ChangeLog.md
### 1.0.4 / 2023-12-23
* Documentation fixes.
#### CLI
* Fixed a bug in `ronin-exploits run` when the exploit does not accept a payload
and no payload is given.
### 1.0.3 / 2023-09-19
#### CLI
* All newly generated exploit files using `ronin-exploit new` should have a
`summary` and a `description`.
* Fixed a bug where the `ronin-exploits new` options `--author`,
`--author-email`, or `--summary` were not properly escaping given values.
### 1.0.2 / 2023-06-12
* Corrected the `class_dir` for {Ronin::Exploits}; even though
`ronin-exploits` will never contain any built-in exploits.
* Avoid using `case`/`in` syntax for TruffleRuby.
* Documentation fixes and improvements.
#### CLI
* Fixed a typo in `ronin-exploits new` man-page.
* Fixed a bug in the `ronin-exploits show` command where a target's `version`
was not being printed.
* Fixed a bug where `ronin-exploits new --payload-type command` wasn't being
accepted as a valid payload type.
### 1.0.1 / 2023-03-01
* Require [ronin-support] ~> 1.0, >= 1.0.1.
* Require [ronin-payloads] ~> 0.1, >= 0.1.1.
* Require [ronin-vulns] ~> 0.1, >= 0.1.1.
#### CLI
* Fixed multiple bugs in the `--encoder-param` option of the
`ronin-exploits run ` command.
### 1.0.0 / 2023-02-01
* Upgraded to the LGPL-3 license.
* Require `ruby` >= 3.0.0.
* Added [ronin-support] ~> 1.0 as a dependency.
* Added [ronin-post_ex] ~> 0.1 as a dependency.
* Added [ronin-payloads] ~> 0.1 as a dependency.
* Added [ronin-vulns] ~> 0.1 as a dependency.
* Added [ronin-core] ~> 0.1 as a dependency.
* Added [ronin-repos] ~> 0.1 as a dependency.
* Added {Ronin::Exploits::Advisory}.
* Added {Ronin::Exploits::Loot}.
* Added {Ronin::Exploits::Loot::File}.
* Added {Ronin::Exploits::TestResult}.
* Added {Ronin::Exploits::Exploit.exploit}.
* Added {Ronin::Exploits::Exploit#perform_test}.
* Added {Ronin::Exploits::Exploit#perform_build}.
* Added {Ronin::Exploits::Exploit#perform_launch}.
* Added {Ronin::Exploits::Exploit#perform_cleanup}.
* Added {Ronin::Exploits::Exploit#exploit}.
* Added {Ronin::Exploits::Exploit#validate}.
* Added {Ronin::Exploits::Exploit#Vulnerable}.
* Added {Ronin::Exploits::Exploit#NotVulnerable}.
* Added {Ronin::Exploits::Exploit#Unknown}.
* Added {Ronin::Exploits::Exploit#test}.
* Added {Ronin::Exploits::Exploit#build}.
* Added {Ronin::Exploits::Exploit#launch}.
* Added {Ronin::Exploits::Exploit#cleanup}.
* Added {Ronin::Exploits::MemoryCorruption}.
* Added {Ronin::Exploits::StackOverflow}.
* Added {Ronin::Exploits::SEHOverflow}.
* Added {Ronin::Exploits::HeapOverflow}.
* Added {Ronin::Exploits::UseAfterFree}.
* Added {Ronin::Exploits::WebVuln}.
* Added {Ronin::Exploits::OpenRedirect}.
* Added {Ronin::Exploits::LFI}.
* Added {Ronin::Exploits::RFI}.
* Added {Ronin::Exploits::SQLI}.
* Added {Ronin::Exploits::SSTI}.
* Added {Ronin::Exploits::XSS}.
* Added {Ronin::Exploits::ClientSideWebVuln}.
* Added {Ronin::Exploits::Mixins::Binary}.
* Added {Ronin::Exploits::Mixins::FileBuilder}.
* Added {Ronin::Exploits::Mixins::FormatString}.
* Added {Ronin::Exploits::Mixins::HasTargets}.
* Added {Ronin::Exploits::Mixins::HasTargets}.
* Added {Ronin::Exploits::Mixins::HasPayload}.
