Class: Ronin::Vulns::CLI::Commands::ReflectedXss Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::ReflectedXss
- Defined in:
- lib/ronin/vulns/cli/commands/reflected_xss.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities.
Usage
ronin-vulns reflected-xss [options] {URL ... | --input FILE}
Options
--db NAME The database to connect to (Default: default)
--db-uri URI The database URI to connect to
--db-file PATH The sqlite3 database file to use
--import Imports discovered vulnerabilities into the database
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
--print-curl Also prints an example curl command for each vulnerability
--print-http Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
--request-method The HTTP request method to use
-H, --header "Name: value" Sets an additional header
-U, --user-agent-string STRING Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
--user-agent Sets the User-Agent to use
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-all-query-params Test all URL query param names
--test-header-name NAME Tests the HTTP Header name
--test-cookie-param NAME Tests the HTTP Cookie name
--test-all-cookie-params Test all Cookie param names
--test-form-param NAME Tests the form param name
--test-all-form-params Test all form param names
-i, --input FILE Reads URLs from the list file
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Printing
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for Reflected XSS vulnerabilities.
-
#test_url(url, &block) ⇒ Vulns::ReflectedXSS?
private
Tests a URL for Reflected XSS vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=
Methods included from Importable
Methods included from Printing
#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for Reflected XSS vulnerabilities.
90 91 92 |
# File 'lib/ronin/vulns/cli/commands/reflected_xss.rb', line 90 def scan_url(url,&block) Vulns::ReflectedXSS.scan(url,**scan_kwargs,&block) end |
#test_url(url, &block) ⇒ Vulns::ReflectedXSS?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for Reflected XSS vulnerabilities.
103 104 105 |
# File 'lib/ronin/vulns/cli/commands/reflected_xss.rb', line 103 def test_url(url,&block) Vulns::ReflectedXSS.test(url,**scan_kwargs) end |