Class: Ronin::DB::WebVuln

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Ronin::DB::WebVuln

Includes:

Model

Defined in:

lib/ronin/db/web_vuln.rb

Overview

Represents discovered web vulnerabilities.

Instance Attribute Summary

• #command_injection_escape_operator ⇒ String^?

  The Command Injection escape operator character.

• #command_injection_escape_quote ⇒ String^?

  The Command Injection escape quote character.

• #command_injection_terminator ⇒ String^?

  The Command Injection terminator character.

• #cookie_param ⇒ String^?

  The cookie param of the URL.

• #created_at ⇒ Time readonly

  Defines the created_at timestamp.

• #form_param ⇒ String^?

  The form param of the URL.

• #header_name ⇒ String^?

  The header name string part of the URL.

• #id ⇒ Integer

  The primary key of the URL.

• #lfi_depth ⇒ Integer^?

  The LFI depth.

• #lfi_filter_bypass ⇒ :null_byte, ...

  The LFI filter bypass.

• #lfi_os ⇒ :unix, ...

  The LFI os.

• #query_param ⇒ String^?

  The query param of the URL.

• #request_method ⇒ "copy", ...

  The request method for the URL.

• #rfi_filter_bypass ⇒ :null_byte, ...

  The RFI filter bypass.

• #rfi_script_lang ⇒ :asp, ...

  The RFI script lang.

• #scheme ⇒ URL

  The scheme of the URL.

• #sqli_escape_parens ⇒ Boolean^?

  The SQLi escape parens.

• #sqli_escape_quote ⇒ Boolean^?

  The SQLi escape quote.

• #sqli_terminate ⇒ Boolean^?

  The SQLi terminate.

• #ssti_escape_type ⇒ :double_curly_braces, ...

  The SSTI escape type.

• #type ⇒ "lfi", ...

  The type of vuln.

Class Method Summary

• .for_domain(domain) ⇒ Array<WebVuln>

  Queries all web vulnerabilities belonging to the given domain name.

• .for_host(host_name) ⇒ Array<WebVuln>

  Queries all web vulnerabilities belonging to the given host name.

• .for_path(path) ⇒ Array<WebVuln>

  Queries all web vulnerabilities with the matching URL path.

• .with_cookie_param(name) ⇒ Array<WebVuln>

  Queries all web vulnerabilities effecting the given cookie param name.

• .with_form_param(name) ⇒ Array<WebVuln>

  Queries all web vulnerabilities effecting the given form param name.

• .with_header_name(name) ⇒ Array<WebVuln>

  Queries all web vulnerabilities effecting the given header name.

• .with_query_param(name) ⇒ Array<WebVuln>

  Queries all web vulnerabilities effecting the given query param name.

• .with_request_method(request_method) ⇒ Array<WebVuln>

  Queries all web vulnerabilities with the given request method.

• .with_type(type) ⇒ Array<WebVuln>

  Queries all web vulnerabilities of the given type.

Instance Method Summary

• #param_validation ⇒ Object

  Validates presence of at least one param fields.

Methods included from Model

included

Instance Attribute Details

#command_injection_escape_operator ⇒ String^?

The Command Injection escape operator character.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 200

attribute :command_injection_escape_operator, :string

#command_injection_escape_quote ⇒ String^?

The Command Injection escape quote character.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 194

attribute :command_injection_escape_quote, :string

#command_injection_terminator ⇒ String^?

The Command Injection terminator character.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 206

attribute :command_injection_terminator, :string

#cookie_param ⇒ String^?

The cookie param of the URL.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 80

attribute :cookie_param, :string

#created_at ⇒ Time (readonly)

Defines the created_at timestamp

Returns:

• (Time)

# File 'lib/ronin/db/web_vuln.rb', line 212

attribute :created_at, :datetime

#form_param ⇒ String^?

The form param of the URL.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 86

attribute :form_param, :string

#header_name ⇒ String^?

