class Pentest::Payload
Attributes
injection[RW]
params[RW]
penetration_confidence[RW]
penetration_message[RW]
penetration_type[RW]
values[RW]
Public Class Methods
new(data = {})
click to toggle source
# File lib/pentest/payload.rb, line 7 def initialize(data = {}) @route = data.fetch(:route) @params = data.fetch(:params, []) @values = data.fetch(:values, []) @injection = data.fetch(:injection, '') @injection_point = data.fetch(:injection_point, nil) @penetration_confidence = nil @penetration_message = nil @penetration_type = nil end
Public Instance Methods
params_hash()
click to toggle source
# File lib/pentest/payload.rb, line 19 def params_hash @params.zip(@values).to_h end
to_s(index)
click to toggle source
# File lib/pentest/payload.rb, line 23 def to_s(index) path_parameters = {} query_parameters = [] vulnerability_name = @penetration_type.upcase if @penetration_confidence == :preattack vulnerability_name = "POSSIBLE #{vulnerability_name}" end lines = [] lines << Term::ANSIColor.red("#{index + 1}. #{vulnerability_name} FOUND") lines << '' lines << '=== Payload ===' params_hash.each_with_index do |(param, value), index| if @route.required_parts.include? param[0] path_parameters[param[0]] = value else if @injection_point == index if @penetration_confidence == :attack query_parameters << [param, Term::ANSIColor.red(URI.encode(@injection))] else query_parameters << [param, Term::ANSIColor.red('[malicious payload]')] end else query_parameters << [param, URI.encode(value)] end end end lines << "#{@route.verb} #{@route.format(path_parameters)}" query_parameters.each_with_index do |(param, value), index| key = if param.size == 1 param[0] else "#{param[0]}[#{param[1]}]" end lines << "#{' ' * @route.verb.size} #{index == 0 ? '?' : '&'}#{key}=#{value}" end lines << '' lines << '=== Proof of Penetration ===' lines << @penetration_message lines.join("\n") end