From 1750fe51da13f0f853134b22d10c6c5bb111c6b8 Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Sun, 19 May 2024 15:10:36 -0400 Subject: [PATCH 1/2] feat: add `--test` flag to the ronin-exploits CLI Currently, to test whether a target is vulnerable, users need to run something like: ronin-exploits --file=path/to/exploit.rb --dry-run --irb and then run "test" from the REPL. This feature would allow users to instead run: ronin-exploits --file=path/to/exploit.rb --test Printed output looks like one of these lines, depending on the return type: [+] Vulnerable: [-] NotVulnerable: [~] Unknown: [!] Unexpected: --- lib/ronin/exploits/cli/commands/run.rb | 30 +++++++++++++++++++++++++- man/ronin-exploits-run.1.md | 3 +++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/ronin/exploits/cli/commands/run.rb b/lib/ronin/exploits/cli/commands/run.rb index b627eca7..46b7bb06 100644 --- a/lib/ronin/exploits/cli/commands/run.rb +++ b/lib/ronin/exploits/cli/commands/run.rb @@ -52,6 +52,7 @@ module Commands # -f, --file FILE The exploit file to load # -p, --param NAME=VALUE Sets a param # -D, --dry-run Builds the exploit but does not launch it + # -T --test Runs only the exploit test # --payload-file FILE Load the payload from the given Ruby file # --read-payload FILE Reads the payload string from the file # --payload-string STRING Uses the raw payload string instead @@ -85,11 +86,15 @@ class Run < ExploitCommand include Core::CLI::Options::Param include Core::CLI::Logging include CommandKit::Printing::Indent + include Support::CLI::Printing # Exploit options option :dry_run, short: '-D', desc: 'Builds the exploit but does not launch it' + option :test, short: '-T', + desc: 'Runs only the exploit test' + # Payload options option :payload_file, value: { type: String, @@ -273,7 +278,12 @@ def run(name=nil) validate_payload initialize_exploit validate_exploit - run_exploit + + if options[:test] + run_test + else + run_exploit + end if options[:irb] start_shell @@ -382,6 +392,24 @@ def run_exploit end end + # + # Run the exploit's test method, and print the result. + # + def run_test + case (result = @exploit.perform_test) + when TestResult::Vulnerable + print_positive "Vulnerable: #{result}" + when TestResult::NotVulnerable + print_negative "NotVulnerable: #{result}" + when TestResult::Unknown + print_warning "Unknown: #{result}" + else + print_error "Unexpected result: #{result.inspect}" + end + + result + end + # # Starts an interactive ruby shell within the exploit object. # diff --git a/man/ronin-exploits-run.1.md b/man/ronin-exploits-run.1.md index aa57a7b3..96eabeaa 100644 --- a/man/ronin-exploits-run.1.md +++ b/man/ronin-exploits-run.1.md @@ -28,6 +28,9 @@ Loads and runs an exploit. `-D`, `--dry-run` : Builds the exploit but does not launch it. +`-T`, `--test` +: Runs only the exploit test. + `--payload-file` *FILE* : Load the payload from the given Ruby file. From 3cf211021082be47eb2495ddd7037d383a8be76f Mon Sep 17 00:00:00 2001 From: Postmodern Date: Tue, 21 May 2024 14:57:22 -0700 Subject: [PATCH 2/2] Removed unnecessary return value. --- lib/ronin/exploits/cli/commands/run.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/ronin/exploits/cli/commands/run.rb b/lib/ronin/exploits/cli/commands/run.rb index 46b7bb06..f08f1757 100644 --- a/lib/ronin/exploits/cli/commands/run.rb +++ b/lib/ronin/exploits/cli/commands/run.rb @@ -406,8 +406,6 @@ def run_test else print_error "Unexpected result: #{result.inspect}" end - - result end #