ronin

CI Code Climate Gem Version

Description

Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, install 3rd party repositories of exploits and/or payloads, run exploits, write new exploits, managing local databases, fuzzing data, and much more.

Who is Ronin for?

  • CTF players
  • Bug bounty hunters
  • Security Researchers
  • Security Engineers
  • Developers
  • Students

What does Ronin provide?

  • A toolkit of useful commands.
  • A fully-loaded Ruby REPL.
  • An ecosystem of high-quality security related Ruby libraries, APIs, and commands.

What can you do with Ronin?

  • Quickly process and query various data using the ronin commands.
  • Efficiently work with code and data in the ronin irb Ruby REPL.
  • Rapidly prototype Ruby scripts using ronin-support and other ronin libraries.
  • Install 3rd-party git repositories of exploits, payloads, or other code, using ronin-repos.
  • Import and query data using the ronin-db database.
  • Fuzz data using ronin-fuzzer.
  • Use common payloads or write your own using ronin-payloads.
  • Write/run exploits using ronin-exploits.
  • Scan for web vulnerabilities using ronin-vulns.

Synopsis

Usage: ronin [options] [COMMAND [ARGS...]]

Options:
    -h, --help                       Print help information

Arguments:
    [COMMAND]                        The command name to run
    [ARGS ...]                       Additional arguments for the command

Commands:
    asn
    banner-grab
    bitflip
    cert-dump
    cert-gen
    cert-grab
    decode, dec
    decrypt
    dns
    email-addr
    encode, enc
    encrypt
    entropy
    escape
    extract
    grep
    help
    hexdump
    highlight
    hmac
    homoglyph
    host
    http
    ip
    iprange
    irb
    md5
    netcat, nc
    new
    proxy
    public-suffix-list
    quote
    rot
    sha1
    sha256
    sha512
    strings
    tld-list
    tips
    typo
    typosquat
    unescape
    unhexdump
    unquote
    url
    xor

Additional Ronin Commands:
    $ ronin-repos
    $ ronin-db
    $ ronin-web
    $ ronin-fuzzer
    $ ronin-payloads
    $ ronin-exploits
    $ ronin-vulns

List ronin commands:

$ ronin help

View a man-page for a command:

$ ronin help COMMAND

Get a random tip on how to use ronin:

$ ronin tips

Open the Ronin Ruby REPL:

$ ronin irb

Generate a new Ruby script with ronin-support preloaded:

$ ronin new script foo.rb

Generate a new Ruby project with a Gemfile:

$ ronin new project foo

Binary

Hexdumps data in a variety of formats:

$ ronin hexdump /bin/ls

Un-hexdumps a hexdump file back into it's original raw binary data:

$ ronin unhexdump -o data.bin hexdump.txt

Print all printable strings from a file:

$ ronin strings /bin/ls

Print all alphabetic strings from a file:

$ ronin strings --alpha /bin/ls

Print all alpha-numeric strings from a file:

$ ronin strings --alpha-num /bin/ls

Print all numeric strings from a file:

$ ronin strings --numeric /bin/ls

Print all hexadecimal strings from a file:

$ ronin strings --hex /bin/ls

Enumerate through all of the Bit-flips of a domain name:

$ ronin bitflip microsoft --alpha-num --append .com
licrosoft.com
oicrosoft.com
iicrosoft.com
eicrosoft.com
Microsoft.com
mhcrosoft.com
mkcrosoft.com
mmcrosoft.com
macrosoft.com
mycrosoft.com
...

Encoding

Base64 encode a string:

$ ronin encode --base64 --string "foo bar baz"
Zm9vIGJhciBiYXo=

Zlib compresses, Base64 encodes, and then URI encode a string:

$ ronin encode --zlib --base64 --uri --string "foo bar"
%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A

Base64 decode a string:

$ ronin decode --base64 --string "Zm9vIGJhciBiYXo="
foo bar baz

URI decode, Base64 decode, and then zlib inflates a string:

$ ronin decode --uri --base64 --zlib --string "%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A"
foo bar

URI escape a string:

$ ronin escape --uri --string "foo bar"
foo%20bar

URI unescape a string:

$ ronin unescape --uri --string "foo%20bar"
foo bar

Convert a file into a quoted C string:

$ ronin quote --c file.bin
"..."

