Class: Workers::Vulns

Inherits:
Object
  • Object
show all
Includes:
Ronin::App, Sidekiq::Worker
Defined in:
workers/vulns.rb

Overview

Vulnerabilities scanner worker.

Constant Summary collapse

Params =
Dry::Schema::JSON() do
  required(:url).filled(:string)

  optional(:lfi).hash do
    optional(:os).maybe(Types::Vulns::LFI::OSType)
    optional(:depth).maybe(:integer)
    optional(:filter_bypass).maybe(Types::Vulns::LFI::FilterBypassType)
  end

  optional(:rfi).hash do
    optional(:filter_bypass).maybe(Types::Vulns::RFI::FilterBypassType)
    optional(:test_script_url).maybe(:string)
  end

  optional(:sqli).hash do
    optional(:escape_quote).maybe(:bool)
    optional(:escape_parens).maybe(:bool)
    optional(:terminate).maybe(:bool)
  end

  optional(:ssti).hash do
    optional(:escape).maybe(Types::Vulns::SSTI::EscapeType)
  end

  optional(:command_injection).hash do
    optional(:escape_quote).maybe(:string)
    optional(:escape_operator).maybe(:string)
    optional(:terminate).maybe(:string)
  end

  optional(:open_redirect).hash do
    optional(:test_url).maybe(:string)
  end

  before(:value_coercer) do |result|
    result.to_h.map do |_, value|
      value.is_a?(Hash) ? value.compact! : value
    end
  end
end

Constants included from Ronin::App

Ronin::App::ROOT, Ronin::App::VERSION

Instance Method Summary collapse

Instance Method Details

#perform(params) ⇒ Object



79
80
81
82
83
84
85
86
# File 'workers/vulns.rb', line 79

def perform(params)
  kwargs = validate(params)
  url    = kwargs.delete(:url)

  Ronin::Vulns::URLScanner.scan(url, **kwargs) do |vuln|
    Ronin::Vulns::Importer.import(vuln)
  end
end

#validate(params) ⇒ Hash{Symbol => Object}

Validates the given job params.

Parameters:

  • params (Hash{String => Object})

    The JSON deserialized params for the job.

Returns:

  • (Hash{Symbol => Object})

    The validated and coerced params as a Symbol Hash.

Raises:

  • (ArgumentError)

    The params could not be validated or coerced.



100
101
102
103
104
105
106
107
108
# File 'workers/vulns.rb', line 100

def validate(params)
  result = Params.call(params)

  if result.failure?
    raise(ArgumentError,"invalid nmap params (#{params.inspect}): #{result.errors.inspect}")
  end

  return result.to_h
end