ronin-app 0.1.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (163) hide show
  1. checksums.yaml +7 -0
  2. data/.dockerignore +3 -0
  3. data/.document +6 -0
  4. data/.env.dev +1 -0
  5. data/.github/workflows/ruby.yml +44 -0
  6. data/.gitignore +16 -0
  7. data/.rspec +1 -0
  8. data/.rubocop.yml +26 -0
  9. data/.ruby-version +1 -0
  10. data/.yardopts +1 -0
  11. data/CONTRIBUTING.md +34 -0
  12. data/COPYING.txt +661 -0
  13. data/ChangeLog.md +38 -0
  14. data/Dockerfile +27 -0
  15. data/Gemfile +61 -0
  16. data/Procfile +2 -0
  17. data/Procfile.dev +2 -0
  18. data/README.md +215 -0
  19. data/Rakefile +44 -0
  20. data/app/db.rb +680 -0
  21. data/app/scanning.rb +173 -0
  22. data/app.rb +372 -0
  23. data/bin/ronin-app +34 -0
  24. data/config/database.rb +17 -0
  25. data/config/puma.rb +24 -0
  26. data/config/redis.rb +4 -0
  27. data/config/sidekiq.rb +23 -0
  28. data/config/sidekiq.yml +12 -0
  29. data/config.ru +33 -0
  30. data/docker-compose.yml +45 -0
  31. data/etc/systemd/user/ronin-app-sidekiq.1.service +17 -0
  32. data/etc/systemd/user/ronin-app-web.1.service +18 -0
  33. data/etc/systemd/user/ronin-app.target +5 -0
  34. data/gemspec.yml +55 -0
  35. data/lib/middleware/sidekiq/active_record_connection_pool.rb +47 -0
  36. data/lib/ronin/app/cli.rb +197 -0
  37. data/lib/ronin/app/helpers/html.rb +71 -0
  38. data/lib/ronin/app/root.rb +28 -0
  39. data/lib/ronin/app/schemas/params_schema.rb +66 -0
  40. data/lib/ronin/app/schemas/payloads/build_schema.rb +56 -0
  41. data/lib/ronin/app/schemas/payloads/encoders/encode_schema.rb +60 -0
  42. data/lib/ronin/app/types/import.rb +35 -0
  43. data/lib/ronin/app/types/nmap.rb +81 -0
  44. data/lib/ronin/app/types/spider.rb +49 -0
  45. data/lib/ronin/app/types/vulns.rb +69 -0
  46. data/lib/ronin/app/types.rb +66 -0
  47. data/lib/ronin/app/validations/import_params.rb +71 -0
  48. data/lib/ronin/app/validations/install_repo_params.rb +78 -0
  49. data/lib/ronin/app/validations/masscan_params.rb +122 -0
  50. data/lib/ronin/app/validations/nmap_params.rb +183 -0
  51. data/lib/ronin/app/validations/recon_params.rb +86 -0
  52. data/lib/ronin/app/validations/spider_params.rb +103 -0
  53. data/lib/ronin/app/validations/vulns_params.rb +83 -0
  54. data/lib/ronin/app/version.rb +26 -0
  55. data/log/.gitkeep +0 -0
  56. data/man/ronin-app.1 +63 -0
  57. data/man/ronin-app.1.md +61 -0
  58. data/public/images/favicon.png +0 -0
  59. data/public/images/favicon.svg +78 -0
  60. data/public/images/logo.svg +78 -0
  61. data/public/images/sidekiq.svg +24 -0
  62. data/public/javascript/app.js +60 -0
  63. data/public/javascript/notes.js +28 -0
  64. data/public/javascript/tabs.js +40 -0
  65. data/public/stylesheets/app.css +216 -0
  66. data/public/stylesheets/bulma.min.css +1 -0
  67. data/ronin-app.gemspec +63 -0
  68. data/scripts/console +7 -0
  69. data/scripts/server +134 -0
  70. data/scripts/setup +447 -0
  71. data/scripts/update +55 -0
  72. data/tmp/.gitkeep +0 -0
  73. data/views/_authors.erb +62 -0
  74. data/views/_delete.erb +4 -0
  75. data/views/_delete_all.erb +4 -0
  76. data/views/_encoding_tabs.erb +25 -0
  77. data/views/_notes.erb +33 -0
  78. data/views/_pagination.erb +1 -0
  79. data/views/_param_fields.erb +66 -0
  80. data/views/_params.erb +35 -0
  81. data/views/about.erb +30 -0
  82. data/views/db/advisories/index.erb +30 -0
  83. data/views/db/advisories/show.erb +105 -0
  84. data/views/db/asns/index.erb +19 -0
  85. data/views/db/asns/show.erb +61 -0
  86. data/views/db/credentials/index.erb +30 -0
  87. data/views/db/credentials/show.erb +51 -0
  88. data/views/db/email_addresses/index.erb +30 -0
  89. data/views/db/email_addresses/show.erb +44 -0
  90. data/views/db/host_names/index.erb +30 -0
  91. data/views/db/host_names/show.erb +52 -0
  92. data/views/db/ip_addresses/index.erb +19 -0
  93. data/views/db/ip_addresses/show.erb +98 -0
  94. data/views/db/mac_addresses/index.erb +19 -0
