Class: Ronin::Vulns::CLI::Commands::Rfi Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::Rfi
- Defined in:
- lib/ronin/vulns/cli/commands/rfi.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities.
Usage
ronin-vulns rfi [options] {URL ... | --input FILE}
Options
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
-H, --header "Name: value" Sets an additional header
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-all-query-params Test all URL query param names
--test-header-name NAME Tests the HTTP Header name
--test-cookie-param NAME Tests the HTTP Cookie name
--test-all-cookie-params Test all Cookie param names
--test-form-param NAME Tests the form param name
-i, --input FILE Reads URLs from the list file
-B double-encode|suffix-escape|null-byte,
--filter-bypass Optional filter-bypass strategy to use
-S asp|asp.net|coldfusion|jsp|php|perl,
--script-lang Explicitly specify the scripting language to test for
-T, --test-script-url URL Use an alternative test script URL
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Logging
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for RFI vulnerabilities.
-
#test_url(url, &block) ⇒ Vulns::RFI?
private
Tests a URL for RFI vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #process_url, #referer, #referer=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_header_names, #test_query_params, #test_query_params=
Methods included from Logging
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for RFI vulnerabilities.
118 119 120 |
# File 'lib/ronin/vulns/cli/commands/rfi.rb', line 118 def scan_url(url,&block) Vulns::RFI.scan(url,**scan_kwargs,&block) end |
#test_url(url, &block) ⇒ Vulns::RFI?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for RFI vulnerabilities.
131 132 133 |
# File 'lib/ronin/vulns/cli/commands/rfi.rb', line 131 def test_url(url,&block) Vulns::RFI.test(url,**scan_kwargs) end |