{"id":13701971,"url":"https://github.com/ronin-rb/ronin-recon","last_synced_at":"2025-05-05T04:30:36.020Z","repository":{"id":152903572,"uuid":"626613604","full_name":"ronin-rb/ronin-recon","owner":"ronin-rb","description":"A micro-framework and tool for performing reconnaissance.","archived":false,"fork":false,"pushed_at":"2025-02-17T21:34:14.000Z","size":649,"stargazers_count":38,"open_issues_count":30,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-01T01:23:29.940Z","etag":null,"topics":["asset-discovery","bug-bounty","dirbuster","directory-bruteforce","hacking-tools","hacktoberfest","network-scanning","recon","recon-engine","recon-framework","reconnaissance","subdomain-bruteforcing","subdomain-enumeration","subdomain-finder"],"latest_commit_sha":null,"homepage":"https://ronin-rb.dev","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ronin-rb.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"open_collective":"ronin-rb","patreon":"roninrb"}},"created_at":"2023-04-11T20:26:23.000Z","updated_at":"2025-04-11T06:43:11.000Z","dependencies_parsed_at":"2024-01-16T00:14:10.410Z","dependency_job_id":"6539e220-89bd-4efe-bd30-ee0704d29f41","html_url":"https://github.com/ronin-rb/ronin-recon","commit_stats":{"total_commits":559,"total_committers":3,"mean_commits":"186.33333333333334","dds":0.06082289803220031,"last_synced_commit":"ff40ca9363b42aa7b25e0f498f0c052674bb9056"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-recon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-recon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-recon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ronin-rb%2Fronin-recon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ronin-rb","download_url":"https://codeload.github.com/ronin-rb/ronin-recon/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252439358,"owners_count":21747992,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asset-discovery","bug-bounty","dirbuster","directory-bruteforce","hacking-tools","hacktoberfest","network-scanning","recon","recon-engine","recon-framework","reconnaissance","subdomain-bruteforcing","subdomain-enumeration","subdomain-finder"],"created_at":"2024-08-02T21:00:28.618Z","updated_at":"2025-05-05T04:30:36.012Z","avatar_url":"https://github.com/ronin-rb.png","language":"Ruby","funding_links":["https://opencollective.com/ronin-rb","https://patreon.com/roninrb"],"categories":["[↑](#-table-of-contents) URLs","Domain and Network Recon"],"sub_categories":["Tools","Linux CLI // Kali"],"readme":"# ronin-recon\n\n[![CI](https://github.com/ronin-rb/ronin-recon/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-recon/actions/workflows/ruby.yml)\n[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-recon.svg)](https://codeclimate.com/github/ronin-rb/ronin-recon)\n\n* [Website](https://ronin-rb.dev/)\n* [Source](https://github.com/ronin-rb/ronin-recon)\n* [Issues](https://github.com/ronin-rb/ronin-recon/issues)\n* [Documentation](https://ronin-rb.dev/docs/ronin-recon)\n* [Discord](https://discord.gg/6WAb3PsVX9) |\n  [Mastodon](https://infosec.exchange/@ronin_rb)\n\n## Description\n\nronin-recon is a micro-framework and tool for performing reconnaissance.\nronin-recon uses multiple workers which process different value types\n(ex: IP, host, URL, etc) and produce new values. ronin-recon contains built-in\nrecon workers and supports loading additional 3rd-party workers from Ruby\nfiles or 3rd-party git repositories. ronin-recon has a unique queue design\nand uses asynchronous I/O to maximize efficiency.\n\n## Features\n\n* Uses asynchronous I/O and fibers.\n* Supports defining recon modules as plain old Ruby class.\n* Provides built-in recon workers for:\n  * IP range enumeration.\n  * DNS lookup of host-names.\n  * Querying nameservers.\n  * Querying mailservers.\n  * DNS reverse lookup of IP addresses.\n  * DNS SRV record enumeration.\n  * DNS subdomain enumeration.\n  * Service/port scanning with `nmap`.\n  * Enumerates the Common Name (`CN`) and `subjectAltName`s within all SSL/TLS\n    certificates.\n  * Web spidering.\n  * HTTP directory enumeration.