From 2f4491b030b89a5a76ae09d6c670627a8298ae1e Mon Sep 17 00:00:00 2001
From: Postmodern <postmodern.mod3@gmail.com>
Date: Thu, 21 Nov 2024 17:04:49 -0800
Subject: [PATCH] Added the `ronin refang` command (closes #233).

---
 README.md                        |  8 +++
 gemspec.yml                      |  1 +
 lib/ronin/cli/commands/refang.rb | 84 ++++++++++++++++++++++++++++++++
 man/ronin-refang.1.md            | 60 +++++++++++++++++++++++
 spec/cli/commands/refang_spec.rb | 42 ++++++++++++++++
 5 files changed, 195 insertions(+)
 create mode 100644 lib/ronin/cli/commands/refang.rb
 create mode 100644 man/ronin-refang.1.md
 create mode 100644 spec/cli/commands/refang_spec.rb

diff --git a/README.md b/README.md
index 31b480c2f..820d85d9a 100644
--- a/README.md
+++ b/README.md
@@ -109,6 +109,7 @@ Commands:
     proxy
     public-suffix-list
     quote
+    refang
     rot
     sha1
     sha256
@@ -500,6 +501,13 @@ $ ronin xor --key ABC --string "The quick brown fox jumps over the lazy dog"
 
 ### Networking
 
+Re-fangs a defanged URL:
+
+```shell
+$ ronin refang hxxps://www[.]evil[.]com/foo/bar/baz
+https://www.evil.com/foo/bar/baz
+```
+
 Query the ASN of an IP address:
 
 ```shell
diff --git a/gemspec.yml b/gemspec.yml
index 3dbb5e4f6..191ff9002 100644
--- a/gemspec.yml
+++ b/gemspec.yml
@@ -78,6 +78,7 @@ generated_files:
  - man/ronin-proxy.1
  - man/ronin-public-suffix-list.1
  - man/ronin-quote.1
+ - man/ronin-refang.1
  - man/ronin-rot.1
  - man/ronin-sha1.1
  - man/ronin-sha256.1
diff --git a/lib/ronin/cli/commands/refang.rb b/lib/ronin/cli/commands/refang.rb
new file mode 100644
index 000000000..43f60fe34
--- /dev/null
+++ b/lib/ronin/cli/commands/refang.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+#
+# Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# Ronin is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ronin is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ronin.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require_relative '../value_processor_command'
+
+require 'ronin/support/network/defang'
+
+module Ronin
+  class CLI
+    module Commands
+      #
+      # Re-fangs a defanged URL, hostname, or IP address.
+      #
+      # ## Usage
+      #
+      #     ronin refang [options] [{URL | HOST | IP} ...]
+      #
+      # ## Options
+      #
+      #     -f, --file FILE                  Optional file to read values from
+      #     -h, --help                       Print help information
+      #
+      # ## Arguments
+      #
+      #     [URL | HOST | IP ...]            A defanged URL, hostname, or IP address
+      #
+      # ## Examples
+      #
+      #     ronin refang hxxps://www[.]evil[.]com/foo/bar/baz
+      #     ronin refang www[.]example[.]com
+      #     ronin refang 192[.]168[.]1[.]1
+      #     ronin refang --file urls.txt
+      #
+      # @since 2.2.0
+      #
+      class Refang < ValueProcessorCommand
+
+        usage '[options] [{URL | HOST | IP} ...]'
+
+        argument :value, required: false,
+                         repeats:  true,
+                         usage:    'URL | HOST | IP',
+                         desc:     'A defanged URL, hostname, or IP address'
+
+        examples [
+          'hxxps://www[.]evil[.]com/foo/bar/baz',
+          'www[.]example[.]com',
+          '192[.]168[.]1[.]1',
+          '--file urls.txt'
+        ]
+
+        description 'Refangs a defanged URLs, hostnames, or IP addresses'
+
+        man_page 'ronin-refang.1'
+
+        #
+        # Refangs a defanged URL, hostname, or IP address.
+        #
+        # @param [String] value
+        #   The value to refang.
+        #
+        def process_value(value)
+          puts Support::Network::Defang.refang(value)
+        end
+
+      end
+    end
+  end
+end
diff --git a/man/ronin-refang.1.md b/man/ronin-refang.1.md
new file mode 100644
index 000000000..aa191a31c
--- /dev/null
+++ b/man/ronin-refang.1.md
@@ -0,0 +1,60 @@
+# ronin-refang 1 "2025-01-01" Ronin "User Manuals"
+
+## NAME
+
+ronin-refang - Refangs a defanged URLs, hostnames, or IP addresses
+
+## SYNOPSIS
+
+`ronin refang` [*options*] [{*URL* \| *HOST* \| *IP*} ...]
+
+## DESCRIPTION
+
+Re-fangs previously defanged URL(s), hostname(s), or IP address(es) and prints
+the original URL, hostname, or IP address value.
+
+## ARGUMENTS
+
+*URL*
+: A defanged URL argument to refang
+  (ex: `hxxps://www[.]evil[.]com/foo/bar/baz`).
+
+*HOST*
+: A defanged hostname argument to refang (ex: `www[.]example[.]com`).
+
+*IP*
+: A defanged IP address argument to refang (ex: `192[.]168[.]1[.]1`).
+
+## OPTIONS
+
+`-f`, `--file` *FILE*
+: The optional file to read values from.
+
+`-h`, `--help`
+: Print help information.
+
+## EXAMPLES
+
+Re-fangs a defanged URL:
+
+    ronin refang hxxps://www[.]evil[.]com/foo/bar/baz
+
+Re-fangs a defanged hostname:
+
+    ronin refang www[.]example[.]com
+
+Re-fangs a defanged IP address:
+
+    ronin refang 192[.]168[.]1[.]1
+
+Re-fangs a file of URLs, hostnames, or IP addresses:
+
+    ronin refang --file urls.txt
+
+## AUTHOR
+
+Postmodern <postmodern.mod3@gmail.com>
+
+## SEE ALSO
+
+[ronin-defang](ronin-defang.1.md)
diff --git a/spec/cli/commands/refang_spec.rb b/spec/cli/commands/refang_spec.rb
new file mode 100644
index 000000000..7d3f3bc1f
--- /dev/null
+++ b/spec/cli/commands/refang_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+require 'ronin/cli/commands/refang'
+require_relative 'man_page_example'
+
+describe Ronin::CLI::Commands::Refang do
+  include_examples "man_page"
+
+  describe "#process_value" do
+    context "when given a defanged URL value" do
+      let(:defanged) { 'hxxps://www[.]evil[.]com/foo/bar/baz' }
+      let(:refanged) { 'https://www.evil.com/foo/bar/baz' }
+
+      it "must print the re-fanged URL" do
+        expect {
+          subject.process_value(defanged)
+        }.to output("#{refanged}#{$/}").to_stdout
+      end
+    end
+
+    context "when given a defanged hostname value" do
+      let(:defanged) { 'www[.]example[.]com' }
+      let(:refanged) { 'www.example.com' }
+
+      it "must print the re-fanged hostname" do
+        expect {
+          subject.process_value(defanged)
+        }.to output("#{refanged}#{$/}").to_stdout
+      end
+    end
+
+    context "when given a defanged IP address value" do
+      let(:defanged) { '192[.]168[.]1[.]1' }
+      let(:refanged) { '192.168.1.1' }
+
+      it "must print the re-fanged IP address" do
+        expect {
+          subject.process_value(defanged)
+        }.to output("#{refanged}#{$/}").to_stdout
+      end
+    end
+  end
+end