0.2.0

• Require ronin-db ~> 0.2
• Added Ronin::Vulns::Importer.
• Added the user_agent: keyword argument to Ronin::Vulns::WebVuln#initialize.
• Added Ronin::Vulns::WebVuln#user_agent.
• Added Ronin::Vulns::CommandInjection.
• Added the command_injection: keyword argument to Ronin::Vulns::URLScanner.scan.
• Added Ronin::Vulns::RFI#script_lang.
• Support inferring the Ronin::Vulns::RFI#script_lang from the URL given to Ronin::Vulns::RFI#initialize.
• Bruteforce test every different kind of RFI test URL in Ronin::Vulns::RFI#vulnerable? if a test script URL was not given or the Ronin::Vulns::RFI#script_lang cannot be inferred from the given URL.
• Allow the escape_type: keyword argument for Ronin::Vulns::SSTI#initialize to accept a Symbol value to specify the specific Server-Side-Template-Injection interpolation syntax:
  • :double_curly_braces - expression
  • :dollar_curly_braces - $expression``
  • :dollar_double_curly_braces - `$``expression```
  • :pound_curly_braces - #expression``
  • :angle_brackets_percent - <%= expression %>

CLI

• Added the ronin-vulns command-injection command.
• Added the ronin-vulns irb command.
• Added the ronin-vulns completion command to install shell completion files for all ronin-vulns commands for Bash and Zsh shells.
• Added the -H,--request-method option to all commands.
• Added the --user-agent and --user-agent-string options to all commands.
• Added the --test-all-form-params option to all commands.
• Added the --print-curl and --print-http options to all commands.
• Added the --import option to all commands.
• Print a summary of all vulnerabilities found after scanning a URL, in addition to logging messages indicating when a new vulnerability has just been found.
• Use hyphenated values for the --lfi-filter-bypass option in the ronin-vulns scan command and --filter-bypass option in the ronin-vulns lfi command.

0.1.5

• Improve the accuracy of Ronin::Vulns::OpenRedirect#vulnerable? when detecting open redirects in meta-refresh HTML tags.
  • Match the test URL when it ends with ?..., &..., or &....
  • Detect when the test URL has an additional string appended to it (ex: .html). The appended string can easily be bypassed by adding a ?, &, or # character to the end of the test URL.

0.1.4

CLI

• Improved the performance of ronin-vulns commands when scanning multiple URLs
  or a file of URLs by not rebuilding an identical
  Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs for each URL.
• Allow the --cookie "..." option to be repeated multiple times and merge the
  cookie strings together.
• Allow the --cookie-param NAME=VALUE option to be used with the
  --cookie "..." option and merge the cookie values together.
• Print vulnerable param names in single quotes.

0.1.3

• Fixed a bug in Ronin::Vulns::SSTI.scan where when called without escape:
  it would not return all found vulnerabilities.
• Fixed a bug in Ronin::Vulns::SQLI.scan where repeat requests would be sent
  even if escape_quote:, escape_parens:, or terminate: keyword arguments
  are given.
• Improved Ronin::Vulns::ReflectedXSS::Context to detect when the XSS occurs
  after or inside of an HTML comment. (@quadule)

0.1.2

• Require ronin-support ~> 1.0, >= 1.0.1

0.1.1

• Fixed typo in Ronin::Vulns::CLI::WebVulnCommand#process_url which effected
  the ronin-vulns lfi command and others.

0.1.0

• Initial release:
  • Require ruby >= 3.0.0.
  • Supports testing for:
    • Local File Inclusion (LFI)
    • Remote File Inclusion (RFI)
      • PHP
      • ASP Class / ASP.NET
      • JSP
      • ColdFusion
      • Perl
    • SQL Injection (SQLi)
    • Reflected Cross Site Scripting (XSS)
    • Server Side Template Injection (SSTI)
    • Open Redirects
  • Supports testing:
    • URL query parameters.
    • HTTP Headers.
    • HTTP Cookie parameters.
    • Form parameters.