ronin-vulns 0.1.5 → 0.2.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (68) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/ChangeLog.md +43 -0
  4. data/Gemfile +14 -4
  5. data/README.md +7 -3
  6. data/Rakefile +9 -0
  7. data/data/completions/ronin-vulns +139 -0
  8. data/gemspec.yml +7 -1
  9. data/lib/ronin/vulns/cli/command.rb +1 -1
  10. data/lib/ronin/vulns/cli/commands/command_injection.rb +163 -0
  11. data/lib/ronin/vulns/cli/commands/completion.rb +63 -0
  12. data/lib/ronin/vulns/cli/commands/irb.rb +59 -0
  13. data/lib/ronin/vulns/cli/commands/lfi.rb +21 -9
  14. data/lib/ronin/vulns/cli/commands/open_redirect.rb +13 -1
  15. data/lib/ronin/vulns/cli/commands/reflected_xss.rb +13 -1
  16. data/lib/ronin/vulns/cli/commands/rfi.rb +13 -1
  17. data/lib/ronin/vulns/cli/commands/scan.rb +21 -9
  18. data/lib/ronin/vulns/cli/commands/sqli.rb +13 -1
  19. data/lib/ronin/vulns/cli/commands/ssti.rb +13 -1
  20. data/lib/ronin/vulns/cli/importable.rb +76 -0
  21. data/lib/ronin/vulns/cli/printing.rb +184 -0
  22. data/lib/ronin/vulns/cli/ruby_shell.rb +53 -0
  23. data/lib/ronin/vulns/cli/web_vuln_command.rb +216 -20
  24. data/lib/ronin/vulns/cli.rb +3 -2
  25. data/lib/ronin/vulns/command_injection.rb +267 -0
  26. data/lib/ronin/vulns/importer.rb +116 -0
  27. data/lib/ronin/vulns/lfi/test_file.rb +1 -1
  28. data/lib/ronin/vulns/lfi.rb +1 -1
  29. data/lib/ronin/vulns/open_redirect.rb +1 -1
  30. data/lib/ronin/vulns/reflected_xss/context.rb +1 -1
  31. data/lib/ronin/vulns/reflected_xss/test_string.rb +1 -1
  32. data/lib/ronin/vulns/reflected_xss.rb +1 -1
  33. data/lib/ronin/vulns/rfi.rb +64 -9
  34. data/lib/ronin/vulns/root.rb +1 -1
  35. data/lib/ronin/vulns/sqli/error_pattern.rb +1 -1
  36. data/lib/ronin/vulns/sqli.rb +36 -28
  37. data/lib/ronin/vulns/ssti/test_expression.rb +1 -1
  38. data/lib/ronin/vulns/ssti.rb +69 -53
  39. data/lib/ronin/vulns/url_scanner.rb +10 -1
  40. data/lib/ronin/vulns/version.rb +2 -2
  41. data/lib/ronin/vulns/vuln.rb +1 -1
  42. data/lib/ronin/vulns/web_vuln/http_request.rb +40 -1
  43. data/lib/ronin/vulns/web_vuln.rb +86 -16
  44. data/man/ronin-vulns-command-injection.1 +109 -0
  45. data/man/ronin-vulns-command-injection.1.md +112 -0
  46. data/man/ronin-vulns-completion.1 +76 -0
  47. data/man/ronin-vulns-completion.1.md +78 -0
  48. data/man/ronin-vulns-irb.1 +27 -0
  49. data/man/ronin-vulns-irb.1.md +26 -0
  50. data/man/ronin-vulns-lfi.1 +54 -51
  51. data/man/ronin-vulns-lfi.1.md +52 -20
  52. data/man/ronin-vulns-open-redirect.1 +51 -47
  53. data/man/ronin-vulns-open-redirect.1.md +50 -18
  54. data/man/ronin-vulns-reflected-xss.1 +50 -45
  55. data/man/ronin-vulns-reflected-xss.1.md +49 -17
  56. data/man/ronin-vulns-rfi.1 +54 -52
  57. data/man/ronin-vulns-rfi.1.md +52 -20
  58. data/man/ronin-vulns-scan.1 +68 -69
  59. data/man/ronin-vulns-scan.1.md +61 -29
  60. data/man/ronin-vulns-sqli.1 +54 -52
  61. data/man/ronin-vulns-sqli.1.md +52 -20
  62. data/man/ronin-vulns-ssti.1 +52 -48
  63. data/man/ronin-vulns-ssti.1.md +50 -18
  64. data/man/ronin-vulns.1 +73 -0
  65. data/man/ronin-vulns.1.md +69 -0
  66. data/scripts/setup +58 -0
  67. metadata +36 -5
  68. data/lib/ronin/vulns/cli/logging.rb +0 -81
