ronin-recon 0.1.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +4 -0
- data/.github/workflows/ruby.yml +46 -0
- data/.gitignore +20 -0
- data/.rspec +1 -0
- data/.rubocop.yml +44 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +36 -0
- data/Gemfile +62 -0
- data/README.md +391 -0
- data/Rakefile +74 -0
- data/bin/ronin-recon +16 -0
- data/data/completions/ronin-recon +95 -0
- data/data/templates/worker.rb.erb +67 -0
- data/data/wordlists/raft-small-directories.txt.gz +0 -0
- data/data/wordlists/subdomains-1000.txt.gz +0 -0
- data/examples/recon.rb +24 -0
- data/gemspec.yml +57 -0
- data/lib/ronin/recon/builtin/dns/lookup.rb +65 -0
- data/lib/ronin/recon/builtin/dns/mailservers.rb +64 -0
- data/lib/ronin/recon/builtin/dns/nameservers.rb +61 -0
- data/lib/ronin/recon/builtin/dns/reverse_lookup.rb +63 -0
- data/lib/ronin/recon/builtin/dns/srv_enum.rb +178 -0
- data/lib/ronin/recon/builtin/dns/subdomain_enum.rb +105 -0
- data/lib/ronin/recon/builtin/dns/suffix_enum.rb +168 -0
- data/lib/ronin/recon/builtin/net/ip_range_enum.rb +65 -0
- data/lib/ronin/recon/builtin/net/port_scan.rb +84 -0
- data/lib/ronin/recon/builtin/net/service_id.rb +75 -0
- data/lib/ronin/recon/builtin/ssl/cert_enum.rb +109 -0
- data/lib/ronin/recon/builtin/ssl/cert_grab.rb +76 -0
- data/lib/ronin/recon/builtin/ssl/cert_sh.rb +77 -0
- data/lib/ronin/recon/builtin/web/dir_enum.rb +121 -0
- data/lib/ronin/recon/builtin/web/email_addresses.rb +70 -0
- data/lib/ronin/recon/builtin/web/spider.rb +93 -0
- data/lib/ronin/recon/builtin.rb +34 -0
- data/lib/ronin/recon/cli/command.rb +40 -0
- data/lib/ronin/recon/cli/commands/completion.rb +61 -0
- data/lib/ronin/recon/cli/commands/irb.rb +57 -0
- data/lib/ronin/recon/cli/commands/new.rb +203 -0
- data/lib/ronin/recon/cli/commands/run.rb +420 -0
- data/lib/ronin/recon/cli/commands/test.rb +99 -0
- data/lib/ronin/recon/cli/commands/worker.rb +114 -0
- data/lib/ronin/recon/cli/commands/workers.rb +80 -0
- data/lib/ronin/recon/cli/debug_option.rb +45 -0
- data/lib/ronin/recon/cli/printing.rb +122 -0
- data/lib/ronin/recon/cli/ruby_shell.rb +51 -0
- data/lib/ronin/recon/cli/worker_command.rb +105 -0
- data/lib/ronin/recon/cli.rb +50 -0
- data/lib/ronin/recon/config.rb +371 -0
- data/lib/ronin/recon/dns_worker.rb +41 -0
- data/lib/ronin/recon/engine.rb +639 -0
- data/lib/ronin/recon/exceptions.rb +45 -0
- data/lib/ronin/recon/graph.rb +127 -0
- data/lib/ronin/recon/importer.rb +224 -0
- data/lib/ronin/recon/input_file.rb +81 -0
- data/lib/ronin/recon/message/job_completed.rb +60 -0
- data/lib/ronin/recon/message/job_failed.rb +69 -0
- data/lib/ronin/recon/message/job_started.rb +60 -0
- data/lib/ronin/recon/message/shutdown.rb +38 -0
- data/lib/ronin/recon/message/value.rb +76 -0
- data/lib/ronin/recon/message/worker_started.rb +51 -0
- data/lib/ronin/recon/message/worker_stopped.rb +51 -0
- data/lib/ronin/recon/mixins/dns.rb +639 -0
- data/lib/ronin/recon/mixins/http.rb +58 -0
- data/lib/ronin/recon/mixins.rb +21 -0
- data/lib/ronin/recon/output_formats/dir.rb +94 -0
- data/lib/ronin/recon/output_formats/dot.rb +155 -0
- data/lib/ronin/recon/output_formats/graph_format.rb +48 -0
- data/lib/ronin/recon/output_formats/graphviz_format.rb +115 -0
- data/lib/ronin/recon/output_formats/pdf.rb +43 -0
