NAME
ronin-vulns-scan - Scans URL(s) for web vulnerabilities
SYNOPSIS
ronin-vulns scan
[options] {URL … | --input
FILE}
DESCRIPTION
Scans URL(s) for web vulnerabilities. The URLs to scan can be given as
additional arguments or read from a file using the --input
option.
ARGUMENTS
- URL
- A URL to scan.
OPTIONS
--db
NAME- The database name to connect to. Defaults to
default
if not given. --db-uri
URI- The database URI to connect to
(ex:
postgres://user:password@host/db
). --db-file
PATH- The sqlite3 database file to use.
--import
- Imports discovered vulnerabilities into the database.
--first
- Only find the first vulnerability for each URL.
-A
,--all
- Find all vulnerabilities for each URL.
--print-curl
- Also prints an example
curl
command for each vulnerability. --print-http
- Also prints an example HTTP request for each vulnerability.
-M
,--request-method
COPY
|DELETE
|GET
|HEAD
|LOCK
|MKCOL
|MOVE
|OPTIONS
|PATCH
|POST
|PROPFIND
|PROPPATCH
|PUT
|TRACE
|UNLOCK
- Sets the HTTP request method to use.
-H
,--header
“Name: value”- Sets an additional header using the given Name and value.
-U
,--user-agent-string
STRING- Sets the
User-Agent
header string. -u
,--user-agent
chrome-linux
|chrome-macos
|chrome-windows
|chrome-iphone
|chrome-ipad
|chrome-android
|firefox-linux
|firefox-macos
|firefox-windows
|firefox-iphone
|firefox-ipad
|firefox-android
|safari-macos
|safari-iphone
|safari-ipad
|edge
- Sets the
User-Agent
header. -C
,--cookie
COOKIE- Sets the raw
Cookie
header. -c
,--cookie-param
NAME=
VALUE- Sets an additional
Cookie
param using the given NAME and VALUE. -R
,--referer
URL- Sets the
Referer
header. -F
,--form-param
NAME=
VALUE- Sets an additional form param using the given NAME and VALUE.
--test-query-param
NAME- Tests the URL query param name.
--test-all-query-params
- Test all URL query param names.
--test-header-name
NAME- Tests the HTTP Header name.
--test-cookie-param
NAME- Tests the HTTP Cookie name.
--test-all-cookie-params
- Test all Cookie param names.
--test-form-param
NAME- Tests the form param name.
-i
,--input
FILE- Reads URLs from the given FILE.
--lfi-os
unix
|windows
- Sets the OS to test for.
--lfi-depth
NUM- Sets the directory depth to escape up.
--lfi-filter-bypass
null-byte
|double-escape
|base64
|rot13
|zlib
- Sets the filter bypass strategy to use.
--rfi-filter-bypass
double-encode
|suffix-escape
|null-byte
- Optional filter-bypass strategy to use.
--rfi-script-lang
asp
|asp.net
|coldfusion
|jsp
|php
|perl
- Explicitly specify the scripting language to test for.
--rfi-test-script-url
URL- Use an alternative test script URL.
--sqli-escape-quote
- Escapes quotation marks.
--sqli-escape-parens
- Escapes parenthesis.
--sqli-terminate
- Terminates the SQL expression with a
--
. --ssti-test-expr
{X*Y | X/Z | X+Y | X-Y}- Optional numeric test to use.
--open-redirect-url
URL- Optional test URL to try to redirect to.
-h
,--help
- Print help information.
AUTHOR
Postmodern postmodern.mod3@gmail.com
SEE ALSO
ronin-vulns-lfi ronin-vulns-rfi ronin-vulns-sqli ronin-vulns-ssti ronin-vulns-open-redirect ronin-vulns-reflected-xss