-input\fR \fIFILE\fP\[rC]
10
10
  .SH DESCRIPTION
11
- .LP
12
11
  .PP
13
12
  Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities\. The URLs to scan
14
- can be given as additional arguments or read from a file using the \fB--input\fR
13
+ can be given as additional arguments or read from a file using the \fB\-\-input\fR
15
14
  option\.
16
- .LP
17
15
  .SH ARGUMENTS
18
- .LP
19
16
  .TP
20
17
  \fIURL\fP
21
18
  A URL to scan\.
22
- .LP
23
19
  .SH OPTIONS
24
- .LP
25
20
  .TP
26
- \fB--first\fR
21
+ \fB\-\-db\fR \fINAME\fP
22
+ The database name to connect to\. Defaults to \fBdefault\fR if not given\.
23
+ .TP
24
+ \fB\-\-db\-uri\fR \fIURI\fP
25
+ The database URI to connect to
26
+ (ex: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]db\fR)\.
27
+ .TP
28
+ \fB\-\-db\-file\fR \fIPATH\fP
29
+ The sqlite3 database file to use\.
30
+ .TP
31
+ \fB\-\-import\fR
32
+ Imports discovered vulnerabilities into the database\.
33
+ .TP
34
+ \fB\-\-first\fR
27
35
  Only find the first vulnerability for each URL\.
28
- .LP
29
36
  .TP
30
- \fB-A\fR, \fB--all\fR
37
+ \fB\-A\fR, \fB\-\-all\fR
31
38
  Find all vulnerabilities for each URL\.
32
- .LP
33
39
  .TP
34
- \fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
40
+ \fB\-\-print\-curl\fR
41
+ Also prints an example \fBcurl\fR command for each vulnerability\.
42
+ .TP
43
+ \fB\-\-print\-http\fR
44
+ Also prints an example HTTP request for each vulnerability\.
45
+ .TP
46
+ \fB\-M\fR, \fB\-\-request\-method\fR \fBCOPY\fR\[or]\fBDELETE\fR\[or]\fBGET\fR\[or]\fBHEAD\fR\[or]\fBLOCK\fR\[or]\fBMKCOL\fR\[or]\fBMOVE\fR\[or]\fBOPTIONS\fR\[or]\fBPATCH\fR\[or]\fBPOST\fR\[or]\fBPROPFIND\fR\[or]\fBPROPPATCH\fR\[or]\fBPUT\fR\[or]\fBTRACE\fR\[or]\fBUNLOCK\fR
47
+ Sets the HTTP request method to use\.
48
+ .TP
49
+ \fB\-H\fR, \fB\-\-header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
35
50
  Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
36
- .LP
37
51
  .TP
38
- \fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
52
+ \fB\-U\fR, \fB\-\-user\-agent\-string\fR \fISTRING\fP
53
+ Sets the \fBUser\-Agent\fR header string\.
54
+ .TP
55
+ \fB\-u\fR, \fB\-\-user\-agent\fR \fBchrome\-linux\fR\[or]\fBchrome\-macos\fR\[or]\fBchrome\-windows\fR\[or]\fBchrome\-iphone\fR\[or]\fBchrome\-ipad\fR\[or]\fBchrome\-android\fR\[or]\fBfirefox\-linux\fR\[or]\fBfirefox\-macos\fR\[or]\fBfirefox\-windows\fR\[or]\fBfirefox\-iphone\fR\[or]\fBfirefox\-ipad\fR\[or]\fBfirefox\-android\fR\[or]\fBsafari\-macos\fR\[or]\fBsafari\-iphone\fR\[or]\fBsafari\-ipad\fR\[or]\fBedge\fR
56
+ Sets the \fBUser\-Agent\fR header\.
57
+ .TP
58
+ \fB\-C\fR, \fB\-\-cookie\fR \fICOOKIE\fP
39
59
  Sets the raw \fBCookie\fR header\.
40
- .LP
41
60
  .TP
42
- \fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
