.\" Generated by kramdown-man 0.1.8
.\" https://github.com/postmodern/kramdown-man#readme
.TH ronin-vulns-scan 1 "May 2022" Ronin "User Manuals"
.LP
.SH SYNOPSIS
.LP
.HP
\fBronin-vulns scan\fR \[lB]\fIoptions\fP\[rB] \[lC]\fIURL\fP \.\.\. \[or] \fB--input\fR \fIFILE\fP\[rC]
.LP
.SH DESCRIPTION
.LP
.PP
Scans URL(s) for web vulnerabilities\. The URLs to scan can be given as
additional arguments or read from a file using the \fB--input\fR option\.
.LP
.SH ARGUMENTS
.LP
.TP
\fIURL\fP
A URL to scan\.
.LP
.SH OPTIONS
.LP
.TP
\fB--first\fR
Only find the first vulnerability for each URL\.
.LP
.TP
\fB-A\fR, \fB--all\fR
Find all vulnerabilities for each URL\.
.LP
.TP
\fB-H\fR, \fB--header\fR \[lq]\fIName\fP: \fIvalue\fP\[rq]
Sets an additional header using the given \fIName\fP and \fIvalue\fP\.
.LP
.TP
\fB-C\fR, \fB--cookie\fR \fICOOKIE\fP
Sets the raw \fBCookie\fR header\.
.LP
.TP
\fB-c\fR, \fB--cookie-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
Sets an additional \fBCookie\fR param using the given \fINAME\fP and \fIVALUE\fP\.
.LP
.TP
\fB-R\fR, \fB--referer\fR \fIURL\fP
Sets the \fBReferer\fR header\.
.LP
.TP
\fB-F\fR, \fB--form-param\fR \fINAME\fP\fB=\fR\fIVALUE\fP
Sets an additional form param using the given \fINAME\fP and \fIVALUE\fP\.
.LP
.TP
\fB--test-query-param\fR \fINAME\fP
Tests the URL query param name\.
.LP
.TP
\fB--test-all-query-params\fR
Test all URL query param names\.
.LP
.TP
\fB--test-header-name\fR \fINAME\fP
Tests the HTTP Header name\.
.LP
.TP
\fB--test-cookie-param\fR \fINAME\fP
Tests the HTTP Cookie name\.
.LP
.TP
\fB--test-all-cookie-params\fR
Test all Cookie param names\.
.LP
.TP
\fB--test-form-param\fR \fINAME\fP
Tests the form param name\.
.LP
.TP
\fB-i\fR, \fB--input\fR \fIFILE\fP
Reads URLs from the given \fIFILE\fP\.
.LP
.TP
\fB--lfi-os\fR \fBunix\fR\[or]\fBwindows\fR
Sets the OS to test for\.
.LP
.TP
\fB--lfi-depth\fR \fINUM\fP
Sets the directory depth to escape up\.
.LP
.TP
\fB--lfi-filter-bypass\fR \fBnull_byte\fR\[or]\fBdouble_escape\fR\[or]\fBbase64\fR\[or]\fBrot13\fR\[or]\fBzlib\fR
Sets the filter bypass strategy to use\.
.LP
.TP
\fB--rfi-filter-bypass\fR \fBdouble-encode\fR\[or]\fBsuffix-escape\fR\[or]\fBnull-byte\fR
Optional filter\-bypass strategy to use\.
.LP
.TP
\fB--rfi-script-lang\fR \fBasp\fR\[or]\fBasp.net\fR\[or]\fBcoldfusion\fR\[or]\fBjsp\fR\[or]\fBphp\fR\[or]\fBperl\fR
Explicitly specify the scripting language to test for\.
.LP
.TP
\fB--rfi-test-script-url\fR \fIURL\fP
Use an alternative test script URL\.
.LP
.TP
\fB--sqli-escape-quote\fR
Escapes quotation marks\.
.LP
.TP
\fB--sqli-escape-parens\fR
Escapes parenthesis\.
.LP
.TP
\fB--sqli-terminate\fR
Terminates the SQL expression with a \fB--\fR\.
.LP
.HP
\fB--ssti-test-expr\fR \[lC]\fIX\fP*\fIY\fP \[or] \fIX\fP\[sl]\fIZ\fP \[or] \fIX\fP\[pl]\fIY\fP \[or] \fIX\fP\-\fIY\fP\[rC]
Optional numeric test to use\.
.LP
.TP
\fB--open-redirect-url\fR \fIURL\fP
Optional test URL to try to redirect to\.
.LP
.TP
\fB-h\fR, \fB--help\fR
Print help information\.
.LP
.SH AUTHOR
.LP
.PP
Postmodern 
.MT postmodern\.mod3\[at]gmail\.com
.ME
.LP
.SH SEE ALSO
.LP
.PP
ronin\-vulns\-lfi(1) ronin\-vulns\-rfi(1) ronin\-vulns\-sqli(1) ronin\-vulns\-ssti(1) ronin\-vulns\-open\-redirect(1) ronin\-vulns\-reflected\-xss(1)