- data/lib/ronin/recon/output_formats/png.rb +43 -0
- data/lib/ronin/recon/output_formats/svg.rb +43 -0
- data/lib/ronin/recon/output_formats.rb +48 -0
- data/lib/ronin/recon/registry.rb +35 -0
- data/lib/ronin/recon/root.rb +33 -0
- data/lib/ronin/recon/scope.rb +112 -0
- data/lib/ronin/recon/value/parser.rb +113 -0
- data/lib/ronin/recon/value.rb +110 -0
- data/lib/ronin/recon/value_status.rb +87 -0
- data/lib/ronin/recon/values/cert.rb +168 -0
- data/lib/ronin/recon/values/domain.rb +88 -0
- data/lib/ronin/recon/values/email_address.rb +114 -0
- data/lib/ronin/recon/values/host.rb +137 -0
- data/lib/ronin/recon/values/ip.rb +123 -0
- data/lib/ronin/recon/values/ip_range.rb +155 -0
- data/lib/ronin/recon/values/mailserver.rb +61 -0
- data/lib/ronin/recon/values/nameserver.rb +61 -0
- data/lib/ronin/recon/values/open_port.rb +190 -0
- data/lib/ronin/recon/values/url.rb +218 -0
- data/lib/ronin/recon/values/website.rb +200 -0
- data/lib/ronin/recon/values/wildcard.rb +140 -0
- data/lib/ronin/recon/values.rb +32 -0
- data/lib/ronin/recon/version.rb +26 -0
- data/lib/ronin/recon/web_worker.rb +35 -0
- data/lib/ronin/recon/worker.rb +433 -0
- data/lib/ronin/recon/worker_pool.rb +203 -0
- data/lib/ronin/recon/workers.rb +260 -0
- data/lib/ronin/recon.rb +22 -0
- data/man/ronin-recon-completion.1 +76 -0
- data/man/ronin-recon-completion.1.md +78 -0
- data/man/ronin-recon-irb.1 +27 -0
- data/man/ronin-recon-irb.1.md +26 -0
- data/man/ronin-recon-new.1 +58 -0
- data/man/ronin-recon-new.1.md +59 -0
- data/man/ronin-recon-run.1 +137 -0
- data/man/ronin-recon-run.1.md +115 -0
- data/man/ronin-recon-test.1 +53 -0
- data/man/ronin-recon-test.1.md +55 -0
- data/man/ronin-recon-worker.1 +32 -0
- data/man/ronin-recon-worker.1.md +34 -0
- data/man/ronin-recon-workers.1 +29 -0
- data/man/ronin-recon-workers.1.md +31 -0
- data/man/ronin-recon.1 +57 -0
- data/man/ronin-recon.1.md +57 -0
- data/ronin-recon.gemspec +62 -0
- data/scripts/setup +58 -0
- metadata +364 -0
data/README.md
ADDED
@@ -0,0 +1,391 @@
|
|
1
|
+
# ronin-recon
|
2
|
+
|
3
|
+
[![CI](https://github.com/ronin-rb/ronin-recon/actions/workflows/ruby.yml/badge.svg)](https://github.com/ronin-rb/ronin-recon/actions/workflows/ruby.yml)
|
4
|
+
[![Code Climate](https://codeclimate.com/github/ronin-rb/ronin-recon.svg)](https://codeclimate.com/github/ronin-rb/ronin-recon)
|
5
|
+
|
6
|
+
* [Website](https://ronin-rb.dev/)
|
7
|
+
* [Source](https://github.com/ronin-rb/ronin-recon)
|
8
|
+
* [Issues](https://github.com/ronin-rb/ronin-recon/issues)
|
9
|
+
* [Documentation](https://ronin-rb.dev/docs/ronin-recon)
|
10
|
+
* [Discord](https://discord.gg/6WAb3PsVX9) |
|
11
|
+
[Mastodon](https://infosec.exchange/@ronin_rb)
|
12
|
+
|
13
|
+
## Description
|
14
|
+
|
15
|
+
ronin-recon is a micro-framework and tool for performing reconnaissance.
|
16
|
+
ronin-recon uses multiple workers which process different value types
|
17
|
+
(ex: IP, host, URL, etc) and produce new values. ronin-recon contains built-in
|
18
|
+
recon workers and supports loading additional 3rd-party workers from Ruby
|
19
|
+
files or 3rd-party git repositories. ronin-recon has a unique queue design
|
20
|
+
and uses asynchronous I/O to maximize efficiency.
|
21
|
+
|
22
|
+
## Features
|
23
|
+
|
24
|
+
* Uses asynchronous I/O and fibers.
