ronin-recon 0.1.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +4 -0
- data/.github/workflows/ruby.yml +46 -0
- data/.gitignore +20 -0
- data/.rspec +1 -0
- data/.rubocop.yml +44 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +36 -0
- data/Gemfile +62 -0
- data/README.md +391 -0
- data/Rakefile +74 -0
- data/bin/ronin-recon +16 -0
- data/data/completions/ronin-recon +95 -0
- data/data/templates/worker.rb.erb +67 -0
- data/data/wordlists/raft-small-directories.txt.gz +0 -0
- data/data/wordlists/subdomains-1000.txt.gz +0 -0
- data/examples/recon.rb +24 -0
- data/gemspec.yml +57 -0
- data/lib/ronin/recon/builtin/dns/lookup.rb +65 -0
- data/lib/ronin/recon/builtin/dns/mailservers.rb +64 -0
- data/lib/ronin/recon/builtin/dns/nameservers.rb +61 -0
- data/lib/ronin/recon/builtin/dns/reverse_lookup.rb +63 -0
- data/lib/ronin/recon/builtin/dns/srv_enum.rb +178 -0
- data/lib/ronin/recon/builtin/dns/subdomain_enum.rb +105 -0
- data/lib/ronin/recon/builtin/dns/suffix_enum.rb +168 -0
- data/lib/ronin/recon/builtin/net/ip_range_enum.rb +65 -0
- data/lib/ronin/recon/builtin/net/port_scan.rb +84 -0
- data/lib/ronin/recon/builtin/net/service_id.rb +75 -0
- data/lib/ronin/recon/builtin/ssl/cert_enum.rb +109 -0
- data/lib/ronin/recon/builtin/ssl/cert_grab.rb +76 -0
- data/lib/ronin/recon/builtin/ssl/cert_sh.rb +77 -0
- data/lib/ronin/recon/builtin/web/dir_enum.rb +121 -0
- data/lib/ronin/recon/builtin/web/email_addresses.rb +70 -0
- data/lib/ronin/recon/builtin/web/spider.rb +93 -0
- data/lib/ronin/recon/builtin.rb +34 -0
- data/lib/ronin/recon/cli/command.rb +40 -0
- data/lib/ronin/recon/cli/commands/completion.rb +61 -0
- data/lib/ronin/recon/cli/commands/irb.rb +57 -0
- data/lib/ronin/recon/cli/commands/new.rb +203 -0
- data/lib/ronin/recon/cli/commands/run.rb +420 -0
- data/lib/ronin/recon/cli/commands/test.rb +99 -0
- data/lib/ronin/recon/cli/commands/worker.rb +114 -0
- data/lib/ronin/recon/cli/commands/workers.rb +80 -0
- data/lib/ronin/recon/cli/debug_option.rb +45 -0
- data/lib/ronin/recon/cli/printing.rb +122 -0
- data/lib/ronin/recon/cli/ruby_shell.rb +51 -0
- data/lib/ronin/recon/cli/worker_command.rb +105 -0
- data/lib/ronin/recon/cli.rb +50 -0
- data/lib/ronin/recon/config.rb +371 -0
- data/lib/ronin/recon/dns_worker.rb +41 -0
- data/lib/ronin/recon/engine.rb +639 -0
- data/lib/ronin/recon/exceptions.rb +45 -0
- data/lib/ronin/recon/graph.rb +127 -0
- data/lib/ronin/recon/importer.rb +224 -0
- data/lib/ronin/recon/input_file.rb +81 -0
- data/lib/ronin/recon/message/job_completed.rb +60 -0
- data/lib/ronin/recon/message/job_failed.rb +69 -0
- data/lib/ronin/recon/message/job_started.rb +60 -0
- data/lib/ronin/recon/message/shutdown.rb +38 -0
- data/lib/ronin/recon/message/value.rb +76 -0
- data/lib/ronin/recon/message/worker_started.rb +51 -0
- data/lib/ronin/recon/message/worker_stopped.rb +51 -0
- data/lib/ronin/recon/mixins/dns.rb +639 -0
- data/lib/ronin/recon/mixins/http.rb +58 -0
- data/lib/ronin/recon/mixins.rb +21 -0
- data/lib/ronin/recon/output_formats/dir.rb +94 -0
- data/lib/ronin/recon/output_formats/dot.rb +155 -0
- data/lib/ronin/recon/output_formats/graph_format.rb +48 -0
