Project

ronin

0.26
A long-lived project that still receives updates
Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Project Readme

ronin

CI Code Climate Gem Version

Description

Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.

Who is Ronin for?

  • CTF players
  • Bug bounty hunters
  • Security Researchers
  • Security Engineers
  • Developers
  • Students

What does Ronin provide?

  • A toolkit of useful commands.
  • A fully-loaded Ruby REPL.
  • An ecosystem of high-quality security related Ruby libraries, APIs, and commands.
  • A lightweight local web UI.

What can you do with Ronin?

  • Quickly process and query various data using the ronin commands.
  • Efficiently work with code and data in the ronin irb Ruby REPL.
  • Rapidly prototype Ruby scripts using ronin-support and other ronin libraries.
  • Install 3rd-party git repositories of exploits, payloads, or other code, using ronin-repos.
  • Import and query data using the ronin-db database.
  • Fuzz data using ronin-fuzzer.
  • Perform recon using ronin-recon.
  • Use common payloads or write your own using ronin-payloads.
  • Write/run exploits using ronin-exploits.
  • Scan for web vulnerabilities using ronin-vulns.
  • Performs scans and browse the database in your browser using ronin-app.

Synopsis

Usage: ronin [options] [COMMAND [ARGS...]]

Options:
    -h, --help                       Print help information

Arguments:
    [COMMAND]                        The command name to run
    [ARGS ...]                       Additional arguments for the command

Commands:
    archive
    asn
    banner-grab
    bitflip
    cert-dump
    cert-gen
    cert-grab
    completion
    decode, dec
    decrypt
    dns
    dns-proxy
    email-addr
    encode, enc
    encrypt
    entropy
    escape
    extract
    grep
    help
    hexdump
    highlight
    hmac
    homoglyph
    host
    http
    ip
    iprange
    irb
    md5
    netcat, nc
    new
    pack
    proxy
    public-suffix-list
    quote
    rot
    sha1
    sha256
    sha512
    strings
    tld-list
    tips
    typo
    typosquat
    unarchive
    unescape
    unhexdump
    unpack
    unquote
    url
    xor

Additional Ronin Commands:
    $ ronin-repos
    $ ronin-wordlists
    $ ronin-db
    $ ronin-web
    $ ronin-fuzzer
    $ ronin-masscan
    $ ronin-nmap
    $ ronin-recon
    $ ronin-payloads
    $ ronin-exploits
    $ ronin-vulns
    $ ronin-app

List ronin commands:

$ ronin help

View a man-page for a command:

$ ronin help COMMAND

Get a random tip on how to use ronin:

$ ronin tips

Open the Ronin Ruby REPL:

$ ronin irb
                                                                   , Jµ     ▓▓█▓
                                                  J▌      ▐▓██▌ ████ ██    ▐███D
                                      ╓▄▓▓█████▌  ██µ     ████ ▄███ÖJ██▌   ███▌
        ,╓µ▄▄▄▄▄▄▄▄µ;,            ,▄▓██████████  ▐███    ▐███▀ ███▌ ████µ ▄███
¬∞MÆ▓███████████████████████▓M  ▄██████▀▀╙████▌  ████▌   ████ ▄███ J█████ ███▌
           `█████▀▀▀▀▀███████  -████▀└    ████  ▐█████n ▄███O ███▌ ██████████
           ▓████L       ████▀  ▓████     ▓███Ö  ███████ ███▌ ▓███ ▐█████████▀
          ▄████▀  ,╓▄▄▄█████  J████Ü    ,███▌  ▄███████████ J███▀ ████ █████
         J█████████████████─  ████▌     ████   ████`██████▌ ████ ▐███Ü ▐███Ü
         ███████████▀▀▀╙└    ▐████     J███▌  ▓███▌ ²█████ J███Ü ███▌   ▀█▌
        ▓██████████▌         ████▌     ████  ;████   ▀███▀ ███▌ J▀▀▀-    █
       ▄█████▀ ▀█████µ      ▐████  ,▄▓████▀  ████▀    ███ J███           `
      J█████-    ╙▀███▄     ████████████▀╙  J█▀▀▀      █U  ▀█▌
      ████▀         ▀███   ▄████████▀▀                 ╨    █
     ▓██▀             ²▀█▄ █▀▀▀╙└
    ▄██╜                 ╙W
   J█▀
   ▌└
  ┘

irb(ronin)>

Starts and opens the interactive Web UI for Ronin:

$ ronin-app

Binary

Hexdumps data in a variety of formats:

$ ronin hexdump /bin/ls

Un-hexdumps a hexdump file back into it's original raw binary data:

$ ronin unhexdump -o data.bin hexdump.txt

Print all printable strings from a file:

$ ronin strings /bin/ls

Print all alphabetic strings from a file:

$ ronin strings --alpha /bin/ls

Print all alpha-numeric strings from a file:

$ ronin strings --alpha-num /bin/ls

Print all numeric strings from a file:

$ ronin strings --numeric /bin/ls

Print all hexadecimal strings from a file:

$ ronin strings --hex /bin/ls

Enumerate through all of the Bit-flips of a domain name:

$ ronin bitflip microsoft --alpha-num --append .com
licrosoft.com
oicrosoft.com
iicrosoft.com
eicrosoft.com
Microsoft.com
mhcrosoft.com
mkcrosoft.com
mmcrosoft.com
macrosoft.com
mycrosoft.com
...

Encoding

Base64 encode a string:

$ ronin encode --base64 --string "foo bar baz"
Zm9vIGJhciBiYXo=

Zlib compresses, Base64 encodes, and then URI encode a string:

$ ronin encode --zlib --base64 --uri --string "foo bar"
%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A

Base64 decode a string:

$ ronin decode --base64 --string "Zm9vIGJhciBiYXo="
foo bar baz

URI decode, Base64 decode, and then zlib inflates a string:

$ ronin decode --uri --base64 --zlib --string "%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A"
foo bar

URI escape a string:

$ ronin escape --uri --string "foo bar"
foo%20bar

URI unescape a string:

$ ronin unescape --uri --string "foo%20bar"
foo bar

Convert a file into a quoted C string:

$ ronin quote --c file.bin
"..."

Convert a file into a quoted JavaScript string:

$ ronin quote --js file.bin

Unquote a C string:

$ ronin unquote --c --string '"\x66\x6f\x6f\x20\x62\x61\x72"'
foo bar

Text

Extract high-entropy data from a file:

$ ronin entropy -e 5.0 index.html

Grep for common patterns of data:

$ ronin grep --hash index.html

Extract common patterns from data:

$ ronin extract --hash index.html

Generate a random typo of a word:

$ ronin typo microsoft
microssoft

Enumerate over every typo variation of a word:

$ ronin typo --enum microsoft
microosoft
microsooft
microssoft

Generate a random homoglyph version of a word:

$ ronin homoglyph CEO
CEO

Enumerate over every homoglyph variation of a word:

$ ronin homoglyph --enum CEO
ϹEO
СEO
ⅭEO
CEO
CΕO
CЕO
CEO
CEΟ
CEО
CEO

Syntax-highlights a file:

$ ronin highlight index.html

Cryptography

AES-256 encrypt a file:

$ ronin encrypt --cipher aes-256-cbc --password "..." file.txt > encrypted.bin

Decrypt data:

$ ronin decrypt --cipher aes-256-cbc --password "..." encrypted.bin

Generates a HMAC for a file:

$ ronin hmac --hash sha1 --password "too many secrets" data.txt

Generates a HMAC for a string:

$ ronin hmac --hash sha1 --password "too many secrets" --string "..."

Calculate an MD5 checksum of a string:

$ ronin md5 --string "hello world"
5eb63bbbe01eeed093cb22bb8f5acdc3

Calculate the MD5 checksum of a file:

$ ronin md5 file.txt

Calculate the MD5 checksum of every line in a file:

$ ronin md5 --multiline file.txt

Calculate an SHA1 checksum of a string:

$ ronin sha1 --string "hello world"
2aae6c35c94fcfb415dbe95f408b9ce91ee846ed

Calculate the SHA1 checksum of a file:

$ ronin sha1 file.txt

Calculate the SHA1 checksum of every line in a file:

$ ronin sha1 --multiline file.txt

Calculate an SHA256 checksum of a string:

$ ronin sha256 --string "hello world"
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

Calculate the SHA256 checksum of a file:

$ ronin sha256 file.txt

Calculate the SHA256 checksum of every line in a file:

$ ronin sha256 --multiline file.txt

Calculate an SHA512 checksum of a string:

$ ronin sha512 --string "hello world"
309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f

Calculate the SHA512 checksum of a file:

$ ronin sha512 file.txt

Calculate the SHA512 checksum of every line in a file:

$ ronin sha512 --multiline file.txt

ROT-13 encodes a string:

$ ronin rot --string "The quick brown fox jumps over the lazy dog"
Gur dhvpx oebja sbk whzcf bire gur ynml qbt

XOR encodes a string:

$ ronin xor --key ABC --string "The quick brown fox jumps over the lazy dog"
"\x15*&a36(!(a 1.5-a$,9b)4/32b,7'1a6+$b/ 8:a&,&"

Networking

Query the ASN of an IP address:

$ ronin asn -I 4.2.2.1
4.0.0.0/9 AS3356 (US) LEVEL3

Get the system's external/public IP address:

$ ronin ip --public

Convert an IP address to decimal format:

$ ronin ip --decimal 127.0.0.1
2130706433

Convert a file of IP addresses into URLs:

$ ronin ip --file targets.txt --http

Enumerate over every IP address in the IP CIDR range:

$ ronin iprange 10.1.0.0/15
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
...

Enumerate over every IP address in the IP glob range:

$ ronin iprange 10.1-3.0.*
10.1.0.1
10.1.0.2
10.1.0.3
10.1.0.4
10.1.0.5
10.1.0.6
10.1.0.7
10.1.0.8
10.1.0.9
10.1.0.10
...

Enumerate over every IP address between two IP addresses:

$ ronin iprange --start 10.0.0.1 --stop 10.0.3.33
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
10.0.0.10

Connect to a remote TCP service:

$ ronin netcat -v example.com 80

Listen on a local TCP port:

$ ronin netcat -v -l 1337

Connect to a remote SSL/TLS service:

$ ronin netcat -v --ssl example.com 443

Connect to a remote UDP service:

$ ronin netcat -v -u example.com 1337

Listen on a local UDP port:

$ ronin netcat -v -u -l 1337

Opens a UNIX socket:

$ ronin netcat -v --unix /path/to/unix.socket

Hexdump all data received from a socket:

$ ronin netcat --hexdump example.com 80
GET / HTTP/1.1
Host: example.com
User-Agent: Ruby

00000000  48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d  |HTTP/1.1 200 OK.|
00000010  0a 41 67 65 3a 20 32 35 30 38 30 36 0d 0a 43 61  |.Age: 250806..Ca|
00000020  63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78  |che-Control: max|
00000030  2d 61 67 65 3d 36 30 34 38 30 30 0d 0a 43 6f 6e  |-age=604800..Con|
00000040  74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f  |tent-Type: text/|
00000050  68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54  |html; charset=UT|
...

DNS

Query DNS records:

$ ronin dns -t TXT github.com

Find all registered TLDs for a host name:

$ ronin host --enum-tlds --registered github.com
github.ac
github.actor
github.ae
github.africa
github.agency
github.ai
...

Find all registered public suffixes for a host name:

$ ronin host --enum-suffix --registered github.com
example.com.ag
example.ai
example.al
example.am
example.com.ar
example.at
example.co.at
example.or.at
example.com.au
example.be
example.com.bh
...

Find all subdomains that have addresses:

$ ronin host --enum-subdomains subdomains.txt --has-addresses google.com
www.google.com
mail.google.com
smtp.google.com
ns1.google.com
ns2.google.com
m.google.com
ns.google.com
blog.google.com
admin.google.com
news.google.com
vpn.google.com
ns3.google.com
...

Enumerate over every possible typosquat variation of a domain:

$ ronin typosquat microsoft.com
microosoft.com
microsooft.com
microssoft.com

Find all of the registered typosquat domains for a valid domain:

$ ronin typosquat --registered microsoft.com

Find all of the typosquat domains with addresses for a valid domain:

$ ronin typosquat --has-addresses microsoft.com

Find all of the unregistered typosquat domains for a valid domain:

$ ronin typosquat --unregistered microsoft.com

De-obfuscate an email address:

$ ronin email-addr --deobfuscate "john [dot] smith [at] example [dot] com"
john.smith@example.com

Enumerate through all of the obfuscations of an email address:

$ ronin email-addr --enum-obfuscations john.smith@example.com
john.smith @ example.com
john.smith AT example.com
john.smith at example.com
john.smith[AT]example.com
john.smith[at]example.com
...