|
25
|
+
* Supports defining recon modules as plain old Ruby class.
|
26
|
+
* Provides built-in recon workers for:
|
27
|
+
* IP range enumeration.
|
28
|
+
* DNS lookup of host-names.
|
29
|
+
* Querying nameservers.
|
30
|
+
* Querying mailservers.
|
31
|
+
* DNS reverse lookup of IP addresses.
|
32
|
+
* DNS SRV record enumeration.
|
33
|
+
* DNS subdomain enumeration.
|
34
|
+
* Service/port scanning with `nmap`.
|
35
|
+
* Enumerates the Common Name (`CN`) and `subjectAltName`s within all SSL/TLS
|
36
|
+
certificates.
|
37
|
+
* Web spidering.
|
38
|
+
* HTTP directory enumeration.
|
39
|
+
* Supports loading additional recon modules from Ruby files or from installed
|
40
|
+
[3rd-party git repositories][ronin-repos].
|
41
|
+
* Builds a network graph of all discovered assets.
|
42
|
+
* Provides a simple CLI for listing workers or performing recon.
|
43
|
+
* Supports many different output file formats:
|
44
|
+
* TXT
|
45
|
+
* CSV
|
46
|
+
* JSON
|
47
|
+
* [NDJSON](http://ndjson.org/)
|
48
|
+
* [GraphViz][graphviz]
|
49
|
+
* DOT
|
50
|
+
* SVG
|
51
|
+
* PNG
|
52
|
+
* PDF
|
53
|
+
* Supports automatically saving recon results into [ronin-db].
|
54
|
+
|
55
|
+
## Anti-Features
|
56
|
+
|
57
|
+
* Does not require API keys to run.
|
58
|
+
* Not just a script that runs a bunch of other recon tools.
|
59
|
+
|
60
|
+
## Synopsis
|
61
|
+
|
62
|
+
```
|
63
|
+
$ ronin-recon
|
64
|
+
Usage: ronin-recon [options]
|
65
|
+
|
66
|
+
Options:
|
67
|
+
-V, --version Prints the version and exits
|
68
|
+
-h, --help Print help information
|
69
|
+
|
70
|
+
Arguments:
|
71
|
+
[COMMAND] The command name to run
|
72
|
+
[ARGS ...] Additional arguments for the command
|
73
|
+
|
74
|
+
Commands:
|
75
|
+
completion
|
76
|
+
help
|
77
|
+
irb
|
78
|
+
new
|
79
|
+
run
|
80
|
+
test
|
81
|
+
worker
|
82
|
+
workers
|
83
|
+
```
|
84
|
+
|
85
|
+
List all available recon workers:
|
86
|
+
|
87
|
+
```shell
|
88
|
+
$ ronin-recon workers
|
89
|
+
dns/lookup
|
90
|
+
dns/mailservers
|
91
|
+
dns/nameservers
|
92
|
+
dns/reverse_lookup
|
93
|
+
dns/srv_enum
|
94
|
+
dns/subdomain_enum
|
95
|
+
dns/suffix_enum
|
96
|
+
net/cert_enum
|
97
|
+
net/cert_grab
|
98
|
+
net/cert_sh
|
99
|
+
net/ip_range_enum
|
100
|
+
net/port_scan
|
101
|
+
net/service_id
|
102
|
+
web/dir_enum
|
103
|
+
web/email_addresses
|
104
|
+
web/spider
|
105
|
+
```
|
106
|
+
|
107
|
+
Print info about a specific recon worker:
|
108
|
+
|
109
|
+
```shell
|
110
|
+
$ ronin-recon worker dns/lookup
|
111
|
+
[ dns/lookup ]
|
112
|
+
|
113
|
+
Summary: Looks up the IPs of a host-name
|
114
|
+
Description:
|
115
|
+
|
116
|
+
Resolves the IP addresses of domains, host names, nameservers,
|
117
|
+
and mailservers.
