class Pentest::Runner

Public Class Methods

new(app_path, hooks) click to toggle source
# File lib/pentest/runner.rb, line 5
def initialize(app_path, hooks)
  @app_path = app_path
  @hooks = hooks
  @routes = ::Rails.application.routes.routes

  @ingredients = Set.new
end

Public Instance Methods

run() click to toggle source
# File lib/pentest/runner.rb, line 13
def run
  @endpoints = @routes.map do |route|
    endpoint = Endpoint.new(route, @app_path, @hooks)
  end.select(&:valid?)

  Logger.debug "Fetched #{@endpoints.size} endpoints"
  Logger.print_seperator

  @hooks[:setups].each do |setup_proc|
    self.instance_eval &setup_proc
  end

  # TODO: Add ingredients when not enough
  Logger.debug "Registered Ingredients: #{@ingredients.to_a.inspect}"

  payloads = []
  @endpoints.each do |endpoint|
    payloads += endpoint.scan!(@ingredients.to_a)
    Logger.print_seperator
  end

  if payloads.empty?
    Logger.info 'No vulnerabilities found'
    return nil
  end

  Logger.error "#{payloads.size} vulnerabilities found!!"

  payloads.each_with_index do |payload, index|
    puts ''
    puts ''
    puts payload.to_s(index)
  end

  puts ''

  :error
end

Private Instance Methods

add_ingredient(ingredient) click to toggle source
# File lib/pentest/runner.rb, line 54
def add_ingredient(ingredient)
  @ingredients << ingredient.to_s
end