Announcing The Big Refactor

After letting Ronin sit for sometime without adding new features or releasing new versions, I decided it was time for a Big Refactor. There is still a lot of useful features and code in Ronin, the code just needs to be brought up to date and those features be better exposed to end-user. A refactor and re-organization will also allow for the rapid development of newer ronin libraries and tools.

High-Level Plan

• Bring repositories up to date with current Ruby best practices.
  • Require ruby >= 2.7.0.
  • Set .ruby-version to ruby-3.0 (WIP).
  • Use keyword arguments (WIP).
  • Rename all extensions/ directories to core_ext/ (WIP).
  • Replace TravisCI with GitHub Actions.
  • Rename master branches to main.
  • Add a CONTRIBUTING.md file.
  • Setup rubocop style checker (pending).
  • Opt-in to rubygems.org MFA requirement (WIP).
• Split larger libraries apart into smaller more manageable libraries.
  • Tier 1: ronin gems that only provide commands (ex: the main ronin gem).
  • Tier 2: ronin-* gems that also contain commands and some library code (ex: ronin-db).
  • Tier 3: ronin-* gems that only contain library code (ex: ronin-web-server).
• Change the licenses of all libraries from GPLv3 to LGPLv3; excluding Tier 1 libraries.
• Avoid excessive meta-programming in favor of simple Plain-Old-Ruby-Objects (PORO).
• Add more commands to each ronin- library to better expose the APIs for non-Ruby-programmers.
• Standardize on using the command_kit gem for all things CLI (WIP).
• Store all user data and configuration in XDG directories (~/.config/, ~/.cache/, ~/.local/share/) (WIP).
• Create a ronin-core library for reusable internal library code.
• Create a ronin-repos library for handling 3rd-party Git repositories of additional code and data.
• Extract database models from ronin into ronin-db. Refactor to use ActiveRecord.
• Extract and refactor the ronin-fuzzer library from ronin-support.
• Extract and refactor ronin-web-server, ronin-web-spider, and ronin-web-user_agents libraries from ronin-web.
• Replace ronin-php with a new ronin-vuln library.
• Extract and refactor ronin-payloads, ronin-post_ex, ronin-agent-node, ronin-agent-php, and ronin-agent-ruby, libraries from ronin-exploits.
• Create a ronin-c2 library for communicating with various agents and payloads.
• Deprecate the ronin-gen gem and command, in favor of adding a gen or new subcommand for generating new boilerplate files or directories.

Libraries

• ronin-support
• ronin-core
• ronin-repos
• ronin-db
• ronin-code-asm
• ronin-code-sql
• ronin-web-server
• ronin-web-spider
• ronin-web-user_agents
• ronin-web
• ronin-fuzzer
• ronin-post_ex
• ronin-c2
• ronin-agent-node
• ronin-agent-php
• ronin-agent-ruby
• ronin-payloads
• ronin-exploits
• ronin

Below are the links to the individual GitHub issues for each library. You will notice that nearly half of the issues are already checked. That is because they have already been completed prior to publishing this blog post. We are already past the half-way mark!

If you want to see what is currently being worked on, checkout the GitHub Project Board.

If you see any issues that interest you, feel free to comment on the issue or join our Discord server.

ronin-support

ronin-support is a support library for ronin-rb. ronin-support provides many Core Extensions to Ruby’s built-in classes as well as it’s own Classes/Modules. ronin-support can be used by other Ruby libraries, tools, or scripts.

Note: Development work is currently taking place on the 1.0.0 branch.

