RubyGems - ronin-web - Versions diffs - 1.0.1 → 2.0.0.rc1 - Mend

ronin-web 1.0.1 → 2.0.0.rc1

Files changed (91) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +3 -2
data/.gitignore +1 -0
data/.rubocop.yml +5 -0
data/ChangeLog.md +46 -1
data/Gemfile +25 -12
data/README.md +486 -39
data/Rakefile +9 -0
data/data/completions/ronin-web +203 -0
data/gemspec.yml +18 -5
data/lib/ronin/web/cli/browser_options.rb +92 -0
data/lib/ronin/web/cli/browser_shell.rb +448 -0
data/lib/ronin/web/cli/command.rb +1 -1
data/lib/ronin/web/cli/commands/browser.rb +373 -0
data/lib/ronin/web/cli/commands/completion.rb +63 -0
data/lib/ronin/web/cli/commands/diff.rb +60 -8
data/lib/ronin/web/cli/commands/html.rb +21 -33
data/lib/ronin/web/cli/commands/irb.rb +1 -1
data/lib/ronin/web/cli/commands/new/{webapp.rb → app.rb} +8 -8
data/lib/ronin/web/cli/commands/new/nokogiri.rb +4 -4
data/lib/ronin/web/cli/commands/new/server.rb +1 -1
data/lib/ronin/web/cli/commands/new/spider.rb +1 -1
data/lib/ronin/web/cli/commands/new.rb +5 -3
data/lib/ronin/web/cli/commands/reverse_proxy.rb +1 -1
data/lib/ronin/web/cli/commands/screenshot.rb +186 -0
data/lib/ronin/web/cli/commands/server.rb +3 -3
data/lib/ronin/web/cli/commands/session_cookie.rb +265 -0
data/lib/ronin/web/cli/commands/spider.rb +60 -466
data/lib/ronin/web/cli/commands/user_agent.rb +177 -0
data/lib/ronin/web/cli/commands/vulns.rb +463 -0
data/lib/ronin/web/cli/commands/wordlist.rb +484 -0
data/lib/ronin/web/cli/commands/xml.rb +149 -0
data/lib/ronin/web/cli/js_shell.rb +69 -0
data/lib/ronin/web/cli/ruby_shell.rb +1 -1
data/lib/ronin/web/cli/spider_options.rb +919 -0
data/lib/ronin/web/cli.rb +3 -1
data/lib/ronin/web/html.rb +1 -1
data/lib/ronin/web/root.rb +1 -1
data/lib/ronin/web/version.rb +2 -2
data/lib/ronin/web/xml.rb +1 -1
data/lib/ronin/web.rb +4 -364
data/man/ronin-web-browser.1 +92 -0
data/man/ronin-web-browser.1.md +96 -0
data/man/ronin-web-completion.1 +76 -0
data/man/ronin-web-completion.1.md +78 -0
data/man/ronin-web-diff.1 +14 -21
data/man/ronin-web-diff.1.md +13 -6
data/man/ronin-web-html.1 +30 -46
data/man/ronin-web-html.1.md +27 -17
data/man/ronin-web-irb.1 +9 -16
data/man/ronin-web-irb.1.md +6 -2
data/man/ronin-web-new-app.1.md +39 -0
data/man/ronin-web-new-nokogiri.1 +9 -20
data/man/ronin-web-new-nokogiri.1.md +5 -5
data/man/ronin-web-new-server.1 +11 -23
data/man/ronin-web-new-server.1.md +5 -5
data/man/ronin-web-new-spider.1 +44 -88
data/man/ronin-web-new-spider.1.md +37 -37
data/man/ronin-web-new.1 +18 -30
data/man/ronin-web-new.1.md +15 -11
data/man/ronin-web-reverse-proxy.1 +33 -38
data/man/ronin-web-reverse-proxy.1.md +20 -14
data/man/ronin-web-screenshot.1 +56 -0
data/man/ronin-web-screenshot.1.md +56 -0
data/man/ronin-web-server.1 +15 -29
data/man/ronin-web-server.1.md +13 -9
data/man/ronin-web-session-cookie.1 +38 -0
data/man/ronin-web-session-cookie.1.md +41 -0
data/man/ronin-web-spider.1 +121 -130
data/man/ronin-web-spider.1.md +115 -66
data/man/ronin-web-user-agent.1 +44 -0
data/man/ronin-web-user-agent.1.md +46 -0
data/man/ronin-web-vulns.1 +175 -0
data/man/ronin-web-vulns.1.md +177 -0
data/man/ronin-web-wordlist.1 +258 -0
data/man/ronin-web-wordlist.1.md +263 -0
data/man/ronin-web-xml.1 +43 -0
data/man/ronin-web-xml.1.md +46 -0
data/man/ronin-web.1 +67 -18
data/man/ronin-web.1.md +55 -4
data/scripts/setup +58 -0
metadata +122 -31
data/lib/ronin/web/mechanize.rb +0 -82
data/man/ronin-web-new-webapp.1.md +0 -39
/data/data/new/{webapp → app}/.gitignore +0 -0
/data/data/new/{webapp → app}/.ruby-version.erb +0 -0
/data/data/new/{webapp → app}/Dockerfile.erb +0 -0
/data/data/new/{webapp → app}/Gemfile +0 -0
/data/data/new/{webapp → app}/app.rb.erb +0 -0
/data/data/new/{webapp → app}/config.ru +0 -0
/data/data/new/{webapp → app}/docker-compose.yml.erb +0 -0

