Announcing the Ronin 2.0.0 Open Beta

Now that the Big Refactor has been completed, and the first beta versions of Ronin 2.0.0 and the other ronin- gems have been released, it is finally time to begin the Open Beta Testing phase.

What is Ronin?

Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, install 3rd party repositories of exploits and/or payloads, run exploits, write new exploits, managing local databases, fuzzing data, and much more.

Timeframe

The Open Beta will start on January 1st, 2023 and will conclude on February 1st, 2023.

How To Participate

Install Ronin 2.0.0 (beta).
Test the commands.
Test the Ruby libraries.
Review the README files.
Review the API documentation.
Submit bug reports to the appropriate repositories for anything that does not work or does not make sense.

How To Report Issues

Bugs or other issues should be reported to the relevant GitHub repository’s issue tracker. Additionally, questions can be posted in the GitHub repository’s forum (called “Discussions”). Each GitHub repository’s issue tracker and forum are linked below.

Finally, if you’d like to chat, we have a Discord server which beta testers can join.

How To Install Ronin 2.0.0 (beta)

Ronin 2.0.0 (beta) and all of the other dependencies can be installed using the new ronin-install.sh installation script with the --pre option flag. Simply copy and paste the follow two commands into your terminal to download and execute the installation script:

curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh

Note:

the ronin-install.sh script will automatically install any required external dependencies (ex: ruby, libsqlite3, etc) if they are not already installed.

If you prefer using Docker, there are also Docker images available for Ubuntu, Fedora, and Alpine, that beta testers can also pull down and run:

$ docker pull roninrb/ronin
$ docker run  -it roninrb/ronin
root@89b5d7f15855:/# ronin help

What’s Installed

ronin

ronin is the main ruby gem and provides the main ronin command and pulls in the other ronin- gems as a dependencies.

ronin-support

ronin-support is the support gem which provides most of the APIs and core-extensions which make Ruby much easier to use. Users will typically use ronin-support’s APIs in scripts, in the ronin irb console, or when writing payloads or exploits. Think of ronin-support as a cross between Rails’ activesupport and pwntools.

ronin-core

ronin-core is the “core” library which provides internal APIs for the other ronin- libraries. Users do not interact with ronin-core directly, unless they want to write their own ronin- library.

ronin-repos

ronin-repos supports installing and managing 3rd party git repositories of exploits, payloads, or potentially any other type of Ruby code. Other libraries such as ronin-exploits and ronin-payloads can load modules from git repositories installed via ronin-repos.

ronin-db-activerecord

ronin-db-activerecord defines the ActiveRecord models and migrations for the ronin-db. ronin-db-activerecord can be used by other Ruby libraries or apps.

ronin-db

ronin-db provides a command-line interface (CLI) to ronin-db-activerecord. It provides the ronin-db command for managing and querying database(s).

ronin-web-server

ronin-web-server is a small library which provides a Sinatra based web server customized specifically for security related tasks. It provides additional routing methods, routing conditions, helper methods, as well as a reverse proxy.

ronin-web-spider

ronin-web-spider is a small library that builds on top of the battle tested spidr library. It provides additional callback methods that are relevant to recon, such as every_host, every_cert, every_favicon, every_javascript, every_javascript_string, every_javascript_comment, every_html_comment, and every_comment.

ronin-web-user_agents

ronin-web-user_agents is a small library for generating random but realistic looking User-Agent strings for a variety of web browsers, OSes, devices, etc.

ronin-web

ronin-web brings together all of the other ronin-web- libraries and provides the ronin-web command which provides numerous handy web related commands, such as diff, html, reverse-proxy, server, and spider.

ronin-code-asm

ronin-code-asm is a Ruby DSL for writing assembly in pure-Ruby. ronin-code-asm can assemble full program or be used to write shellcode.

ronin-code-sql

ronin-code-sql is a Ruby DSL for crafting SQL injections. It can also generate obfuscated SQL for bypassing filters.

ronin-vulns

ronin-vulns is a Ruby library for blind vulnerability testing. It can test for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), reflective Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

ronin-post_ex

ronin-post_ex provides a Post-Exploitation API for interacting with compromised systems. ronin-post_ex is used by both ronin-payloads and ronin-exploits.

ronin-payloads

ronin-payloads is a Ruby micro-framework for writing exploit payloads as plain old Ruby classes. ronin-payloads comes with common payloads (ex: exec_shell, bind_shell, reverse_shell) and can also load 3rd party payloads from ronin-repos.

ronin-exploits

ronin-exploits is a Ruby micro-framework for writing and running exploits. ronin-exploits allows one to write exploits as plain old Ruby classes. ronin-exploits can load and run 3rd party exploits from either Ruby files or from ronin-repos.

ronin-fuzzer

ronin-fuzzer is a Ruby library and CLI for generating, mutating, and fuzzing data. The goal of ronin-fuzzer is to be as configurable as possible.

Beta Testers Wanted!

Please consider testing Ronin 2.0.0 (beta) as any feedback helps improve the final release. Even just reviewing the README files on GitHub or the API documentation helps. Nearly a year of non-stop development and 4153 commits have gone into Ronin 2.0.0 (beta) and the other ronin- libraries, but now we need actual users to test drive it.

If Ronin interests you or you like the work we do, consider donating to Ronin on GitHub, Patreon, or Open Collective so we can continue building high-quality free and Open Source security tools and Ruby libraries.