Class: Ronin::Vulns::CLI::Commands::Rfi Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::Rfi
- Defined in:
- lib/ronin/vulns/cli/commands/rfi.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for Remote File Inclusion (RFI) vulnerabilities.
Usage
ronin-vulns rfi [options] {URL ... | --input FILE}
Options
--db NAME The database to connect to (Default: default)
--db-uri URI The database URI to connect to
--db-file PATH The sqlite3 database file to use
--import Imports discovered vulnerabilities into the database
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
--print-curl Also prints an example curl command for each vulnerability
--print-http Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
--request-method The HTTP request method to use
-H, --header "Name: value" Sets an additional header
-U, --user-agent-string STRING Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
--user-agent Sets the User-Agent to use
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-all-query-params Test all URL query param names
--test-header-name NAME Tests the HTTP Header name
--test-cookie-param NAME Tests the HTTP Cookie name
--test-all-cookie-params Test all Cookie param names
--test-form-param NAME Tests the form param name
--test-all-form-params Test all form param names
-i, --input FILE Reads URLs from the list file
-B double-encode|suffix-escape|null-byte,
--filter-bypass Optional filter-bypass strategy to use
-S asp|asp.net|coldfusion|jsp|php|perl,
--script-lang Explicitly specify the scripting language to test for
-T, --test-script-url URL Use an alternative test script URL
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Printing
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for RFI vulnerabilities.
-
#test_url(url, &block) ⇒ Vulns::RFI?
private
Tests a URL for RFI vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=
Methods included from Importable
Methods included from Printing
#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for RFI vulnerabilities.
130 131 132 |
# File 'lib/ronin/vulns/cli/commands/rfi.rb', line 130 def scan_url(url,&block) Vulns::RFI.scan(url,**scan_kwargs,&block) end |
#test_url(url, &block) ⇒ Vulns::RFI?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for RFI vulnerabilities.
143 144 145 |
# File 'lib/ronin/vulns/cli/commands/rfi.rb', line 143 def test_url(url,&block) Vulns::RFI.test(url,**scan_kwargs) end |