lib/ronin/exploits/client_side_web_vuln.rb
# frozen_string_literal: true
#
# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
# payload crafting functionality.
#
# Copyright (c) 2007-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# ronin-exploits is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ronin-exploits is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ronin-exploits. If not, see <https://www.gnu.org/licenses/>.
#
require 'ronin/exploits/web_vuln'
module Ronin
module Exploits
#
# Represents a Client-Side web vulnerability.
#
# @api public
#
# @since 1.0.0
#
class ClientSideWebVuln < WebVuln
param :format, Enum[:http, :curl], default: :curl,
desc: 'Output format'
#
# Formats the exploit based on the `format` param.
#
# @return [String]
# The formatted exploit.
#
# @raise [NotImplementedError]
# The `format` format was not supported.
#
# @api private
#
def format_exploit
case params[:format]
when :http then vuln.to_http(payload)
when :curl then vuln.to_curl(payload)
else
raise(NotImplementedError,"output format not supported: #{params[:format].inspect}")
end
end
#
# Prints the client side exploit.
#
def launch
print_info "Copy and paste the following exploit:"
puts
puts(format_exploit)
puts
end
end
end
end