ronin¶ ↑
Description¶ ↑
Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin
contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.
Who is Ronin
for?¶ ↑
-
CTF players
-
Bug bounty hunters
-
Security Researchers
-
Security Engineers
-
Developers
-
Students
What does Ronin
provide?¶ ↑
-
A toolkit of useful commands.
-
A fully-loaded Ruby REPL.
-
An ecosystem of high-quality security related Ruby libraries, APIs, and commands.
-
A lightweight local web UI.
What can you do with Ronin
?¶ ↑
-
Quickly process and query various data using the
ronin
commands. -
Efficiently work with code and data in the
ronin irb
Ruby REPL. -
Rapidly prototype Ruby scripts using ronin-support and other
ronin
libraries. -
Install 3rd-party git repositories of exploits, payloads, or other code, using ronin-repos.
-
Import and query data using the ronin-db database.
-
Fuzz data using ronin-fuzzer.
-
Perform recon using ronin-recon.
-
Use common payloads or write your own using ronin-payloads.
-
Write/run exploits using ronin-exploits.
-
Scan for web vulnerabilities using ronin-vulns.
-
Performs scans and browse the database in your browser using ronin-app.
Synopsis¶ ↑
Usage: ronin [options] [COMMAND [ARGS...]] Options: -h, --help Print help information Arguments: [COMMAND] The command name to run [ARGS ...] Additional arguments for the command Commands: archive asn banner-grab bitflip cert-dump cert-gen cert-grab completion decode, dec decrypt dns dns-proxy email-addr encode, enc encrypt entropy escape extract grep help hexdump highlight hmac homoglyph host http ip iprange irb md5 netcat, nc new pack proxy public-suffix-list quote rot sha1 sha256 sha512 strings tld-list tips typo typosquat unarchive unescape unhexdump unpack unquote url xor Additional Ronin Commands: $ ronin-repos $ ronin-wordlists $ ronin-db $ ronin-web $ ronin-fuzzer $ ronin-masscan $ ronin-nmap $ ronin-recon $ ronin-payloads $ ronin-exploits $ ronin-vulns $ ronin-app
List ronin commands:
$ ronin help
View a man-page for a command:
$ ronin help COMMAND
Get a random tip on how to use ronin
:
$ ronin tips
Open the Ronin
Ruby REPL:
$ ronin irb , Jµ ▓▓█▓ J▌ ▐▓██▌ ████ ██ ▐███D ╓▄▓▓█████▌ ██µ ████ ▄███ÖJ██▌ ███▌ ,╓µ▄▄▄▄▄▄▄▄µ;, ,▄▓██████████ ▐███ ▐███▀ ███▌ ████µ ▄███ ¬∞MÆ▓███████████████████████▓M ▄██████▀▀╙████▌ ████▌ ████ ▄███ J█████ ███▌ `█████▀▀▀▀▀███████ -████▀└ ████ ▐█████n ▄███O ███▌ ██████████ ▓████L ████▀ ▓████ ▓███Ö ███████ ███▌ ▓███ ▐█████████▀ ▄████▀ ,╓▄▄▄█████ J████Ü ,███▌ ▄███████████ J███▀ ████ █████ J█████████████████─ ████▌ ████ ████`██████▌ ████ ▐███Ü ▐███Ü ███████████▀▀▀╙└ ▐████ J███▌ ▓███▌ ²█████ J███Ü ███▌ ▀█▌ ▓██████████▌ ████▌ ████ ;████ ▀███▀ ███▌ J▀▀▀- █ ▄█████▀ ▀█████µ ▐████ ,▄▓████▀ ████▀ ███ J███ ` J█████- ╙▀███▄ ████████████▀╙ J█▀▀▀ █U ▀█▌ ████▀ ▀███ ▄████████▀▀ ╨ █ ▓██▀ ²▀█▄ █▀▀▀╙└ ▄██╜ ╙W J█▀ ▌└ ┘ irb(ronin)>
Starts and opens the interactive Web UI for Ronin:
$ ronin-app
Binary¶ ↑
Hexdumps data in a variety of formats:
$ ronin hexdump /bin/ls
Un-hexdumps a hexdump file back into it’s original raw binary data:
$ ronin unhexdump -o data.bin hexdump.txt
Print all printable strings from a file:
$ ronin strings /bin/ls
Print all alphabetic strings from a file:
$ ronin strings --alpha /bin/ls
Print all alpha-numeric strings from a file:
$ ronin strings --alpha-num /bin/ls
Print all numeric strings from a file:
$ ronin strings --numeric /bin/ls
Print all hexadecimal strings from a file:
$ ronin strings --hex /bin/ls
Enumerate through all of the Bit-flips of a domain name:
$ ronin bitflip microsoft --alpha-num --append .com licrosoft.com oicrosoft.com iicrosoft.com eicrosoft.com Microsoft.com mhcrosoft.com mkcrosoft.com mmcrosoft.com macrosoft.com mycrosoft.com ...