  95. data/views/db/mac_addresses/show.erb +62 -0
  96. data/views/db/open_ports/index.erb +19 -0
  97. data/views/db/open_ports/show.erb +87 -0
  98. data/views/db/organizations/departments/show.erb +82 -0
  99. data/views/db/organizations/index.erb +28 -0
  100. data/views/db/organizations/members/show.erb +87 -0
  101. data/views/db/organizations/show.erb +111 -0
  102. data/views/db/oses/index.erb +19 -0
  103. data/views/db/oses/show.erb +46 -0
  104. data/views/db/passwords/index.erb +30 -0
  105. data/views/db/passwords/show.erb +52 -0
  106. data/views/db/people/index.erb +31 -0
  107. data/views/db/people/show.erb +120 -0
  108. data/views/db/phone_numbers/index.erb +30 -0
  109. data/views/db/phone_numbers/show.erb +63 -0
  110. data/views/db/ports/index.erb +30 -0
  111. data/views/db/ports/show.erb +70 -0
  112. data/views/db/services/index.erb +30 -0
  113. data/views/db/services/show.erb +65 -0
  114. data/views/db/software/index.erb +19 -0
  115. data/views/db/software/show.erb +52 -0
  116. data/views/db/software_vendors/index.erb +19 -0
  117. data/views/db/software_vendors/show.erb +36 -0
  118. data/views/db/street_addresses/index.erb +19 -0
  119. data/views/db/street_addresses/show.erb +63 -0
  120. data/views/db/url_query_param_names/index.erb +19 -0
  121. data/views/db/url_query_param_names/show.erb +50 -0
  122. data/views/db/url_schemes/index.erb +19 -0
  123. data/views/db/url_schemes/show.erb +36 -0
  124. data/views/db/urls/index.erb +30 -0
  125. data/views/db/urls/show.erb +103 -0
  126. data/views/db/user_names/index.erb +30 -0
  127. data/views/db/user_names/show.erb +48 -0
  128. data/views/db/vulns/index.erb +19 -0
  129. data/views/db/vulns/show.erb +104 -0
  130. data/views/db.erb +152 -0
  131. data/views/exploits/index.erb +9 -0
  132. data/views/exploits/show.erb +100 -0
  133. data/views/import.erb +30 -0
  134. data/views/index.erb +7 -0
  135. data/views/layout.erb +98 -0
  136. data/views/masscan.erb +459 -0
  137. data/views/nmap.erb +1009 -0
  138. data/views/payloads/build.erb +19 -0
  139. data/views/payloads/encoders/encode.erb +35 -0
  140. data/views/payloads/encoders/index.erb +9 -0
  141. data/views/payloads/encoders/show.erb +47 -0
  142. data/views/payloads/index.erb +9 -0
  143. data/views/payloads/show.erb +47 -0
  144. data/views/queue.erb +28 -0
  145. data/views/recon.erb +55 -0
  146. data/views/repos/index.erb +30 -0
  147. data/views/repos/install.erb +45 -0
  148. data/views/repos/show.erb +39 -0
  149. data/views/spider.erb +372 -0
  150. data/views/vulns.erb +214 -0
  151. data/workers/import.rb +96 -0
  152. data/workers/install_repo.rb +40 -0
  153. data/workers/masscan.rb +135 -0
  154. data/workers/nmap.rb +216 -0
  155. data/workers/purge_repos.rb +40 -0
  156. data/workers/recon.rb +95 -0
  157. data/workers/remove_repo.rb +40 -0
  158. data/workers/spider.rb +148 -0
  159. data/workers/update_repo.rb +42 -0
  160. data/workers/update_repos.rb +40 -0
  161. data/workers/vulns.rb +111 -0
  162. data/workers.rb +37 -0
  163. metadata +538 -0
@@ -0,0 +1,183 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-app - a local web app for Ronin.
4
+ #
5
+ # Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
6
+ #
7
+ # ronin-app is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Affero General Public License as published by
9
+ # the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-app is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Affero General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Affero General Public License
18
+ # along with ronin-app. If not, see <http://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'dry/validation'
22
+ require 'ronin/app/types'
23
+ require 'ronin/app/types/nmap'
24
+
25
+ require 'nmap/command'
26
+
27
+ module Ronin
28
+ module App
29
+ module Validations
30
+ #
31
+ # Validations for the form params submitted to `POST /nmap`.