• Add support for a RONIN_HTTP_PROXY env variable
• Style the [ ] part as ANSI bold+bright in CLI::Printing#print_* methods
• Remove ANSI coloring from the message in CLI::Printing#print_* methods?
• Add an ANSI reset to the CLI::Printing#print_* methods
• Add print_debug statements to Network methods
• Add a Hash of built-in User-Agent strings
• Allow the user_agent: keyword argument to accept a Symbol
• Add a user_agent: :random option to Network::HTTP methods
• Add Ronin::Support::Interactive
• Remove data_paths dependency
• Add Ronin::IP value-object class
• Add Ronin::Host value-object class
• Add Ronin::Domain value-object class
• Add Ronin::Port value-object class?
• Rename ronin/formatting to just ronin/format
• Rename ronin/extensions/regexp to ronin/text/patterns
• Add Ronin::IP::CIDR
• Add a Ronin::IP::Glob class
• Refactor Ronin::Templates::Erb to Ronin::Text::ERB
• Add support for Base32
• Add support for Base64, with a custom table
• Add Ronin::Text::Typo
• Add bash shell command formatting methods to ronin/formatting
• Add helper methods for converting between ASCII and UTF8
• Add Ronin::Network::DNS::Resolver
• Add dns_record(type, name) method to Ronin::Network::DNS
• Add dns_mx(name), dns_cname(name), dns_txt(name), etc methods to Ronin::Network::DNS
• Add a basic connect() port scanner method/class to Ronin::Network::TCP
• Add a method for generating our own self-signed cert in Ronin::Network::SSL
• Allow configuring the ssl_version in Ronin::Network::SSL
• Add Ronin::Network::SSL::Server
• Add Ronin::Network::TLS
• Add Ronin::Network::HTTP::Client class
• Refactor http_* methods to accept a single String or URI argument
• Allow http_* methods to support passing a block to receive each response chunk
• Add methods for parsing .key, .pem, or .crt files to Ronin::Crypto
• Add 3DES encryption method to Ronin::Crypto
• Add AES encryption/decryption methods to Ronin::Crypto
• Add RSA encryption/decryption methods to Ronin::Crypto
• Add String#rot(n=13) as a joke to Ronin::Crypto
• Add a Type system called Ronin::Binary::Types
• Add Ronin::Arch namespace

• Remove ronin/fuzzing.rb and ronin/fuzzing
• Change HTTP :proxy options to accept a String
• Upgrade to uri-query_params ~> 0.8
• Upgrade to hexdump ~> 1.0
• Remove ronin/extensions/meta and ronin/extensions/meta/object
• Remove yard-parameters dependency
• Move yard dependency into the Gemfile
• Remove CLI::Printing#print_exception
• Remove the ability to pass format strings to Printing methods
• Add Printing.debug? and Printing.debug=
• Remove ronin/spec/cli/printing
• Remove verbose, normal, quiet, silent modes from CLI::Printing
• Ruby 3.0 removed net/ftp from stdlib
• Remove ronin/ui/output
• Rename ronin/ui/printing to ronin/support/cli/printing
• Remove Ronin::Mixin
• Remove Ronin::UI::REPL and Ronin::UI::Shell
• Add support for truffleruby
• Move all files into the ronin/support/ directory
• Rename extensions/ to core_ext/
• Remove Ronin::Network::Mixins
• Remove Mixin API
• Remove parameters dependency
• Remove ronin/network/http/proxy (Ronin::Network::HTTP::Proxy)
• Add an ANSI module to Ronin::CLI
• Remove Ronin::Wordlist
• Extract ronin/fuzzing from ronin-support

ronin-core

ronin-core is a core library providing common functionality for all ronin libraries.

Note: Development work is currently taking place on the main branch.

• Add Ronin::Core::Metadata::References
• Add Ronin::Core::Metadata::Author
• Add Ronin::Core::Metadata::Summary
• Add Ronin::Core::Metadata::Description
• Support reading multi-line input in Ronin::Core::CLI::Shell.start
• Add a Ronin::Core::CLI::TipCommand base class
• Add a TipFile class for parsing tips.yml files
• Add a Module Registry API

• Add the ability of defining shell commands that have different method names than the command name
• Add a sigil variable to Ronin::Core::CLI::Shell
• Split Ronin::Core::CLI::Shell into Shell and CommandShell
• Add tab-completion support to Ronin::Core::CLI::Shell
• Add ANSI styling to the Ronin::Core::Shell prompt
• Add ANSI styling to the Ronin::Core::Console prompt
• Add Ronin::Core::Console using the new irb gem
• Add more professional looking >>> message, *** warning, !!! error ANSI colored logging methods
• Add Ronin::Core::Shell

ronin-repos

ronin-repos provides a repository system for installing, managing, and accessing third-party git repositories, which can contain code or other data.

Note: Development work is currently taking place on the main branch.

• Add methods to allow requiring a single file from a repository
• Prefix all git methods in Repository with git_
• Add a Repository#has_directory? method
• Add Repository#has_file? method
• Add the ability of detecting a Gemfile and running bundle install
• Add an exec subcommand to ronin-repos

ronin-db

ronin-db is a database library for managing and querying security data. ronin-db provides common ORM models for interacting with the database’s SQL tables and querying/storing security data, such as URLs, email addresses, host names, IPs, ports, etc. ronin-db also provides CLI commands for managing the database(s).

Note: Development work is currently taking place on the main branch.

