Class: Ronin::Vulns::CLI::Commands::Sqli Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::Sqli
- Defined in:
- lib/ronin/vulns/cli/commands/sqli.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for SQL injection (SQLi) vulnerabilities.
Usage
ronin-vulns sqli [options] {URL ... | --input FILE}
Options
--db NAME The database to connect to (Default: default)
--db-uri URI The database URI to connect to
--db-file PATH The sqlite3 database file to use
--import Imports discovered vulnerabilities into the database
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
--print-curl Also prints an example curl command for each vulnerability
--print-http Also prints an example HTTP request for each vulnerability
-M COPY|DELETE|GET|HEAD|LOCK|MKCOL|MOVE|OPTIONS|PATCH|POST|PROPFIND|PROPPATCH|PUT|TRACE|UNLOCK,
--request-method The HTTP request method to use
-H, --header "Name: value" Sets an additional header
-U, --user-agent-string STRING Sets the User-Agent header
-u chrome-linux|chrome-macos|chrome-windows|chrome-iphone|chrome-ipad|chrome-android|firefox-linux|firefox-macos|firefox-windows|firefox-iphone|firefox-ipad|firefox-android|safari-macos|safari-iphone|safari-ipad|edge,
--user-agent Sets the User-Agent to use
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-all-query-params Test all URL query param names
--test-header-name NAME Tests the HTTP Header name
--test-cookie-param NAME Tests the HTTP Cookie name
--test-all-cookie-params Test all Cookie param names
--test-form-param NAME Tests the form param name
--test-all-form-params Test all form param names
-i, --input FILE Reads URLs from the list file
-Q, --escape-quote Escapes quotation marks
-P, --escape-parens Escapes parenthesis
-T, --terminate Terminates the SQL expression with a --
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Printing
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for SQLi vulnerabilities.
-
#test_url(url, &block) ⇒ Vulns::SQLI?
private
Tests a URL for SQLi vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #print_vuln, #print_vulns, #process_url, #process_vuln, #referer, #referer=, #request_method, #request_method=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_form_params=, #test_header_names, #test_query_params, #test_query_params=, #user_agent, #user_agent=
Methods included from Importable
Methods included from Printing
#log_vuln, #print_vuln, #print_vulns, #vuln_param_name, #vuln_param_type, #vuln_type
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for SQLi vulnerabilities.
104 105 106 |
# File 'lib/ronin/vulns/cli/commands/sqli.rb', line 104 def scan_url(url,&block) Vulns::SQLI.scan(url,**scan_kwargs,&block) end |
#test_url(url, &block) ⇒ Vulns::SQLI?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for SQLi vulnerabilities.
117 118 119 |
# File 'lib/ronin/vulns/cli/commands/sqli.rb', line 117 def test_url(url,&block) Vulns::SQLI.test(url,**scan_kwargs) end |