ronin-vulns 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +1 -0
- data/ChangeLog.md +12 -0
- data/README.md +7 -5
- data/data/completions/ronin-vulns +43 -11
- data/gemspec.yml +3 -1
- data/lib/ronin/vulns/cli/command.rb +3 -2
- data/lib/ronin/vulns/cli/commands/command_injection.rb +3 -3
- data/lib/ronin/vulns/cli/commands/completion.rb +3 -2
- data/lib/ronin/vulns/cli/commands/irb.rb +3 -3
- data/lib/ronin/vulns/cli/commands/lfi.rb +3 -3
- data/lib/ronin/vulns/cli/commands/open_redirect.rb +3 -3
- data/lib/ronin/vulns/cli/commands/reflected_xss.rb +3 -3
- data/lib/ronin/vulns/cli/commands/rfi.rb +3 -3
- data/lib/ronin/vulns/cli/commands/scan.rb +3 -3
- data/lib/ronin/vulns/cli/commands/sqli.rb +3 -3
- data/lib/ronin/vulns/cli/commands/ssti.rb +3 -3
- data/lib/ronin/vulns/cli/importable.rb +4 -3
- data/lib/ronin/vulns/cli/printing.rb +1 -1
- data/lib/ronin/vulns/cli/ruby_shell.rb +1 -1
- data/lib/ronin/vulns/cli/web_vuln_command.rb +4 -4
- data/lib/ronin/vulns/cli.rb +3 -2
- data/lib/ronin/vulns/command_injection.rb +3 -3
- data/lib/ronin/vulns/importer.rb +1 -1
- data/lib/ronin/vulns/lfi/test_file.rb +2 -2
- data/lib/ronin/vulns/lfi.rb +4 -3
- data/lib/ronin/vulns/open_redirect.rb +2 -2
- data/lib/ronin/vulns/reflected_xss/context.rb +2 -2
- data/lib/ronin/vulns/reflected_xss/test_string.rb +2 -2
- data/lib/ronin/vulns/reflected_xss.rb +4 -4
- data/lib/ronin/vulns/rfi.rb +3 -3
- data/lib/ronin/vulns/root.rb +1 -1
- data/lib/ronin/vulns/sqli/error_pattern.rb +2 -2
- data/lib/ronin/vulns/sqli.rb +3 -3
- data/lib/ronin/vulns/ssti/test_expression.rb +2 -2
- data/lib/ronin/vulns/ssti.rb +3 -3
- data/lib/ronin/vulns/url_scanner.rb +8 -8
- data/lib/ronin/vulns/version.rb +2 -2
- data/lib/ronin/vulns/vuln.rb +1 -1
- data/lib/ronin/vulns/web_vuln/http_request.rb +3 -2
- data/lib/ronin/vulns/web_vuln.rb +4 -4
- data/lib/ronin/vulns.rb +32 -0
- metadata +19 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35653f9125d0af1492343dc82a17c6d7e645fa2649b75ee828647ea13e256676
|
|
4
|
+
data.tar.gz: dbe4ada050f9dbcedea4eb8197a59217affec0276205e49ec5708b4d73865e23
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8573bc7cbb8f8da72c27d453bdd904457ad0076723700171f89aafa82ad499dd1d0a206426858e148261196e387eb3a8d18395cff9feebd65b0783320b38b760
|
|
7
|
+
data.tar.gz: e647b631bd189433fe527ac88f8411ed0f1a40690711449ebc8596c3e55a43671a05318f71f1166ed9071a7bfd2243dea2162fba772921b39b3ea0be92ef1da9
|
data/.github/workflows/ruby.yml
CHANGED
data/ChangeLog.md
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
### 0.2.1 / 2025-02-14
|
|
2
|
+
|
|
3
|
+
* Added the `base64` gem as a dependency for Bundler and Ruby 3.4.0.
|
|
4
|
+
* Added missing `ronin/vulns` Ruby file.
|
|
5
|
+
* Use `require_relative` to improve load times.
|
|
6
|
+
* Documentation fixes.
