Class: Ronin::Vulns::CLI::Commands::Scan Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::Scan
- Defined in:
- lib/ronin/vulns/cli/commands/scan.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for web vulnerabilities.
Usage
ronin-vulns scan [options] {URL ... | --input FILE}
Options
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
-H, --header "Name: value" Sets an additional header
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-header-names NAME Tests the HTTP Header name
--test-cookie-params NAME Tests the HTTP Cookie name
--test-form-params NAME Tests the form param name
-i, --input FILE Reads URLs from the list file
--lfi-os unix|windows Sets the OS to test for
--lfi-depth COUNT Sets the directory depth to escape up
--lfi-filter-bypass null_byte|double_escape|base64|rot13|zlib
Sets the filter bypass strategy to use
--rfi-filter-bypass double-encode|suffix-escape|null-byte
Optional filter-bypass strategy to use
--rfi-script-lang asp|asp.net|coldfusion|jsp|php|perl
Explicitly specify the scripting language to test for
--rfi-test-script-url URL Use an alternative test script URL
--sqli-escape-quote Escapes quotation marks
--sqli-escape-parens Escapes parenthesis
--sqli-terminate Terminates the SQL expression with a --
--ssti-test-expr {X*Y | X/Z | X+Y | X-Y}
Optional numeric test to use
--open-redirect-url URL Optional test URL to try to redirect to
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Logging
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#lfi_kwargs ⇒ Hash{Symbol => Object}
private
Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the
lfi:
keyword. -
#open_redirect_kwargs ⇒ Hash{Symbol => Object}
private
Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the
open_redirect:
keyword. -
#reflected_xss_kwargs ⇒ Hash{Symbol => Object}
private
Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the
reflected_xss:
keyword. -
#rfi_kwargs ⇒ Hash{Symbol => Object}
private
Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the
rfi:
keyword. -
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for all web vulnerabilities.
-
#sqli_kwargs ⇒ Hash{Symbol => Object}
private
Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the
sqli:
keyword. -
#ssti_kwargs ⇒ Hash{Symbol => Object}
private
Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the
ssti:
keyword. -
#test_url(url, &block) ⇒ Vulns::LFI, ...
private
Tests a URL for any web vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #process_url, #referer, #referer=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_header_names, #test_query_params, #test_query_params=
Methods included from Logging
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#lfi_kwargs ⇒ Hash{Symbol => Object}
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Keyword arguments which will be passed to URLScanner.scan or
URLScanner.test via the lfi:
keyword.
173 174 175 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 173 def lfi_kwargs scan_kwargs[:lfi] ||= {} end |
#open_redirect_kwargs ⇒ Hash{Symbol => Object}
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Keyword arguments which will be passed to URLScanner.scan or
URLScanner.test via the open_redirect:
keyword.
213 214 215 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 213 def open_redirect_kwargs scan_kwargs[:open_redirect] ||= {} end |
#reflected_xss_kwargs ⇒ Hash{Symbol => Object}
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Keyword arguments which will be passed to URLScanner.scan or
URLScanner.test via the reflected_xss:
keyword.
223 224 225 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 223 def reflected_xss_kwargs scan_kwargs[:reflected_xss] ||= {} end |
#rfi_kwargs ⇒ Hash{Symbol => Object}
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Keyword arguments which will be passed to URLScanner.scan or
URLScanner.test via the rfi:
keyword.
183 184 185 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 183 def rfi_kwargs scan_kwargs[:rfi] ||= {} end |
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for all web vulnerabilities.
A LFI vulnerability discovered on the URL.
244 245 246 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 244 def scan_url(url,&block) Vulns::URLScanner.scan(url,**scan_kwargs,&block) end |
#sqli_kwargs ⇒ Hash{Symbol => Object}
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Keyword arguments which will be passed to URLScanner.scan or
URLScanner.test via the sqli:
keyword.
193 194 195 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 193 def sqli_kwargs scan_kwargs[:sqli] ||= {} end |
#ssti_kwargs ⇒ Hash{Symbol => Object}
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Keyword arguments which will be passed to URLScanner.scan or
URLScanner.test via the ssti:
keyword.
203 204 205 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 203 def ssti_kwargs scan_kwargs[:ssti] ||= {} end |
#test_url(url, &block) ⇒ Vulns::LFI, ...
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for any web vulnerabilities.
The first web vulnerability discovered on the URL.
262 263 264 |
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 262 def test_url(url,&block) Vulns::URLScanner.test(url,**scan_kwargs) end |