* Added {Ronin::Exploits::Mixins::HTTP}.
* Added {Ronin::Exploits::Mixins::Loot}.
* Added {Ronin::Exploits::Mixins::NOPS}.
* Added {Ronin::Exploits::Mixins::RemoteTCP}.
* Added {Ronin::Exploits::Mixins::RemoteUDP}.
* Added {Ronin::Exploits::Mixins::SEH}.
* Added {Ronin::Exploits::Mixins::StackOverflow}.
* Added {Ronin::Exploits::Mixins::Text}.
* Added {Ronin::Exploits::Params::BaseURL}.
* Added {Ronin::Exploits::Params::BindHost}.
* Added {Ronin::Exploits::Params::BindPort}.
* Added {Ronin::Exploits::Params::Filename}.
* Added {Ronin::Exploits::Params::Host}.
* Added {Ronin::Exploits::Params::Port}.
* Renamed `ronin/exploits/helpers` to `ronin/exploits/mixins`.
* Extracted `Ronin::Payloads` into [ronin-payloads].
* Extracted agent payloads into separate `ronin-agent-` repos.
* [ronin-agent-php](https://github.com/ronin-rb/ronin-agent-php#readme)
* [ronin-agent-ruby](https://github.com/ronin-rb/ronin-agent-ruby#readme)
* [ronin-agent-nodejs](https://github.com/ronin-rb/ronin-agent-nodejs#readme)
* Refactored the `ronin-exploit` command into the `ronin-exploits run` command.
* Refactored {Ronin::Exploits::Exploit} as a Plain Old Ruby Class that defines
method data, params, and the `build`, `launch`, and `cleanup` methods.
* Refactored `Ronin::UI` into {Ronin::Exploits::CLI}.
* Removed the `open_namespace` dependency.
* Removed the `data_paths` dependency.
* Removed the `ronin-gen` dependency.
* Removed the `ronin` dependency; `ronin` now requires `ronin-exploits` and all
other `ronin-` gems.
* Removed `Ronin::Exploits::Controls`.
* Removed `Ronin::Exploits::Generators` in favor of the `ronin-exploits new`
command.
* Removed `Ronin::Exploits::UnknownHelper`.
* Removed `Ronin::Exploits::Helpers::Padding` in favor of calling `String#pad`.
* Removed `Ronin::Exploits::Exploit#helpers` in favor of `included_modules`.
* Removed `Ronin::Exploits::Exploit#helper` in favor of including
{Ronin::Exploits::Mixins} modules.
* Removed `Ronin::Exploits::Local`.
* Removed `Ronin::Exploits::Remote`.
* Removed `Ronin::Exploits::RemoteTCP` in favor of including
{Ronin::Exploits::Mixins::RemoteTCP}.
* Removed `Ronin::Exploits::RemoteUDP` in favor of including
{Ronin::Exploits::Mixins::RemoteUDP}.
* Removed `Ronin::Exploits::HTTP` in favor of including
{Ronin::Exploits::Mixins::HTTP}.
* Removed `Ronin::Exploits::FTP`.
* Removed all database models and code in favor of Plain Old Ruby Classes.
### 0.3.1 / 2009-10-01
* Removed duplicate `default_port` properties from Ronin::Exploits::FTP
and Ronin::Exploits::HTTP, which were causing dm-core 0.10.1 to crash.
### 0.3.0 / 2009-09-24
* Require ronin >= 0.3.0.
* Require ronin-gen >= 0.2.0.
* Require rspec >= 1.2.8.
* Require yard >= 0.2.3.5.
* Added Ronin::Vuln::Behavior.drop_privileges.
* Added Ronin::Vuln::Behavior.exit_program.
* Added Ronin::Vuln::Behavior.crash_program.
* Added Ronin::Controls.
* Added Ronin::Controls::Behaviors.
* Added Ronin::Controls::Helpers.
* Added Ronin::Controls::Helpers::CommandExec.
* Added Ronin::Controls::Helpers::DirCreate.
* Added Ronin::Controls::Helpers::DirListing.
* Added Ronin::Controls::Helpers::DirRemove.
* Added Ronin::Controls::Helpers::FileCtime.
* Added Ronin::Controls::Helpers::FileMtime.
* Added Ronin::Controls::Helpers::FileOwnership.