|
|
7
|
+
|
|
8
|
+
#### CLI
|
|
9
|
+
|
|
10
|
+
* Fixed a bug in the `ronin-vulns irb` command where the `ronin/vulns` Ruby file
|
|
11
|
+
was missing.
|
|
12
|
+
|
|
1
13
|
### 0.2.0 / 2024-07-22
|
|
2
14
|
|
|
3
15
|
* Require [ronin-db] ~> 0.2
|
data/README.md
CHANGED
|
@@ -89,7 +89,7 @@ $ ronin-vulns lfi "http://www.example.com/page.php?lang=en"
|
|
|
89
89
|
Test a URL for SQL injection (SQLi):
|
|
90
90
|
|
|
91
91
|
```shell
|
|
92
|
-
$ ronin-vulns sqli "http://
|
|
92
|
+
$ ronin-vulns sqli "http://testphp.vulnweb.com/listproducts.php?cat=1"
|
|
93
93
|
```
|
|
94
94
|
|
|
95
95
|
Test a URL for Server Side Template Injection (SSTI):
|
|
@@ -185,17 +185,17 @@ Test a URL for SQL Injection (SQLi):
|
|
|
185
185
|
```ruby
|
|
186
186
|
require 'ronin/vulns/sqli'
|
|
187
187
|
|
|
188
|
-
vuln = Ronin::Vulns::SQLI.test('http://
|
|
188
|
+
vuln = Ronin::Vulns::SQLI.test('http://testphp.vulnweb.com/listproducts.php?cat=1')
|
|
189
189
|
# => #<Ronin::Vulns::SQLI: ...>
|
|
190
190
|
```
|
|
191
191
|
|
|
192
192
|
Finds all Server Side Template Injection (SQLI) vulnerabilities for a given URL:
|
|
193
193
|
|
|
194
194
|
```ruby
|
|
195
|
-
vulns = Ronin::Vulns::SQLI.scan('http://
|
|
195
|
+
vulns = Ronin::Vulns::SQLI.scan('http://testphp.vulnweb.com/listproducts.php?cat=1')
|
|
196
196
|
# => [#<Ronin::Vulns::SQLI: ...>, ...]
|
|
197
197
|
|
|
198
|
-
vulns = Ronin::Vulns::SQLI.scan('http://
|
|
198
|
+
vulns = Ronin::Vulns::SQLI.scan('http://testphp.vulnweb.com/listproducts.php?cat=1') do |vuln|
|
|
199
199
|
puts "Found SQLi on #{vuln.url} query param #{vuln.query_param}"
|
|
200
200
|
end
|
|
201
201
|
# => [#<Ronin::Vulns::SQLI: ...>, ...]
|
|
@@ -274,6 +274,7 @@ end
|
|
|
274
274
|
## Requirements
|
|
275
275
|
|
|
276
276
|
* [Ruby] >= 3.0.0
|
|
277
|
+
* [base64] ~> 0.1
|
|
277
278
|
* [ronin-support] ~> 1.0
|
|
278
279
|
* [ronin-core] ~> 0.2
|
|
279
280
|
* [ronin-db] ~> 0.2
|
|
@@ -309,7 +310,7 @@ gem.add_dependency 'ronin-vulns', '~> 0.1'
|
|
|
309
310
|
|
|
310
311
|
## License
|
|
311
312
|
|
|
312
|
-
Copyright (c) 2022-
|
|
313
|
+
Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
313
314
|
|
|
314
315
|
ronin-vulns is free software: you can redistribute it and/or modify
|
|
315
316
|
it under the terms of the GNU Lesser General Public License as published
|
|
@@ -327,6 +328,7 @@ along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
|
327
328
|
[Ruby]: https://www.ruby-lang.org
|
|
328
329
|
[ronin-rb]: https://ronin-rb.dev
|
|
329
330
|
|
|
331
|
+
[base64]: https://github.com/ruby/base64#readme
|
|
330
332
|
[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
|
|
331
333
|
[ronin-core]: https://github.com/ronin-rb/ronin-core#readme
|
|
332
334
|
[ronin-db]: https://github.com/ronin-rb/ronin-db#readme
|
|
@@ -28,10 +28,22 @@ _ronin-vulns_completions() {
|
|
|
28
28
|
local compline="${compwords[*]}"
|
|
29
29
|
|
|
30
30
|
case "$compline" in
|
|
31
|
+
'command_injection'*'--db-file')
|
|
32
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
33
|
+
;;
|
|
34
|
+
|
|
31
35
|
'command_injection'*'--input')
|
|
32
36
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
33
37
|
;;
|
|
34
38
|
|
|
39
|
+
'reflected_xss'*'--db-file')
|
|
40
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
41
|
+
;;
|
|
42
|
+
|
|
43
|
+
'open_redirect'*'--db-file')
|
|
44
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
45
|
+
;;
|
|
46
|
+
|
|
35
47
|
'reflected_xss'*'--input')
|
|
36
48
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
37
49
|
;;
|
|
@@ -56,23 +68,43 @@ _ronin-vulns_completions() {
|
|
|
56
68
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
57
69
|
;;
|
|
58
70
|
|
|
59
|
-
'
|
|
60
|
-
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -
|
|
71
|
+
'scan'*'--db-file')
|
|
72
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
73
|
+
;;
|
|
74
|
+
|
|
75
|
+
'sqli'*'--db-file')
|
|
76
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
77
|
+
;;
|
|
78
|
+
|
|
79
|
+
'ssti'*'--db-file')
|
|
80
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
61
81
|
;;
|
|
62
82
|
|
|
63
83
|
'open_redirect'*)
|
|
64
84
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --test-url -T")" -- "$cur")
|
|
65
85
|
;;
|
|
66
86
|
|
|
67
|
-
'
|
|
87
|
+
'reflected_xss'*)
|
|
88
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i")" -- "$cur")
|
|
89
|
+
;;
|
|
90
|
+
|
|
91
|
+
'lfi'*'--db-file')
|
|
92
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
93
|
+
;;
|
|
94
|
+
|
|
95
|
+
'rfi'*'--db-file')
|
|
96
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -A directory -- "$cur")
|
|
97
|
+
;;
|
|
98
|
+
|
|
99
|
+
'ssti'*'--input')
|
|
68
100
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
69
101
|
;;
|
|
70
102
|
|
|
71
|
-
'
|
|
103
|
+
'scan'*'--input')
|
|
72
104
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
73
105
|
;;
|
|
74
106
|
|
|
75
|
-
'
|
|
107
|
+
'sqli'*'--input')
|
|
76
108
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
77
109
|
;;
|
|
78
110
|
|
|
@@ -88,11 +120,11 @@ _ronin-vulns_completions() {
|
|
|
88
120
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--print --install --uninstall")" -- "$cur")
|
|
89
121
|
;;
|
|
90
122
|
|
|
91
|
-
'
|
|
123
|
+
'scan'*'-i')
|
|
92
124
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
93
125
|
;;
|
|
94
126
|
|
|
95
|
-
'
|
|
127
|
+
'sqli'*'-i')
|
|
96
128
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
97
129
|
;;
|
|
98
130
|
|
|
@@ -108,14 +140,14 @@ _ronin-vulns_completions() {
|
|
|
108
140
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -A file -- "$cur")
|
|
109
141
|
;;
|
|
110
142
|
|
|
111
|
-
'scan'*)
|
|
112
|
-
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --lfi-os --lfi-depth --lfi-filter-bypass --rfi-filter-bypass --rfi-script-lang --rfi-test-script-url --sqli-escape-quote --sqli-escape-parens --sqli-terminate --ssti-test-expr --open-redirect-url")" -- "$cur")
|
|
113
|
-
;;
|
|
114
|
-
|
|
115
143
|
'sqli'*)
|
|
116
144
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --escape-quote -Q --escape-parens -P --terminate -T")" -- "$cur")
|
|
117
145
|
;;
|
|
118
146
|
|
|
147
|
+
'scan'*)
|
|
148
|
+
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --lfi-os --lfi-depth --lfi-filter-bypass --rfi-filter-bypass --rfi-script-lang --rfi-test-script-url --sqli-escape-quote --sqli-escape-parens --sqli-terminate --ssti-test-expr --open-redirect-url")" -- "$cur")
|
|
149
|
+
;;
|
|
150
|
+
|
|
119
151
|
'ssti'*)
|
|
120
152
|
while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_ronin-vulns_completions_filter "--db --db-uri --db-file --import --first -F --all -A --print-curl --print-http --request-method -M --header -H --user-agent-string -U --user-agent -u --cookie -C --cookie-param -c --referer -R --form-param -F --test-query-param --test-all-query-params --test-header-name --test-cookie-param --test-all-cookie-params --test-form-param --test-all-form-params --input -i --test-expr -T")" -- "$cur")