- data/lib/ronin/recon/output_formats/graphviz_format.rb +115 -0
- data/lib/ronin/recon/output_formats/pdf.rb +43 -0
- data/lib/ronin/recon/output_formats/png.rb +43 -0
- data/lib/ronin/recon/output_formats/svg.rb +43 -0
- data/lib/ronin/recon/output_formats.rb +48 -0
- data/lib/ronin/recon/registry.rb +35 -0
- data/lib/ronin/recon/root.rb +33 -0
- data/lib/ronin/recon/scope.rb +112 -0
- data/lib/ronin/recon/value/parser.rb +113 -0
- data/lib/ronin/recon/value.rb +110 -0
- data/lib/ronin/recon/value_status.rb +87 -0
- data/lib/ronin/recon/values/cert.rb +168 -0
- data/lib/ronin/recon/values/domain.rb +88 -0
- data/lib/ronin/recon/values/email_address.rb +114 -0
- data/lib/ronin/recon/values/host.rb +137 -0
- data/lib/ronin/recon/values/ip.rb +123 -0
- data/lib/ronin/recon/values/ip_range.rb +155 -0
- data/lib/ronin/recon/values/mailserver.rb +61 -0
- data/lib/ronin/recon/values/nameserver.rb +61 -0
- data/lib/ronin/recon/values/open_port.rb +190 -0
- data/lib/ronin/recon/values/url.rb +218 -0
- data/lib/ronin/recon/values/website.rb +200 -0
- data/lib/ronin/recon/values/wildcard.rb +140 -0
- data/lib/ronin/recon/values.rb +32 -0
- data/lib/ronin/recon/version.rb +26 -0
- data/lib/ronin/recon/web_worker.rb +35 -0
- data/lib/ronin/recon/worker.rb +433 -0
- data/lib/ronin/recon/worker_pool.rb +203 -0
- data/lib/ronin/recon/workers.rb +260 -0
- data/lib/ronin/recon.rb +22 -0
- data/man/ronin-recon-completion.1 +76 -0
- data/man/ronin-recon-completion.1.md +78 -0
- data/man/ronin-recon-irb.1 +27 -0
- data/man/ronin-recon-irb.1.md +26 -0
- data/man/ronin-recon-new.1 +58 -0
- data/man/ronin-recon-new.1.md +59 -0
- data/man/ronin-recon-run.1 +137 -0
- data/man/ronin-recon-run.1.md +115 -0
- data/man/ronin-recon-test.1 +53 -0
- data/man/ronin-recon-test.1.md +55 -0
- data/man/ronin-recon-worker.1 +32 -0
- data/man/ronin-recon-worker.1.md +34 -0
- data/man/ronin-recon-workers.1 +29 -0
- data/man/ronin-recon-workers.1.md +31 -0
- data/man/ronin-recon.1 +57 -0
- data/man/ronin-recon.1.md +57 -0
- data/ronin-recon.gemspec +62 -0
- data/scripts/setup +58 -0
- metadata +364 -0
@@ -0,0 +1,140 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/value'
|
22
|
+
require 'ronin/recon/values/domain'
|
23
|
+
require 'ronin/recon/values/host'
|
24
|
+
require 'ronin/recon/values/url'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Recon
|
28
|
+
module Values
|
29
|
+
#
|
30
|
+
# Represents a wildcard host-name (ex: `*.example.com`).
|
31
|
+
#
|
32
|
+
# @api public
|
33
|
+
#
|
34
|
+
class Wildcard < Value
|
35
|
+
|
36
|
+
# The wildcard host name.
|
37
|
+
#
|
38
|
+
# @return [String]
|
39
|
+
attr_reader :template
|
40
|
+
|
41
|
+
#
|
42
|
+
# Initializes the wildcard host object.
|
43
|
+
#
|
44
|
+
# @param [String] template
|
45
|
+
#
|
46
|
+
def initialize(template)
|
47
|
+
@template = template
|
48
|
+
|
49
|
+
@prefix, @suffix = template.split('*',2)
|
50
|
+
end
|
51
|
+
|
52
|
+
#
|
53
|
+
# Compares the value to another value.
|
54
|
+
#
|
55
|
+
# @param [Values::Value] other
|
56
|
+
#
|
57
|
+
# @return [Boolean]
|
58
|
+
#
|
59
|
+
def eql?(other)