32
+ #
33
+ class NmapParams < Dry::Validation::Contract
34
+
35
+ params do
36
+ required(:targets).filled(Types::Args).each(:filled?)
37
+ optional(:ports).maybe(Types::Nmap::PortRangeList)
38
+
39
+ # TARGET SPECIFICATIONS:
40
+ optional(:target_file).maybe(:string)
41
+ optional(:random_targets).maybe(:integer)
42
+ optional(:exclude).maybe(Types::List)
43
+ optional(:exclude_file).maybe(:string)
44
+
45
+ # HOST DISCOVERY:
46
+ optional(:ping).maybe(:bool)
47
+ optional(:skip_discovery).maybe(:bool)
48
+ optional(:syn_discovery).maybe(Types::Bool | Types::Nmap::PortRangeList)
49
+ optional(:ack_discovery).maybe(Types::Bool | Types::Nmap::PortRangeList)
50
+ optional(:udp_discovery).maybe(Types::Bool | Types::Nmap::PortRangeList)
51
+ optional(:sctp_init_ping).maybe(Types::Bool | Types::Nmap::PortRangeList)
52
+ optional(:icmp_echo_discovery).maybe(:bool)
53
+ optional(:icmp_timestamp_discovery).maybe(:bool)
54
+ optional(:icmp_netmask_discovery).maybe(:bool)
55
+ optional(:ip_ping).maybe(Types::Bool | Types::Nmap::ProtocolList)
56
+ optional(:arp_ping).maybe(:bool)
57
+ optional(:traceroute).maybe(:bool)
58
+ optional(:disable_dns).maybe(:bool)
59
+ optional(:enable_dns).maybe(:bool)
60
+ optional(:resolve_all).maybe(:bool)
61
+ optional(:unique).maybe(:bool)
62
+ optional(:dns_servers).maybe(Types::List)
63
+ optional(:system_dns).maybe(:bool)
64
+
65
+ # PORT SCANNING TECHNIQUES:
66
+ optional(:syn_scan).maybe(:bool)
67
+ optional(:connect_scan).maybe(:bool)
68
+ optional(:udp_scan).maybe(:bool)
69
+ optional(:sctp_init_scan).maybe(:bool)
70
+ optional(:null_scan).maybe(:bool)
71
+ optional(:fin_scan).maybe(:bool)
72
+ optional(:xmas_scan).maybe(:bool)
73
+ optional(:ack_scan).maybe(:bool)
74
+ optional(:window_scan).maybe(:bool)
75
+ optional(:maimon_scan).maybe(:bool)
76
+ optional(:scan_flags).maybe(Types::Nmap::ScanFlags)
77
+ optional(:sctp_cookie_echo_scan).maybe(:bool)
78
+ optional(:idle_scan).maybe(:string)
79
+ optional(:ip_scan).maybe(:bool)
80
+ optional(:ftp_bounce_scan).maybe(:string)
81
+
82
+ # PORT SPECIFICATION AND SCAN ORDER:
83
+ optional(:ports).maybe(Types::Nmap::PortRangeList)
84
+ optional(:exclude_ports).maybe(Types::Nmap::PortRangeList)
85
+ optional(:fast).maybe(:bool)
86
+ optional(:consecutively).maybe(:bool)
87
+ optional(:top_ports).maybe(:integer)
88
+ optional(:port_ratio).maybe(:float)
89
+
90
+ # SERVICE/VERSION DETECTION:
91
+ optional(:service_scan).maybe(:bool)
92
+ optional(:all_ports).maybe(:bool)
93
+ optional(:version_intensity).maybe(:integer)
94
+ optional(:version_light).maybe(:bool)
95
+ optional(:version_all).maybe(:bool)
96
+ optional(:version_trace).maybe(:bool)
97
+
98
+ # OS DETECTION:
99
+ optional(:os_fingerprint).maybe(:bool)
100
+ optional(:limit_os_scan).maybe(:bool)
101
+ optional(:max_os_scan).maybe(:bool)
102
+ optional(:max_os_tries).maybe(:bool)
103
+
104
+ # TIMING AND PERFORMANCE:
105
+ optional(:min_host_group).maybe(:integer)
106
+ optional(:max_host_group).maybe(:integer)
107
+ optional(:min_parallelism).maybe(:integer)
108
+ optional(:max_parallelism).maybe(:integer)
109
+ optional(:min_rtt_timeout).maybe(Types::Nmap::Time)
110
+ optional(:max_rtt_timeout).maybe(Types::Nmap::Time)
111
+ optional(:initial_rtt_timeout).maybe(Types::Nmap::Time)
112
+ optional(:max_retries).maybe(:integer)
113
+ optional(:host_timeout).maybe(Types::Nmap::Time)
114
+ optional(:script_timeout).maybe(Types::Nmap::Time)
115
+ optional(:scan_delay).maybe(Types::Nmap::Time)
116
+ optional(:max_scan_delay).maybe(Types::Nmap::Time)
117
