Class: Workers::Vulns

Inherits:

Object

Object
Workers::Vulns

show all

Includes:: Ronin::App, Sidekiq::Worker

Defined in:: workers/vulns.rb

Overview

Vulnerabilities scanner worker.

Constant Summary collapse

Params =

Dry::Schema::JSON() do
  required(:url).filled(:string)

  optional(:lfi).hash do
    optional(:os).maybe(Types::Vulns::LFI::OSType)
    optional(:depth).maybe(:integer)
    optional(:filter_bypass).maybe(Types::Vulns::LFI::FilterBypassType)
  end

  optional(:rfi).hash do
    optional(:filter_bypass).maybe(Types::Vulns::RFI::FilterBypassType)
    optional(:test_script_url).maybe(:string)
  end

  optional(:sqli).hash do
    optional(:escape_quote).maybe(:bool)
    optional(:escape_parens).maybe(:bool)
    optional(:terminate).maybe(:bool)
  end

  optional(:ssti).hash do
    optional(:escape).maybe(Types::Vulns::SSTI::EscapeType)
  end

  optional(:command_injection).hash do
    optional(:escape_quote).maybe(:string)
    optional(:escape_operator).maybe(:string)
    optional(:terminate).maybe(:string)
  end

  optional(:open_redirect).hash do
    optional(:test_url).maybe(:string)
  end

  before(:value_coercer) do |result|
    result.to_h.map do |_, value|
      value.is_a?(Hash) ? value.compact! : value
    end
  end
end

Constants included from Ronin::App

Ronin::App::ROOT, Ronin::App::VERSION

Instance Method Summary collapse

#perform(params) ⇒ Object
#validate(params) ⇒ Hash{Symbol => Object}
Validates the given job params.

Instance Method Details

#perform(params) ⇒ `Object`

# File 'workers/vulns.rb', line 79

def perform(params)
  kwargs = validate(params)
  url    = kwargs.delete(:url)

  Ronin::Vulns::URLScanner.scan(url, **kwargs) do |vuln|
    Ronin::Vulns::Importer.import(vuln)
  end
end

#validate(params) ⇒ `Hash{Symbol => Object}`

Validates the given job params.

Parameters:

params (Hash{String => Object}) —
The JSON deserialized params for the job.

Returns:

(Hash{Symbol => Object}) —
The validated and coerced params as a Symbol Hash.

Raises:

(ArgumentError) —
The params could not be validated or coerced.

# File 'workers/vulns.rb', line 100

def validate(params)
  result = Params.call(params)

  if result.failure?
    raise(ArgumentError,"invalid nmap params (#{params.inspect}): #{result.errors.inspect}")
  end

  return result.to_h
end

Class: Workers::Vulns

Overview

Constant Summary collapse

Constants included from Ronin::App

Instance Method Summary collapse

Instance Method Details

#perform(params) ⇒ Object

#validate(params) ⇒ Hash{Symbol => Object}

#perform(params) ⇒ `Object`

#validate(params) ⇒ `Hash{Symbol => Object}`