• Convert option={} to keyword arguments
• Refactor Ronin::DB::CLI::Commands to use Ronin::Core::CLI::Command
• Add truffleruby to the CI
• Refactor ronin-db to use ActiveRecord
• Add models for storing Headers and form data in Ronin’s Database
• Add flavor property to OS

• Add Ronin::DB::CLI::Command base class
• Remove bin/ronin-* files in favor of ronin-db subcommands
• Update required_ruby_version to >= 2.7.0
• Move all ruby files into the lib/ronin/db/ directory
• Remove dm-visualizer and ruby-graphviz from the Gemfile
• Remove yard-dm dependency
• Change license to LGPL-3.0
• Remove all DataMapper code/dependencies from the Gemfile
• Remove all dm-* dependencies
• Refactor Ronin::DB::CLI to be a main command class CLI
• Rename ronin/ui/cli/Ronin::UI::CLI to ronin/db/cli/Ronin::DB::CLI
• Add ronin-core dependency
• Add GitHub CI

ronin-code-asm

ronin-code-asm is a Ruby DSL for crafting Assmebly programs and Shellcode.

Note: Development work is currently taking place on the 1.0.0 branch.

• Replace options={} with keyword arguments
• Add truffleruby to the CI

• Remove data_paths dependency

ronin-code-sql

ronin-code-sql is a Ruby DSL for crafting SQL Injections.

Note: Development work is currently taking place on the 2.0.0 branch.

• Rename extensions directory to core_ext
• Replace options={} with keyword arguments
• Add a sql: keyword argument for selecting the SQL dialect

• Switch rake console back to irb
• Move yard dependency into the Gemfile

ronin-web-server

ronin-web-server is a custom Ruby web server based on Sinatra tailored for security research and development.

Note: Development work is currently taking place on the main branch.

• Add support for the RONIN_HTTP_PROXY env variable
• Add rack-user_agent as a dependency
• Replace print_debug statements in Ronin::Web::Proxy with Logger statements
• Change default/preferred HTTP server to falcon?
• Refactor the Proxy class to use async-http
• Switch options={} to keyword arguments
• Disable Rack::Protection in Ronin::Web::Proxy

• Add webrick as a dependency
• Remove Ronin::Web::Server::Conditions::ClassMethods#campaign
• Move Ronin::Web::Proxy into Ronin::Web::Server
• Re-add project files
• Relicense as LGPL-3.0

ronin-web-spider

ronin-web-spider is a collection of common web spidering routines using the spidr gem.

Note: Development work is currently taking place on the main branch.

• Add support for RONIN_HTTP_PROXY env variable
• Add top-level methods for common spidering tasks

• Re-add project files
• Change license to LGPL-3.0

ronin-web-user_agents

ronin-web-user_agents is yet another User-Agent randomiser library.

Note: Development work is currently taking place on the main branch.

• Add top-level class-methods for the various categories
• Add a Category class
• Add a method for building a custom User-Agent string
• Update User-Agent lists
• Replace the .yml file with multiple .txt and .csv files

• Re-add project files
• Change license to LGPL-3.0

ronin-web

ronin-web is a Ruby library that provides support for web scraping and spidering functionality.

Note: Development work is currently taking place on the 1.0.0 branch.

• Add a spider sub-command
• Add a server sub-command
• Add support for a RONIN_HTTP_PROXY env variable
• Add a proxy command
• Add a MITM -> Browser Proxy command
• Add a diff sub-command
• Eventually re-add jruby to the CI matrix
• Eventually support truffleruby

• Add a common Ronin::Web::CLI::Command base class
• Add ronin-core as a dependency
• Add nokogiri-ext as a dependency
• Add ronin-web-spider as a dependency
• Add ronin-web-user_agents as a dependency
• Remove ronin/web/extensions/nokogiri in favor of nokogiri-ext
• Remove the ronin/web/user_agents.rb file in favor of the new ronin-web-user_agents gem
• Remove ronin/web/spider in favor of the new ronin-web-spider gem
• Extract ronin/web/spider out into its own library
• Extract ronin/web/user_agents out into it’s own library
• Extract ronin/web/extensions/nokogiri/ into it’s own library
• Bump required_ruby_version to >= 2.7.0
• Remove DataMapper/DM related code from Gemfile
• Remove the yard-parameters dependency
• Remove ronin/network/mixins/web
• Add ronin-web-server as a dependency
• Remove ronin/web/proxy in favor of the new ronin-web-server dependency
• Remove ronin/web/server in favor of the ronin-web-server dependency
• Add a Ronin::Web::CLI class
• Add nokogiri-diff as a dependency
• Remove the yard* dependencies from the gemspec
• Remove the ronin dependency
• Remove the data_paths dependency
• Rename extensions/ to core_ext/
• Extract Ronin::Web::Server out into ronin-web-server

ronin-fuzzer

ronin-fuzzer is a Ruby library for generating, mutating, and fuzzing data.

Note: Development work is currently taking place on the main branch.

