{"id":13878184,"url":"https://github.com/ronin-rb/ronin-exploits","last_synced_at":"2025-04-05T00:10:34.766Z","repository":{"id":56892632,"uuid":"494602","full_name":"ronin-rb/ronin-exploits","owner":"ronin-rb","description":"A Ruby micro-framework for writing and running exploits","archived":false,"fork":false,"pushed_at":"2024-08-09T06:00:06.000Z","size":4177,"stargazers_count":70,"open_issues_count":17,"forks_count":23,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-10-29T14:22:27.166Z","etag":null,"topics":["ctf-tools","exploit","exploit-development","exploitation-framework","hacking-tools","hacktoberfest","infosec","ruby","security","security-tools"],"latest_commit_sha":null,"homepage":"https://ronin-rb.dev","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ronin-rb.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"ronin-rb","patreon":"roninrb"}},"created_at":"2010-01-30T02:28:59.000Z","updated_at":"2024-10-11T20:29:43.000Z","dependencies_parsed_at":"2023-12-19T04:23:00.991Z","dependency_job_id":"09ca146f-ec10-4383-968e-32809360acfc","html_url":"https://github.com/ronin-rb/ronin-exploits","commit_stats":{"total_commits":2894,"total_committers":3,"mean_commits":964.6666666666666,"dds":"0.0020732550103662595","last_synced_commit":"cc974801ea109593e32657979af8031df5ef7876"},"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-exploits","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-exploits/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-exploits/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-exploits/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ronin-rb","download_url":"https://codeload.github.com/ronin-rb/ronin-exploits/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247263360,"owners_count":20910394,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf-tools","exploit","exploit-development","exploitation-framework","hacking-tools","hacktoberfest","infosec","ruby","security","security-tools"],"created_at":"2024-08-06T08:01:42.151Z","updated_at":"2025-04-05T00:10:34.750Z","avatar_url":"https://github.com/ronin-rb.png","language":"Ruby","funding_links":["https://opencollective.com/ronin-rb","https://patreon.com/roninrb"],"categories":["Ruby"],"sub_categories":[],"readme":"# ronin-exploits\n\n[![CI](https://github.com/ronin-rb/ronin-exploits/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-exploits/actions/workflows/ruby.yml)\n[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-exploits.svg)](https://codeclimate.com/github/ronin-rb/ronin-exploits)\n[![Gem Version](https://badge.fury.io/rb/ronin-exploits.svg)](https://badge.fury.io/rb/ronin-exploits)\n\n* [Source](https://github.com/ronin-rb/ronin-exploits)\n* [Issues](https://github.com/ronin-rb/ronin-exploits/issues)\n* [Documentation](https://rubydoc.info/github/ronin-rb/ronin-exploits/frames)\n* [Discord](https://discord.gg/6WAb3PsVX9) |\n  [Mastodon](https://infosec.exchange/@ronin_rb)\n\n## Description\n\nronin-exploits is a Ruby micro-framework for writing and running exploits.\nronin-exploits allows one to write exploits as plain old Ruby classes.\nronin-exploits can be distributed as Ruby files or as git repositories that can\nbe installed using [ronin-repos].\n\n**tl;dr** It's like a simpler and more modular version of\n[Metasploit](https://www.metasploit.com/).\n\nronin-exploits is part of the [ronin-rb] project, a [Ruby] toolkit for security\nresearch and development.\n\n## Features\n\n* Provides a succinct [syntax](#examples) and [API][docs-exploit] for writing\n  exploits in as few lines as possible.\n* Supports [defining exploits as plain old Ruby classes][docs-exploit].\n* Supports loading exploits from Ruby files or from installed 3rd-party\n  git repositories.