|
60
|
+
other.kind_of?(self.class) && @template == other.template
|
61
|
+
end
|
62
|
+
|
63
|
+
#
|
64
|
+
# Case equality method used for fuzzy matching.
|
65
|
+
#
|
66
|
+
# @param [Wildcard, Domain, Host, Value] other
|
67
|
+
# The other value to compare.
|
68
|
+
#
|
69
|
+
# @return [Boolean]
|
70
|
+
# Imdicates whether the other value is either a {Domain} and has the
|
71
|
+
# same domain name, or a {Host} and shares the same domain name.
|
72
|
+
#
|
73
|
+
def ===(other)
|
74
|
+
case other
|
75
|
+
when Wildcard
|
76
|
+
eql?(other)
|
77
|
+
when Domain, Host
|
78
|
+
name = other.name
|
79
|
+
|
80
|
+
name.start_with?(@prefix) && name.end_with?(@suffix)
|
81
|
+
when URL
|
82
|
+
host = other.uri.host
|
83
|
+
|
84
|
+
host.start_with?(@prefix) && host.end_with?(@suffix)
|
85
|
+
else
|
86
|
+
false
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
#
|
91
|
+
# The "hash" value of the wildcard host name.
|
92
|
+
#
|
93
|
+
# @return [Integer]
|
94
|
+
# The hash value of {#template}.
|
95
|
+
#
|
96
|
+
def hash
|
97
|
+
[self.class, @template].hash
|
98
|
+
end
|
99
|
+
|
100
|
+
#
|
101
|
+
# Converts the wildcard host object to a String.
|
102
|
+
#
|
103
|
+
# @return [String]
|
104
|
+
# The wildcard host name.
|
105
|
+
#
|
106
|
+
def to_s
|
107
|
+
@template.to_s
|
108
|
+
end
|
109
|
+
|
110
|
+
alias to_str to_s
|
111
|
+
|
112
|
+
#
|
113
|
+
# Coerces the wildcard value into JSON.
|
114
|
+
#
|
115
|
+
# @return [Hash{Symbol => Object}]
|
116
|
+
# The Ruby Hash that will be converted into JSON.
|
117
|
+
#
|
118
|
+
def as_json
|
119
|
+
{type: :wildcard, template: @template}
|
120
|
+
end
|
121
|
+
|
122
|
+
#
|
123
|
+
# Returns the type or kind of recon value.
|
124
|
+
#
|
125
|
+
# @return [:wildcard]
|
126
|
+
#
|
127
|
+
# @note
|
128
|
+
# This is used internally to map a recon value class to a printable
|
129
|
+
# type.
|
130
|
+
#
|
131
|
+
# @api private
|
132
|
+
#
|
133
|
+
def self.value_type
|
134
|
+
:wildcard
|
135
|
+
end
|
136
|
+
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/values/host'
|
22
|
+
require 'ronin/recon/values/nameserver'
|
23
|
+
require 'ronin/recon/values/mailserver'
|
24
|
+
require 'ronin/recon/values/domain'
|
25
|
+
require 'ronin/recon/values/wildcard'
|
26
|
+
require 'ronin/recon/values/ip'
|
27
|
+
require 'ronin/recon/values/ip_range'
|
28
|
+
require 'ronin/recon/values/open_port'
|
29
|
+
require 'ronin/recon/values/email_address'
|
30
|
+
require 'ronin/recon/values/cert'
|
31
|
+
require 'ronin/recon/values/website'
|
32
|
+
require 'ronin/recon/values/url'
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
module Ronin
|
22
|
+
module Recon
|
23
|
+
# ronin-recon version
|
24
|
+
VERSION = '0.1.0.rc1'
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/worker'
|
22
|
+
require 'ronin/recon/mixins/http'
|
23
|
+
|
24
|
+
module Ronin
|
25
|
+
module Recon
|
26
|
+
#
|
27
|
+
# Base class for all web related workers.
|
28
|
+
#
|
29
|
+
class WebWorker < Worker
|
30
|
+
|
31
|
+
include Mixins::HTTP
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,433 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/registry'
|
22
|
+
require 'ronin/recon/values'
|
23
|
+
require 'ronin/core/metadata/id'
|
24
|
+
require 'ronin/core/metadata/authors'
|
25
|
+
require 'ronin/core/metadata/summary'
|
26
|
+
require 'ronin/core/metadata/description'
|
27
|
+
require 'ronin/core/metadata/references'
|
28
|
+
require 'ronin/core/params/mixin'
|
29
|
+
|
30
|
+
require 'async'
