Class: Ronin::Vulns::CLI::Commands::CommandInjection Private

Inherits:
WebVulnCommand show all
Defined in:
lib/ronin/vulns/cli/commands/command_injection.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Scans URL(s) for Command Injection vulnerabilities.

Usage

ronin-vulns command-injection [options] {URL ... | --input FILE}

Options

    --db NAME                    The database to connect to (Default: default)
    --db-uri URI                 The database URI to connect to
    --db-file PATH               The sqlite3 database file to use
    --import                     Imports discovered vulnerabilities into the database
    --first                      Only find the first vulnerability for each URL
-A, --all                        Find all vulnerabilities for each URL
    --print-curl                 Also prints an example curl command for each vulnerability
    --print-http                 Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
    --request-method             The HTTP request method to use
-H, --header "Name: value"       Sets an additional header
-U, --user-agent-string STRING   Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
    --user-agent                 Sets the User-Agent to use
-C, --cookie COOKIE              Sets the raw Cookie header
-c, --cookie-param NAME=VALUE    Sets an additional cookie param
-R, --referer URL                Sets the Referer header
-F, --form-param NAME=VALUE      Sets an additional form param
    --test-query-param NAME      Tests the URL query param name
    --test-all-query-params      Test all URL query param names
    --test-header-name NAME      Tests the HTTP Header name
    --test-cookie-param NAME     Tests the HTTP Cookie name
    --test-all-cookie-params     Test all Cookie param names
    --test-form-param NAME       Tests the form param name
-i, --input FILE                 Reads URLs from the list file
-Q, --escape-quote CHAR          The string quotation character to use to escape the command
-O, --escape-operator CHAR       The command operator character to use to escape the command
-T, --terminator CHAR            The command termination character to use
-h, --help                       Print help information

Arguments

[URL ...]                        The URL(s) to scan

Since:

  • 0.2.0

Constant Summary collapse

CHAR_REGEX =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Regex for matching a single CHAR option value.

Since:

  • 0.2.0

/./

Constants included from Printing

Printing::VULN_TYPES

Instance Attribute Summary

Attributes inherited from WebVulnCommand

#scan_mode

Instance Method Summary collapse

Methods inherited from WebVulnCommand

#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=

Methods included from Importable

#import_vuln, included

Methods included from Printing

#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type

Constructor Details

This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand

Instance Method Details

#scan_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments for Vulns::CommandInjection.scan and Vulns::CommandInjection.test.

Returns:

  • (Hash{Symbol => Object})

Since:

  • 0.2.0



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
 
# File 'lib/ronin/vulns/cli/commands/command_injection.rb', line 111

def scan_kwargs
  kwargs = super()

  if options[:escape_quote]
    kwargs[:escape_quote] = options[:escape_quote]
  end

  if options[:escape_operator]
    kwargs[:escape_operator] = options[:escape_operator]
  end

  if options[:terminator]
    kwargs[:terminator] = options[:terminator]
  end

  return kwargs
end

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Scans a URL for Command Injection vulnerabilities.

Parameters:

  • url (String)

    The URL to scan.

Yields:

  • (vuln)

    The given block will be passed each discovered Command Injection vulnerability.

Yield Parameters:

Since:

  • 0.2.0



142
143
144
 
# File 'lib/ronin/vulns/cli/commands/command_injection.rb', line 142

def scan_url(url,&block)
  Vulns::CommandInjection.scan(url,**scan_kwargs,&block)
end

#test_url(url, &block) ⇒ Vulns::CommandInjection?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Tests a URL for Command Injection vulnerabilities.

Parameters:

  • url (String)

    The URL to test.

Returns:

Since:

  • 0.2.0



155
156
157
 
# File 'lib/ronin/vulns/cli/commands/command_injection.rb', line 155

def test_url(url,&block)
  Vulns::CommandInjection.test(url,**scan_kwargs)
end