61
+ \fB\-c\fR, \fB\-\-cookie\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
43
62
  Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
44
- .LP
45
63
  .TP
46
- \fB-R\fR, \fB--referer\fR \fIURL\fP
64
+ \fB\-R\fR, \fB\-\-referer\fR \fIURL\fP
47
65
  Sets the \fBReferer\fR header\.
48
- .LP
49
66
  .TP
50
- \fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
67
+ \fB\-F\fR, \fB\-\-form\-param\fR \fINAME\fP\fB\[eq]\fR\fIVALUE\fP
51
68
  Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
52
- .LP
53
69
  .TP
54
- \fB--test-query-param\fR \fINAME\fP
70
+ \fB\-\-test\-query\-param\fR \fINAME\fP
55
71
  Tests the URL query param name\.
56
- .LP
57
72
  .TP
58
- \fB--test-all-query-params\fR
73
+ \fB\-\-test\-all\-query\-params\fR
59
74
  Test all URL query param names\.
60
- .LP
61
75
  .TP
62
- \fB--test-header-name\fR \fINAME\fP
76
+ \fB\-\-test\-header\-name\fR \fINAME\fP
63
77
  Tests the HTTP Header name\.
64
- .LP
65
78
  .TP
66
- \fB--test-cookie-param\fR \fINAME\fP
79
+ \fB\-\-test\-cookie\-param\fR \fINAME\fP
67
80
  Tests the HTTP Cookie name\.
68
- .LP
69
81
  .TP
70
- \fB--test-all-cookie-params\fR
82
+ \fB\-\-test\-all\-cookie\-params\fR
71
83
  Test all Cookie param names\.
72
- .LP
73
84
  .TP
74
- \fB--test-form-param\fR \fINAME\fP
85
+ \fB\-\-test\-form\-param\fR \fINAME\fP
75
86
  Tests the form param name\.
76
- .LP
77
87
  .TP
78
- \fB-i\fR, \fB--input\fR \fIFILE\fP
88
+ \fB\-i\fR, \fB\-\-input\fR \fIFILE\fP
79
89
  Reads URLs from the given \fIFILE\fP\.
80
- .LP
81
90
  .TP
82
- \fB-B\fR, \fB--filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
91
+ \fB\-B\fR, \fB\-\-filter\-bypass\fR \fBdouble\-encode\fR\[or]\fBsuffix\-escape\fR\[or]\fBnull\-byte\fR
83
92
  Optional filter\-bypass strategy to use\.
84
- .LP
85
- .PP
86
- \fB-S\fR, \fB--script-lang\fR \fBasp\|\fRasp\.net\fB\|\fRcoldfusion\fB\|\fRjsp\fB\|\fRphp\fB\|\fRperl\`
93
+ .TP
94
+ \fB\-S\fR, \fB\-\-script\-lang\fR \fBasp\e\[or]\fRasp\.net\fB\e\[or]\fRcoldfusion\fB\e\[or]\fRjsp\fB\e\[or]\fRphp\fB\e\[or]\fRperl\`
87
95
  Explicitly specify the scripting language to test for\.
88
- .LP
89
96
  .TP
90
- \fB-T\fR, \fB--test-script-url\fR \fIURL\fP
97
+ \fB\-T\fR, \fB\-\-test\-script\-url\fR \fIURL\fP
91
98
  Use an alternative test script \fIURL\fP\.
92
- .LP
93
99
  .TP
94
- \fB-h\fR, \fB--help\fR
100
+ \fB\-h\fR, \fB\-\-help\fR
95
101
  Print help information\.
96
- .LP
97
102
  .SH AUTHOR
98
- .LP
99
103
  .PP
100
104
  Postmodern
101
105
  .MT postmodern\.mod3\[at]gmail\.com
102
106
  .ME
103
- .LP
104
107
  .SH SEE ALSO
105
- .LP
106
108
  .PP
107
- ronin\-vulns\-scan(1)
109
+ .BR ronin\-vulns\-scan (1)
@@ -1,5 +1,9 @@
1
1
  # ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
2
2
 