data/data/completions/ronin-web ADDED Viewed

@@ -0,0 +1,203 @@
+# ronin-web completion                                     -*- shell-script -*-
+# This bash completions script was generated by
+# completely (https://github.com/dannyben/completely)
+# Modifying it manually is not recommended
+_ronin-web_completions_filter() {
+  local words="$1"
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  local result=()
+  if [[ "${cur:0:1}" == "-" ]]; then
+    echo "$words"
+  else
+    for word in $words; do
+      [[ "${word:0:1}" != "-" ]] && result+=("$word")
+    done
+    echo "${result[*]}"
+  fi
+}
+_ronin-web_completions() {
+  local cur=${COMP_WORDS[COMP_CWORD]}
+  local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")
+  local compline="${compwords[*]}"
+  case "$compline" in
+    'browser'*'--inject-js-file')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+    'screenshot'*'--directory')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+    'wordlist'*'--ignore-host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'wordlist'*'--visit-host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'reverse-proxy'*'--host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'spider'*'--ignore-host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'spider'*'--git-archive')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+    'spider'*'--visit-host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'vulns'*'--ignore-host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'vulns'*'--visit-host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'screenshot'*'--file')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+    'reverse-proxy'*'-H')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'spider'*'--history')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+    'spider'*'--archive')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+    'wordlist'*'--host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'session_cookie'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--verbose -v --format -F")" -- "$cur" )
+      ;;
+    'reverse-proxy'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--host -H --port -p --show-body -b --rewrite-requests --rewrite-responses")" -- "$cur" )
+      ;;
+    'screenshot'*'-f')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
+      ;;
+    'screenshot'*'-d')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+    'server'*'--host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'server'*'--root')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+    'spider'*'--host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'new nokogiri'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -W "$(_ronin-web_completions_filter "--url -U")" -- "$cur" )
+      ;;
+    'vulns'*'--host')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'completion'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--print --install --uninstall")" -- "$cur" )
+      ;;
+    'new server'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -W "$(_ronin-web_completions_filter "--host -H --port -p")" -- "$cur" )
+      ;;
+    'new spider'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -W "$(_ronin-web_completions_filter "--host --domain --site --every-link --every-url --every-failed-url --every-url-like --all-headers --every-page --every-ok-page --every-redirect-page --every-timedout-page --every-bad-request-page --every-unauthorized-page --every-forbidden-page --every-missing-page --every-internal-server-error-page --every-txt-page --every-html-page --every-xml-page --every-xsl-page --every-javascript-page --every-css-page --every-rss-page --every-atom-page --every-ms-word-page --every-pdf-page --every-zip-page --every-doc --every-html-doc --every-xml-doc --every-xsl-doc --every-rss-doc --every-atom-doc")" -- "$cur" )
+      ;;
+    'screenshot'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--browser -B --width -W --height -H --file -f --format -F --directory -d --full --css-path -C")" -- "$cur" )
+      ;;
+    'user_agent'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--browser -B --chrome-version --firefox-version --linux-distro -D --arch -A --os -O --os-version")" -- "$cur" )
+      ;;
+    'server'*'-H')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A hostname -- "$cur" )
+      ;;
+    'server'*'-r')
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -- "$cur" )
+      ;;