|
118
|
+
|
119
|
+
Accepts:
|
120
|
+
|
121
|
+
* domains
|
122
|
+
* hosts
|
123
|
+
* nameservers
|
124
|
+
* mailservers
|
125
|
+
|
126
|
+
```
|
127
|
+
|
128
|
+
Run the recon engine on a single domain:
|
129
|
+
|
130
|
+
```shell
|
131
|
+
$ ronin-recon run example.com
|
132
|
+
```
|
133
|
+
|
134
|
+
Run the recon engine on a single host-name:
|
135
|
+
|
136
|
+
```shell
|
137
|
+
$ ronin-recon run www.example.com
|
138
|
+
```
|
139
|
+
|
140
|
+
Run the recon engine on a single IP address:
|
141
|
+
|
142
|
+
```shell
|
143
|
+
$ ronin-recon run 1.1.1.1
|
144
|
+
```
|
145
|
+
|
146
|
+
Run the recon engine on an IP range:
|
147
|
+
|
148
|
+
```shell
|
149
|
+
$ ronin-recon run 1.1.1.1/24
|
150
|
+
```
|
151
|
+
|
152
|
+
Run the recon engine on multiple targets:
|
153
|
+
|
154
|
+
```shell
|
155
|
+
$ ronin-recon run example1.com example2.com secret.foo.example1.com secret.bar.example2.com 1.1.1.1/24
|
156
|
+
```
|
157
|
+
|
158
|
+
Run the recon engine and ignore specific hosts, IPs, URLs, etc.:
|
159
|
+
|
160
|
+
```shell
|
161
|
+
$ ronin-recon run --ignore staging.example.com example.com
|
162
|
+
```
|
163
|
+
|
164
|
+
Save the recon results to a plain-text file:
|
165
|
+
|
166
|
+
```shell
|
167
|
+
$ ronin-recon run -o output.txt example.com
|
168
|
+
```
|
169
|
+
|
170
|
+
Save the recon results to a directory of multiple plain-text files:
|
171
|
+
|
172
|
+
```shell
|
173
|
+
$ ronin-recon run -o output_dir example.com
|
174
|
+
```
|
175
|
+
|
176
|
+
Save the recon results to a CSV file:
|
177
|
+
|
178
|
+
```shell
|
179
|
+
$ ronin-recon run -o output.csv example.com
|
180
|
+
```
|
181
|
+
|
182
|
+
Save the recon results to a JSON file:
|
183
|
+
|
184
|
+
```shell
|
185
|
+
$ ronin-recon run -o output.json example.com
|
186
|
+
```
|
187
|
+
|
188
|
+
Save the recon results to a NDJSON file:
|
189
|
+
|
190
|
+
```shell
|
191
|
+
$ ronin-recon run -o output.ndjson example.com
|
192
|
+
```
|
193
|
+
|
194
|
+
Save the recon results to a PNG image:
|
195
|
+
|
196
|
+
```shell
|
197
|
+
$ ronin-recon run -o output.png example.com
|
198
|
+
```
|
199
|
+
|
200
|
+
Save the recon results to a SVG image:
|
201
|
+
|
202
|
+
```shell
|
203
|
+
$ ronin-recon run -o output.svg example.com
|
204
|
+
```
|
205
|
+
|
206
|
+
Save the recon results to a PDF image:
|
207
|
+
|
208
|
+
```shell
|
209
|
+
$ ronin-recon run -o output.pdf example.com
|
210
|
+
```
|
211
|
+
|
212
|
+
Generate a boilerplate recon worker file, with some custom information:
|
213
|
+
|
214
|
+
```shell
|
215
|
+
$ ronin-recon new example_worker.rb \
|
216
|
+
--name Example \
|
217
|
+
--authors Postmodern \
|
218
|
+
--description "This is an example."
|
219
|
+
```
|
220
|
+
|
221
|
+
Generate a ronin repository of your own payloads (or exploits):
|
222
|
+
|
223
|
+
```shell
|
224
|
+
$ ronin-repos new my-repo
|
225
|
+
$ cd my-repo/
|
226
|
+
$ mkdir recon
|
227
|
+
$ ronin-recon new recon/my_recon.rb \
|
228
|
+
--name MyRecon \
|
229
|
+
--authors You \
|
230
|
+
--description "This is my payload."
|
231
|
+
$ vim recon/my_recon.rb
|
232
|
+
$ git add recon/my_recon.rb
|
233
|
+
$ git commit
|
234
|
+
$ git push
|
235
|
+
```
|
236
|
+
|
237
|
+
## Examples
|
238
|
+
|
239
|
+
Defining a custom recon worker:
|
240
|
+
|
241
|
+
```ruby
|
242
|
+
require 'ronin/recon/worker'
|
243
|
+
|
244
|
+
module Ronin
|
245
|
+
module Recon
|
246
|
+
module DNS
|
247
|
+
class FooBar
|
248
|
+
|
249
|
+
register 'dns/foo_bar'
|
250
|
+
|
251
|
+
summary 'My DNS recon technique'
|
252
|
+
description <<~DESC
|
253
|
+
This recon worker uses the foo-bar technique.
|
254
|
+
Bla bla bla bla.
|
255
|
+
DESC
|
256
|
+
author 'John Smith', email: '...'
