Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ronin-rb/ronin-vulns

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
https://github.com/ronin-rb/ronin-vulns

Added the `ronin-vulns reflected-xss` command (closes #25).

e400c8b945e47a2043d1521cba4a8e7a33d32b9b authored about 2 years ago
Added the `ronin-vulns open-redirect` command (closes #26).

b4cc5f7758f5443134469fc6d9ccff5961c26eac authored about 2 years ago
Added the `ronin-vulns ssti` command (closes #24).

84d389c7266111ea13f88a552de49b5c970fecea authored about 2 years ago
Added the `ronin-vulns sqli` command (closes #23).

72ecbdcca0f24a2913e1f35988d4d821a69740f1 authored about 2 years ago
Added the `ronin-vulns rfi` command (closes #22).

af7e3848642abfed64cbb657fd5af72fe9cfc036 authored about 2 years ago
Added the `ronin-vulns lfi` command (closes #21).

8b907497e511f8fc82bd565113e8a3fdff557858 authored about 2 years ago
Added `--test-all-query-params` and `--test-all-cookie-params` options.

aed5126f83e42c3074d0c80c8eada8d2073dd9fb authored about 2 years ago
Correct `--test-*` option names.

a9bbc30970f7c20809d5bcba3656a141d95e9990 authored about 2 years ago
Improve wording of option descriptions.

3b9cf30d79d2f5be500272212655261b41ff141b authored about 2 years ago
Ensure the `Name: value` usage is quoted.

0bf8f411021a4a197b179b054e42be60b1a0e63c authored about 2 years ago
Add `kramdown-man` to generate man pages.

b5bcc8a839e551cd5109c8fb88950ea5a28b9cdf authored about 2 years ago
Added `CLI::WebVulnCommand`.

3d72f0b02f876dcae879e6444a456984f9374f4d authored about 2 years ago
Updated the YARD params for `scan` and `test`.

f5808bb7ddcd249f1095af5bf8efe159333ae59f authored about 2 years ago
Add missing specs for `CLI::Command`.

ca604a035fd40f37097218293d534362b21276c2 authored about 2 years ago
Added `CLI::Printing`.

752bc493cf10394d0f57b09dd82a59164850a65e authored about 2 years ago
Allow disabling certain web vuln classes in `URLScanner.scan`.

f1f0a0f8b8c90840f7287234b8cd1586dd657697 authored about 2 years ago
Added the `script_lang:` keyword argument to `RFI#initialize`.

d113485d4dd6bea531ce0aca0778146f0f7643e3 authored about 2 years ago
Added `SSTI::TestExpression.parse`.

a539a1c5ac27a6ef4016cebf25b9599234dba6cf authored about 2 years ago
Added `SSTI::TestExpression`.

d1c8753fde7061093c38c1b91be823ddeff0c031 authored about 2 years ago
Prefix `boot.ini` with a `\` directory spearator so it gets escaped.

70eb07ef85044591188242155d1c2d1a8f13f872 authored about 2 years ago
Fixed project name.

26f3c239a1d6408980df3d777b7a7860e6e7b8e5 authored about 2 years ago
Added the `.vuln_type` method that will be used for printing vulns.

ba28a69a1cad0abc2b8cfad46a0be9a485c30c8c authored about 2 years ago
Added a `Ronin::Vulns::Vuln` base class.

bb05cd6f829330cbd7c57d6343edac4018be79ae authored about 2 years ago
Set the gemspec metadata.

c2b1b8458223e557114f791ebd958cd5724dce43 authored about 2 years ago
Added `LFI::DEFAULT_DEPTH`.

e6e0c6a8ee6cc05c49ad91497cd977e923fb1b6d authored about 2 years ago
Added missing examples for `ReflectedXSS`.

04ea398c0fd4a361f70f26af6d8f6eafe1be66ec authored about 2 years ago
Added examples for `URLScanner`.

a144a134d7552bf81bbe3d12806c88e3531bff9a authored about 2 years ago
Added `URLScanner` (closes #18).

e6481d050d4a96e1658a96f3e3a312f06bb63c7f authored about 2 years ago
Ensure that `WebVuln.test` returns `nil` if no vulns were found.

0446e15604b3c52367f895670fcac95ad385e11f authored about 2 years ago
Adjust documentation wording.

547d2f950fdbb26b1a17dd6644627ea304272537 authored about 2 years ago
Fixed a YARD type.

578edcb51861aefe1f646fd90c65234ba4d81c31 authored about 2 years ago
Added a missing `@param` tag.

44da0c9d9e21b54076d74aa43a1cb2b179b5a3db authored about 2 years ago
Removed HTML escaped characters from Regexp character ranges.

a6d69369e95bb14c5073bcf256dd16c5d4c3c134 authored about 2 years ago
Added an example for `Ronin::Vulns::SQLI`.

