ronin-vulns 0.1.4 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a034edd07851be44f796a03f47cc5583969734943d5ec23c0073e9dc92f62bd7
4
- data.tar.gz: 223f844d4ead3779a13d981a6998c46a5cf7f445d5b95044ae30997f546642e5
3
+ metadata.gz: 782fb72c980f9466dd49b736e941d1d4bf092066bdb2894c776f7610bb0ee049
4
+ data.tar.gz: 732c6cf18098e86aa1d600e7607fb8110a903ea76391901977574faff167b550
5
5
  SHA512:
6
- metadata.gz: 0db7e162bc9e7294be2d5a89660c3fd3b5892d4e2595b56704bcd8725bccb3041b38a8621c1daab77471236d2a17c1075bdf8ce7f4f233afee43d7277b6afc94
7
- data.tar.gz: 9a5e1f7513231f294ca5f328f79921dc66c1072b301ccfbf3ac72844b75b492a0ccd76a171d507d82b002824522f79cf6d9e08e7bf99c7624e47375993064176
6
+ metadata.gz: a636b00ea3642dadf7ee2f1c1b4a498f5b8e107d46c7ed64aac115cb1788b395de343c5ac7683eef0b3556128e9466e8228782ae453d337cae46ef0c280369fa
7
+ data.tar.gz: e610ebe869ae47cc6ea5ab6c6cd548838da9873943f3d64317ff4682d36bfa172de79df5fff4a53a8d37936a83ada614d4fdc4c1d374eed08cb51a3f9ab421a0
@@ -12,11 +12,12 @@ jobs:
12
12
  - '3.0'
13
13
  - '3.1'
14
14
  - '3.2'
15
+ - '3.3'
15
16
  # - jruby
16
17
  - truffleruby
17
18
  name: Ruby ${{ matrix.ruby }}
18
19
  steps:
19
- - uses: actions/checkout@v2
20
+ - uses: actions/checkout@v4
20
21
  - name: Set up Ruby
21
22
  uses: ruby/setup-ruby@v1
22
23
  with:
@@ -35,7 +36,7 @@ jobs:
35
36
  rubocop:
36
37
  runs-on: ubuntu-latest
37
38
  steps:
38
- - uses: actions/checkout@v2
39
+ - uses: actions/checkout@v4
39
40
  - name: Set up Ruby
40
41
  uses: ruby/setup-ruby@v1
41
42
  with:
data/ChangeLog.md CHANGED
@@ -1,3 +1,12 @@
1
+ ### 0.1.5 / 2024-06-19
2
+
3
+ * Improve the accuracy of {Ronin::Vulns::OpenRedirect#vulnerable?} when
4
+ detecting open redirects in meta-refresh HTML tags.
5
+ * Match the test URL when it ends with `?...`, `&...`, or `&...`.
6
+ * Detect when the test URL has an additional string appended to it
7
+ (ex: `.html`). The appended string can easily be bypassed by adding a
8
+ `?`, `&`, or `#` character to the end of the test URL.
9
+
1
10
  ### 0.1.4 / 2023-09-19
2
11
 
3
12
  #### CLI
@@ -80,7 +80,7 @@ module Ronin
80
80
  when '301', '302', '303', '307', '308'
81
81
  if (locations = response.get_fields('Location'))
82
82
  escaped_test_url = Regexp.escape(@test_url)
83
- regexp = /\A#{escaped_test_url}(?:[\?&].+)?\z/
83
+ regexp = /\A#{escaped_test_url}.*\z/
84
84
 
85
85
  locations.last =~ regexp
86
86
  end
@@ -95,10 +95,34 @@ module Ronin
95
95
  http-equiv\s*=\s*(?: "refresh" | 'refresh' | refresh )\s+
96
96
  content\s*=\s*
97
97
  (?:
98
- "\s*\d+\s*;\s*url\s*=\s*'\s*#{escaped_test_url}\s*'\s*"|
99
- '\s*\d+\s*;\s*url\s*=\s*"\s*#{escaped_test_url}\s*"\s*'|
100
- \s*\d+;url=(?: "#{escaped_test_url}" | '#{escaped_test_url}' )
101
- )\s*
98
+ # content="..."
99
+ "\s*\d+\s*;\s*url\s*=\s*
100
+ (?:
101
+ # content="0; url='...'"
102
+ '\s*#{escaped_test_url}[^'"]*' |
103
+ # content="0; url=..."
104
+ #{escaped_test_url}[^"]*
105
+ )\s*" |
106
+ # content='...'
107
+ '\s*\d+\s*;\s*url\s*=\s*
108
+ (?:
109
+ # content='0; url="..."'
110
+ "\s*#{escaped_test_url}[^"']*" |
111
+ # content='0; url=...'
112
+ #{escaped_test_url}[^']*
113
+ )\s*' |
114
+ # content=...
115
+ \s*\d+;url=(?:
116
+ # content=0;url="..."
117
+ "\s*#{escaped_test_url}[^\s"]*" |
118
+ # content=0;url='...'
119
+ '\s*#{escaped_test_url}[^\s']*' |
120
+ # content=0;url=...
121
+ #{escaped_test_url}[^\s/>]*
122
+ )
123
+ )
124
+ \s*
125
+ # /> or / >
102
126
  (?:/\s*)?>
103
127
  }xi
104
128
 