+ optional(:min_rate).maybe(:integer)
118
+ optional(:max_rate).maybe(:integer)
119
+ optional(:defeat_rst_ratelimit).maybe(:bool)
120
+ optional(:defeat_icmp_ratelimit).maybe(:bool)
121
+ optional(:nsock_engine).maybe(Types::Nmap::NsockEngine)
122
+ optional(:timing_template).maybe(Types::Nmap::TimingTemplate)
123
+
124
+ # FIREWALL/IDS EVASION AND SPOOFING:
125
+ optional(:packet_fragments).maybe(:bool)
126
+ optional(:mtu).maybe(Types::Bool | Types::Integer)
127
+ optional(:decoys).maybe(Types::List)
128
+ optional(:spoof).maybe(:string)
129
+ optional(:interface).maybe(:string)
130
+ optional(:source_port).maybe(Types::Nmap::Port)
131
+ optional(:proxies).maybe(Types::List)
132
+ optional(:data).maybe(Types::Nmap::HexString)
133
+ optional(:data_string).maybe(:string)
134
+ optional(:data_length).maybe(:integer)
135
+ optional(:ip_options).maybe(:string)
136
+ optional(:ttl).maybe(:integer)
137
+ optional(:randomize_hosts).maybe(:bool)
138
+ optional(:spoof_mac).maybe(:string)
139
+ optional(:bad_checksum).maybe(:bool)
140
+ optional(:sctp_adler32).maybe(:bool)
141
+
142
+ # MISC:
143
+ optional(:ipv6).maybe(:bool)
144
+ optional(:all).maybe(:bool)
145
+ optional(:nmap_datadir).maybe(:string)
146
+ optional(:servicedb).maybe(:string)
147
+ optional(:versiondb).maybe(:string)
148
+ optional(:send_eth).maybe(:bool)
149
+ optional(:send_ip).maybe(:bool)
150
+ optional(:privileged).maybe(:bool)
151
+ optional(:unprivileged).maybe(:bool)
152
+ optional(:release_memory).maybe(:bool)
153
+ end
154
+
155
+ rule(:port_ratio) do
156
+ if (value && !(value >= 0.0 && value <= 1.0))
157
+ key.failure('value must be between 0.0 and 1.0')
158
+ end
159
+ end
160
+
161
+ rule(:version_intensity) do
162
+ if (value && !(value >= 0 && value <= 9))
163
+ key.failure('value must be between 0 and 9')
164
+ end
165
+ end
166
+
167
+ #
168
+ # Initializes and calls the validation contract.
169
+ #
170
+ # @param [Hash{String => Object}] params
171
+ # The HTTP params to validate.
172
+ #
173
+ # @return [Dry::Validation::Result]
174
+ # The validation result.
175
+ #
176
+ def self.call(params)
177
+ new.call(params)
178
+ end
179
+
180
+ end
181
+ end
182
+ end
183
+ end
@@ -0,0 +1,86 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-app - a local web app for Ronin.
4
+ #
5
+ # Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
6
+ #
7
+ # ronin-app is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Affero General Public License as published by
9
+ # the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-app is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Affero General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Affero General Public License
18
+ # along with ronin-app. If not, see <http://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'dry/validation'
22
+ require 'ronin/app/types'
23
+
24
+ require 'ronin/recon/value/parser'
25
+
26
+ module Ronin
27
+ module App
28
+ module Validations
29
+ #
30
+ # Validations for the form params submitted to `POST /recon`.
31
+ #
32
+ class ReconParams < Dry::Validation::Contract
33
+
34
+ include Ronin::Recon::Value::Parser
35
+
36
+ # Regex to match a value string.
37
+ VALUE_REGEX = /#{IP_RANGE_REGEX}|#{IP_REGEX}|#{WEBSITE_REGEX}|#{WILDCARD_REGEX}|#{HOSTNAME_REGEX}|#{DOMAIN_REGEX}/
38
+
39
+ params do
40
+ required(:scope).filled(Types::Args).each(:filled?)
41
+
42
+ optional(:ignore).maybe(Types::Args)
43
+ optional(:max_depth).maybe(:integer)
44
+ end
45
+
46
+ rule(:scope) do
47
+ bad_values = value.grep_v(VALUE_REGEX)
48
+
49
+ unless bad_values.empty?
