0.2.0 / 2024-07-22

• Require ronin-db ~> 0.2
• Added Ronin::Vulns::Importer.
• Added the user_agent: keyword argument to Ronin::Vulns::WebVuln#initialize.
• Added Ronin::Vulns::WebVuln#user_agent.
• Added Ronin::Vulns::CommandInjection.
• Added the command_injection: keyword argument to Ronin::Vulns::URLScanner.scan.
• Added Ronin::Vulns::RFI#script_lang.
• Support inferring the Ronin::Vulns::RFI#script_lang from the URL given to Ronin::Vulns::RFI#initialize.
• Bruteforce test every different kind of RFI test URL in Ronin::Vulns::RFI#vulnerable? if a test script URL was not given or the Ronin::Vulns::RFI#script_lang cannot be inferred from the given URL.
• Allow the escape_type: keyword argument for Ronin::Vulns::SSTI#initialize to accept a Symbol value to specify the specific Server-Side-Template-Injection interpolation syntax:
  • :double_curly_braces - {{expression}}
  • :dollar_curly_braces - ${expression}
  • :dollar_double_curly_braces - ${{expression}}
  • :pound_curly_braces - #{expression}
  • :angle_brackets_percent - <%= expression %>

CLI

• Added the ronin-vulns command-injection command.
• Added the ronin-vulns irb command.
• Added the ronin-vulns completion command to install shell completion files for all ronin-vulns commands for Bash and Zsh shells.
• Added the -H,--request-method option to all commands.
• Added the --user-agent and --user-agent-string options to all commands.
• Added the --test-all-form-params option to all commands.
• Added the --print-curl and --print-http options to all commands.
• Added the --import option to all commands.
• Print a summary of all vulnerabilities found after scanning a URL, in addition to logging messages indicating when a new vulnerability has just been found.
• Use hyphenated values for the --lfi-filter-bypass option in the ronin-vulns scan command and --filter-bypass option in the ronin-vulns lfi command.

0.1.5 / 2024-06-19

• Improve the accuracy of Ronin::Vulns::OpenRedirect#vulnerable? when detecting open redirects in meta-refresh HTML tags.
  • Match the test URL when it ends with ?..., &..., or &....
  • Detect when the test URL has an additional string appended to it (ex: .html). The appended string can easily be bypassed by adding a ?, &, or # character to the end of the test URL.

0.1.4 / 2023-09-19

CLI

• Improved the performance of ronin-vulns commands when scanning multiple URLs or a file of URLs by not rebuilding an identical Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs for each URL.
• Allow the --cookie "..." option to be repeated multiple times and merge the cookie strings together.
• Allow the --cookie-param NAME=VALUE option to be used with the --cookie "..." option and merge the cookie values together.
• Print vulnerable param names in single quotes.

0.1.3 / 2023-07-07

• Fixed a bug in Ronin::Vulns::WebVuln.scan where when called without escape: it would not return all found vulnerabilities.
• Fixed a bug in Ronin::Vulns::WebVuln.scan where repeat requests would be sent even if escape_quote:, escape_parens:, or terminate: keyword arguments are given.
• Improved Ronin::Vulns::ReflectedXSS::Context to detect when the XSS occurs after or inside of an HTML comment.

0.1.2 / 2023-03-01

• Require ronin-support ~> 1.0, >= 1.0.1

CLI

• Validate that given URLs start with either http:// or https://, and print an error message otherwise.
• Print a No vulnerabilities found message when no vulnerabilities were discovered.

0.1.1 / 2023-02-02

• Fixed typo in Ronin::Vulns::CLI::WebVulnCommand#process_url which effected the ronin-vulns lfi command and others.

0.1.0 / 2023-02-01

• Initial release:
  • Require ruby >= 3.0.0.
  • Supports testing for:
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
    • PHP
    • ASP Class / ASP.NET
    • JSP
    • ColdFusion
    • Perl
  • SQL Injection (SQLi)
  • Reflected Cross Site Scripting (XSS)
  • Server Side Template Injection (SSTI)
  • Open Redirects
  • Supports testing:
  • URL query parameters.
  • HTTP Headers.
  • HTTP Cookie parameters.
  • Form parameters.