Convert a file into a quoted JavaScript string:

$ ronin quote --js file.bin

Unquote a C string:

$ ronin unquote --c --string '"\x66\x6f\x6f\x20\x62\x61\x72"'
foo bar

Text

Extract high-entropy data from a file:

$ ronin entropy -e 5.0 index.html

Grep for common patterns of data:

$ ronin grep --hash index.html

Extract common patterns from data:

$ ronin extract --hash index.html

Generate a random typo of a word:

$ ronin typo microsoft
microssoft

Enumerate over every typo variation of a word:

$ ronin typo --enum microsoft
microosoft
microsooft
microssoft

Generate a random homoglyph version of a word:

$ ronin homoglyph CEO
CEO

Enumerate over every homoglyph variation of a word:

$ ronin homoglyph --enum CEO
ϹEO
СEO
ⅭEO
CEO
CΕO
CЕO
CEO
CEΟ
CEО
CEO

Syntax-highlights a file:

$ ronin highlight index.html

Cryptography

AES-256 encrypt a file:

$ ronin encrypt --cipher aes-256-cbc --password "..." file.txt > encrypted.bin

Decrypt data:

$ ronin decrypt --cipher aes-256-cbc --password "..." encrypted.bin

Generates a HMAC for a file:

$ ronin hmac --hash sha1 --password "too many secrets" data.txt

Generates a HMAC for a string:

$ ronin hmac --hash sha1 --password "too many secrets" --string "..."

Calculate an MD5 checksum of a string:

$ ronin md5 --string "hello world"
5eb63bbbe01eeed093cb22bb8f5acdc3

Calculate the MD5 checksum of a file:

$ ronin md5 file.txt

Calculate the MD5 checksum of every line in a file:

$ ronin md5 --multiline file.txt

Calculate an SHA1 checksum of a string:

$ ronin sha1 --string "hello world"
2aae6c35c94fcfb415dbe95f408b9ce91ee846ed

Calculate the SHA1 checksum of a file:

$ ronin sha1 file.txt

Calculate the SHA1 checksum of every line in a file:

$ ronin sha1 --multiline file.txt

Calculate an SHA256 checksum of a string:

$ ronin sha256 --string "hello world"
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

Calculate the SHA256 checksum of a file:

$ ronin sha256 file.txt

Calculate the SHA256 checksum of every line in a file:

$ ronin sha256 --multiline file.txt

Calculate an SHA512 checksum of a string:

$ ronin sha512 --string "hello world"
309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f

Calculate the SHA512 checksum of a file:

$ ronin sha512 file.txt

Calculate the SHA512 checksum of every line in a file:

$ ronin sha512 --multiline file.txt

ROT-13 encodes a string:

$ ronin rot --string "The quick brown fox jumps over the lazy dog"
Gur dhvpx oebja sbk whzcf bire gur ynml qbt

XOR encodes a string:

$ ronin xor --key ABC --string "The quick brown fox jumps over the lazy dog"
"\x15*&a36(!(a 1.5-a$,9b)4/32b,7'1a6+$b/ 8:a&,&"

Networking

Query the ASN of an IP address:

$ ronin asn -I 4.2.2.1
4.0.0.0/9 AS3356 (US) LEVEL3

Get the system's external/public IP address:

$ ronin ip --public

Convert an IP address to decimal format:

$ ronin ip --decimal 127.0.0.1
2130706433

Convert a file of IP addresses into URLs:

$ ronin ip --file targets.txt --http

Enumerate over every IP address in the IP CIDR range:

$ ronin iprange 10.1.0.0/15
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
...

Enumerate over every IP address in the IP glob range:

$ ronin iprange 10.1-3.0.*
10.1.0.1
10.1.0.2
10.1.0.3
10.1.0.4
10.1.0.5
10.1.0.6
10.1.0.7
10.1.0.8
10.1.0.9
10.1.0.10
...

Enumerate over every IP address between two IP addresses:

$ ronin iprange --start 10.0.0.1 --stop 10.0.3.33
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
10.0.0.10

Connect to a remote TCP service:

$ ronin netcat -v example.com 80

Listen on a local TCP port:

$ ronin netcat -v -l 1337

Connect to a remote SSL/TLS service:

$ ronin netcat -v --ssl example.com 443

Connect to a remote UDP service:

$ ronin netcat -v -u example.com 1337

Listen on a local UDP port:

$ ronin netcat -v -u -l 1337

Opens a UNIX socket:

$ ronin netcat -v --unix /path/to/unix.socket

Hexdump all data received from a socket:

$ ronin netcat --hexdump example.com 80
GET / HTTP/1.1
Host: example.com
User-Agent: Ruby

00000000  48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d  |HTTP/1.1 200 OK.|
00000010  0a 41 67 65 3a 20 32 35 30 38 30 36 0d 0a 43 61  |.Age: 250806..Ca|
00000020  63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78  |che-Control: max|
00000030  2d 61 67 65 3d 36 30 34 38 30 30 0d 0a 43 6f 6e  |-age=604800..Con|
00000040  74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f  |tent-Type: text/|
00000050  68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54  |html; charset=UT|
...

