After roughly three months, new versions of ronin-support and ronin have been released!

Upgrade

$ gem update ronin

Easier Text Processing

File.each_line and File.each_row were added to help with processing large text-files:

File.each_line("wordlist.txt") do |word| 
  puts word
end

File.each_row("users_dump.txt", ',') do |user,pass|
  # ...
end

Builtin Regexps

Some common and useful Regular Expressions were added to ronin-support:

  • Regexp::MAC
  • Regexp::IPv4, Regexp::IPv6, Regexp::IP
  • Regexp::HOST_NAME
  • Regexp::USER_NAME
  • Regexp::EMAIL_ADDR

Bruteforcing and Fuzzing

String.generate was added to assist in enumerating over every possible String, based on a format template. This method is especially useful for bruteforcing passwords or directories. The following code enumerates through every password starting with five alpha characters and ending in one to three numeric characters:

String.generate([:alpha, 5], [:numeric, 1..3]) do |password|
  puts password
end

String#fuzz was added to assist in fuzzing Strings. This method will find all occurrences of a sub-string or regular expression, and replace each one with one or more substitutions. The following code replaces every occurrence of a number with 1 to 100 9 characters:

"[1,2,3]".fuzz(/\d+/ => String.generate(['9', 1..100])) do |str|
  puts str
end

Easier DNS Queries

Sometimes you need to query a specific DNS server, and bypass /etc/hosts. Now you can, using any of the lookup methods:

ip = IPAddr.new("209.20.85.251")
ip.lookup("4.2.2.1")
# => [#<Resolv::DNS::Name: 209-20-85-251.slicehost.net.>]

URI::HTTP Convenience Methods

Net.http_* convenience methods were added to URI::HTTP, for quicker access:

url = URI("http://www.vannin.com/robots.txt")

url.ok?
# => true

url.server
# => "Apache"

url.get
# => #<Net::HTTPOK 200 OK readbody=true>

url.get(:headers => {:referer => "><script>alert('XSS');</script>"})
# => #<Net::HTTPOK 200 OK readbody=true>

Ronin::UI Moves

Ronin::UI::Output was moved out of ronin and down into ronin-support. Now developers can use print_info, print_warning print_error methods from ronin-support:

require 'ronin/ui/output'
include Ronin::UI::Output::Helpers
    
print_info  "Hello"
print_error "Danger!"

Ronin::UI::Shell was also moved into ronin-support and refactored. Ronin::UI::Shell is now a Class, where commands can be defined as protected methods:

require 'ronin/ui/shell'

class PwnShell < Ronin::UI::Shell

  protected

  def scan(target)
    IPAddr.each(target) do |ip|
      begin
        print_info "%s:\t%s", ip, Net.http_server(:host => ip)
      rescue
      end
    end
  end

  def dirbust(target,*words)
    Net.http_session(:host => target) do |http|
      words.each do |word|
        path = "/#{word}"

        if http.get(path).code == "200"
          print_info "Found http://#{target}#{path} ..."
        end
      end
    end
  end

end

PwnShell.start
> help
Available commands:

  dirbust target [words]
  exit 
  help 
  quit 
  scan target

Extract and Import Methods

extract and import methods were added to MACAddress, IPAddress, HostName, URL and EmailAddress. extract can parse large amounts of text and extract Resources from it:

HostName.extract(text) { |host| puts host }

import reads every line of a file and saves extracted Resources into the Database:

IPAddress.import("ips.txt") { |ip| puts ip }

Inline Commands and Tab-Completion

The Ronin Console received some significant improvements in 1.3.0.

Inline Commands were added to the Ronin Console, allowing you to quickly execute system commands. Simply prefix the command to run with a !:

>> "olleh".reverse
# => "hello"
>> !ncat github.com 80
GET /
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.0.4</center>
</body>
</html>

New Tab Completion rules were also added, allowing you to tab-complete data in the Database and more:

  • Ronin::IPAddresses:

    >> "192.168.<TAB><TAB>
    192.168.1.1
    192.168.1.52
    
  • Ronin::HostNames:

    >> "www.ex<TAB><TAB>
    www.example.com
    www.exploit-db.com
    
  • Ronin::URLs:

    >> "http://www.victim.com/<TAB><TAB>
    http://www.victim.com/index.php
    http://www.victim.com/page.php?id=1
    http://www.victim.com/page.php?id=2
    http://www.victim.com/page.php?id=3
    
  • Ronin::EmailAddresses:

    >> "alice@e<TAB><TAB>
    alice@evil.com
    alice@example.com
    
  • Local files / directories:

    >> File.read("dump.<TAB><TAB>
    dump.txt
    dump.csv
    
  • Inline Commands:

    >> !nc<TAB><TAB>
    !nc
    !ncat
    !ncftp