The header name string part of the URL.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 74

attribute :header_name, :string

#id ⇒ Integer

The primary key of the URL.

Returns:

• (Integer)

# File 'lib/ronin/db/web_vuln.rb', line 40

attribute :id, :integer

#lfi_depth ⇒ Integer^?

The LFI depth.

Returns:

• (Integer, nil)

# File 'lib/ronin/db/web_vuln.rb', line 124

attribute :lfi_depth, :integer

#lfi_filter_bypass ⇒ :null_byte, ...

The LFI filter bypass.

Returns:

• (:null_byte, :base64, :rot13, :zlib, nil)

# File 'lib/ronin/db/web_vuln.rb', line 130

enum lfi_filter_bypass: {
  null_byte: 'null_byte',
  base64:    'base64',
  rot13:     'rot13',
  zlib:      'zlib'
}, _prefix: true

#lfi_os ⇒ :unix, ...

The LFI os.

Returns:

• (:unix, :windows, nil)

# File 'lib/ronin/db/web_vuln.rb', line 115

enum lfi_os: {
  unix:    'unix',
  windows: 'windows'
}, _prefix: true

#query_param ⇒ String^?

The query param of the URL.

Returns:

• (String, nil)

# File 'lib/ronin/db/web_vuln.rb', line 68

attribute :query_param, :string

#request_method ⇒ "copy", ...

The request method for the URL.

Returns:

• ("copy", "delete", "get", "head", "lock", "mkcol", "move", "options", "patch", "post", "propfind", "proppatch", "put", "trace", "unlock")

# File 'lib/ronin/db/web_vuln.rb', line 93

enum request_method: {
  copy:      'COPY',
  delete:    'DELETE',
  get:       'GET',
  head:      'HEAD',
  lock:      'LOCK',
  mkcol:     'MKCOL',
  move:      'MOVE',
  options:   'OPTIONS',
  patch:     'PATCH',
  post:      'POST',
  propfind:  'PROPFIND',
  proppatch: 'PROPPATCH',
  put:       'PUT',
  trace:     'TRACE',
  unlock:    'UNLOCK'
}, _suffix: :request

#rfi_filter_bypass ⇒ :null_byte, ...

The RFI filter bypass.

Returns:

• (:null_byte, :double_encode, nil)

# File 'lib/ronin/db/web_vuln.rb', line 154

enum rfi_filter_bypass: {
  null_byte:     'null_byte',
  double_encode: 'double_encode'
}, _prefix: true

#rfi_script_lang ⇒ :asp, ...

The RFI script lang.

Returns:

• (:asp, :asp_net, :cold_fusion, :jsp, :php, :perl, nil)

# File 'lib/ronin/db/web_vuln.rb', line 141

enum rfi_script_lang: {
  asp:         'asp',
  asp_net:     'asp_net',
  cold_fusion: 'cold_fusion',
  jsp:         'jsp',
  php:         'php',
  perl:        'perl'
}, _prefix: true

#scheme ⇒ URL

The scheme of the URL.

Returns:

• (URL)

# File 'lib/ronin/db/web_vuln.rb', line 46

belongs_to :url, required:   true,
class_name: 'URL'

#sqli_escape_parens ⇒ Boolean^?

The SQLi escape parens.

Returns:

• (Boolean, nil)

# File 'lib/ronin/db/web_vuln.rb', line 182

attribute :sqli_escape_parens, :boolean

#sqli_escape_quote ⇒ Boolean^?

The SQLi escape quote.

Returns:

• (Boolean, nil)

# File 'lib/ronin/db/web_vuln.rb', line 176

attribute :sqli_escape_quote, :boolean

#sqli_terminate ⇒ Boolean^?

The SQLi terminate.

Returns:

• (Boolean, nil)

# File 'lib/ronin/db/web_vuln.rb', line 188

attribute :sqli_terminate, :boolean

#ssti_escape_type ⇒ :double_curly_braces, ...

The SSTI escape type.