\n* Supports loading additional recon modules from Ruby files or from installed\n  [3rd-party git repositories][ronin-repos].\n* Builds a network graph of all discovered assets.\n* Provides a simple CLI for listing workers or performing recon.\n* Supports many different output file formats:\n  * TXT\n  * CSV\n  * JSON\n  * [NDJSON](http://ndjson.org/)\n  * [GraphViz][graphviz]\n    * DOT\n    * SVG\n    * PNG\n    * PDF\n* Supports automatically saving recon results into [ronin-db].\n\n## Anti-Features\n\n* Does not require API keys to run.\n* Not just a script that runs a bunch of other recon tools.\n* Does not use AI.\n\n## Synopsis\n\n```\n$ ronin-recon\nUsage: ronin-recon [options]\n\nOptions:\n    -V, --version                    Prints the version and exits\n    -h, --help                       Print help information\n\nArguments:\n    [COMMAND]                        The command name to run\n    [ARGS ...]                       Additional arguments for the command\n\nCommands:\n    completion\n    help\n    irb\n    new\n    run\n    test\n    worker\n    workers\n```\n\nList all available recon workers:\n\n```shell\n$ ronin-recon workers\n  api/crt_sh\n  dns/lookup\n  dns/mailservers\n  dns/nameservers\n  dns/reverse_lookup\n  dns/srv_enum\n  dns/subdomain_enum\n  dns/suffix_enum\n  net/cert_enum\n  net/cert_grab\n  net/ip_range_enum\n  net/port_scan\n  net/service_id\n  web/dir_enum\n  web/email_addresses\n  web/spider\n```\n\nPrint info about a specific recon worker:\n\n```shell\n$ ronin-recon worker dns/lookup\n[ dns/lookup ]\n\n  Summary: Looks up the IPs of a host-name\n  Description:\n\n    Resolves the IP addresses of domains, host names, nameservers,\n    and mailservers.\n\n  Accepts:\n\n    * domains\n    * hosts\n    * nameservers\n    * mailservers\n\n  Outputs:\n\n    * IP address\n\n  Intensity: passive\n```\n\nRun the recon engine on a single domain:\n\n```shell\n$ ronin-recon run example.com\n```\n\nRun the recon engine on a single host-name:\n\n```shell\n$ ronin-recon run www.example.com\n```\n\nRun the recon engine on a single IP address:\n\n```shell\n$ ronin-recon run 1.1.1.1\n```\n\nRun the recon engine on an IP range:\n\n```shell\n$ ronin-recon run 1.1.1.1/24\n```\n\nRun the recon engine on multiple targets:\n\n```shell\n$ ronin-recon run example1.com example2.com secret.foo.example1.com secret.bar.example2.com 1.1.1.1/24\n```\n\nRun the recon engine and ignore specific hosts, IPs, URLs, etc.:\n\n```shell\n$ ronin-recon run --ignore staging.example.com example.com\n```\n\nSave the recon results to a plain-text file:\n\n```shell\n$ ronin-recon run -o output.txt example.com\n```\n\nSave the recon results to a directory of multiple plain-text files:\n\n```shell\n$ ronin-recon run -o output_dir example.com\n```\n\nSave the recon results to a CSV file:\n\n```shell\n$ ronin-recon run -o output.csv example.com\n```\n\nSave the recon results to a JSON file:\n\n```shell\n$ ronin-recon run -o output.json example.com\n```\n\nSave the recon results to a NDJSON file:\n\n```shell\n$ ronin-recon run -o output.ndjson example.com\n```\n\nSave the recon results to a PNG image:\n\n```shell\n$ ronin-recon run -o output.png example.com\n```\n\nSave the recon results to a SVG image:\n\n```shell\n$ ronin-recon run -o output.svg example.com\n```\n\nSave the recon results to a PDF image:\n\n```shell\n$ ronin-recon run -o output.pdf example.com\n```\n\nGenerate a boilerplate recon worker file, with some custom information:\n\n```shell\n$ ronin-recon new example_worker.rb \\\n                  --author Postmodern \\\n                  --description \"This is an example.\"\n```\n\nGenerate a ronin repository of your own recon workers:\n\n```shell\n$ ronin-repos new my-repo\n$ cd my-repo/\n$ mkdir recon\n$ ronin-recon new recon/my_recon.rb \\\n                  --author You \\\n                  --description \"This is my recon worker.\"\n$ vim recon/my_recon.rb\n$ git add recon/my_recon.rb\n$ git commit\n$ git push\n```\n\n## Examples\n\nDefining a custom recon worker:\n\n```ruby\nrequire 'ronin/recon/dns_worker'\n\nmodule Ronin\n  module Recon\n    module DNS\n      class FooBar \u003c DNSWorker\n\n        register 'dns/foo_bar'\n\n        summary 'My DNS recon technique'\n        description \u003c\u003c~DESC\n          This recon worker uses the foo-bar technique.