Class: Ronin::Vulns::CLI::WebVulnCommand Private

Inherits:

Command

• Object
• Core::CLI::Command
• Command
• Ronin::Vulns::CLI::WebVulnCommand

Includes:

Importable, Printing

Defined in:

lib/ronin/vulns/cli/web_vuln_command.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Base class for all web vulnerability commands.

Direct Known Subclasses

Commands::CommandInjection, Commands::Lfi, Commands::OpenRedirect, Commands::ReflectedXss, Commands::Rfi, Commands::Scan, Commands::Sqli, Commands::Ssti

Constant Summary

Constants included from Printing

Printing::VULN_TYPES

Instance Attribute Summary

• #scan_kwargs ⇒ Hash{Symbol => Object} readonly private

  Keywrod arguments that will be used in #scan_url and #test_url to call WebVuln.scan or WebVuln.test.

• #scan_mode ⇒ :first, :all readonly private

  The scan mode.

Instance Method Summary

• #cookie ⇒ Ronin::Support::Network::HTTP::Cookie private

  The optional Cookie header to send.

• #form_data ⇒ Hash{String => String}^? private

  Additional form params.

• #headers ⇒ Hash{String => String} private

  Additional headers.

• #initialize(**kwargs) ⇒ WebVulnCommand constructor private

  Initializes the command.

• #print_vuln(vuln, print_curl: , print_http: ) ⇒ Object private

  Prints detailed information about a discovered web vulnerability.

• #print_vulns(vulns, print_curl: , print_http: ) ⇒ Object private

  Print a summary of all web vulnerabilities found.

• #process_url(url) {|vuln| ... } ⇒ Object private

  Processes a URL.

• #process_vuln(vuln) ⇒ Object private

  Logs and optioanlly imports a new discovered web vulnerability.

• #referer ⇒ String^? private

  The optional HTTP Referer header to send.

• #referer=(new_referer) ⇒ String^? private

  Sets the HTTP Referer header to send.

• #request_method ⇒ :copy, ... private

  The HTTP request method to use.

• #request_method=(new_request_method) ⇒ :copy, ... private

  Sets the HTTP request method to use.

• #run(*urls) ⇒ Object private

  Runs the command.

• #scan_url(url) {|vuln| ... } ⇒ Object abstract private

  Scans a URL for web vulnerabilities.

• #test_cookie_params ⇒ Set<String>, true private

  The HTTP Cookie to test.

• #test_cookie_params=(new_cookie_params) ⇒ Set<String>, true private

  Sets the HTTP Cookie to test.

• #test_form_params ⇒ Set<String>^? private

  The form params to test.

• #test_form_params=(new_form_params) ⇒ Set<String>, true private

  Sets the form params to test.

• #test_header_names ⇒ Set<String> private

  The HTTP Header names to test.

• #test_query_params ⇒ Set<String>, true private

  The URL query params to test.

• #test_query_params=(new_query_params) ⇒ Set<String>, true private

  Sets the URL query params to test.

• #test_url(url) ⇒ WebVuln^? abstract private

  Tests a URL for web vulnerabilities.

• #user_agent ⇒ String, ... private

  The optional HTTP User-Agent header to send.

• #user_agent=(new_user_agent) ⇒ String, ... private

  Sets the HTTP User-Agent header.

Methods included from Importable

#import_vuln, included

Methods included from Printing

#log_vuln, #vuln_param_name, #vuln_param_type, #vuln_type

Constructor Details

#initialize(**kwargs) ⇒ WebVulnCommand

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the command.

Parameters:

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments.

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 236

def initialize(**kwargs)
  super(**kwargs)

  @scan_mode   = :first
  @scan_kwargs = {}
end

Instance Attribute Details

#scan_kwargs ⇒ Hash{Symbol => Object} (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Keywrod arguments that will be used in #scan_url and #test_url to call WebVuln.scan or WebVuln.test.

