|Ronin 2.0 – Open Source Ruby Toolkit For Security|
|Written by Nikos Vaggalis|
|Thursday, 23 February 2023|
Considered as a simpler and more modular version of Metasploit, version 2 of Ronin has been finally released after nearly a full year of non-stop development. So why Ronin?
First of all, let's give credit to Ruby; it powers both Ronin and Metasploit and is the goto toolkit for all things security, hacking and penetration testing.
Now, Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as:
and much more. . .
As far as the encoding, encrypting and converting data formats for use in popular scenarios like:
You could get away with just CyberChef from GCHQ - yes, a government intelligence agency, as described in "CyberChef - The Developer's Ultimate Toolbox", but if you want to go beyond that and expand into serious pentesting you should get your hands on a framework like Ronin.
Note that for another popular language like Python, there's no complete equivalent to Ronin, the Python landscape being fragmented into separate libraries, each of which provide Ronin-like functionality.
To sum up Ronin is:
Ronin is also modular having split functionality into APIs and distinct modules:
Ronin is fully scriptable as it is made up of different Ruby libraries and powerful APIs that you can use in Ruby scripts.There are also two more ways that you can use Ronin: through the CLI command 'ronin' and the more involved, but more powerful, Ruby Console.
Use of 'ronin' command :
Base64 encode a string:
Zlib compresses, Base64 encodes, and then URI encode a string:
De-obfuscate an email address:
AES-256 encrypt a file:
Generates an HMAC for a string:
Query the ASN of an IP address:
Dump information about a SSL/TLS certificate:
Send an HTTP request with additional headers:
The Ruby Console is a customized Interactive Ruby Shell (IRB) with tab-completion and auto-indentation enabled. The Console provides us with the full power of the Ruby language and the convenience of Ronin, all in a handy console. From this Console you can perform research, scan for vulnerabilities and even exploit vulnerable targets. To use it you are required to have a basic understanding of Ruby the language as it involves:
Packing an Integer:
Base64 decode a String:
Return the SHA512 checksum of a String:
Creating a TCP Socket for a specified host and port:
Creating a TCP session which will be automatically closed:
To install Ronin and its supporting libraries, simply run :
To start a Ruby Console with ronin preloaded, run the ronin irb command:
And of course I haven't touched the advanced functionality of blind vulnerability testing, writing and running exploits, generating, mutating, and fuzzing data, all accessible from their own APIs and commands : ronin-vulns, ronin-exploits and ronin-fuzzer.
So whether a CTF player, a Bug bounty hunter, a Security Researcher, a Security Engineer, a Developer or just a Student, Ronin has got you covered!
or email your comment to: email@example.com
|Last Updated ( Thursday, 23 February 2023 )|