Class: Ronin::Vulns::CLI::Commands::ReflectedXss Private

Inherits:
WebVulnCommand show all
Defined in:
lib/ronin/vulns/cli/commands/reflected_xss.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities.

Usage

ronin-vulns reflected-xss [options] {URL ... | --input FILE}

Options

    --db NAME                    The database to connect to (Default: default)
    --db-uri URI                 The database URI to connect to
    --db-file PATH               The sqlite3 database file to use
    --import                     Imports discovered vulnerabilities into the database
    --first                      Only find the first vulnerability for each URL
-A, --all                        Find all vulnerabilities for each URL
    --print-curl                 Also prints an example curl command for each vulnerability
    --print-http                 Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
    --request-method             The HTTP request method to use
-H, --header "Name: value"       Sets an additional header
-U, --user-agent-string STRING   Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
    --user-agent                 Sets the User-Agent to use
-C, --cookie COOKIE              Sets the raw Cookie header
-c, --cookie-param NAME=VALUE    Sets an additional cookie param
-R, --referer URL                Sets the Referer header
-F, --form-param NAME=VALUE      Sets an additional form param
    --test-query-param NAME      Tests the URL query param name
    --test-all-query-params      Test all URL query param names
    --test-header-name NAME      Tests the HTTP Header name
    --test-cookie-param NAME     Tests the HTTP Cookie name
    --test-all-cookie-params     Test all Cookie param names
    --test-form-param NAME       Tests the form param name
    --test-all-form-params       Test all form param names
-i, --input FILE                 Reads URLs from the list file
-h, --help                       Print help information

Arguments

[URL ...]                        The URL(s) to scan

Constant Summary

Constants included from Printing

Printing::VULN_TYPES

Instance Attribute Summary

Attributes inherited from WebVulnCommand

#scan_kwargs, #scan_mode

Instance Method Summary collapse

Methods inherited from WebVulnCommand

#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=

Methods included from Importable

#import_vuln, included

Methods included from Printing

#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type

Constructor Details

This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand

Instance Method Details

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Scans a URL for Reflected XSS vulnerabilities.

Parameters:

  • url (String)

    The URL to scan.

Yields:

  • (vuln)

    The given block will be passed each discovered Reflected XSS vulnerability.

Yield Parameters:



90
91
92
# File 'lib/ronin/vulns/cli/commands/reflected_xss.rb', line 90

def scan_url(url,&block)
  Vulns::ReflectedXSS.scan(url,**scan_kwargs,&block)
end

#test_url(url, &block) ⇒ Vulns::ReflectedXSS?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Tests a URL for Reflected XSS vulnerabilities.

Parameters:

  • url (String)

    The URL to test.

Returns:



103
104
105
# File 'lib/ronin/vulns/cli/commands/reflected_xss.rb', line 103

def test_url(url,&block)
  Vulns::ReflectedXSS.test(url,**scan_kwargs)
end