|
|
121
153
|
;;
|
data/gemspec.yml
CHANGED
|
@@ -9,7 +9,7 @@ description: |
|
|
|
9
9
|
Remote File Inclusion (RFI), SQL injection (SQLi), reflective Cross Site
|
|
10
10
|
Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
|
|
11
11
|
|
|
12
|
-
license: LGPL-3.0
|
|
12
|
+
license: LGPL-3.0-or-later
|
|
13
13
|
authors: Postmodern
|
|
14
14
|
email: postmodern.mod3@gmail.com
|
|
15
15
|
homepage: https://ronin-rb.dev/
|
|
@@ -39,6 +39,8 @@ generated_files:
|
|
|
39
39
|
- man/ronin-vulns-scan.1
|
|
40
40
|
|
|
41
41
|
dependencies:
|
|
42
|
+
base64: ~> 0.1
|
|
43
|
+
# Ronin dependencies:
|
|
42
44
|
ronin-support: ~> 1.0, >= 1.0.1
|
|
43
45
|
ronin-core: ~> 0.2
|
|
44
46
|
ronin-db: ~> 0.2
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,9 +18,10 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
require 'ronin/vulns/root'
|
|
22
21
|
require 'ronin/core/cli/command'
|
|
23
22
|
|
|
23
|
+
require_relative '../root'
|
|
24
|
+
|
|
24
25
|
module Ronin
|
|
25
26
|
module Vulns
|
|
26
27
|
class CLI
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../command_injection'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,9 +18,10 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
require 'ronin/vulns/root'
|
|
22
21
|
require 'ronin/core/cli/completion_command'
|
|
23
22
|
|
|
23
|
+
require_relative '../../root'
|
|
24
|
+
|
|
24
25
|
module Ronin
|
|
25
26
|
module Vulns
|
|
26
27
|
class CLI
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../command'
|
|
22
|
+
require_relative '../ruby_shell'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../lfi'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../open_redirect'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../reflected_xss'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../rfi'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../url_scanner'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../sqli'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative '../web_vuln_command'
|
|
22
|
+
require_relative '../../ssti'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,9 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative 'printing'
|
|
22
|
+
require_relative '../importer'
|
|
23
|
+
|
|
23
24
|
require 'ronin/db/cli/database_options'
|
|
24
25
|
require 'ronin/db/cli/printing'
|
|
25
26
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,9 +18,9 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
21
|
+
require_relative 'command'
|
|
22
|
+
require_relative 'importable'
|
|
23
|
+
require_relative 'printing'
|
|
24
24
|
|
|
25
25
|
require 'ronin/support/network/http/cookie'
|
|
26
26
|
require 'ronin/support/network/http/user_agents'
|
data/lib/ronin/vulns/cli.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,13 +18,14 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
require 'ronin/vulns/version'
|
|
22
21
|
require 'ronin/core/cli/help/banner'
|
|
23
22
|
|
|
24
23
|
require 'command_kit/commands'
|
|
25
24
|
require 'command_kit/commands/auto_load'
|
|
26
25
|
require 'command_kit/options/version'
|
|
27
26
|
|
|
27
|
+
require_relative 'version'
|
|
28
|
+
|
|
28
29
|
module Ronin
|
|
29
30
|
module Vulns
|
|
30
31
|
#
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
22
|
|
|
23
23
|
require 'time'
