Module: Ronin::Vulns::Importer

Defined in:

lib/ronin/vulns/importer.rb

Overview

Handles importing discovered web vulnerability objects into ronin-db.

Examples

require 'ronin/vulns/url_scanner'
require 'ronin/vulns/importer'

Ronin::Vulns::URLScanner.scan(url) do |vuln|
  Ronin::Vulns::Importer.import(vuln)
end

Since:

• 0.2.0

Class Method Summary

• .import(vuln) {|imported| ... } ⇒ Ronin::DB::WebVuln

  Imports a web vulnerability into database.

• .import_url(url) ⇒ Ronin::DB::URL

  Imports a URL into the database.

Class Method Details

.import(vuln) {|imported| ... } ⇒ Ronin::DB::WebVuln

Imports a web vulnerability into database.

Parameters:

• vuln (WebVuln) —

  The web vulnerability to import.

Yields:

• (imported) —

  If a block is given, it will be passed the imported database records.

Yield Parameters:

• imported (Ronin::DB::WebVuln) —

  The imported web vulnerability record.

Returns:

• (Ronin::DB::WebVuln) —

  The imported web vuln record.

Since:

• 0.2.0

# File 'lib/ronin/vulns/importer.rb', line 58

def self.import(vuln)
  imported_url = import_url(vuln.url)

  attributes = {
    url:  imported_url,
    type: vuln.class.vuln_type,

    query_param:    vuln.query_param,
    header_name:    vuln.header_name,
    cookie_param:   vuln.cookie_param,
    form_param:     vuln.form_param,
    request_method: vuln.request_method
  }

  case vuln
  when LFI
    attributes[:lfi_os]            = vuln.os
    attributes[:lfi_depth]         = vuln.depth
    attributes[:lfi_filter_bypass] = vuln.filter_bypass
  when RFI
    attributes[:rfi_script_lang]   = vuln.script_lang
    attributes[:rfi_filter_bypass] = vuln.filter_bypass
  when SQLI
    attributes[:sqli_escape_quote]  = vuln.escape_quote
    attributes[:sqli_escape_parens] = vuln.escape_parens
    attributes[:sqli_terminate]     = vuln.terminate
  when SSTI
    attributes[:ssti_escape_type] = vuln.escape_type
  when CommandInjection
    attributes[:command_injection_escape_quote]    = vuln.escape_quote
    attributes[:command_injection_escape_operator] = vuln.escape_operator
    attributes[:command_injection_terminator]      = vuln.terminator
  end

  imported_vuln = DB::WebVuln.transaction do
                    DB::WebVuln.find_or_create_by(attributes)
                  end

  yield imported_vuln if block_given?
  return imported_vuln
end

.import_url(url) ⇒ Ronin::DB::URL

Imports a URL into the database.

Parameters:

• url (URI, String) —

  The URL to import.

Returns:

• (Ronin::DB::URL) —

  The imported URL record.

Since:

• 0.2.0

# File 'lib/ronin/vulns/importer.rb', line 109

def self.import_url(url)
  DB::URL.transaction do
    DB::URL.find_or_import(url)
  end
end