ronin-vulns 0.1.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +5 -0
- data/.github/workflows/ruby.yml +31 -0
- data/.gitignore +13 -0
- data/.rspec +1 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +22 -0
- data/Gemfile +34 -0
- data/README.md +328 -0
- data/Rakefile +34 -0
- data/bin/ronin-vulns +19 -0
- data/data/rfi_test.asp +21 -0
- data/data/rfi_test.aspx +25 -0
- data/data/rfi_test.cfm +27 -0
- data/data/rfi_test.jsp +19 -0
- data/data/rfi_test.php +24 -0
- data/data/rfi_test.pl +25 -0
- data/gemspec.yml +41 -0
- data/lib/ronin/vulns/cli/command.rb +39 -0
- data/lib/ronin/vulns/cli/commands/lfi.rb +145 -0
- data/lib/ronin/vulns/cli/commands/open_redirect.rb +119 -0
- data/lib/ronin/vulns/cli/commands/reflected_xss.rb +99 -0
- data/lib/ronin/vulns/cli/commands/rfi.rb +156 -0
- data/lib/ronin/vulns/cli/commands/scan.rb +316 -0
- data/lib/ronin/vulns/cli/commands/sqli.rb +133 -0
- data/lib/ronin/vulns/cli/commands/ssti.rb +126 -0
- data/lib/ronin/vulns/cli/logging.rb +78 -0
- data/lib/ronin/vulns/cli/web_vuln_command.rb +347 -0
- data/lib/ronin/vulns/cli.rb +45 -0
- data/lib/ronin/vulns/lfi/test_file.rb +91 -0
- data/lib/ronin/vulns/lfi.rb +266 -0
- data/lib/ronin/vulns/open_redirect.rb +118 -0
- data/lib/ronin/vulns/reflected_xss/context.rb +224 -0
- data/lib/ronin/vulns/reflected_xss/test_string.rb +149 -0
- data/lib/ronin/vulns/reflected_xss.rb +184 -0
- data/lib/ronin/vulns/rfi.rb +224 -0
- data/lib/ronin/vulns/root.rb +28 -0
- data/lib/ronin/vulns/sqli/error_pattern.rb +89 -0
- data/lib/ronin/vulns/sqli.rb +397 -0
- data/lib/ronin/vulns/ssti/test_expression.rb +104 -0
- data/lib/ronin/vulns/ssti.rb +203 -0
- data/lib/ronin/vulns/url_scanner.rb +218 -0
- data/lib/ronin/vulns/version.rb +26 -0
- data/lib/ronin/vulns/vuln.rb +49 -0
- data/lib/ronin/vulns/web_vuln/http_request.rb +223 -0
- data/lib/ronin/vulns/web_vuln.rb +774 -0
- data/man/ronin-vulns-lfi.1 +107 -0
- data/man/ronin-vulns-lfi.1.md +80 -0
- data/man/ronin-vulns-open-redirect.1 +98 -0
- data/man/ronin-vulns-open-redirect.1.md +73 -0
- data/man/ronin-vulns-reflected-xss.1 +95 -0
- data/man/ronin-vulns-reflected-xss.1.md +71 -0
- data/man/ronin-vulns-rfi.1 +107 -0
- data/man/ronin-vulns-rfi.1.md +80 -0
- data/man/ronin-vulns-scan.1 +138 -0
- data/man/ronin-vulns-scan.1.md +103 -0
- data/man/ronin-vulns-sqli.1 +107 -0
- data/man/ronin-vulns-sqli.1.md +80 -0
- data/man/ronin-vulns-ssti.1 +99 -0
- data/man/ronin-vulns-ssti.1.md +74 -0
- data/ronin-vulns.gemspec +60 -0
- metadata +161 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 3a7f0f97531b93caf6893b805e9326dc9836d903db94b0b5387d96b3d555986b
|
4
|
+
data.tar.gz: ea9163ac70cac3ebb7ad3ee66090e1e0a1c90f6f66c04d9112fe5c093632ed7f
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: d307c996fa6692769a953a53e9931c6fd067ea4f13d2a642be8a575a1020766aa85be7dbdc1b02b1dcf123013be3859aff61562b17528609e68d3d37b4cd60e5
|
7
|
+
data.tar.gz: '048a760dbbbb9dcd3dedcbe2ba8730e819d8441065e7df2c2a0cead82f694f26c9c78141590b1455d44f64ac09554f64b57c8ca71c643473da09f9c99d8f1463'
|
data/.document
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on: [ push, pull_request ]
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
tests:
|
7
|
+
runs-on: ubuntu-latest
|
8
|
+
strategy:
|
9
|
+
fail-fast: false
|
10
|
+
matrix:
|
11
|
+
ruby:
|
12
|
+
- '3.0'
|
13
|
+
- '3.1'
|
14
|
+
- '3.2'
|
15
|
+
# - jruby
|
16
|
+
- truffleruby
|
17
|
+
name: Ruby ${{ matrix.ruby }}
|
18
|
+
steps:
|
19
|
+
- uses: actions/checkout@v2
|
20
|
+
- name: Set up Ruby
|
21
|
+
uses: ruby/setup-ruby@v1
|
22
|
+
with:
|
23
|
+
ruby-version: ${{ matrix.ruby }}
|
24
|
+
- name: Install libsqlite3
|
25
|
+
run: |
|
26
|
+
