Skip to content

Commit 4c2cdc0

Browse files
committed
Extracted CLI::Text from CLI::Commands::Show (closes #158).
1 parent 5fd054a commit 4c2cdc0

File tree

4 files changed

+275
-64
lines changed

4 files changed

+275
-64
lines changed

lib/ronin/exploits/cli/commands/show.rb

Lines changed: 6 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,8 @@
2020
#
2121

2222
require_relative '../exploit_command'
23+
require_relative '../text'
2324

24-
require 'ronin/payloads/cli/text'
2525
require 'ronin/core/cli/printing/metadata'
2626
require 'ronin/core/cli/printing/arch'
2727
require 'ronin/core/cli/printing/os'
@@ -58,7 +58,7 @@ class Show < ExploitCommand
5858
include Core::CLI::Printing::OS
5959
include Core::CLI::Printing::Params
6060
include CommandKit::Printing::Fields
61-
include Payloads::CLI::Text
61+
include Text
6262

6363
description 'Prints information about an exploit'
6464

@@ -204,42 +204,6 @@ def print_shouts(exploit)
204204
end
205205
end
206206

207-
# Known exploit types and their printable names.
208-
EXPLOIT_TYPES = {
209-
exploit: 'Custom',
210-
211-
# generic exploits
212-
auth_bypass: 'Auth Bypass',
213-
path_traversal: 'Path Traversal',
214-
215-
# memory corruption exploits
216-
memory_corruption: 'Memory Corruption',
217-
stack_overflow: 'Stack Overflow',
218-
seh_overflow: 'SEH Overflow',
219-
heap_overflow: 'Heap Overflow',
220-
use_after_free: 'Use After Free',
221-
222-
# web exploits
223-
web: 'Web',
224-
lfi: 'Local File Inclusion (LFI)',
225-
rfi: 'Remote File Inclusion (RFI)',
226-
sqli: 'SQL injection (SQLI)',
227-
xss: 'Cross-Site Scripting (XSS)',
228-
open_redirect: 'Open Redirect',
229-
ssti: 'Server-Side Template Injection (SSTI)'
230-
}
231-
232-
#
233-
# Returns the printable exploit type for the exploit class.
234-
#
235-
# @param [Class<Exploit>] exploit_class
236-
#
237-
# @return [String]
238-
#
239-
def exploit_type(exploit_class)
240-
EXPLOIT_TYPES.fetch(exploit_class.exploit_type,'unknown')
241-
end
242-
243207
#
244208
# Prints an advisory.
245209
#
@@ -302,36 +266,21 @@ def print_target(target)
302266
def print_exploit_usage(exploit)
303267
puts "Usage:"
304268
puts
305-
puts " $ #{example_run_command(exploit)}"
269+
puts " $ #{example_exploit_command(exploit)}"
306270
puts
307271
end
308272

309273
#
310274
# Builds an example `ronin-exploits run` command for the exploit.
311275
#
312276
# @param [Class<Exploit>] exploit
277+
# The exploit class.
313278
#
314279
# @return [String]
315280
# The example `ronin-exploits run` command.
316281
#
317-
# @since 0.2.0
318-
#
319-
def example_run_command(exploit)
320-
command = ['ronin-exploits', 'run']
321-
322-
if options[:file]
323-
command << '-f' << options[:file]
324-
else
325-
command << exploit.id
326-
end
327-
328-
exploit.params.each_value do |param|
329-
if param.required? && !param.default
330-
command << '-p' << "#{param.name}=#{param_usage(param)}"
331-
end
332-
end
333-
334-
return command.join(' ')
282+
def example_exploit_command(exploit)
283+
super(exploit, file: options[:file])
335284
end
336285

