- Notifications
You must be signed in to change notification settings - Fork19
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
License
ronin-rb/ronin-vulns
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
ronin-vulns is a Ruby library for blind vulnerability testing. It currentlysupports testing for Local File Inclusion (LFI), Remote File Inclusion (RFI),SQL injection (SQLi), reflective Cross Site Scripting (XSS), Server SideTemplate Injection (SSTI), and Open Redirects.
ronin-vulns is part of theronin-rb project, aRuby toolkit for securityresearch and development.
- Supports testing for:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP
- ASP Class / ASP.NET
- JSP
- ColdFusion
- Perl
- SQL Injection (SQLi)
- Reflected Cross Site Scripting (XSS)
- Server Side Template Injection (SSTI)
- Open Redirects
- Supports testing:
- URL query parameters.
- HTTP Headers.
- HTTP
Cookieparameters. - Form parameters.
- Has 96% documentation coverage.
- Has 99% test coverage.
Usage: ronin-vulns [options] [COMMAND [ARGS...]]Options: -h, --help Print help informationArguments: [COMMAND] The command name to run [ARGS ...] Additional arguments for the commandCommands: completion help irb lfi open-redirect reflected-xss, xss rfi scan sqli sstiTest a URL for any web vulnerabilities:
$ ronin-vulns scan"http://www.example.com/page.php?lang=en"Test a URL for Remote File Inclusion (RFI):
$ ronin-vulns rfi"http://www.example.com/page.php?lang=en"Test a URL for Local File Inclusion (LFI):
$ ronin-vulns lfi"http://www.example.com/page.php?lang=en"Test a URL for SQL injection (SQLi):
$ ronin-vulns sqli"http://testphp.vulnweb.com/listproducts.php?cat=1"Test a URL for Server Side Template Injection (SSTI):
$ ronin-vulns sqli"http://www.example.com/page.php?lang=en"Test a URL for Open Redirects:
$ ronin-vulns open-redirect"http://www.example.com/page.php?lang=en"Test a URL for reflected Cross Site Scripting (XSS):
$ ronin-vulns reflected-xss"http://www.example.com/page.php?lang=en"Test a URL for any web vulnerability:
require'ronin/vulns/url_scanner'vuln=Ronin::Vulns::URLScanner.test('http://www.example.com/page.php?lang=en')# => #<Ronin::Vulns::SQLI: ...>
Scan a URL for all web vulnerabilities:
require'ronin/vulns/url_scanner'vulns=Ronin::Vulns::URLScanner.scan('http://www.example.com/page.php?lang=en')do |vuln|puts"Found#{vuln.class} on#{vuln.url} query param#{vuln.query_param}"end# => [#<Ronin::Vulns::SQLI: ...>, #<Ronin::Vulns::ReflectedXSS: ...>, ...]
Test a URL for Remote File Inclusion (RFI):
require'ronin/vulns/rfi'vuln=Ronin::Vulns::RFI.test('http://www.example.com/page.php?lang=en')# => #<Ronin::Vulns::RFI: ...>
Finds all Remote File Inclusion (RFI) vulnerabilities for a given URL:
vulns=Ronin::Vulns::RFI.scan('http://www.example.com/page.php?lang=en')# => [#<Ronin::Vulns::RFI: ...>, ...]vulns=Ronin::Vulns::RFI.scan('http://www.example.com/page.php?lang=en')do |vuln|puts"Found RFI on#{vuln.url} query param#{vuln.query_param}"end# => [#<Ronin::Vulns::RFI: ...>, ...]