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 782fb72c980f9466dd49b736e941d1d4bf092066bdb2894c776f7610bb0ee049
4
- data.tar.gz: 732c6cf18098e86aa1d600e7607fb8110a903ea76391901977574faff167b550
3
+ metadata.gz: 890723d99792999a79f6aa9c4cd93323e3c9c896cdf861432a2c73af0b66bc13
4
+ data.tar.gz: '08fa2f69408d4d1ea2d15be47ca2dce4f9f8e02f74d412d9df5cd08f09c4c61b'
5
5
  SHA512:
6
- metadata.gz: a636b00ea3642dadf7ee2f1c1b4a498f5b8e107d46c7ed64aac115cb1788b395de343c5ac7683eef0b3556128e9466e8228782ae453d337cae46ef0c280369fa
7
- data.tar.gz: e610ebe869ae47cc6ea5ab6c6cd548838da9873943f3d64317ff4682d36bfa172de79df5fff4a53a8d37936a83ada614d4fdc4c1d374eed08cb51a3f9ab421a0
6
+ metadata.gz: 56b93b2271a57ff173374dd419d06231fc86d1e88bfebc733dd586fac636c908cdb14a40b8ebe4f0566c4bdf9ec02fcedd633a16d73593072d0db997b5aeea9c
7
+ data.tar.gz: cfb41dc3e01bcf9012c2b586bd0490710a082ef5cd939364a0644628722db1bc29065b725d0a02dea847d2f8d03a852e0df504d8f81697539d54341218dcdf8d
data/.gitignore CHANGED
@@ -1,4 +1,5 @@
1
1
  /coverage
2
+ /data/completions/ronin-vulns
2
3
  /doc
3
4
  /pkg
4
5
  /man/*.[1-9]
data/ChangeLog.md CHANGED
@@ -1,3 +1,45 @@
1
+ ### 0.2.0 / 2024-XX-XX
2
+
3
+ * Require [ronin-db] ~> 0.2
4
+ * Added {Ronin::Vulns::Importer}.
5
+ * Added the `user_agent:` keyword argument to
6
+ {Ronin::Vulns::WebVuln#initialize}.
7
+ * Added {Ronin::Vulns::WebVuln#user_agent}.
8
+ * Added {Ronin::Vulns::CommandInjection}.
9
+ * Added the `command_injection:` keyword argument to
10
+ {Ronin::Vulns::URLScanner.scan}.
11
+ * Added {Ronin::Vulns::RFI#script_lang}.
12
+ * Support inferring the {Ronin::Vulns::RFI#script_lang} from the URL given to
13
+ {Ronin::Vulns::RFI#initialize}.
14
+ * Bruteforce test every different kind of RFI test URL in
15
+ {Ronin::Vulns::RFI#vulnerable?} if a test script URL was not given or the
16
+ {Ronin::Vulns::RFI#script_lang} cannot be inferred from the given URL.
17
+ * Allow the `escape_type:` keyword argument for {Ronin::Vulns::SSTI#initialize}
18
+ to accept a Symbol value to specify the specific
19
+ Server-Side-Template-Injection interpolation syntax:
20
+ * `:double_curly_braces` - `{{expression}}`
21
+ * `:dollar_curly_braces` - `${expression}`
22
+ * `:dollar_double_curly_braces` - `${{expression}}`
23
+ * `:pound_curly_braces` - `#{expression}`
24
+ * `:angle_brackets_percent` - `<%= expression %>`
25
+
26
+ #### CLI
27
+
28
+ * Added the `ronin-vulns command-injection` command.
29
+ * Added the `ronin-vulns irb` command.
30
+ * Added the `ronin-vulns completion` command to install shell completion files
31
+ for all `ronin-vulns` commands for Bash and Zsh shells.
32
+ * Added the `-H,--request-method` option to all commands.
33
+ * Added the `--user-agent` and `--user-agent-string` options to all commands.
34
+ * Added the `--test-all-form-params` option to all commands.
35
+ * Added the `--print-curl` and `--print-http` options to all commands.
36
+ * Added the `--import` option to all commands.
37
+ * Print a summary of all vulnerabilities found after scanning a URL, in addition
38
+ to logging messages indicating when a new vulnerability has just been found.
39
+ * Use hyphenated values for the `--lfi-filter-bypass` option in the
40
+ `ronin-vulns scan` command and `--filter-bypass` option in the
41
+ `ronin-vulns lfi` command.
42
+
1
43
  ### 0.1.5 / 2024-06-19
2
44
 
