Class: Ronin::Vulns::CLI::Commands::Lfi Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::Lfi
- Defined in:
- lib/ronin/vulns/cli/commands/lfi.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for Local File Inclusion (LFI) vulnerabilities
Usage
ronin-vulns lfi [options] {URL ... | --input FILE}
Options
--db NAME The database to connect to (Default: default)
--db-uri URI The database URI to connect to
--db-file PATH The sqlite3 database file to use
--import Imports discovered vulnerabilities into the database
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
--print-curl Also prints an example curl command for each vulnerability
--print-http Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
--request-method The HTTP request method to use
-H, --header "Name: value" Sets an additional header
-U, --user-agent-string STRING Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
--user-agent Sets the User-Agent to use
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-all-query-params Test all URL query param names
--test-header-name NAME Tests the HTTP Header name
--test-cookie-param NAME Tests the HTTP Cookie name
--test-all-cookie-params Test all Cookie param names
--test-form-param NAME Tests the form param name
--test-all-form-params Test all form param names
-i, --input FILE Reads URLs from the list file
-O, --os unix|windows Sets the OS to test for
-D, --depth COUNT Sets the directory depth to escape up
-B null-byte|double-escape|base64|rot13|zlib,
--filter-bypass Sets the filter bypass strategy to use
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Printing
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for LFI vulnerabilities.
-
#test_url(url, &block) ⇒ Vulns::LFI?
private
Tests a URL for LFI vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=
Methods included from Importable
Methods included from Printing
#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for LFI vulnerabilities.
124 125 126 |
# File 'lib/ronin/vulns/cli/commands/lfi.rb', line 124 def scan_url(url,&block) Vulns::LFI.scan(url,**scan_kwargs,&block) end |
#test_url(url, &block) ⇒ Vulns::LFI?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for LFI vulnerabilities.
137 138 139 |
# File 'lib/ronin/vulns/cli/commands/lfi.rb', line 137 def test_url(url,&block) Vulns::LFI.test(url,**scan_kwargs) end |