|
257
|
+
|
258
|
+
accepts Domain
|
259
|
+
outputs Host
|
260
|
+
intensity :passive
|
261
|
+
|
262
|
+
param :wordlist, String, desc: 'Optional wordlist to use'
|
263
|
+
|
264
|
+
def process(value)
|
265
|
+
# ...
|
266
|
+
yield Host.new(discovered_host_name)
|
267
|
+
# ...
|
268
|
+
end
|
269
|
+
|
270
|
+
end
|
271
|
+
end
|
272
|
+
end
|
273
|
+
end
|
274
|
+
```
|
275
|
+
|
276
|
+
Manually running the recon engine:
|
277
|
+
|
278
|
+
```ruby
|
279
|
+
require 'ronin/recon/engine'
|
280
|
+
|
281
|
+
domain = Ronin::Recon::Values::Domain.new('github.com')
|
282
|
+
|
283
|
+
Ronin::Recon::Engine.run([domain], max_depth: 3) do |value,parent|
|
284
|
+
case value
|
285
|
+
when Ronin::Recon::Values::Domain
|
286
|
+
puts "Found domain #{value} for #{parent}"
|
287
|
+
when Ronin::Recon::Values::Nameserver
|
288
|
+
puts "Found nameserver #{value} for #{parent}"
|
289
|
+
when Ronin::Recon::Values::Mailserver
|
290
|
+
puts "Found mailserver #{value} for #{parent}"
|
291
|
+
when Ronin::Recon::Values::Host
|
292
|
+
puts "Found host #{value} for #{parent}"
|
293
|
+
when Ronin::Recon::Values::IP
|
294
|
+
puts "Found IP address #{value} for #{parent}"
|
295
|
+
end
|
296
|
+
end
|
297
|
+
```
|
298
|
+
|
299
|
+
## Requirements
|
300
|
+
|
301
|
+
* [Ruby] >= 3.1.0
|
302
|
+
* [nmap] >= 5.00
|
303
|
+
* [GraphViz][graphviz] (for SVG, PNG, or PDF output)
|
304
|
+
* [thread-local] ~> 1.0
|
305
|
+
* [async-io] ~> 1.0
|
306
|
+
* [async-dns] ~> 1.0
|
307
|
+
* [async-http] ~> 0.60
|
308
|
+
* [wordlist] ~> 1.0, >= 1.0.3
|
309
|
+
* [ronin-support] ~> 1.1
|
310
|
+
* [ronin-core] ~> 0.2
|
311
|
+
* [ronin-db] ~> 0.2
|
312
|
+
* [ronin-repos] ~> 0.1
|
313
|
+
* [ronin-masscan] ~> 0.1
|
314
|
+
* [ronin-nmap] ~> 0.1
|
315
|
+
* [ronin-web-spider] ~> 0.2
|
316
|
+
|
317
|
+
## Install
|
318
|
+
|
319
|
+
```shell
|
320
|
+
$ gem install ronin-recon
|
321
|
+
```
|
322
|
+
|
323
|
+
### Gemfile
|
324
|
+
|
325
|
+
```ruby
|
326
|
+
gem 'ronin-recon', '~> 0.1'
|
327
|
+
```
|
328
|
+
|
329
|
+
### gemspec
|
330
|
+
|
331
|
+
```ruby
|
332
|
+
gem.add_dependency 'ronin-recon', '~> 0.1'
|
333
|
+
```
|
334
|
+
|
335
|
+
## Post-Install
|
336
|
+
|
337
|
+
### Running `nmap` / `masscan` without `sudo`
|
338
|
+
|
339
|
+
You can configure `nmap` and `masscan` to run without `sudo` by setting their
|
340
|
+
capabilities:
|
341
|
+
|
342
|
+
```shell
|
343
|
+
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)
|
344
|
+
sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which masscan)
|
345
|
+
```
|
346
|
+
|
347
|
+
## Development
|
348
|
+
|
349
|
+
1. [Fork It!](https://github.com/ronin-rb/ronin-recon/fork)
|
350
|
+
2. Clone It!
|
351
|
+
3. `cd ronin-recon/`
|
352
|
+
4. `./scripts/setup`
|
353
|
+
5. `git checkout -b my_feature`
|
354
|
+
6. Code It!
|
355
|
+
7. `bundle exec rake spec`
|
356
|
+
8. `git push origin my_feature`
|
357
|
+
|
358
|
+
## License
|
359
|
+
|
360
|
+
ronin-recon - A micro-framework and tool for performing reconnaissance.