225eba5f6d9b3c4a41cb446615f58cbd02ec0d47 authored about 2 years ago
Fixed copy/pasted examples.

e0b80fff7ebcd6aced5a3762a8757dea156fb063 authored about 2 years ago
Added `Ronin::Vulns::SQLI` (closes #6).

8ccb414c0653819a8ce706be58eddc32f1f9e7e7 authored about 2 years ago
Use separate rspec let variables for the input payload and the escpaed payload.

c879b93a632ed952f67e8bf9ce470b93723c978a authored about 2 years ago
Indentation.

54d96e5947ac5798292a3f7d7af2824a9a4accd4 authored about 2 years ago
Convert Symbol param names into Strings for `WebVuln#original_value`.

f4c5cc362d867cd8bfeefe422bc3b9f1ceef5488 authored about 2 years ago
Fixed a bug in `WebVuln#original_value`.

e96f04ded0041cf457556595ffeb35de4b6c0be0 authored about 2 years ago
Added a missing `@param` tag.

aa5df1a29c9707eef92efac66eadd762fb283720 authored about 2 years ago
Fixed some YARD types.

2b07b60fde5e01cc5d75119fd7b486b60ca3f06d authored about 2 years ago
Fixed a bug where `WebVuln#user` and `#password` were not being set.

b6c5ff7f62e9cf4b2231e96ce522aea27ce7ee05 authored about 2 years ago
Added `WebVuln#request`.

83c73d851e961f510ad05302e6b679c90d5e0e2d authored about 2 years ago
Switch to command_kit 0.4.0.

ccfe4e3c3576dbe99f46311c1957d1b271af411b authored about 2 years ago
Set the `bug_report_url`.

ba6981d7f9d709a6c2fe5b50a3685a5a905dda5d authored about 2 years ago
Add missing comments to the `CLI` class.

fce531896f33b65a19e13a9f856beec4ce0d846b authored about 2 years ago
Added `stackprof` to the `Gemfile`.

1b790a3876007e21ec43e3e83f0b435c0aa73c1a authored over 2 years ago
Added `sord` to the `Gemfile`.

667acf8fbc7b306fcb3d95f182a8f19829b75dc2 authored over 2 years ago
Alignment.

88c66533966878f2d2f3de5991dbbd6c1566d76c authored over 2 years ago
Copy/pasted `@option` tags for `WebVuln.scan` and `WebVuln.test`.

df930846615a4882bc282862fb66f6e58e713867 authored over 2 years ago
Renamed `Ronin::Vulns::Web` to `Ronin::Vulns::WebVuln`.

fe9ec80ddd788a2ed589275bc72a6a29ac9d809b authored over 2 years ago
Added `CLI::Command`.

9f38bf4348ee89d8df30daf2a8e69401ca549bc5 authored over 2 years ago
Added `Ronin::Vulns::ROOT`.

cd9b21e50219dd8b233df2d9167850c7866562e9 authored over 2 years ago
Added the `ronin-vulns` command (closes #16).

dd4bb90bb43ee8a31153f160c2ddf7c9e4ff2528 authored over 2 years ago
Added `ronin-core` as a dependency.

a21f3001b931252fcf5033405b9675e8972bfd38 authored over 2 years ago
Use `MatchData#captures` to be more succinct.

0d3b7e79188d89de9cbf0a9275b4dd8aa69afc29 authored over 2 years ago
Use a better workaround for TruffleRuby.

* This avoids creating another Array object.
* TruffleRuby does apparently support passing a Ran...

b7f472e527619f6fab70e8a44d0895f8904214a9 authored over 2 years ago
Added `forzen_string_literal: true` to `ReflectedXSS` files.

5f934de47ec6d7473bd806a7e9c86f7daceb2488 authored over 2 years ago
Workaround TruffleRuby's `MatchData#[]` not supporting Range arguments.

562d8b2855e37ebb080ab74ccb9513f9ca343857 authored over 2 years ago
Added `ReflectedXSS` (closes 7).

323e0e64035f512c637aff9f1fd2ab1e92db3ba4 authored over 2 years ago
Fixed a bug in `RFI#initialize`.

89f9b7dddcab8500f9f36d458526a5389d815a74 authored over 2 years ago
Exclude the test files from the built gem.

* Some security scanners may erronously flag the test files, thinking
they are production code...

c64b2566ab39c6c81aa6aa640317f98d23c1016e authored over 2 years ago
Capitalize.

64c4bd7d295d928dbf174f35e0fe32c733dfa035 authored over 2 years ago
Add support for escaping any appended suffixes using a `#` character.

* The anything after the `#` character is parsed as the URI fragment,
and is not sent to the w...

11cce71989b2ab43f85741b62ccc59625cb8a414 authored over 2 years ago
Add a note about how the null byte trick was fix in PHP 5.3.