sudo apt update -y && \
|
27
|
+
sudo apt install -y --no-install-recommends --no-install-suggests libsqlite3-dev
|
28
|
+
- name: Install dependencies
|
29
|
+
run: bundle install --jobs 4 --retry 3
|
30
|
+
- name: Run tests
|
31
|
+
run: bundle exec rake test
|
data/.gitignore
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--colour --format documentation
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby-3.1
|
data/.yardopts
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--markup markdown --title 'ronin-vulns Documentation' --protected
|
data/COPYING.txt
ADDED
@@ -0,0 +1,165 @@
|
|
1
|
+
GNU LESSER GENERAL PUBLIC LICENSE
|
2
|
+
Version 3, 29 June 2007
|
3
|
+
|
4
|
+
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
5
|
+
Everyone is permitted to copy and distribute verbatim copies
|
6
|
+
of this license document, but changing it is not allowed.
|
7
|
+
|
8
|
+
|
9
|
+
This version of the GNU Lesser General Public License incorporates
|
10
|
+
the terms and conditions of version 3 of the GNU General Public
|
11
|
+
License, supplemented by the additional permissions listed below.
|
12
|
+
|
13
|
+
0. Additional Definitions.
|
14
|
+
|
15
|
+
As used herein, "this License" refers to version 3 of the GNU Lesser
|
16
|
+
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
17
|
+
General Public License.
|
18
|
+
|
19
|
+
"The Library" refers to a covered work governed by this License,
|
20
|
+
other than an Application or a Combined Work as defined below.
|
21
|
+
|
22
|
+
An "Application" is any work that makes use of an interface provided
|
23
|
+
by the Library, but which is not otherwise based on the Library.
|
24
|
+
Defining a subclass of a class defined by the Library is deemed a mode
|
25
|
+
of using an interface provided by the Library.
|
26
|
+
|
27
|
+
A "Combined Work" is a work produced by combining or linking an
|
28
|
+
Application with the Library. The particular version of the Library
|
29
|
+
with which the Combined Work was made is also called the "Linked
|
30
|
+
Version".
|
31
|
+
|
32
|
+
The "Minimal Corresponding Source" for a Combined Work means the
|
33
|
+
Corresponding Source for the Combined Work, excluding any source code
|
34
|
+
for portions of the Combined Work that, considered in isolation, are
|
35
|
+
based on the Application, and not on the Linked Version.
|
36
|
+
|
37
|
+
The "Corresponding Application Code" for a Combined Work means the
|
38
|
+
object code and/or source code for the Application, including any data
|
39
|
+
and utility programs needed for reproducing the Combined Work from the
|
40
|
+
Application, but excluding the System Libraries of the Combined Work.
|
41
|
+
|
42
|
+
1. Exception to Section 3 of the GNU GPL.
|
43
|
+
|
44
|
+
You may convey a covered work under sections 3 and 4 of this License
|
45
|
+
without being bound by section 3 of the GNU GPL.
|
46
|
+
|
47
|
+
2. Conveying Modified Versions.
|
48
|
+
|
49
|
+
If you modify a copy of the Library, and, in your modifications, a
|
50
|
+
facility refers to a function or data to be supplied by an Application
|
51
|
+
that uses the facility (other than as an argument passed when the
|
52
|
+
facility is invoked), then you may convey a copy of the modified
|
53
|
+
version:
|
54
|
+
|
55
|
+
a) under this License, provided that you make a good faith effort to
|
56
|
+
ensure that, in the event an Application does not supply the
|
57
|
+
function or data, the facility still operates, and performs
|
58
|
+
whatever part of its purpose remains meaningful, or
|
59
|
+
|
60
|
+
b) under the GNU GPL, with none of the additional permissions of
|
61
|
+
this License applicable to that copy.
