ronin-web 1.0.2 → 2.0.0.rc1

data/lib/ronin/web/cli/commands/new/{webapp.rb → app.rb}

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,11 +27,11 @@ module Ronin
       module Commands
         class New < Command
           #
-          # Generate a new ronin-web-server based webapp.
+          # Generate a new ronin-web-server based web app.
           #
           # ## Usage
           #
-          #     ronin-web new webapp [options] DIR
+          #     ronin-web new app [options] DIR
           #
           # ## Options
           #
@@ -45,11 +45,11 @@ module Ronin
           #
           #     DIR                              The directory to create
           #
-          class Webapp < Command
+          class App < Command
 
             include Core::CLI::Generator
 
-            template_dir File.join(ROOT,'data','new','webapp')
+            template_dir File.join(ROOT,'data','new','app')
 
             usage '[options] DIR'
 
@@ -75,12 +75,12 @@ module Ronin
             argument :dir, required: true,
                            desc: 'The directory to create'
 
-            description 'Generate a new ronin-web-server based webapp'
+            description 'Generate a new ronin-web-server based app'
 
-            man_page 'ronin-web-new-webapp.1'
+            man_page 'ronin-web-new-app.1'
 
             #
-            # Runs the `ronin-web new webapp` command.
+            # Runs the `ronin-web new app` command.
             #
             # @param [String] path
             #   The path to the new project directory to create.

data/lib/ronin/web/cli/commands/new/nokogiri.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,7 +27,7 @@ module Ronin
       module Commands
         class New < Command
           #
-          # Generates a new nokogiri Ruby script.
+          # Generates a new nokogiri Ruby script for parsing HTML/XML.
           #
           # ## Usage
           #
@@ -58,9 +58,9 @@ module Ronin
                          desc: 'Optional URL for the script'
 
             argument :file, required: true,
-                            desc: 'The file to create'
+                            desc:     'The file to create'
 
-            description 'Generates a new nokogiri Ruby script'
+            description 'Generates a new nokogiri Ruby script for parsing HTML/XML'
 
             man_page 'ronin-web-new-nokogiri.1'
 

data/lib/ronin/web/cli/commands/new/server.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/ronin/web/cli/commands/new/spider.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/ronin/web/cli/commands/new.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ module Ronin
         #
         # ## Usage
         #
-        #     ronin-web new {nokogiri | server | spider | webapp}
+        #     ronin-web new {nokogiri | server | app | spider}
         #
         # ## Options
         #
@@ -42,11 +42,11 @@ module Ronin
         #
         # ## Commands
         #
+        #     app
         #     help
         #     nokogiri
         #     server
         #     spider
-        #     webapp
         #
         class New < Command
 
@@ -55,6 +55,8 @@ module Ronin
             namespace: "#{self}"
           )
 
+          description 'Creates new projects or scripts'
+
           man_page 'ronin-web-new.1'
 
         end

data/lib/ronin/web/cli/commands/reverse_proxy.rb

@@ -2,7 +2,7 @@
 #
 # ronin-web - A collection of useful web helper methods and commands.
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/ronin/web/cli/commands/screenshot.rb