50
+ key.failure("value must be an IP address, CIDR IP range, domain, sub-domain, wildcard hostname, or website base URL: #{bad_values.join(', ')}")
51
+ end
52
+ end
53
+
54
+ rule(:ignore) do
55
+ if value
56
+ bad_values = value.grep_v(VALUE_REGEX)
57
+
58
+ unless bad_values.empty?
59
+ key.failure("ignore value must be an IP address, CIDR IP range, domain, sub-domain, wildcard hostname, or website base URL: #{bad_values.join(', ')}")
60
+ end
61
+ end
62
+ end
63
+
64
+ rule(:max_depth) do
65
+ if value && value < 2
66
+ key.failure("max_depth must be greater than 1")
67
+ end
68
+ end
69
+
70
+ #
71
+ # Initializes and calls the validation contract.
72
+ #
73
+ # @param [Hash{String => Object}] params
74
+ # The HTTP params to validate.
75
+ #
76
+ # @return [Dry::Validation::Result]
77
+ # The validation result.
78
+ #
79
+ def self.call(params)
80
+ new.call(params)
81
+ end
82
+
83
+ end
84
+ end
85
+ end
86
+ end
@@ -0,0 +1,103 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-app - a local web app for Ronin.
4
+ #
5
+ # Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
6
+ #
7
+ # ronin-app is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Affero General Public License as published by
9
+ # the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-app is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Affero General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Affero General Public License
18
+ # along with ronin-app. If not, see <http://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'dry/validation'
22
+ require 'ronin/app/types/spider'
23
+
24
+ module Ronin
25
+ module App
26
+ module Validations
27
+ #
28
+ # Validations for form params submitted to `POST /web/spider`.
29
+ #
30
+ class SpiderParams < Dry::Validation::Contract
31
+
32
+ # Regular expression to loosely validate any hostname (local or DNS).
33
+ HOST_NAME_REGEX = /\A[A-Za-z0-9\._-]+\z/
34
+
35
+ params do
36
+ required(:type).filled(Types::Spider::TargetType)
37
+ required(:target).filled(:string)
38
+
39
+ optional(:host_header).maybe(:string)
40
+ # optional(:host_headers)
41
+ # optional(:default_headers)
42
+ optional(:user_agent).maybe(:string)
43
+ optional(:referer).maybe(:string)
44
+ optional(:open_timeout).maybe(:integer)
45
+ optional(:read_timeout).maybe(:integer)
46
+ optional(:ssl_timeout).maybe(:integer)
47
+ optional(:continue_timeout).maybe(:integer)
48
+ optional(:keep_alive_timeout).maybe(:integer)
49
+ optional(:proxy).maybe(:string)
50
+ optional(:delay).maybe(:integer)
51
+ optional(:limit).maybe(:integer)
52
+ optional(:max_depth).maybe(:integer)
53
+ optional(:strip_fragments).maybe(:bool)
54
+ optional(:strip_query).maybe(:bool)
55
+ optional(:hosts).maybe(Types::Spider::HostList)
56
+ optional(:ignore_hosts).maybe(Types::Spider::HostList)
57
+ optional(:ports).maybe(Types::Spider::PortList)
58
+ optional(:ignore_ports).maybe(Types::Spider::PortList)
59
+ optional(:urls).maybe(Types::Spider::URLList)
60
+ optional(:ignore_urls).maybe(Types::Spider::URLList)
61
+ optional(:exts).maybe(Types::Spider::ExtList)
62
+ optional(:ignore_exts).maybe(Types::Spider::ExtList)
63
+ optional(:robots).maybe(:bool)
64
+
65
+ before(:value_coercer) do |result|
66
+ result.to_h.reject { |key,value| value.empty? }
67
+ end
68
+ end
69
+
70
+ rule(:target) do
71
+ case values[:type]
72
+ when 'host'
73
+ unless values[:target] =~ HOST_NAME_REGEX
74
+ key.failure('host must be a valid host name')
75
+ end
76
+ when 'domain'
77
+ unless values[:target] =~ HOST_NAME_REGEX
78
+ key.failure('domain must be a valid host name')
79
+ end
80
+ when 'site'
81
+ unless values[:target] =~ %r{\Ahttp(?:s)?://.+\z}
82
+ key.failure('site must be a valid http:// or https:// URI')
83
+ end
84
+ end
85
+ end
86
+
87
+ #
88
+ # Initializes and calls the validation contract.
89
+ #
90
+ # @param [Hash{String => Object}] params
91
+ # The HTTP params to validate.
92
+ #
93
+ # @return [Dry::Validation::Result]
94
+ # The validation result.
95
+ #
96
+ def self.call(params)
97
+ new.call(params)
98
+ end
99
+
100
+ end
101
+ end
102
+ end
103
+ end
@@ -0,0 +1,83 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-app - a local web app for Ronin.