* Added Ronin::Controls::Helpers::FileRead.
* Added Ronin::Controls::Helpers::FileRemove.
* Added Ronin::Controls::Helpers::FileWrite.
* Added Ronin::Controls::Helpers::MemoryRead.
* Added Ronin::Controls::Helpers::MemoryWrite.
* Added Ronin::Model::TargetsProduct.
* Added Ronin::Exploits::Exploit#target=.
* Added Ronin::Exploits::Exploit#payload=.
* Added Ronin::Exploits::Exploit#raw_payload=.
* Added Ronin::Exploits::Exploit#build_payload!.
* Added Ronin::Payloads::HasPayload.
* Added Ronin::Payloads::Helpers::Chained
* Added Ronin::Generators::Exploits.
* Added Ronin::Generators::Exploits::Exploit.
* Added Ronin::Generators::Exploits::Local.
* Added Ronin::Generators::Exploits::Remote.
* Added Ronin::Generators::Exploits::RemoteTCP.
* Added Ronin::Generators::Exploits::RemoteUDP.
* Added Ronin::Generators::Exploits::FTP.
* Added Ronin::Generators::Exploits::HTTP.
* Added Ronin::Generators::Exploits::Web.
* Added Ronin::Generators::Payloads.
* Added Ronin::Generators::Payloads::Payload.
* Added Ronin::Generators::Payloads::BinaryPayload.
* Added Ronin::Generators::Payloads::Shellcode.
* Added Ronin::Generators::Payloads::Nops.
* Added Ronin::UI::CommandLine::Commands::Exploit.
* Added Ronin::UI::CommandLine::Commands::Exploits.
* Added Ronin::UI::CommandLine::Commands::Payload.
* Added Ronin::UI::CommandLine::Commands::Payloads.
* Added Ronin::UI::CommandLine::Commands::GenExploit.
* Added Ronin::UI::CommandLine::Commands::GenLocalExploit.
* Added Ronin::UI::CommandLine::Commands::GenRemoteExploit.
* Added Ronin::UI::CommandLine::Commands::GenRemoteTcpExploit.
* Added Ronin::UI::CommandLine::Commands::GenRemoteUdpExploit.
* Added Ronin::UI::CommandLine::Commands::GenFtpExploit.
* Added Ronin::UI::CommandLine::Commands::GenHttpExploit.
* Added Ronin::UI::CommandLine::Commands::GenWebExploit.
* Added Ronin::UI::CommandLine::Commands::GenPayload.
* Added Ronin::UI::CommandLine::Commands::GenBinaryPayload.
* Added Ronin::UI::CommandLine::Commands::GenShellcode.
* Added Ronin::UI::CommandLine::Commands::GenNops.
* Added the ronin-exploit script.
* Added the ronin-exploits script.
* Added the ronin-payload script.
* Added the ronin-payloads script.
* Added the ronin-gen-exploit script.
* Added the ronin-gen-local-exploit script.
* Added the ronin-gen-remote-exploit script.
* Added the ronin-gen-remote-tcp-exploit script.
* Added the ronin-gen-remote-udp-exploit script.
* Added the ronin-gen-ftp-exploit script.
* Added the ronin-gen-http-exploit script.
* Added the ronin-gen-payload script.
* Added the ronin-gen-binary-payload script.
* Added the ronin-gen-shellcode script.
* Added the ronin-gen-nops script.
* Renamed Ronin::Vuln::Behavior.priv_escalation to gain_privileges.
* Renamed Ronin::Exploits::Exploit#select_target to use_target!.
* Renamed Ronin::Exploits::Exploit#call to exploit!.
* Renamed Ronin::Exploits::Exploit#encode_with to encode_payload.
* Renamed Ronin::Payloads::Encoder to Ronin::Payloads::Encoders::Encoder.
* Renamed Ronin::Payloads::Encoders::Encoder#call to encode.
* Renamed Ronin::Exploits::Exploit#encoded_payload=.
* Removed Ronin::Payloads::Payload#payload to raw_payload.
* Removed Ronin::Payloads::Payload#call.
* Moved to YARD based documentation.
* Updated the project summary and 3-point description for ronin-exploits.
* Ronin::Model::TargetsArch now auto-defines a relationship with Arch.