@@ -0,0 +1,186 @@
+# frozen_string_literal: true
+#
+# ronin-web - A collection of useful web helper methods and commands.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-web is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-web is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with ronin-web.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/web/cli/command'
+require 'ronin/web/cli/browser_options'
+
+require 'ronin/core/cli/logging'
+
+module Ronin
+  module Web
+    class CLI
+      module Commands
+        #
+        # Screenshots one or more URLs.
+        #
+        # ## Usage
+        #
+        #     ronin-web screenshot [options] {URL [...] | --file FILE}
+        #
+        # ## Options
+        #
+        #     -B, --browser NAME|PATH          The browser name or path to execute
+        #     -W, --width WIDTH                Sets the width of the browser viewport (Default: 1024)
+        #     -H, --height HEIGHT              Sets the height of the browser viewport (Default: 768)
+        #     -f, --file FILE                  Input file to read URLs from
+        #     -F, --format png|jpg             Screenshot image format (Default: png)
+        #     -d, --directory DIR              Directory to save images to (Default: /data/home/postmodern/code/ronin-rb/ronin-web)
+        #         --full                       Screenshots the full page
+        #     -C, --css-path CSSPath           The CSSpath selector to screenshot
+        #     -h, --help                       Print help information
+        #
+        # ## Arguments
+        #
+        #     URL ...                          The URL visit and screenshot
+        #
+        class Screenshot < Command
+
+          include Core::CLI::Logging
+          include BrowserOptions
+
+          usage '[options] {URL [...] | --file FILE}'
+
+          option :file, short: '-f',
+                        value: {
+                          type: String,
+                          usage: 'FILE'
+                        },
+                        desc: 'Input file to read URLs from'
+
+          option :format, short: '-F',
+                          value: {
+                            type:    [:png, :jpg],
+                            default: :png
+                          },
+                          desc: 'Screenshot image format'
+
+          option :directory, short: '-d',
+                             value: {
+                               type:    String,
+                               usage:   'DIR',
+                               default: Dir.pwd
+                             },
+                             desc: 'Directory to save images to'
+
+          option :full, desc: 'Screenshots the full page'
+
+          option :css_path, short: '-C',
+                            value: {
+                              type:  String,
+                              usage: 'CSSPath'
+                            },
+                            desc: 'The CSSpath selector to screenshot'
+
+          argument :url, required: true,
+                         repeats:  true,
+                         desc:     'The URL visit and screenshot'
+
+          description 'Screenshots one or more URLs'
+
+          man_page 'ronin-web-screenshot.1'
+
+          #
+          # Runs the `ronin-web screenshot` command.
+          #
+          # @param [Array<String>] urls
+          #   The URLs to screenshot.
+          #
+          def run(*urls)
+            if options[:file]
+              File.open(options[:file]) do |file|
+                file.each_line(chomp: true) do |url|
+                  process_url(url)
+                end
+              end
+            elsif !urls.empty?
+              urls.each do |url|
+                process_url(url)
+              end
+            else
+              print_error "must specify --file or URL arguments"
+              exit(-1)
+            end
+          end
+
+          #
+          # Visits and screenshots a URL.
+          #
+          # @param [String] url
+          #   The URL to screenshot.
+          #
+          def process_url(url)
+            begin
+              browser.goto(url)
+            rescue Ferrum::StatusError
+              print_error "failed to request URL: #{url}"
+            end
+
+            image_path = image_path_for(url)
+            FileUtils.mkdir_p(File.dirname(image_path))
+
+            log_info "Screenshotting #{url} to #{image_path} ..."
+            browser.screenshot(
+              path:     image_path,
+              format:   options[:format],
+              full:     options[:full],
+              selector: options[:css_path]
+            )
+          end
+
+          #
+          # Parses a URL.
+          #
+          # @param [String] url
+          #   The URL string to parse.
+          #
+          # @return [URI::HTTP, URI::HTTPS]
+          #   The parsed URL.
+          #
+          def parse_url(url)
+            URI.parse(url)
+          rescue URI::InvalidURI
+            print_error "invalid URI: #{url}"
+            exit(1)
+          end
+
+          #
+          # Generates the image path for a given URL.
+          #
+          # @param [String] url
+          #   The given URL.
+          #
+          # @return [String]
+          #   The relative image path that represents the URL.
+          #
+          def image_path_for(url)
+            uri = parse_url(url)
+
+            path = File.join(options[:directory],uri.host,uri.request_uri)
+            path << 'index' if path.end_with?('/')
+            path << ".#{options[:format]}"
+
+            return path
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/web/cli/commands/server.rb

@@ -2,7 +2,7 @@
 #
 # ronin-web - A collection of useful web helper methods and commands.
 #
-# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # ronin-web is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by