@@ -296,7 +296,7 @@ module Ronin
296
296
  #
297
297
  def check_for_sql_errors(response)
298
298
  if response.code == '500'
299
- ERROR_PATTERNS.each do |database,error_pattern|
299
+ ERROR_PATTERNS.each_value do |error_pattern|
300
300
  if error_pattern =~ response.body
301
301
  return true
302
302
  end
@@ -30,6 +30,16 @@ module Ronin
30
30
  #
31
31
  # Top-level module which scans a URL for all web vulnerabilities.
32
32
  #
33
+ # ## Examples
34
+ #
35
+ # require 'ronin/vulns/url_scanner'
36
+ #
37
+ # Ronin::Vulns::URLScanner.scan(url) do |vuln|
38
+ # # ...
39
+ # end
40
+ #
41
+ # vuln = Ronin::Vulns::URLScanner.test(url)
42
+ #
33
43
  module URLScanner
34
44
  #
35
45
  # Scans a URL for web vulnerabilities.
@@ -21,6 +21,6 @@
21
21
  module Ronin
22
22
  module Vulns
23
23
  # The ronin-vulns version
24
- VERSION = '0.1.4'
24
+ VERSION = '0.1.5'
25
25
  end
26
26
  end
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-open-redirect 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns open-redirect\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-reflected-xss 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns reflected-xss\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-rfi 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns rfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -82,7 +82,7 @@ Reads URLs from the given \fIFILE\fP\.
82
82
  \fB-B\fR, \fB--filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
83
83
  Optional filter\-bypass strategy to use\.
84
84
  .LP
85
- .HP
85
+ .PP
86
86
  \fB-S\fR, \fB--script-lang\fR \fBasp\|\fRasp\.net\fB\|\fRcoldfusion\fB\|\fRjsp\fB\|\fRphp\fB\|\fRperl\`
87
87
  Explicitly specify the scripting language to test for\.
88
88
  .LP
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -113,7 +113,7 @@ Escapes parenthesis\.
113
113
  \fB--sqli-terminate\fR
114
114
  Terminates the SQL expression with a \fB--\fR\.
115
115
  .LP
116
- .HP
116
+ .PP
117
117
  \fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
118
118
  Optional numeric test to use\.
119
119
  .LP
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-sqli 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns sqli\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -1,10 +1,10 @@
1
- .\" Generated by kramdown-man 0.1.8
1
+ .\" Generated by kramdown-man 0.1.9
2
2
  .\" https://github.com/postmodern/kramdown-man#readme
3
3
  .TH ronin-vulns-lfi 1 "May 2022" Ronin "User Manuals"
4
4
  .LP
5
5
  .SH SYNOPSIS
6
6
  .LP
7
- .HP
7
+ .PP
8
8
  \fBronin-vulns lfi\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
9
9
  .LP
10
10
  .SH DESCRIPTION
@@ -78,7 +78,7 @@ Tests the form param name\.
78
78
  \fB-i\fR, \fB--input\fR \fIFILE\fP
79
79
  Reads URLs from the given \fIFILE\fP\.
80
80
  .LP
81
- .HP
81
+ .PP
82
82
  \fB-T\fR, \fB--test-expr\fR \[lC]\fIX*Y\fP \[or] \fIX\[sl]Z\fP \[or] \fIX\[pl]Y\fP \[or] \fIX\-Y\fP\[rC]
83
83
  Optional numeric test to use\.
84
84
  .LP
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ronin-vulns
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Postmodern
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-19 00:00:00.000000000 Z
11
+ date: 2024-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ronin-support
@@ -159,7 +159,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
159
159
  - !ruby/object:Gem::Version
160
160
  version: '0'
161
161
  requirements: []
162
- rubygems_version: 3.3.26
162
+ rubygems_version: 3.3.27
163
163
  signing_key:
164
164
  specification_version: 4
165
165
  summary: Tests URLs for Local File Inclusion (LFI), Remove File Inclusion (RFI), SQL