Project

ronin-app

0.01
No release in over a year
ronin-appronin-rb/ronin-appHomepageDocumentationSource CodeBug Tracker
ronin-app is a small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
2,533
Stars
27
Forks
8
Watchers
1
 Releases
Current version
0.1.0
Total releases
2
First release
2024-06-23
Latest release
2024-07-22
 Issues
Open Issues
22
Closed Issues
80
Total Issues
102
Issue Closure Rate
78%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
3
Merged Pull Requests
40
Pull Request Acceptance Rate
93%
 Development
Primary Language
Ruby
Licenses
AGPL-3.0
Average date of last 50 commits
2024-07-05
Reverse Dependencies
1

 Dependencies

Development

bundler
~> 2.0

Runtime

ronin-exploits
~> 1.1
ronin-masscan
~> 0.1
ronin-nmap
~> 0.1
ronin-payloads
~> 0.2
ronin-repos
~> 0.2
ronin-web-spider
~> 0.2
dry-schema
~> 1.0
dry-struct
~> 1.0
dry-validation
~> 1.0
pagy
~> 6.2
puma
~> 6.0
redis
~> 5.0
redis-namespace
~> 1.10
ronin-core
~> 0.2
ronin-db
~> 0.2
ronin-db-activerecord
~> 0.2
ronin-recon
~> 0.1
ronin-support
~> 1.1
ronin-vulns
~> 0.2
sidekiq
~> 7.0
sinatra
~> 3.0
sinatra-contrib
~> 3.0
sinatra-flash
~> 0.3
 Project Readme

ronin-app

ronin-app is a small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.

Features

  • Provides a web interface to explore and search the ronin database.
  • Allows managing ronin-repos from the web interface.
  • Allows listing and building the built-in or installed 3rd-party payloads.
  • Allows listing installed 3rd-party exploits.
  • Supports automating nmap and masscan scans and importing their results into the ronin database.
  • Supports automating spidering websites and importing all visited URLs into the ronin database.
  • Supports performing recon using ronin-recon and importing all discovered hostnames, IPs, and URLs into ronin database.
  • Supports testing URLs for web vulnerabilities using ronin-vulns.
  • Small memory footprint (~184K).
  • Fast (~1.251ms response time).

Screenshots

Synopsis

Usage: ronin-app [options]

Options:
    -V, --version                    Prints the version and exits
    -H, --host IP                    The host to listen on (Default: localhost)
    -p, --port PORT                  The port to listen on (Default: 1337)
        --db NAME                    The ronin-db database to connect to
        --db-uri URI                 The ronin-db database URI to connect to
    -h, --help                       Print help information

Starts the ronin web app

$ ronin-app

Note: the ronin-app command will automatically open a browser for http://localhost:1337, if ran in a real terminal.

Requirements

Note: both nmap and masscan require additional Linux capabilities in order to be ran without sudo or root privileges.

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"

Security

  • This app is intended to be ran locally.
  • All HTML output is escaped with Rack::Utils.escape_html.
  • All HTTP params are validated using dry-validation.

Development

  1. Fork It!
  2. Clone It!
  3. cd ronin-app
  4. ./scripts/setup
  5. git checkout -b my_feature
  6. Code It!
  7. Test It - bundle exec rake spec
  8. Try It - ./scripts/server then visit http://localhost:1337/
  9. Push It - git push origin my_feature

docker-compose

You can also use docker-compose to build and run the app:

$ docker-compose build
$ docker-compose up

Directory Structure

  • Gemfile - defines all gem dependencies.
  • Procfile - defines the various services of the app that will be started.
  • Procfile.dev - defines the various services of the app that will be started in development mode.
  • config.ru - The main entry point for rackup/puma.
  • config/ - Contains all app configuration files.
  • lib/ronin/app/helpers/ - Contains all Sinatra helper modules which define methods that
  • app.rb - The main Rack app that contains HTTP routes.
  • app/ - Contains sub-App classes that contains grouped HTTP routes
  • workers.rb - The main entry point for Sidekiq which loads all worker classes from lib/workers/.
  • workers/ - Contains all Sidekiq worker classes. can be called within the views.
  • lib/ronin/app/types.rb - Defines custom dry-types.
  • lib/ronin/app/types/ - Contains additional custom types.
  • lib/ronin/app/validations/ - Contains dry-validations logic for validating submitted HTTP params.
  • views/ - Contains all ERB views that are rendered by app.rb.
  • views/layout.erb - The main page layout view.
  • public/ - Contains all static assets (images, CSS stylesheets, and JavaScript).
  • scripts/ - Contains scripts for setting up or starting the app.

License

Copyright (C) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)

ronin-app is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ronin-app is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with ronin-app. If not, see http://www.gnu.org/licenses/.