Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.
- CTF players
- Bug bounty hunters
- Security Researchers
- Security Engineers
- Developers
- Students
- A toolkit of useful commands.
- A fully-loaded Ruby REPL.
- An ecosystem of high-quality security related Ruby libraries, APIs, and commands.
- A lightweight local web UI.
- Quickly process and query various data using the
ronin
commands. - Efficiently work with code and data in the
ronin irb
Ruby REPL. - Rapidly prototype Ruby scripts using ronin-support and other
ronin
libraries. - Install 3rd-party git repositories of exploits, payloads, or other code, using ronin-repos.
- Import and query data using the ronin-db database.
- Fuzz data using ronin-fuzzer.
- Perform recon using ronin-recon.
- Use common payloads or write your own using ronin-payloads.
- Write/run exploits using ronin-exploits.
- Scan for web vulnerabilities using ronin-vulns.
- Performs scans and browse the database in your browser using ronin-app.
Usage: ronin [options] [COMMAND [ARGS...]]
Options:
-h, --help Print help information
Arguments:
[COMMAND] The command name to run
[ARGS ...] Additional arguments for the command
Commands:
archive
asn
banner-grab
bitflip
cert-dump
cert-gen
cert-grab
completion
decode, dec
decrypt
dns
dns-proxy
email-addr
encode, enc
encrypt
entropy
escape
extract
grep
help
hexdump
highlight
hmac
homoglyph
host
http
ip
iprange
irb
md5
netcat, nc
new
pack
proxy
public-suffix-list
quote
rot
sha1
sha256
sha512
strings
tld-list
tips
typo
typosquat
unarchive
unescape
unhexdump
unpack
unquote
url
xor
Additional Ronin Commands:
$ ronin-repos
$ ronin-wordlists
$ ronin-db
$ ronin-web
$ ronin-fuzzer
$ ronin-masscan
$ ronin-nmap
$ ronin-recon
$ ronin-payloads
$ ronin-exploits
$ ronin-vulns
$ ronin-app
List ronin commands:
$ ronin help
View a man-page for a command:
$ ronin help COMMAND
Get a random tip on how to use ronin
:
$ ronin tips
Open the Ronin Ruby REPL:
$ ronin irb
, Jµ ▓▓█▓
J▌ ▐▓██▌ ████ ██ ▐███D
╓▄▓▓█████▌ ██µ ████ ▄███ÖJ██▌ ███▌
,╓µ▄▄▄▄▄▄▄▄µ;, ,▄▓██████████ ▐███ ▐███▀ ███▌ ████µ ▄███
¬∞MÆ▓███████████████████████▓M ▄██████▀▀╙████▌ ████▌ ████ ▄███ J█████ ███▌
`█████▀▀▀▀▀███████ -████▀└ ████ ▐█████n ▄███O ███▌ ██████████
▓████L ████▀ ▓████ ▓███Ö ███████ ███▌ ▓███ ▐█████████▀
▄████▀ ,╓▄▄▄█████ J████Ü ,███▌ ▄███████████ J███▀ ████ █████
J█████████████████─ ████▌ ████ ████`██████▌ ████ ▐███Ü ▐███Ü
███████████▀▀▀╙└ ▐████ J███▌ ▓███▌ ²█████ J███Ü ███▌ ▀█▌
▓██████████▌ ████▌ ████ ;████ ▀███▀ ███▌ J▀▀▀- █
▄█████▀ ▀█████µ ▐████ ,▄▓████▀ ████▀ ███ J███ `
J█████- ╙▀███▄ ████████████▀╙ J█▀▀▀ █U ▀█▌
████▀ ▀███ ▄████████▀▀ ╨ █
▓██▀ ²▀█▄ █▀▀▀╙└
▄██╜ ╙W
J█▀
▌└
┘
irb(ronin)>
Starts and opens the interactive Web UI for Ronin:
$ ronin-app
Hexdumps data in a variety of formats:
$ ronin hexdump /bin/ls
Un-hexdumps a hexdump file back into it's original raw binary data:
$ ronin unhexdump -o data.bin hexdump.txt
Print all printable strings from a file:
$ ronin strings /bin/ls
Print all alphabetic strings from a file:
$ ronin strings --alpha /bin/ls
Print all alpha-numeric strings from a file:
$ ronin strings --alpha-num /bin/ls
Print all numeric strings from a file:
$ ronin strings --numeric /bin/ls
Print all hexadecimal strings from a file:
$ ronin strings --hex /bin/ls
Enumerate through all of the Bit-flips of a domain name:
$ ronin bitflip microsoft --alpha-num --append .com
licrosoft.com
oicrosoft.com
iicrosoft.com
eicrosoft.com
Microsoft.com
mhcrosoft.com
mkcrosoft.com
mmcrosoft.com
macrosoft.com
mycrosoft.com
...
Base64 encode a string:
$ ronin encode --base64 --string "foo bar baz"
Zm9vIGJhciBiYXo=
Zlib compresses, Base64 encodes, and then URI encode a string:
$ ronin encode --zlib --base64 --uri --string "foo bar"
%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A
Base64 decode a string:
$ ronin decode --base64 --string "Zm9vIGJhciBiYXo="
foo bar baz
URI decode, Base64 decode, and then zlib inflates a string:
$ ronin decode --uri --base64 --zlib --string "%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A"
foo bar
URI escape a string:
$ ronin escape --uri --string "foo bar"
foo%20bar
URI unescape a string:
$ ronin unescape --uri --string "foo%20bar"
foo bar
Convert a file into a quoted C string:
$ ronin quote --c file.bin
"..."
Convert a file into a quoted JavaScript string:
$ ronin quote --js file.bin
Unquote a C string:
$ ronin unquote --c --string '"\x66\x6f\x6f\x20\x62\x61\x72"'
foo bar
Extract high-entropy data from a file:
$ ronin entropy -e 5.0 index.html
Grep for common patterns of data:
$ ronin grep --hash index.html
Extract common patterns from data:
$ ronin extract --hash index.html
Generate a random typo of a word:
$ ronin typo microsoft
microssoft
Enumerate over every typo variation of a word:
$ ronin typo --enum microsoft
microosoft
microsooft
microssoft
Generate a random homoglyph version of a word:
$ ronin homoglyph CEO
CEO
Enumerate over every homoglyph variation of a word:
$ ronin homoglyph --enum CEO
ϹEO
СEO
ⅭEO
CEO
CΕO
CЕO
CEO
CEΟ
CEО
CEO
Syntax-highlights a file:
$ ronin highlight index.html
AES-256 encrypt a file:
$ ronin encrypt --cipher aes-256-cbc --password "..." file.txt > encrypted.bin
Decrypt data:
$ ronin decrypt --cipher aes-256-cbc --password "..." encrypted.bin
Generates a HMAC for a file:
$ ronin hmac --hash sha1 --password "too many secrets" data.txt
Generates a HMAC for a string:
$ ronin hmac --hash sha1 --password "too many secrets" --string "..."
Calculate an MD5 checksum of a string:
$ ronin md5 --string "hello world"
5eb63bbbe01eeed093cb22bb8f5acdc3
Calculate the MD5 checksum of a file:
$ ronin md5 file.txt
Calculate the MD5 checksum of every line in a file:
$ ronin md5 --multiline file.txt
Calculate an SHA1 checksum of a string:
$ ronin sha1 --string "hello world"
2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
Calculate the SHA1 checksum of a file:
$ ronin sha1 file.txt
Calculate the SHA1 checksum of every line in a file:
$ ronin sha1 --multiline file.txt
Calculate an SHA256 checksum of a string:
$ ronin sha256 --string "hello world"
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Calculate the SHA256 checksum of a file:
$ ronin sha256 file.txt
Calculate the SHA256 checksum of every line in a file:
$ ronin sha256 --multiline file.txt
Calculate an SHA512 checksum of a string:
$ ronin sha512 --string "hello world"
309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
Calculate the SHA512 checksum of a file:
$ ronin sha512 file.txt
Calculate the SHA512 checksum of every line in a file:
$ ronin sha512 --multiline file.txt
ROT-13 encodes a string:
$ ronin rot --string "The quick brown fox jumps over the lazy dog"
Gur dhvpx oebja sbk whzcf bire gur ynml qbt
XOR encodes a string:
$ ronin xor --key ABC --string "The quick brown fox jumps over the lazy dog"
"\x15*&a36(!(a 1.5-a$,9b)4/32b,7'1a6+$b/ 8:a&,&"
Query the ASN of an IP address:
$ ronin asn -I 4.2.2.1
4.0.0.0/9 AS3356 (US) LEVEL3
Get the system's external/public IP address:
$ ronin ip --public
Convert an IP address to decimal format:
$ ronin ip --decimal 127.0.0.1
2130706433
Convert a file of IP addresses into URLs:
$ ronin ip --file targets.txt --http
Enumerate over every IP address in the IP CIDR range:
$ ronin iprange 10.1.0.0/15
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
...
