Now that Phase 2 has been completed, and the first rc versions have been released, it is time to begin the Open Beta Testing Phase for Ronin 2.1.0.

What is Ronin?

Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.

What’s New?

New Libraries

  • ronin-support-web - A new web specific support library for ronin-rb. Provides many helper methods for parsing HTML/XML, fetching web pages, and WebSockets.
  • ronin-web-session_cookie - A new library for parsing and deserializing various session cookie formats. It supports Rack, Django, and JWT.
  • ronin-web-browser - A new Ruby library for automating the Chrome web browser. ronin-web-browser builds on the ferrum gem, and adds additional API methods that are useful to security researchers. Supports intercepting requests and responses, accessing cookies, taking screenshots, etc.
  • ronin-dns-proxy - A new configurable DNS proxy server library. It supports returning spoofing DNS results or passing DNS queries through to the upstream DNS nameserver.
  • ronin-listener-dns - A new DNS server for receiving exfiltrated data sent via DNS queries. ronin-listener-dns can be used to test for XML external entity (XXE) injection.
  • ronin-listener-http - A new HTTP server for receiving exfiltrated data sent via HTTP requests. ronin-listener-http can be used to test for Server-Side Request Forgery (SSRF) or XML external entity (XXE) injection.
  • ronin-listener - A new small CLI utility for receiving exfiltrated data over DNS or HTTP. Supports saving DNS queries and HTTP requests as TXT, CVS, JSON, or NDJSON.
  • ronin-nmap - A new Ruby library and CLI for working with nmap. ronin-nmap can parse nmap XML, convert nmap XML into JSON or CSV, or import nmap XML into the ronin-db database.
  • ronin-masscan - A new Ruby library and CLI for working with masscan. ronin-masscan can parse masscan scan files, convert masscan files into JSON or CSV, or import masscan scan data into the ronin-db database.
  • ronin-wordlists - A new library and tool for managing wordlists. ronin-wordlists can install and update wordlists, and contains a curated list of popular wordlists and their download URLs.
  • ronin-recon - A new micro-framework and tool for performing reconnaissance. ronin-recon uses multiple workers which process different data types (IP, host, URL, etc) and produce new values. ronin-recon contains built-in recon workers and supports loading additional 3rd-party workers from Ruby files or 3rd-party git repositories. ronin-recon has a unique queue design and uses asynchronous I/O to maximize efficiency. ronin-recon can lookup IPs addresses, nameservers, mailservers, bruteforce sub-domains, port scan IPs, discover services, and spider websites.
  • ronin-app - A new small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.

New Commands

  • ronin archive - A new command that easily creates .tar or .zip archives.
  • ronin unarchive - A new command that easily extracts files from .tar or .zip archives.
  • ronin bitsquat - A new command that checks for available or registered bit-squatted domains.
  • ronin completion - Installs shell completion files for all ronin and ronin-* commands for Bash and Zsh shells.
  • ronin dns-proxy - A new command that starts a DNS proxy that can intercept DNS queries and forward others to upstream DNS nameservers.
  • ronin new dns-proxy - A new code generator command that generates a new ronin-dns-proxy Ruby script.
  • ronin pack - A new command that packs the list of arguments into binary data based on their C type.
  • ronin unpack - A new command that unpacks binary data into values for the given C types.
  • ronin new exploit - Alias to ronin-exploits new.
  • ronin new payload - Alias to ronin-payloads new.
  • ronin new dns-listener - Alias to ronin-listener new dns.
  • ronin new http-listener - Alias to ronin-listener new http.
  • ronin new web-app - Alias to ronin-web new app.
  • ronin new nokogiri - Alias to ronin-web new nokogiri.
  • ronin new web-server - Alias to ronin-web new server.
  • ronin new web-spider - Alias to ronin-web new spider.
  • ronin-app - New command that starts the ronin-app and starts a web browser.
  • ronin-exploits completion - New command to install shell completion files for all ronin-exploits commands for Bash and Zsh shells.
  • ronin-payloads completion - New command to install shell completion files for all ronin-payloads commands for Bash and Zsh shells.
  • ronin-vulns command-injection - New command that scans URL(s) for Command Injection vulnerabilities.
  • ronin-vulns irb - New command starts an interactive Ruby shell with ronin/vulns loaded.
  • ronin-vulns completion - New command to install shell completion files for all ronin-vulns commands for Bash and Zsh shells.
  • ronin-listener - New command suite that allows quickly starting a DNS or HTTP server for receiving exfiltrated data.
  • ronin-wordlists - New command suite that manages wordlists.
  • ronin-recon - New command suite for performing recon.
  • ronin-web xml - New command that performs XPath queries on a URL or XML file.
  • ronin-web session-cookie - New command that parses and deserializes various session cookie formats.
  • ronin-web user-agent - New command that generates a random HTTP User-Agent string.
  • ronin-web wordlist - New command that spiders a website and builds a wordlist.
  • ronin-web browser - New command that starts an automated web browser.
  • ronin-web screenshot - New command that screenshots one or more URLs.
  • ronin-web vulns - New command that spiders a website and tests every URL for web vulnerabilities.
  • ronin-web completion - A new command to install shell completion files for all ronin-web commands for Bash and Zsh shells.

ChangeLogs

How long will the Open Beta last?

Now until July 19th, 2024 (~4 weeks).

When Will Ronin 2.1.0 finally be released?

July 22nd, 2024

How do I participate?

How To Install Ronin 2.1.0.rc1

Ronin 2.1.0.rc1 and all of the other dependencies can be installed using the new ronin-install.sh installation script with the --pre option flag. Simply copy and paste the follow two commands into your terminal to download and execute the installation script:

curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh --pre
Note:

the ronin-install.sh script will automatically install any required external dependencies (ex: ruby, libsqlite3, etc) if they are not already installed.

If you prefer using Docker, there are also roninrb/ronin:2.1.0.rc1 Docker images available for Ubuntu, Fedora, and Alpine, that beta testers can also pull down and run:

$ docker pull roninrb/ronin:2.1.0.rc1.1
$ docker run --rm -it roninrb/ronin:2.1.0.rc1.1
root@98e039844d53:/# ronin -V
ronin 2.1.0.rc2

How To Report Issues

Bugs or other issues should be reported to the relevant GitHub repository’s issue tracker. Additionally, questions can be posted in the GitHub repository’s forum (called “Discussions”).

Finally, if you’d like to chat, we have a Discord server which beta testers can join.

Will there be prizes?

Beta testers that successfully submit a bug report or a Pull Request are eligible for a free sticker.

If Ronin interests you or you like the work we do, consider donating to Ronin on GitHub, Patreon, or Open Collective so we can continue building high-quality free and Open Source security tools and Ruby libraries.