ronin-app

• Website
• Issues
• DockerHub
• Discord | Mastodon

ronin-app is a small web application that is meant to be ran locally by the user. It provides a web interface to ronin-support, ronin-repos, ronin-db, ronin-payloads, ronin-exploits, as well as automating ronin-nmap, ronin-masscan, ronin-web-spider, ronin-recon, and ronin-vulns.

Features

• Provides a web interface to explore and search the ronin database.
• Allows managing ronin-repos from the web interface.
• Allows listing and building the built-in or installed 3rd-party payloads.
• Allows listing installed 3rd-party exploits.
• Supports automating nmap and masscan scans and importing their results into the ronin database.
• Supports automating spidering websites and importing all visited URLs into the ronin database.
• Supports performing recon using ronin-recon and importing all discovered hostnames, IPs, and URLs into ronin database.
• Supports testing URLs for web vulnerabilities using ronin-vulns.
• Small memory footprint (~184K).
• Fast (~1.251ms response time).

Screenshots

Synopsis

Usage: ronin-app [options]

Options:
    -V, --version                    Prints the version and exits
    -H, --host IP                    The host to listen on (Default: localhost)
    -p, --port PORT                  The port to listen on (Default: 1337)
        --db NAME                    The ronin-db database to connect to
        --db-uri URI                 The ronin-db database URI to connect to
    -h, --help                       Print help information

Starts the ronin web app

$ ronin-app

Note: the ronin-app command will automatically open a browser for http://localhost:1337, if ran in a real terminal.

Requirements

• libsqlite3
• redis-server >= 6.2
• nmap
• masscan
• Ruby >= 3.1.0

Note: both nmap and masscan require additional Linux capabilities in order to be ran without sudo or root privileges.

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"

Security

• This app is intended to be ran locally.
• All HTML output is escaped with Rack::Utils.escape_html.
• All HTTP params are validated using dry-validation.

Development

1. Fork It!
2. Clone It!
3. cd ronin-app
4. ./scripts/setup
5. git checkout -b my_feature
6. Code It!
7. Test It - bundle exec rake spec
8. Try It - ./scripts/server then visit http://localhost:1337/
9. Push It - git push origin my_feature

docker-compose

You can also use docker-compose to build and run the app:

$ docker-compose build
$ docker-compose up

Directory Structure

• Gemfile - defines all gem dependencies.
• Procfile - defines the various services of the app that will be started.
• Procfile.dev - defines the various services of the app that will be started in development mode.
• config.ru - The main entry point for rackup/puma.
• config/ - Contains all app configuration files.
• lib/ronin/app/helpers/ - Contains all Sinatra helper modules which define methods that
• app.rb - The main Rack app that contains HTTP routes.
• app/ - Contains sub-App classes that contains grouped HTTP routes
• workers.rb - The main entry point for Sidekiq which loads all worker classes from lib/workers/.
• workers/ - Contains all Sidekiq worker classes. can be called within the views.
• lib/ronin/app/types.rb - Defines custom dry-types.
• lib/ronin/app/types/ - Contains additional custom types.
• lib/ronin/app/validations/ - Contains dry-validations logic for validating submitted HTTP params.
• views/ - Contains all ERB views that are rendered by app.rb.
• views/layout.erb - The main page layout view.
• public/ - Contains all static assets (images, CSS stylesheets, and JavaScript).
• scripts/ - Contains scripts for setting up or starting the app.

License

Copyright (C) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)

ronin-app is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ronin-app is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with ronin-app. If not, see http://www.gnu.org/licenses/.