After nearly a year of development and the completion of Phase 2, Ronin 2.1.0 has finally been released! It might not seem like a big difference between 2.0.0 and 2.1.0, but this release includes a ton of new libraries and commands.

What is Ronin?

Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.

What is New?

New Libraries

  • ronin-support-web - A new web specific support library for ronin-rb. Provides many helper methods for parsing HTML/XML, fetching web pages, and WebSockets.
  • ronin-web-session_cookie - A new library for parsing and deserializing various session cookie formats. It supports Rack, Django, and JWT.
  • ronin-web-browser - A new Ruby library for automating the Chrome web browser. ronin-web-browser builds on the ferrum gem, and adds additional API methods that are useful to security researchers. Supports intercepting requests and responses, accessing cookies, taking screenshots, etc.
  • ronin-dns-proxy - A new configurable DNS proxy server library. It supports returning spoofing DNS results or passing DNS queries through to the upstream DNS nameserver.
  • ronin-listener-dns - A new DNS server for receiving exfiltrated data sent via DNS queries. ronin-listener-dns can be used to test for XML external entity (XXE) injection.
  • ronin-listener-http - A new HTTP server for receiving exfiltrated data sent via HTTP requests. ronin-listener-http can be used to test for Server-Side Request Forgery (SSRF) or XML external entity (XXE) injection.
  • ronin-listener - A new small CLI utility for receiving exfiltrated data over DNS or HTTP. Supports saving DNS queries and HTTP requests as TXT, CVS, JSON, or NDJSON.
  • ronin-nmap - A new Ruby library and CLI for working with nmap. ronin-nmap can parse nmap XML, convert nmap XML into JSON or CSV, or import nmap XML into the ronin-db database.
  • ronin-masscan - A new Ruby library and CLI for working with masscan. ronin-masscan can parse masscan scan files, convert masscan files into JSON or CSV, or import masscan scan data into the ronin-db database.
  • ronin-wordlists - A new library and tool for managing wordlists. ronin-wordlists can install and update wordlists, and contains a curated list of popular wordlists and their download URLs.
  • ronin-recon - A new micro-framework and tool for performing reconnaissance. ronin-recon uses multiple workers which process different data types (IP, host, URL, etc) and produce new values. ronin-recon contains built-in recon workers and supports loading additional 3rd-party workers from Ruby files or 3rd-party git repositories. ronin-recon has a unique queue design and uses asynchronous I/O to maximize efficiency. ronin-recon can lookup IPs addresses, nameservers, mailservers, bruteforce sub-domains, port scan IPs, discover services, and spider websites.
  • ronin-app - A new small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.

New Commands

  • ronin archive - A new command that easily creates .tar or .zip archives.
  • ronin unarchive - A new command that easily extracts files from .tar or .zip archives.
  • ronin bitsquat - A new command that checks for available or registered bit-squatted domains.
  • ronin completion - Installs shell completion files for all ronin and ronin-* commands for Bash and Zsh shells.
  • ronin dns-proxy - A new command that starts a DNS proxy that can intercept DNS queries and forward others to upstream DNS nameservers.
  • ronin new dns-proxy - A new code generator command that generates a new ronin-dns-proxy Ruby script.
  • ronin pack - A new command that packs the list of arguments into binary data based on their C type.
  • ronin unpack - A new command that unpacks binary data into values for the given C types.
  • ronin new exploit - Alias to ronin-exploits new.
  • ronin new payload - Alias to ronin-payloads new.
  • ronin new dns-listener - Alias to ronin-listener new dns.
  • ronin new http-listener - Alias to ronin-listener new http.
  • ronin new web-app - Alias to ronin-web new app.
  • ronin new nokogiri - Alias to ronin-web new nokogiri.
  • ronin new web-server - Alias to ronin-web new server.
  • ronin new web-spider - Alias to ronin-web new spider.
  • ronin-app - New command that starts the ronin-app and starts a web browser.
  • ronin-exploits completion - New command to install shell completion files for all ronin-exploits commands for Bash and Zsh shells.
  • ronin-payloads completion - New command to install shell completion files for all ronin-payloads commands for Bash and Zsh shells.
  • ronin-vulns command-injection - New command that scans URL(s) for Command Injection vulnerabilities.
  • ronin-vulns irb - New command starts an interactive Ruby shell with ronin/vulns loaded.
  • ronin-vulns completion - New command to install shell completion files for all ronin-vulns commands for Bash and Zsh shells.
  • ronin-listener - New command suite that allows quickly starting a DNS or HTTP server for receiving exfiltrated data.
  • ronin-wordlists - New command suite that manages wordlists.
  • ronin-recon - New command suite for performing recon.
  • ronin-web xml - New command that performs XPath queries on a URL or XML file.
  • ronin-web session-cookie - New command that parses and deserializes various session cookie formats.
  • ronin-web user-agent - New command that generates a random HTTP User-Agent string.
  • ronin-web wordlist - New command that spiders a website and builds a wordlist.
  • ronin-web browser - New command that starts an automated web browser.
  • ronin-web screenshot - New command that screenshots one or more URLs.
  • ronin-web vulns - New command that spiders a website and tests every URL for web vulnerabilities.
  • ronin-web completion - A new command to install shell completion files for all ronin-web commands for Bash and Zsh shells.

ChangeLogs

How To Install

Ronin can be installed via the ronin-install.sh installer bash script:

curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh

Manual

We also have manual installation instructions on how to install Ronin on various platforms.

Docker

Ronin also has docker images, if you prefer using docker.

$ docker pull roninrb/ronin
$ docker run --rm -it roninrb/ronin
root@89b5d7f15855:/# ronin help

How To Update

Gems

To update ronin and all other gem dependencies, simply run:

gem update ronin

Docker

The docker images have also been updated. To update the docker images, simply run:

docker pull roninrb/ronin

Snap

Unfortunately, the snap images have not yet been updated for Ronin 2.1.0. This is because the snap images use the core22 base image, which is based off of Ubuntu 22.04 LTS and only provides Ruby 3.0.x. Ronin 2.1.0 now requires Ruby >= 3.1.0 which makes it incompatible with core22. I am currently working on upgrading the snap images to core24, which is based off of Ubuntu 24.04 and does provide Ruby 3.1.x.

Special Thanks

Special thanks to our newest core-team member, AI-Mozi, who wrote many of the tests for the newer libraries and some of the features in ronin-app.

If Ronin interests you or you like the work we do, consider donating to Ronin on GitHub, Patreon, or Open Collective so we can continue building high-quality free and Open Source security tools and Ruby libraries.