|
62
|
+
|
63
|
+
3. Object Code Incorporating Material from Library Header Files.
|
64
|
+
|
65
|
+
The object code form of an Application may incorporate material from
|
66
|
+
a header file that is part of the Library. You may convey such object
|
67
|
+
code under terms of your choice, provided that, if the incorporated
|
68
|
+
material is not limited to numerical parameters, data structure
|
69
|
+
layouts and accessors, or small macros, inline functions and templates
|
70
|
+
(ten or fewer lines in length), you do both of the following:
|
71
|
+
|
72
|
+
a) Give prominent notice with each copy of the object code that the
|
73
|
+
Library is used in it and that the Library and its use are
|
74
|
+
covered by this License.
|
75
|
+
|
76
|
+
b) Accompany the object code with a copy of the GNU GPL and this license
|
77
|
+
document.
|
78
|
+
|
79
|
+
4. Combined Works.
|
80
|
+
|
81
|
+
You may convey a Combined Work under terms of your choice that,
|
82
|
+
taken together, effectively do not restrict modification of the
|
83
|
+
portions of the Library contained in the Combined Work and reverse
|
84
|
+
engineering for debugging such modifications, if you also do each of
|
85
|
+
the following:
|
86
|
+
|
87
|
+
a) Give prominent notice with each copy of the Combined Work that
|
88
|
+
the Library is used in it and that the Library and its use are
|
89
|
+
covered by this License.
|
90
|
+
|
91
|
+
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
92
|
+
document.
|
93
|
+
|
94
|
+
c) For a Combined Work that displays copyright notices during
|
95
|
+
execution, include the copyright notice for the Library among
|
96
|
+
these notices, as well as a reference directing the user to the
|
97
|
+
copies of the GNU GPL and this license document.
|
98
|
+
|
99
|
+
d) Do one of the following:
|
100
|
+
|
101
|
+
0) Convey the Minimal Corresponding Source under the terms of this
|
102
|
+
License, and the Corresponding Application Code in a form
|
103
|
+
suitable for, and under terms that permit, the user to
|
104
|
+
recombine or relink the Application with a modified version of
|
105
|
+
the Linked Version to produce a modified Combined Work, in the
|
106
|
+
manner specified by section 6 of the GNU GPL for conveying
|
107
|
+
Corresponding Source.
|
108
|
+
|
109
|
+
1) Use a suitable shared library mechanism for linking with the
|
110
|
+
Library. A suitable mechanism is one that (a) uses at run time
|
111
|
+
a copy of the Library already present on the user's computer
|
112
|
+
system, and (b) will operate properly with a modified version
|
113
|
+
of the Library that is interface-compatible with the Linked
|
114
|
+
Version.
|
115
|
+
|
116
|
+
e) Provide Installation Information, but only if you would otherwise
|
117
|
+
be required to provide such information under section 6 of the
|
118
|
+
GNU GPL, and only to the extent that such information is
|
119
|
+
necessary to install and execute a modified version of the
|
120
|
+
Combined Work produced by recombining or relinking the
|
121
|
+
Application with a modified version of the Linked Version. (If
|
122
|
+
you use option 4d0, the Installation Information must accompany
|
123
|
+
the Minimal Corresponding Source and Corresponding Application
|
124
|
+
Code. If you use option 4d1, you must provide the Installation
|
125
|
+
Information in the manner specified by section 6 of the GNU GPL
|
126
|
+
for conveying Corresponding Source.)
|
127
|
+
|
128
|
+
5. Combined Libraries.
|
129
|
+
|
130
|
+
You may place library facilities that are a work based on the
|
131
|
+
Library side by side in a single library together with other library
|
132
|
+
facilities that are not Applications and are not covered by this
|
133
|
+
License, and convey such a combined library under terms of your
|
134
|
+
choice, if you do both of the following:
|
135
|
+
|
136
|
+
a) Accompany the combined library with a copy of the same work based
|
137
|
+
on the Library, uncombined with any other library facilities,
|
138
|
+
conveyed under the terms of this License.
|
139
|
+
|
140
|
+
b) Give prominent notice with the combined library that part of it
|
141
|
+
is a work based on the Library, and explaining where to find the
|
142
|
+
accompanying uncombined form of the same work.
|
143
|
+
|
144
|
+
6. Revised Versions of the GNU Lesser General Public License.
|
145
|
+
|
146
|
+
The Free Software Foundation may publish revised and/or new versions
|
147
|
+
of the GNU Lesser General Public License from time to time. Such new
|
148
|
+
versions will be similar in spirit to the present version, but may
|
149
|
+
differ in detail to address new problems or concerns.