* Ronin::Model::TargetsOS now auto-defines a relationship with OS.
* Ronin::Model::TargetsProduct now auto-defines a relationship with Product.
* Refactored Ronin::Exploits::Exploit.
* Include Ronin::Controls::Behaviors into Ronin::Exploits::Exploit.
* Made Ronin::Exploits::Exploit#to_s more robust.
* Safely load exploit helpers using the new require_within method.
* Allow Ronin::Exploits::Exploit#encode_payload to accept a block, which
will be used to encode the payload.
* No longer allow the payload to be directly passed to
Ronin::Exploits::Exploit#build!.
* Allow an index or query to be passed to
Ronin::Exploits::Exploit#use_target!.
* Have Ronin::Exploits::Exploit#build_payload! only reset @raw_payload
if a payload is set.
* Make sure Ronin::Exploits::Exploit#encode_payload! cannot set the
encoded_payload to nil.
* Allow Ronin::Exploits::Exploit#encode_payload! to use either
Ronin::Payloads::Encoders::Encoder or Proc objects.
* Allow Ronin::Exploits::Exploit#build_payload! to pass options to
Ronin::Payloads::Payload#build!.
* Allow Ronin::Exploits::Exploit#build! to pass options to
Ronin::Exploits::Exploit#build_payload!.
* Ronin::Exploits::Exploit#deploy! no longer receives options.
* Allow Ronin::Exploits::Exploit#exploit! to accept a :dry_run option,
which will cause the exploit to be built but *not* deployed.
* Default the @buffer instance variable to an empty String, in
Ronin::Exploits::Helpers::BufferOverflow.
* Default the @format_string instance variable to an empty String, in
Ronin::Exploits::Helpers::FormatString.
* Refactored Ronin::Payloads::Payload.
* Include Ronin::Controls::Behaviors into Ronin::Payloads::Payload.
* Made Ronin::Payloads::Payload#to_s more robust.
* Safely load payload helpers using the new require_within method.
### 0.2.1 / 2009-07-02
* Use Hoe >= 2.0.0.
* Require ronin >= 0.2.4.
* Added Ronin::Model::TargetsArch.
* Added Ronin::Model::TargetsOS.
* Added Ronin::Mode::HasDefaultPort.
* Added Exploit#deployed?.
* Added Exploit#inspect.
* Added Exploits::Helpers::FileBased.
* Added Exploits::Web#http_method.
* Added Exploits::Web#targeted_url_path.
* Added Payload#inspect.
* Added Payload#call method.
* Renamed Exploit#exploit to Exploit#call.
* Renamed Payloads::Helpers::Unimplemented to
Payloads::Helpers::NotImplemented.
* Renamed RPC#call to RPC#call_method.
* Removed Exploit#switch_payload.
* Moved verifier methods into Exploits::Verifiers.
* Allow Exploit#allow to accept multiple behaviors.
* Include UI::Diagnostics into Ronin::Exploits::Exploit.
* Include Sessions::HTTP into Exploits::Web.
* Include UI::Diagnostics into Ronin::Payloads::Payload.
* Allow Payload#controlling to accept multiple behaviors.
* Added more specs.
### 0.2.0 / 2009-04-11
* Added Ronin::TargetedArch.
* Added Ronin::TargetedOS.
* Added Ronin::TargetedProduct.
* Added Ronin::Model::TargetsArch.
* Added Ronin::Model::TargetsOS.
* Refactored Ronin::Exploits:
* Added Ronin::Exploits::Target.
* Added Ronin::Exploits::Targets::BufferOverflow.
* Added Ronin::Exploits::Targets::FormatString.
* Added Ronin::Exploits::Helpers::Binary.
* Added Ronin::Exploits::Helpers::Padding.
* Added Ronin::Exploits::Helpers::BufferOverflow.
* Added Ronin::Exploits::Helpers::FormatString.
* Added Ronin::Exploits::Local.
* Added Ronin::Exploits::Remote.
* Added Ronin::Exploits::RemoteTCP.
* Added Ronin::Exploits::RemoteUDP.
* Added Ronin::Exploits::FTP.
* Added Ronin::Exploits::HTTP.
* Renamed Ronin::Exploits::Impact to Ronin::Exploits::Allow.