Enumerate over every IP address in the IP glob range:
$ ronin iprange 10.1-3.0.*
10.1.0.1
10.1.0.2
10.1.0.3
10.1.0.4
10.1.0.5
10.1.0.6
10.1.0.7
10.1.0.8
10.1.0.9
10.1.0.10
...
Enumerate over every IP address between two IP addresses:
$ ronin iprange --start 10.0.0.1 --stop 10.0.3.33
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
10.0.0.10
Connect to a remote TCP service:
$ ronin netcat -v example.com 80
Listen on a local TCP port:
$ ronin netcat -v -l 1337
Connect to a remote SSL/TLS service:
$ ronin netcat -v --ssl example.com 443
Connect to a remote UDP service:
$ ronin netcat -v -u example.com 1337
Listen on a local UDP port:
$ ronin netcat -v -u -l 1337
Opens a UNIX socket:
$ ronin netcat -v --unix /path/to/unix.socket
Hexdump all data received from a socket:
$ ronin netcat --hexdump example.com 80
GET / HTTP/1.1
Host: example.com
User-Agent: Ruby
00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.|
00000010 0a 41 67 65 3a 20 32 35 30 38 30 36 0d 0a 43 61 |.Age: 250806..Ca|
00000020 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 |che-Control: max|
00000030 2d 61 67 65 3d 36 30 34 38 30 30 0d 0a 43 6f 6e |-age=604800..Con|
00000040 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f |tent-Type: text/|
00000050 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 |html; charset=UT|
...
Query DNS records:
$ ronin dns -t TXT github.com
Find all registered TLDs for a host name:
$ ronin host --enum-tlds --registered github.com
github.ac
github.actor
github.ae
github.africa
github.agency
github.ai
...
Find all registered public suffixes for a host name:
$ ronin host --enum-suffix --registered github.com
example.com.ag
example.ai
example.al
example.am
example.com.ar
example.at
example.co.at
example.or.at
example.com.au
example.be
example.com.bh
...
Find all subdomains that have addresses:
$ ronin host --enum-subdomains subdomains.txt --has-addresses google.com
www.google.com
mail.google.com
smtp.google.com
ns1.google.com
ns2.google.com
m.google.com
ns.google.com
blog.google.com
admin.google.com
news.google.com
vpn.google.com
ns3.google.com
...
Enumerate over every possible typosquat variation of a domain:
$ ronin typosquat microsoft.com
microosoft.com
microsooft.com
microssoft.com
Find all of the registered typosquat domains for a valid domain:
$ ronin typosquat --registered microsoft.com
Find all of the typosquat domains with addresses for a valid domain:
$ ronin typosquat --has-addresses microsoft.com
Find all of the unregistered typosquat domains for a valid domain:
$ ronin typosquat --unregistered microsoft.com
De-obfuscate an email address:
$ ronin email-addr --deobfuscate "john [dot] smith [at] example [dot] com"
[email protected]
Enumerate through all of the obfuscations of an email address:
$ ronin email-addr --enum-obfuscations [email protected]
john.smith @ example.com
john.smith AT example.com
john.smith at example.com
john.smith[AT]example.com
john.smith[at]example.com
...
