Class: Ronin::Exploits::CLI::Commands::Show Private

Inherits:
ExploitCommand show all
Includes:
CommandKit::Printing::Fields, Core::CLI::Printing::Arch, Core::CLI::Printing::Metadata, Core::CLI::Printing::OS, Core::CLI::Printing::Params, Payloads::CLI::Printing
Defined in:
lib/ronin/exploits/cli/commands/show.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Prints information about an exploit.

Usage

ronin-exploits show [options] {NAME | --file FILE}

Options

-f, --file FILE                  The exploit file to load
-v, --verbose                    Enables verbose output
-h, --help                       Print help information

Arguments

[NAME]                           The exploit name to load

Constant Summary collapse

EXPLOIT_TYPES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Known exploit types and their printable names.

{
  exploit: 'Custom',

  # memory corruption exploits
  memory_corruption: 'Memory Corruption',
  stack_overflow:    'Stack Overflow',
  seh_overflow:      'SEH Overflow',
  heap_overflow:     'Heap Overflow',
  use_after_free:    'Use After Free',

  # web exploits
  web:  'Web',
  lfi:  'Local File Inclusion (LFI)',
  rfi:  'Remote File Inclusion (RFI)',
  sqli: 'SQL injection (SQLI)',
  xss:  'Cross-Site Scripting (XSS)',
  open_redirect: 'Open Redirect',
  ssti: 'Server-Side Template Injection (SSTI)'
}

Instance Attribute Summary

Attributes inherited from ExploitCommand

#exploit, #exploit_class

Instance Method Summary collapse

Methods inherited from ExploitCommand

#initialize_exploit, #load_exploit, #load_exploit_from, #validate_exploit

Methods included from ExploitMethods

#initialize_exploit, #load_exploit, #load_exploit_from, #validate_exploit

Instance Method Details

#example_run_command(exploit) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Builds an example ronin-exploits run command for the exploit.

Parameters:

Returns:

  • (String)

    The example ronin-exploits run command.

Since:

  • 0.2.0



314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 314

def example_run_command(exploit)
  command = ['ronin-exploits', 'run']

  if options[:file]
    command << '-f' << options[:file]
  else
    command << exploit.id
  end

  exploit.params.each_value do |param|
    if param.required? && !param.default
      command << '-p' << "#{param.name}=#{param_usage(param)}"
    end
  end

  return command.join(' ')
end

#exploit_type(exploit_class) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the printable exploit type for the exploit class.

Parameters:

Returns:

  • (String) 


234
235
236
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 234

def exploit_type(exploit_class)
  EXPLOIT_TYPES.fetch(exploit_class.exploit_type,'unknown')
end

#print_advisories(exploit) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints any advisories defined by an exploit class.

Parameters:

  • exploit (Class<Exploit>)

    The loaded exploit class.



180
181
182
183
184
185
186
187
188
189
190
191
192
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 180

def print_advisories(exploit)
  unless exploit.advisories.empty?
    puts "Advisories:"
    puts

    indent do
      exploit.advisories.each do |advisory|
        print_advisory(advisory)
      end
    end
    puts
  end
end

#print_advisory(advisory) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints an advisory.

Parameters:

  • advisory (Advisory)

    The advisory to print.



244
245
246
247
248
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 244

def print_advisory(advisory)
  if advisory.url then puts "* #{advisory.id} (#{advisory.url})"
  else                 puts "* #{advisory.id}"
  end
end

#print_exploit(exploit) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints the exploit class'es metadata.

Parameters:

  • exploit (Class<Exploit>)

    The loaded exploit class.



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 86

def print_exploit(exploit)
  puts "[ #{exploit.id} ]"
  puts

  indent do
    print_metadata(exploit)
    print_advisories(exploit)
    print_authors(exploit)
    print_description(exploit)
    print_references(exploit)

    if defined?(Mixins::HasTargets) &&
       exploit.include?(Mixins::HasTargets)
      unless exploit.targets.empty?
        exploit.targets.each_with_index do |target,index|
          puts "[ Target ##{index + 1} ]"
          puts

          indent { print_target(target) }
        end
      end
    end

    print_shouts(exploit)
  end

  print_params(exploit)
  print_exploit_usage(exploit)
end

#print_exploit_usage(exploit) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints an example ronin-exploits run command for the exploit.

Parameters:

Since:

  • 0.2.0



297
298
299
300
301
302
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 297

def print_exploit_usage(exploit)
  puts "Usage:"
  puts
  puts "  $ #{example_run_command(exploit)}"
  puts
end

#print_metadata(exploit) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Print the main metadata fields for the exploit.

Parameters:

  • exploit (Class<Exploit>)

    The loaded exploit class.



122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 122

def print_metadata(exploit)
  fields = {
    'Type' => exploit_type(exploit)
  }

  if defined?(Core::Metadata::Version) &&
     exploit.include?(Core::Metadata::Version)
    fields['Version'] = exploit.version if exploit.version
  end

  fields['Quality']   = exploit.quality if exploit.quality
  fields['Released']  = exploit.release_date if exploit.release_date
  fields['Disclosed'] = exploit.disclosure_date if exploit.disclosure_date

  if defined?(Metadata::Arch) && exploit.include?(Metadata::Arch)
    if (arch = target.arch)
      fields['Arch'] = arch
    end
  end

  if defined?(Metadata::OS) && exploit.include?(Metadata::OS)
    if (os = exploit.os)
      fields['OS'] = if (os_version = exploit.os_version)
                       "#{os} #{os_version}"
                     else
                       os
                     end
    end
  end

  if (software = exploit.software)
    fields['Software'] = software
  end

  if (versions = exploit.software_versions)
    case versions
    when Array
      fields['Software Versions'] = versions.join(', ')
    when Range
      fields['Software Versions'] = "#{versions.begin} - #{versions.end}"
    end
  end

  if defined?(Mixins::HasPayload) &&
     exploit.include?(Mixins::HasPayload)
    fields['Payload Type'] = payload_type(exploit.payload_class)
  end

  fields['Summary'] = exploit.summary if exploit.summary
  print_fields(fields)
end

#print_shouts(exploit) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints the shouts section.

Parameters:

  • exploit (Class<Exploit>)

    The loaded exploit class.



200
201
202
203
204
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 200

def print_shouts(exploit)
  if defined?(Metadata::Shouts) && exploit.include?(Metadata::Shouts)
    puts "Shouts: #{exploit.shouts.join(', ')}"
  end
end

#print_target(target) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints an exploit target.

Parameters:

  • target (Target)

    A target defined on the exploit.



256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 256

def print_target(target)
  fields = {}

  fields['Arch'] = target.arch if target.arch

  if target.os
    fields['OS'] = if target.os_version
                     "#{target.os} #{target.os_version}"
                   else
                     target.os
                   end
  end

  if target.software
    fields['Software'] = if target.version
                           "#{target.software} #{target.version}"
                         else
                           target.software
                         end
  end

  print_fields(fields)

  if verbose?
    unless target.empty?
      puts "Params:"

      indent { print_fields(target.to_h) }
    end
  end

  puts
end

#run(name = nil) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Runs the ronin-exploits show command.

Parameters:

  • name (String) (defaults to: nil)

    The optional name of the exploit to load and print metadata about.



74
75
76
77
78
 
# File 'lib/ronin/exploits/cli/commands/show.rb', line 74

def run(name=nil)
  super(name)

  print_exploit(exploit_class)
end