|
|
24
24
|
|
|
@@ -114,7 +114,7 @@ module Ronin
|
|
|
114
114
|
# @param [Array<String, nil>, String, nil] escape_operator
|
|
115
115
|
# The optional escape operator character(s) to test.
|
|
116
116
|
#
|
|
117
|
-
# @param [Array<String, nil>,
|
|
117
|
+
# @param [Array<String, nil>, String, nil] terminator
|
|
118
118
|
# The optional command termination character(s) to test.
|
|
119
119
|
#
|
|
120
120
|
# @param [Ronin::Support::Network::HTTP, nil] http
|
data/lib/ronin/vulns/importer.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library to blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative '../web_vuln'
|
|
22
22
|
|
|
23
23
|
module Ronin
|
|
24
24
|
module Vulns
|
data/lib/ronin/vulns/lfi.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,12 +18,13 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
|
+
require_relative 'lfi/test_file'
|
|
23
23
|
|
|
24
24
|
require 'ronin/support/text/patterns'
|
|
25
25
|
require 'ronin/support/crypto'
|
|
26
26
|
require 'ronin/support/compression'
|
|
27
|
+
|
|
27
28
|
require 'uri/query_params'
|
|
28
29
|
require 'base64'
|
|
29
30
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
22
|
|
|
23
23
|
require 'chars'
|
|
24
24
|
require 'cgi'
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative '../web_vuln'
|
|
22
22
|
|
|
23
23
|
module Ronin
|
|
24
24
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative '../web_vuln'
|
|
22
22
|
|
|
23
23
|
module Ronin
|
|
24
24
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,9 +18,9 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
|
+
require_relative 'reflected_xss/test_string'
|
|
23
|
+
require_relative 'reflected_xss/context'
|
|
24
24
|
|
|
25
25
|
require 'set'
|
|
26
26
|
|
data/lib/ronin/vulns/rfi.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
|
+
require_relative 'version'
|
|
23
23
|
|
|
24
24
|
require 'ronin/support/network/http'
|
|
25
25
|
require 'uri/query_params'
|
data/lib/ronin/vulns/root.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative '../web_vuln'
|
|
22
22
|
|
|
23
23
|
module Ronin
|
|
24
24
|
module Vulns
|
data/lib/ronin/vulns/sqli.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
|
+
require_relative 'sqli/error_pattern'
|
|
23
23
|
|
|
24
24
|
require 'time'
|
|
25
25
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative '../web_vuln'
|
|
22
22
|
|
|
23
23
|
module Ronin
|
|
24
24
|
module Vulns
|
data/lib/ronin/vulns/ssti.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,8 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
require_relative 'web_vuln'
|
|
22
|
+
require_relative 'ssti/test_expression'
|
|
23
23
|
|
|
24
24
|
module Ronin
|
|
25
25
|
module Vulns
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,13 +18,13 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
21
|
+
require_relative 'lfi'
|
|
22
|
+
require_relative 'rfi'
|
|
23
|
+
require_relative 'sqli'
|
|
24
|
+
require_relative 'ssti'
|
|
25
|
+
require_relative 'reflected_xss'
|
|
26
|
+
require_relative 'open_redirect'
|
|
27
|
+
require_relative 'command_injection'
|
|
28
28
|
|
|
29
29
|
module Ronin
|
|
30
30
|
module Vulns
|
data/lib/ronin/vulns/version.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -21,6 +21,6 @@
|
|
|
21
21
|
module Ronin
|
|
22
22
|
module Vulns
|
|
23
23
|
# The ronin-vulns version
|
|
24
|
-
VERSION = '0.2.