+    'wordlist'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--host --domain --site --open-timeout --read-timeout --ssl-timeout --continue-timeout --keep-alive-timeout --proxy -P --header -H --host-header --user-agent-string -U --user-agent -u --referer -R --delay -d --limit -l --max-depth -d --enqueue --visited --strip-fragments --strip-query --visit-scheme --visit-schemes-like --ignore-scheme --ignore-schemes-like --visit-host --visit-hosts-like --ignore-host --ignore-hosts-like --visit-port --visit-ports-like --ignore-port --ignore-ports-like --visit-link --visit-links-like --ignore-link --ignore-links-like --visit-ext --visit-exts-like --ignore-ext --ignore-exts-like --robots -r --output -o --content-xpath -X --content-css-path -C --meta-tags --no-meta-tags --comments --no-comments --alt-tags --no-alt-tags --paths --query-params-names --query-param-values --only-paths --only-query-param --only-query-param-values --format -f --append -A --lang -L --stop-word --ignore-word --digits --no-digits --special-char --numbers --no-numbers --acronyms --no-acronyms --normalize-case --no-normalize-case --normalize-apostrophes --no-normalize-apostrophes --normalize-acronyms --no-normalize-acronyms")" -- "$cur" )
+      ;;
+    'browser'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--browser -B --width -W --height -H --headless --visible --x -x --y -y --inject-js --inject-js-file --bypass-csp --print-urls --print-status --print-requests --print-responses --print-traffic --print-headers --print-cookies --print-body --shell --js-shell")" -- "$cur" )
+      ;;
+    'new app'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A directory -W "$(_ronin-web_completions_filter "--port --ruby-version --git --dockerfile -D")" -- "$cur" )
+      ;;
+    'server'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--host -H --port -p --basic-auth -A --dir -d --file -f --root -r --redirect -R")" -- "$cur" )
+      ;;
+    'spider'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--host --domain --site --open-timeout --read-timeout --ssl-timeout --continue-timeout --keep-alive-timeout --proxy -P --header -H --host-header --user-agent-string -U --user-agent -u --referer -R --delay -d --limit -l --max-depth -d --enqueue --visited --strip-fragments --strip-query --visit-scheme --visit-schemes-like --ignore-scheme --ignore-schemes-like --visit-host --visit-hosts-like --ignore-host --ignore-hosts-like --visit-port --visit-ports-like --ignore-port --ignore-ports-like --visit-link --visit-links-like --ignore-link --ignore-links-like --visit-ext --visit-exts-like --ignore-ext --ignore-exts-like --robots -r --verbose -v --print-stauts --print-headers --print-header --history --archive --git-archive --xpath -X --css-path -C --print-hosts --print-certs --save-certs --print-js-strings --print-js-url-strings --print-js-path-strings --print-js-absolute-path-strings --print-js-relative-path-strings --print-html-comments --print-js-comments --print-comments")" -- "$cur" )
+      ;;
+    'vulns'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--host --domain --site --open-timeout --read-timeout --ssl-timeout --continue-timeout --keep-alive-timeout --proxy -P --header -H --host-header --user-agent-string -U --user-agent -u --referer -R --delay -d --limit -l --max-depth -d --enqueue --visited --strip-fragments --strip-query --visit-scheme --visit-schemes-like --ignore-scheme --ignore-schemes-like --visit-host --visit-hosts-like --ignore-host --ignore-hosts-like --visit-port --visit-ports-like --ignore-port --ignore-ports-like --visit-link --visit-links-like --ignore-link --ignore-links-like --visit-ext --visit-exts-like --ignore-ext --ignore-exts-like --robots -r --db --db-uri --db-file --first -F --all -A --print-curl --print-http --import --lfi-os --lfi-depth --lfi-filter-bypass --rfi-filter-bypass --rfi-script-lang --rfi-test-script-url --sqli-escape-quote --sqli-escape-parens --sqli-terminate --ssti-test-expr --open-redirect-url")" -- "$cur" )
+      ;;
+    'diff'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--format -f")" -- "$cur" )
+      ;;
+    'html'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--xpath -X --first -F --text -t --css-path -C --meta-tags -M --links -l --style -S --stylesheet-urls -s --javascript -J --javascript-urls -j --form-urls -f --urls -u")" -- "$cur" )
+      ;;
+    'new'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "help app nokogiri server spider")" -- "$cur" )
+      ;;
+    'xml'*)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--xpath -X --first -F --text -t")" -- "$cur" )
+      ;;
+    *)
+      while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-web_completions_filter "--version -V help browser completion diff html irb new reverse-proxy screenshot server session-cookie spider user-agent vulns wordlist xml")" -- "$cur" )
+      ;;
+  esac
+} &&
+complete -F _ronin-web_completions ronin-web
+# ex: filetype=sh