• Move in the ronin-fuzzer command from the ronin repo chore command
• Add Ronin::Fuzzing::CLI CLI
• Add ronin-support as a dependency chore dependency
• Re-add project files chore
• Add combinatorics as a dependency chore dependency
• Update project name/description in license headers chore

ronin-post_ex

ronin-post_ex is a Ruby API for Post-Exploitation.

Note: Development work is currently taking place on the main branch.

• Add a call method to System
• Add a Net resource for networking methods
• Add a Socket resource similar to File
• Add top-level methods to System that can use fs/process or shell_exec equivalent commands

• Rename Mixin to System
• Refactor Shells::FS to use Ronin::Core::CLI::Shell
• Document the Post Exploitation API
• Bump copyright year
• Update project name/description in license headers
• Change license to LGPL-3.0
• Re-add project files
• Add a Ronin::PostEx::System class
• Replace Ronin::PostExploitation::IO with the fake_io gem
• Add Ronin::PostEx::CapturedFile
• Rename Ronin::PostExploiitation::File to RemoteFile
• Extract Ronin::PostExploitation::IO out into it’s own gem

ronin-c2

ronin-c2 is a C2 library for ronin that can communicate with various payloads and agents.

Note: Development work is currently taking place on the main branch.

• Add Ronin::C2::ConnectBackShell class
• Add Ronin::C2::BindShell class
• Add Ronin::C2::Agent::HTTPServer class
• Add Ronin::C2::Agent::HTTPClient class
• Add Ronin::C2::Agent::TCPServer class
• Add Ronin::C2::Agent::TCPClient class
• Add support for the RONIN_HTTP_PROXY env variable
• Add project files
• Add a Ronin::C2::Encoding::RSA class
• Add a Ronin::C2::Encoding::Base64 class
• Add a Ronin::C2::Message::JSONRPC::Response class
• Add a Ronin::C2::Message::JSONRPC::Request class
• Add a Ronin::C2::Message::Response abstract class
• Add a Ronin::C2::Message::Request abstract class
• Add a Ronin::C2::Transport::HTTPServer class
• Add a Ronin::C2::Transport::HTTPClient class
• Add a Ronin::C2::Transport::TCPServer class
• Add Ronin::C2::Transport::TCPClient class
• Add async-io and async-http as dependencies
• Add ronin-post_exploitation as a dependency
• Add a ronin-c2 main command
• Add sub-commands for connecting to or starting C2 end-points
• Add ronin-core as a dependency

ronin-agent-node

ronin-agent-node is a ronin agent written in node.js.

Note: Development work is currently taking place on the main branch.

• Support JSON RPC 2.0
• Add a build script
• Update code to use let and const

ronin-agent-php

ronin-agent-php is a ronin agent written in PHP.

Note: Development work is currently taking place on the main branch.

• Support JSON RPC 2.0
• Add a build script
• Upgrade the code to PHP5

ronin-agent-ruby

ronin-agent-ruby is a ronin agent written in Ruby.

Note: Development work is currently taking place on the main branch.

• Move Agent::TCP, Agent::UDP, and Agent::HTTP into Agent::Transports
• Rename Transport to Message
• Support JSON RPC 2.0
• Rewrite TCP::Server to use TCPServer

• Move all RPC methods into an RPC module

ronin-payloads

ronin-payloads is a Ruby micro-framework for writing and running exploit payloads.

Note: Development work is currently taking place on the main branch.

• Refactor Payloads and Encoders classes to be plain Ruby Classes
• Move Ronin::Encoders into Ronin::Payloads::
• Remove the ronin/gen directory
• Add a Ronin::Payloads::CLI::Commands::Gen command
• Replace all database properties with class methods for declaring metadata
• Replace options={} with keyword arguments
• Rename Ronin::UI::CLI to Ronin::Payloads::CLI
• Refactor Ronin::UI::CLI::Commands to use Ronin::Core::CLI::Command
• Add ronin-c2 as a dependency

• Added ronin-repos as a dependency
• Add ronin-post_ex as a dependency
• Change license to LGPL-3.0
• Remove ronin/payloads/helpers
• Remove ronin/database/migrations
• Re-add project files
• Add ronin-core as a dependency

ronin-exploits

ronin-exploits is a Ruby library for writing and running exploits and payloads.

Note: Development work is currently taking place on the 1.0.0 branch.