3
+ ## NAME
4
+
5
+ ronin-vulns-rfi - Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities
6
+
3
7
  ## SYNOPSIS
4
8
 
5
9
  `ronin-vulns rfi` [*options*] {*URL* ... \| `--input` *FILE*}
@@ -13,63 +17,91 @@ option.
13
17
  ## ARGUMENTS
14
18
 
15
19
  *URL*
16
- A URL to scan.
20
+ : A URL to scan.
17
21
 
18
22
  ## OPTIONS
19
23
 
24
+ `--db` *NAME*
25
+ : The database name to connect to. Defaults to `default` if not given.
26
+
27
+ `--db-uri` *URI*
28
+ : The database URI to connect to
29
+ (ex: `postgres://user:password@host/db`).
30
+
31
+ `--db-file` *PATH*
32
+ : The sqlite3 database file to use.
33
+
34
+ `--import`
35
+ : Imports discovered vulnerabilities into the database.
36
+
20
37
  `--first`
21
- Only find the first vulnerability for each URL.
38
+ : Only find the first vulnerability for each URL.
22
39
 
23
40
  `-A`, `--all`
24
- Find all vulnerabilities for each URL.
41
+ : Find all vulnerabilities for each URL.
42
+
43
+ `--print-curl`
44
+ : Also prints an example `curl` command for each vulnerability.
45
+
46
+ `--print-http`
47
+ : Also prints an example HTTP request for each vulnerability.
48
+
49
+ `-M`, `--request-method` `COPY`|`DELETE`|`GET`|`HEAD`|`LOCK`|`MKCOL`|`MOVE`|`OPTIONS`|`PATCH`|`POST`|`PROPFIND`|`PROPPATCH`|`PUT`|`TRACE`|`UNLOCK`
50
+ : Sets the HTTP request method to use.
25
51
 
26
52
  `-H`, `--header` "*Name*: *value*"
27
- Sets an additional header using the given *Name* and *value*.
53
+ : Sets an additional header using the given *Name* and *value*.
54
+
55
+ `-U`, `--user-agent-string` *STRING*
56
+ : Sets the `User-Agent` header string.
57
+
58
+ `-u`, `--user-agent` `chrome-linux`\|`chrome-macos`\|`chrome-windows`\|`chrome-iphone`\|`chrome-ipad`\|`chrome-android`\|`firefox-linux`\|`firefox-macos`\|`firefox-windows`\|`firefox-iphone`\|`firefox-ipad`\|`firefox-android`\|`safari-macos`\|`safari-iphone`\|`safari-ipad`\|`edge`
59
+ : Sets the `User-Agent` header.
28
60
 
29
61
  `-C`, `--cookie` *COOKIE*
30
- Sets the raw `Cookie` header.
62
+ : Sets the raw `Cookie` header.
31
63
 
32
64
  `-c`, `--cookie-param` *NAME*`=`*VALUE*
33
- Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
65
+ : Sets an additional `Cookie` param using the given *NAME* and *VALUE*.
34
66
 
35
67
  `-R`, `--referer` *URL*
36
- Sets the `Referer` header.
68
+ : Sets the `Referer` header.
37
69
 
38
70
  `-F`, `--form-param` *NAME*`=`*VALUE*
39
- Sets an additional form param using the given *NAME* and *VALUE*.
71
+ : Sets an additional form param using the given *NAME* and *VALUE*.
40
72
 
41
73
  `--test-query-param` *NAME*
42
- Tests the URL query param name.
74
+ : Tests the URL query param name.
43
75
 
44
76
  `--test-all-query-params`
45
- Test all URL query param names.
77
+ : Test all URL query param names.
46
78
 
47
79
  `--test-header-name` *NAME*
48
- Tests the HTTP Header name.
80
+ : Tests the HTTP Header name.
49
81
 
50
82
  `--test-cookie-param` *NAME*
51
- Tests the HTTP Cookie name.
83
+ : Tests the HTTP Cookie name.
52
84
 
53
85
  `--test-all-cookie-params`
54
- Test all Cookie param names.
86
+ : Test all Cookie param names.
55
87
 
56
88
  `--test-form-param` *NAME*
57
- Tests the form param name.
89
+ : Tests the form param name.
58
90
 
59
91
  `-i`, `--input` *FILE*
60
- Reads URLs from the given *FILE*.
92
+ : Reads URLs from the given *FILE*.
61
93
 
62
94
  `-B`, `--filter-bypass` `double-encode`\|`suffix-escape`\|`null-byte`
63
- Optional filter-bypass strategy to use.
95
+ : Optional filter-bypass strategy to use.
64
96
 
65
97
  `-S`, `--script-lang` `asp\|`asp.net`\|`coldfusion`\|`jsp`\|`php`\|`perl`
66
- Explicitly specify the scripting language to test for.
98
+ : Explicitly specify the scripting language to test for.
67
99
 
68
100
  `-T`, `--test-script-url` *URL*
69
- Use an alternative test script *URL*.
101
+ : Use an alternative test script *URL*.
70
102
 
71
103
  `-h`, `--help`
72
- Print help information.
104
+ : Print help information.
73
105
 
74
106
  ## AUTHOR
75
107
 
@@ -77,4 +109,4 @@ Postmodern <postmodern.mod3@gmail.com>
77
109
 
78
110
  ## SEE ALSO
79
111
 
80
- ronin-vulns-scan(1)
112
+ [ronin-vulns-scan](ronin-vulns-scan.1.md)