Releases: ronin-rb/ronin-vulns
Releases · ronin-rb/ronin-vulns
0.1.4
CLI
- Improved the performance of
ronin-vulns
commands when scanning multiple URLs
or a file of URLs by not rebuilding an identical
Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs
for each URL. - Allow the
--cookie "..."
option to be repeated multiple times and merge the
cookie strings together. - Allow the
--cookie-param NAME=VALUE
option to be used with the
--cookie "..."
option and merge the cookie values together. - Print vulnerable param names in single quotes.
0.1.3
- Fixed a bug in
Ronin::Vulns::SSTI.scan
where when called withoutescape:
it would not return all found vulnerabilities. - Fixed a bug in
Ronin::Vulns::SQLI.scan
where repeat requests would be sent
even ifescape_quote:
,escape_parens:
, orterminate:
keyword arguments
are given. - Improved
Ronin::Vulns::ReflectedXSS::Context
to detect when the XSS occurs
after or inside of an HTML comment. (@quadule)
0.1.2
- Require
ronin-support
~> 1.0, >= 1.0.1
0.1.1
- Fixed typo in
Ronin::Vulns::CLI::WebVulnCommand#process_url
which effected
theronin-vulns lfi
command and others.
0.1.0
- Initial release:
- Require
ruby
>= 3.0.0. - Supports testing for:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP
- ASP Class / ASP.NET
- JSP
- ColdFusion
- Perl
- SQL Injection (SQLi)
- Reflected Cross Site Scripting (XSS)
- Server Side Template Injection (SSTI)
- Open Redirects
- Supports testing:
- URL query parameters.
- HTTP Headers.
- HTTP
Cookie
parameters. - Form parameters.
- Require