- Improved the performance of
ronin-vulnscommands when scanning multiple URLs or a file of URLs by not rebuilding an identical {Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs} for each URL. - Allow the
--cookie "..."option to be repeated multiple times and merge the cookie strings together. - Allow the
--cookie-param NAME=VALUEoption to be used with the--cookie "..."option and merge the cookie values together. - Print vulnerable param names in single quotes.
- Fixed a bug in {Ronin::Vulns::SSTI.scan} where when called without
escape:it would not return all found vulnerabilities. - Fixed a bug in {Ronin::Vulns::SQLI.scan} where repeat requests would be sent
even if
escape_quote:,escape_parens:, orterminate:keyword arguments are given. - Improved {Ronin::Vulns::ReflectedXSS::Context} to detect when the XSS occurs after or inside of an HTML comment.
- Require
ronin-support~> 1.0, >= 1.0.1
- Validate that given URLs start with either
http://orhttps://, and print an error message otherwise. - Print a
No vulnerabilities foundmessage when no vulnerabilities were discovered.
- Fixed typo in {Ronin::Vulns::CLI::WebVulnCommand#process_url} which effected
the
ronin-vulns lficommand and others.
- Initial release:
- Require
ruby>= 3.0.0. - Supports testing for:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP
- ASP Class / ASP.NET
- JSP
- ColdFusion
- Perl
- SQL Injection (SQLi)
- Reflected Cross Site Scripting (XSS)
- Server Side Template Injection (SSTI)
- Open Redirects
- Supports testing:
- URL query parameters.
- HTTP Headers.
- HTTP
Cookieparameters. - Form parameters.
- Require