ronin-vulns 0.1.5 → 0.2.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 782fb72c980f9466dd49b736e941d1d4bf092066bdb2894c776f7610bb0ee049
-  data.tar.gz: 732c6cf18098e86aa1d600e7607fb8110a903ea76391901977574faff167b550
+  metadata.gz: 890723d99792999a79f6aa9c4cd93323e3c9c896cdf861432a2c73af0b66bc13
+  data.tar.gz: '08fa2f69408d4d1ea2d15be47ca2dce4f9f8e02f74d412d9df5cd08f09c4c61b'
 SHA512:
-  metadata.gz: a636b00ea3642dadf7ee2f1c1b4a498f5b8e107d46c7ed64aac115cb1788b395de343c5ac7683eef0b3556128e9466e8228782ae453d337cae46ef0c280369fa
-  data.tar.gz: e610ebe869ae47cc6ea5ab6c6cd548838da9873943f3d64317ff4682d36bfa172de79df5fff4a53a8d37936a83ada614d4fdc4c1d374eed08cb51a3f9ab421a0
+  metadata.gz: 56b93b2271a57ff173374dd419d06231fc86d1e88bfebc733dd586fac636c908cdb14a40b8ebe4f0566c4bdf9ec02fcedd633a16d73593072d0db997b5aeea9c
+  data.tar.gz: cfb41dc3e01bcf9012c2b586bd0490710a082ef5cd939364a0644628722db1bc29065b725d0a02dea847d2f8d03a852e0df504d8f81697539d54341218dcdf8d

data/.gitignore

@@ -1,4 +1,5 @@
 /coverage
+/data/completions/ronin-vulns
 /doc
 /pkg
 /man/*.[1-9]

data/ChangeLog.md

@@ -1,3 +1,45 @@
+### 0.2.0 / 2024-XX-XX
+
+* Require [ronin-db] ~> 0.2
+* Added {Ronin::Vulns::Importer}.
+* Added the `user_agent:` keyword argument to
+  {Ronin::Vulns::WebVuln#initialize}.
+* Added {Ronin::Vulns::WebVuln#user_agent}.
+* Added {Ronin::Vulns::CommandInjection}.
+* Added the `command_injection:` keyword argument to
+  {Ronin::Vulns::URLScanner.scan}.
+* Added {Ronin::Vulns::RFI#script_lang}.
+* Support inferring the {Ronin::Vulns::RFI#script_lang} from the URL given to
+  {Ronin::Vulns::RFI#initialize}.
+* Bruteforce test every different kind of RFI test URL in
+  {Ronin::Vulns::RFI#vulnerable?} if a test script URL was not given or the
+  {Ronin::Vulns::RFI#script_lang} cannot be inferred from the given URL.
+* Allow the `escape_type:` keyword argument for {Ronin::Vulns::SSTI#initialize}
+  to accept a Symbol value to specify the specific
+  Server-Side-Template-Injection interpolation syntax:
+  * `:double_curly_braces` - `{{expression}}`
+  * `:dollar_curly_braces` - `${expression}`
+  * `:dollar_double_curly_braces` - `${{expression}}`
+  * `:pound_curly_braces` - `#{expression}`
+  * `:angle_brackets_percent` - `<%= expression %>`
+
+#### CLI
+
+* Added the `ronin-vulns command-injection` command.
+* Added the `ronin-vulns irb` command.
+* Added the `ronin-vulns completion` command to install shell completion files
+  for all `ronin-vulns` commands for Bash and Zsh shells.
+* Added the `-H,--request-method` option to all commands.
+* Added the `--user-agent` and `--user-agent-string` options to all commands.
+* Added the `--test-all-form-params` option to all commands.
+* Added the `--print-curl` and `--print-http` options to all commands.
+* Added the `--import` option to all commands.
+* Print a summary of all vulnerabilities found after scanning a URL, in addition
+  to logging messages indicating when a new vulnerability has just been found.
+* Use hyphenated values for the `--lfi-filter-bypass` option in the
+  `ronin-vulns scan` command and `--filter-bypass` option in the
+  `ronin-vulns lfi` command.
+
 ### 0.1.5 / 2024-06-19
 
 * Improve the accuracy of {Ronin::Vulns::OpenRedirect#vulnerable?} when
@@ -68,3 +110,4 @@
     * HTTP `Cookie` parameters.
     * Form parameters.
 
