Awesome
ronin-app
ronin-app is a small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.
Features
- Provides a web interface to explore and search the ronin database.
- Allows managing ronin-repos from the web interface.
- Allows listing and building the built-in or installed 3rd-party payloads.
- Allows listing installed 3rd-party exploits.
- Supports automating nmap and masscan scans and importing their results into the ronin database.
- Supports automating spidering websites and importing all visited URLs into the ronin database.
- Supports performing recon using ronin-recon and importing all discovered hostnames, IPs, and URLs into ronin database.
- Supports testing URLs for web vulnerabilities using ronin-vulns.
- Small memory footprint (~184K).
- Fast (~1.251ms response time).
Screenshots
<table> <tbody> <tr> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_nmap.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_masscan.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_recon.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_spider.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_vulns.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_db.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_db_ip_address.svg" /> </td> </tr> <tr> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_repos.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_repos_show.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_payloads.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_payloads_show.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_payloads_build.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_exploits.svg" /> </td> <td> <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_exploits_show.svg" /> </td> </tr> </tbody> </table>Synopsis
Usage: ronin-app [options]
Options:
-V, --version Prints the version and exits
-H, --host IP The host to listen on (Default: localhost)
-p, --port PORT The port to listen on (Default: 1337)
--db NAME The ronin-db database to connect to
--db-uri URI The ronin-db database URI to connect to
-h, --help Print help information
Starts the ronin web app
$ ronin-app
Note: the ronin-app command will automatically open a browser for
http://localhost:1337, if ran in a real terminal.
Requirements
- libsqlite3
- redis-server >= 6.2
- nmap
- masscan
- Ruby >= 3.1.0
Note: both nmap and masscan require additional Linux capabilities in
order to be ran without sudo or root privileges.
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"
Security
- This app is intended to be ran locally.
- All HTML output is escaped with
Rack::Utils.escape_html. - All HTTP params are validated using dry-validation.
Development
- Fork It!
- Clone It!
cd ronin-app./scripts/setupgit checkout -b my_feature- Code It!
- Test It -
bundle exec rake spec - Try It -
./scripts/serverthen visit http://localhost:1337/ - Push It -
git push origin my_feature
docker-compose
You can also use docker-compose to build and run the app:
$ docker-compose build
$ docker-compose up
Directory Structure
Gemfile- defines all gem dependencies.Procfile- defines the various services of the app that will be started.Procfile.dev- defines the various services of the app that will be started in development mode.config.ru- The main entry point forrackup/puma.config/- Contains all app configuration files.lib/ronin/app/helpers/- Contains all Sinatra helper modules which define methods thatapp.rb- The main Rack app that contains HTTP routes.app/- Contains sub-App classes that contains grouped HTTP routesworkers.rb- The main entry point for Sidekiq which loads all worker classes fromlib/workers/.workers/- Contains all Sidekiq worker classes. can be called within the views.lib/ronin/app/types.rb- Defines custom dry-types.lib/ronin/app/types/- Contains additional custom types.lib/ronin/app/validations/- Contains dry-validations logic for validating submitted HTTP params.views/- Contains all ERB views that are rendered byapp.rb.views/layout.erb- The main page layout view.public/- Contains all static assets (images, CSS stylesheets, and JavaScript).scripts/- Contains scripts for setting up or starting the app.
License
Copyright (C) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
ronin-app is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
ronin-app is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with ronin-app. If not, see http://www.gnu.org/licenses/.