|
150
|
+
|
151
|
+
Each version is given a distinguishing version number. If the
|
152
|
+
Library as you received it specifies that a certain numbered version
|
153
|
+
of the GNU Lesser General Public License "or any later version"
|
154
|
+
applies to it, you have the option of following the terms and
|
155
|
+
conditions either of that published version or of any later version
|
156
|
+
published by the Free Software Foundation. If the Library as you
|
157
|
+
received it does not specify a version number of the GNU Lesser
|
158
|
+
General Public License, you may choose any version of the GNU Lesser
|
159
|
+
General Public License ever published by the Free Software Foundation.
|
160
|
+
|
161
|
+
If the Library as you received it specifies that a proxy can decide
|
162
|
+
whether future versions of the GNU Lesser General Public License shall
|
163
|
+
apply, that proxy's public statement of acceptance of any version is
|
164
|
+
permanent authorization for you to choose that version for the
|
165
|
+
Library.
|
data/ChangeLog.md
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
### 0.1.0 / 2023-XX-XX
|
2
|
+
|
3
|
+
* Initial release:
|
4
|
+
* Require `ruby` >= 3.0.0.
|
5
|
+
* Supports testing for:
|
6
|
+
* Local File Inclusion (LFI)
|
7
|
+
* Remote File Inclusion (RFI)
|
8
|
+
* PHP
|
9
|
+
* ASP Class / ASP.NET
|
10
|
+
* JSP
|
11
|
+
* ColdFusion
|
12
|
+
* Perl
|
13
|
+
* SQL Injection (SQLi)
|
14
|
+
* Reflected Cross Site Scripting (XSS)
|
15
|
+
* Server Side Template Injection (SSTI)
|
16
|
+
* Open Redirects
|
17
|
+
* Supports testing:
|
18
|
+
* URL query parameters.
|
19
|
+
* HTTP Headers.
|
20
|
+
* HTTP `Cookie` parameters.
|
21
|
+
* Form parameters.
|
22
|
+
|
data/Gemfile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
source 'https://rubygems.org'
|
2
|
+
|
3
|
+
gemspec
|
4
|
+
|
5
|
+
gem 'jruby-openssl', '~> 0.7', platforms: :jruby
|
6
|
+
|
7
|
+
# gem 'command_kit', '~> 0.4', github: 'postmodern/command_kit.rb',
|
8
|
+
# branch: '0.4.0'
|
9
|
+
|
10
|
+
# Ronin dependencies
|
11
|
+
# gem 'ronin-support', '~> 1.0', github: "ronin-rb/ronin-support",
|
12
|
+
# branch: 'main'
|
13
|
+
# gem 'ronin-core', '~> 0.1', github: "ronin-rb/ronin-core",
|
14
|
+
# branch: 'main'
|
15
|
+
|
16
|
+
group :development do
|
17
|
+
gem 'rake'
|
18
|
+
gem 'rubygems-tasks', '~> 0.2'
|
19
|
+
|
20
|
+
gem 'rspec', '~> 3.0'
|
21
|
+
gem 'webmock', '~> 3.0'
|
22
|
+
gem 'simplecov', '~> 0.20'
|
23
|
+
|
24
|
+
gem 'kramdown', '~> 2.0'
|
25
|
+
gem 'kramdown-man', '~> 0.1'
|
26
|
+
|
27
|
+
gem 'redcarpet', platform: :mri
|
28
|
+
gem 'yard', '~> 0.9'
|
29
|
+
gem 'yard-spellcheck', require: false
|
30
|
+
|
31
|
+
gem 'dead_end', require: false
|
32
|
+
gem 'sord', require: false
|
33
|
+
gem 'stackprof', require: false
|
34
|
+
end
|
data/README.md
ADDED
@@ -0,0 +1,328 @@
|
|
1
|
+
# ronin-vulns
|
2
|
+
|
3
|
+
[![CI](https://github.com/ronin-rb/ronin-vulns/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-vulns/actions/workflows/ruby.yml)
|
4
|
+
[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-vulns.svg)](https://codeclimate.com/github/ronin-rb/ronin-vulns)
|
5
|
+
|
6
|
+
* [Website](https://ronin-rb.dev/)
|
7
|
+
* [Source](https://github.com/ronin-rb/ronin-vulns)
|
8
|
+
* [Issues](https://github.com/ronin-rb/ronin-vulns/issues)
|
9
|
+
* [Documentation](https://ronin-rb.dev/docs/ronin-vulns/frames)
|
10
|
+
* [Discord](https://discord.gg/6WAb3PsVX9) |
|
11
|
+
[Twitter](https://twitter.com/ronin_rb) |
|
12
|
+
[Mastodon](https://infosec.exchange/@ronin_rb)
|
13
|
+
|
14
|
+
## Description
|
15
|
+
|
16
|
+
ronin-vulns is a Ruby library for blind vulnerability testing. It currently
|
17
|
+
supports testing for Local File Inclusion (LFI), Remote File Inclusion (RFI),
|
18
|
+
SQL injection (SQLi), reflective Cross Site Scripting (XSS), and Server Side
|
19
|
+
Template Injection (SSTI), and Open Redirects.