+[ronin-db]: https://github.com/ronin-rb/ronin-db#readme

data/Gemfile

@@ -4,7 +4,11 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'jruby-openssl',	'~> 0.7', platforms: :jruby
+platform :jruby do
+  gem 'jruby-openssl',	'~> 0.7'
+  gem 'activerecord-jdbcsqlite3-adapter', '~> 70.0'
+  gem 'activerecord', '< 7.1.0'
+end
 
 # gem 'command_kit', '~> 0.4', github: 'postmodern/command_kit.rb',
 #                              branch: '0.4.0'
@@ -12,8 +16,12 @@ gem 'jruby-openssl',	'~> 0.7', platforms: :jruby
 # Ronin dependencies
 # gem 'ronin-support',	'~> 1.0', github: 'ronin-rb/ronin-support',
 #                                 branch: 'main'
-# gem 'ronin-core',     '~> 0.1', github: 'ronin-rb/ronin-core',
-#                                 branch: 'main'
+# gem 'ronin-core',            '~> 0.2', github: 'ronin-rb/ronin-core',
+#                                        branch: 'main'
+# gem 'ronin-db',              '~> 0.2', github: 'ronin-rb/ronin-db',
+#                                        branch: 'main'
+# gem 'ronin-db-activerecord', '~> 0.2', github: 'ronin-rb/ronin-db-activerecord',
+#                                        branch: 'main'
 
 group :development do
   gem 'rake'
@@ -24,7 +32,7 @@ group :development do
   gem 'simplecov',       '~> 0.20'
 
   gem 'kramdown',        '~> 2.0'
-  gem 'kramdown-man',    '~> 0.1'
+  gem 'kramdown-man',    '~> 1.0'
 
   gem 'redcarpet',       platform: :mri
   gem 'yard',            '~> 0.9'
@@ -35,4 +43,6 @@ group :development do
   gem 'stackprof',       require: false, platform: :mri
   gem 'rubocop',         require: false, platform: :mri
   gem 'rubocop-ronin',   require: false, platform: :mri
+
+  gem 'command_kit-completion', '~> 0.2', require: false
 end

data/README.md

@@ -56,7 +56,9 @@ Arguments:
     [ARGS ...]                       Additional arguments for the command
 
 Commands:
+    completion
     help
+    irb
     lfi
     open-redirect
     reflected-xss, xss
@@ -273,7 +275,8 @@ end
 
 * [Ruby] >= 3.0.0
 * [ronin-support] ~> 1.0
-* [ronin-core] ~> 0.1
+* [ronin-core] ~> 0.2
+* [ronin-db] ~> 0.2
 
 ## Install
 
@@ -298,7 +301,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
 1. [Fork It!](https://github.com/ronin-rb/ronin-vulns/fork)
 2. Clone It!
 3. `cd ronin-vulns/`
-4. `bundle install`
+4. `./scripts/setup`
 5. `git checkout -b my_feature`
 6. Code It!
 7. `bundle exec rake spec`
@@ -306,7 +309,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
 
 ## License
 
-Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 
 ronin-vulns is free software: you can redistribute it and/or modify
 it under the terms of the GNU Lesser General Public License as published
@@ -326,3 +329,4 @@ along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
 
 [ronin-support]: https://github.com/ronin-rb/ronin-support#readme
 [ronin-core]: https://github.com/ronin-rb/ronin-core#readme
+[ronin-db]: https://github.com/ronin-rb/ronin-db#readme

data/Rakefile

@@ -32,3 +32,12 @@ task :docs => :yard
 
 require 'kramdown/man/task'
 Kramdown::Man::Task.new
+
+require 'command_kit/completion/task'
+CommandKit::Completion::Task.new(
+  class_file:  'ronin/vulns/cli',
+  class_name:  'Ronin::Vulns::CLI',
+  output_file: 'data/completions/ronin-vulns'
+)
+
+task :setup => %w[man command_kit:completion]

data/data/completions/ronin-vulns

@@ -0,0 +1,139 @@
+# ronin-vulns completion                                   -*- shell-script -*-
+
+# This bash completions script was generated by
+# completely (https://github.com/dannyben/completely)
+# Modifying it manually is not recommended
+
+_ronin-vulns_completions_filter() {
+  local words="$1"
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  local result=()
+
+  if [[ "${cur:0:1}" == "-" ]]; then
+    echo "$words"
+  
+  else
+    for word in $words; do
+      [[ "${word:0:1}" != "-" ]] && result+=("$word")
+    done
+
+    echo "${result[*]}"
+
+  fi
+}
+
+_ronin-vulns_completions() {
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")
+  local compline="${compwords[*]}"
+
+  case "$compline" in
+    'command_injection'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'open_redirect'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'reflected_xss'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'command_injection'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'command_injection'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --escape-quote -Q --escape-operator -O --terminator -T")" -- "$cur" )
+      ;;
+
+    'open_redirect'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'reflected_xss'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'open_redirect'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --test-url -T")" -- "$cur" )
+      ;;
+
+    'reflected_xss'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i")" -- "$cur" )
+      ;;
+
+    'scan'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'sqli'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'ssti'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'lfi'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'rfi'*'--input')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'completion'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--print --install --uninstall")" -- "$cur" )
+      ;;
+
+    'scan'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'sqli'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'ssti'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'lfi'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'rfi'*'-i')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+
+    'scan'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --lfi-os --lfi-depth --lfi-filter-bypass --rfi-filter-bypass --rfi-script-lang --rfi-test-script-url --sqli-escape-quote --sqli-escape-parens --sqli-terminate --ssti-test-expr --open-redirect-url")" -- "$cur" )
+      ;;
+
+    'sqli'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --escape-quote -Q --escape-parens -P --terminate -T")" -- "$cur" )
+      ;;
+
+    'ssti'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --test-expr -T")" -- "$cur" )
+      ;;
+
+    'lfi'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --os -O --depth -D --filter-bypass -B")" -- "$cur" )
+      ;;
+
+    'rfi'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --filter-bypass -B --script-lang -S --test-script-url -T")" -- "$cur" )
+      ;;
+
+    *)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--version -V help command-injection completion irb lfi open-redirect reflected-xss rfi scan sqli ssti xss cmdi")" -- "$cur" )
+      ;;
+
+  esac
+} &&
+complete -F _ronin-vulns_completions ronin-vulns
+
+# ex: filetype=sh