337286
end

lib/ronin/exploits/cli/text.rb

Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
# frozen_string_literal: true
2+
#
3+
# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
4+
# payload crafting functionality.
5+
#
6+
# Copyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)
7+
#
8+
# ronin-exploits is free software: you can redistribute it and/or modify
9+
# it under the terms of the GNU Lesser General Public License as published
10+
# by the Free Software Foundation, either version 3 of the License, or
11+
# (at your option) any later version.
12+
#
13+
# ronin-exploits is distributed in the hope that it will be useful,
14+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
15+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16+
# GNU Lesser General Public License for more details.
17+
#
18+
# You should have received a copy of the GNU Lesser General Public License
19+
# along with ronin-exploits. If not, see <https://www.gnu.org/licenses/>.
20+
#
21+
22+
require 'ronin/payloads/cli/text'
23+
require 'ronin/core/cli/printing/params'
24+
25+
module Ronin
26+
module Exploits
27+
class CLI
28+
#
29+
# Helper methods for generating display text.
30+
#
31+
# @since 1.2.0
32+
#
33+
module Text
34+
include Payloads::CLI::Text
35+
include Core::CLI::Printing::Params
36+
37+
# Known exploit types and their printable names.
38+
EXPLOIT_TYPES = {
39+
exploit: 'Custom',
40+
41+
# generic exploits
42+
auth_bypass: 'Auth Bypass',
43+
path_traversal: 'Path Traversal',
44+
45+
# memory corruption exploits
46+
memory_corruption: 'Memory Corruption',
47+
stack_overflow: 'Stack Overflow',
48+
seh_overflow: 'SEH Overflow',
49+
heap_overflow: 'Heap Overflow',
50+
use_after_free: 'Use After Free',
51+
52+
# web exploits
53+
web: 'Web',
54+
lfi: 'Local File Inclusion (LFI)',
55+
rfi: 'Remote File Inclusion (RFI)',
56+
sqli: 'SQL injection (SQLI)',
57+
xss: 'Cross-Site Scripting (XSS)',
58+
open_redirect: 'Open Redirect',
59+
ssti: 'Server-Side Template Injection (SSTI)'
60+
}
61+
62+
#
63+
# Returns the exploit type display name for the exploit class.
64+
#
65+
# @param [Class<Exploit>] exploit_class
66+
#
67+
# @return [String]
68+
#
69+
def exploit_type(exploit_class)
70+
EXPLOIT_TYPES.fetch(exploit_class.exploit_type,'unknown')
71+
end
72+
73+
#
74+
# Builds an example `ronin-exploits run` command for the exploit.
75+
#
76+
# @param [Class<Exploit>] exploit
77+
# The exploit class.
78+
#
79+
# @param [String, nil] file
80+
# The optional file that was the exploit was loaded from.
81+
#
82+
# @return [String]
83+
# The example `ronin-exploits run` command.
84+
#
85+
def example_exploit_command(exploit, file: nil)
86+
command = ['ronin-exploits', 'run']
87+
88+
if file
89+
command << '-f' << file
90+
else
91+
command << exploit.id
92+
end
93+
94+
exploit.params.each_value do |param|
95+
if param.required? && !param.default
96+
command << '-p' << "#{param.name}=#{param_usage(param)}"
97+
end
98+
end
99+
100+
return command.join(' ')
101+
end
102+
end
103+
end
104+
end
105+
end

spec/cli/commands/show_spec.rb

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ class ExampleExploit < Ronin::Exploits::Exploit
3737
end
3838
end
3939

40-
describe "#example_run_command" do
40+
describe "#example_exploit_command" do
4141
context "when given a exploit class with no params" do
4242
module TestShowCommand
4343
class ExploitWithNoParams < Ronin::Exploits::Exploit
@@ -50,7 +50,7 @@ class ExploitWithNoParams < Ronin::Exploits::Exploit
5050
let(:exploit_class) { TestShowCommand::ExploitWithNoParams }
5151

5252
it "must return 'ronin-exploits run ...' with the exploit class ID" do
53-
expect(subject.example_run_command(exploit_class)).to eq(
53+
expect(subject.example_exploit_command(exploit_class)).to eq(
5454
"ronin-exploits run #{exploit_class.id}"
5555
)
5656
end
@@ -72,7 +72,7 @@ class ExploitWithOptionalParams < Ronin::Exploits::Exploit
7272
let(:exploit_class) { TestShowCommand::ExploitWithOptionalParams }
7373

7474
it "must not add any '-p' flags to the 'ronin-exploits build' command" do
75-
expect(subject.example_run_command(exploit_class)).to eq(
75+
expect(subject.example_exploit_command(exploit_class)).to eq(
7676
"ronin-exploits run #{exploit_class.id}"
7777
)
7878
end
@@ -96,7 +96,7 @@ class ExploitWithDefaultParams < Ronin::Exploits::Exploit
9696
let(:exploit_class) { TestShowCommand::ExploitWithDefaultParams }
9797

9898
it "must not add any '-p' flags to the 'ronin-exploits build' command" do
99-
expect(subject.example_run_command(exploit_class)).to eq(
99+
expect(subject.example_exploit_command(exploit_class)).to eq(
100100
"ronin-exploits run #{exploit_class.id}"
101101
)
102102
end
@@ -123,7 +123,7 @@ class ExploitWithRequiredAndDefaultParams < Ronin::Exploits::Exploit
123123
let(:exploit_class) { TestShowCommand::ExploitWithRequiredAndDefaultParams }
124124

125125
it "must not add any '-p' flags to the 'ronin-exploits build' command" do
126-
expect(subject.example_run_command(exploit_class)).to eq(
126+
expect(subject.example_exploit_command(exploit_class)).to eq(
127127
"ronin-exploits run #{exploit_class.id}"
128128
)
129129
end
@@ -145,7 +145,7 @@ class ExploitWithRequiredParams < Ronin::Exploits::Exploit
145145
let(:exploit_class) { TestShowCommand::ExploitWithRequiredParams }
146146

147147
it "must add '-p' flags followed by the param name and usage to the 'ronin-exploits build' command" do
148-
expect(subject.example_run_command(exploit_class)).to eq(
148+
expect(subject.example_exploit_command(exploit_class)).to eq(
149149
"ronin-exploits run #{exploit_class.id} -p foo=FOO -p bar=NUM"
150150
)
151151
end
@@ -159,7 +159,7 @@ class ExploitWithRequiredParams < Ronin::Exploits::Exploit
159159
before { subject.options[:file] = exploit_file }
160160

161161
it "must return a 'ronin-exploits run --file ...' command with the exploit file" do
162-
expect(subject.example_run_command(exploit_class)).to eq(
162+
expect(subject.example_exploit_command(exploit_class)).to eq(
163163
"ronin-exploits run -f #{exploit_file} -p foo=FOO -p bar=NUM"
164164
)
165165
end

0 commit comments

Comments
 (0)