4
+ #
5
+ # Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
6
+ #
7
+ # ronin-app is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Affero General Public License as published by
9
+ # the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-app is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Affero General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Affero General Public License
18
+ # along with ronin-app. If not, see <http://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ require 'dry/validation'
22
+ require 'ronin/app/types/vulns'
23
+
24
+ module Ronin
25
+ module App
26
+ module Validations
27
+ #
28
+ # Validations for form params submitted to `POST /vulns`.
29
+ #
30
+ class VulnsParams < Dry::Validation::Contract
31
+
32
+ params do
33
+ required(:url).filled(:string)
34
+
35
+ optional(:lfi).hash do
36
+ optional(:os).maybe(Types::Vulns::LFI::OSType)
37
+ optional(:depth).maybe(:integer)
38
+ optional(:filter_bypass).maybe(Types::Vulns::LFI::FilterBypassType)
39
+ end
40
+
41
+ optional(:rfi).hash do
42
+ optional(:filter_bypass).maybe(Types::Vulns::RFI::FilterBypassType)
43
+ optional(:test_script_url).maybe(:string)
44
+ end
45
+
46
+ optional(:sqli).hash do
47
+ optional(:escape_quote).maybe(:bool)
48
+ optional(:escape_parens).maybe(:bool)
49
+ optional(:terminate).maybe(:bool)
50
+ end
51
+
52
+ optional(:ssti).hash do
53
+ optional(:escape).maybe(Types::Vulns::SSTI::EscapeType)
54
+ end
55
+
56
+ optional(:command_injection).hash do
57
+ optional(:escape_quote).maybe(:string)
58
+ optional(:escape_operator).maybe(:string)
59
+ optional(:terminate).maybe(:string)
60
+ end
61
+
62
+ optional(:open_redirect).hash do
63
+ optional(:test_url).maybe(:string)
64
+ end
65
+ end
66
+
67
+ #
68
+ # Initializes and calls the validation contract.
69
+ #
70
+ # @param [Hash{String => Object}] params
71
+ # The HTTP params to validate.
72
+ #
73
+ # @return [Dry::Validation::Result]
74
+ # The validation result.
75
+ #
76
+ def self.call(params)
77
+ new.call(params)
78
+ end
79
+
80
+ end
81
+ end
82
+ end
83
+ end
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+ #
3
+ # ronin-app - a local web app for Ronin.
4
+ #
5
+ # Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
6
+ #
7
+ # ronin-app is free software: you can redistribute it and/or modify
8
+ # it under the terms of the GNU Affero General Public License as published by
9
+ # the Free Software Foundation, either version 3 of the License, or
10
+ # (at your option) any later version.
11
+ #
12
+ # ronin-app is distributed in the hope that it will be useful,
13
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
14
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
+ # GNU Affero General Public License for more details.
16
+ #
17
+ # You should have received a copy of the GNU Affero General Public License
18
+ # along with ronin-app. If not, see <http://www.gnu.org/licenses/>.
19
+ #
20
+
21
+ module Ronin
22
+ module App
23
+ # The ronin-app version
24
+ VERSION = '0.1.0.rc1'
25
+ end
26
+ end
data/log/.gitkeep ADDED
File without changes
data/man/ronin-app.1 ADDED
@@ -0,0 +1,63 @@
1
+ .\" Generated by kramdown-man 1.0.1
2
+ .\" https://github.com/postmodern/kramdown-man#readme
3
+ .TH ronin-app 1 "2023-08-30" Ronin App "User Manuals"
4
+ .SH NAME
5
+ .PP
6
+ ronin\-app \- A local web interface for Ronin
7
+ .SH SYNOPSIS
8
+ .PP
9
+ \fBronin\-app\fR \[lB]\fIoptions\fP\[rB] \[lB]\fICOMMAND\fP\[rB]
10
+ .SH DESCRIPTION
11
+ .PP
12
+ Starts the local Ronin web application\.
13
+ .SH OPTIONS
14
+ .TP
15
+ \fB\-H\fR, \fB\-\-host\fR \fIIP\fP
16
+ The IP address to listen on\. Defaults to \fBlocalhost\fR if not specified\.
17
+ .TP
18
+ \fB\-p\fR, \fB\-\-port\fR \fIPORT\fP
19
+ The port to listen on\. Defaults to \fB1337\fR if not specified\.
20
+ .TP
21
+ \fB\-\-db\fR \fINAME\fP
22
+ Specifies the \fBronin\-db\fR database name for the app to connect to\.
23
+ .TP
24
+ \fB\-\-db\-uri\fR \fIURI\fP
25
+ Specifies a database URI for the app to connect to\.
26
+ .RS
27
+ .RS
28
+ .IP \(bu 2
29
+ \fBsqlite3\fP: \fBsqlite3:relative\[sl]path\.db\fR or \fBsqlite3:\[sl]\[sl]\[sl]absolute\[sl]path\.db\fR
30
+ .IP \(bu 2
31
+ \fBmysql\fP: \fBmysql:\[sl]\[sl]user:password\[at]host\[sl]database\fR
32
+ .IP \(bu 2
33
+ \fBpostgres\fP: \fBpostgres:\[sl]\[sl]user:password\[at]host\[sl]database\fR
34
+ .RE
35
+ .RE
36
+ .TP
37
+ \fB\-V\fR, \fB\-\-version\fR
38
+ Prints the \fBronin\-app\fR version\.
39
+ .TP
40
+ \fB\-h\fR, \fB\-\-help\fR
41
+ Prints help information\.
42
+ .SH ENVIRONMENT
43
+ .TP
44
+ \fIHOME\fP
45
+ Alternate location for the user\[cq]s home directory\.
46
+ .TP
47
+ \fIXDG\[ru]CONFIG\[ru]HOME\fP
48
+ Alternate location for the \fB\[ti]\[sl]\.config\fR directory\.
49
+ .TP
50
+ \fIXDG\[ru]DATA\[ru]HOME\fP
51
+ Alternate location for the \fB\[ti]\[sl]\.local\[sl]share\fR directory\.
52
+ .SH FILES
53
+ .TP
54
+ \fB\[ti]\[sl]\.local\[sl]share\[sl]ronin\-db\[sl]database\.sqlite3\fR
55
+ The default sqlite3 database file\.
56
+ .TP
57
+ \fB\[ti]\[sl]\.config\[sl]ronin\-db\[sl]database\.yml\fR
58
+ Optional database configuration\.
59
+ .SH AUTHOR
60
+ .PP
61
+ Postmodern
62
+ .MT postmodern\.mod3\[at]gmail\.com
63
+ .ME
@@ -0,0 +1,61 @@
1
+ # ronin-app 1 "2023-08-30" Ronin App "User Manuals"
2
+
3
+ ## NAME
4
+
5
+ ronin-app - A local web interface for Ronin
6
+
7
+ ## SYNOPSIS
8
+
9
+ `ronin-app` [*options*] [*COMMAND*]
10
+
11
+ ## DESCRIPTION
12
+
13
+ Starts the local Ronin web application.
14
+
15
+ ## OPTIONS
16
+
17
+ `-H`, `--host` *IP*
18
+ : The IP address to listen on. Defaults to `localhost` if not specified.
19
+
20
+ `-p`, `--port` *PORT*
21
+ : The port to listen on. Defaults to `1337` if not specified.
22
+
23
+ `--db` *NAME*
24
+ : Specifies the `ronin-db` database name for the app to connect to.
25
+
26
+ `--db-uri` *URI*
27
+ : Specifies a database URI for the app to connect to.
28
+
29
+ * **sqlite3**: `sqlite3:relative/path.db` or `sqlite3:///absolute/path.db`
30
+ * **mysql**: `mysql://user:password@host/database`
31
+ * **postgres**: `postgres://user:password@host/database`
32
+
33
+ `-V`, `--version`
34
+ : Prints the `ronin-app` version.
35
+
36
+ `-h`, `--help`
37
+ : Prints help information.
38
+
39
+ ## ENVIRONMENT
40
+
41
+ *HOME*
42
+ : Alternate location for the user's home directory.
43
+
44
+ *XDG_CONFIG_HOME*
45
+ : Alternate location for the `~/.config` directory.
46
+
47
+ *XDG_DATA_HOME*
48
+ : Alternate location for the `~/.local/share` directory.
49
+
50
+ ## FILES
51
+
52
+ `~/.local/share/ronin-db/database.sqlite3`
53
+ : The default sqlite3 database file.
54
+
55
+ `~/.config/ronin-db/database.yml`
56
+ : Optional database configuration.