|
361
|
+
|
362
|
+
Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
363
|
+
|
364
|
+
ronin-recon is free software: you can redistribute it and/or modify
|
365
|
+
it under the terms of the GNU Lesser General Public License as published
|
366
|
+
by the Free Software Foundation, either version 3 of the License, or
|
367
|
+
(at your option) any later version.
|
368
|
+
|
369
|
+
ronin-recon is distributed in the hope that it will be useful,
|
370
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
371
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
372
|
+
GNU Lesser General Public License for more details.
|
373
|
+
|
374
|
+
You should have received a copy of the GNU Lesser General Public License
|
375
|
+
along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
376
|
+
|
377
|
+
[Ruby]: https://www.ruby-lang.org
|
378
|
+
[graphviz]: https://graphviz.org/
|
379
|
+
[nmap]: http://www.insecure.org/
|
380
|
+
[thread-local]: https://github.com/socketry/thread-local#readme
|
381
|
+
[async-io]: https://github.com/socketry/async-io#readme
|
382
|
+
[async-dns]: https://github.com/socketry/async-dns#readme
|
383
|
+
[async-http]: https://github.com/socketry/async-http#readme
|
384
|
+
[wordlist]: https://github.com/postmodern/wordlist.rb#readme
|
385
|
+
[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
|
386
|
+
[ronin-core]: https://github.com/ronin-rb/ronin-core#readme
|
387
|
+
[ronin-db]: https://github.com/ronin-rb/ronin-db#readme
|
388
|
+
[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme
|
389
|
+
[ronin-masscan]: https://github.com/ronin-rb/ronin-masscan#readme
|
390
|
+
[ronin-nmap]: https://github.com/ronin-rb/ronin-nmap#readme
|
391
|
+
[ronin-web-spider]: https://github.com/ronin-rb/ronin-web-spider#readme
|
data/Rakefile
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'bundler'
|
5
|
+
rescue LoadError => e
|
6
|
+
warn e.message
|
7
|
+
warn "Run `gem install bundler` to install Bundler"
|
8
|
+
exit(-1)
|
9
|
+
end
|
10
|
+
|
11
|
+
begin
|
12
|
+
Bundler.setup(:development)
|
13
|
+
rescue Bundler::BundlerError => e
|
14
|
+
warn e.message
|
15
|
+
warn "Run `bundle install` to install missing gems"
|
16
|
+
exit e.status_code
|
17
|
+
end
|
18
|
+
|
19
|
+
require 'rake'
|
20
|
+
|
21
|
+
require 'rubygems/tasks'
|
22
|
+
Gem::Tasks.new(sign: {checksum: true, pgp: true})
|
23
|
+
|
24
|
+
require 'rspec/core/rake_task'
|
25
|
+
RSpec::Core::RakeTask.new
|
26
|
+
|
27
|
+
namespace :spec do
|
28
|
+
RSpec::Core::RakeTask.new(:network) do |t|
|
29
|
+
t.rspec_opts = '--tag network'
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
task :test => :spec
|
34
|
+
task :default => :spec
|
35
|
+
|
36
|
+
require 'yard'
|
37
|
+
YARD::Rake::YardocTask.new
|
38
|
+
task :docs => :yard
|
39
|
+
|
40
|
+
require 'kramdown/man/task'
|
41
|
+
Kramdown::Man::Task.new
|
42
|
+
|
43
|
+
directory 'data/wordlists'
|
44
|
+
|
45
|
+
file 'data/wordlists/subdomains-1000.txt' => 'data/wordlists' do
|
46
|
+
sh 'wget -O data/wordlists/subdomains-1000.txt https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains-1000.txt'
|
47
|
+
end
|
48
|
+
|
49
|
+
file 'data/wordlists/subdomains-1000.txt.gz' => 'data/wordlists/subdomains-1000.txt' do
|
50
|
+
sh 'gzip -f data/wordlists/subdomains-1000.txt'
|
51
|
+
end
|
52
|
+
|
53
|
+
file 'data/wordlists/raft-small-directories.txt' => 'data/wordlists' do
|
54
|
+
sh 'wget -O data/wordlists/raft-small-directories.txt https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt'
|
55
|
+
end
|
56
|
+
|
57
|
+
file 'data/wordlists/raft-small-directories.txt.gz' => 'data/wordlists/raft-small-directories.txt' do
|
58
|
+
sh 'gzip -f data/wordlists/raft-small-directories.txt'
|
59
|
+
end
|
60
|
+
|
61
|
+
desc 'Generate built-in wordlists'
|
62
|
+
task :wordlists => %w[
|
63
|
+
data/wordlists/subdomains-1000.txt.gz
|
64
|
+
data/wordlists/raft-small-directories.txt.gz
|
65
|
+
]
|
66
|
+
|
67
|
+
require 'command_kit/completion/task'
|
68
|
+
CommandKit::Completion::Task.new(
|
69
|
+
class_file: 'ronin/recon/cli',
|
70
|
+
class_name: 'Ronin::Recon::CLI',
|
71
|
+
output_file: 'data/completions/ronin-recon'
|
72
|
+
)
|
73
|
+
|
74
|
+
task :setup => %w[wordlists man command_kit:completion]
|
data/bin/ronin-recon
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
root = File.expand_path(File.join(__dir__,'..'))
