Permalink
Browse files

Merged Ronin::Code::SQL from ronin-explois, back into ronin-sql as Ro…

…nin::SQL.
  • Loading branch information...
1 parent 7736ce5 commit 3f724a6155e11f67b8cd3b86b358a6ec3fb52488 @postmodern postmodern committed Aug 16, 2012
Showing with 1,587 additions and 3,554 deletions.
  1. +623 −288 COPYING.txt
  2. +14 −33 Gemfile
  3. +17 −87 README.md
  4. +14 −6 Rakefile
  5. +7 −14 gemspec.yml
  6. +0 −23 lib/ronin/code/sql.rb
  7. +0 −47 lib/ronin/code/sql/code.rb
  8. +0 −350 lib/ronin/code/sql/encoder.rb
  9. +0 −109 lib/ronin/code/sql/factory.rb
  10. +0 −174 lib/ronin/code/sql/fragment.rb
  11. +0 −94 lib/ronin/code/sql/function.rb
  12. +0 −91 lib/ronin/code/sql/style.rb
  13. +0 −88 lib/ronin/exploits/helpers/sqli.rb
  14. +0 −103 lib/ronin/exploits/sqli.rb
  15. +0 −22 lib/ronin/formatting/extensions/sql.rb
  16. +0 −93 lib/ronin/formatting/extensions/sql/string.rb
  17. +0 −22 lib/ronin/formatting/sql.rb
  18. +5 −13 lib/ronin/sql.rb
  19. +0 −26 lib/ronin/sql/errors.rb
  20. +0 −62 lib/ronin/sql/errors/error.rb
  21. +0 −75 lib/ronin/sql/errors/errors.rb
  22. +0 −22 lib/ronin/sql/errors/extensions.rb
  23. +0 −46 lib/ronin/sql/errors/extensions/string.rb
  24. +0 −151 lib/ronin/sql/errors/signature.rb
  25. +0 −137 lib/ronin/sql/errors/signatures.rb
  26. +0 −22 lib/ronin/sql/extensions.rb
  27. +0 −22 lib/ronin/sql/extensions/uri.rb
  28. +0 −130 lib/ronin/sql/extensions/uri/http.rb
  29. +78 −0 lib/ronin/sql/formattable.rb
  30. +350 −0 lib/ronin/sql/formatter.rb
  31. +89 −0 lib/ronin/sql/fragment.rb
  32. +66 −0 lib/ronin/sql/function.rb
  33. +0 −306 lib/ronin/sql/injection.rb
  34. +0 −31 lib/ronin/sql/scanner.rb
  35. +80 −0 lib/ronin/sql/sql.rb
  36. +4 −3 lib/ronin/sql/version.rb
  37. +0 −222 lib/ronin/vulns/sqli.rb
  38. +39 −109 ronin-sql.gemspec
  39. +0 −47 spec/code/sql/classes/test_encoder.rb
  40. +0 −159 spec/code/sql/encoder_spec.rb
  41. +0 −20 spec/code/sql/factory_spec.rb
  42. +0 −75 spec/code/sql/fragment_spec.rb
  43. +0 −31 spec/exploits/helpers/sqli_spec.rb
  44. +0 −77 spec/exploits/sqli_spec.rb
  45. +156 −0 spec/formatter_spec.rb
  46. +0 −55 spec/formatting/sql/string_spec.rb
  47. +26 −0 spec/fragment_spec.rb
  48. +6 −5 spec/{code/sql → }/function_spec.rb
  49. +1 −2 spec/spec_helper.rb
  50. +0 −8 spec/sql/errors/error_spec.rb
  51. +0 −29 spec/sql/extensions/uri/http_spec.rb
  52. +0 −22 spec/sql/injection_spec.rb
  53. +12 −3 spec/sql_spec.rb
View

Large diffs are not rendered by default.

