lib/ronin/vulns/cli/web_vuln_command.rb in ronin-vulns-0.1.1 vs lib/ronin/vulns/cli/web_vuln_command.rb in ronin-vulns-0.1.2
- old
+ new
@@ -51,11 +51,13 @@
usage: '"Name: value"'
},
desc: 'Sets an additional header' do |header|
name, value = header.split(/:\s*/,2)
+ # lazy initialize the headers
@headers ||= {}
+
@headers[name] = value
end
option :cookie, short: '-C',
value: {
@@ -72,18 +74,20 @@
usage: 'NAME=VALUE'
},
desc: 'Sets an additional cookie param' do |param|
name, value = param.split('=',2)
+ # lazy initialize the cookie
@cookie ||= Support::Network::HTTP::Cookie.new
+
@cookie[name] = value
end
option :referer, short: '-R',
value: {
type: String,
- usage: 'URL',
+ usage: 'URL'
},
desc: 'Sets the Referer header' do |referer|
@referer = referer
end
@@ -93,20 +97,24 @@
usage: 'NAME=VALUE'
},
desc: 'Sets an additional form param' do |param|
name, value = param.split('=',2)
+ # lazy initialize the form data
@form_data ||= {}
+
@form_data[name] = value
end
option :test_query_param, value: {
type: String,
usage: 'NAME'
},
desc: 'Tests the URL query param name' do |name|
+ # lazy initialize the test query params
@test_query_params ||= Set.new
+
@test_query_params << name
end
option :test_all_query_params, desc: 'Test all URL query param names' do
@test_all_query_params = true
@@ -115,33 +123,39 @@
option :test_header_name, value: {
type: String,
usage: 'NAME'
},
desc: 'Tests the HTTP Header name' do |name|
+ # lazy initialize the test heade rnames
@test_header_names ||= Set.new
+
@test_header_names << name
end
option :test_cookie_param, value: {
type: String,
usage: 'NAME'
},
desc: 'Tests the HTTP Cookie name' do |name|
+ # lazy initialize the test cookie params
@test_cookie_params ||= Set.new
+
@test_cookie_params << name
end
option :test_all_cookie_params, desc: 'Test all Cookie param names' do
@test_all_cookie_params = true
end
option :test_form_param, value: {
- type: String,
+ type: String,
usage: 'NAME'
- },
+ },
desc: 'Tests the form param name' do |name|
+ # lazy initialize the test form params
@test_form_params ||= Set.new
+
@test_form_params << name
end
option :input, short: '-i',
value: {
@@ -233,42 +247,66 @@
#
# @param [Array<String>] urls
# The URL(s) to scan.
#
def run(*urls)
+ unless (options[:input] || !urls.empty?)
+ print_error "must specify URL(s) or --input"
+ exit(-1)
+ end
+
+ vulns_discovered = false
+
if options[:input]
File.open(options[:input]) do |file|
file.each_line(chomp: true) do |url|
- process_url(url)
+ vulns_discovered ||= process_url(url)
end
end
elsif !urls.empty?
urls.each do |url|
- process_url(url)
+ vulns_discovered ||= process_url(url)
end
- else
- print_error "must specify URL(s) or --input"
- exit(-1)
end
+
+ unless vulns_discovered
+ puts colors.green("No vulnerabilities found")
+ end
end
#
# Processes a URL.
#
# @param [String] url
# A URL to scan.
#
+ # @return [Boolean]
+ # Indicates whether a vulnerability was discovered in the URL.
+ #
def process_url(url)
+ unless url.start_with?('http://') || url.start_with?('https://')
+ print_error("URL must start with http:// or https://: #{url.inspect}")
+ exit(-1)
+ end
+
+ vuln_discovered = false
+
if @scan_mode == :first
if (first_vuln = test_url(url))
log_vuln(first_vuln)
+
+ vuln_discovered = true
end
else
scan_url(url) do |vuln|
log_vuln(vuln)
+
+ vuln_discovered = true
end
end
+
+ return vuln_discovered
end
#
# The keyword arguments for {WebVuln.scan}.
#
@@ -293,18 +331,18 @@
kwargs[:query_params] = @test_query_params
elsif @test_all_query_params
kwargs[:query_params] = true
end
- kwargs[:header_names] = @test_header_names if @test_header_names
+ kwargs[:header_names] = @test_header_names if @test_header_names
if @test_cookie_params
kwargs[:cookie_params] = @test_cookie_params
elsif @test_all_cookie_params
kwargs[:cookie_params] = true
end
- kwargs[:form_params] = @test_form_params if @test_form_params
+ kwargs[:form_params] = @test_form_params if @test_form_params
return kwargs
end
#