|
5
|
+
if File.file?(File.join(root,'Gemfile.lock'))
|
6
|
+
Dir.chdir(root) do
|
7
|
+
require 'bundler/setup'
|
8
|
+
rescue LoadError => e
|
9
|
+
warn e.message
|
10
|
+
warn "Run `gem install bundler` to install Bundler"
|
11
|
+
exit(-1)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
require 'ronin/recon/cli'
|
16
|
+
Ronin::Recon::CLI.start
|
@@ -0,0 +1,95 @@
|
|
1
|
+
# ronin-recon completion -*- shell-script -*-
|
2
|
+
|
3
|
+
# This bash completions script was generated by
|
4
|
+
# completely (https://github.com/dannyben/completely)
|
5
|
+
# Modifying it manually is not recommended
|
6
|
+
|
7
|
+
_ronin-recon_completions_filter() {
|
8
|
+
local words="$1"
|
9
|
+
local cur=${COMP_WORDS[COMP_CWORD]}
|
10
|
+
local result=()
|
11
|
+
|
12
|
+
if [[ "${cur:0:1}" == "-" ]]; then
|
13
|
+
echo "$words"
|
14
|
+
|
15
|
+
else
|
16
|
+
for word in $words; do
|
17
|
+
[[ "${word:0:1}" != "-" ]] && result+=("$word")
|
18
|
+
done
|
19
|
+
|
20
|
+
echo "${result[*]}"
|
21
|
+
|
22
|
+
fi
|
23
|
+
}
|
24
|
+
|
25
|
+
_ronin-recon_completions() {
|
26
|
+
local cur=${COMP_WORDS[COMP_CWORD]}
|
27
|
+
local compwords=("${COMP_WORDS[@]:1:$COMP_CWORD-1}")
|
28
|
+
local compline="${compwords[*]}"
|
29
|
+
|
30
|
+
case "$compline" in
|
31
|
+
'run'*'--config-file')
|
32
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
33
|
+
;;
|
34
|
+
|
35
|
+
'run'*'--worker-file')
|
36
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
37
|
+
;;
|
38
|
+
|
39
|
+
'worker'*'--file')
|
40
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
41
|
+
;;
|
42
|
+
|
43
|
+
'run'*'--output')
|
44
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
45
|
+
;;
|
46
|
+
|
47
|
+
'test'*'--file')
|
48
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
49
|
+
;;
|
50
|
+
|
51
|
+
'completion'*)
|
52
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-recon_completions_filter "--print --install --uninstall")" -- "$cur" )
|
53
|
+
;;
|
54
|
+
|
55
|
+
'worker'*'-f')
|
56
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
57
|
+
;;
|
58
|
+
|
59
|
+
'test'*'-f')
|
60
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
61
|
+
;;
|
62
|
+
|
63
|
+
'run'*'-C')
|
64
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
65
|
+
;;
|
66
|
+
|
67
|
+
'run'*'-o')
|
68
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -A file -- "$cur" )
|
69
|
+
;;
|
70
|
+
|
71
|
+
'worker'*)
|
72
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-recon_completions_filter "--file -f --verbose -v")" -- "$cur" )
|
73
|
+
;;
|
74
|
+
|
75
|
+
'test'*)
|
76
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-recon_completions_filter "--file -f --debug -D --param -p")" -- "$cur" )
|
77
|
+
;;
|
78
|
+
|
79
|
+
'new'*)
|
80
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-recon_completions_filter "--type -t --author -a --author-email -e --summary -S --description -D --reference -R --accepts -A --outputs -O --intensity -I")" -- "$cur" )
|
81
|
+
;;
|
82
|
+
|
83
|
+
'run'*)
|
84
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-recon_completions_filter "--debug -D --db --db-uri --db-file --config-file -C --worker -w --enable -e --disable -d --worker-file --param -p --concurrency -c --intensity --max-depth --output -o --output-format -F --import --ignore -I")" -- "$cur" )