Returns:

• (Hash{Symbol => Object})

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 228

def scan_kwargs
  @scan_kwargs
end

#scan_mode ⇒ :first, :all (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The scan mode.

Returns:

• (:first, :all) —
  • :first - Only find the first vulnerability for each URL.
  • :all - Find all vulnerabilities for each URL.

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 222

def scan_mode
  @scan_mode
end

Instance Method Details

#cookie ⇒ Ronin::Support::Network::HTTP::Cookie

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional Cookie header to send.

Returns:

• (Ronin::Support::Network::HTTP::Cookie)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 451

def cookie
  @scan_kwargs[:cookie] ||= Support::Network::HTTP::Cookie.new
end

#form_data ⇒ Hash{String => String}^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional form params.

Returns:

• (Hash{String => String}, nil)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 481

def form_data
  @scan_kwargs[:form_data] ||= {}
end

#headers ⇒ Hash{String => String}

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional headers.

Returns:

• (Hash{String => String})

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 399

def headers
  @scan_kwargs[:headers] ||= {}
end

#print_vuln(vuln, print_curl: , print_http: ) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints detailed information about a discovered web vulnerability.

Parameters:

• vuln (WebVuln) —

  The web vulnerability to log.

• print_curl (Boolean) (defaults to: ) —

  Prints an example curl command to trigger the web vulnerability.

• print_http (Boolean) (defaults to: ) —

  Prints an example HTTP request to trigger the web vulnerability.

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 313

def print_vuln(vuln, print_curl: options[:print_curl],
                     print_http: options[:print_http])
  super(vuln, print_curl: print_curl,
              print_http: print_http)
end

#print_vulns(vulns, print_curl: , print_http: ) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Print a summary of all web vulnerabilities found.

Parameters:

• vulns (Array<WebVuln>) —

  The discovered web vulnerabilities.

• print_curl (Boolean) (defaults to: ) —

  Prints an example curl command to trigger the web vulnerability.

• print_http (Boolean) (defaults to: ) —

  Prints an example HTTP request to trigger the web vulnerability.

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 293

def print_vulns(vulns, print_curl: options[:print_curl],
                       print_http: options[:print_http])
  super(vulns, print_curl: print_curl,
               print_http: print_http)
end

#process_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Processes a URL.

Parameters:

• url (String) —

  A URL to scan.

Yields:

• (vuln) —

  The given block will be passed each newly discovered web vulnerability.

Yield Parameters:

• vuln (WebVuln) —

  A newly discovered web vulnerability.

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 332

def process_url(url)
  unless url.start_with?('http://') || url.start_with?('https://')
    print_error("URL must start with http:// or https://: #{url.inspect}")
    exit(-1)
  end

  if @scan_mode == :first
    if (first_vuln = test_url(url))
      process_vuln(first_vuln)
      yield first_vuln
    end
  else
    scan_url(url) do |vuln|
      process_vuln(vuln)
      yield vuln
    end
  end
end

#process_vuln(vuln) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Logs and optioanlly imports a new discovered web vulnerability.

Parameters:

• vuln (WebVuln) —

  The discovered web vulnerability.

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 359

def process_vuln(vuln)
  log_vuln(vuln)
  import_vuln(vuln) if options[:import]
end

#referer ⇒ String^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP Referer header to send.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 460

def referer
  @scan_kwargs[:referer]
end

#referer=(new_referer) ⇒ String^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the HTTP Referer header to send.

Parameters:

• new_referer (String, nil) —

  The new Referer header to send.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 472

def referer=(new_referer)
  @scan_kwargs[:referer] = new_referer
end

#request_method ⇒ :copy, ...

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP request method to use.

Returns:

• (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock)

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 373

def request_method
  @scan_kwargs[:request_method]
end

#request_method=(new_request_method) ⇒ :copy, ...

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the HTTP request method to use.

Parameters:

• new_request_method (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock)

Returns:

• (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock)

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 390

def request_method=(new_request_method)
  @scan_kwargs[:request_method] = new_request_method
end

#run(*urls) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Runs the command.

