·
7 commits
to main
since this release
v0.2.0
postmodern
Postmodern
This tag was signed with the committer’s verified signature.
postmodern
Postmodern
- Require ronin-db ~> 0.2
- Added
Ronin::Vulns::Importer. - Added the
user_agent:keyword argument toRonin::Vulns::WebVuln#initialize. - Added
Ronin::Vulns::WebVuln#user_agent. - Added
Ronin::Vulns::CommandInjection. - Added the
command_injection:keyword argument toRonin::Vulns::URLScanner.scan. - Added
Ronin::Vulns::RFI#script_lang. - Support inferring the
Ronin::Vulns::RFI#script_langfrom the URL given toRonin::Vulns::RFI#initialize. - Bruteforce test every different kind of RFI test URL in
Ronin::Vulns::RFI#vulnerable?if a test script URL was not given or theRonin::Vulns::RFI#script_langcannot be inferred from the given URL. - Allow the
escape_type:keyword argument forRonin::Vulns::SSTI#initializeto accept a Symbol value to specify the specific Server-Side-Template-Injection interpolation syntax::double_curly_braces-expression:dollar_curly_braces-$expression``:dollar_double_curly_braces- `$``expression```:pound_curly_braces-#expression``:angle_brackets_percent-<%= expression %>
CLI
- Added the
ronin-vulns command-injectioncommand. - Added the
ronin-vulns irbcommand. - Added the
ronin-vulns completioncommand to install shell completion files for allronin-vulnscommands for Bash and Zsh shells. - Added the
-H,--request-methodoption to all commands. - Added the
--user-agentand--user-agent-stringoptions to all commands. - Added the
--test-all-form-paramsoption to all commands. - Added the
--print-curland--print-httpoptions to all commands. - Added the
--importoption to all commands. - Print a summary of all vulnerabilities found after scanning a URL, in addition to logging messages indicating when a new vulnerability has just been found.
- Use hyphenated values for the
--lfi-filter-bypassoption in theronin-vulns scancommand and--filter-bypassoption in theronin-vulns lficommand.