ronin-recon 0.1.0.rc1

data/lib/ronin/recon/builtin/web/dir_enum.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/web_worker'
+require 'ronin/recon/root'
+
+require 'wordlist'
+require 'uri'
+require 'async/queue'
+require 'async/http/internet/instance'
+
+module Ronin
+  module Recon
+    module Web
+      #
+      # A recon worker that discovers HTTP directories.
+      #
+      class DirEnum < WebWorker
+
+        DEFAULT_WORDLIST = File.join(WORDLISTS_DIR, 'raft-small-directories.txt.gz')
+
+        register 'web/dir_enum'
+
+        summary 'Discovers HTTP directories for a website'
+
+        description <<~DESC
+          Discovers hidden directories on a website by sending HTTP HEAD
+          requests using a wordlist of common web directory names.
+        DESC
+
+        accepts Website
+        outputs URL
+        intensity :aggressive
+
+        param :concurrency, Integer, default: 10,
+                                     desc:    'Sets the number of async tasks'
+
+        param :wordlist, String, desc: 'Optional directory wordlist to use'
+
+        #
+        # Discovers HTTP directories for a given website.
+        #
+        # @param [Values::Website] website
+        #   The website to recon.
+        #
+        # @yield [url]
+        #   Every discovered directory will be passed to the block as a URL.
+        #
+        # @yieldparam [Values::URL] url
+        #   A URL representing an exposed directory.
+        #
+        def process(website)
+          wordlist = Wordlist.open(params[:wordlist] || DEFAULT_WORDLIST)
+          queue    = Async::LimitedQueue.new(params[:concurrency])
+          base_url = website.to_s
+
+          Async do |task|
+            task.async do
+              # feed the queue with the wordlist
+              wordlist.each { |name| queue << name }
+
+              # send stop messages for each sub-task
+              params[:concurrency].times { queue << nil }
+            end
+
+            # spawn the sub-tasks
+            params[:concurrency].times do
+              task.async do
+                http = Async::HTTP::Internet.instance
+
+                while (dir = queue.dequeue)
+                  path    = "/#{URI.encode_uri_component(dir)}"
+                  url     = "#{base_url}#{path}"
+                  retries = 0
+
+                  begin
+                    response = http.head(url)
+
+                    if VALID_STATUS_CODES.include?(response.status)
+                      yield URL.new(url, status:  response.status,
+                                         headers: response.headers)
+                    end
+                  rescue Errno::ECONNREFUSED,
+                         SocketError
+                    task.stop
+                  rescue StandardError
+                    if retries > 3
+                      next
+                    else
+                      retries += 1
+                      sleep 1
+                      retry
+                    end
+                  end
+                end
+              end
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/ronin/recon/builtin/web/email_addresses.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/web_worker'
+require 'ronin/recon/builtin/web/spider'
+require 'ronin/support/text/patterns'
+
+module Ronin
+  module Recon
+    module Web
+      #
+      # A recon worker that returns email addresses found on website.
+      #
+      class EmailAddresses < WebWorker
+
+        register 'web/email_addresses'
+
+        summary 'Extracts emails from a website'
+
+        description <<~DESC
+          Extracts all emails from a website.
+        DESC
+
+        accepts URL
+        outputs EmailAddress
+        intensity :passive
+
+        #
+        # Extract email addresses found in the pages body.
+        #
+        # @param [Values::URL] url
+        #   The URL of the page to extract email addresses from.
+        #
+        # @yield [email]
+        #   Each email address found on the page will be yielded.
+        #
+        # @yieldparam [Values::EmailAddress] email
+        #   Email address found on the page.
+        #
+        def process(url)
+          return nil unless url.body
+
+          email_pattern = Ronin::Support::Text::Patterns::EMAIL_ADDRESS
+
+          url.body.force_encoding(Encoding::UTF_8).scan(email_pattern) do |email|
+            yield EmailAddress.new(email)
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/ronin/recon/builtin/web/spider.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/web_worker'
+
+require 'ronin/web/spider'
+
+module Ronin
+  module Recon
+    module Web
+      #
+      # A recon worker that spiders a website.
+      #
+      class Spider < WebWorker
+
+        register 'web/spider'
+
+        summary 'Spiders a website'
+
+        description <<~DESC
+          Spiders a website and returns every URL.
+        DESC
+
+        accepts Website
+        outputs URL
+
+        #
+        # Spiders a website and yields every spidered URL.
+        #
+        # @param [Values::Website] website
+        #   The website value to start spidering.
+        #
+        # @yield [url]
+        #   Every spidered URL will be yielded.
+        #
+        # @yieldparam [Values::URL] url
+        #   A URL visited by the spider.
+        #
+        def process(website)
+          base_uri = website.to_uri
+
+          Ronin::Web::Spider.site(base_uri) do |agent|
+            agent.every_page do |page|
+              if VALID_STATUS_CODES.include?(page.code)
+                yield URL.new(page.url, status:  page.code,
+                                        headers: page.headers,
+                                        body:    page.body)
+              end
+            end
+
+            agent.every_javascript_url_string do |url,page|
+              uri = URI.parse(url)
+
+              case uri
+              when URI::HTTP
+                agent.enqueue(uri)
+              end
+            rescue URI::InvalidURIError
+              # ignore invalid URIs
+            end
+
+            agent.every_javascript_path_string do |path,page|
+              if (uri = page.to_absolute(path))
+                case uri
+                when URI::HTTP
+                  agent.enqueue(uri)
+                end
+              end
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/ronin/recon/builtin.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/builtin/dns/lookup'
+require 'ronin/recon/builtin/dns/reverse_lookup'
+require 'ronin/recon/builtin/dns/mailservers'
+require 'ronin/recon/builtin/dns/nameservers'
+require 'ronin/recon/builtin/dns/subdomain_enum'
+require 'ronin/recon/builtin/dns/suffix_enum'
+require 'ronin/recon/builtin/dns/srv_enum'
+require 'ronin/recon/builtin/net/ip_range_enum'
+require 'ronin/recon/builtin/net/port_scan'
+require 'ronin/recon/builtin/net/service_id'
+require 'ronin/recon/builtin/ssl/cert_grab'
+require 'ronin/recon/builtin/ssl/cert_enum'
+require 'ronin/recon/builtin/web/spider'
+require 'ronin/recon/builtin/web/dir_enum'