|
85
|
+
;;
|
86
|
+
|
87
|
+
*)
|
88
|
+
while read -r; do COMPREPLY+=( "$REPLY" ); done < <( compgen -W "$(_ronin-recon_completions_filter "--version -V help completion irb new run test worker workers")" -- "$cur" )
|
89
|
+
;;
|
90
|
+
|
91
|
+
esac
|
92
|
+
} &&
|
93
|
+
complete -F _ronin-recon_completions ronin-recon
|
94
|
+
|
95
|
+
# ex: filetype=sh
|
@@ -0,0 +1,67 @@
|
|
1
|
+
#!/usr/bin/env -S ronin-recon test -f
|
2
|
+
|
3
|
+
require 'ronin/recon/<%= @worker_type[:file] -%>'
|
4
|
+
|
5
|
+
module Ronin
|
6
|
+
module Recon
|
7
|
+
class <%= @class_name -%> < <%= @worker_type[:class] %>
|
8
|
+
|
9
|
+
register '<%= @file_name -%>'
|
10
|
+
|
11
|
+
<%- if @author_name -%>
|
12
|
+
<%- if @author_email -%>
|
13
|
+
author <%= @author_name.inspect %>, email: <%= @author_email.inspect %>
|
14
|
+
<%- else -%>
|
15
|
+
author <%= @author_name.inspect %>
|
16
|
+
<%- end -%>
|
17
|
+
<%- else -%>
|
18
|
+
author "FIX ME", email: "FIXME@example.com"
|
19
|
+
<%- end -%>
|
20
|
+
<%- if @summary -%>
|
21
|
+
summary <%= @summary.inspect %>
|
22
|
+
<%- else -%>
|
23
|
+
summary "FIX ME"
|
24
|
+
<%- end -%>
|
25
|
+
<%- if @description -%>
|
26
|
+
description <<~DESC
|
27
|
+
<%= @description %>
|
28
|
+
DESC
|
29
|
+
<%- else -%>
|
30
|
+
description <<~DESC
|
31
|
+
FIX ME
|
32
|
+
DESC
|
33
|
+
<%- end -%>
|
34
|
+
<%- unless @references.empty? -%>
|
35
|
+
references [
|
36
|
+
<%- @references.each_with_index do |url,index| -%>
|
37
|
+
<%= url.inspect -%><% if index < @references.length-1 %>,<% end %>
|
38
|
+
<%- end -%>
|
39
|
+
]
|
40
|
+
<%- else -%>
|
41
|
+
# references [
|
42
|
+
# "https://...",
|
43
|
+
# "https://..."
|
44
|
+
# ]
|
45
|
+
<%- end -%>
|
46
|
+
|
47
|
+
<%- unless @accepts.empty? -%>
|
48
|
+
accepts <%= @accepts.join(', ') %>
|
49
|
+
<%- else -%>
|
50
|
+
accepts FIXME
|
51
|
+
<%- end -%>
|
52
|
+
<%- unless @outputs.empty? -%>
|
53
|
+
outputs <%= @outputs.join(', ') %>
|
54
|
+
<%- else -%>
|
55
|
+
outputs FIXME
|
56
|
+
<%- end -%>
|
57
|
+
<%- if @intensity -%>
|
58
|
+
intensity <%= @intensity.inspect %>
|
59
|
+
<%- end -%>
|
60
|
+
|
61
|
+
def process(value)
|
62
|
+
# ...
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
Binary file
|
Binary file
|
data/examples/recon.rb
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'ronin/recon/engine'
|
6
|
+
|
7
|
+
domain = Ronin::Recon::Values::Domain.new('example.com')
|
8
|
+
|
9
|
+
Ronin::Recon::Engine.run([domain], max_depth: 3) do |engine|
|
10
|
+
engine.on(:value) do |value,parent|
|
11
|
+
case value
|
12
|
+
when Ronin::Recon::Values::Domain
|
13
|
+
puts ">>> Found new domain #{value} for #{parent}"
|
14
|
+
when Ronin::Recon::Values::Nameserver
|
15
|
+
puts ">>> Found new nameserver #{value} for #{parent}"
|
16
|
+
when Ronin::Recon::Values::Mailserver
|
17
|
+
puts ">>> Found new mailserver #{value} for #{parent}"
|
18
|
+
when Ronin::Recon::Values::Host
|
19
|
+
puts ">>> Found new host #{value} for #{parent}"
|
20
|
+
when Ronin::Recon::Values::IP
|
21
|
+
puts ">>> Found new IP address #{value} for #{parent}"
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|