Encoding¶ ↑
Base64 encode a string:
$ ronin encode --base64 --string "foo bar baz" Zm9vIGJhciBiYXo=
Zlib compresses, Base64 encodes, and then URI encode a string:
$ ronin encode --zlib --base64 --uri --string "foo bar" %65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A
Base64 decode a string:
$ ronin decode --base64 --string "Zm9vIGJhciBiYXo=" foo bar baz
URI decode, Base64 decode, and then zlib inflates a string:
$ ronin decode --uri --base64 --zlib --string "%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A" foo bar
URI escape a string:
$ ronin escape --uri --string "foo bar" foo%20bar
URI unescape a string:
$ ronin unescape --uri --string "foo%20bar" foo bar
Convert a file into a quoted C string:
$ ronin quote --c file.bin "..."
Convert a file into a quoted JavaScript string:
$ ronin quote --js file.bin
Unquote a C string:
$ ronin unquote --c --string '"\x66\x6f\x6f\x20\x62\x61\x72"' foo bar
Text¶ ↑
Extract high-entropy data from a file:
$ ronin entropy -e 5.0 index.html
Grep for common patterns of data:
$ ronin grep --hash index.html
Extract common patterns from data:
$ ronin extract --hash index.html
Generate a random typo of a word:
$ ronin typo microsoft microssoft
Enumerate over every typo variation of a word:
$ ronin typo --enum microsoft microosoft microsooft microssoft
Generate a random homoglyph version of a word:
$ ronin homoglyph CEO CEO
Enumerate over every homoglyph variation of a word:
$ ronin homoglyph --enum CEO ϹEO СEO ⅭEO CEO CΕO CЕO CEO CEΟ CEО CEO
Syntax-highlights a file:
$ ronin highlight index.html
Cryptography¶ ↑
AES-256 encrypt a file:
$ ronin encrypt --cipher aes-256-cbc --password "..." file.txt > encrypted.bin
Decrypt data:
$ ronin decrypt --cipher aes-256-cbc --password "..." encrypted.bin
Generates a HMAC for a file:
$ ronin hmac --hash sha1 --password "too many secrets" data.txt
Generates a HMAC for a string:
$ ronin hmac --hash sha1 --password "too many secrets" --string "..."
Calculate an MD5 checksum of a string:
$ ronin md5 --string "hello world" 5eb63bbbe01eeed093cb22bb8f5acdc3
Calculate the MD5 checksum of a file:
$ ronin md5 file.txt
Calculate the MD5 checksum of every line in a file:
$ ronin md5 --multiline file.txt
Calculate an SHA1 checksum of a string:
$ ronin sha1 --string "hello world" 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
Calculate the SHA1 checksum of a file:
$ ronin sha1 file.txt
Calculate the SHA1 checksum of every line in a file:
$ ronin sha1 --multiline file.txt
Calculate an SHA256 checksum of a string:
$ ronin sha256 --string "hello world" b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Calculate the SHA256 checksum of a file:
$ ronin sha256 file.txt
Calculate the SHA256 checksum of every line in a file:
$ ronin sha256 --multiline file.txt
Calculate an SHA512 checksum of a string:
$ ronin sha512 --string "hello world" 309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
Calculate the SHA512 checksum of a file:
$ ronin sha512 file.txt
Calculate the SHA512 checksum of every line in a file:
$ ronin sha512 --multiline file.txt
ROT-13 encodes a string:
$ ronin rot --string "The quick brown fox jumps over the lazy dog" Gur dhvpx oebja sbk whzcf bire gur ynml qbt
XOR encodes a string:
$ ronin xor --key ABC --string "The quick brown fox jumps over the lazy dog" "\x15*&a36(!(a 1.5-a$,9b)4/32b,7'1a6+$b/ 8:a&,&"
Networking¶ ↑
Query the ASN of an IP address:
$ ronin asn -I 4.2.2.1 4.0.0.0/9 AS3356 (US) LEVEL3
Get the system’s external/public IP address:
$ ronin ip --public
Convert an IP address to decimal format:
$ ronin ip --decimal 127.0.0.1 2130706433
Convert a file of IP addresses into URLs:
$ ronin ip --file targets.txt --http
Enumerate over every IP address in the IP CIDR range:
$ ronin iprange 10.1.0.0/15 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 10.0.0.6 10.0.0.7 10.0.0.8 10.0.0.9 ...