3
45
  * Improve the accuracy of {Ronin::Vulns::OpenRedirect#vulnerable?} when
@@ -68,3 +110,4 @@
68
110
  * HTTP `Cookie` parameters.
69
111
  * Form parameters.
70
112
 
113
+ [ronin-db]: https://github.com/ronin-rb/ronin-db#readme
data/Gemfile CHANGED
@@ -4,7 +4,11 @@ source 'https://rubygems.org'
4
4
 
5
5
  gemspec
6
6
 
7
- gem 'jruby-openssl', '~> 0.7', platforms: :jruby
7
+ platform :jruby do
8
+ gem 'jruby-openssl', '~> 0.7'
9
+ gem 'activerecord-jdbcsqlite3-adapter', '~> 70.0'
10
+ gem 'activerecord', '< 7.1.0'
11
+ end
8
12
 
9
13
  # gem 'command_kit', '~> 0.4', github: 'postmodern/command_kit.rb',
10
14
  # branch: '0.4.0'
@@ -12,8 +16,12 @@ gem 'jruby-openssl', '~> 0.7', platforms: :jruby
12
16
  # Ronin dependencies
13
17
  # gem 'ronin-support', '~> 1.0', github: 'ronin-rb/ronin-support',
14
18
  # branch: 'main'
15
- # gem 'ronin-core', '~> 0.1', github: 'ronin-rb/ronin-core',
16
- # branch: 'main'
19
+ # gem 'ronin-core', '~> 0.2', github: 'ronin-rb/ronin-core',
20
+ # branch: 'main'
21
+ # gem 'ronin-db', '~> 0.2', github: 'ronin-rb/ronin-db',
22
+ # branch: 'main'
23
+ # gem 'ronin-db-activerecord', '~> 0.2', github: 'ronin-rb/ronin-db-activerecord',
24
+ # branch: 'main'
17
25
 
18
26
  group :development do
19
27
  gem 'rake'
@@ -24,7 +32,7 @@ group :development do
24
32
  gem 'simplecov', '~> 0.20'
25
33
 
26
34
  gem 'kramdown', '~> 2.0'
27
- gem 'kramdown-man', '~> 0.1'
35
+ gem 'kramdown-man', '~> 1.0'
28
36
 
29
37
  gem 'redcarpet', platform: :mri
30
38
  gem 'yard', '~> 0.9'
@@ -35,4 +43,6 @@ group :development do
35
43
  gem 'stackprof', require: false, platform: :mri
36
44
  gem 'rubocop', require: false, platform: :mri
37
45
  gem 'rubocop-ronin', require: false, platform: :mri
46
+
47
+ gem 'command_kit-completion', '~> 0.2', require: false
38
48
  end
data/README.md CHANGED
@@ -56,7 +56,9 @@ Arguments:
56
56
  [ARGS ...] Additional arguments for the command
57
57
 