57
+
58
+ ## AUTHOR
59
+
60
+ Postmodern <postmodern.mod3@gmail.com>
61
+
Binary file
@@ -0,0 +1,78 @@
1
+ <?xml version="1.0" encoding="UTF-8" standalone="no"?>
2
+ <!-- Created with Inkscape (http://www.inkscape.org/) -->
3
+
4
+ <svg
5
+ width="32"
6
+ height="32"
7
+ viewBox="0 0 8.4666662 8.4666662"
8
+ version="1.1"
9
+ id="svg324"
10
+ xmlns="http://www.w3.org/2000/svg"
11
+ xmlns:svg="http://www.w3.org/2000/svg"
12
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
13
+ xmlns:cc="http://creativecommons.org/ns#"
14
+ xmlns:dc="http://purl.org/dc/elements/1.1/">
15
+ <title
16
+ id="title447">Ronin</title>
17
+ <style>
18
+ path { fill: #000000; }
19
+ @media (prefers-color-scheme: dark) {
20
+ path { fill: #ffffff; }
21
+ }
22
+ </style>
23
+ <defs
24
+ id="defs321" />
25
+ <g
26
+ id="layer1">
27
+ <g
28
+ id="g6932"
29
+ transform="matrix(0.0208635,0,0,0.0208635,-2.4801773,-3.1118599)"
30
+ style="display:inline">
31
+ <g
32
+ id="g350">
33
+ <path
34
+ style="font-variation-settings:'wght' 700;display:inline;fill:none;stroke:#000000;stroke-width:3;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:7;stroke-dasharray:none;stroke-opacity:0.991918"
35
+ d="M 10.556199,32.237999 35.277035,27.91055 72.742093,32.490384 66.652961,55.405256 45.288701,61.015098 62.972493,89.246954 35.726284,66.293348 10.397131,101.36149 32.991476,34.955974 Z"
36
+ id="path904"
37
+ class="UnoptimicedTransforms"
38
+ transform="matrix(4.8235651,0,0,4.8235651,141.024,21.83731)" />
39
+ <path
40
+ style="font-variation-settings:'wght' 700;display:inline;fill:none;stroke:#ffffff;stroke-width:14.4707;stroke-linecap:square;stroke-miterlimit:7;stroke-dasharray:none;stroke-opacity:0.991918"
41
+ d="m 342.21527,195.81028 103.34653,12.69086 -14.06653,51.18699 -119.65288,25.46828 z"
42
+ id="path1799" />
43
+ <path
44
+ style="font-variation-settings:'wght' 700;fill:#000000;stroke:#000000;stroke-width:15.8166;stroke-linecap:square;stroke-miterlimit:7.5;stroke-opacity:0.991918"
45
+ d="m 311.14109,159.64411 c -20.21344,4.23648 -41.28571,5.48348 -60.90879,12.03137 -6.32158,3.74656 0.0386,10.9274 5.6154,9.96607 16.13661,2.5686 32.40244,4.20214 48.6157,6.19567 -30.90135,89.9687 -61.49081,180.04724 -91.66838,270.2606 -1.46878,6.80489 8.4863,8.002 10.3885,1.87713 30.44717,-40.08696 59.20005,-81.51916 89.06101,-121.95603 33.50724,24.95491 63.86279,53.93701 97.17414,79.14896 6.64432,2.19405 6.72304,-6.25505 3.04054,-9.50025 -18.55988,-31.49151 -38.53903,-62.11618 -57.41306,-93.41711 34.38372,-9.34933 68.99526,-17.88434 103.27156,-27.6099 6.14812,-7.55269 5.69051,-18.86028 9.24056,-27.83752 6.31539,-24.65117 13.25336,-49.19081 18.77258,-74.02001 -2.92843,-7.20626 -13.42398,-3.74059 -19.58309,-6.03564 -51.84339,-6.53554 -103.71905,-13.08667 -155.60667,-19.10334 z m 29.28551,33.71021 c 36.31995,3.48281 72.47493,7.76831 108.59243,12.76147 -4.56709,18.76009 -9.57555,37.22359 -15.51316,55.49496 -41.84395,10.46883 -84.24342,18.37316 -126.37794,27.70801 11.14562,-31.90735 21.37954,-64.58812 33.29867,-95.96444 z"
46
+ id="path6851" />
47
+ </g>
48
+ </g>
49
+ </g>
50
+ <metadata
51
+ id="metadata445">
52
+ <rdf:RDF>
53
+ <cc:Work
54
+ rdf:about="">
55
+ <dc:title>Ronin</dc:title>
56
+ <dc:date>2023-01-31</dc:date>
57
+ <dc:creator>
58
+ <cc:Agent>
59
+ <dc:title>Hal Brodigan</dc:title>
60
+ </cc:Agent>
61
+ </dc:creator>
62
+ <cc:license
63
+ rdf:resource="http://creativecommons.org/licenses/by-nd/4.0/" />
64
+ </cc:Work>
65
+ <cc:License
66
+ rdf:about="http://creativecommons.org/licenses/by-nd/4.0/">
67
+ <cc:permits
68
+ rdf:resource="http://creativecommons.org/ns#Reproduction" />
69
+ <cc:permits
70
+ rdf:resource="http://creativecommons.org/ns#Distribution" />
71
+ <cc:requires
72
+ rdf:resource="http://creativecommons.org/ns#Notice" />
73
+ <cc:requires
74
+ rdf:resource="http://creativecommons.org/ns#Attribution" />
75
+ </cc:License>
76
+ </rdf:RDF>
77
+ </metadata>
78
+ </svg>