data/gemspec.yml CHANGED Viewed

@@ -20,7 +20,10 @@ metadata:
   rubygems_mfa_required: 'true'
 generated_files:
+  - data/completions/ronin-web
   - man/ronin-web.1
+  - man/ronin-web-browser.1
+  - man/ronin-web-completion.1
   - man/ronin-web-diff.1
   - man/ronin-web-html.1
   - man/ronin-web-irb.1
@@ -29,22 +32,32 @@ generated_files:
   - man/ronin-web-new-server.1
   - man/ronin-web-new-spider.1
   - man/ronin-web-new-webapp.1
+  - man/ronin-web-screenshot.1
   - man/ronin-web-server.1
   - man/ronin-web-spider.1
   - man/ronin-web-reverse-proxy.1
+  - man/ronin-web-session-cookie.1
+  - man/ronin-web-user-agent.1
+  - man/ronin-web-vulns.1
+  - man/ronin-web-wordlist.1
+  - man/ronin-web-xml.1
 dependencies:
   nokogiri: ~> 1.4
-  nokogiri-ext: ~> 0.1
   nokogiri-diff: ~> 0.2
-  mechanize: ~> 2.0
+  robots: ~> 0.10
   open_namespace: ~> 0.4
+  wordlist: ~> 1.0, >= 1.0.1
   # Ronin dependencies:
-  ronin-support: ~> 1.0
+  ronin-support: ~> 1.1.0.rc1
+  ronin-support-web: ~> 0.1.0.rc1
+  ronin-web-browser: ~> 0.1.0.rc1
   ronin-web-server: ~> 0.1, >= 0.1.1
-  ronin-web-spider: ~> 0.1
+  ronin-web-spider: ~> 0.2.0.rc1
   ronin-web-user_agents: ~> 0.1
-  ronin-core: ~> 0.1
+  ronin-web-session_cookie: ~> 0.1.0.rc1
+  ronin-core: ~> 0.2.0.rc1
+  ronin-vulns: ~> 0.2.0.rc1
 development_dependencies:
   bundler: ~> 2.0

data/lib/ronin/web/cli/browser_options.rb ADDED Viewed

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+#
+# ronin-web - A collection of useful web helper methods and commands.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-web is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-web is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with ronin-web.  If not, see <https://www.gnu.org/licenses/>.
+#
+require 'ronin/web/browser'
+module Ronin
+  module Web
+    class CLI
+      #
+      # Adds options for opening a browser.
+      #
+      # @since 2.0.0
+      #
+      module BrowserOptions
+        #
+        # Adds the browser options to the command including {BrowserOptions}.
+        #
+        # @param [Class<Command>] command
+        #   The command including {BrowserOptions}.
+        #
+        def self.included(command)
+          command.option :browser, short: '-B',
+                                   value: {
+                                     type: String,
+                                     usage: 'NAME|PATH'
+                                   },
+                                   desc: 'The browser name or path to execute'
+          command.option :width, short: '-W',
+                                 value: {
+                                   type:    Integer,
+                                   default: 1024,
+                                   usage:   'WIDTH'
+                                 },
+                                 desc: 'Sets the width of the browser viewport'
+          command.option :height, short: '-H',
+                                  value: {
+                                    type:    Integer,
+                                    default: 768,
+                                    usage:   'HEIGHT'
+                                  },
+                                  desc: 'Sets the height of the browser viewport'
+        end
+        #
+        # The browser agent.
+        #
+        # @return [Ronin::Web::Browser::Agent]
+        #
+        def browser
+          @browser ||= Web::Browser.new(**browser_kwargs)
+        end
+        #
+        # Keyword arguments for `Ronin::Web::Browser.new`.
+        #
+        # @return [Hash{Symbol => Object}]
+        #   The keyword arguments.
+        #
+        def browser_kwargs
+          kwargs = {
+            window_size: [options[:width], options[:height]]
+          }
+          if options[:browser]
+            kwargs[:browser_path] = options[:browser]
+          end
+          return kwargs
+        end
+      end
+    end
+  end
+end