Class: Ronin::Exploits::CLI::Commands::New Private

Inherits:

Ronin::Exploits::CLI::Command

• Object
• Core::CLI::Command
• Ronin::Exploits::CLI::Command
• Ronin::Exploits::CLI::Commands::New

Includes:

Core::CLI::Generator, Core::CLI::Generator::Options::Author, Core::CLI::Generator::Options::Description, Core::CLI::Generator::Options::Reference, Core::CLI::Generator::Options::Summary, Payloads::CLI::Generator

Defined in:

lib/ronin/exploits/cli/commands/new.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Creates a new exploit file.

Usage

ronin-exploit new [options] FILE

Options

-t exploit|heap-overflow|stack-overflow|command-injection|web|open-redirect|lfi|rfi|sqli|ssti|xss,
    --type                       The type for the new exploit
-a, --author NAME                The name of the author
-e, --author-email EMAIL         The email address of the author
-s, --summary TEXT               One sentence summary
-d, --description TEXT           A longer description
-I CVE-YYYY-NNNN|GHSA-XXXXX|..., Add the advisory ID to the exploit
    --advisory-id
-R, --reference URL              Adds a reference URL
-P payload|asm|shellcode|c|command|shell|powershell|html|javascript|typpescript|java|sql|php|nodejs,
    --has-payload                The payload type the exploit uses
-N remote_tcp|remote_udp|http,   The networking mixin to use
    --networking
-A x86|x86-64|amd64|ia64|ppc|ppc64|arm|armbe|arm64|arm64be|mips|mipsle|mips64|mips64le,
    --arch                       The architecture to target
-O linux|macos|windows|freebsd|openbsd|netbsd,
    --os                         The Operating System (OS) to target
    --os-version VERSION         The OS version to target
-S, --software NAME              The software to target
-V, --software-version VERSION   The software version to target
-L, --loot                       Adds the loot mixin
-h, --help                       Print help information

Arguments

FILE                             The path to the new exploit file.

Constant Summary

EXPLOIT_TYPES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Mapping of exploit types and their file/class names.

{
  exploit: {
    file:  'exploit',
    class: 'Exploit'
  },

  "heap-overflow": {
    file:  'heap_overflow',
    class: 'HeapOverflow'
  },

  "stack-overflow": {
    file:  'stack_overflow',
    class: 'StackOverflow'
  },

  "seh-overflow": {
    file:  'seh_overflow',
    class: 'SEHOverflow'
  },

  "user-after-free": {
    file:  'use_after_free',
    class: 'UseAfterFree'
  },

  "command-injection": {
    file:  'command_injection',
    class: 'CommandInjection'
  },

  web: {
    file:  'web',
    class: 'Web'
  },

  "open-redirect": {
    file:  'open_redirect',
    class: 'OpenRedirect'
  },

  lfi: {
    file:  'lfi',
    class: 'LFI'
  },

  rfi: {
    file:  'rfi',
    class: 'RFI'
  },

  sqli: {
    file:  'sqli',
    class: 'SQLI'
  },

  ssti: {
    file:  'ssti',
    class: 'SSTI'
  },

  xss: {
    file:  'xss',
    class: 'XSS'
  }
}

NETWORKING_TYPES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Mapping of network mixins and their file/module names.

{
  "remote-tcp": {
    file:   'remote_tcp',
    module: 'RemoteTCP'
  },

  "remote-udp": {
    file:   'remote_udp',
    module: 'RemoteUDP'
  },

  http: {
    file:   'http',
    module: 'HTTP'
  }
}

WEB_VULN_EXPLOITS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Web exploit class names.

%w[OpenRedirect LFI RFI SQLI SSTI XSS]

Instance Method Summary

• #format_kwargs(kwargs) ⇒ String private

  Formats a Hash into Ruby keyword arguments.

• #initialize(**kwargs) ⇒ New constructor private

  Initializes the ronin-exploits new command.

• #run(file) ⇒ Object private

  Runs the ronin-exploits new command.

• #seh_overflow_exploit? ⇒ Boolean private

  Determines if the exploit type is seh_overflow.

• #stack_overflow_exploit? ⇒ Boolean private

  Determines if the exploit type is stack_overflow.

• #web_vuln_exploit? ⇒ Boolean private

  Determines if the exploit type is a web vuln exploit.

Constructor Details

#initialize(**kwargs) ⇒ New

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the ronin-exploits new command.

Parameters:

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments.

# File 'lib/ronin/exploits/cli/commands/new.rb', line 282

def initialize(**kwargs)
  super(**kwargs)

  @exploit_type = EXPLOIT_TYPES.fetch(:exploit)
  @advisories   = []
end

Instance Method Details

#format_kwargs(kwargs) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Formats a Hash into Ruby keyword arguments.

Parameters:

• kwargs (Hash{Symbol => Object})

Returns:

• (String)

# File 'lib/ronin/exploits/cli/commands/new.rb', line 313

def format_kwargs(kwargs)
  kwargs.map { |key,value|
    "#{key}: #{value.inspect}"
  }.join(', ')
end

#run(file) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Runs the ronin-exploits new command.

Parameters:

• file (String) —

  The path to the new exploit file.

# File 'lib/ronin/exploits/cli/commands/new.rb', line 295

def run(file)
  @directory  = File.dirname(file)
  @file_name  = File.basename(file,File.extname(file))
  @class_name = CommandKit::Inflector.camelize(@file_name)

  mkdir @directory unless @directory == '.'

  erb "exploit.rb.erb", file
  chmod '+x', file
end

#seh_overflow_exploit? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Determines if the exploit type is seh_overflow.

Returns:

• (Boolean)

# File 'lib/ronin/exploits/cli/commands/new.rb', line 336

def seh_overflow_exploit?
  @exploit_type[:class] == 'SEHOverflow'
end

#stack_overflow_exploit? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Determines if the exploit type is stack_overflow.

Returns:

• (Boolean)

# File 'lib/ronin/exploits/cli/commands/new.rb', line 327

def stack_overflow_exploit?
  @exploit_type[:class] == 'StackOverflow'
end

#web_vuln_exploit? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Determines if the exploit type is a web vuln exploit.

Returns:

• (Boolean)

# File 'lib/ronin/exploits/cli/commands/new.rb', line 345

def web_vuln_exploit?
  WEB_VULN_EXPLOITS.include?(@exploit_type[:class])
end