Skip to content

Releases: ronin-rb/ronin-exploits

1.1.0

22 Jul 20:21
v1.1.0
Compare
Choose a tag to compare
  • Added Ronin::Exploits::CommandInjection.
  • Allow :untested as a value for Ronin::Exploits::Exploit.quality.
  • Renamed the raw_user_agent param to user_agent_string in Ronin::Exploits::Mixins::HTTP.

CLI

  • Added the -T,--test option to ronin-exploits run which will only run the exploits Ronin::Exploits::Exploit#test test method to determine if the target is vulnerable or not.
  • Added the ronin-exploits completion command to install shell completion files for all ronin-exploits commands for Bash and Zsh shells.
  • The ronin-exploits show command can now print an example ronin-exploits run command for the given exploit.
  • Use hyphenated values for ronin-exploits new options.

1.0.6

29 Jun 04:53
v1.0.6
Compare
Choose a tag to compare

CLI

  • Fixed the usage for ronin-exploits new --software-version.
  • Fixed a bug in ronin-exploits run that would crash the command when the payload failed to create a post-exploitation session.

1.0.5

20 Jun 05:42
v1.0.5
Compare
Choose a tag to compare

CLI

  • Correctly assign the -d short flag to --debug and the -D short flag to --dry-run for the ronin-exploits run command.
  • Multiple bug fixes to the ronin-exploits new command:
    • Create the parent directory of the new exploit file, if it already doesn't exist, when running ronin-exploits new path/to/new_exploit.rb.
    • Fixed a bug where ronin-exploits new -t open_redirect was not being accepted as a valid exploit type.
    • Fixed a bug in ronin-explotis new where -t xss and -t ssti were not adding placeholder base_path and query_param metadata attributes to the newly generated exploit file.
    • Fixed a typo in the example escape_expr metadata attribute added by ronin-exploits new -t ssti.
    • Fixed a spelling mistake in the new exploit template used by the ronin-exploits new command.

1.0.4

28 Dec 08:56
v1.0.4
Compare
Choose a tag to compare
  • Documentation fixes.

CLI

  • Fixed a bug in ronin-exploits run when the exploit does not accept a payload and no payload is given.

1.0.3

19 Sep 22:40
v1.0.3
Compare
Choose a tag to compare

CLI

  • All newly generated exploit files using ronin-exploit new should have a
    summary and a description.
  • Fixed a bug where the ronin-exploits new options --author,
    --author-email, or --summary were not properly escaping given values.

1.0.2

12 Jun 13:23
v1.0.2
Compare
Choose a tag to compare
  • Corrected the class_dir for Ronin::Exploits; even though
    ronin-exploits will never contain any built-in exploits.
  • Avoid using case/in syntax for TruffleRuby.
  • Documentation fixes and improvements.

CLI

  • Fixed a typo in ronin-exploits new man-page.
  • Fixed a bug in the ronin-exploits show command where a target's version
    was not being printed.
  • Fixed a bug where ronin-exploits new --payload-type command wasn't being
    accepted as a valid payload type.

1.0.1

10 Jun 00:42
v1.0.1
Compare
Choose a tag to compare

CLI

  • Fixed multiple bugs in the --encoder-param option of the
    ronin-exploits run command.