Oops, something went wrong.
View
47 Gemfile
@@ -1,44 +1,25 @@
source 'https://rubygems.org'
-DATA_MAPPER = 'http://github.com/datamapper'
-DM_VERSION = '~> 1.1.0'
-RONIN_URI = 'http://github.com/ronin-ruby'
+RONIN_URI = 'http://github.com/ronin-ruby'
gemspec
-# Ronin dependencies
-# gem 'ronin-support', '~> 0.2', :git => "#{RONIN_URI}/ronin-support.git"
-gem 'ronin', '~> 1.1', :git => "#{RONIN_URI}/ronin.git"
-gem 'ronin-gen', '~> 1.0', :git => "#{RONIN_URI}/ronin-gen.git"
-gem 'ronin-web', '~> 0.3', :git => "#{RONIN_URI}/ronin-web.git"
-gem 'ronin-exploits', '~> 1.0', :git => "#{RONIN_URI}/ronin-exploits.git"
+gem 'jruby-openssl', '~> 0.7', :platforms => :jruby
-group :development do
- gem 'rake', '~> 0.8'
-
- gem 'ore-tasks', '~> 0.4'
- gem 'rspec', '~> 2.4'
+# Ronin dependencies:
+# gem 'ronin-support', '~> 0.5.1', :git => "#{RONIN_URI}/ronin-support.git"
+# gem 'ronin', '~> 1.5.0', :git => "#{RONIN_URI}/ronin.git"
+group :development do
+ gem 'rake', '~> 0.8'
gem 'kramdown', '~> 0.12'
-end
-
-#
-# To enable additional DataMapper adapters for development work or for
-# testing purposes, simple set the ADAPTER or ADAPTERS environment
-# variable:
-#
-# export ADAPTER="postgres"
-# bundle install
-#
-# ./bin/ronin --database postgres://ronin@localhost/ronin
-#
-require 'set'
-
-DM_ADAPTERS = Set['postgres', 'mysql', 'oracle', 'sqlserver']
-adapters = (ENV['ADAPTER'] || ENV['ADAPTERS']).to_s
-adapters = Set.new(adapters.to_s.tr(',',' ').split)
+ gem 'ripl', '~> 0.3'
+ gem 'ripl-multi_line', '~> 0.2'
+ gem 'ripl-auto_indent', '~> 0.1'
+ gem 'ripl-short_errors', '~> 0.1'
+ gem 'ripl-color_result', '~> 0.3'
-(DM_ADAPTERS & adapters).each do |adapter|
- gem "dm-#{adapter}-adapter", DM_VERSION #, :git => "#{DM_URI}/dm-#{adapter}-adapter.git"
+ gem 'rubygems-tasks', '~> 0.1'
+ gem 'rspec', '~> 2.4'
end
View
104 README.md
@@ -1,117 +1,47 @@
# Ronin SQL
-* [Source](http://github.com/ronin-ruby/ronin-sql)
-* [Issues](http://github.com/ronin-ruby/ronin-sql/issues)
+* [Source](https://github.com/ronin-ruby/ronin-sql)
+* [Issues](https://github.com/ronin-ruby/ronin-sql/issues)
* [Documentation](http://rubydoc.info/github/ronin-ruby/ronin-sql/frames)
-* [Mailing List](http://groups.google.com/group/ronin-ruby)
+* [Mailing List](https://groups.google.com/group/ronin-ruby)
* [irc.freenode.net #ronin](http://webchat.freenode.net/?channels=ronin&uio=Mj10cnVldd)
## Description
-Ronin SQL is a Ruby library for Ronin that provids support for SQL related
-security tasks.
+{Ronin::SQL} is a Ruby DSL for crafting SQL Injections.
-Ronin is a Ruby platform for exploit development and security research.
-Ronin allows for the rapid development and distribution of code, exploits
-or payloads over many common Source-Code-Management (SCM) systems.
-
-### Ruby
-
-Ronin's Ruby environment allows security researchers to leverage Ruby with
-ease. The Ruby environment contains a multitude of convenience methods
-for working with data in Ruby, a Ruby Object Database, a customized Ruby
-Console and an extendable command-line interface.
-
-### Extend
-
-Ronin's more specialized features are provided by additional Ronin
-libraries, which users can choose to install. These libraries can allow
-one to write and run Exploits and Payloads, scan for PHP vulnerabilities,
-perform Google Dorks or run 3rd party scanners.
-
-### Publish
-
-Ronin allows users to publish and share code, exploits, payloads or other
-data via Overlays. Overlays are directories of code and data that can be
-hosted on any SVN, Hg, Git or Rsync server. Ronin makes it easy to create,
-install or update Overlays.
-
-## Features
+### Features
* Provides an Domain Specific Language (DSL) for crafting normal SQL and
SQL injections.
-* Provides tests for finding SQL injections.
-
-## Synopsis
-
-Start the Ronin Console with Ronin SQL preloaded:
-
- $ ronin-sql
-
-## Examples
-
-Generate valid SQL using the Ronin SQL DSL:
-
- Code.sql {
- select(:from => :users, :where => (name == 'bob'))
- }.to_s
- # => "SELECT * FROM users WHERE name = 'bob'"
-
-Generate valid SQL injections using the Ronin SQL injection DSL:
-
- Code.sql_injection {
- escape_string { has_table?(:users) }
- }.to_s
- # => "' AND (SELECT count(*) FROM users) = 1 --"
-
-Test a URL for SQL Injection (SQLi):
-
- require 'ronin/sql'
-
- url = URI('http://redteatrosalternativos.com/_05enlaces/links/phpHoo3.php?viewCat=1')
- url.has_sqli?
- # => true
-
-Get the first viable SQLi vulnerability:
-
- url.first_sqli