DNS

Query DNS records:

$ ronin dns -t TXT github.com

Find all registered TLDs for a host name:

$ ronin host --enum-tlds --registered github.com
github.ac
github.actor
github.ae
github.africa
github.agency
github.ai
...

Find all registered public suffixes for a host name:

$ ronin host --enum-suffix --registered github.com
example.com.ag
example.ai
example.al
example.am
example.com.ar
example.at
example.co.at
example.or.at
example.com.au
example.be
example.com.bh
...

Find all subdomains that have addresses:

$ ronin host --enum-subdomains subdomains.txt --has-addresses google.com
www.google.com
mail.google.com
smtp.google.com
ns1.google.com
ns2.google.com
m.google.com
ns.google.com
blog.google.com
admin.google.com
news.google.com
vpn.google.com
ns3.google.com
...

Enumerate over every possible typosquat variation of a domain:

$ ronin typosquat microsoft.com
microosoft.com
microsooft.com
microssoft.com

Find all of the registered typosquat domains for a valid domain:

$ ronin typosquat --registered microsoft.com

Find all of the typosquat domains with addresses for a valid domain:

$ ronin typosquat --has-addresses microsoft.com

Find all of the unregistered typosquat domains for a valid domain:

$ ronin typosquat --unregistered microsoft.com

De-obfuscate an email address:

$ ronin email-addr --deobfuscate "john [dot] smith [at] example [dot] com"
john.smith@example.com

Enumerate through all of the obfuscations of an email address:

$ ronin email-addr --enum-obfuscations john.smith@example.com
john.smith @ example.com
john.smith AT example.com
john.smith at example.com
john.smith[AT]example.com
john.smith[at]example.com
...

SSL/TLS Certs

Dump information about a SSL/TLS certificate:

$ ronin cert-dump https://example.com/

Download a SSL/TLS certificate from a host and port:

$ ronin cert-grab github.com:443

Generate a new SSL/TLS certificate:

$ ronin cert-gen -c test.com -O "Test Co" -U "Test Dept" \
                 -L "Test City" -S NY -C US

HTTP

Perform an HTTP GET request (with syntax highlighting):

$ ronin http https://example.com/

Send an HTTP request with additional headers:

$ ronin http --post --header "Authorization: ..." https://foo.bar/

Send an HTTP request with a known User-Agent string:

$ ronin http --post --user-agent chrome-android https://foo.bar/

Send an HTTP request with a custom User-Agent string:

$ ronin http --post --user-agent-string "..." https://foo.bar/

Open an interactive HTTP shell:

$ ronin http --shell https://example.com/
https://example.com/> help
  help [COMMAND]                        Prints the list of commands or additional help
  get PATH[?QUERY] [BODY]               Performs a GET request
  head PATH[?QUERY]                     Performs a HEAD request
  patch PATH[?QUERY] [BODY]             Performs a PATCH request
  post PATH[?QUERY] [BODY]              Performs a POST request
  put PATH [BODY]                       Performs a PUT request
  copy PATH DEST                        Performs a COPY request
  delete PATH[?QUERY]                   Performs a DELETE request
  lock PATH[?QUERY]                     Performs a LOCK request
  options PATH[?QUERY]                  Performs a OPTIONS request
  mkcol PATH[?QUERY]                    Performs a MKCOL request
  move PATH[?QUERY] DEST                Performs a MOVE request
  propfind PATH[?QUERY]                 Performs a PROPFIND request
  proppatch PATH[?QUERY]                Performs a PROPPATCH request
  trace PATH[?QUERY]                    Performs a TRACE request
  unlock PATH[?QUERY]                   Performs a UNLOCK request
  cd PATH                               Changes the base URL path
  headers [{set | unset} NAME [VALUE]]  Manages the request headers

Print the HTTP status of every URL in a file:

$ ronin url --file urls.txt --status

See Also

Requirements

Install

Bash Script

curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh

Manually

See the manual install instructions for how to install Ronin and it's additional dependencies on your platform.

Docker

If you prefer using Docker, there are also Docker images available:

docker pull roninrb/ronin
docker run -it roninrb/ronin

Additionally, if you want to mount your home directory into the docker image:

docker run --mount type=bind,source="$HOME",target=/home/ronin -it ronin

Development

  1. Fork It!
  2. Clone It!
  3. cd ronin
  4. bundle install
  5. git checkout -b my_feature
  6. Code It!
  7. bundle exec rake spec
  8. git push origin my_feature

License

Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)

Ronin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Ronin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Ronin. If not, see https://www.gnu.org/licenses/.