Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ronin-rb/ronin-app

A local web interface for Ronin.
https://github.com/ronin-rb/ronin-app

dry-schema dry-types dry-validation exploit-database hacktoberfest infosec local masscan network-scanning nmap payloads-database recon roninrb ruby security-tools spider webapp

Last synced: 3 months ago
JSON representation

A local web interface for Ronin.

Awesome Lists containing this project

README 

          
# ronin-app



* [Website](https://ronin-rb.dev)

* [Issues](https://github.com/ronin-rb/docker/issues)

* [DockerHub](https://hub.docker.com/r/roninrb/ronin)

* [Discord](https://discord.gg/6WAb3PsVX9) |

  [Mastodon](https://infosec.exchange/@ronin_rb)



ronin-app is a small web application that is meant to be ran locally by the

user. It provides a web interface to [ronin-support], [ronin-repos], [ronin-db],

[ronin-payloads], [ronin-exploits], as well as automating

[ronin-nmap], [ronin-masscan], [ronin-web-spider], [ronin-recon], and

[ronin-vulns].



## Features



* Provides a web interface to explore and search the [ronin database][ronin-db].

* Allows managing [ronin-repos] from the web interface.

* Allows listing and building the built-in or installed 3rd-party

  [payloads][ronin-payloads].

* Allows listing installed 3rd-party [exploits][ronin-exploits].

* Supports automating [nmap] and [masscan] scans and importing their results

  into the [ronin database][ronin-db].

* Supports automating [spidering websites][ronin-web-spider] and importing all

  visited URLs into the [ronin database][ronin-db].

* Supports performing recon using [ronin-recon] and importing all discovered

  hostnames, IPs, and URLs into [ronin database][ronin-db].

* Supports testing URLs for web vulnerabilities using [ronin-vulns].

* Small memory footprint (~184K).

* Fast (~1.251ms response time).



## Screenshots



  

    

      

        

      

      

        

      

      

        

      

      

        

      

      

        

      

      

        

      

      

        

      

    

    

      

        

      

      

        

      

      

        

      

      

        

      

      

        

      

      

        

      

      

        

      

    

  



## Synopsis



```

Usage: ronin-app [options]



Options:

    -V, --version                    Prints the version and exits

    -H, --host IP                    The host to listen on (Default: localhost)

    -p, --port PORT                  The port to listen on (Default: 1337)

        --db NAME                    The ronin-db database to connect to

        --db-uri URI                 The ronin-db database URI to connect to

    -h, --help                       Print help information



Starts the ronin web app

```



```shell

$ ronin-app

```



**Note:** the `ronin-app` command will automatically open a browser for

http://localhost:1337, if ran in a real terminal.



## Requirements



* [libsqlite3][sqlite]

* [redis-server][redis] >= 6.2

* [nmap]

* [masscan]

* [Ruby] >= 3.1.0



**Note:** both `nmap` and `masscan` require additional Linux capabilities in

order to be ran without `sudo` or `root` privileges.



```shell

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"

```



## Security



* This app is intended to be ran locally.

* All HTML output is escaped with `Rack::Utils.escape_html`.

* All HTTP params are validated using [dry-validation].



## Development



1. [Fork It!](https://github.com/ronin-rb/ronin/fork)

2. Clone It!

3. `cd ronin-app`

4. `./scripts/setup`

5. `git checkout -b my_feature`

6. Code It!

7. Test It - `bundle exec rake spec`

8. Try It - `./scripts/server` then visit http://localhost:1337/

9. Push It - `git push origin my_feature`



### docker-compose



You can also use [docker-compose] to build and run the app:



[docker-compose]: https://docs.docker.com/compose/install/



```shell

$ docker-compose build

$ docker-compose up

```



### Directory Structure



* `Gemfile` - defines all gem dependencies.

* `Procfile` - defines the various services of the app that will be started.

* `Procfile.dev` - defines the various services of the app that will be started

  in development mode.

* `config.ru` - The main entry point for `rackup`/`puma`.

* `config/` - Contains all app configuration files.

* `lib/ronin/app/helpers/` - Contains all Sinatra helper modules which define methods that

* `app.rb` - The main Rack app that contains HTTP routes.

* `app/` - Contains sub-App classes that contains grouped HTTP routes

* `workers.rb` - The main entry point for Sidekiq which loads all worker classes

  from `lib/workers/`.

* `workers/` - Contains all Sidekiq worker classes.

  can be called within the views.

* `lib/ronin/app/types.rb` - Defines custom [dry-types].

* `lib/ronin/app/types/` - Contains additional custom types.

* `lib/ronin/app/validations/` - Contains [dry-validation]s logic for validating

  submitted HTTP params.

* `views/` - Contains all ERB views that are rendered by `app.rb`.

* `views/layout.erb` - The main page layout view.

* `public/` - Contains all static assets (images, CSS stylesheets, and

  JavaScript).

* `scripts/` - Contains scripts for setting up or starting the app.



## License



Copyright (C) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)



ronin-app is free software: you can redistribute it and/or modify

it under the terms of the GNU Affero General Public License as published by

the Free Software Foundation, either version 3 of the License, or

(at your option) any later version.



ronin-app is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

GNU Affero General Public License for more details.



You should have received a copy of the GNU Affero General Public License

along with ronin-app.  If not, see .



[sqlite]: https://sqlite.org/

[redis]: https://redis.io/

[nmap]: https://nmap.org/

[masscan]: https://github.com/robertdavidgraham/masscan#readme



[Ruby]: https://www.ruby-lang.org/

[dry-types]: https://dry-rb.org/gems/dry-types/

[dry-schema]: https://dry-rb.org/gems/dry-schema/

[dry-validation]: https://dry-rb.org/gems/dry-validation/



[ronin-support]: https://github.com/ronin-rb/ronin-support#readme

[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme

[ronin-db]: https://github.com/ronin-rb/ronin-db#readme

[ronin-payloads]: https://github.com/ronin-rb/ronin-payloads#readme

[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme

[ronin-exploits]: https://github.com/ronin-rb/ronin-exploits#readme

[ronin-nmap]: https://github.com/ronin-rb/ronin-nmap#readme

[ronin-masscan]: https://github.com/ronin-rb/ronin-masscan#readme

[ronin-web-spider]: https://github.com/ronin-rb/ronin-web-spider#readme

[ronin-recon]: https://github.com/ronin-rb/ronin-recon#readme

[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme