Announcing the Ronin 2.0.0 Open Beta
— postmodern
Now that the Big Refactor has been completed, and the first beta versions
of Ronin 2.0.0 and the other ronin-
gems have been released, it is finally
time to begin the Open Beta Testing phase.
What is Ronin?
Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.
Timeframe
The Open Beta will start on January 1st, 2023 and will conclude on February 1st, 2023.
How To Participate
- Install Ronin 2.0.0 (beta).
- Test the commands.
- Test the Ruby libraries.
- Review the README files.
- Review the API documentation.
- Submit bug reports to the appropriate repositories for anything that does not work or does not make sense.
How To Report Issues
Bugs or other issues should be reported to the relevant GitHub repository’s issue tracker. Additionally, questions can be posted in the GitHub repository’s forum (called “Discussions”). Each GitHub repository’s issue tracker and forum are linked below.
Finally, if you’d like to chat, we have a Discord server which beta testers can join.
How To Install Ronin 2.0.0 (beta)
Ronin 2.0.0 (beta) and all of the other dependencies can be installed using the
new ronin-install.sh installation script with the --pre
option flag.
Simply copy and paste the follow two commands into your terminal to download
and execute the installation script:
curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh --pre
If you prefer using Docker, there are also Docker images available for Ubuntu, Fedora, and Alpine, that beta testers can also pull down and run:
$ docker pull roninrb/ronin
$ docker run --rm -it roninrb/ronin
root@89b5d7f15855:/# ronin help
What’s Installed
ronin
ronin is the main ruby gem and provides the main
ronin
command and pulls in the other ronin-
gems as a
dependencies.
GitHub | README | Synopsis | Issues | Forum | Documentation
ronin-support
ronin-support is the support gem which provides most of the APIs and
core-extensions which make Ruby much easier to use. Users will typically use
ronin-support’s APIs in scripts, in the ronin irb
console, or when writing
payloads or exploits.
Think of ronin-support as a cross between Rails’ activesupport and
pwntools.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-core
ronin-core is the “core” library which provides internal APIs for the other
ronin-
libraries. Users do not interact with ronin-core directly, unless
they want to write their own ronin-
library.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-repos
ronin-repos supports installing and managing 3rd party git repositories of exploits, payloads, or potentially any other type of Ruby code. Other libraries such as ronin-exploits and ronin-payloads can load modules from git repositories installed via ronin-repos.
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
ronin-db-activerecord
ronin-db-activerecord defines the ActiveRecord models and migrations for the ronin-db. ronin-db-activerecord can be used by other Ruby libraries or apps.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-db
ronin-db provides a command-line interface (CLI) to ronin-db-activerecord.
It provides the ronin-db
command for managing
and querying database(s).
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
ronin-web-server
ronin-web-server is a small library which provides a Sinatra based web server customized specifically for security related tasks. It provides additional routing methods, routing conditions, helper methods, as well as a reverse proxy.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-web-spider
ronin-web-spider is a small library that builds on top of the battle tested
spidr library. It provides additional callback methods that are relevant to
recon, such as every_host
, every_cert
, every_favicon
, every_javascript
,
every_javascript_string
, every_javascript_comment
, every_html_comment
,
and every_comment
.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-web-user_agents
ronin-web-user_agents is a small library for generating random but realistic
looking User-Agent
strings for a variety of web browsers, OSes, devices, etc.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-web
ronin-web brings together all of the other ronin-web-
libraries and provides
the ronin-web
command which provides numerous handy
web related commands, such as diff
, html
, reverse-proxy
, server
, and
spider
.
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
ronin-code-asm
ronin-code-asm is a Ruby DSL for writing assembly in pure-Ruby. ronin-code-asm can assemble full program or be used to write shellcode.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-code-sql
ronin-code-sql is a Ruby DSL for crafting SQL injections. It can also generate obfuscated SQL for bypassing filters.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-vulns
ronin-vulns is a Ruby library for blind vulnerability testing. It can test for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), reflective Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
ronin-post_ex
ronin-post_ex provides a Post-Exploitation API for interacting with compromised systems. ronin-post_ex is used by both ronin-payloads and ronin-exploits.
GitHub | README | Examples | Issues | Forum | Documentation
ronin-payloads
ronin-payloads is a Ruby micro-framework for writing exploit payloads as plain
old Ruby classes. ronin-payloads comes with common payloads (ex: exec_shell
,
bind_shell
, reverse_shell
) and can also load 3rd party payloads from
ronin-repos.
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
ronin-exploits
ronin-exploits is a Ruby micro-framework for writing and running exploits. ronin-exploits allows one to write exploits as plain old Ruby classes. ronin-exploits can load and run 3rd party exploits from either Ruby files or from ronin-repos.
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
ronin-fuzzer
ronin-fuzzer is a Ruby library and CLI for generating, mutating, and fuzzing data. The goal of ronin-fuzzer is to be as configurable as possible.
GitHub | README | Synopsis | Examples | Issues | Forum | Documentation
Beta Testers Wanted!
Please consider testing Ronin 2.0.0 (beta) as any feedback helps improve
the final release. Even just reviewing the README
files on GitHub or the API
documentation helps. Nearly a year of non-stop development and 4153
commits have gone into Ronin 2.0.0 (beta) and the other ronin-
libraries,
but now we need actual users to test drive it.