ronin-app
ronin-app is a small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.
Features
- Provides a web interface to explore and search the ronin database.
- Allows managing ronin-repos from the web interface.
- Allows listing and building the built-in or installed 3rd-party payloads.
- Allows listing installed 3rd-party exploits.
- Supports automating nmap and masscan scans and importing their results into the ronin database.
- Supports automating spidering websites and importing all visited URLs into the ronin database.
- Supports performing recon using ronin-recon and importing all discovered hostnames, IPs, and URLs into ronin database.
- Supports testing URLs for web vulnerabilities using ronin-vulns.
- Small memory footprint (~184K).
- Fast (~1.251ms response time).
Screenshots
Synopsis
Usage: ronin-app [options]
Options:
-V, --version Prints the version and exits
-H, --host IP The host to listen on (Default: localhost)
-p, --port PORT The port to listen on (Default: 1337)
--db NAME The ronin-db database to connect to
--db-uri URI The ronin-db database URI to connect to
-h, --help Print help information
Starts the ronin web app
$ ronin-app
Note: the ronin-app
command will automatically open a browser for
http://localhost:1337, if ran in a real terminal.
Requirements
- libsqlite3
- redis-server >= 6.2
- nmap
- masscan
- Ruby >= 3.1.0
Note: both nmap
and masscan
require additional Linux capabilities in
order to be ran without sudo
or root
privileges.
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"
Security
- This app is intended to be ran locally.
- All HTML output is escaped with
Rack::Utils.escape_html
. - All HTTP params are validated using dry-validation.
Development
- Fork It!
- Clone It!
cd ronin-app
./scripts/setup
git checkout -b my_feature
- Code It!
- Test It -
bundle exec rake spec
- Try It -
./scripts/server
then visit http://localhost:1337/ - Push It -
git push origin my_feature
docker-compose
You can also use docker-compose to build and run the app:
$ docker-compose build
$ docker-compose up
Directory Structure
Gemfile
- defines all gem dependencies.Procfile
- defines the various services of the app that will be started.Procfile.dev
- defines the various services of the app that will be started in development mode.config.ru
- The main entry point forrackup
/puma
.config/
- Contains all app configuration files.lib/ronin/app/helpers/
- Contains all Sinatra helper modules which define methods thatapp.rb
- The main Rack app that contains HTTP routes.app/
- Contains sub-App classes that contains grouped HTTP routesworkers.rb
- The main entry point for Sidekiq which loads all worker classes fromlib/workers/
.workers/
- Contains all Sidekiq worker classes. can be called within the views.lib/ronin/app/types.rb
- Defines custom dry-types.lib/ronin/app/types/
- Contains additional custom types.lib/ronin/app/validations/
- Contains dry-validations logic for validating submitted HTTP params.views/
- Contains all ERB views that are rendered byapp.rb
.views/layout.erb
- The main page layout view.public/
- Contains all static assets (images, CSS stylesheets, and JavaScript).scripts/
- Contains scripts for setting up or starting the app.
License
Copyright (C) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
ronin-app is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
ronin-app is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with ronin-app. If not, see http://www.gnu.org/licenses/.