Dump information about a SSL/TLS certificate:
$ ronin cert-dump https://example.com/
Download a SSL/TLS certificate from a host and port:
$ ronin cert-grab github.com:443
Generate a new SSL/TLS certificate:
$ ronin cert-gen -c test.com -O "Test Co" -U "Test Dept" \
-L "Test City" -S NY -C US
Perform an HTTP GET
request (with syntax highlighting):
$ ronin http https://example.com/
Send an HTTP request with additional headers:
$ ronin http --post --header "Authorization: ..." https://foo.bar/
Send an HTTP request with a known User-Agent
string:
$ ronin http --post --user-agent chrome-android https://foo.bar/
Send an HTTP request with a custom User-Agent
string:
$ ronin http --post --user-agent-string "..." https://foo.bar/
Open an interactive HTTP shell:
$ ronin http --shell https://example.com/
https://example.com/> help
help [COMMAND] Prints the list of commands or additional help
get PATH[?QUERY] [BODY] Performs a GET request
head PATH[?QUERY] Performs a HEAD request
patch PATH[?QUERY] [BODY] Performs a PATCH request
post PATH[?QUERY] [BODY] Performs a POST request
put PATH [BODY] Performs a PUT request
copy PATH DEST Performs a COPY request
delete PATH[?QUERY] Performs a DELETE request
lock PATH[?QUERY] Performs a LOCK request
options PATH[?QUERY] Performs a OPTIONS request
mkcol PATH[?QUERY] Performs a MKCOL request
move PATH[?QUERY] DEST Performs a MOVE request
propfind PATH[?QUERY] Performs a PROPFIND request
proppatch PATH[?QUERY] Performs a PROPPATCH request
trace PATH[?QUERY] Performs a TRACE request
unlock PATH[?QUERY] Performs a UNLOCK request
cd PATH Changes the base URL path
headers [{set | unset} NAME [VALUE]] Manages the request headers
Print the HTTP status of every URL in a file:
$ ronin url --file urls.txt --status
Generate a new Ruby script with ronin-support preloaded:
$ ronin new script foo.rb
Generate a new Ruby project with a Gemfile
:
$ ronin new project foo
Generate a new nokogiri Ruby script for parsing HTML/XML:
$ ronin new nokogiri foo.rb
Generate a new ronin-web-server Ruby script:
$ ronin new web-server my_server.rb
Generate a new ronin-web-server based web app:
$ ronin new web-app my_app
Generate a new ronin-web-spider Ruby script:
$ ronin new web-spider --host=example.com my_spider.rb
Generate a ronin-listener-dns script:
$ ronin new dns-listener my_dns_listener.rb
Generate a ronin-dns-proxy script:
$ ronin new dns-proxy my_dns_proxy.rb
Generate a ronin-listener-http script:
$ ronin new http-listener my_http_listener.rb
Generate a ronin-exploits script:
$ ronin new exploit my_exploit.rb
Generate a ronin-payloads script:
$ ronin new payload my_payload.rb
Archive files:
$ ronin archive -o archive.zip file1.txt file2.txt
Archive files using tar format:
$ ronin archive -o archive.tar file1.txt file2.txt
Unarchive files:
$ ronin unarchive arch1.tar arch2.zip
Unarchive a file with explicit format:
$ ronin unarchive -f zip arch2.jar
- ronin-repos
- ronin-wordlists
- ronin-db
- ronin-web
- ronin-fuzzer
- ronin-payloads
- ronin-exploits
- ronin-vulns
- gcc / clang
- make
- git
- libsqlite3
- Ruby >= 3.1.0
- open_namespace ~> 0.4
- rouge ~> 3.0
- async-io ~> 1.0
- wordlist ~> 1.1
- ronin-support ~> 1.1
- ronin-dns-proxy ~> 0.1
- ronin-core ~> 0.2
- ronin-repos ~> 0.1
- ronin-wordlists ~> 0.1
- ronin-db ~> 0.1
- ronin-listener ~> 0.1
- ronin-nmap ~> 0.1
- ronin-masscan ~> 0.1
- ronin-recon ~> 0.1
- ronin-fuzzer ~> 0.1
- ronin-web ~> 2.0
- ronin-code-asm ~> 1.0
- ronin-code-sql ~> 2.0
- ronin-payloads ~> 0.1
- ronin-exploits ~> 1.0
- ronin-vulns ~> 0.2
- ronin-app ~> 0.1
curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh
See the manual install instructions for how to install Ronin and it's additional dependencies on your platform.
If you prefer using Docker, there are also Docker images available:
docker pull roninrb/ronin
docker run -it roninrb/ronin
Additionally, if you want to mount your home directory into the docker image:
docker run --mount type=bind,source="$HOME",target=/home/ronin -it ronin
- Fork It!
- Clone It!
cd ronin
./scripts/setup
git checkout -b my_feature
- Code It!
bundle exec rake spec
git push origin my_feature
Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
Ronin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Ronin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with Ronin. If not, see https://www.gnu.org/licenses/.