58
58
  Commands:
59
+ completion
59
60
  help
61
+ irb
60
62
  lfi
61
63
  open-redirect
62
64
  reflected-xss, xss
@@ -273,7 +275,8 @@ end
273
275
 
274
276
  * [Ruby] >= 3.0.0
275
277
  * [ronin-support] ~> 1.0
276
- * [ronin-core] ~> 0.1
278
+ * [ronin-core] ~> 0.2
279
+ * [ronin-db] ~> 0.2
277
280
 
278
281
  ## Install
279
282
 
@@ -298,7 +301,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
298
301
  1. [Fork It!](https://github.com/ronin-rb/ronin-vulns/fork)
299
302
  2. Clone It!
300
303
  3. `cd ronin-vulns/`
301
- 4. `bundle install`
304
+ 4. `./scripts/setup`
302
305
  5. `git checkout -b my_feature`
303
306
  6. Code It!
304
307
  7. `bundle exec rake spec`
@@ -306,7 +309,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
306
309
 
307
310
  ## License
308
311
 
309
- Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
312
+ Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
310
313
 
311
314
  ronin-vulns is free software: you can redistribute it and/or modify
312
315
  it under the terms of the GNU Lesser General Public License as published
@@ -326,3 +329,4 @@ along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
326
329
 
327
330
  [ronin-support]: https://github.com/ronin-rb/ronin-support#readme
328
331
  [ronin-core]: https://github.com/ronin-rb/ronin-core#readme
332
+ [ronin-db]: https://github.com/ronin-rb/ronin-db#readme
data/Rakefile CHANGED
@@ -32,3 +32,12 @@ task :docs => :yard
32
32
 
33
33
  require 'kramdown/man/task'
34
34
  Kramdown::Man::Task.new
35
+
36
+ require 'command_kit/completion/task'
37
+ CommandKit::Completion::Task.new(
38
+ class_file: 'ronin/vulns/cli',
39
+ class_name: 'Ronin::Vulns::CLI',
40
+ output_file: 'data/completions/ronin-vulns'
41
+ )
42
+
43
+ task :setup => %w[man command_kit:completion]
@@ -0,0 +1,139 @@
1
+ # ronin-vulns completion -*- shell-script -*-
2
+
3
+ # This bash completions script was generated by
4
+ # completely (https://github.com/dannyben/completely)
5
+ # Modifying it manually is not recommended
6
+
7
+ _ronin-vulns_completions_filter() {
8
+ local words="$1"
9
+ local cur=${COMP_WORDS[COMP_CWORD]}
10
+ local result=()
11
+
12
+ if [[ "${cur:0:1}" == "-" ]]; then
13
+ echo "$words"
14
+
15
+ else
16
+ for word in $words; do
17
+ [[ "${word:0:1}" != "-" ]] && result+=("$word")
18
+ done
19
+
20
+ echo "${result[*]}"
21
+
22
+ fi
23
+ }
24
+
25
+ _ronin-vulns_completions() {
26
+ local cur=${COMP_WORDS[COMP_CWORD]}
27
+ local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")
28
+ local compline="${compwords[*]}"
29
+
30
+ case "$compline" in
31
+ 'command_injection'*'--input')
32
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
33
+ ;;
34
+
35
+ 'open_redirect'*'--input')
36
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
37
+ ;;
38
+
39
+ 'reflected_xss'*'--input')
40
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
41
+ ;;
42
+
43
+ 'command_injection'*'-i')
44
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