- # => #<Ronin::SQL::Injection:0x67d6d38cba60 @http_method=:get, @url=#<URI::HTTP:0x67d6d8697190 URL:http://redteatrosalternativos.com/_05enlaces/links/phpHoo3.php?viewCat=1>, @params={:http_method=>:get}, @sql_options={:escape=>"1"}, @param="viewCat">
-
-Scan a URL for SQLi vulnerabilities:
-
- url.sqli_scan
- # => [#<Ronin::SQL::Injection:0x67d6d38792d8 @http_method=:get, @url=#<URI::HTTP:0x67d6d8697190 URL:http://redteatrosalternativos.com/_05enlaces/links/phpHoo3.php?viewCat=1>, @params={:http_method=>:get}, @sql_options={:escape=>"1"}, @param="viewCat">]
## Requirements
-* [uri-query_params](http://github.com/postmodern/uri-query_params) ~> 0.4.0
-* [ronin-support](http://github.com/ronin-ruby/ronin-support) ~> 0.2
-* [ronin](http://github.com/ronin-ruby/ronin) ~> 1.1
-* [ronin-gen](http://github.com/ronin-ruby/ronin-gen) ~> 1.0
-* [ronin-web](http://github.com/ronin-ruby/ronin-web) ~> 0.3
-* [ronin-exploits](http://github.com/ronin-ruby/ronin-exploits) ~> 1.0
+* [ronin-support] ~> 0.2
## Install
- $ sudo gem install ronin-sql
+ $ gem install ronin-sql
## License
-Ronin SQL - A Ruby library for Ronin that provids support for SQL related
-security tasks.
+Ronin SQL - A Ruby DSL for crafting SQL Injections.
+
+Copyright (c) 2007-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
-Copyright (c) 2006-2010 Hal Brodigan (postmodern.mod3 at gmail.com)
+This file is part of Ronin SQL.
-This program is free software; you can redistribute it and/or modify
+Ronin Asm is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
+the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
-This program is distributed in the hope that it will be useful,
+Ronin Asm is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+along with Ronin Asm. If not, see <http://www.gnu.org/licenses/>.
+
+[ronin-support]: https://github.com/ronin-ruby/ronin-support#readme
View
@@ -3,23 +3,31 @@ require 'rubygems'
begin
require 'bundler'
rescue LoadError => e
- STDERR.puts e.message
- STDERR.puts "Run `gem install bundler` to install Bundler."
+ warn e.message
+ warn "Run `gem install bundler` to install Bundler."
exit e.status_code
end
begin
Bundler.setup(:development)
rescue Bundler::BundlerError => e
- STDERR.puts e.message
- STDERR.puts "Run `bundle install` to install missing gems"
+ warn e.message
+ warn "Run `bundle install` to install missing gems"
exit e.status_code
end
require 'rake'
-require 'ore/tasks'
-Ore::Tasks.new
+require 'rubygems/tasks'
+Gem::Tasks.new(:sign => {:checksum => true, :pgp => true}) do |tasks|
+ tasks.scm.tag.format = 'v%s'
+ tasks.console.command = 'ripl'
+ tasks.console.options = %w[
+ -rripl/multi_line
+ -rripl/auto_indent
+ -rripl/color_result
+ ]
+end
require 'rspec/core/rake_task'
RSpec::Core::RakeTask.new
View
@@ -1,25 +1,18 @@
name: ronin-sql
-summary: A Ruby library for Ronin that provids support for SQL related security tasks.
+summary: A Ruby DSL for crafting SQL Injections.
description:
- Ronin SQL is a Ruby library for Ronin that provids support for SQL related
- security tasks.
+ Ronin SQL is a a Ruby DSL for crafting SQL Injections.
-license: GPL-2
+license: GPL-3
authors: Postmodern
email: postmodern.mod3@gmail.com
-homepage: http://github.com/ronin-ruby/ronin-gen
+homepage: http://github.com/ronin-ruby/ronin-sql
has_yard: true
dependencies:
- uri-query_params: ~> 0.5.2
# Ronin dependencies:
- # ronin-support: ~> 0.2
- ronin-support: ~> 0.2.0.rc1
- # ronin: ~> 1.1
- # ronin-gen: ~> 1.0
- # ronin-web: ~> 0.3
- # ronin-exploits: ~> 1.0
+ ronin-support: ~> 0.2
development_dependencies:
- bundler: ~> 1.0.0
- yard: ~> 0.7.0
+ bundler: ~> 1.0
+ yard: ~> 0.7
View
@@ -1,23 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-#
-
-require 'ronin/code/sql/factory'
-require 'ronin/code/sql/code'
View
@@ -1,47 +0,0 @@
-#
-# Ronin SQL - A Ronin library providing support for SQL related security
-# tasks.
-#
-# Copyright (c) 2007-2010 Hal Brodigan (postmodern.mod3 at gmail.com)
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-#
-
-require 'ronin/code/sql/factory'
-
-module Ronin
- module Code
- #
- # Creates a SQL factory.
- #
- # @param [Hash] options
- # Encoding options.
- #
- # @return [SQL::Factory]
- # The new SQL factory object.
- #
- # @example
- # sql = Code.sql
- #
- # sql[:and, 1, :eq, 1].to_s
- # # => "and 1 = 1"
- #
- # @since 0.3.0
- #
- def Code.sql(options={})
- SQL::Factory.new(options)
- end
- end
-end
Oops, something went wrong.

0 comments on commit 3f724a6

Please sign in to comment.