require 'lacewing/core'

module Lacewing
  class Exploits

    def self.lfi
      puts 'LFI: Local File Inclusion'.bold.green
      puts Lacewing::PROMPT + 'Here are a few articles on how to test LFI:'
      places = ['https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion', 'https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/']
      places.each { |i| puts "\t#{i}"}

      puts Lacewing::PROMPT + 'Here are some common payloads:'
      payloads = %w[../../../../etc/passwd ../../../../etc/shadow ../../../../var/mail/root]
      payloads.each { |i| puts "\t#{i}" }

      puts 'Press any key to continue... '.bold.green
      return if STDIN.getch
    end

    def self.rce
      puts 'RCE: Remote Code Execution'.bold.green
      puts Lacewing::PROMPT + 'There\'s a lot of different kinds of RCE, so here are some examples:'
      examples = %w[https://thehackernews.com/2018/04/windows-patch-updates.html https://www.symantec.com/security_response/vulnerability.jsp?bid=102375 https://en.wikipedia.org/wiki/EternalBlue]
      examples.each { |i| puts "\t#{i}" }

      puts Lacewing::PROMPT + 'Here are some tools to use:'
      tools = ['Metasploit Framework - metasploit.com', 'Golismero - golismero-project.com/']
      tools.each { |i| puts "\t#{i}"}

      puts 'Press any key to continue... '.bold.green
      return if STDIN.getch
    end

    def self.xss
      puts 'XSS: Cross-Site Scripting'.bold.green
      xss_types = ['Reflected - Specially crafted input returned back to user', 'Stored - Permanent Injection', 'DOM-based - XSS artifact as an HTML DOM']
      type = $prompt.select('There are different kinds of XSS attacks. Which one do you want?', xss_types)
      case type
        when xss_types[0]
          ref = [
                  'https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001)',
                 'https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet',
                 'https://security.stackexchange.com/questions/65142/what-is-reflected-xss'
                ]
          puts Lacewing::PROMPT + 'Here are some references to Reflected XSS:'
          ref.each { |i| puts "\t#{i}" }
        when xss_types[1]
          ref = [
                  'https://www.incapsula.com/web-application-security/cross-site-scripting-xss-attacks.html',
                  'https://www.hackingloops.com/what-is-stored-cross-site-scripting-or-stored-xss/',
                  'https://www.acunetix.com/websitesecurity/xss/'
                ]
          puts Lacewing::PROMPT + 'Here are some references for Stored XSS'
          ref.each { |i| puts "\t#{i}" }
        when xss_types[2]
          ref = [
                  'https://www.owasp.org/index.php/DOM_Based_XSS',
                  'https://www.netsparker.com/blog/web-security/dom-based-cross-site-scripting-vulnerability/',
                  'https://en.wikipedia.org/wiki/Cross-site_scripting#Server-side_versus_DOM-based_vulnerabilities'
                ]
          puts Lacewing::PROMPT + 'Here are some references for DOM-based XSS'
          ref.each { |i| puts "\t#{i}" }
      end
      puts 'Press any key to continue... '.bold.green
      return if STDIN.getch
    end

    def self.code_injection
      puts 'Code Injection - An attack to inject code into a vulnerable computer program to change the course of execution.'.bold.green
      puts Lacewing::PROMPT + 'Here are some references for different kinds of code injection vulnerabilities'
      ref = [
              'Shell Injection - https://en.wikipedia.org/wiki/Code_injection#Shell_injection',
              'HTML Injection - https://en.wikipedia.org/wiki/Code_injection#HTML_script_injection',
              'https://en.wikipedia.org/wiki/Code_injection#Object_injection'
            ]
      ref.each { |i| puts "\t#{i}" }

      puts 'Press any key to continue...'.bold.green
      return if STDIN.getch
    end

    def self.reverse_shell
      puts 'Reverse Shell - The act of redirecting the input and output of a shell to a service so that it can be remotely accessed'.bold.green
      puts Lacewing::PROMPT + "If you've found some sort of code injection vulnerability, you can use a reverse shell to get full access"
      puts Lacewing::PROMPT + 'Here are a few great tools to exploit a reverse shell:'
      tools = [
                'Shell.now - https://shell.now.sh/',
                'Metasploit - https://metasploit.com',
                'Turtle - https://github.com/buckyroberts/Turtle'
              ]
      tools.each { |i| puts "\t#{i}" }
      puts 'Press any key to continue...'.bold.green
      return if STDIN.getch
    end

    def self.sqli
      puts 'SQL Injection - An attack in which nefarious SQL statements are inserted into an entry field for execution'.bold.green
      puts Lacewing::PROMPT + 'Here are some tools for exploiting SQL injections:'
      tools = [
                'SQLMap - https://github.com/sqlmapproject/sqlmap',
                'BBQSQL - https://github.com/Neohapsis/bbqsql/',
                'SQLNinja - https://github.com/xxgrunge/sqlninja'
              ]
      tools.each { |i| puts "\t#{i}" }

      puts Lacewing::PROMPT + 'Here are some articles on SQL Injection:'
      ref = [
              'https://en.wikipedia.org/wiki/SQL_injection',
              'https://technet.microsoft.com/en-us/library/ms161953(v=sql.105).aspx',
              'https://www.veracode.com/security/sql-injection'
            ]
      ref.each { |i| puts "\t#{i}" }

      puts 'Press any key to continue...'.bold.green
      return if STDIN.getch
    end

  end
end