|
20
|
+
|
21
|
+
ronin-vulns is part of the [ronin-rb] project, a [Ruby] toolkit for security
|
22
|
+
research and development.
|
23
|
+
|
24
|
+
## Features
|
25
|
+
|
26
|
+
* Supports testing for:
|
27
|
+
* Local File Inclusion (LFI)
|
28
|
+
* Remote File Inclusion (RFI)
|
29
|
+
* PHP
|
30
|
+
* ASP Class / ASP.NET
|
31
|
+
* JSP
|
32
|
+
* ColdFusion
|
33
|
+
* Perl
|
34
|
+
* SQL Injection (SQLi)
|
35
|
+
* Reflected Cross Site Scripting (XSS)
|
36
|
+
* Server Side Template Injection (SSTI)
|
37
|
+
* Open Redirects
|
38
|
+
* Supports testing:
|
39
|
+
* URL query parameters.
|
40
|
+
* HTTP Headers.
|
41
|
+
* HTTP `Cookie` parameters.
|
42
|
+
* Form parameters.
|
43
|
+
* Has 96% documentation coverage.
|
44
|
+
* Has 99% test coverage.
|
45
|
+
|
46
|
+
## Synopsis
|
47
|
+
|
48
|
+
```
|
49
|
+
Usage: ronin-vulns [options] [COMMAND [ARGS...]]
|
50
|
+
|
51
|
+
Options:
|
52
|
+
-h, --help Print help information
|
53
|
+
|
54
|
+
Arguments:
|
55
|
+
[COMMAND] The command name to run
|
56
|
+
[ARGS ...] Additional arguments for the command
|
57
|
+
|
58
|
+
Commands:
|
59
|
+
help
|
60
|
+
lfi
|
61
|
+
open-redirect
|
62
|
+
reflected-xss, xss
|
63
|
+
rfi
|
64
|
+
scan
|
65
|
+
sqli
|
66
|
+
ssti
|
67
|
+
```
|
68
|
+
|
69
|
+
Test a URL for any web vulnerabilities:
|
70
|
+
|
71
|
+
```shell
|
72
|
+
$ ronin-vulns scan "http://www.example.com/page.php?lang=en"
|
73
|
+
```
|
74
|
+
|
75
|
+
Test a URL for Remote File Inclusion (RFI):
|
76
|
+
|
77
|
+
```shell
|
78
|
+
$ ronin-vulns rfi "http://www.example.com/page.php?lang=en"
|
79
|
+
```
|
80
|
+
|
81
|
+
Test a URL for Local File Inclusion (LFI):
|
82
|
+
|
83
|
+
```shell
|
84
|
+
$ ronin-vulns lfi "http://www.example.com/page.php?lang=en"
|
85
|
+
```
|
86
|
+
|
87
|
+
Test a URL for SQL injection (SQLi):
|
88
|
+
|
89
|
+
```shell
|
90
|
+
$ ronin-vulns sqli "http://www.example.com/page.php?lang=en"
|
91
|
+
```
|
92
|
+
|
93
|
+
Test a URL for Server Side Template Injection (SSTI):
|
94
|
+
|
95
|
+
```shell
|
96
|
+
$ ronin-vulns sqli "http://www.example.com/page.php?lang=en"
|
97
|
+
```
|
98
|
+
|
99
|
+
Test a URL for Open Redirects:
|
100
|
+
|
101
|
+
```shell
|
102
|
+
$ ronin-vulns open-redirect "http://www.example.com/page.php?lang=en"
|
103
|
+
```
|
104
|
+
|
105
|
+
Test a URL for reflected Cross Site Scripting (XSS):
|
106
|
+
|
107
|
+
```shell
|
108
|
+
$ ronin-vulns reflected-xss "http://www.example.com/page.php?lang=en"
|
109
|
+
```
|
110
|
+
|
111
|
+
## Examples
|
112
|
+
|
113
|
+
Test a URL for any web vulnerability:
|
114
|
+
|
115
|
+
```ruby
|
116
|
+
require 'ronin/vulns/url_scanner'
|
117
|
+
|
118
|
+
vuln = Ronin::Vulns::URLScanner.test('http://www.example.com/page.php?lang=en')
|
119
|
+
# => #<Ronin::Vulns::SQLI: ...>
|
120
|
+
```
|
121
|
+
|
122
|
+
Scan a URL for all web vulnerabilities:
|
123
|
+
|
124
|
+
```ruby
|
125
|
+
require 'ronin/vulns/url_scanner'
|
126
|
+
|
127
|
+
vulns = Ronin::Vulns::URLScanner.scan('http://www.example.com/page.php?lang=en')
|
128
|
+
do |vuln|
|
129
|
+
puts "Found #{vuln.class} on #{vuln.url} query param #{vuln.query_param}"