45
+ ;;
46
+
47
+ 'command_injection'*)
48
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --escape-quote -Q --escape-operator -O --terminator -T")" -- "$cur" )
49
+ ;;
50
+
51
+ 'open_redirect'*'-i')
52
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
53
+ ;;
54
+
55
+ 'reflected_xss'*'-i')
56
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
57
+ ;;
58
+
59
+ 'open_redirect'*)
60
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --test-url -T")" -- "$cur" )
61
+ ;;
62
+
63
+ 'reflected_xss'*)
64
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i")" -- "$cur" )
65
+ ;;
66
+
67
+ 'scan'*'--input')
68
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
69
+ ;;
70
+
71
+ 'sqli'*'--input')
72
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
73
+ ;;
74
+
75
+ 'ssti'*'--input')
76
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
77
+ ;;
78
+
79
+ 'lfi'*'--input')
80
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
81
+ ;;
82
+
83
+ 'rfi'*'--input')
84
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
85
+ ;;
86
+
87
+ 'completion'*)
88
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--print --install --uninstall")" -- "$cur" )
89
+ ;;
90
+
91
+ 'scan'*'-i')
92
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
93
+ ;;
94
+
95
+ 'sqli'*'-i')
96
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
97
+ ;;
98
+
99
+ 'ssti'*'-i')
100
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
101
+ ;;
102
+
103
+ 'lfi'*'-i')
104
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
105
+ ;;
106
+
107
+ 'rfi'*'-i')
108
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
109
+ ;;
110
+
111
+ 'scan'*)
112
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --lfi-os --lfi-depth --lfi-filter-bypass --rfi-filter-bypass --rfi-script-lang --rfi-test-script-url --sqli-escape-quote --sqli-escape-parens --sqli-terminate --ssti-test-expr --open-redirect-url")" -- "$cur" )
113
+ ;;
114
+
115
+ 'sqli'*)
116
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --escape-quote -Q --escape-parens -P --terminate -T")" -- "$cur" )
117
+ ;;
118
+
119
+ 'ssti'*)
120
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --test-expr -T")" -- "$cur" )
121
+ ;;
122
+
123
+ 'lfi'*)
124
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --os -O --depth -D --filter-bypass -B")" -- "$cur" )
125
+ ;;
126
+
127
+ 'rfi'*)
128
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --filter-bypass -B --script-lang -S --test-script-url -T")" -- "$cur" )
129
+ ;;
130
+
131
+ *)
132
+ while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-vulns_completions_filter "--version -V help command-injection completion irb lfi open-redirect reflected-xss rfi scan sqli ssti xss cmdi")" -- "$cur" )
133
+ ;;
134
+
135
+ esac
136
+ } &&
137
+ complete -F _ronin-vulns_completions ronin-vulns
138
+
139
+ # ex: filetype=sh
data/gemspec.yml CHANGED
@@ -25,17 +25,23 @@ metadata:
25
25
  required_ruby_version: ">= 3.0.0"
26
26
 
