Class: Ronin::Vulns::CLI::Commands::Ssti Private
- Inherits:
-
WebVulnCommand
- Object
- Core::CLI::Command
- Ronin::Vulns::CLI::Command
- WebVulnCommand
- Ronin::Vulns::CLI::Commands::Ssti
- Defined in:
- lib/ronin/vulns/cli/commands/ssti.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Scans URL(s) for Server Side Template Injection (SSTI) vulnerabilities.
Usage
ronin-vulns ssti [options] {URL ... | --input FILE}
Options
--first Only find the first vulnerability for each URL
-A, --all Find all vulnerabilities for each URL
-H, --header "Name: value" Sets an additional header
-C, --cookie COOKIE Sets the raw Cookie header
-c, --cookie-param NAME=VALUE Sets an additional cookie param
-R, --referer URL Sets the Referer header
-F, --form-param NAME=VALUE Sets an additional form param
--test-query-param NAME Tests the URL query param name
--test-all-query-params Test all URL query param names
--test-header-name NAME Tests the HTTP Header name
--test-cookie-param NAME Tests the HTTP Cookie name
--test-all-cookie-params Test all Cookie param names
--test-form-param NAME Tests the form param name
-i, --input FILE Reads URLs from the list file
-T {X*Y | X/Z | X+Y | X-Y}, Optional numeric test to use
--test-expr
-h, --help Print help information
Arguments
[URL ...] The URL(s) to scan
Constant Summary
Constants included from Logging
Instance Attribute Summary
Attributes inherited from WebVulnCommand
Instance Method Summary collapse
-
#scan_url(url) {|vuln| ... } ⇒ Object
private
Scans a URL for SSTI vulnerabilities.
-
#test_url(url, &block) ⇒ Vulns::SSTI?
private
Tests a URL for SSTI vulnerabilities.
Methods inherited from WebVulnCommand
#cookie, #form_data, #headers, #initialize, #process_url, #referer, #referer=, #run, #test_cookie_params, #test_cookie_params=, #test_form_params, #test_header_names, #test_query_params, #test_query_params=
Methods included from Logging
Constructor Details
This class inherits a constructor from Ronin::Vulns::CLI::WebVulnCommand
Instance Method Details
#scan_url(url) {|vuln| ... } ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Scans a URL for SSTI vulnerabilities.
89 90 91 |
# File 'lib/ronin/vulns/cli/commands/ssti.rb', line 89 def scan_url(url,&block) Vulns::SSTI.scan(url,**scan_kwargs,&block) end |
#test_url(url, &block) ⇒ Vulns::SSTI?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Tests a URL for SSTI vulnerabilities.
102 103 104 |
# File 'lib/ronin/vulns/cli/commands/ssti.rb', line 102 def test_url(url,&block) Vulns::SSTI.test(url,**scan_kwargs) end |