|
130
|
+
end
|
131
|
+
# => [#<Ronin::Vulns::SQLI: ...>, #<Ronin::Vulns::ReflectedXSS: ...>, ...]
|
132
|
+
```
|
133
|
+
|
134
|
+
### Remote File Inclusion (RFI)
|
135
|
+
|
136
|
+
Test a URL for Remote File Inclusion (RFI):
|
137
|
+
|
138
|
+
```ruby
|
139
|
+
require 'ronin/vulns/rfi'
|
140
|
+
|
141
|
+
vuln = Ronin::Vulns::RFI.test('http://www.example.com/page.php?lang=en')
|
142
|
+
# => #<Ronin::Vulns::RFI: ...>
|
143
|
+
```
|
144
|
+
|
145
|
+
Finds all Remote File Inclusion (RFI) vulnerabilities for a given URL:
|
146
|
+
|
147
|
+
```ruby
|
148
|
+
vulns = Ronin::Vulns::RFI.scan('http://www.example.com/page.php?lang=en')
|
149
|
+
# => [#<Ronin::Vulns::RFI: ...>, ...]
|
150
|
+
|
151
|
+
vulns = Ronin::Vulns::RFI.scan('http://www.example.com/page.php?lang=en') do |vuln|
|
152
|
+
puts "Found RFI on #{vuln.url} query param #{vuln.query_param}"
|
153
|
+
end
|
154
|
+
# => [#<Ronin::Vulns::RFI: ...>, ...]
|
155
|
+
```
|
156
|
+
|
157
|
+
### Local File Inclusion (LFI)
|
158
|
+
|
159
|
+
Test a URL for Local File Inclusion (LFI):
|
160
|
+
|
161
|
+
```ruby
|
162
|
+
require 'ronin/vulns/lfi'
|
163
|
+
|
164
|
+
vuln = Ronin::Vulns::LFI.test('http://www.example.com/page.php?lang=en')
|
165
|
+
# => #<Ronin::Vulns::LFI: ...>
|
166
|
+
```
|
167
|
+
|
168
|
+
Finds all Local File Inclusion (LFI) vulnerabilities for a given URL:
|
169
|
+
|
170
|
+
```ruby
|
171
|
+
vulns = Ronin::Vulns::LFI.scan('http://www.example.com/page.php?lang=en')
|
172
|
+
# => [#<Ronin::Vulns::LFI: ...>, ...]
|
173
|
+
|
174
|
+
vulns = Ronin::Vulns::LFI.scan('http://www.example.com/page.php?lang=en') do |vuln|
|
175
|
+
puts "Found LFI on #{vuln.url} query param #{vuln.query_param}"
|
176
|
+
end
|
177
|
+
```
|
178
|
+
|
179
|
+
### SQL Injection (SQLI)
|
180
|
+
|
181
|
+
Test a URL for SQL Injection (SQLi):
|
182
|
+
|
183
|
+
```ruby
|
184
|
+
require 'ronin/vulns/sqli'
|
185
|
+
|
186
|
+
vuln = Ronin::Vulns::SQLI.test('http://www.example.com/page.php?lang=en')
|
187
|
+
# => #<Ronin::Vulns::SQLI: ...>
|
188
|
+
```
|
189
|
+
|
190
|
+
Finds all Server Side Template Injection (SQLI) vulnerabilities for a given URL:
|
191
|
+
|
192
|
+
```ruby
|
193
|
+
vulns = Ronin::Vulns::SQLI.scan('http://www.example.com/page.php?lang=en')