1.0.0

10 Jun 00:41
v1.0.0
Compare
Choose a tag to compare
  • Upgraded to the LGPL-3 license.
  • Require ruby >= 3.0.0.
  • Added ronin-support ~> 1.0 as a dependency.
  • Added ronin-post_ex ~> 0.1 as a dependency.
  • Added ronin-payloads ~> 0.1 as a dependency.
  • Added ronin-vulns ~> 0.1 as a dependency.
  • Added ronin-core ~> 0.1 as a dependency.
  • Added ronin-repos ~> 0.1 as a dependency.
  • Added Ronin::Exploits::Advisory.
  • Added Ronin::Exploits::Loot.
  • Added Ronin::Exploits::Loot::File.
  • Added Ronin::Exploits::TestResult.
  • Added Ronin::Exploits::Exploit.exploit.
  • Added Ronin::Exploits::Exploit#perform_test.
  • Added Ronin::Exploits::Exploit#perform_build.
  • Added Ronin::Exploits::Exploit#perform_launch.
  • Added Ronin::Exploits::Exploit#perform_cleanup.
  • Added Ronin::Exploits::Exploit#exploit.
  • Added Ronin::Exploits::Exploit#validate.
  • Added Ronin::Exploits::Exploit#Vulnerable.
  • Added Ronin::Exploits::Exploit#NotVulnerable.
  • Added Ronin::Exploits::Exploit#Unknown.
  • Added Ronin::Exploits::Exploit#test.
  • Added Ronin::Exploits::Exploit#build.
  • Added Ronin::Exploits::Exploit#launch.
  • Added Ronin::Exploits::Exploit#cleanup.
  • Added Ronin::Exploits::MemoryCorruption.
  • Added Ronin::Exploits::StackOverflow.
  • Added Ronin::Exploits::SEHOverflow.
  • Added Ronin::Exploits::HeapOverflow.
  • Added Ronin::Exploits::UseAfterFree.
  • Added Ronin::Exploits::WebVuln.
  • Added Ronin::Exploits::OpenRedirect.
  • Added Ronin::Exploits::LFI.
  • Added Ronin::Exploits::RFI.
  • Added Ronin::Exploits::SQLI.
  • Added Ronin::Exploits::SSTI.
  • Added Ronin::Exploits::XSS.
  • Added Ronin::Exploits::ClientSideWebVuln.
  • Added Ronin::Exploits::Mixins::Binary.
  • Added Ronin::Exploits::Mixins::FileBuilder.
  • Added Ronin::Exploits::Mixins::FormatString.
  • Added Ronin::Exploits::Mixins::HasTargets.
  • Added Ronin::Exploits::Mixins::HasTargets.
  • Added Ronin::Exploits::Mixins::HasPayload.
  • Added Ronin::Exploits::Mixins::HTTP.
  • Added Ronin::Exploits::Mixins::Loot.
  • Added Ronin::Exploits::Mixins::NOPS.
  • Added Ronin::Exploits::Mixins::RemoteTCP.
  • Added Ronin::Exploits::Mixins::RemoteUDP.
  • Added Ronin::Exploits::Mixins::SEH.
  • Added Ronin::Exploits::Mixins::StackOverflow.
  • Added Ronin::Exploits::Mixins::Text.
  • Added Ronin::Exploits::Params::BaseURL.
  • Added Ronin::Exploits::Params::BindHost.
  • Added Ronin::Exploits::Params::BindPort.
  • Added Ronin::Exploits::Params::Filename.
  • Added Ronin::Exploits::Params::Host.
  • Added Ronin::Exploits::Params::Port.
  • Renamed ronin/exploits/helpers to ronin/exploits/mixins.
  • Extracted Ronin::Payloads into ronin-payloads.
  • Extracted agent payloads into separate ronin-agent- repos.
  • Refactored the ronin-exploit command into the ronin-exploits run command.
  • Refactored Ronin::Exploits::Exploit as a Plain Old Ruby Class that defines
    method data, params, and the build, launch, and cleanup methods.
  • Refactored Ronin::UI into Ronin::Exploits::CLI.
  • Removed the open_namespace dependency.
  • Removed the data_paths dependency.
  • Removed the ronin-gen dependency.
  • Removed the ronin dependency; ronin now requires ronin-exploits and all
    other ronin- gems.
  • Removed Ronin::Exploits::Controls.
  • Removed Ronin::Exploits::Generators in favor of the ronin-exploits new
    command.
  • Removed Ronin::Exploits::UnknownHelper.
  • Removed Ronin::Exploits::Helpers::Padding in favor of calling String#pad.
  • Removed Ronin::Exploits::Exploit#helpers in favor of included_modules.
  • Removed Ronin::Exploits::Exploit#helper in favor of including
    Ronin::Exploits::Mixins modules.
  • Removed Ronin::Exploits::Local.
  • Removed Ronin::Exploits::Remote.
  • Removed Ronin::Exploits::RemoteTCP in favor of including
    Ronin::Exploits::Mixins::RemoteTCP.
  • Removed Ronin::Exploits::RemoteUDP in favor of including
    Ronin::Exploits::Mixins::RemoteUDP.
  • Removed Ronin::Exploits::HTTP in favor of including
    Ronin::Exploits::Mixins::HTTP.
  • Removed Ronin::Exploits::FTP.
  • Removed all database models and code in favor of Plain Old Ruby Classes.