* Removed the Ronin::Exploits::Requirement.
* Rewrote Ronin::Exploits::Exploit:
* Use the new Ronin::Cacheable module.
* Added a status property, which may be either `:potential`,
`:proven`, `:weaponized`, but will default to
`:potential`.
* Added a disclosure property, which can be a combination of
`:private`, `:in_wild`, `:vendor_aware`
or `:public`.
* Added Exploit#helper, which will extend the Exploit object with the
Helper module with the similar name.
* Added the Exploit#build!, Exploit#verify!, Exploit#deploy!
methods, which will call the user-defined Exploit#build,
Exploit#verify, Exploit#deploy methods, respectively.
* Added Exploit#targeting.
* Added Exploit#behaviors.
* Added Exploit#targeted_archs, Exploit#targeted_oses,
Exploit#targeted_products.
* Added Exploit#select_target.
* Added the Exploit#target which will return the current selected
target, or the first target of the exploit.
* Added the Exploit#arch, Exploit#os and Exploit#product methods.
* Added the Exploit#verify_target!, Exploit#verify_arch!,
Exploit#verify_os! and Exploit#verify_product! methods.
* Added Exploit#encoded_payload.
* Added Exploit#encode_payload!.
* Have Exploit#verify_restricted! raise an exception listing all
restricted characters found in the given text.
* Renamed Exploit#allows to Exploit#allowing.
* Renamed Exploit#verify_restricted to Exploit#verify_restricted!.
* Renamed Exploit#exploit to Exploit#exploit!.
* Removed Exploit#payloads.
* Removed Exploit#vulnerable?.
* Refactored Ronin::Payloads:
* Added Ronin::Payloads::Helpers::FileSystem.
* Added Ronin::Payloads::Helpers::RPC.
* Added Ronin::Payloads::Helpers::Shell.
* Added Ronin::Payloads::Nops.
* Added Ronin::Payloads::Encoder.
* Added Ronin::Payloads::Encoders::XOR.
* Renamed Ronin::Payloads::Ability to Ronin::Payloads::Control.
* Rewrote Ronin::Payloads::Payload:
* Use the new Ronin::Cacheable module.
* Use Ronin::Model::TargetsArch.
* Use Ronin::Model::TargetsOS.
* Added Payload#helper, which will extend the Payload object with the
Helper module with the similar name.
* Added Payload#behaviors.
* Added Payload#build!, Payload#verify!, Payload#deploy!, which will
call the user-defined Payload#build, Payload#verify, Payload#deploy
methods, respectively.
* Rewrote Payload#to_s to return the name and version of the payload.
* Renamed Payload#controls to Payload#controlling.
* Removed encoders from the Payload class.
* Added specs.
### 0.1.1 / 2009-01-22
* Removed old references to the `ronin/vulnerability` directory.
* Removed old references to the Ronin::Vulnerability namespace.
* Removed past usage of the `:value` option with parameters.
* Parametes now uses the `:default` option, for specifying the
default value of parameters.
* Added the missing Ronin::Exploits::PayloadSize exception.
* Reduce usage of first_or_create.
* Updated target methods.
### 0.1.0 / 2008-01-08
* Initial release.
* Supports many basic exploit types:
* Ronin::Exploits::Exploit
* Ronin::Exploits::BinaryExploit
* Ronin::Exploits::BufferOverflow
* Ronin::Exploits::FormatString
* Ronin::Exploits::WebExploit
* Supports a few basic payload types:
* Ronin::Payloads::Payload
* Ronin::Payloads::BinaryPayload
* Ronin::Payloads::Shellcode
* Ronin::Payloads::WebPayload
* Provides the ability to associate Vulnerability Taxonomy information
with Exploits and Payloads.
* Provides a semi-intelligent XOR translator (Ronin::Translators::XOR).
[uri-query_params]: https://github.com/postmodern/uri-query_params#readme
[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
[ronin-code-sql]: https://github.com/ronin-rb/ronin-code-sql#readme
[ronin-core]: https://github.com/ronin-rb/ronin-core#readme
[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme
[ronin-payloads]: https://github.com/ronin-rb/ronin-payloads#readme
[ronin-post_ex]: https://github.com/ronin-rb/ronin-post_ex#readme
[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme