Class: Ronin::Vulns::CLI::Commands::Scan Private

Inherits:
WebVulnCommand show all
Defined in:
lib/ronin/vulns/cli/commands/scan.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Scans URL(s) for web vulnerabilities.

Usage

ronin-vulns scan [options] {URL ... | --input FILE}

Options

    --db NAME                    The database to connect to (Default: default)
    --db-uri URI                 The database URI to connect to
    --db-file PATH               The sqlite3 database file to use
    --import                     Imports discovered vulnerabilities into the database
    --first                      Only find the first vulnerability for each URL
-A, --all                        Find all vulnerabilities for each URL
    --print-curl                 Also prints an example curl command for each vulnerability
    --print-http                 Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
    --request-method             The HTTP request method to use
-H, --header "Name: value"       Sets an additional header
-U, --user-agent-string STRING   Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
    --user-agent                 Sets the User-Agent to use
-C, --cookie COOKIE              Sets the raw Cookie header
-c, --cookie-param NAME=VALUE    Sets an additional cookie param
-R, --referer URL                Sets the Referer header
-F, --form-param NAME=VALUE      Sets an additional form param
    --test-query-param NAME      Tests the URL query param name
    --test-header-names NAME     Tests the HTTP Header name
    --test-cookie-params NAME    Tests the HTTP Cookie name
    --test-form-params NAME      Tests the form param name
    --test-all-form-params       Test all form param names
-i, --input FILE                 Reads URLs from the list file
    --lfi-os unix|windows        Sets the OS to test for
    --lfi-depth COUNT            Sets the directory depth to escape up
    --lfi-filter-bypass null-byte|double-escape|base64|rot13|zlib
                                 Sets the filter bypass strategy to use
    --rfi-filter-bypass double-encode|suffix-escape|null-byte
                                 Optional filter-bypass strategy to use
    --rfi-script-lang asp|asp.net|coldfusion|jsp|php|perl
                                 Explicitly specify the scripting language to test for
    --rfi-test-script-url URL    Use an alternative test script URL
    --sqli-escape-quote          Escapes quotation marks
    --sqli-escape-parens         Escapes parenthesis
    --sqli-terminate             Terminates the SQL expression with a --
    --ssti-test-expr {X*Y | X/Z | X+Y | X-Y}
                                 Optional numeric test to use
    --open-redirect-url URL      Optional test URL to try to redirect to
-h, --help                       Print help information

Arguments

[URL ...]                        The URL(s) to scan

Constant Summary

Constants included from Printing

Printing::VULN_TYPES

Instance Attribute Summary

Attributes inherited from WebVulnCommand

#scan_kwargs, #scan_mode

Instance Method Summary collapse

Methods inherited from WebVulnCommand

#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=

Methods included from Importable

#import_vuln, included

Methods included from Printing

#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type

Constructor Details

This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand

Instance Method Details

#lfi_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the lfi: keyword.

Returns:

  • (Hash{Symbol => Object}) 


185
186
187
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 185

def lfi_kwargs
  scan_kwargs[:lfi] ||= {}
end

#open_redirect_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the open_redirect: keyword.

Returns:

  • (Hash{Symbol => Object}) 


225
226
227
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 225

def open_redirect_kwargs
  scan_kwargs[:open_redirect] ||= {}
end

#reflected_xss_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the reflected_xss: keyword.

Returns:

  • (Hash{Symbol => Object}) 


235
236
237
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 235

def reflected_xss_kwargs
  scan_kwargs[:reflected_xss] ||= {}
end

#rfi_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the rfi: keyword.

Returns:

  • (Hash{Symbol => Object}) 


195
196
197
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 195

def rfi_kwargs
  scan_kwargs[:rfi] ||= {}
end

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Scans a URL for all web vulnerabilities.

A LFI vulnerability discovered on the URL.

Parameters:

  • url (String)

    The URL to scan.

Yields:

  • (vuln)

    The given block will be passed each discovered web vulnerability.

Yield Parameters:



256
257
258
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 256

def scan_url(url,&block)
  Vulns::URLScanner.scan(url,**scan_kwargs,&block)
end

#sqli_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the sqli: keyword.

Returns:

  • (Hash{Symbol => Object}) 


205
206
207
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 205

def sqli_kwargs
  scan_kwargs[:sqli] ||= {}
end

#ssti_kwargsHash{Symbol => Object}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keyword arguments which will be passed to URLScanner.scan or URLScanner.test via the ssti: keyword.

Returns:

  • (Hash{Symbol => Object}) 


215
216
217
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 215

def ssti_kwargs
  scan_kwargs[:ssti] ||= {}
end

#test_url(url, &block) ⇒ Vulns::LFI, ...

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Tests a URL for any web vulnerabilities.

The first web vulnerability discovered on the URL.

Parameters:

  • url (String)

    The URL to test.

Returns:



274
275
276
 
# File 'lib/ronin/vulns/cli/commands/scan.rb', line 274

def test_url(url,&block)
  Vulns::URLScanner.test(url,**scan_kwargs)
end