ronin-app

ronin-app is a small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.

Features

  • Provides a web interface to explore and search the ronin database.
  • Allows managing ronin-repos from the web interface.
  • Allows listing and building the built-in or installed 3rd-party payloads.
  • Allows listing installed 3rd-party exploits.
  • Supports automating nmap and masscan scans and importing their results into the ronin database.
  • Supports automating spidering websites and importing all visited URLs into the ronin database.
  • Supports performing recon using ronin-recon and importing all discovered hostnames, IPs, and URLs into ronin database.
  • Supports testing URLs for web vulnerabilities using ronin-vulns.
  • Small memory footprint (~184K).
  • Fast (~1.251ms response time).

Screenshots

Synopsis

Usage: ronin-app [options]

Options:
    -V, --version                    Prints the version and exits
    -H, --host IP                    The host to listen on (Default: localhost)
    -p, --port PORT                  The port to listen on (Default: 1337)
        --db NAME                    The ronin-db database to connect to
        --db-uri URI                 The ronin-db database URI to connect to
    -h, --help                       Print help information

Starts the ronin web app
$ ronin-app

Note: the ronin-app command will automatically open a browser for http://localhost:1337, if ran in a real terminal.

Requirements

Note: both nmap and masscan require additional Linux capabilities in order to be ran without sudo or root privileges.

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"

Security

  • This app is intended to be ran locally.
  • All HTML output is escaped with Rack::Utils.escape_html.
  • All HTTP params are validated using dry-validation.

Development

  1. Fork It!
  2. Clone It!
  3. cd ronin-app
  4. ./scripts/setup
  5. git checkout -b my_feature
  6. Code It!
  7. Test It - bundle exec rake spec
  8. Try It - ./scripts/server then visit http://localhost:1337/
  9. Push It - git push origin my_feature

docker-compose

You can also use docker-compose to build and run the app:

$ docker-compose build
$ docker-compose up

Directory Structure

  • Gemfile - defines all gem dependencies.
  • Procfile - defines the various services of the app that will be started.
  • Procfile.dev - defines the various services of the app that will be started in development mode.
  • config.ru - The main entry point for rackup/puma.
  • config/ - Contains all app configuration files.
  • lib/ronin/app/helpers/ - Contains all Sinatra helper modules which define methods that
  • app.rb - The main Rack app that contains HTTP routes.
  • app/ - Contains sub-App classes that contains grouped HTTP routes
  • workers.rb - The main entry point for Sidekiq which loads all worker classes from lib/workers/.
  • workers/ - Contains all Sidekiq worker classes. can be called within the views.
  • lib/ronin/app/types.rb - Defines custom dry-types.
  • lib/ronin/app/types/ - Contains additional custom types.
  • lib/ronin/app/validations/ - Contains dry-validations logic for validating submitted HTTP params.
  • views/ - Contains all ERB views that are rendered by app.rb.
  • views/layout.erb - The main page layout view.
  • public/ - Contains all static assets (images, CSS stylesheets, and JavaScript).
  • scripts/ - Contains scripts for setting up or starting the app.

License

Copyright (C) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)

ronin-app is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ronin-app is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with ronin-app. If not, see http://www.gnu.org/licenses/.