Enumerate over every IP address in the IP glob range:
$ ronin iprange 10.1-3.0.* 10.1.0.1 10.1.0.2 10.1.0.3 10.1.0.4 10.1.0.5 10.1.0.6 10.1.0.7 10.1.0.8 10.1.0.9 10.1.0.10 ...
Enumerate over every IP address between two IP addresses:
$ ronin iprange --start 10.0.0.1 --stop 10.0.3.33 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 10.0.0.6 10.0.0.7 10.0.0.8 10.0.0.9 10.0.0.10
Connect to a remote TCP service:
$ ronin netcat -v example.com 80
Listen on a local TCP port:
$ ronin netcat -v -l 1337
Connect to a remote SSL/TLS service:
$ ronin netcat -v --ssl example.com 443
Connect to a remote UDP service:
$ ronin netcat -v -u example.com 1337
Listen on a local UDP port:
$ ronin netcat -v -u -l 1337
Opens a UNIX socket:
$ ronin netcat -v --unix /path/to/unix.socket
Hexdump all data received from a socket:
$ ronin netcat --hexdump example.com 80 GET / HTTP/1.1 Host: example.com User-Agent: Ruby 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.| 00000010 0a 41 67 65 3a 20 32 35 30 38 30 36 0d 0a 43 61 |.Age: 250806..Ca| 00000020 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 |che-Control: max| 00000030 2d 61 67 65 3d 36 30 34 38 30 30 0d 0a 43 6f 6e |-age=604800..Con| 00000040 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f |tent-Type: text/| 00000050 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 |html; charset=UT| ...
DNS¶ ↑
Query DNS records:
$ ronin dns -t TXT github.com
Find all registered TLDs for a host name:
$ ronin host --enum-tlds --registered github.com github.ac github.actor github.ae github.africa github.agency github.ai ...
Find all registered public suffixes for a host name:
$ ronin host --enum-suffix --registered github.com example.com.ag example.ai example.al example.am example.com.ar example.at example.co.at example.or.at example.com.au example.be example.com.bh ...
Find all subdomains that have addresses:
$ ronin host --enum-subdomains subdomains.txt --has-addresses google.com www.google.com mail.google.com smtp.google.com ns1.google.com ns2.google.com m.google.com ns.google.com blog.google.com admin.google.com news.google.com vpn.google.com ns3.google.com ...
Enumerate over every possible typosquat variation of a domain:
$ ronin typosquat microsoft.com microosoft.com microsooft.com microssoft.com
Find all of the registered typosquat domains for a valid domain:
$ ronin typosquat --registered microsoft.com
Find all of the typosquat domains with addresses for a valid domain:
$ ronin typosquat --has-addresses microsoft.com
Find all of the unregistered typosquat domains for a valid domain:
$ ronin typosquat --unregistered microsoft.com
De-obfuscate an email address:
$ ronin email-addr --deobfuscate "john [dot] smith [at] example [dot] com" john.smith@example.com
Enumerate through all of the obfuscations of an email address:
$ ronin email-addr --enum-obfuscations john.smith@example.com john.smith @ example.com john.smith AT example.com john.smith at example.com john.smith[AT]example.com john.smith[at]example.com ...
