Added Ronin::Exploits::PathTraversal (closes #143).

README.md

@@ -36,6 +36,7 @@ research and development.
   * [Heap Overflows][docs-heap-overflow]
   * [Use After Free (UAF)][docs-use-after-free]
   * [Auth Bypass][docs-auth-bypass]
+  * [Path Traversal][docs-path-traversal]
   * [Command Injection][docs-command-injection]
   * [Open Redirect][docs-open-redirect]
   * [Local File Inclusions (LFI)][docs-lfi]
@@ -57,6 +58,7 @@ research and development.
 [docs-heap-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/HeapOverflow.html
 [docs-use-after-free]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/UseAfterFree.html
 [docs-auth-bypass]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/AuthBypass.html
+[docs-path-traversal]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/PathTraversal.html
 [docs-command-injection]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/CommandInjection.html
 [docs-open-redirect]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/OpenRedirect.html
 [docs-lfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/LFI.html

lib/ronin/exploits.rb

@@ -28,6 +28,7 @@
 require 'ronin/exploits/heap_overflow'
 require 'ronin/exploits/use_after_free'
 require 'ronin/exploits/auth_bypass'
+require 'ronin/exploits/path_traversal'
 require 'ronin/exploits/command_injection'
 require 'ronin/exploits/web'
 require 'ronin/exploits/lfi'

lib/ronin/exploits/cli/commands/show.rb

@@ -208,7 +208,8 @@ def print_shouts(exploit)
             exploit: 'Custom',
 
             # generic exploits
-            auth_bypass: 'Auth Bypass',
+            auth_bypass:    'Auth Bypass',
+            path_traversal: 'Path Traversal',
 
             # memory corruption exploits
             memory_corruption: 'Memory Corruption',

lib/ronin/exploits/path_traversal.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+#
+# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
+# payload crafting functionality.
+#
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-exploits is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-exploits is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/exploits/exploit'
+require 'ronin/exploits/mixins/loot'
+
+module Ronin
+  module Exploits
+    #
+    # Represents a path traversal exploit.
+    #
+    # @api public
+    #
+    # @since 1.2.0
+    #
+    class PathTraversal < Exploit
+
+      include Mixins::Loot
+
+      #
+      # Returns the type or kind of exploit.
+      #
+      # @return [Symbol]
+      #
+      # @note
+      #   This is used internally to map an exploit class to a printable type.
+      #
+      # @api private
+      #
+      def self.exploit_type
+        :path_traversal
+      end
+
+    end
+  end
+end

spec/path_traversal_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+require 'ronin/exploits/path_traversal'
+
+describe Ronin::Exploits::PathTraversal do
+  it "must inherit from Ronin::Exploits::Exploit" do
+    expect(described_class).to be < Ronin::Exploits::Exploit
+  end
+
+  it "must include Ronin::Exploits::Mixins::Loot" do
+    expect(described_class).to include(Ronin::Exploits::Mixins::Loot)
+  end
+
+  describe ".exploit_type" do
+    subject { described_class }
+
+    it { expect(subject.exploit_type).to eq(:path_traversal) }
+  end
+end