Returns:

• (:double_curly_braces, :dollar_curly_braces, :dollar_double_curly_braces, :pound_curly_braces, :angle_brackets_percent, :custom, nil)

# File 'lib/ronin/db/web_vuln.rb', line 163

enum ssti_escape_type: {
  double_curly_braces:        'double_curly_braces',
  dollar_curly_braces:        'dollar_curly_braces',
  dollar_double_curly_braces: 'dollar_double_curly_braces',
  pound_curly_braces:         'pound_curly_braces',
  angle_brackets_percent:     'angle_brackets_percent',
  custom:                     'custom'
}, _prefix: true

#type ⇒ "lfi", ...

The type of vuln.

Returns:

• ("lfi", "rfi", "sqli", "ssti", "open_redirect", "reflected_xss", "command_injection")

# File 'lib/ronin/db/web_vuln.rb', line 53

enum type: {
  lfi:               'lfi',
  rfi:               'rfi',
  sqli:              'sqli',
  ssti:              'ssti',
  open_redirect:     'open_redirect',
  reflected_xss:     'reflected_xss',
  command_injection: 'command_injection'
}

Class Method Details

.for_domain(domain) ⇒ Array<WebVuln>

Queries all web vulnerabilities belonging to the given domain name.

Parameters:

• domain (String) —

  The domain to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 240

def self.for_domain(domain)
  joins(url: [:host_name]).merge(HostName.with_domain(domain))
end

.for_host(host_name) ⇒ Array<WebVuln>

Queries all web vulnerabilities belonging to the given host name.

Parameters:

• host_name (String) —

  The host name to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 223

def self.for_host(host_name)
  joins(url: [:host_name]).where(
    url: {
      ronin_host_names: {name: host_name}
    }
  )
end

.for_path(path) ⇒ Array<WebVuln>

Queries all web vulnerabilities with the matching URL path.

Parameters:

• path (String) —

  The URL path to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 253

def self.for_path(path)
  joins(:url).where(url: {path: path})
end

.with_cookie_param(name) ⇒ Array<WebVuln>

Queries all web vulnerabilities effecting the given cookie param name.

Parameters:

• name (String) —

  The cookie param name to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 305

def self.with_cookie_param(name)
  where(cookie_param: name)
end

.with_form_param(name) ⇒ Array<WebVuln>

Queries all web vulnerabilities effecting the given form param name.

Parameters:

• name (String) —

  The form param name to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 318

def self.with_form_param(name)
  where(form_param: name)
end

.with_header_name(name) ⇒ Array<WebVuln>

Queries all web vulnerabilities effecting the given header name.

Parameters:

• name (String) —

  The header name to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 292

def self.with_header_name(name)
  where(header_name: name)
end

.with_query_param(name) ⇒ Array<WebVuln>

Queries all web vulnerabilities effecting the given query param name.

Parameters:

• name (String) —

  The query param name to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 279

def self.with_query_param(name)
  where(query_param: name)
end

.with_request_method(request_method) ⇒ Array<WebVuln>

Queries all web vulnerabilities with the given request method.

Parameters:

• request_method (String) —

  The request method to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 331

def self.with_request_method(request_method)
  where(request_method: request_method)
end

.with_type(type) ⇒ Array<WebVuln>

Queries all web vulnerabilities of the given type.

Parameters:

• type (:lfi, :rfi, :sqli, :ssti, :open_redirect, :reflected_xss, :command_injection) —

  The web vulnerability type to search for.

Returns:

• (Array<WebVuln>) —

  The matching web vulnerabilities.

# File 'lib/ronin/db/web_vuln.rb', line 266

def self.with_type(type)
  where(type: type)
end

Instance Method Details

#param_validation ⇒ Object

Validates presence of at least one param fields.

# File 'lib/ronin/db/web_vuln.rb', line 338

def param_validation
  unless (query_param || header_name || cookie_param || form_param)
    self.errors.add(:base, "query_param, header_name, cookie_param or from_param must be present")
  end
end