0810e070b8eee93205b61ac31657323d043e7643 authored over 2 years ago
Mention `:null_byte` last as it's an outdated filter bypass.

09c17d82b149e6c91c8e5873d6c90b9556c342cf authored over 2 years ago
Style.

c651349f16ee0e91b07308f79787fc27c66f6789 authored over 2 years ago
Only parse the given `url` once.

e0da451d320742d6b2708da2d88c7df810152129 authored over 2 years ago
Mention the various scripting languages that can be tested.

325148446b11a44c594228d6d3522f8534f8d8d7 authored over 2 years ago
Replaced `TEST_SCRIPT_URL` with `TEST_SCRIPT_URLS` and `test_script_for`.

bc451771f36462d053c2a926caa84dc7486fa336 authored over 2 years ago
Added a basic Perl RFI test script (closes #15).

ad7fd39fec9822045dcda70d36a0f0b57090f018 authored over 2 years ago
Map `aspx` to `:asp_net`.

d759285d6611bfb1dca30848c16a4215ae30e0a7 authored over 2 years ago
Added a ASP.NET (aspx) RFI test script (closes #12).

b80210363aadbfc874787b3461c6d367f02840a3 authored over 2 years ago
Added a RFI test script for ASP Classic (closes #13).

edfc493e65ba0867b8c5f2aa37b2877e4e192cff authored over 2 years ago
Added a ColdFusion RFI test script (closes #14).

a5800b93dbb18f4f8eed1dabf35538d765f93d7d authored over 2 years ago
Added a RFI test script for JSP (closes #11).

5391e04c5e4f81373f10c460d5c121e99ee007a4 authored over 2 years ago
Added `RFI.infer_scripting_lang`.

d11dd576c082db61c5ed6cdd0c86058bac1d387a authored over 2 years ago
Added `RFI::URL_EXTS` to eventually determine the type of language of the page.

3fa125c67516a7c13c5b07568ad2f8fd7e7af85f authored over 2 years ago
Added some CSS to the RFI test script in case anyone manually views the result.

b450b1df38bff9a5de5080af67d618769046931d authored over 2 years ago
Use PHP's `strrev` to test whether the RFI payload was evaluated.

56d4b0b74ec844c1b33939d9ab465fcbeed34c20 authored over 2 years ago
Forgot to commit the RFI test script.

8b9894863a51487a633e975ad9c5c24bf78f87ac authored over 2 years ago
Fix the RFI test script URL.

dd18ce830dba9290f841161dcd50bc2fbe37b33d authored over 2 years ago
Improve the `OpenRedirect` meta refresh Regexp to match malformed HTML.

f2a3e52b5d940a83323043ee4fd9da656e065125 authored over 2 years ago
Detect the edge-case when the `meta` tag ends with `>` instead of `/>`.

d840bfbd84d3d265d707ba9fedc6091ed3777459 authored over 2 years ago
Fixed a typo in a spec.

12a49e034a7016729e49772addee840f3a521f8e authored over 2 years ago
Embed the `ronin-version` version into the RFI test script URL.

f9fd79586145c92095d4860724d9d2b78e6b4fc3 authored over 2 years ago
Added support for when the `OpenRedirect` URL has additional params appended.

64523206ad7c71db0cd409cf7c29e9c75855a667 authored over 2 years ago
Added examples for using `OpenRedirect`.

24806876cca9b0c67950cbc74e129b79d2bb2338 authored over 2 years ago
Added `OpenRedirect` (closes #10).

804de7c6d0288769e0dea507b9ba157b6113e872 authored over 2 years ago
Fixed a spec title.

9034289bb5007750bdad61b86cf46e2501b3f607 authored over 2 years ago
Added missing specs for `SSTI`.

e7016f3830c1a00b10b0e2c2d34863d03c18e89a authored over 2 years ago
Updated the project URLs.

d4ec00110b8b1b403e1c35c54b510c6c4e7c3297 authored over 2 years ago
Mention that `ronin-vulns` can check for SSTI.

425cfca1a9b92ca75d18437f3741e203d82ea59c authored over 2 years ago
Alignment.

ee93b76ad216aeb6c3346428cfd5efedc36717a5 authored over 2 years ago
Added randomization to `SSTI#vulnerable?` (closes #9).

8ad211007c5768f71c901f9c7acdaa7afaefc9d8 authored over 2 years ago
Added `Web#random_value`.

5cdf9d03a32812a0d9a9df463ad857f582ef1856 authored over 2 years ago
Added `Web#original_value`.

5abaab2d7d4d9237dcd4c52675e657b2f2eb5381 authored over 2 years ago
Fixed examples.

1a368a6e255c283f2dee41d2466a16bb62c302d5 authored over 2 years ago
Added examples for using `Ronin::Vulns::SSTI`.

e3a99b5daa985ce73191b351f11917e8ae1de403 authored over 2 years ago