\n          Bla bla bla bla.\n        DESC\n        author 'John Smith', email: '...'\n\n        accepts Domain\n        outputs Host\n        intensity :passive\n\n        param :wordlist, String, desc: 'Optional wordlist to use'\n\n        def process(value)\n          # ...\n          yield Host.new(discovered_host_name)\n          # ...\n        end\n\n      end\n    end\n  end\nend\n```\n\nManually running the recon engine:\n\n```ruby\nrequire 'ronin/recon/engine'\n\ndomain = Ronin::Recon::Values::Domain.new('github.com')\n\nRonin::Recon::Engine.run([domain], max_depth: 3) do |value,parent|\n  case value\n  when Ronin::Recon::Values::Domain\n    puts \"Found domain #{value} for #{parent}\"\n  when Ronin::Recon::Values::Nameserver\n    puts \"Found nameserver #{value} for #{parent}\"\n  when Ronin::Recon::Values::Mailserver\n    puts \"Found mailserver #{value} for #{parent}\"\n  when Ronin::Recon::Values::Host\n    puts \"Found host #{value} for #{parent}\"\n  when Ronin::Recon::Values::IP\n    puts \"Found IP address #{value} for #{parent}\"\n  end\nend\n```\n\n## Requirements\n\n* [Ruby] \u003e= 3.1.0\n* [nmap] \u003e= 5.00\n* [GraphViz][graphviz] (for SVG, PNG, or PDF output)\n* [thread-local] ~\u003e 1.0\n* [async-io] ~\u003e 1.0\n* [async-dns] ~\u003e 1.0\n* [async-http] ~\u003e 0.60\n* [wordlist] ~\u003e 1.0, \u003e= 1.0.3\n* [ronin-support] ~\u003e 1.1\n* [ronin-core] ~\u003e 0.2\n* [ronin-db] ~\u003e 0.2\n* [ronin-repos] ~\u003e 0.1\n* [ronin-nmap] ~\u003e 0.1\n* [ronin-web-spider] ~\u003e 0.2\n\n## Install\n\n```shell\n$ gem install ronin-recon\n```\n\n### Gemfile\n\n```ruby\ngem 'ronin-recon', '~\u003e 0.1'\n```\n\n### gemspec\n\n```ruby\ngem.add_dependency 'ronin-recon', '~\u003e 0.1'\n```\n\n## Post-Install\n\n### Running `nmap` / `masscan` without `sudo`\n\nYou can configure `nmap` and `masscan` to run without `sudo` by setting their\ncapabilities:\n\n```shell\nsudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)\nsudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which masscan)\n```\n\n## Development\n\n1. [Fork It!](https://github.com/ronin-rb/ronin-recon/fork)\n2. Clone It!\n3. `cd ronin-recon/`\n4. `./scripts/setup`\n5. `git checkout -b my_feature`\n6. Code It!\n7. `bundle exec rake spec`\n8. `git push origin my_feature`\n\n## License\n\nronin-recon - A micro-framework and tool for performing reconnaissance.\n\nCopyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)\n\nronin-recon is free software: you can redistribute it and/or modify\nit under the terms of the GNU Lesser General Public License as published\nby the Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nronin-recon is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU Lesser General Public License for more details.\n\nYou should have received a copy of the GNU Lesser General Public License\nalong with ronin-recon.  If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n\n[Ruby]: https://www.ruby-lang.org\n[graphviz]: https://graphviz.org/\n[nmap]: http://www.insecure.org/\n[thread-local]: https://github.com/socketry/thread-local#readme\n[async-io]: https://github.com/socketry/async-io#readme\n[async-dns]: https://github.com/socketry/async-dns#readme\n[async-http]: https://github.com/socketry/async-http#readme\n[wordlist]: https://github.com/postmodern/wordlist.rb#readme\n[ronin-support]: https://github.com/ronin-rb/ronin-support#readme\n[ronin-core]: https://github.com/ronin-rb/ronin-core#readme\n[ronin-db]: https://github.com/ronin-rb/ronin-db#readme\n[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme\n[ronin-masscan]: https://github.com/ronin-rb/ronin-masscan#readme\n[ronin-nmap]: https://github.com/ronin-rb/ronin-nmap#readme\n[ronin-web-spider]: https://github.com/ronin-rb/ronin-web-spider#readme\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fronin-rb%2Fronin-recon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fronin-rb%2Fronin-recon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fronin-rb%2Fronin-recon/lists"}