27
27
  generated_files:
28
+ - data/completions/ronin-vulns
29
+ - man/ronin-vulns.1
30
+ - man/ronin-vulns-completion.1
31
+ - man/ronin-vulns-irb.1
28
32
  - man/ronin-vulns-lfi.1
29
33
  - man/ronin-vulns-rfi.1
30
34
  - man/ronin-vulns-sqli.1
31
35
  - man/ronin-vulns-ssti.1
36
+ - man/ronin-vulns-command-injection.1
32
37
  - man/ronin-vulns-open-redirect.1
33
38
  - man/ronin-vulns-reflected-xss.1
34
39
  - man/ronin-vulns-scan.1
35
40
 
36
41
  dependencies:
37
42
  ronin-support: ~> 1.0, >= 1.0.1
38
- ronin-core: ~> 0.1
43
+ ronin-core: ~> 0.2.0.rc1
44
+ ronin-db: ~> 0.2.0.rc1
39
45
 
40
46
  development_dependencies:
41
47
  bundler: ~> 2.0
@@ -2,7 +2,7 @@
2
2
  #
3
3
  # ronin-vulns - A Ruby library for blind vulnerability testing.
4
4
  #
5
- # Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
5
+ # Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
6
6
  #
7
7
  # ronin-vulns is free software: you can redistribute it and/or modify
8
8
  # it under the terms of the GNU Lesser General Public License as published
@@ -0,0 +1,163 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-vulns - A Ruby library for blind vulnerability testing.
4
+ #
5
+ # Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
6
+ #
7
+ # ronin-vulns is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Lesser General Public License as published
9
+ # by the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-vulns is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Lesser General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Lesser General Public License
18
+ # along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'ronin/vulns/cli/web_vuln_command'
22
+ require 'ronin/vulns/command_injection'
23
+
24
+ module Ronin
25
+ module Vulns
26
+ class CLI
27
+ module Commands
28
+ #
29
+ # Scans URL(s) for Command Injection vulnerabilities.
30
+ #
31
+ # ## Usage
32
+ #
33
+ # ronin-vulns command-injection [options] {URL ... | --input FILE}
34
+ #
35
+ # ## Options
36
+ #
37
+ # --db NAME The database to connect to (Default: default)
38
+ # --db-uri URI The database URI to connect to
39
+ # --db-file PATH The sqlite3 database file to use
40
+ # --import Imports discovered vulnerabilities into the database
41
+ # --first Only find the first vulnerability for each URL
42
+ # -A, --all Find all vulnerabilities for each URL
43
+ # --print-curl Also prints an example curl command for each vulnerability
44
+ # --print-http Also prints an example HTTP request for each vulnerability
45
+ # -M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
46
+ # --request-method The HTTP request method to use
47
+ # -H, --header "Name: value" Sets an additional header
48
+ # -U, --user-agent-string STRING Sets the User-Agent header
49
+ # -u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
50
+ # --user-agent Sets the User-Agent to use
51
+ # -C, --cookie COOKIE Sets the raw Cookie header
52
+ # -c, --cookie-param NAME=VALUE Sets an additional cookie param
53
+ # -R, --referer URL Sets the Referer header
54
+ # -F, --form-param NAME=VALUE Sets an additional form param
55
+ # --test-query-param NAME Tests the URL query param name
56
+ # --test-all-query-params Test all URL query param names
57
+ # --test-header-name NAME Tests the HTTP Header name
58
+ # --test-cookie-param NAME Tests the HTTP Cookie name
59
+ # --test-all-cookie-params Test all Cookie param names
60
+ # --test-form-param NAME Tests the form param name
61
+ # -i, --input FILE Reads URLs from the list file
62
+ # -Q, --escape-quote CHAR The string quotation character to use to escape the command
63
+ # -O, --escape-operator CHAR The command operator character to use to escape the command
64
+ # -T, --terminator CHAR The command termination character to use
65
+ # -h, --help Print help information
66
+ #
67
+ # ## Arguments
68
+ #
69
+ # [URL ...] The URL(s) to scan
70
+ #
71
+ # @since 0.2.0
72
+ #
73
+ class CommandInjection < WebVulnCommand
74
+
75
+ usage '[options] {URL ... | --input FILE}'
76
+
77
+ # Regex for matching a single `CHAR` option value.
78
+ CHAR_REGEX = /./
79
+
80
+ option :escape_quote, short: '-Q',
81
+ value: {
82
+ type: CHAR_REGEX,
83
+ usage: 'CHAR'
84
+ },
85
+ desc: 'The string quotation character to use to escape the command'
86
+
87
+ option :escape_operator, short: '-O',
88
+ value: {
89
+ type: CHAR_REGEX,
90
+ usage: 'CHAR'
91
+ },
92
+ desc: 'The command operator character to use to escape the command'
93
+
94
+ option :terminator, short: '-T',
95
+ value: {
96
+ type: CHAR_REGEX,
97
+ usage: 'CHAR'
98
+ },
99