|
31
|
+
|
32
|
+
module Ronin
|
33
|
+
module Recon
|
34
|
+
#
|
35
|
+
# Base class for all recon workers.
|
36
|
+
#
|
37
|
+
# ## Philosophy
|
38
|
+
#
|
39
|
+
# Recon involves performing multiple strategies on input values
|
40
|
+
# (ex: a domain) in order to produce discovered output values
|
41
|
+
# (ex: sub-domains). These recon strategies can be defined as classes
|
42
|
+
# which have a `process` method that accepts certiain input {Values value}
|
43
|
+
# types and yield zero or more output {Values value types}.
|
44
|
+
#
|
45
|
+
# The {Worker} class defines three key parts:
|
46
|
+
#
|
47
|
+
# 1. Metadata - defines information about the recon worker.
|
48
|
+
# 2. [Params] - optional user configurable parameters.
|
49
|
+
# 3. {Worker#process process} - method which receives a {Values Value} class
|
50
|
+
#
|
51
|
+
# [Params]: https://ronin-rb.dev/docs/ronin-core/Ronin/Core/Params/Mixin.html
|
52
|
+
#
|
53
|
+
# ## Example
|
54
|
+
#
|
55
|
+
# require 'ronin/recon/worker'
|
56
|
+
#
|
57
|
+
# module Ronin
|
58
|
+
# module Recon
|
59
|
+
# module DNS
|
60
|
+
# class FooBar
|
61
|
+
#
|
62
|
+
# register 'dns/foo_bar'
|
63
|
+
#
|
64
|
+
# summary 'My DNS recon technique'
|
65
|
+
# description <<~DESC
|
66
|
+
# This recon worker uses the foo-bar technique.
|
67
|
+
# Bla bla bla bla.
|
68
|
+
# DESC
|
69
|
+
# author 'John Smith', email: '...'
|
70
|
+
#
|
71
|
+
# accepts Domain
|
72
|
+
# outputs Host
|
73
|
+
# intensity :passive
|
74
|
+
#
|
75
|
+
# param :wordlist, String, desc: 'Optional wordlist to use'
|
76
|
+
#
|
77
|
+
# def process(value)
|
78
|
+
# # ...
|
79
|
+
# yield Host.new(discovered_host_name)
|
80
|
+
# # ...
|
81
|
+
# end
|
82
|
+
#
|
83
|
+
# end
|
84
|
+
# end
|
85
|
+
# end
|
86
|
+
# end
|
87
|
+
#
|
88
|
+
# ### register
|
89
|
+
#
|
90
|
+
# Registers the worker with {Recon}.
|
91
|
+
#
|
92
|
+
# register 'dns/foo_bar'
|
93
|
+
#
|
94
|
+
# ### accepts
|
95
|
+
#
|
96
|
+
# Defines which {Values Value} types the worker accepts.
|
97
|
+
#
|
98
|
+
# accepts Domain
|
99
|
+
#
|
100
|
+
# Available {Values Value} types are:
|
101
|
+
#
|
102
|
+
# * {Values::Domain Domain} - a domain name (ex: `example.com`).
|
103
|
+
# * {Values::Host Host} - a host-name (ex: `www.example.com`).
|
104
|
+
# * {Values::IP} - a single IP address (ex: `192.168.1.1').
|
105
|
+
# * {Values::IPRange} - a CIDR IP range (ex: `192.168.1.1/24`).
|
106
|
+
# * {Values::Mailserver} - represents a mailserver for a domain
|
107
|
+
# (ex: `smtp.google.com`).
|
108
|
+
# * {Values::Nameserver} - represents a nameserver for a domain
|
109
|
+
# (ex: `ns1.google.com`).
|
110
|
+
# * {Values::OpenPort} - represents a discovered open port on an IP address.
|
111
|
+
# * {Values::URL} - represents a discovered URL
|
112
|
+
# (ex: `https://example.com/index.html`).
|
113
|
+
# * {Values::Website} - represents a discovered website
|
114
|
+
# (ex: `https://example.com/`).
|
115
|
+
# * {Values::Wildcard} - represent a wildcard host name
|
116
|
+
# (ex: `*.example.com`).
|
117
|
+
#
|
118
|
+
# **Note:** the recon worker may specify that it accepts multiple value
|
119
|
+
# types:
|
120
|
+
#
|
121
|
+
# accepts Domain, Host, IP
|
122
|
+
#
|
123
|
+
# ### outputs
|
124
|
+
#
|
125
|
+
# Similar to `accepts`, but defines the possible output value types of the
|
126
|
+
# worker.
|
127
|
+
#
|
128
|
+
# outputs Host
|
129
|
+
#
|
130
|
+
# **Note:** the recon worker may specify that it can output multiple
|
131
|
+
# different value types:
|
132
|
+
#
|
133
|
+
# outputs Host, IP
|
134
|
+
#
|
135
|
+
# ### intensity
|
136
|
+
#
|
137
|
+
# Indicates the intensity level of the worker class.
|
138
|
+
#
|
139
|
+
# intensity :passive
|
140
|
+
#
|
141
|
+
# The possible intensity levels are:
|
142
|
+
#
|
143
|
+
# * `:passive` - does not send any network traffic to the target system.
|
144
|
+
# * `:active` - sends a moderate amount of network traffic to the target
|
145
|
+
# system.
|
146
|
+
# * `:aggressive` - sends an excessive amount of network traffic to the
|
147
|
+
# target system and may trigger alerts.
|
148
|
+
#
|
149
|
+
# **Note:** if the intensity level of the worker class is not defined,
|
150
|
+
# it will default to `:active`.
|
151
|
+
#
|
152
|
+
# ### summary
|
153
|
+
#
|
154
|
+
# Defines a short one-sentence description of the recon worker.
|
155
|
+
#
|
156
|
+
# summary 'My DNS recon technique'
|
157
|
+
#
|
158
|
+
# ### description
|
159
|
+
#
|
160
|
+
# Defines a longer multi-paragraph description of the recon worker.
|
161
|
+
#
|
162
|
+
# description <<~DESC
|
163
|
+
# This recon worker uses the foo-bar technique.
|
164
|
+
# Bla bla bla bla.
|
165
|
+
# DESC
|
166
|
+
#
|
167
|
+
# **Note:** that `<<~` heredoc, unlike the regular `<<` heredoc, removes
|
168
|
+
# leading whitespace.
|
169
|
+
#
|
170
|
+
# ### author
|
171
|
+
#
|
172
|
+
# Add an author's name and additional information to the recon worker.
|
173
|
+
#
|
174
|
+
# author 'John Smith'
|
175
|
+
#
|
176
|
+
# author 'doctor_doom', email: '...', twitter: '...'
|
177
|
+
#
|
178
|
+
# ### param
|
179
|
+
#
|
180
|
+
# Defines a user configurable param. Params may have a type class, but
|
181
|
+
# default to `String`. Params must have a one-line description.
|
182
|
+
#
|
183
|
+
# param :str, desc: 'A basic string param'
|
184
|
+
#
|
185
|
+
# param :feature_flag, Boolean, desc: 'A boolean param'
|
186
|
+
#
|
187
|
+
# param :enum, Enum[:one, :two, :three],
|
188
|
+
# desc: 'An enum param'
|
189
|
+
#
|
190
|
+
# param :num1, Integer, desc: 'An integer param'
|
191
|
+
#
|
192
|
+
# param :num2, Integer, default: 42,
|
193
|
+
# desc: 'A param with a default value'
|
194
|
+
#
|
195
|
+
# param :num3, Integer, default: ->{ rand(42) },
|
196
|
+
# desc: 'A param with a dynamic default value'
|
197
|
+
#
|
198
|
+
# param :float, Float, 'Floating point param'
|
199
|
+
#
|
200
|
+
# param :url, URI, desc: 'URL param'
|
201
|
+
#
|
202
|
+
# param :pattern, Regexp, desc: 'Regular Expression param'
|
203
|
+
#
|
204
|
+
# Params may then be accessed in instance methods using `params` Hash.
|
205
|
+
#
|
206
|
+
# param :retries, Integer, default: 4,
|
207
|
+
# desc: 'Number of retries'
|
208
|
+
#
|
209
|
+
# def process(value)
|
