Implement views, routes and worker for RoninVulns (#64)

Gemfile

@@ -25,7 +25,8 @@ gem 'ronin-db-activerecord', '~> 0.2', github: 'ronin-rb/ronin-db-activerecord',
 
 gem 'ronin-payloads',   '~> 0.1', github: 'ronin-rb/ronin-payloads'
 # gem 'ronin-exploits',   '~> 1.0', github: 'ronin-rb/ronin-exploits'
-# gem 'ronin-vulns',      '~> 0.1', github: 'ronin-rb/ronin-vulns'
+gem 'ronin-vulns',      '~> 0.2', github: 'ronin-rb/ronin-vulns',
+                                  branch: '0.2.0'
 gem 'ronin-web-spider', '~> 0.2', github: 'ronin-rb/ronin-web-spider',
                                   branch: '0.2.0'
 gem 'ronin-recon',      '~> 0.1', github: 'ronin-rb/ronin-recon'

app.rb

@@ -43,6 +43,7 @@
 require 'ronin/app/validations/masscan_params'
 require 'ronin/app/validations/import_params'
 require 'ronin/app/validations/spider_params'
+require 'ronin/app/validations/vulns_params'
 
 # schema builders
 require 'ronin/app/schemas/payloads/encoders/encode_schema'
@@ -62,6 +63,7 @@
 require './workers/import'
 require './workers/spider'
 require './workers/recon'
+require './workers/vulns'
 
 require 'ronin/app/version'
 require 'sidekiq/api'
@@ -331,6 +333,7 @@ class App < Sinatra::Base
     @software_count             = Ronin::DB::Software.count
     @software_vendor_count      = Ronin::DB::SoftwareVendor.count
     @oses_count                 = Ronin::DB::OS.count
+    @vulns_count                = Ronin::DB::WebVuln.count
 
     erb :db
   end
@@ -660,6 +663,22 @@ class App < Sinatra::Base
     end
   end
 
+  get '/db/vulns' do
+    @pagy, @vulns = pagy(Ronin::DB::WebVuln)
+
+    erb :"db/vulns/index"
+  end
+
+  get '/db/vulns/:id' do
+    @vuln = Ronin::DB::WebVuln.find(params[:id])
+
+    if @vuln
+      erb :"db/vulns/show"
+    else
+      halt 404
+    end
+  end
+
   get '/recon' do
     erb :recon
   end
@@ -774,6 +793,28 @@ class App < Sinatra::Base
     end
   end
 
+  get '/vulns' do
+    erb :vulns
+  end
+
+  post '/vulns' do
+    result = Validations::VulnsParams.call(params)
+
+    if result.success?
+      @jid = Workers::Vulns.perform_async(result.to_h)
+
+      url = result[:url]
+
+      flash[:success] = "Vulnerabilities scanner of URL #{url} enqueued"
+      redirect '/vulns'
+    else
+      @errors = result.errors
+
+      flash[:danger] = 'Failed to submit vulnerabilities scan!'
+      halt 400, erb(:vulns)
+    end
+  end
+
   get '/about' do
     @lockfile = Bundler::LockfileParser.new(File.read(Bundler.default_lockfile))
 

config/sidekiq.yml

@@ -9,3 +9,4 @@
   - scan
   - import
   - spider
+  - vulns

gemspec.yml

@@ -42,7 +42,7 @@ dependencies:
   ronin-db: ~> 0.2
   ronin-payloads: ~> 0.1
   ronin-exploits: ~> 1.0
-  ronin-vulns: ~> 0.1
+  ronin-vulns: ~> 0.2
   ronin-web-spider: ~> 0.2
   ronin-nmap: ~> 0.1
   ronin-masscan: ~> 0.1

lib/ronin/app/types/vulns.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+#
+# ronin-app - a local web app for Ronin.
+#
+# Copyright (C) 2023 Hal Brodigan ([email protected])
+#
+# ronin-app is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-app is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with ronin-app.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'ronin/app/types'
+
+module Ronin
+  module App
+    module Types
+      #
+      # Types for {Validations::VulnsParams}.
+      #
+      module Vulns
+        module LFI
+          # The type of OS
+          OSType = Types::Symbol.enum(
+            unix:    'unix',
+            windows: 'windows'
+          )
+
+          # The lfi filter bypass technique type
+          FilterBypassType = Types::Symbol.enum(
+            null_byte:     'null_byte',
+            double_escape: 'double_escape',
+            base64:        'base64',
+            rot13:         'rot13',
+            zlib:          'zlib'
+          )
+        end
+
+        module RFI
+          # The rfi filter bypass technique type
+          FilterBypassType = Types::Symbol.enum(
+            null_byte: 'null_byte',
+            double_encode: 'double_encode',
+            suffix_escape: 'suffix_escape'
+          )
+        end
+
+        module SSTI
+          # The type of SSTI escape expression
+          EscapeType = Types::Symbol.enum(
+            double_curly_braces:        'double_curly_braces',
+            dollar_curly_braces:        'dollar_curly_braces',
+            dollar_double_curly_braces: 'dollar_double_curly_braces',
+            pound_curly_braces:         'pound_curly_braces',
+            angle_brackets_percent:     'angle_brackets_percent'
+          )
+        end
+      end
+    end
+  end
+end

