Class: Ronin::Vulns::CLI::Commands::ReflectedXss Private

Inherits:

WebVulnCommand

• Object
• Core::CLI::Command
• Ronin::Vulns::CLI::Command
• WebVulnCommand
• Ronin::Vulns::CLI::Commands::ReflectedXss

Defined in:

lib/ronin/vulns/cli/commands/reflected_xss.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Scans URL(s) for Reflected Cross Site Scripting (XSS) vulnerabilities.

Usage

ronin-vulns reflected-xss [options] {URL ... | --input FILE}

Options

    --first                      Only find the first vulnerability for each URL
-A, --all                        Find all vulnerabilities for each URL
-H, --header "Name: value"       Sets an additional header
-C, --cookie COOKIE              Sets the raw Cookie header
-c, --cookie-param NAME=VALUE    Sets an additional cookie param
-R, --referer URL                Sets the Referer header
-F, --form-param NAME=VALUE      Sets an additional form param
    --test-query-param NAME      Tests the URL query param name
    --test-all-query-params      Test all URL query param names
    --test-header-name NAME      Tests the HTTP Header name
    --test-cookie-param NAME     Tests the HTTP Cookie name
    --test-all-cookie-params     Test all Cookie param names
    --test-form-param NAME       Tests the form param name
-i, --input FILE                 Reads URLs from the list file
-h, --help                       Print help information

Arguments

[URL ...]                        The URL(s) to scan

Constant Summary

Constants included from Logging

Logging::VULN_TYPES

Instance Attribute Summary

Attributes inherited from WebVulnCommand

#scan_kwargs, #scan_mode

Instance Method Summary

• #scan_url(url) {|vuln| ... } ⇒ Object private

  Scans a URL for Reflected XSS vulnerabilities.

• #test_url(url, &block) ⇒ Vulns::ReflectedXSS^? private

  Tests a URL for Reflected XSS vulnerabilities.

Methods inherited from WebVulnCommand

#cookie, #form_data, #headers, #initialize, #process_url, #referer, #referer=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_header_names, #test_query_params, #test_query_params=

Methods included from Logging

#log_vuln, #vuln_type

Constructor Details

This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand

Instance Method Details

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Scans a URL for Reflected XSS vulnerabilities.

Parameters:

• url (String) —

  The URL to scan.

Yields:

• (vuln) —

  The given block will be passed each discovered Reflected XSS vulnerability.

Yield Parameters:

• vuln (Vulns::ReflectedXSS) —

  A Reflected XSS vulnerability discovered on the URL.

# File 'lib/ronin/vulns/cli/commands/reflected_xss.rb', line 78

def scan_url(url,&block)
  Vulns::ReflectedXSS.scan(url,**scan_kwargs,&block)
end

#test_url(url, &block) ⇒ Vulns::ReflectedXSS^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Tests a URL for Reflected XSS vulnerabilities.

Parameters:

• url (String) —

  The URL to test.

Returns:

• (Vulns::ReflectedXSS, nil) —

  The first Reflected XSS vulnerability discovered on the URL.

# File 'lib/ronin/vulns/cli/commands/reflected_xss.rb', line 91

def test_url(url,&block)
  Vulns::ReflectedXSS.test(url,**scan_kwargs)
end