data/gemspec.yml

@@ -25,17 +25,23 @@ metadata:
 required_ruby_version: ">= 3.0.0"
 
 generated_files:
+  - data/completions/ronin-vulns
+  - man/ronin-vulns.1
+  - man/ronin-vulns-completion.1
+  - man/ronin-vulns-irb.1
   - man/ronin-vulns-lfi.1
   - man/ronin-vulns-rfi.1
   - man/ronin-vulns-sqli.1
   - man/ronin-vulns-ssti.1
+  - man/ronin-vulns-command-injection.1
   - man/ronin-vulns-open-redirect.1
   - man/ronin-vulns-reflected-xss.1
   - man/ronin-vulns-scan.1
 
 dependencies:
   ronin-support: ~> 1.0, >= 1.0.1
-  ronin-core: ~> 0.1
+  ronin-core: ~> 0.2.0.rc1
+  ronin-db: ~> 0.2.0.rc1
 
 development_dependencies:
   bundler: ~> 2.0

data/lib/ronin/vulns/cli/command.rb

@@ -2,7 +2,7 @@
 #
 # ronin-vulns - A Ruby library for blind vulnerability testing.
 #
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-vulns is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published

data/lib/ronin/vulns/cli/commands/command_injection.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+#
+# ronin-vulns - A Ruby library for blind vulnerability testing.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-vulns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-vulns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/vulns/cli/web_vuln_command'
+require 'ronin/vulns/command_injection'
+
+module Ronin
+  module Vulns
+    class CLI
+      module Commands
+        #
+        # Scans URL(s) for Command Injection vulnerabilities.
+        #
+        # ## Usage
+        #
+        #     ronin-vulns command-injection [options] {URL ... | --input FILE}
+        #
+        # ## Options
+        #
+        #         --db NAME                    The database to connect to (Default: default)
+        #         --db-uri URI                 The database URI to connect to
+        #         --db-file PATH               The sqlite3 database file to use
+        #         --import                     Imports discovered vulnerabilities into the database
+        #         --first                      Only find the first vulnerability for each URL
+        #     -A, --all                        Find all vulnerabilities for each URL
+        #         --print-curl                 Also prints an example curl command for each vulnerability
+        #         --print-http                 Also prints an example HTTP request for each vulnerability
+        #     -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
+        #         --request-method             The HTTP request method to use
+        #     -H, --header "Name: value"       Sets an additional header
+        #     -U, --user-agent-string STRING   Sets the User-Agent header
+        #     -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
+        #         --user-agent                 Sets the User-Agent to use
+        #     -C, --cookie COOKIE              Sets the raw Cookie header
+        #     -c, --cookie-param NAME=VALUE    Sets an additional cookie param
+        #     -R, --referer URL                Sets the Referer header
+        #     -F, --form-param NAME=VALUE      Sets an additional form param
+        #         --test-query-param NAME      Tests the URL query param name
+        #         --test-all-query-params      Test all URL query param names
+        #         --test-header-name NAME      Tests the HTTP Header name
+        #         --test-cookie-param NAME     Tests the HTTP Cookie name
+        #         --test-all-cookie-params     Test all Cookie param names
+        #         --test-form-param NAME       Tests the form param name
+        #     -i, --input FILE                 Reads URLs from the list file
+        #     -Q, --escape-quote CHAR          The string quotation character to use to escape the command
+        #     -O, --escape-operator CHAR       The command operator character to use to escape the command
+        #     -T, --terminator CHAR            The command termination character to use
+        #     -h, --help                       Print help information
+        #
+        # ## Arguments
+        #
+        #     [URL ...]                        The URL(s) to scan
+        #
+        # @since 0.2.0
+        #
+        class CommandInjection < WebVulnCommand
+
+          usage '[options] {URL ... | --input FILE}'
+
+          # Regex for matching a single `CHAR` option value.
+          CHAR_REGEX = /./
+
+          option :escape_quote, short: '-Q',
+                                value: {
+                                  type:  CHAR_REGEX,
+                                  usage: 'CHAR'
+                                },
+                                desc:  'The string quotation character to use to escape the command'
+
+          option :escape_operator, short: '-O',
+                                   value: {
+                                     type:  CHAR_REGEX,
+                                     usage: 'CHAR'
+                                   },