\n* Provides base classes and mixin modules for a variety of exploit types:\n  * [Stack Overflows][docs-stack-overflow]\n  * [SEH Overflows][docs-seh-overflow]\n  * [Heap Overflows][docs-heap-overflow]\n  * [Use After Free (UAF)][docs-use-after-free]\n  * [Command Injection][docs-command-injection]\n  * [Open Redirect][docs-open-redirect]\n  * [Local File Inclusions (LFI)][docs-lfi]\n  * [Remote File Inclusions (RFI)][docs-rfi]\n  * [SQL injections (SQLi)][docs-sqli]\n  * [Cross-Site Scripting (XSS)][docs-xss]\n  * [Server-Side Template Injection (SSTI)][docs-ssti]\n* Uses the [ronin-payloads] library for exploit payloads.\n* Uses the [ronin-post_ex] library for post-exploitation.\n* Provides a simple CLI for listing, displaying, running, and generating new\n  exploits.\n* Has 9%% test coverage.\n* Has 86% documentation coverage.\n* Small memory footprint (~47Kb).\n\n[docs-exploit]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/Exploit.html\n[docs-stack-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/StackOverflow.html\n[docs-seh-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SEHOverflow.html\n[docs-heap-overflow]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/HeapOverflow.html\n[docs-use-after-free]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/UseAfterFree.html\n[docs-command-injection]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/CommandInjection.html\n[docs-open-redirect]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/OpenRedirect.html\n[docs-lfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/LFI.html\n[docs-rfi]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/RFI.html\n[docs-sqli]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SQLI.html\n[docs-xss]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/XSS.html\n[docs-ssti]: https://ronin-rb.dev/docs/ronin-exploits/Ronin/Exploits/SSTI.html\n\n## Anti-Features\n\n* No magic: exploits are defined as classes in files.\n* No global state: exploits are fully isolated and can be ran directly.\n* Not a monolithic framework: just a library.\n* Batteries not included: ronin-exploits does not contain any builtin exploits.\n  Instead, additional exploits are hosted and installed from other git\n  repositories. This prevents ronin-exploits from being taken down or\n  restricted.\n\n## Synopsis\n\n```\nUsage: ronin-exploits [options] [COMMAND [ARGS...]]\n\nOptions:\n    -h, --help                       Print help information\n\nArguments:\n    [COMMAND]                        The command name to run\n    [ARGS ...]                       Additional arguments for the command\n\nCommands:\n    completion\n    help\n    irb\n    list, ls\n    new\n    run\n    show, info\n```\n\nGenerate a new exploit file:\n\n```shell\n$ ronin-exploits new example_exploit.rb --type stack-overflow \\\n    --arch x86 --os linux --software ExampleWare --software-version 1.2.3 \\\n    --author Postmodern --author-email \"postmodern.mod3@gmail.com\" \\\n    --summary \"Example exploit\" --description \"This is an example.\"\n```\n\nInstall a 3rd-party repository of exploits:\n\n```shell\n$ ronin-repos install https://github.com/user/exploits.git\n```\n\nList available exploits:\n\n```shell\n$ ronin-exploits list\n```\n\nPrint information about an exploit:\n\n```shell\n$ ronin-exploits show NAME\n```\n\nPrint information about an exploit from a file:\n\n```shell\n$ ronin-exploits show -f path/to/exploit.rb\n```\n\nRun an exploit:\n\n```shell\n$ ronin-exploits run my_exploit --param host=example.com --param port=9999\n```\n\nLoad an exploit from a specific file, then run it:\n\n```shell\n$ ronin-exploits run -f path/to/my_exploit.rb --param host=example.com --param port=9999\n```\n\nRun an exploit with a raw payload:\n\n```shell\n$ ronin-exploits run