lib/ronin/app/validations/vulns_params.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+#
+# ronin-app - a local web app for Ronin.
+#
+# Copyright (C) 2023 Hal Brodigan ([email protected])
+#
+# ronin-app is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-app is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with ronin-app.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'dry/validation'
+require 'ronin/app/types/vulns'
+
+module Ronin
+  module App
+    module Validations
+      #
+      # Validations for form params submitted to `POST /vulns`.
+      #
+      class VulnsParams < Dry::Validation::Contract
+
+        params do
+          required(:url).filled(:string)
+
+          optional(:lfi).hash do
+            optional(:os).maybe(Types::Vulns::LFI::OSType)
+            optional(:depth).maybe(:integer)
+            optional(:filter_bypass).maybe(Types::Vulns::LFI::FilterBypassType)
+          end
+
+          optional(:rfi).hash do
+            optional(:filter_bypass).maybe(Types::Vulns::RFI::FilterBypassType)
+            optional(:test_script_url).maybe(:string)
+          end
+
+          optional(:sqli).hash do
+            optional(:escape_quote).maybe(:bool)
+            optional(:escape_parens).maybe(:bool)
+            optional(:terminate).maybe(:bool)
+          end
+
+          optional(:ssti).hash do
+            optional(:escape).maybe(Types::Vulns::SSTI::EscapeType)
+          end
+
+          optional(:open_redirect).hash do
+            optional(:test_url).maybe(:string)
+          end
+        end
+
+        #
+        # Initializes and calls the validation contract.
+        #
+        # @param [Hash{String => Object}] params
+        #   The HTTP params to validate.
+        #
+        # @return [Dry::Validation::Result]
+        #   The validation result.
+        #
+        def self.call(params)
+          new.call(params)
+        end
+
+      end
+    end
+  end
+end

spec/validations/vulns_params_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'ronin/app/validations/vulns_params'
+
+describe Ronin::App::Validations::VulnsParams do
+  describe "rules" do
+    describe ":url" do
+      it "must require a :url key" do
+        result = subject.call({})
+
+        expect(result).to be_failure
+        expect(result.errors[:url]).to eq(["is missing"])
+      end
+    end
+  end
+
+  describe ".call" do
+    subject { described_class }
+
+    it "must initialize #{described_class} and call #call" do
+      expect(subject.call({})).to be_kind_of(Dry::Validation::Result)
+    end
+  end
+end

spec/workers/vulns_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+require './workers/nmap'
+
+describe Workers::Nmap do
+  describe "Params" do
+    subject { described_class::Params }
+
+    describe ":url" do
+      it "must require :url key" do
+        result = subject.call({})
+
+        expect(result).to be_failure
+        expect(result.errors[:targets]).to eq(["is missing"])
+      end
+    end
+  end
+end

views/db.erb

@@ -44,6 +44,12 @@
       <a href="/db/services">Services (<%=h @service_count %>)</a>
     </p>
   </div>
+
+  <div class="box column is-one-quarter">
+    <p>
+      <a href="/db/vulns">Vulnerabilities (<%=h @vulns_count %>)</a>
+    </p>
+  </div>
 </div>
 
 <div class="columns">

views/db/vulns/index.erb

@@ -0,0 +1,16 @@
+<% content_for :breadcrumbs  do %>
+  <nav class="breadcrumb" aria-label="breadcrumbs">
+    <ul>
+      <li><a href="/">Home</a></li>
+      <li><a href="/db">Database</a></li>
+    </ul>
+  </nav>
+<% end %>
+
+<h1>Vulnerabilities</h1>
+
+<% @vulns.each do |vuln| %>
+  <p><a href="/db/vulns/<%=h vuln.id %>"><%=h vuln.url %></a></p>
+<% end %>
+
+<%= partial(:pagination, pagy: @pagy) %>