Closed postmodern closed 11 months ago
Add a Ronin::DB::WebVuln model to represent the Ronin::Vulns::WebVuln objects and their attributes yielded by Ronin::Vulns::URLScanner..scan.
Ronin::DB::WebVuln
Ronin::Vulns::WebVuln
Ronin::Vulns::URLScanner..scan
The model must have the following columns:
type
enum
lfi
rfi
sqli
ssti
open_redirect
reflected_xss
url_id
belongs_to :url
query_param
string
null: true
header_name
cookie_param
form_param
request_method
enum [:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock]
lfi_os
enum [:unix, :windows, nil]
lfi_depth
integer
lfi_filter_bypass
enum [:null_byte, :base64, :rot13, :zlib, nil]
rfi_script_lang
enum [:asp, :asp_net, :cold_fusion, :jsp, :php, :perl, nil]
rfi_filter_bypass
enum [:null_byte, :double_encode, nil]
ssti_escape_type
enum [...], nil
sqli_escape_quote
boolean
sqli_escape_parens
sqli_terminate
The model will need a custom validation that ensures that query_param, header_name, cookie_param, *or`form_param is set.
`form_param
Implemented by PR #99.
Add a
Ronin::DB::WebVuln
model to represent theRonin::Vulns::WebVuln
objects and their attributes yielded byRonin::Vulns::URLScanner..scan
.The model must have the following columns:
type
(enum
) -lfi
,rfi
,sqli
,ssti
,open_redirect
,reflected_xss
, etc.url_id
- for thebelongs_to :url
.query_param
(string
,null: true
)header_name
(string
,null: true
)cookie_param
(string
,null: true
)form_param
(string
,null: true
)request_method
(enum [:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock]
)lfi_os
(enum [:unix, :windows, nil]
,null: true
)lfi_depth
(integer
,null: true
)lfi_filter_bypass
(enum [:null_byte, :base64, :rot13, :zlib, nil]
,null: true
)rfi_script_lang
(enum [:asp, :asp_net, :cold_fusion, :jsp, :php, :perl, nil]
,null: true
)rfi_filter_bypass
(enum [:null_byte, :double_encode, nil]
,null: true
)ssti_escape_type
(enum [...], nil
,null: true
) (Note: need to complete ronin-rb/ronin-vulns#55).sqli_escape_quote
(boolean
,null: true
)sqli_escape_parens
(boolean
,null: true
)sqli_terminate
(boolean
,null: true
)The model will need a custom validation that ensures that
query_param
,header_name
,cookie_param
, *or`form_param
is set.