- Improved the performance of
ronin-vulns
commands when scanning multiple URLs or a file of URLs by not rebuilding an identical {Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs} for each URL. - Allow the
--cookie "..."
option to be repeated multiple times and merge the cookie strings together. - Allow the
--cookie-param NAME=VALUE
option to be used with the--cookie "..."
option and merge the cookie values together. - Print vulnerable param names in single quotes.
- Fixed a bug in {Ronin::Vulns::SSTI.scan} where when called without
escape:
it would not return all found vulnerabilities. - Fixed a bug in {Ronin::Vulns::SQLI.scan} where repeat requests would be sent
even if
escape_quote:
,escape_parens:
, orterminate:
keyword arguments are given. - Improved {Ronin::Vulns::ReflectedXSS::Context} to detect when the XSS occurs after or inside of an HTML comment.
- Require
ronin-support
~> 1.0, >= 1.0.1
- Validate that given URLs start with either
http://
orhttps://
, and print an error message otherwise. - Print a
No vulnerabilities found
message when no vulnerabilities were discovered.
- Fixed typo in {Ronin::Vulns::CLI::WebVulnCommand#process_url} which effected
the
ronin-vulns lfi
command and others.
- Initial release:
- Require
ruby
>= 3.0.0. - Supports testing for:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP
- ASP Class / ASP.NET
- JSP
- ColdFusion
- Perl
- SQL Injection (SQLi)
- Reflected Cross Site Scripting (XSS)
- Server Side Template Injection (SSTI)
- Open Redirects
- Supports testing:
- URL query parameters.
- HTTP Headers.
- HTTP
Cookie
parameters. - Form parameters.
- Require