+ desc: 'The command termination character to use'
100
+
101
+ description 'Scans URL(s) for Command Injection vulnerabilities'
102
+
103
+ man_page 'ronin-vulns-command-injection.1'
104
+
105
+ #
106
+ # Keyword arguments for `Vulns::CommandInjection.scan` and
107
+ # `Vulns::CommandInjection.test`.
108
+ #
109
+ # @return [Hash{Symbol => Object}]
110
+ #
111
+ def scan_kwargs
112
+ kwargs = super()
113
+
114
+ if options[:escape_quote]
115
+ kwargs[:escape_quote] = options[:escape_quote]
116
+ end
117
+
118
+ if options[:escape_operator]
119
+ kwargs[:escape_operator] = options[:escape_operator]
120
+ end
121
+
122
+ if options[:terminator]
123
+ kwargs[:terminator] = options[:terminator]
124
+ end
125
+
126
+ return kwargs
127
+ end
128
+
129
+ #
130
+ # Scans a URL for Command Injection vulnerabilities.
131
+ #
132
+ # @param [String] url
133
+ # The URL to scan.
134
+ #
135
+ # @yield [vuln]
136
+ # The given block will be passed each discovered Command Injection
137
+ # vulnerability.
138
+ #
139
+ # @yieldparam [Vulns::CommandInjection] vuln
140
+ # A Command Injection vulnerability discovered on the URL.
141
+ #
142
+ def scan_url(url,&block)
143
+ Vulns::CommandInjection.scan(url,**scan_kwargs,&block)
144
+ end
145
+
146
+ #
147
+ # Tests a URL for Command Injection vulnerabilities.
148
+ #
149
+ # @param [String] url
150
+ # The URL to test.
151
+ #
152
+ # @return [Vulns::CommandInjection, nil]
153
+ # The first Command Injection vulnerability discovered on the URL.
154
+ #
155
+ def test_url(url,&block)
156
+ Vulns::CommandInjection.test(url,**scan_kwargs)
157
+ end
158
+
159
+ end
160
+ end
161
+ end
162
+ end
163
+ end
@@ -0,0 +1,63 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-vulns - A Ruby library for blind vulnerability testing.
4
+ #
5
+ # Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
6
+ #
7
+ # ronin-vulns is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Lesser General Public License as published
9
+ # by the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-vulns is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Lesser General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Lesser General Public License
18
+ # along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'ronin/vulns/root'
22
+ require 'ronin/core/cli/completion_command'
23
+
24
+ module Ronin
25
+ module Vulns
26
+ class CLI
27
+ module Commands
28
+ #
29
+ # Manages the shell completion rules for `ronin-vulns`.
30
+ #
31
+ # ## Usage
32
+ #
33
+ # ronin-vulns completion [options]
34
+ #
35
+ # ## Options
36
+ #
37
+ # --print Prints the shell completion file
38
+ # --install Installs the shell completion file
39
+ # --uninstall Uninstalls the shell completion file
40
+ # -h, --help Print help information
41
+ #
42
+ # ## Examples
43
+ #
44
+ # ronin-vulns completion --print
45
+ # ronin-vulns completion --install
46
+ # ronin-vulns completion --uninstall
47
+ #
48
+ # @since 0.2.0
49
+ #
50
+ class Completion < Core::CLI::CompletionCommand
51
+
52
+ completion_file File.join(ROOT,'data','completions','ronin-vulns')
53
+
54
+ man_dir File.join(ROOT,'man')
55
+ man_page 'ronin-vulns-completion.1'
56
+
57
+ description 'Manages the shell completion rules for ronin-vulns'
58
+
59
+ end
60
+ end
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-vulns - A Ruby library for blind vulnerability testing.
4
+ #
5
+ # Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
6
+ #
7
+ # ronin-vulns is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Lesser General Public License as published
9
+ # by the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-vulns is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Lesser General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Lesser General Public License
18
+ # along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'ronin/vulns/cli/command'
22
+ require 'ronin/vulns/cli/ruby_shell'
23
+
24
+ module Ronin
25
+ module Vulns
26
+ class CLI
27
+ module Commands
28
+ #
29
+ # Starts an interactive Ruby shell with `ronin-vulns` loaded.
30
+ #
31
+ # ## Usage
32
+ #
33
+ # ronin-vulns irb [options]
34
+ #
35
+ # ## Options
36
+ #
37
+ # -h, --help Print help information
38
+ #
39
+ # @since 0.2.0
40
+ #
41
+ class Irb < Command
42
+
43
+ description "Starts an interactive Ruby shell with ronin-vulns loaded"
44
+
45
+ man_page 'ronin-vulns-irb.1'
46
+
47
+ #
48
+ # Runs the `ronin-vulns irb` command.
49
+ #
50
+ def run
51
+ require 'ronin/vulns'
52
+ CLI::RubyShell.start
53
+ end
54
+
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end