From 52d0b64ad4d20cbabb4325a2dd39a34d825da9e6 Mon Sep 17 00:00:00 2001 From: Postmodern Date: Thu, 30 Nov 2023 18:05:40 -0800 Subject: [PATCH] Added the `--import` option to all commands (closes #58). --- .../vulns/cli/commands/command_injection.rb | 4 ++ lib/ronin/vulns/cli/commands/lfi.rb | 4 ++ lib/ronin/vulns/cli/commands/open_redirect.rb | 4 ++ lib/ronin/vulns/cli/commands/reflected_xss.rb | 4 ++ lib/ronin/vulns/cli/commands/rfi.rb | 4 ++ lib/ronin/vulns/cli/commands/scan.rb | 4 ++ lib/ronin/vulns/cli/commands/sqli.rb | 4 ++ lib/ronin/vulns/cli/commands/ssti.rb | 4 ++ lib/ronin/vulns/cli/web_vuln_command.rb | 22 ++++++- man/ronin-vulns-command-injection.1.md | 13 ++++ man/ronin-vulns-lfi.1.md | 13 ++++ man/ronin-vulns-open-redirect.1.md | 13 ++++ man/ronin-vulns-reflected-xss.1.md | 13 ++++ man/ronin-vulns-rfi.1.md | 13 ++++ man/ronin-vulns-scan.1.md | 13 ++++ man/ronin-vulns-sqli.1.md | 13 ++++ man/ronin-vulns-ssti.1.md | 13 ++++ spec/cli/web_vuln_command_spec.rb | 63 ++++++++++++++++--- 18 files changed, 211 insertions(+), 10 deletions(-) diff --git a/lib/ronin/vulns/cli/commands/command_injection.rb b/lib/ronin/vulns/cli/commands/command_injection.rb index 4518250..8294e2d 100644 --- a/lib/ronin/vulns/cli/commands/command_injection.rb +++ b/lib/ronin/vulns/cli/commands/command_injection.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/lfi.rb b/lib/ronin/vulns/cli/commands/lfi.rb index 58d520f..0ef0e96 100644 --- a/lib/ronin/vulns/cli/commands/lfi.rb +++ b/lib/ronin/vulns/cli/commands/lfi.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/open_redirect.rb b/lib/ronin/vulns/cli/commands/open_redirect.rb index 6b42264..b7f9a6d 100644 --- a/lib/ronin/vulns/cli/commands/open_redirect.rb +++ b/lib/ronin/vulns/cli/commands/open_redirect.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/reflected_xss.rb b/lib/ronin/vulns/cli/commands/reflected_xss.rb index 273a4db..0d5bce1 100644 --- a/lib/ronin/vulns/cli/commands/reflected_xss.rb +++ b/lib/ronin/vulns/cli/commands/reflected_xss.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/rfi.rb b/lib/ronin/vulns/cli/commands/rfi.rb index 9c88e6a..997ff80 100644 --- a/lib/ronin/vulns/cli/commands/rfi.rb +++ b/lib/ronin/vulns/cli/commands/rfi.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/scan.rb b/lib/ronin/vulns/cli/commands/scan.rb index 798ee8e..5de2617 100644 --- a/lib/ronin/vulns/cli/commands/scan.rb +++ b/lib/ronin/vulns/cli/commands/scan.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/sqli.rb b/lib/ronin/vulns/cli/commands/sqli.rb index aa07af7..f8509b8 100644 --- a/lib/ronin/vulns/cli/commands/sqli.rb +++ b/lib/ronin/vulns/cli/commands/sqli.rb @@ -34,6 +34,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/commands/ssti.rb b/lib/ronin/vulns/cli/commands/ssti.rb index 0d68b86..cd8b49b 100644 --- a/lib/ronin/vulns/cli/commands/ssti.rb +++ b/lib/ronin/vulns/cli/commands/ssti.rb @@ -35,6 +35,10 @@ module Commands # # ## Options # + # --db NAME The database to connect to (Default: default) + # --db-uri URI The database URI to connect to + # --db-file PATH The sqlite3 database file to use + # --import Imports discovered vulnerabilities into the database # --first Only find the first vulnerability for each URL # -A, --all Find all vulnerabilities for each URL # --print-curl Also prints an example curl command for each vulnerability diff --git a/lib/ronin/vulns/cli/web_vuln_command.rb b/lib/ronin/vulns/cli/web_vuln_command.rb index fea8ff1..3efc587 100644 --- a/lib/ronin/vulns/cli/web_vuln_command.rb +++ b/lib/ronin/vulns/cli/web_vuln_command.rb @@ -19,6 +19,7 @@ # require 'ronin/vulns/cli/command' +require 'ronin/vulns/cli/importable' require 'ronin/vulns/cli/logging' require 'ronin/support/network/http/cookie' @@ -35,7 +36,9 @@ class CLI class WebVulnCommand < Command include Logging + include Importable + option :import, desc: 'Imports discovered vulnerabilities into the database' option :first, short: '-F', desc: 'Only find the first vulnerability for each URL' do @scan_mode = :first @@ -245,6 +248,8 @@ def run(*urls) exit(-1) end + db_connect if options[:import] + vulns_discovered = false if options[:input] @@ -283,13 +288,13 @@ def process_url(url) if @scan_mode == :first if (first_vuln = test_url(url)) - log_vuln(first_vuln) + process_vuln(first_vuln) vuln_discovered = true end else scan_url(url) do |vuln| - log_vuln(vuln) + process_vuln(vuln) vuln_discovered = true end @@ -298,6 +303,19 @@ def process_url(url) return vuln_discovered end + # + # Logs and optioanlly imports a new discovered web vulnerability. + # + # @param [WebVuln] vuln + # The discovered web vulnerability. + # + # @since 0.2.0 + # + def process_vuln(vuln) + log_vuln(vuln) + import_vuln(vuln) if options[:import] + end + # # Logs a discovered web vulnerability. # diff --git a/man/ronin-vulns-command-injection.1.md b/man/ronin-vulns-command-injection.1.md index 15dd9c2..51319d0 100644 --- a/man/ronin-vulns-command-injection.1.md +++ b/man/ronin-vulns-command-injection.1.md @@ -17,6 +17,19 @@ option. ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-lfi.1.md b/man/ronin-vulns-lfi.1.md index 31cc77c..addbbe4 100644 --- a/man/ronin-vulns-lfi.1.md +++ b/man/ronin-vulns-lfi.1.md @@ -17,6 +17,19 @@ option. ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-open-redirect.1.md b/man/ronin-vulns-open-redirect.1.md index 2156276..64ab2eb 100644 --- a/man/ronin-vulns-open-redirect.1.md +++ b/man/ronin-vulns-open-redirect.1.md @@ -16,6 +16,19 @@ as additional arguments or read from a file using the `--input` option. ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-reflected-xss.1.md b/man/ronin-vulns-reflected-xss.1.md index 9d21744..20f4929 100644 --- a/man/ronin-vulns-reflected-xss.1.md +++ b/man/ronin-vulns-reflected-xss.1.md @@ -17,6 +17,19 @@ to scan can be given as additional arguments or read from a file using the ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-rfi.1.md b/man/ronin-vulns-rfi.1.md index 801d070..0253faa 100644 --- a/man/ronin-vulns-rfi.1.md +++ b/man/ronin-vulns-rfi.1.md @@ -17,6 +17,19 @@ option. ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-scan.1.md b/man/ronin-vulns-scan.1.md index a6e29fb..3d5ec9c 100644 --- a/man/ronin-vulns-scan.1.md +++ b/man/ronin-vulns-scan.1.md @@ -16,6 +16,19 @@ additional arguments or read from a file using the `--input` option. ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-sqli.1.md b/man/ronin-vulns-sqli.1.md index fde99ea..bc48edb 100644 --- a/man/ronin-vulns-sqli.1.md +++ b/man/ronin-vulns-sqli.1.md @@ -17,6 +17,19 @@ option. ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/man/ronin-vulns-ssti.1.md b/man/ronin-vulns-ssti.1.md index f1e30a2..86341ba 100644 --- a/man/ronin-vulns-ssti.1.md +++ b/man/ronin-vulns-ssti.1.md @@ -17,6 +17,19 @@ to scan can be given as additional arguments or read from a file using the ## OPTIONS +`--db` *NAME* + The database name to connect to. Defaults to `default` if not given. + +`--db-uri` *URI* + The database URI to connect to + (ex: `postgres://user:password@host/db`). + +`--db-file` *PATH* + The sqlite3 database file to use. + +`--import` + Imports discovered vulnerabilities into the database. + `--first` Only find the first vulnerability for each URL. diff --git a/spec/cli/web_vuln_command_spec.rb b/spec/cli/web_vuln_command_spec.rb index 13cbcdd..1e3b262 100644 --- a/spec/cli/web_vuln_command_spec.rb +++ b/spec/cli/web_vuln_command_spec.rb @@ -417,13 +417,13 @@ let(:url2) { 'https://example.com/page2' } context "when given URL arguments" do - let(:argv) { [url1, url2] } + let(:urls) { [url1, url2] } it "must call #process_url with each URL argument" do expect(subject).to receive(:process_url).with(url1) expect(subject).to receive(:process_url).with(url2) - subject.run(*argv) + subject.run(*urls) end context "and no vulnerabilities are discovered on any of the URLs" do @@ -434,7 +434,20 @@ subject.colors.green('No vulnerabilities found') ) - subject.run(*argv) + subject.run(*urls) + end + end + + context "when given the --import option" do + let(:argv) { ['--import'] } + before { subject.option_parser.parse(argv) } + + it "must call #db_connect before calling #process_url with the URLs" do + expect(subject).to receive(:db_connect) + expect(subject).to receive(:process_url).with(url1) + expect(subject).to receive(:process_url).with(url2) + + subject.run(*urls) end end end @@ -469,6 +482,19 @@ subject.run end end + + context "when given the --import option" do + let(:argv) { ['--import', '--input', tempfile.path] } + before { subject.option_parser.parse(argv) } + + it "must call #db_connect before calling #process_url with the URLs" do + expect(subject).to receive(:db_connect) + expect(subject).to receive(:process_url).with(url1) + expect(subject).to receive(:process_url).with(url2) + + subject.run + end + end end context "when given neither URL arguments or '--input FILE'" do @@ -492,9 +518,9 @@ context "and #test_url returns a WebVuln object" do let(:vuln) { double('first returned WebVuln') } - it "must call #log_vuln with the WebVuln object" do + it "must call #process_vuln with the WebVuln object" do expect(subject).to receive(:test_url).with(url).and_return(vuln) - expect(subject).to receive(:log_vuln).with(vuln) + expect(subject).to receive(:process_vuln).with(vuln) subject.process_url(url) end @@ -515,10 +541,10 @@ let(:vuln1) { double('yielded WebVuln 1') } let(:vuln2) { double('yielded WebVuln 2') } - it "must call #log_vuln with the yielded WebVuln objects" do + it "must call #process_vuln with the yielded WebVuln objects" do expect(subject).to receive(:scan_url).with(url).and_yield(vuln1).and_yield(vuln2) - expect(subject).to receive(:log_vuln).with(vuln1) - expect(subject).to receive(:log_vuln).with(vuln2) + expect(subject).to receive(:process_vuln).with(vuln1) + expect(subject).to receive(:process_vuln).with(vuln2) subject.process_url(url) end @@ -568,6 +594,27 @@ end end + describe "#process_vuln" do + let(:vuln) { double('WebVuln object') } + + it "must call #log_vuln with the given vuln object" do + expect(subject).to receive(:log_vuln).with(vuln) + + subject.process_vuln(vuln) + end + + context "when options[:import] is true" do + before { subject.options[:import] = true } + + it "must call #log_vuln and then #import_vuln with the vuln object" do + expect(subject).to receive(:log_vuln).with(vuln) + expect(subject).to receive(:import_vuln).with(vuln) + + subject.process_vuln(vuln) + end + end + end + describe "#scan_kwargs" do it "must return an empty Hash by default" do expect(subject.scan_kwargs).to eq({})