Class: Pentest::Payload

Inherits:
Object
  • Object
show all
Defined in:
lib/pentest/payload.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(data = {}) ⇒ Payload

Returns a new instance of Payload.



7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/pentest/payload.rb', line 7

def initialize(data = {})
  @route = data.fetch(:route)
  @params = data.fetch(:params, [])
  @values = data.fetch(:values, [])
  @injection = data.fetch(:injection, '')
  @injection_point = data.fetch(:injection_point, nil)

  @penetration_confidence = nil
  @penetration_message = nil
  @penetration_type = nil
end

Instance Attribute Details

#injectionObject

Returns the value of attribute injection.



5
6
7
 
# File 'lib/pentest/payload.rb', line 5

def injection
  @injection
end

#paramsObject

Returns the value of attribute params.



5
6
7
 
# File 'lib/pentest/payload.rb', line 5

def params
  @params
end

#penetration_confidenceObject

Returns the value of attribute penetration_confidence.



5
6
7
 
# File 'lib/pentest/payload.rb', line 5

def penetration_confidence
  @penetration_confidence
end

#penetration_messageObject

Returns the value of attribute penetration_message.



5
6
7
 
# File 'lib/pentest/payload.rb', line 5

def penetration_message
  @penetration_message
end

#penetration_typeObject

Returns the value of attribute penetration_type.



5
6
7
 
# File 'lib/pentest/payload.rb', line 5

def penetration_type
  @penetration_type
end

#valuesObject

Returns the value of attribute values.



5
6
7
 
# File 'lib/pentest/payload.rb', line 5

def values
  @values
end

Instance Method Details

#params_hashObject 



19
20
21
 
# File 'lib/pentest/payload.rb', line 19

def params_hash
  @params.zip(@values).to_h
end

#to_s(index) ⇒ Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/pentest/payload.rb', line 23

def to_s(index)
  path_parameters = {}
  query_parameters = []

  vulnerability_name = @penetration_type.upcase
  if @penetration_confidence == :preattack
    vulnerability_name = "POSSIBLE #{vulnerability_name}"
  end

  lines = []

  lines << Term::ANSIColor.red("#{index + 1}. #{vulnerability_name} FOUND")

  lines << ''

  lines << '=== Payload ==='

  params_hash.each_with_index do |(param, value), index|
    if @route.required_parts.include? param[0]
      path_parameters[param[0]] = value
    else
      if @injection_point == index
        if @penetration_confidence == :attack
          query_parameters << [param, Term::ANSIColor.red(URI.encode(@injection))]
        else
          query_parameters << [param, Term::ANSIColor.red('[malicious payload]')]
        end
      else
        query_parameters << [param, URI.encode(value)]
      end
    end
  end

  lines << "#{@route.verb} #{@route.format(path_parameters)}"

  query_parameters.each_with_index do |(param, value), index|
    key = if param.size == 1
      param[0]
    else
      "#{param[0]}[#{param[1]}]"
    end

    lines << "#{' ' * @route.verb.size} #{index == 0 ? '?' : '&'}#{key}=#{value}"
  end

  lines << ''

  lines << '=== Proof of Penetration ==='
  lines << @penetration_message

  lines.join("\n")
end