SSL/TLS Certs

Dump information about a SSL/TLS certificate:

$ ronin cert-dump https://example.com/

Download a SSL/TLS certificate from a host and port:

$ ronin cert-grab github.com:443

Generate a new SSL/TLS certificate:

$ ronin cert-gen -c test.com -O "Test Co" -U "Test Dept" \
                 -L "Test City" -S NY -C US

HTTP

Perform an HTTP GET request (with syntax highlighting):

$ ronin http https://example.com/

Send an HTTP request with additional headers:

$ ronin http --post --header "Authorization: ..." https://foo.bar/

Send an HTTP request with a known User-Agent string:

$ ronin http --post --user-agent chrome-android https://foo.bar/

Send an HTTP request with a custom User-Agent string:

$ ronin http --post --user-agent-string "..." https://foo.bar/

Open an interactive HTTP shell:

$ ronin http --shell https://example.com/
https://example.com/> help
  help [COMMAND]                      	Prints the list of commands or additional help
  get PATH[?QUERY] [BODY]             	Performs a GET request
  head PATH[?QUERY]                   	Performs a HEAD request
  patch PATH[?QUERY] [BODY]           	Performs a PATCH request
  post PATH[?QUERY] [BODY]            	Performs a POST request
  put PATH [BODY]                     	Performs a PUT request
  copy PATH DEST                      	Performs a COPY request
  delete PATH[?QUERY]                 	Performs a DELETE request
  lock PATH[?QUERY]                   	Performs a LOCK request
  options PATH[?QUERY]                	Performs a OPTIONS request
  mkcol PATH[?QUERY]                  	Performs a MKCOL request
  move PATH[?QUERY] DEST              	Performs a MOVE request
  propfind PATH[?QUERY]               	Performs a PROPFIND request
  proppatch PATH[?QUERY]              	Performs a PROPPATCH request
  trace PATH[?QUERY]                  	Performs a TRACE request
  unlock PATH[?QUERY]                 	Performs a UNLOCK request
  cd PATH                             	Changes the base URL path
  headers [{set | unset} NAME [VALUE]]	Manages the request headers

Print the HTTP status of every URL in a file:

$ ronin url --file urls.txt --status

Generators

Generate a new Ruby script with ronin-support preloaded:

$ ronin new script foo.rb

Generate a new Ruby project with a Gemfile:

$ ronin new project foo

Generate a new nokogiri Ruby script for parsing HTML/XML:

$ ronin new nokogiri foo.rb

Generate a new ronin-web-server Ruby script:

$ ronin new web-server my_server.rb

Generate a new ronin-web-server based web app:

$ ronin new web-app my_app

Generate a new ronin-web-spider Ruby script:

$ ronin new web-spider --host=example.com my_spider.rb

Generate a ronin-listener-dns script:

$ ronin new dns-listener my_dns_listener.rb

Generate a ronin-dns-proxy script:

$ ronin new dns-proxy my_dns_proxy.rb

Generate a ronin-listener-http script:

$ ronin new http-listener my_http_listener.rb

Generate a ronin-exploits script:

$ ronin new exploit my_exploit.rb

Generate a ronin-payloads script:

$ ronin new payload my_payload.rb

Archive

Archive files:

$ ronin archive -o archive.zip file1.txt file2.txt

Archive files using tar format:

$ ronin archive -o archive.tar file1.txt file2.txt

Unarchive files:

$ ronin unarchive arch1.tar arch2.zip

Unarchive a file with explicit format:

$ ronin unarchive -f zip arch2.jar

See Also

Requirements

Install

Bash Script

curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh

Manually

See the manual install instructions for how to install Ronin and it's additional dependencies on your platform.

Docker

If you prefer using Docker, there are also Docker images available:

docker pull roninrb/ronin
docker run -it roninrb/ronin

Additionally, if you want to mount your home directory into the docker image:

docker run --mount type=bind,source="$HOME",target=/home/ronin -it ronin

Development

  1. Fork It!
  2. Clone It!
  3. cd ronin
  4. ./scripts/setup
  5. git checkout -b my_feature
  6. Code It!
  7. bundle exec rake spec
  8. git push origin my_feature

License

Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)

Ronin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Ronin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Ronin. If not, see https://www.gnu.org/licenses/.