210
|
+
# retry_count = 0
|
211
|
+
#
|
212
|
+
# begin
|
213
|
+
# # ...
|
214
|
+
# rescue => error
|
215
|
+
# retry_count += 1
|
216
|
+
#
|
217
|
+
# if retry_count < params[:retries]
|
218
|
+
# retry
|
219
|
+
# else
|
220
|
+
# raise(error)
|
221
|
+
# end
|
222
|
+
# end
|
223
|
+
# end
|
224
|
+
#
|
225
|
+
# @api public
|
226
|
+
#
|
227
|
+
class Worker
|
228
|
+
|
229
|
+
include Core::Metadata::ID
|
230
|
+
include Core::Metadata::Authors
|
231
|
+
include Core::Metadata::Summary
|
232
|
+
include Core::Metadata::Description
|
233
|
+
include Core::Metadata::References
|
234
|
+
include Core::Params::Mixin
|
235
|
+
include Values
|
236
|
+
|
237
|
+
#
|
238
|
+
# Registers the recon worker with the given name.
|
239
|
+
#
|
240
|
+
# @param [String] worker_id
|
241
|
+
# The recon worker's `id`.
|
242
|
+
#
|
243
|
+
# @example
|
244
|
+
# require 'ronin/recon/worker'
|
245
|
+
#
|
246
|
+
# module Ronin
|
247
|
+
# module Recon
|
248
|
+
# module DNS
|
249
|
+
# class SubdomainBruteforcer < Worker
|
250
|
+
#
|
251
|
+
# register 'dns/subdomain_bruteforcer'
|
252
|
+
#
|
253
|
+
# end
|
254
|
+
# end
|
255
|
+
# end
|
256
|
+
# end
|
257
|
+
#
|
258
|
+
# @api public
|
259
|
+
#
|
260
|
+
def self.register(worker_id)
|
261
|
+
id(worker_id)
|
262
|
+
Recon.register(worker_id,self)
|
263
|
+
end
|
264
|
+
|
265
|
+
#
|
266
|
+
# Initializes the worker.
|
267
|
+
#
|
268
|
+
# @param [Hash{Symbol => Object}] kwargs
|
269
|
+
# Additional keyword arguments.
|
270
|
+
#
|
271
|
+
def initialize(**kwargs)
|
272
|
+
super(**kwargs)
|
273
|
+
end
|
274
|
+
|
275
|
+
#
|
276
|
+
# Gets or sets the value class which the recon worker accepts.
|
277
|
+
#
|
278
|
+
# @param [Array<Class<Value>>] value_classes
|
279
|
+
# The optional new value class(es) to accept.
|
280
|
+
#
|
281
|
+
# @return [Array<Class<Value>>]
|
282
|
+
# the value class which the recon worker accepts.
|
283
|
+
#
|
284
|
+
# @raise [NotImplementedError]
|
285
|
+
# No value class was defined for the recon worker.
|
286
|
+
#
|
287
|
+
# @example define that the recon worker accepts IP addresses:
|
288
|
+
# accepts IP
|
289
|
+
#
|
290
|
+
def self.accepts(*value_classes)
|
291
|
+
unless value_classes.empty?
|
292
|
+
@accepts = value_classes
|
293
|
+
else
|
294
|
+
@accepts || if superclass < Worker
|
295
|
+
superclass.accepts
|
296
|
+
else
|
297
|
+
raise(NotImplementedError,"#{self} did not set accepts")
|
298
|
+
end
|
299
|
+
end
|
300
|
+
end
|
301
|
+
|
302
|
+
#
|
303
|
+
# Gets or sets the value class which the recon worker outputs.
|
304
|
+
#
|
305
|
+
# @param [Array<Class<Value>>] value_classes
|
306
|
+
# The optional new value class(es) to outputs.
|
307
|
+
#
|
308
|
+
# @return [Array<Class<Value>>]
|
309
|
+
# the value class which the recon worker outputs.
|
310
|
+
#
|
311
|
+
# @raise [NotImplementedError]
|
312
|
+
# No value class was defined for the recon worker.
|
313
|
+
#
|
314
|
+
# @example define that the recon worker outputs Host values:
|
315
|
+
# outputs Host
|
316
|
+
#
|
317
|
+
def self.outputs(*value_classes)
|
318
|
+
unless value_classes.empty?
