After letting Ronin sit for sometime without adding new features or releasing new versions, I decided it was time for a Big Refactor. There is still a lot of useful features and code in Ronin, the code just needs to be brought up to date and those features be better exposed to end-user. A refactor and re-organization will also allow for the rapid development of newer ronin libraries and tools.

High-Level Plan

  • Bring repositories up to date with current Ruby best practices.
    • Require ruby >= 2.7.0.
    • Set .ruby-version to ruby-3.0 (WIP).
    • Use keyword arguments (WIP).
    • Rename all extensions/ directories to core_ext/ (WIP).
    • Replace TravisCI with GitHub Actions.
    • Rename master branches to main.
    • Add a CONTRIBUTING.md file.
    • Setup rubocop style checker (pending).
    • Opt-in to rubygems.org MFA requirement (WIP).
  • Split larger libraries apart into smaller more manageable libraries.
    • Tier 1: ronin gems that only provide commands (ex: the main ronin gem).
    • Tier 2: ronin-* gems that also contain commands and some library code (ex: ronin-db).
    • Tier 3: ronin-* gems that only contain library code (ex: ronin-web-server).
  • Change the licenses of all libraries from GPLv3 to LGPLv3; excluding Tier 1 libraries.
  • Avoid excessive meta-programming in favor of simple Plain-Old-Ruby-Objects (PORO).
  • Add more commands to each ronin- library to better expose the APIs for non-Ruby-programmers.
  • Standardize on using the command_kit gem for all things CLI (WIP).
  • Store all user data and configuration in XDG directories (~/.config/, ~/.cache/, ~/.local/share/) (WIP).
  • Create a ronin-core library for reusable internal library code.
  • Create a ronin-repos library for handling 3rd-party Git repositories of additional code and data.
  • Extract database models from ronin into ronin-db. Refactor to use ActiveRecord.
  • Extract and refactor the ronin-fuzzer library from ronin-support.
  • Extract and refactor ronin-web-server, ronin-web-spider, and ronin-web-user_agents libraries from ronin-web.
  • Replace ronin-php with a new ronin-vuln library.
  • Extract and refactor ronin-payloads, ronin-post_ex, ronin-agent-node, ronin-agent-php, and ronin-agent-ruby, libraries from ronin-exploits.
  • Create a ronin-c2 library for communicating with various agents and payloads.
  • Deprecate the ronin-gen gem and command, in favor of adding a gen or new subcommand for generating new boilerplate files or directories.

Libraries

Below are the links to the individual GitHub issues for each library. You will notice that nearly half of the issues are already checked. That is because they have already been completed prior to publishing this blog post. We are already past the half-way mark!

If you want to see what is currently being worked on, checkout the GitHub Project Board.

If you see any issues that interest you, feel free to comment on the issue or join our Discord server.

ronin-support

ronin-support is a support library for ronin-rb. ronin-support provides many Core Extensions to Ruby’s built-in classes as well as it’s own Classes/Modules. ronin-support can be used by other Ruby libraries, tools, or scripts.

Note: Development work is currently taking place on the 1.0.0 branch.

ronin-core

ronin-core is a core library providing common functionality for all ronin libraries.

Note: Development work is currently taking place on the main branch.

ronin-repos

ronin-repos provides a repository system for installing, managing, and accessing third-party git repositories, which can contain code or other data.

Note: Development work is currently taking place on the main branch.

ronin-db

ronin-db is a database library for managing and querying security data. ronin-db provides common ORM models for interacting with the database’s SQL tables and querying/storing security data, such as URLs, email addresses, host names, IPs, ports, etc. ronin-db also provides CLI commands for managing the database(s).

Note: Development work is currently taking place on the main branch.

ronin-code-asm

ronin-code-asm is a Ruby DSL for crafting Assmebly programs and Shellcode.

Note: Development work is currently taking place on the 1.0.0 branch.

ronin-code-sql

ronin-code-sql is a Ruby DSL for crafting SQL Injections.

Note: Development work is currently taking place on the 2.0.0 branch.

ronin-web-server

ronin-web-server is a custom Ruby web server based on Sinatra tailored for security research and development.

Note: Development work is currently taking place on the main branch.

ronin-web-spider

ronin-web-spider is a collection of common web spidering routines using the spidr gem.

Note: Development work is currently taking place on the main branch.

ronin-web-user_agents

ronin-web-user_agents is yet another User-Agent randomiser library.

Note: Development work is currently taking place on the main branch.

ronin-web

ronin-web is a Ruby library that provides support for web scraping and spidering functionality.

Note: Development work is currently taking place on the 1.0.0 branch.

ronin-fuzzer

ronin-fuzzer is a Ruby library for generating, mutating, and fuzzing data.

Note: Development work is currently taking place on the main branch.

ronin-post_ex

ronin-post_ex is a Ruby API for Post-Exploitation.

Note: Development work is currently taking place on the main branch.

ronin-c2

ronin-c2 is a C2 library for ronin that can communicate with various payloads and agents.

Note: Development work is currently taking place on the main branch.

ronin-agent-node

ronin-agent-node is a ronin agent written in node.js.

Note: Development work is currently taking place on the main branch.

ronin-agent-php

ronin-agent-php is a ronin agent written in PHP.

Note: Development work is currently taking place on the main branch.

ronin-agent-ruby

ronin-agent-ruby is a ronin agent written in Ruby.

Note: Development work is currently taking place on the main branch.

ronin-payloads

ronin-payloads is a Ruby micro-framework for writing and running exploit payloads.

Note: Development work is currently taking place on the main branch.

ronin-exploits

ronin-exploits is a Ruby library for writing and running exploits and payloads.

Note: Development work is currently taking place on the 1.0.0 branch.

ronin

The main ronin gem.

Note: Development work is currently taking place on the 2.0.0 branch.

The Future

After The Big Refactor is completed, I have plans to create additional new Ronin libraries and tools for various tasks. This refactoring and re-organizing of the dependencies should make the creation of new Ronin libraries and tools much easier.

Here are some ideas:

  • ronin-nmap - allow automating nmap and importing scan files into ronin-db.
  • ronin-masscan - allow automating masscan and importing scan files into ronin-db.
  • ronin-amass - allow automating amass and importing scan files into ronin-db.
  • ronin-nvd - imports NVD JSON feeds and CVE data into ronin-db.
  • ronin-wordlists - a library for downloading and managing wordlists.
  • ronin-wordlist-builder - a library for building wordlists from various sources.
  • ronin-ncrack - allow automating ncrack and using ronin-wordlists.
  • ronin-brute - a collection of credential bruteforcers using ronin-wordlists.
  • ronin-recon - an extendable recon engine, that can also load custom rules.
  • ronin-scanner - an extendable scanner that can load custom rules.
  • ronin-hub - a web application to provides a web interface to all major ronin libraries and exposes the ronin-db.

Conclusion

If you have made it this far and are interested in helping out, feel free to join our Discord server and get in touch!