Class: Ronin::Vulns::CLI::WebVulnCommand Private

Inherits:
Command
  • Object
show all
Includes:
Logging
Defined in:
lib/ronin/vulns/cli/web_vuln_command.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Base class for all web vulnerability commands.

Constant Summary

Constants included from Logging

Logging::VULN_TYPES

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Logging

#log_vuln, #vuln_type

Constructor Details

#initialize(**kwargs) ⇒ WebVulnCommand

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the command.

Parameters:

  • kwargs (Hash{Symbol => Object})

    Additional keyword arguments.



181
182
183
184
185
186
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 181

def initialize(**kwargs)
  super(**kwargs)

  @scan_mode   = :first
  @scan_kwargs = {}
end

Instance Attribute Details

#scan_kwargsHash{Symbol => Object} (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keywrod arguments that will be used in #scan_url and #test_url to call WebVuln.scan or WebVuln.test.

Returns:

  • (Hash{Symbol => Object}) 


173
174
175
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 173

def scan_kwargs
  @scan_kwargs
end

#scan_mode:first, :all (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The scan mode.

Returns:

  • (:first, :all)
    • :first - Only find the first vulnerability for each URL.
    • :all - Find all vulnerabilities for each URL.


167
168
169
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 167

def scan_mode
  @scan_mode
end

Instance Method Details

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional Cookie header to send.

Returns:

  • (Ronin::Support::Network::HTTP::Cookie) 


267
268
269
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 267

def cookie
  @scan_kwargs[:cookie] ||= Support::Network::HTTP::Cookie.new
end

#form_dataHash{String => String}?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional form params.

Returns:

  • (Hash{String => String}, nil) 


297
298
299
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 297

def form_data
  @scan_kwargs[:form_data] ||= {}
end

#headersHash{String => String}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional headers.

Returns:

  • (Hash{String => String}) 


258
259
260
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 258

def headers
  @scan_kwargs[:headers] ||= {}
end

#process_url(url) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Processes a URL.

Parameters:

  • url (String)

    A URL to scan.

Returns:

  • (Boolean)

    Indicates whether a vulnerability was discovered in the URL.



228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 228

def process_url(url)
  unless url.start_with?('http://') || url.start_with?('https://')
    print_error("URL must start with http:// or https://: #{url.inspect}")
    exit(-1)
  end

  vuln_discovered = false

  if @scan_mode == :first
    if (first_vuln = test_url(url))
      log_vuln(first_vuln)

      vuln_discovered = true
    end
  else
    scan_url(url) do |vuln|
      log_vuln(vuln)

      vuln_discovered = true
    end
  end

  return vuln_discovered
end

#refererString?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP Referer header to send.

Returns:

  • (String, nil) 


276
277
278
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 276

def referer
  @scan_kwargs[:referer]
end

#referer=(new_referer) ⇒ String?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the HTTP Referer header to send.

Parameters:

  • new_referer (String, nil)

    The new Referer header to send.

Returns:

  • (String, nil) 


288
289
290
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 288

def referer=(new_referer)
  @scan_kwargs[:referer] = new_referer
end

#run(*urls) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Runs the command.

Parameters:

  • urls (Array<String>)

    The URL(s) to scan.



194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 194

def run(*urls)
  unless (options[:input] || !urls.empty?)
    print_error "must specify URL(s) or --input"
    exit(-1)
  end

  vulns_discovered = false

  if options[:input]
    File.open(options[:input]) do |file|
      file.each_line(chomp: true) do |url|
        vulns_discovered ||= process_url(url)
      end
    end
  elsif !urls.empty?
    urls.each do |url|
      vulns_discovered ||= process_url(url)
    end
  end

  unless vulns_discovered
    puts colors.green("No vulnerabilities found")
  end
end

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method is abstract.

Scans a URL for web vulnerabilities.

Parameters:

  • url (String)

    The URL to scan.

Yields:

  • (vuln)

    The given block will be passed each discovered web vulnerability.

Yield Parameters:

  • vuln (WebVuln)

    A web vulnerability discovered on the URL.

Raises:

  • (NotImplementedError) 


375
376
377
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 375

def scan_url(url,&block)
  raise(NotImplementedError,"#{self.class}#scan_url was not defined")
end

#test_cookie_paramsSet<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP Cookie to test.

Returns:

  • (Set<String>, true) 


336
337
338
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 336

def test_cookie_params
  @scan_kwargs[:cookie_params] ||= Set.new
end

#test_cookie_params=(new_cookie_params) ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the HTTP Cookie to test.

Parameters:

  • new_cookie_params (Set<String>, true)

    The new cookie param names to test.

Returns:

  • (Set<String>, true) 


348
349
350
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 348

def test_cookie_params=(new_cookie_params)
  @scan_kwargs[:cookie_params] = new_cookie_params
end

#test_form_paramsSet<String>?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The form params to test.

Returns:

  • (Set<String>, nil) 


357
358
359
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 357

def test_form_params
  @scan_kwargs[:form_params] ||= Set.new
end

#test_header_namesSet<String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP Header names to test.

Returns:

  • (Set<String>) 


327
328
329
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 327

def test_header_names
  @scan_kwargs[:header_names] ||= Set.new
end

#test_query_paramsSet<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The URL query params to test.

Returns:

  • (Set<String>, true) 


306
307
308
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 306

def test_query_params
  @scan_kwargs[:query_params] ||= Set.new
end

#test_query_params=(new_query_params) ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the URL query params to test.

Parameters:

  • new_query_params (Set<String>, true)

    The query params to test.

Returns:

  • (Set<String>, true) 


318
319
320
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 318

def test_query_params=(new_query_params)
  @scan_kwargs[:query_params] = new_query_params
end

#test_url(url) ⇒ WebVuln?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method is abstract.

Tests a URL for web vulnerabilities.

Parameters:

  • url (String)

    The URL to test.

Returns:

  • (WebVuln, nil)

    vuln The first web vulnerability discovered on the URL.

Raises:

  • (NotImplementedError) 


390
391
392
 
# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 390

def test_url(url)
  raise(NotImplementedError,"#{self.class}#test_url was not defined")
end