Test a URL for Local File Inclusion (LFI):
require'ronin/vulns/lfi'vuln=Ronin::Vulns::LFI.test('http://www.example.com/page.php?lang=en')# => #<Ronin::Vulns::LFI: ...>
Finds all Local File Inclusion (LFI) vulnerabilities for a given URL:
vulns=Ronin::Vulns::LFI.scan('http://www.example.com/page.php?lang=en')# => [#<Ronin::Vulns::LFI: ...>, ...]vulns=Ronin::Vulns::LFI.scan('http://www.example.com/page.php?lang=en')do |vuln|puts"Found LFI on#{vuln.url} query param#{vuln.query_param}"end
Test a URL for SQL Injection (SQLi):
require'ronin/vulns/sqli'vuln=Ronin::Vulns::SQLI.test('http://testphp.vulnweb.com/listproducts.php?cat=1')# => #<Ronin::Vulns::SQLI: ...>
Finds all Server Side Template Injection (SQLI) vulnerabilities for a given URL:
vulns=Ronin::Vulns::SQLI.scan('http://testphp.vulnweb.com/listproducts.php?cat=1')# => [#<Ronin::Vulns::SQLI: ...>, ...]vulns=Ronin::Vulns::SQLI.scan('http://testphp.vulnweb.com/listproducts.php?cat=1')do |vuln|puts"Found SQLi on#{vuln.url} query param#{vuln.query_param}"end# => [#<Ronin::Vulns::SQLI: ...>, ...]
Test a URL for Server Side Template Injection (SSTI):
require'ronin/vulns/ssti'vuln=Ronin::Vulns::SSTI.test('http://www.example.com/page.php?lang=en')# => #<Ronin::Vulns::SSTI: ...>
Finds all Server Side Template Injection (SSTI) vulnerabilities for a given URL:
vulns=Ronin::Vulns::SSTI.scan('http://www.example.com/page.php?lang=en')# => [#<Ronin::Vulns::SSTI: ...>, ...]vulns=Ronin::Vulns::SSTI.scan('http://www.example.com/page.php?lang=en')do |vuln|puts"Found SSTI on#{vuln.url} query param#{vuln.query_param}"end# => [#<Ronin::Vulns::SSTI: ...>, ...]
Test a URL for an (Reflected) Cross Site Scripting (XSS) vulnerability:
require'ronin/vulns/reflected_xss'vuln=Ronin::Vulns::ReflectedXSS.test('http://www.example.com/page.php?lang=en')# => #<Ronin::Vulns::ReflectedXSS: ...>
Finds all (Reflected) Cross Site Scripting (XSS) vulnerabilities for a givenURL:
vulns=Ronin::Vulns::ReflectedXSS.scan('http://www.example.com/page.php?lang=en')# => [#<Ronin::Vulns::ReflectedXSS: ...>, ...]vulns=Ronin::Vulns::ReflectedXSS.scan('http://www.example.com/page.php?lang=en')do |vuln|puts"Found ReflectedXSS on#{vuln.url} query param#{vuln.query_param}"end# => [#<Ronin::Vulns::ReflectedXSS: ...>, ...]
Test a URL for an Open Redirect vulnerability:
require'ronin/vulns/open_redirect'vuln=Ronin::Vulns::OpenRedirect.test('http://www.example.com/page.php?lang=en')# => #<Ronin::Vulns::OpenRedirect: ...>
Finds all Open Redirect vulnerabilities for a given URL:
vulns=Ronin::Vulns::OpenRedirect.scan('http://www.example.com/page.php?lang=en')# => [#<Ronin::Vulns::OpenRedirect: ...>, ...]vulns=Ronin::Vulns::OpenRedirect.scan('http://www.example.com/page.php?lang=en')do |vuln|puts"Found OpenRedirect on#{vuln.url} query param#{vuln.query_param}"end# => [#<Ronin::Vulns::OpenRedirect: ...>, ...]
- Ruby >= 3.0.0
- base64 ~> 0.1
- ronin-support ~> 1.0
- ronin-core ~> 0.2
- ronin-db ~> 0.2
$ gem install ronin-vulns
gem'ronin-vulns','~> 0.1'
gem.add_dependency'ronin-vulns','~> 0.1'
- Fork It!
- Clone It!
cd ronin-vulns/./scripts/setupgit checkout -b my_feature- Code It!
bundle exec rake specgit push origin my_feature
Copyright (c) 2022-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
ronin-vulns is free software: you can redistribute it and/or modifyit under the terms of the GNU Lesser General Public License as publishedby the Free Software Foundation, either version 3 of the License, or(at your option) any later version.
ronin-vulns is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See theGNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public Licensealong with ronin-vulns. If not, seehttps://www.gnu.org/licenses/.
About
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
