Class: Ronin::Vulns::CLI::Commands::OpenRedirect Private

Inherits:

WebVulnCommand

• Object
• Core::CLI::Command
• Ronin::Vulns::CLI::Command
• WebVulnCommand
• Ronin::Vulns::CLI::Commands::OpenRedirect

Defined in:

lib/ronin/vulns/cli/commands/open_redirect.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Scans URL(s) for Open Redirect vulnerabilities.

Usage

ronin-vulns open-redirect [options] {URL ... | --input FILE}

Options

    --first                      Only find the first vulnerability for each URL
-A, --all                        Find all vulnerabilities for each URL
-H, --header "Name: value"       Sets an additional header
-C, --cookie COOKIE              Sets the raw Cookie header
-c, --cookie-param NAME=VALUE    Sets an additional cookie param
-R, --referer URL                Sets the Referer header
-F, --form-param NAME=VALUE      Sets an additional form param
    --test-query-param NAME      Tests the URL query param name
    --test-all-query-params      Test all URL query param names
    --test-header-name NAME      Tests the HTTP Header name
    --test-cookie-param NAME     Tests the HTTP Cookie name
    --test-all-cookie-params     Test all Cookie param names
    --test-form-param NAME       Tests the form param name
-i, --input FILE                 Reads URLs from the list file
-T, --test-url URL               Optional test URL to try to redirect to
-h, --help                       Print help information

Arguments

[URL ...]                        The URL(s) to scan

Constant Summary

Constants included from Logging

Logging::VULN_TYPES

Instance Attribute Summary

Attributes inherited from WebVulnCommand

#scan_kwargs, #scan_mode

Instance Method Summary

• #scan_url(url) {|vuln| ... } ⇒ Object private

  Scans a URL for Open Redirect vulnerabilities.

• #test_url(url, &block) ⇒ Vulns::OpenRedirect^? private

  Tests a URL for Open Redirect vulnerabilities.

Methods inherited from WebVulnCommand

#cookie, #form_data, #headers, #initialize, #process_url, #referer, #referer=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_header_names, #test_query_params, #test_query_params=

Methods included from Logging

#log_vuln, #vuln_type

Constructor Details

This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand

Instance Method Details

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Scans a URL for Open Redirect vulnerabilities.

Parameters:

• url (String) —

  The URL to scan.

Yields:

• (vuln) —

  The given block will be passed each discovered OpenRedirect vulnerability.

Yield Parameters:

• vuln (Vulns::OpenRedirect) —

  A OpenRedirect vulnerability discovered on the URL.

# File 'lib/ronin/vulns/cli/commands/open_redirect.rb', line 88

def scan_url(url,&block)
  Vulns::OpenRedirect.scan(url,**scan_kwargs,&block)
end

#test_url(url, &block) ⇒ Vulns::OpenRedirect^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Tests a URL for Open Redirect vulnerabilities.

Parameters:

• url (String) —

  The URL to test.

Returns:

• (Vulns::OpenRedirect, nil) —

  The first Open Redirect vulnerability discovered on the URL.

# File 'lib/ronin/vulns/cli/commands/open_redirect.rb', line 101

def test_url(url,&block)
  Vulns::OpenRedirect.test(url,**scan_kwargs)
end