+                                   desc:  'The command operator character to use to escape the command'
+
+          option :terminator, short: '-T',
+                              value: {
+                                type: CHAR_REGEX,
+                                usage: 'CHAR'
+                              },
+                              desc:  'The command termination character to use'
+
+          description 'Scans URL(s) for Command Injection vulnerabilities'
+
+          man_page 'ronin-vulns-command-injection.1'
+
+          #
+          # Keyword arguments for `Vulns::CommandInjection.scan` and
+          # `Vulns::CommandInjection.test`.
+          #
+          # @return [Hash{Symbol => Object}]
+          #
+          def scan_kwargs
+            kwargs = super()
+
+            if options[:escape_quote]
+              kwargs[:escape_quote] = options[:escape_quote]
+            end
+
+            if options[:escape_operator]
+              kwargs[:escape_operator] = options[:escape_operator]
+            end
+
+            if options[:terminator]
+              kwargs[:terminator] = options[:terminator]
+            end
+
+            return kwargs
+          end
+
+          #
+          # Scans a URL for Command Injection vulnerabilities.
+          #
+          # @param [String] url
+          #   The URL to scan.
+          #
+          # @yield [vuln]
+          #   The given block will be passed each discovered Command Injection
+          #   vulnerability.
+          #
+          # @yieldparam [Vulns::CommandInjection] vuln
+          #   A Command Injection vulnerability discovered on the URL.
+          #
+          def scan_url(url,&block)
+            Vulns::CommandInjection.scan(url,**scan_kwargs,&block)
+          end
+
+          #
+          # Tests a URL for Command Injection vulnerabilities.
+          #
+          # @param [String] url
+          #   The URL to test.
+          #
+          # @return [Vulns::CommandInjection, nil]
+          #   The first Command Injection vulnerability discovered on the URL.
+          #
+          def test_url(url,&block)
+            Vulns::CommandInjection.test(url,**scan_kwargs)
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/vulns/cli/commands/completion.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+#
+# ronin-vulns - A Ruby library for blind vulnerability testing.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-vulns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-vulns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/vulns/root'
+require 'ronin/core/cli/completion_command'
+
+module Ronin
+  module Vulns
+    class CLI
+      module Commands
+        #
+        # Manages the shell completion rules for `ronin-vulns`.
+        #
+        # ## Usage
+        #
+        #     ronin-vulns completion [options]
+        #
+        # ## Options
+        #
+        #         --print                      Prints the shell completion file
+        #         --install                    Installs the shell completion file
+        #         --uninstall                  Uninstalls the shell completion file
+        #     -h, --help                       Print help information
+        #
+        # ## Examples
+        #
+        #     ronin-vulns completion --print
+        #     ronin-vulns completion --install
+        #     ronin-vulns completion --uninstall
+        #
+        # @since 0.2.0
+        #
+        class Completion < Core::CLI::CompletionCommand
+
+          completion_file File.join(ROOT,'data','completions','ronin-vulns')
+
+          man_dir File.join(ROOT,'man')
+          man_page 'ronin-vulns-completion.1'
+
+          description 'Manages the shell completion rules for ronin-vulns'
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/vulns/cli/commands/irb.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+#
+# ronin-vulns - A Ruby library for blind vulnerability testing.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-vulns is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-vulns is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-vulns.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/vulns/cli/command'
+require 'ronin/vulns/cli/ruby_shell'
+
+module Ronin
+  module Vulns
+    class CLI
+      module Commands
+        #
+        # Starts an interactive Ruby shell with `ronin-vulns` loaded.
+        #
+        # ## Usage
+        #
+        #     ronin-vulns irb [options]
+        #
+        # ## Options
+        #
+        #     -h, --help                       Print help information
+        #
+        # @since 0.2.0
+        #
+        class Irb < Command
+
+          description "Starts an interactive Ruby shell with ronin-vulns loaded"
+
+          man_page 'ronin-vulns-irb.1'
+
+          #
+          # Runs the `ronin-vulns irb` command.
+          #
+          def run
+            require 'ronin/vulns'
+            CLI::RubyShell.start
+          end
+
+        end
+      end
+    end
+  end
+end