|
194
|
+
# => [#<Ronin::Vulns::SQLI: ...>, ...]
|
195
|
+
|
196
|
+
vulns = Ronin::Vulns::SQLI.scan('http://www.example.com/page.php?lang=en') do |vuln|
|
197
|
+
puts "Found SQLi on #{vuln.url} query param #{vuln.query_param}"
|
198
|
+
end
|
199
|
+
# => [#<Ronin::Vulns::SQLI: ...>, ...]
|
200
|
+
```
|
201
|
+
|
202
|
+
### Server Side Template Injection (SSTI)
|
203
|
+
|
204
|
+
Test a URL for Server Side Template Injection (SSTI):
|
205
|
+
|
206
|
+
```ruby
|
207
|
+
require 'ronin/vulns/ssti'
|
208
|
+
|
209
|
+
vuln = Ronin::Vulns::SSTI.test('http://www.example.com/page.php?lang=en')
|
210
|
+
# => #<Ronin::Vulns::SSTI: ...>
|
211
|
+
```
|
212
|
+
|
213
|
+
Finds all Server Side Template Injection (SSTI) vulnerabilities for a given URL:
|
214
|
+
|
215
|
+
```ruby
|
216
|
+
vulns = Ronin::Vulns::SSTI.scan('http://www.example.com/page.php?lang=en')
|
217
|
+
# => [#<Ronin::Vulns::SSTI: ...>, ...]
|
218
|
+
|
219
|
+
vulns = Ronin::Vulns::SSTI.scan('http://www.example.com/page.php?lang=en') do |vuln|
|
220
|
+
puts "Found SSTI on #{vuln.url} query param #{vuln.query_param}"
|
221
|
+
end
|
222
|
+
# => [#<Ronin::Vulns::SSTI: ...>, ...]
|
223
|
+
```
|
224
|
+
|
225
|
+
### Reflected Cross Site Scripting (XSS)
|
226
|
+
|
227
|
+
Test a URL for an (Reflected) Cross Site Scripting (XSS) vulnerability:
|
228
|
+
|
229
|
+
```ruby
|
230
|
+
require 'ronin/vulns/reflected_xss'
|
231
|
+
|
232
|
+
vuln = Ronin::Vulns::ReflectedXSS.test('http://www.example.com/page.php?lang=en')
|
233
|
+
# => #<Ronin::Vulns::ReflectedXSS: ...>
|
234
|
+
```
|
235
|
+
|
236
|
+
Finds all (Reflected) Cross Site Scripting (XSS) vulnerabilities for a given
|
237
|
+
URL:
|
238
|
+
|
239
|
+
```ruby
|
240
|
+
vulns = Ronin::Vulns::ReflectedXSS.scan('http://www.example.com/page.php?lang=en')
|
241
|
+
# => [#<Ronin::Vulns::ReflectedXSS: ...>, ...]
|
242
|
+
|
243
|
+
vulns = Ronin::Vulns::ReflectedXSS.scan('http://www.example.com/page.php?lang=en') do |vuln|
|
244
|
+
puts "Found ReflectedXSS on #{vuln.url} query param #{vuln.query_param}"
|
245
|
+
end
|
246
|
+
# => [#<Ronin::Vulns::ReflectedXSS: ...>, ...]
|
247
|
+
```
|
248
|
+
|
249
|
+
### Open Redirect
|
250
|
+
|
251
|
+
Test a URL for an Open Redirect vulnerability:
|
252
|
+
|
253
|
+
```ruby
|
254
|
+
require 'ronin/vulns/open_redirect'
|
255
|
+
|
256
|
+
vuln = Ronin::Vulns::OpenRedirect.test('http://www.example.com/page.php?lang=en')
|
257
|
+
# => #<Ronin::Vulns::OpenRedirect: ...>
|
258
|
+
```
|
259
|
+
|
260
|
+
Finds all Open Redirect vulnerabilities for a given URL:
|
261
|
+
|
262
|
+
```ruby
|
263
|
+
vulns = Ronin::Vulns::OpenRedirect.scan('http://www.example.com/page.php?lang=en')
|
264
|
+
# => [#<Ronin::Vulns::OpenRedirect: ...>, ...]
|
265
|
+
|
266
|
+
vulns = Ronin::Vulns::OpenRedirect.scan('http://www.example.com/page.php?lang=en') do |vuln|
|
267
|
+
puts "Found OpenRedirect on #{vuln.url} query param #{vuln.query_param}"
