ronin-exploits
ronin-exploits copied to clipboard
ronin-rb
A Ruby micro-framework for writing and running exploits
We need a Web Exploit (similar to [LFI](https://github.com/ronin-ruby/ronin-exploits/blob/master/lib/ronin/exploits/lfi.rb)) for scanning and crafting XSS.
Add a `Ronin::Exploits::Mixins::HTML` for building HTML.
Add [ronin-c2](https://github.com/ronin-rb/ronin-c2) to `gemspec.yml` as a dependency. The `Ronin::Exploits` classes may include `Ronin::C2` functionality (ex: LFI exploit may provide the file-read capability).
Ronin now requires Ruby >= 3.0. Re-enable JRuby in the CI matrix once JRuby achieves 3.0 support.
Measure the memory footprint of `ronin/exploits` fully loaded and mention it as a Feature in the README.
Add rubocop to the repository. * Add the rubocop gem to the Gemfile. * Train rubocop on the existing code (`rubocop --auto-gen-config`) and try to fix as many 1-2 time...
Add a `db_each_table` / `db_each_column` methods to [Ronin::Exploits::SQLi](https://github.com/ronin-ruby/ronin-exploits/blob/master/lib/ronin/exploits/sqli.rb) which can [enumerate the tables/columns in the database](http://socketready.com/2011/06/23/basic-sql-injection/#names).
Exploits currently use [Ronin::Script::Testable](https://github.com/ronin-ruby/ronin/blob/master/lib/ronin/script/testable.rb) and [Ronin::Exploits::Tests](https://github.com/ronin-ruby/ronin-exploits/blob/master/lib/ronin/exploits/tests.rb), which provides methods for testing data and raising exceptions. @mephux mentioned a need for more specific test/validation methods (ex: `validates_is_running /WuFTP/`).
[Ronin::Exploits::Helpers::FormatString](https://github.com/ronin-ruby/ronin-exploits/blob/master/lib/ronin/exploits/helpers/format_string.rb) should be checked against the [libformatstr](https://github.com/hellman/libformatstr) library.