File: ChangeLog — Ronin::Vulns Documentation

Fixed a bug in the ronin-vulns irb command where the ronin/vulns Ruby file was missing.

Require ronin-db ~> 0.2
Added Ronin::Vulns::Importer.
Added the user_agent: keyword argument to Ronin::Vulns::WebVuln#initialize.
Added Ronin::Vulns::WebVuln#user_agent.
Added Ronin::Vulns::CommandInjection.
Added the command_injection: keyword argument to Ronin::Vulns::URLScanner.scan.
Added Ronin::Vulns::RFI#script_lang.
Support inferring the Ronin::Vulns::RFI#script_lang from the URL given to Ronin::Vulns::RFI#initialize.
Bruteforce test every different kind of RFI test URL in Ronin::Vulns::RFI#vulnerable? if a test script URL was not given or the Ronin::Vulns::RFI#script_lang cannot be inferred from the given URL.
Allow the escape_type: keyword argument for Ronin::Vulns::SSTI#initialize to accept a Symbol value to specify the specific Server-Side-Template-Injection interpolation syntax:
- :double_curly_braces - {{expression}}
- :dollar_curly_braces - ${expression}
- :dollar_double_curly_braces - ${{expression}}
- :pound_curly_braces - #{expression}
- :angle_brackets_percent - <%= expression %>

Added the ronin-vulns command-injection command.
Added the ronin-vulns irb command.
Added the ronin-vulns completion command to install shell completion files for all ronin-vulns commands for Bash and Zsh shells.
Added the -H,--request-method option to all commands.
Added the --user-agent and --user-agent-string options to all commands.
Added the --test-all-form-params option to all commands.
Added the --print-curl and --print-http options to all commands.
Added the --import option to all commands.
Print a summary of all vulnerabilities found after scanning a URL, in addition to logging messages indicating when a new vulnerability has just been found.
Use hyphenated values for the --lfi-filter-bypass option in the ronin-vulns scan command and --filter-bypass option in the ronin-vulns lfi command.

Improve the accuracy of Ronin::Vulns::OpenRedirect#vulnerable? when detecting open redirects in meta-refresh HTML tags.
- Match the test URL when it ends with ?..., &..., or &....
- Detect when the test URL has an additional string appended to it (ex: .html). The appended string can easily be bypassed by adding a ?, &, or # character to the end of the test URL.

Improved the performance of ronin-vulns commands when scanning multiple URLs or a file of URLs by not rebuilding an identical Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs for each URL.
Allow the --cookie "..." option to be repeated multiple times and merge the cookie strings together.
Allow the --cookie-param NAME=VALUE option to be used with the --cookie "..." option and merge the cookie values together.
Print vulnerable param names in single quotes.

Fixed a bug in Ronin::Vulns::WebVuln.scan where when called without escape: it would not return all found vulnerabilities.
Fixed a bug in Ronin::Vulns::WebVuln.scan where repeat requests would be sent even if escape_quote:, escape_parens:, or terminate: keyword arguments are given.
Improved Ronin::Vulns::ReflectedXSS::Context to detect when the XSS occurs after or inside of an HTML comment.

Validate that given URLs start with either http:// or https://, and print an error message otherwise.
Print a No vulnerabilities found message when no vulnerabilities were discovered.

Fixed typo in Ronin::Vulns::CLI::WebVulnCommand#process_url which effected the ronin-vulns lfi command and others.