• Add a Ronin::Exploits::CLI::Commands::Gen subcommand
• Replace all database properties with class methods for declaring metadata
• Replace options={} with keyword arguments
• Add ronin-c2 as a dependency
• Include Ronin::Core::ModuleRegistry into Ronin::Exploits
• Update the ronin-exploits/ronin-exploit commands to use ronin-repos
• Add a Ronin::Exploits::CLI main command class
• Rename Ronin::UI::CLI to Ronin::Exploits::CLI
• Refactor the Ronin::Exploits::CLI::Commands classes to use Ronin::Core::CLI::Command
• Eventually support truffleruby
• Eventually re-enable jruby in the CI
• Add a “new” subcommand
• Rename to ronin-exploit or ronin-exploitation to avoid confusion?
• Refactor Ronin::Exploits::Exploit classes to be plain Ruby Classes

• Require ruby >= 2.7.0
• Change license to LGPL-3.0
• Add ronin-core as a dependency
• Remove dm-visualizer dependency
• Add ronin-post_ex as a dependency
• Remove the yard-parameters dependency
• Remove the yard-dm dependency
• Remove ronin/vuln.rb
• Remove ronin/advisory.rb
• Remove exploits related database migration files from ronin/database/migrations/
• Remove ronin/gen/ directory
• Remove payload and encoder files in favor of ronin-payloads
• Extract lib/ronin/payloads out into it’s own repository
• Add ronin-payloads as a dependency
• Remove ronin/post_exploitation in favor of the new ronin-post_exploitation gem
• Add ronin-repos as a dependency
• Remove the ronin dependency
• Delete ronin/payloads in favor of a new ronin-payloads gem
• Extract Ronin::PostExploitation into it’s own repository
• Extract the Ruby RPC payload out into it’s own repository
• Extract the PHP RPC payload out into it’s own repository
• Extract the node.js RPC payload out into it’s own repository
• Move yard dependencies from gemspec.yml into Gemfile
• Remove ronin-gen dependency
• Remove data_paths dependency
• Remove open_namespace dependency

ronin

The main ronin gem.

Note: Development work is currently taking place on the 2.0.0 branch.

• Eventually re-add jruby to the CI matrix
• Eventually support truffleruby
• Make ronin a “meta gem” which pulls in all other ronin-* gems
• Add a tip subcommand
• Add a gen subcommand
• Add a http subcommand
• Add a netcat subcommand
• Add a unhexdump subcommand to ronin using Ronin::Binary::Hexdump::Parser in ronin-support
• Add a hexdump subcommand
• Add a smart grep subcommand
• Add a strings subcommand
• Add enc and dec subcommands

• Re-add the Ronin::CLI::Command base class
• Remove Ronin::Installation
• Bump required_ruby_version to 2.7.0
• Remove lib/bond/
• Remove files replaced by ronin-core
• Remove yard-dm dependency
• Remove dm-* dependencies
• Add ronin-db as a dependency
• Move the ronin-fuzzer command into the ronin-fuzzer repository
• Rename Ronin::UI::CLI to just Ronin::CLI
• Remove Ronin::UI::Console in favor of Ronin::Core::Console
• Add ronin-repos as a dependency
• Add ronin-core as a dependency
• Refactor Ronin::CLI::Commands classes to use ronin-core and command_kit
• Move yard development dependencies into Gemfile
• Remove the uri-query_params dependency
• Remove the pullr dependency
• Remove the parameters dependency
• Remove the object_loader dependency
• Remove the data_paths dependency
• Remove all ripl-* dependencies
• Refactor Ronin::CLI to use CommandKit
• ronin with no arguments should print help
• Remove bin/ronin-* commands in favor of a single ronin command with subcommands
• ronin help should list other ronin-* commands from other ronin-* libraries

The Future

After The Big Refactor is completed, I have plans to create additional new Ronin libraries and tools for various tasks. This refactoring and re-organizing of the dependencies should make the creation of new Ronin libraries and tools much easier.

Here are some ideas:

• ronin-nmap - allow automating nmap and importing scan files into ronin-db.
• ronin-masscan - allow automating masscan and importing scan files into ronin-db.
• ronin-amass - allow automating amass and importing scan files into ronin-db.
• ronin-nvd - imports NVD JSON feeds and CVE data into ronin-db.
• ronin-wordlists - a library for downloading and managing wordlists.
• ronin-wordlist-builder - a library for building wordlists from various sources.
• ronin-ncrack - allow automating ncrack and using ronin-wordlists.
• ronin-brute - a collection of credential bruteforcers using ronin-wordlists.
• ronin-recon - an extendable recon engine, that can also load custom rules.
• ronin-scanner - an extendable scanner that can load custom rules.
• ronin-hub - a web application to provides a web interface to all major ronin libraries and exposes the ronin-db.

Conclusion

If you have made it this far and are interested in helping out, feel free to join our Discord server and get in touch!