my_exploit --param host=example.com --param port=9999 \\\n    --payload-string $'\\x66\\x31\\xc0\\xfe\\xc0\\xb3\\xff\\xcd\\x80'\n```\n\nRead a raw payload from a file:\n\n```shell\n$ ronin-exploits run my_exploit --param host=example.com --param port=9999 \\\n    --read-payload shellcode.bin\n```\n\nGenerate a ronin repository of your own exploits (and/or payloads):\n\n```shell\n$ ronin-repos new my-repo\n$ cd my-repo/\n$ mkdir exploits\n$ ronin-exploits new exploits/my_exploit.rb --type stack-overflow \\\n    --arch x86 --os linux --software ExampleWare --software-version 1.2.3 \\\n    --author You --author-email \"you@example.com\" \\\n    --summary \"My exploit\" --description \"This is my example.\"\n$ vim exploits/my_exploit.rb\n$ git add exploits/my_exploit.rb\n$ git commit\n$ git push\n```\n\n## Examples\n\nDefine a basic remote TCP exploit:\n\n```ruby\nrequire 'ronin/exploits/exploit'\nrequire 'ronin/exploits/mixins/remote_tcp'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c Exploit\n\n      include Mixins::RemoteTCP\n\n      register 'my_exploit'\n\n      summary 'My first exploit'\n      description \u003c\u003c~EOS\n        This is my first exploit.\n        Bla bla bla bla.\n      EOS\n\n      author '...'\n      author '...', email: '...', twitter: '...'\n\n      disclosure_date 'YYY-MM-DD'\n      release_date 'YYYY-MM-DD'\n\n      advisory 'CVE-YYYY-NNNN'\n      advisory 'GHSA-XXXXXX'\n      software 'TestHTTP'\n      software_versions '1.0.0'..'1.5.4'\n\n      param :cmd, desc: 'The command to run'\n\n      def test\n        # ...\n      end\n\n      def build\n        # ...\n      end\n\n      def launch\n        # ...\n      end\n\n      def cleanup\n        # ...\n      end\n\n    end\n  end\nend\n```\n\nDefine a Stack Overflow exploit:\n\n```ruby\nrequire 'ronin/exploits/stack_overflow'\nrequire 'ronin/exploits/mixins/remote_tcp'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c StackOverflow\n\n      register 'my_exploit'\n\n      include Mixins::RemoteTCP\n\n      def build\n        ebp = 0x06eb9090\n        eip = 0x1001ae86\n\n        @buffer = buffer_overflow(length: 1024, nops: 16, payload: payload, bp: ebp, ip: eip)\n      end\n\n      def launch\n        tcp_send \"USER #{@buffer}\"\n      end\n\n    end\n  end\nend\n```\n\nDefine a SEH Overflow exploit:\n\n```ruby\nrequire 'ronin/exploits/seh_overflow'\nrequire 'ronin/exploits/mixins/remote_tcp'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c SEHOverflow\n\n      register 'my_exploit'\n\n      include Mixins::RemoteTCP\n\n      def build\n        nseh = 0x06eb9090 # short jump 6 bytes\n        seh  = 0x1001ae86 # pop pop ret 1001AE86 SSLEAY32.DLL\n\n        @buffer = seh_buffer_overflow(length: 1024, nops: 16, payload: payload, nseh: nseh, seh: seh)\n      end\n\n      def launch\n        tcp_send \"USER #{@buffer}\"\n      end\n\n    end\n  end\nend\n```\n\nDefine a Command Injection exploit:\n\n```ruby\nrequire 'ronin/exploits/command_injection'\nrequire 'ronin/exploits/mixins/http'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c CommandInjection\n\n      register 'my_exploit'\n\n      include Mixins::HTTP\n\n      def launch\n        http_post '/form.php', post_data: {var: \"';#{payload}#\"}\n      end\n\n    end\n  end\nend\n```\n\nDefine an Open Redirect exploit:\n\n```ruby\nrequire 'ronin/exploits/open_redirect'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c OpenRedirect\n\n      register 'my_exploit'\n\n      base_path '/path/to/page.php'\n      query_param 'url'\n\n    end\n  end\nend\n```\n\nDefine a Local File Inclusion (LFI) exploit:\n\n```ruby\nrequire 'ronin/exploits/lfi'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c LFI\n\n      register 'my_exploit'\n\n      base_path '/path/to/page.php'\n      query_param 'template'\n      depth 7\n\n    end\n  end\nend\n```\n\nDefine a Remote File Inclusion (RFI) exploit:\n\n```ruby\nrequire 'ronin/exploits/rfi'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c RFI\n\n      register 'my_exploit'\n\n      base_path '/path/to/page.php'\n      query_param 'template'\n\n    end\n  end\nend\n```\n\nDefine a SQL injection (SQLi) exploit:\n\n```ruby\nrequire 'ronin/exploits/sqli'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c SQLI\n\n      register 'my_exploit'\n\n      base_path '/path/to/page.php'\n      query_param 'id'\n      escape_quote true\n\n    end\n  end\nend\n```\n\nDefine a Server-Side Template Injection (SSTI) exploit:\n\n```ruby\nrequire 'ronin/exploits/ssti'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c SSTI\n\n      register 'my_exploit'\n\n      base_path '/path/to/page.php'\n      query_param 'name'\n      escape_expr -\u003e(expr) { \"${{#{expr}}}\" }\n\n    end\n  end\nend\n```\n\nDefine a Cross-Site Scripting (XSS) exploit:\n\n```ruby\nrequire 'ronin/exploits/xss'\n\nmodule Ronin\n  module Exploits\n    class MyExploit \u003c XSS\n\n      register 'my_exploit'\n\n      base_path '/path/to/page.php'\n      query_param 'title'\n\n    end\n  end\nend\n```\n\nFor real-world example ronin exploits, see the [example-exploits] repository.\n\n[example-exploits]: https://github.com/ronin-rb/example-exploits\n\n## Requirements\n\n* [Ruby] \u003e= 3.0.0\n* [uri-query_params] ~\u003e 0.6\n* [ronin-support] ~\u003e 1.0\n* [ronin-code-sql] ~\u003e 2.0\n* [ronin-core] ~\u003e 0.2\n* [ronin-repos] ~\u003e 0.1\n* [ronin-payloads] ~\u003e 0.1\n* [ronin-vulns] ~\u003e 0.1\n* [ronin-post_ex] ~\u003e 0.1\n\n## Install\n\n```shell\n$ gem install ronin-exploits\n```\n\n## Development\n\n1. [Fork It!](https://github.com/ronin-rb/ronin-exploits/fork)\n2. Clone It!\n3. `cd ronin-exploits`\n4. `./scripts/setup`\n5. `git checkout -b my_feature`\n6. Code It!\n7. `bundle exec rake spec`\n8. `git push origin my_feature`\n\n## Disclaimer\n\nronin-exploits **does not** contain any exploits of it's own,\nbut is a library for writing and running 3rd party exploits.\nTherefor, ronin-exploits **must not** and **should not** be considered\nto be malicious software (malware) or malicious in nature.\n\n## License\n\nronin-exploits - A Ruby library for ronin-rb that provides exploitation and\npayload crafting functionality.\n\nCopyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)\n\nronin-exploits is free software: you can redistribute it and/or modify\nit under the terms of the GNU Lesser General Public License as published\nby the Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nronin-exploits is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU Lesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public License\nalong with ronin-exploits.  If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n\n[Ruby]: https://www.ruby-lang.org\n[ronin-rb]: https://ronin-rb.dev\n\n[uri-query_params]: https://github.com/postmodern/uri-query_params#readme\n[ronin-support]: https://github.com/ronin-rb/ronin-support#readme\n[ronin-code-sql]: https://github.com/ronin-rb/ronin-code-sql#readme\n[ronin-core]: https://github.com/ronin-rb/ronin-core#readme\n[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme\n[ronin-payloads]: https://github.com/ronin-rb/ronin-payloads#readme\n[ronin-post_ex]: https://github.com/ronin-rb/ronin-post_ex#readme\n[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readm\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fronin-rb%2Fronin-exploits","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fronin-rb%2Fronin-exploits","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fronin-rb%2Fronin-exploits/lists"}