data/lib/ronin/web/cli/commands/session_cookie.rb

@@ -0,0 +1,265 @@
+# frozen_string_literal: true
+#
+# ronin-web - A collection of useful web helper methods and commands.
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-web is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-web is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with ronin-web.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/web/cli/command'
+require 'ronin/web/session_cookie'
+require 'ronin/support/network/http'
+require 'ronin/support/encoding/hex'
+
+require 'command_kit/options/verbose'
+require 'command_kit/printing/indent'
+
+module Ronin
+  module Web
+    class CLI
+      module Commands
+        #
+        # Parses and deserializes various session cookie formats.
+        #
+        # ## Usage
+        #
+        #     ronin-web session_cookie [options] {URL | COOKIE}
+        #
+        # ## Options
+        #
+        #     -v, --verbose                    Enables verbose output
+        #     -F, --format ruby|json|yaml      The format to print the session cookie params (Default: ruby)
+        #     -h, --help                       Print help information
+        #
+        # ## Arguments
+        #
+        #     URL | COOKIE                     The URL or the session cookie to parse
+        #
+        # @since 2.0.0
+        #
+        class SessionCookie < Command
+
+          include CommandKit::Options::Verbose
+          include CommandKit::Printing::Indent
+
+          usage '[options] {URL | COOKIE}'
+
+          option :format, short: '-F',
+                          value: {
+                            type: [:ruby, :json, :yaml],
+                            default: :ruby
+                          },
+                          desc: 'The format to print the session cookie params'
+
+          argument :url_or_cookie, required: true,
+                                   usage:    'URL | COOKIE',
+                                   desc:     'The URL or the session cookie to parse'
+
+          description 'Parses and deserializes various session cookie formats'
+
+          examples [
+            '"rack.session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVG86HVJhY2s6OlNlc3Npb246OlNlc3Npb25JZAY6D0BwdWJsaWNfaWRJIkUyYWJkZTdkM2I0YTMxNDE5OThiYmMyYTE0YjFmMTZlNTNlMWMzYWJlYzhiYzc4ZjVhMGFlMGUwODJmMjJlZGIxBjsARkkiCWNzcmYGOwBGSSIxNHY1TmRCMGRVaklXdjhzR3J1b2ZhM2xwNHQyVGp5ZHptckQycjJRWXpIZz0GOwBGSSINdHJhY2tpbmcGOwBGewZJIhRIVFRQX1VTRVJfQUdFTlQGOwBUSSItOTkxNzUyMWYzN2M4ODJkNDIyMzhmYmI5Yzg4MzFmMWVmNTAwNGQyYwY7AEY%3D--02184e43850f38a46c8f22ffb49f7f22be58e272"'
+          ]
+
+          man_page 'ronin-web-session-cookie.1'
+
+          #
+          # Runs the `ronin-web session-cookie` command.
+          #
+          # @param [String] arg
+          #
+          def run(arg)
+            session_cookie = if arg.start_with?('https://') ||
+                                arg.start_with?('http://')
+                               fetch_session_cookie(arg)
+                             else
+                               parse_session_cookie(arg)
+                             end
+
+            if session_cookie
+              print_session_cookie(session_cookie)
+            else
+              print_error "no session cookie found"
+              exit(-1)
+            end
+          end
+
+          #
+          # Fetches the session cookie from the URL.
+          #
+          # @param [String] url
+          #   The URL to request.
+          #
+          # @return [Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, Ronin::Web::SessionCookie::Rack, nil]
+          #   The parses session cookie.
+          #
+          def fetch_session_cookie(url)
+            response = begin
+                         Support::Network::HTTP.get(url)
+                       rescue => error
+                         print_error "failed to request URL (#{url.inspect}): #{error.message}"
+                         exit(-1)
+                       end
+
+            Web::SessionCookie.extract(response)
+          end
+
+          #
+          # Parses a session cookie.
+          #
+          # @param [String] cookie
+          #   The session cookie to parse.
+          #
+          # @return [Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, Ronin::Web::SessionCookie::Rack, nil]
+          #   The parses session cookie.
+          #
+          def parse_session_cookie(cookie)
+            Web::SessionCookie.parse(cookie)
+          end
+
+          #
+          # Prints a session cookie.
+          #
+          # @param [Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, Ronin::Web::SessionCookie::Rack] session_cookie
+          #
+          # @raise [NotImplementedError]
+          #   The session cookie was not `Ronin::Web::SessionCookie::Django`,
+          #   `Ronin::Web::SessionCookie::JWT`, or
+          #   `Ronin::Web::SessionCookie::Rack`.
+          #
+          def print_session_cookie(session_cookie)
+            case session_cookie
+            when Web::SessionCookie::Django
+              print_django_session_cookie(session_cookie)
+            when Web::SessionCookie::JWT
+              print_jwt_session_cookie(session_cookie)
+            when Web::SessionCookie::Rack
+              print_rack_session_cookie(session_cookie)
+            else
+              raise(NotImplementedError,"cannot print session cookie: #{session_cookie.inspect}")
+            end
+          end
+
+          #
+          # Prints a Django session cookie.
+          #
+          # @param [Ronin::Web::SessionCookie::Django] session_cookie
+          #
+          def print_django_session_cookie(session_cookie)
+            if verbose?
+              puts "Type: Django"
+              puts "Params:"
+              puts
+
+              indent do
+                print_params(session_cookie.params)
+              end
+              puts
+
+              puts "Salt: #{session_cookie.salt}"
+              puts "HMAC: #{Support::Encoding::Hex.quote(session_cookie.hmac)}"
+            else
+              print_params(session_cookie.params)
+            end
+          end
+
+          #
+          # Prints a JWT session cookie.
+          #
+          # @param [Ronin::Web::SessionCookie::JWT] session_cookie
+          #
+          def print_jwt_session_cookie(session_cookie)
+            if verbose?
+              puts "Type: JWT"
+              puts "Header:"
+              puts
+
+              indent do
+                print_params(session_cookie.header)
+              end
+              puts
+
+              puts "Params:"
+              puts
+
+              indent do
+                print_params(session_cookie.params)
+              end
+              puts
+
+              puts "HMAC: #{Support::Encoding::Hex.quote(session_cookie.hmac)}"
+            else
+              print_params(session_cookie.params)
+            end
+          end
+
+          #
+          # Prints a Rack session cookie.
+          #
+          # @param [Ronin::Web::SessionCookie::Rack] session_cookie
+          #
+          def print_rack_session_cookie(session_cookie)
+            if verbose?
+              puts "Type: Rack"
+              puts "Params:"
+              puts
+
+              indent do
+                print_params(session_cookie.params)
+              end
+              puts
+
+              puts "HMAC: #{session_cookie.hmac}"
+            else
+              print_params(session_cookie.params)
+            end
+          end
+
+          #
+          # Prints the session cookie params as JSON.
+          #
+          # @param [Hash] params
+          #   The params to print.
+          #
+          def print_params(params)
+            format_params(params).each_line do |line|
+              puts line
+            end
+          end
+
+          #
+          # Formats the params based on the `--format` option.
+          #
+          def format_params(params)
+            case options[:format]
+            when :ruby
+              require 'pp'
+              params.pretty_print_inspect
+            when :json
+              require 'json'
+              JSON.pretty_generate(params)
+            when :yaml
+              require 'yaml'
+              YAML.dump(params)
+            else
+              raise(NotImplementedError,"unsupported format: #{options[:format].inspect}")
+            end
+          end
+
+        end
+      end
+    end
+  end
+end