Parameters:

• urls (Array<String>) —

  The URL(s) to scan.

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 249

def run(*urls)
  unless (options[:input] || !urls.empty?)
    print_error "must specify URL(s) or --input"
    exit(-1)
  end

  db_connect if options[:import]

  vulns = []

  if options[:input]
    File.open(options[:input]) do |file|
      file.each_line(chomp: true) do |url|
        process_url(url) do |vuln|
          vulns << vuln
        end
      end
    end
  elsif !urls.empty?
    urls.each do |url|
      process_url(url) do |vuln|
        vulns << vuln
      end
    end
  end

  puts unless vulns.empty?
  print_vulns(vulns)
end

#scan_url(url) {|vuln| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method is abstract.

Scans a URL for web vulnerabilities.

Parameters:

• url (String) —

  The URL to scan.

Yields:

• (vuln) —

  The given block will be passed each discovered web vulnerability.

Yield Parameters:

• vuln (WebVuln) —

  A web vulnerability discovered on the URL.

Raises:

• (NotImplementedError)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 571

def scan_url(url,&block)
  raise(NotImplementedError,"#{self.class}#scan_url was not defined")
end

#test_cookie_params ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP Cookie to test.

Returns:

• (Set<String>, true)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 520

def test_cookie_params
  @scan_kwargs[:cookie_params] ||= Set.new
end

#test_cookie_params=(new_cookie_params) ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the HTTP Cookie to test.

Parameters:

• new_cookie_params (Set<String>, true) —

  The new cookie param names to test.

Returns:

• (Set<String>, true)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 532

def test_cookie_params=(new_cookie_params)
  @scan_kwargs[:cookie_params] = new_cookie_params
end

#test_form_params ⇒ Set<String>^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The form params to test.

Returns:

• (Set<String>, nil)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 541

def test_form_params
  @scan_kwargs[:form_params] ||= Set.new
end

#test_form_params=(new_form_params) ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the form params to test.

Parameters:

• new_form_params (Set<String>, true) —

  The new form param names to test.

Returns:

• (Set<String>, true)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 553

def test_form_params=(new_form_params)
  @scan_kwargs[:form_params] = new_form_params
end

#test_header_names ⇒ Set<String>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP Header names to test.

Returns:

• (Set<String>)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 511

def test_header_names
  @scan_kwargs[:header_names] ||= Set.new
end

#test_query_params ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The URL query params to test.

Returns:

• (Set<String>, true)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 490

def test_query_params
  @scan_kwargs[:query_params] ||= Set.new
end

#test_query_params=(new_query_params) ⇒ Set<String>, true

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the URL query params to test.

Parameters:

• new_query_params (Set<String>, true) —

  The query params to test.

Returns:

• (Set<String>, true)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 502

def test_query_params=(new_query_params)
  @scan_kwargs[:query_params] = new_query_params
end

#test_url(url) ⇒ WebVuln^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method is abstract.

Tests a URL for web vulnerabilities.

Parameters:

• url (String) —

  The URL to test.

Returns:

• (WebVuln, nil) —

  vuln The first web vulnerability discovered on the URL.

Raises:

• (NotImplementedError)

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 586

def test_url(url)
  raise(NotImplementedError,"#{self.class}#test_url was not defined")
end

#user_agent ⇒ String, ...

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP User-Agent header to send.

Returns:

• (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil)

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 416

def user_agent
  @scan_kwargs[:user_agent]
end

#user_agent=(new_user_agent) ⇒ String, ...

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sets the HTTP User-Agent header.

The new User-Agent value to send.

Parameters:

• new_user_agent (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android)

Returns:

• (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android)

Since:

• 0.2.0

# File 'lib/ronin/vulns/cli/web_vuln_command.rb', line 442

def user_agent=(new_user_agent)
  @scan_kwargs[:user_agent] = new_user_agent
end