lib/ronin/vulns/url_scanner.rb in ronin-vulns-0.1.5 vs lib/ronin/vulns/url_scanner.rb in ronin-vulns-0.2.0.rc1
- old
+ new
@@ -1,10 +1,10 @@
# frozen_string_literal: true
#
# ronin-vulns - A Ruby library for blind vulnerability testing.
#
-# Copyright (c) 2022-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# ronin-vulns is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
@@ -22,10 +22,11 @@
require 'ronin/vulns/rfi'
require 'ronin/vulns/sqli'
require 'ronin/vulns/ssti'
require 'ronin/vulns/reflected_xss'
require 'ronin/vulns/open_redirect'
+require 'ronin/vulns/command_injection'
module Ronin
module Vulns
#
# Top-level module which scans a URL for all web vulnerabilities.
@@ -156,10 +157,13 @@
# Additional options for {OpenRedirect.scan}.
#
# @option open_redirect [String] :test_url (OpenRedirect.random_test_url)
# The desired redirect URL to test the URL with.
#
+ # @param [Hash{Symbol => Object}, false] command_injection
+ # Additional options for {CommandInjection.scan}.
+ #
# @yield [vuln]
# If a block is given it will be yielded each discovered web
# vulnerability.
#
# @yieldparam [LFI, RFI, SQLI, SSTI, ReflectedXSS, OpenRedirect] vuln
@@ -172,10 +176,11 @@
rfi: {},
sqli: {},
ssti: {},
reflected_xss: {},
open_redirect: {},
+ command_injection: {},
**kwargs,
&block)
vulns = []
if lfi
@@ -198,9 +203,13 @@
vulns.concat(ReflectedXSS.scan(url,**kwargs,**reflected_xss,&block))
end
if open_redirect
vulns.concat(OpenRedirect.scan(url,**kwargs,**open_redirect,&block))
+ end
+
+ if command_injection
+ vulns.concat(CommandInjection.scan(url,**kwargs,**command_injection,&block))
end
return vulns
end