|
319
|
+
@outputs = value_classes
|
320
|
+
else
|
321
|
+
@outputs || if superclass < Worker
|
322
|
+
superclass.outputs
|
323
|
+
else
|
324
|
+
raise(NotImplementedError,"#{self} did not set outputs")
|
325
|
+
end
|
326
|
+
end
|
327
|
+
end
|
328
|
+
|
329
|
+
#
|
330
|
+
# Gets or sets the worker's default concurrency.
|
331
|
+
#
|
332
|
+
# @param [Integer, nil] new_concurrency
|
333
|
+
# The optional new concurrency to set.
|
334
|
+
#
|
335
|
+
# @return [Integer]
|
336
|
+
# The worker's concurrency. Defaults to `1` if not set.
|
337
|
+
#
|
338
|
+
# @example sets the recon worker's default concurrency:
|
339
|
+
# concurrency 3
|
340
|
+
#
|
341
|
+
def self.concurrency(new_concurrency=nil)
|
342
|
+
if new_concurrency
|
343
|
+
@concurrency = new_concurrency
|
344
|
+
else
|
345
|
+
@concurrency || if superclass < Worker
|
346
|
+
superclass.concurrency
|
347
|
+
else
|
348
|
+
1
|
349
|
+
end
|
350
|
+
end
|
351
|
+
end
|
352
|
+
|
353
|
+
#
|
354
|
+
# Gets or sets the worker's intensity level.
|
355
|
+
#
|
356
|
+
# @param [:passive, :active, :aggressive, nil] new_intensity
|
357
|
+
# The optional new intensity level to set.
|
358
|
+
#
|
359
|
+
# * `:passive` - does not send any network traffic to the target system.
|
360
|
+
# * `:active` - sends a moderate amount of network traffic to the target
|
361
|
+
# system.
|
362
|
+
# * `:aggressive` - sends an excessive amount of network traffic to the
|
363
|
+
# target system and may trigger alerts.
|
364
|
+
#
|
365
|
+
# @return [:passive, :active, :aggressive]
|
366
|
+
# The worker's intensity level. Defaults to `:active` if not set.
|
367
|
+
#
|
368
|
+
# @raise [ArgumentError]
|
369
|
+
# The new intensity level was not `:passive`, `:active`, or
|
370
|
+
# `:aggressive`.
|
371
|
+
#
|
372
|
+
# @example sets the recon worker's intensity level:
|
373
|
+
# intensity :passive
|
374
|
+
#
|
375
|
+
def self.intensity(new_intensity=nil)
|
376
|
+
if new_intensity
|
377
|
+
case new_intensity
|
378
|
+
when :passive, :active, :aggressive
|
379
|
+
@intensity = new_intensity
|
380
|
+
else
|
381
|
+
raise(ArgumentError,"intensity must be :passive, :active, or :aggressive: #{new_intensity.inspect}")
|
382
|
+
end
|
383
|
+
else
|
384
|
+
@intensity || if superclass < Worker
|
385
|
+
superclass.intensity
|
386
|
+
else
|
387
|
+
:active
|
388
|
+
end
|
389
|
+
end
|
390
|
+
end
|
391
|
+
|
392
|
+
#
|
393
|
+
# Initializes the worker and runs it with the single value.
|
394
|
+
#
|
395
|
+
# @param [Values::Value] value
|
396
|
+
# The input value to process.
|
397
|
+
#
|
398
|
+
# @param [Hash{Symbol => Object}] kwargs
|
399
|
+
# Additional keyword arguments to initialize the worker with.
|
400
|
+
#
|
401
|
+
# @note
|
402
|
+
# This method is mainly for testing workers and running them
|
403
|
+
# individually.
|
404
|
+
#
|
405
|
+
def self.run(value,**kwargs,&block)
|
406
|
+
worker = new(**kwargs)
|
407
|
+
|
408
|
+
Async do
|
409
|
+
worker.process(value,&block)
|
410
|
+
end
|
411
|
+
end
|
412
|
+
|
413
|
+
#
|
414
|
+
# Calls the recon worker with the given input value.
|
415
|
+
#
|
416
|
+
# @param [Values::Value] value
|
417
|
+
# The input value.
|
418
|
+
#
|
419
|
+
# @yield [new_value]
|
420
|
+
# The `call` method can then `yield` one or more newly discovered values
|
421
|
+
#
|
422
|
+
# @yieldparam [Values::Value] new_value
|
423
|
+
# An newly discovered output value from the input value.
|
424
|
+
#
|
425
|
+
# @abstract
|
426
|
+
#
|
427
|
+
def process(value,&block)
|
428
|
+
raise(NotImplementedError,"#{self.class} did not define a #process method")
|
429
|
+
end
|
430
|
+
|
431
|
+
end
|
432
|
+
end
|
433
|
+
end
|