|
268
|
+
end
|
269
|
+
# => [#<Ronin::Vulns::OpenRedirect: ...>, ...]
|
270
|
+
```
|
271
|
+
|
272
|
+
## Requirements
|
273
|
+
|
274
|
+
* [Ruby] >= 3.0.0
|
275
|
+
* [ronin-support] ~> 1.0
|
276
|
+
* [ronin-core] ~> 0.1
|
277
|
+
|
278
|
+
## Install
|
279
|
+
|
280
|
+
```shell
|
281
|
+
$ gem install ronin-vulns
|
282
|
+
```
|
283
|
+
|
284
|
+
### Gemfile
|
285
|
+
|
286
|
+
```ruby
|
287
|
+
gem 'ronin-vulns', '~> 0.1'
|
288
|
+
```
|
289
|
+
|
290
|
+
### gemspec
|
291
|
+
|
292
|
+
```ruby
|
293
|
+
gem.add_dependency 'ronin-vulns', '~> 0.1'
|
294
|
+
```
|
295
|
+
|
296
|
+
## Development
|
297
|
+
|
298
|
+
1. [Fork It!](https://github.com/ronin-rb/ronin-vulns/fork)
|
299
|
+
2. Clone It!
|
300
|
+
3. `cd ronin-vulns/`
|
301
|
+
4. `bundle install`
|
302
|
+
5. `git checkout -b my_feature`
|
303
|
+
6. Code It!
|
304
|
+
7. `bundle exec rake spec`
|
305
|
+
8. `git push origin my_feature`
|
306
|
+
|
307
|
+
## License
|
308
|
+
|
309
|
+
Copyright (c) 2022 Hal Brodigan (postmodern.mod3 at gmail.com)
|
310
|
+
|
311
|
+
ronin-vulns is free software: you can redistribute it and/or modify
|
312
|
+
it under the terms of the GNU Lesser General Public License as published
|
313
|
+
by the Free Software Foundation, either version 3 of the License, or
|
314
|
+
(at your option) any later version.
|
315
|
+
|
316
|
+
ronin-vulns is distributed in the hope that it will be useful,
|
317
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
318
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
319
|
+
GNU Lesser General Public License for more details.
|
320
|
+
|
321
|
+
You should have received a copy of the GNU Lesser General Public License
|
322
|
+
along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
323
|
+
|
324
|
+
[Ruby]: https://www.ruby-lang.org
|
325
|
+
[ronin-rb]: https://ronin-rb.dev
|
326
|
+
|
327
|
+
[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
|
328
|
+
[ronin-core]: https://github.com/ronin-rb/ronin-core#readme
|
data/Rakefile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'bundler'
|
5
|
+
rescue LoadError => e
|
6
|
+
warn e.message
|
7
|
+
warn "Run `gem install bundler` to install Bundler"
|
8
|
+
exit -1
|
9
|
+
end
|
10
|
+
|
11
|
+
begin
|
12
|
+
Bundler.setup(:development)
|
13
|
+
rescue Bundler::BundlerError => e
|
14
|
+
warn e.message
|
15
|
+
warn "Run `bundle install` to install missing gems"
|
16
|
+
exit e.status_code
|
17
|
+
end
|
18
|
+
|
19
|
+
require 'rake'
|
20
|
+
|
21
|
+
require 'rubygems/tasks'
|
22
|
+
Gem::Tasks.new(sign: {checksum: true, pgp: true})
|
23
|
+
|
24
|
+
require 'rspec/core/rake_task'
|
25
|
+
RSpec::Core::RakeTask.new
|
26
|
+
task :test => :spec
|
27
|
+
task :default => :spec
|
28
|
+
|
29
|
+
require 'yard'
|
30
|
+
YARD::Rake::YardocTask.new
|
31
|
+
task :docs => :yard
|
32
|
+
|
33
|
+
require 'kramdown/man/task'
|
34
|
+
Kramdown::Man::Task.new
|
data/bin/ronin-vulns
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
|
5
|
+
root = File.expand_path(File.join(File.dirname(__FILE__),'..'))
|
6
|
+
if File.file?(File.join(root,'Gemfile.lock'))
|
7
|
+
Dir.chdir(root) do
|
8
|
+
begin
|
9
|
+
require 'bundler/setup'
|
10
|
+
rescue LoadError => e
|
11
|
+
warn e.message
|
12
|
+
warn "Run `gem install bundler` to install Bundler"
|
13
|
+
exit -1
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
require 'ronin/vulns/cli'
|
19
|
+
Ronin::Vulns::CLI.start
|