Module: Ronin::Vulns::CLI::Printing Private

Includes:
CommandKit::Printing::Indent, Core::CLI::Logging
Included in:
Importable, WebVulnCommand
Defined in:
lib/ronin/vulns/cli/printing.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Mixin that adds methods for logging and printing discovered web vulnerabilities.

Since:

  • 0.2.0

Constant Summary collapse

VULN_TYPES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Known vulnerability types and their printable names.

Since:

  • 0.2.0

{
  command_injection: 'Command Injection',
  open_redirect:     'Open Redirect',
  reflected_xss:     'reflected XSS',

  lfi:  'LFI',
  rfi:  'RFI',
  sqli: 'SQLi',
  ssti: 'SSTI'
}

Instance Method Summary collapse

Instance Method Details

#log_vuln(vuln) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints a log message about a newly discovered web vulnerability.

Parameters:

  • vuln (WebVuln)

    The web vulnerability to log.

Since:

  • 0.2.0



97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/ronin/vulns/cli/printing.rb', line 97

def log_vuln(vuln)
  vuln_type  = vuln_type(vuln)
  param_type = vuln_param_type(vuln)
  param_name = vuln_param_name(vuln)

  if (param_type && param_name)
    log_warn "Found #{vuln_type} on #{vuln.url} via #{param_type} '#{param_name}'!"
  else
    log_warn "Found #{vuln_type} on #{vuln.url}!"
  end
end

#print_vuln(vuln, print_curl: false, print_http: false) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints detailed information about a discovered web vulnerability.

Parameters:

  • vuln (WebVuln)

    The web vulnerability to log.

  • print_curl (Boolean) (defaults to: false)

    Prints an example curl command to trigger the web vulnerability.

  • print_http (Boolean) (defaults to: false)

    Prints an example HTTP request to trigger the web vulnerability.

Since:

  • 0.2.0



123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/ronin/vulns/cli/printing.rb', line 123

def print_vuln(vuln, print_curl: false, print_http: false)
  vuln_type  = vuln_type(vuln)
  param_type = vuln_param_type(vuln)
  param_name = vuln_param_name(vuln)

  if (param_type && param_name)
    puts "#{colors.bold(colors.bright_red(vuln_type))} on #{colors.bold(colors.bright_white(vuln.url))} via #{colors.bold(colors.bright_white(param_type))} '#{colors.bold(colors.bright_red(param_name))}'"
  else
    puts "#{colors.bold(colors.red(vuln_type))} on #{colors.bold(colors.bright_white(vuln.url))}"
  end

  if print_curl || print_http
    puts

    if print_curl
      puts "  #{vuln.to_curl}"
      puts
    end

    if print_http
      vuln.to_http.each_line(chomp: true) do |line|
        puts "  #{line}"
      end
      puts
    end
  end
end

#print_vulns(vulns, print_curl: false, print_http: false) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Print a summary of all web vulnerabilities found.

Parameters:

  • vulns (Array<WebVuln>)

    The discovered web vulnerabilities.

  • print_curl (Boolean) (defaults to: false)

    Prints an example curl command to trigger the web vulnerability.

  • print_http (Boolean) (defaults to: false)

    Prints an example HTTP request to trigger the web vulnerability.

Since:

  • 0.2.0



165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
 
# File 'lib/ronin/vulns/cli/printing.rb', line 165

def print_vulns(vulns, print_curl: false, print_http: false)
  if vulns.empty?
    puts colors.green("No vulnerabilities found")
  else
    puts colors.bold(colors.bright_red('Vulnerabilities found!'))
    puts

    indent do
      vulns.each do |vuln|
        print_vuln(vuln, print_curl: print_curl,
                         print_http: print_http)
      end
    end
    puts unless (print_curl || print_http)
  end
end

#vuln_param_name(vuln) ⇒ String?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Determines the param name that the web vulnerability occurs in.

Parameters:

Returns:

  • (String, nil)

Since:

  • 0.2.0



83
84
85
86
87
88
89
 
# File 'lib/ronin/vulns/cli/printing.rb', line 83

def vuln_param_name(vuln)
  if    vuln.query_param  then vuln.query_param
  elsif vuln.header_name  then vuln.header_name
  elsif vuln.cookie_param then vuln.cookie_param
  elsif vuln.form_param   then vuln.form_param
  end
end

#vuln_param_type(vuln) ⇒ String?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Determines the param type that the web vulnerability occurs in.

Parameters:

Returns:

  • (String, nil)

Since:

  • 0.2.0



68
69
70
71
72
73
74
 
# File 'lib/ronin/vulns/cli/printing.rb', line 68

def vuln_param_type(vuln)
  if    vuln.query_param  then 'query param'
  elsif vuln.header_name  then 'Header'
  elsif vuln.cookie_param then 'Cookie param'
  elsif vuln.form_param   then 'form param'
  end
end

#vuln_type(vuln) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the printable vulnerability type for the vulnerability object.

Parameters:

Returns:

  • (String)

Since:

  • 0.2.0



57
58
59
 
# File 'lib/ronin/vulns/cli/printing.rb', line 57

def vuln_type(vuln)
  VULN_TYPES.fetch(vuln.class.vuln_type)
end