feat: add --test flag to the ronin-exploits CLI

Currently, to test whether a target is vulnerable, users need to run something like: ronin-exploits --file=path/to/exploit.rb --dry-run --irb and then run "test" from the REPL. This feature would allow users to instead run: ronin-exploits --file=path/to/exploit.rb --test Printed output looks like one of these lines, depending on the return type: [+] Vulnerable: <test result message> [-] NotVulnerable: <test result message> [~] Unknown: <test result message> [!] Unexpected: <other result type to_s>
ronin-rb · May 20, 2024 · 740de65 · 740de65
1 parent 8f65229
commit 740de65
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/lib/ronin/exploits/cli/commands/run.rb b/lib/ronin/exploits/cli/commands/run.rb
@@ -85,11 +85,15 @@ class Run < ExploitCommand
           include Core::CLI::Options::Param
           include Core::CLI::Logging
           include CommandKit::Printing::Indent
+          include Support::CLI::Printing
 
           # Exploit options
           option :dry_run, short: '-D',
                            desc: 'Builds the exploit but does not launch it'
 
+          option :test, short: '-T',
+                        desc: 'Runs only the exploit test'
+
           # Payload options
           option :payload_file, value: {
                                   type: String,
@@ -273,7 +277,12 @@ def run(name=nil)
             validate_payload
             initialize_exploit
             validate_exploit
-            run_exploit
+
+            if options[:test]
+              run_test
+            else
+              run_exploit
+            end
 
             if options[:irb]
               start_shell
@@ -382,6 +391,22 @@ def run_exploit
             end
           end
 
+          #
+          # Run the exploit's test method, and print the result.
+          #
+          def run_test
+            case result = @exploit.test
+            when TestResult::Vulnerable
+              print_positive "Vulnerable: #{result}"
+            when TestResult::NotVulnerable
+              print_negative "NotVulnerable: #{result}"
+            when TestResult::Unknown
+              print_warning "Unknown: #{result}"
+            else
+              print_error "Unexpected result: #{result.inspect}"
+            end
+          end
+
           #
           # Starts an interactive ruby shell within the exploit object.
           #