|
|
24
|
+
VERSION = '0.2.1'
|
|
25
25
|
end
|
|
26
26
|
end
|
data/lib/ronin/vulns/vuln.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,7 +18,8 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
require_relative '../vuln'
|
|
22
|
+
|
|
22
23
|
require 'ronin/support/network/http/cookie'
|
|
23
24
|
require 'ronin/support/network/http/user_agents'
|
|
24
25
|
|
data/lib/ronin/vulns/web_vuln.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#
|
|
3
3
|
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
4
|
#
|
|
5
|
-
# Copyright (c) 2022-
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
6
|
#
|
|
7
7
|
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
8
|
# it under the terms of the GNU Lesser General Public License as published
|
|
@@ -18,10 +18,10 @@
|
|
|
18
18
|
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
19
|
#
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
require 'ronin/support/network/http'
|
|
21
|
+
require_relative 'vuln'
|
|
22
|
+
require_relative 'web_vuln/http_request'
|
|
24
23
|
|
|
24
|
+
require 'ronin/support/network/http'
|
|
25
25
|
require 'chars'
|
|
26
26
|
|
|
27
27
|
module Ronin
|
data/lib/ronin/vulns.rb
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
#
|
|
3
|
+
# ronin-vulns - A Ruby library for blind vulnerability testing.
|
|
4
|
+
#
|
|
5
|
+
# Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
|
|
6
|
+
#
|
|
7
|
+
# ronin-vulns is free software: you can redistribute it and/or modify
|
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
|
10
|
+
# (at your option) any later version.
|
|
11
|
+
#
|
|
12
|
+
# ronin-vulns is distributed in the hope that it will be useful,
|
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
15
|
+
# GNU Lesser General Public License for more details.
|
|
16
|
+
#
|
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
|
18
|
+
# along with ronin-vulns. If not, see <https://www.gnu.org/licenses/>.
|
|
19
|
+
#
|
|
20
|
+
|
|
21
|
+
require_relative 'vulns/vuln'
|
|
22
|
+
require_relative 'vulns/web_vuln'
|
|
23
|
+
require_relative 'vulns/lfi'
|
|
24
|
+
require_relative 'vulns/rfi'
|
|
25
|
+
require_relative 'vulns/sqli'
|
|
26
|
+
require_relative 'vulns/ssti'
|
|
27
|
+
require_relative 'vulns/command_injection'
|
|
28
|
+
require_relative 'vulns/open_redirect'
|
|
29
|
+
require_relative 'vulns/reflected_xss'
|
|
30
|
+
require_relative 'vulns/url_scanner'
|
|
31
|
+
require_relative 'vulns/importer'
|
|
32
|
+
require_relative 'vulns/version'
|
metadata
CHANGED
|
@@ -1,15 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ronin-vulns
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Postmodern
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-02-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: base64
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.1'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '0.1'
|
|
13
27
|
- !ruby/object:Gem::Dependency
|
|
14
28
|
name: ronin-support
|
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -107,6 +121,7 @@ files:
|
|
|
107
121
|
- data/rfi_test.php
|
|
108
122
|
- data/rfi_test.pl
|
|
109
123
|
- gemspec.yml
|
|
124
|
+
- lib/ronin/vulns.rb
|
|
110
125
|
- lib/ronin/vulns/cli.rb
|
|
111
126
|
- lib/ronin/vulns/cli/command.rb
|
|
112
127
|
- lib/ronin/vulns/cli/commands/command_injection.rb
|
|
@@ -168,7 +183,7 @@ files:
|
|
|
168
183
|
- scripts/setup
|
|
169
184
|
homepage: https://ronin-rb.dev/
|
|
170
185
|
licenses:
|
|
171
|
-
- LGPL-3.0
|
|
186
|
+
- LGPL-3.0-or-later
|
|
172
187
|
metadata:
|
|
173
188
|
documentation_uri: https://ronin-rb.dev/docs/ronin-vulns
|
|
174
189
|
source_code_uri: https://github.com/ronin-rb/ronin-vulns
|
|
@@ -190,7 +205,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
190
205
|
- !ruby/object:Gem::Version
|
|
191
206
|
version: '0'
|
|
192
207
|
requirements: []
|
|
193
|
-
rubygems_version: 3.5.
|
|
208
|
+
rubygems_version: 3.5.22
|
|
194
209
|
signing_key:
|
|
195
210
|
specification_version: 4
|
|
196
211
|
summary: Tests URLs for Local File Inclusion (LFI), Remove File Inclusion (RFI), SQL
|