SSL/TLS Certs¶ ↑
Dump information about a SSL/TLS certificate:
$ ronin cert-dump https://example.com/
Download a SSL/TLS certificate from a host and port:
$ ronin cert-grab github.com:443
Generate a new SSL/TLS certificate:
$ ronin cert-gen -c test.com -O "Test Co" -U "Test Dept" \ -L "Test City" -S NY -C US
HTTP¶ ↑
Perform an HTTP GET
request (with syntax highlighting):
$ ronin http https://example.com/
Send an HTTP request with additional headers:
$ ronin http --post --header "Authorization: ..." https://foo.bar/
Send an HTTP request with a known User-Agent
string:
$ ronin http --post --user-agent chrome-android https://foo.bar/
Send an HTTP request with a custom User-Agent
string:
$ ronin http --post --user-agent-string "..." https://foo.bar/
Open an interactive HTTP shell:
$ ronin http --shell https://example.com/ https://example.com/> help help [COMMAND] Prints the list of commands or additional help get PATH[?QUERY] [BODY] Performs a GET request head PATH[?QUERY] Performs a HEAD request patch PATH[?QUERY] [BODY] Performs a PATCH request post PATH[?QUERY] [BODY] Performs a POST request put PATH [BODY] Performs a PUT request copy PATH DEST Performs a COPY request delete PATH[?QUERY] Performs a DELETE request lock PATH[?QUERY] Performs a LOCK request options PATH[?QUERY] Performs a OPTIONS request mkcol PATH[?QUERY] Performs a MKCOL request move PATH[?QUERY] DEST Performs a MOVE request propfind PATH[?QUERY] Performs a PROPFIND request proppatch PATH[?QUERY] Performs a PROPPATCH request trace PATH[?QUERY] Performs a TRACE request unlock PATH[?QUERY] Performs a UNLOCK request cd PATH Changes the base URL path headers [{set | unset} NAME [VALUE]] Manages the request headers
Print the HTTP status of every URL in a file:
$ ronin url --file urls.txt --status
Generators¶ ↑
Generate a new Ruby script with ronin-support preloaded:
$ ronin new script foo.rb
Generate a new Ruby project with a Gemfile
:
$ ronin new project foo
Generate a new nokogiri Ruby script for parsing HTML/XML:
$ ronin new nokogiri foo.rb
Generate a new ronin-web-server Ruby script:
$ ronin new web-server my_server.rb
Generate a new ronin-web-server based web app:
$ ronin new web-app my_app
Generate a new ronin-web-spider Ruby script:
$ ronin new web-spider --host=example.com my_spider.rb
Generate a ronin-listener-dns script:
$ ronin new dns-listener my_dns_listener.rb
Generate a ronin-dns-proxy script:
$ ronin new dns-proxy my_dns_proxy.rb
Generate a ronin-listener-http script:
$ ronin new http-listener my_http_listener.rb
Generate a ronin-exploits script:
$ ronin new exploit my_exploit.rb
Generate a ronin-payloads script:
$ ronin new payload my_payload.rb
Archive¶ ↑
Archive files:
$ ronin archive -o archive.zip file1.txt file2.txt
Archive files using tar format:
$ ronin archive -o archive.tar file1.txt file2.txt
Unarchive files:
$ ronin unarchive arch1.tar arch2.zip
Unarchive a file with explicit format:
$ ronin unarchive -f zip arch2.jar
See Also¶ ↑
Requirements¶ ↑
-
Ruby >= 3.1.0
-
open_namespace ~> 0.4
-
rouge ~> 3.0
-
async-io ~> 1.0
-
wordlist ~> 1.1
-
ronin-support ~> 1.1
-
ronin-dns-proxy ~> 0.1
-
ronin-core ~> 0.2
-
ronin-repos ~> 0.1
-
ronin-wordlists ~> 0.1
-
ronin-db ~> 0.1
-
ronin-listener ~> 0.1
-
ronin-nmap ~> 0.1
-
ronin-masscan ~> 0.1
-
ronin-recon ~> 0.1
-
ronin-fuzzer ~> 0.1
-
ronin-web ~> 2.0
-
ronin-code-asm ~> 1.0
-
ronin-code-sql ~> 2.0
-
ronin-payloads ~> 0.1
-
ronin-exploits ~> 1.0
-
ronin-vulns ~> 0.2
-
ronin-app ~> 0.1
Install¶ ↑
Bash Script¶ ↑
curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh
Manually¶ ↑
See the manual install instructions for how to install Ronin
and it’s additional dependencies on your platform.
Docker¶ ↑
If you prefer using Docker, there are also Docker images available:
docker pull roninrb/ronin docker run -it roninrb/ronin
Additionally, if you want to mount your home directory into the docker image:
docker run --mount type=bind,source="$HOME",target=/home/ronin -it ronin
Development¶ ↑
-
Clone It!
-
cd ronin
-
./scripts/setup
-
git checkout -b my_feature
-
Code It!
-
bundle exec rake spec
-
git push origin my_feature
License¶ ↑
Copyright © 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
Ronin
is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Ronin
is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with Ronin
. If not, see www.gnu.org/licenses/.