After many months of development and release candidates I am pleased to announce that ronin-support 0.4.0, ronin 1.4.0 and ronin-gen 1.1.0 have been released.

gem update ronin-support ronin ronin-gen

So what's new?

ronin-support 0.4.0

Common Regular Expressions

Many common and useful Regular Expressions constants were added to the Regexp class.

"Please see C:\\Documents\\plans.docx".scan(Regexp::ABSOLUTE_WINDOWS_PATH)
# => ["C:\\Documents\\plans.docx"]

New String methods

String#repeating was added which allows creating multiple repeating Strings:

'A'.repeating((100..700).step(100)) { |str| puts str }

String#sql_inject was also added, allowing for easy formatting of SQL injections:

"'1' OR 1=1".sql_inject(:terminate => true)
# => "1' OR 1=1 --"

Base64 formatting

String#base64_encode and String#base64_decode now accept formatting arguments:

("A" * 256).base64_encode(:strict)
# => "QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQ=="
"hello world".base64_encode(:url)
# => "aGVsbG8gd29ybGQ="

These base64 formats are similar to the new methods added to the Base64 module in Ruby 1.9.

ronin/fuzzing

All fuzzing methods were moved into ronin/fuzzing and the Ronin::Fuzzing namespace. Ronin::Fuzzing was added which contains fuzzing generator methods, which generate various types of malicious data. These methods can be called directly ...

Fuzzing.format_strings { |fmt| puts fmt }

... or accessed as Enumerators:

Fuzzing[:bad_strings]
# => #<Enumerator: Ronin::Fuzzing:bad_strings>

The fuzzing generator methods can also be used with String#fuzz:

"GET /sign_in".fuzz(:unix_path => :bad_paths) { |str| p str }

String#mutate was also added to ronin/fuzzing, which allows for the incremental mutating of a String, given patterns and substitutions.

"hello old dog".mutate('e' => ['3'], 'l' => ['1'], 'o' => ['0']) { |str| puts str }

New Wordlist class

Ronin::Wordlist is a class for building and working with wordlists.

Use an existing Wordlist file:

wordlist = Wordlist.new('passwords.txt')
wordlist.each { |word| puts word }

Expand a Wordlist with mutation rules:

wordlist = Wordlist.new('passwords.txt', /e/ => ['E', '3'], /a/ => ['@'])
wordlist.each { |word| puts word }

Build a Wordlist from arbitrary text:

wordlist = Wordlist.build(text)
wordlist.each_n_words(3) { |words| puts words }

Network modules

As of ronin-support 0.4.0 all Net convenience methods have been moved into their respective modules in the Network namespace. One can add the Network convenience methods to any Class/Module by simply including a Network module:

require 'ronin/network/http'

class WordpressFingerprinter

  include Ronin::Network::HTTP

  attr_accessor :host

  PATH = '/wp-includes/js/tinymce/tiny_mce.js'

  # @see http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps
  VERSIONS = {
    'a306a72ce0f250e5f67132dc6bcb2ccb' => '2.0',
    '4f04728cb4631a553c4266c14b9846aa' => '2.1',
    '25e1e78d5b0c221e98e14c6e8c62084f' => '2.2',
    '83c83d0f0a71bd57c320d93e59991c53' => '2.3',
    '7293453cf0ff5a9a4cfe8cebd5b5a71a' => '2.5',
    '61740709537bd19fb6e03b7e11eb8812' => '2.6',
    'e6bbc53a727f3af003af272fd229b0b2' => '2.7',
    'e6bbc53a727f3af003af272fd229b0b2' => '2.7.1',
    '128e75ed19d49a94a771586bf83265ec' => '2.9.1'
  }

  def version
    VERSIONS[http_get_body(:host => @host, :path => PATH).md5]
  end

end

Additionally, all Network modules are included into the Ronin::Support and Ronin namespaces, so no more having to type "Net.":

>> tcp_banner 'smtp.gmail.com', 25
=> "220 mx.google.com ESMTP g3sm14650755pbt.41"

Network::DNS

Network::DNS was added, which provides simple DNS methods for Ronin.

dns_lookup 'google.com'
# => "74.125.224.65"
dns_lookup_all 'google.com'
# => ["74.125.224.128", "74.125.224.131", "74.125.224.130", "74.125.224.136", "74.125.224.132", "74.125.224.129", "74.125.224.142", "74.125.224.133", "74.125.224.137", "74.125.224.134", "74.125.224.135"]
dns_reverse_lookup '74.125.224.65'
# => "nuq04s07-in-f1.1e100.net"

New Network Mixins

Network::Mixins::DNS and Network::Mixins::SSL were also added.

ronin 1.4.0

Refactored Ronin::UI::CLI::Command

In ronin 1.4.0 Ronin::UI::CLI::Command (the base-class for all CLI commands) was refactored to no longer use the Thor library. Now the Command class uses Parameters::Options, which combines the Parameters library with Ruby's builtin OptionParser module.

What resulted from this refactoring was cleaner option syntax and better --help output. Take for example the [Wordlist] command:

class Wordlist < Command
    
  summary 'Builds and/or mutates Wordlists'

  option :input, :type        => String,
                 :flag        => '-i',
                 :usage       => 'FILE',
                 :description => 'Input file'

  option :output, :type        => String,
                  :flag        => '-o',
                  :usage       => 'PATH',
                  :description => 'Output wordlist file'

  option :mutations, :type         => Hash[String => Array],
                     :default      => {},
                     :flag         => '-m',
                     :usage        => 'STRING:SUB',
                     :descriptions => 'Mutations rules'

  argument :template, :type        => Array,
                      :description => 'Options word template'

  def execute
    # ...
  end

end

Which produces the following --help output:

Usage: ronin wordlist [options] TEMPLATE

Options:
    -v, --[no-]verbose               Enable verbose output.
    -q, --[no-]quiet                 Disable verbose output.
        --[no-]silent                Silence all output.
        --[no-]color                 Enables color output.
    -i, --input [FILE]               Input file.
    -o, --output [PATH]              Output wordlist file.
    -m, --mutations [STRING:SUB]     Default: {}

Arguments:
    TEMPLATE                         Options word template

Builds and/or mutates Wordlists

It really is that easy to write your own Ronin commands.

Old commands, new again

The ronin install, update and uninstall commands have been brought back in 1.4.0.

$ ronin install https://github.com/user/repo.git

The ronin repos command now only lists installed Repositories.

Ronin Console .commands

After playing with Node.js, I liked how node console commands were prefixed with a . character (ex: .load). The .command syntax also does not conflict with Ruby's syntax. In 1.4.0 all !commands can also be called as .commands in the Ronin Console:

>> .edit myscript.rb
=> true
>> .ping www.google.com
...

ronin-gen 1.1.0

Ronin::Gen::Generator refactored

In ronin-gen 1.1.0, Ronin::Gen::Generator (the base-class of all generators) was also refactored to no longer use the Thor library. Instead, all Generators use the Parameters library with Ruby's builtin FileUtils module. This change lowers the barrier for writing custom Ronin Generators.

For an example of the new Generator syntax, please see the Repository generator class.

Improved ronin-gen command

The ronin-gen command now uses Parameters::Options to directly parse options for the selected Generator. This also improved the --help output for all Generators:

$ ronin-gen repository --help
ronin-gen repository PATH [options]
        --path [PATH]                The destination path.
        --title [TITLE]
        --uri [URI]
        --source [SOURCE]
        --website [WEBSITE]
        --license [LICENSE]          Default: "CC-by"
        --description [DESCRIPTION]  Default: "This is a Ronin Repository"
        --authors [AUTHORS [...]]    Default: []
        --[no-]tests
        --[no-]docs
        --[no-]svn                   Create a SVN repository.
        --[no-]git                   Create a Git repository.
        --[no-]hg                    Create a Hg repository.

Generate SVN, Git, Hg Repositories

The Repository generator now supports generating SVN, Git and Hg repositories:

$ ronin-gen repository myrepo --title "My Repository" --hg