data/lib/ronin/recon/cli/command.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/root'
+
+require 'ronin/core/cli/command'
+
+module Ronin
+  module Recon
+    class CLI
+      #
+      # Base command for all `ronin-recon` commands.
+      #
+      class Command < Core::CLI::Command
+
+        man_dir File.join(ROOT,'man')
+
+        bug_report_url 'https://github.com/ronin-rb/ronin-recon/issues/new'
+
+      end
+    end
+  end
+end

data/lib/ronin/recon/cli/commands/completion.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/root'
+require 'ronin/core/cli/completion_command'
+
+module Ronin
+  module Recon
+    class CLI
+      module Commands
+        #
+        # Manages the shell completion rules for `ronin-recon`.
+        #
+        # ## Usage
+        #
+        #     ronin-recon completion [options]
+        #
+        # ## Options
+        #
+        #         --print                      Prints the shell completion file
+        #         --install                    Installs the shell completion file
+        #         --uninstall                  Uninstalls the shell completion file
+        #     -h, --help                       Print help information
+        #
+        # ## Examples
+        #
+        #     ronin-recon completion --print
+        #     ronin-recon completion --install
+        #     ronin-recon completion --uninstall
+        #
+        class Completion < Core::CLI::CompletionCommand
+
+          completion_file File.join(ROOT,'data','completions','ronin-recon')
+
+          man_dir File.join(ROOT,'man')
+          man_page 'ronin-recon-completion.1'
+
+          description 'Manages the shell completion rules for ronin-recon'
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/recon/cli/commands/irb.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/cli/command'
+require 'ronin/recon/cli/ruby_shell'
+
+module Ronin
+  module Recon
+    class CLI
+      module Commands
+        #
+        # Starts an interactive Ruby shell with `ronin-recon` loaded.
+        #
+        # ## Usage
+        #
+        #     ronin-recon irb [options]
+        #
+        # ## Options
+        #
+        #     -h, --help                       Print help information
+        #
+        class Irb < Command
+
+          description "Starts an interactive Ruby shell with ronin-recon loaded"
+
+          man_page 'ronin-recon-irb.1'
+
+          #
+          # Runs the `ronin-recon irb` command.
+          #
+          def run
+            require 'ronin/recon'
+            CLI::RubyShell.start
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/ronin/recon/cli/commands/new.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+#
+# ronin-recon - A micro-framework and tool for performing reconnaissance.
+#
+# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
+#
+# ronin-recon is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-recon is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-recon.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/recon/cli/command'
+require 'ronin/recon/root'
+
+require 'ronin/core/cli/generator'
+require 'ronin/core/cli/generator/options/author'
+require 'ronin/core/cli/generator/options/summary'
+require 'ronin/core/cli/generator/options/description'
+require 'ronin/core/cli/generator/options/reference'
+require 'ronin/core/git'
+
+require 'command_kit/inflector'
+require 'set'
+
+module Ronin
+  module Recon
+    class CLI
+      module Commands
+        #
+        # Creates a new recon worker file.
+        #
+        # ## Usage
+        #
+        #     ronin-recon new [options] FILE
+        #
+        # ## Options
+        #
+        #     -t, --type worker|dns|web        The type for the new recon worker
+        #     -a, --author NAME                The name of the author (Default: Postmodern)
+        #     -e, --author-email EMAIL         The email address of the author (Default: postmodern.mod3@gmail.com)
+        #     -S, --summary TEXT               One sentence summary
+        #     -D, --description TEXT           A longer description
+        #     -R, --reference URL              Adds a reference URL
+        #     -A cert|domain|email_address|host|ip_range|ip|mailserver|nameserver|open_port|url|website|wildcard,
+        #         --accepts                    The value type(s) the worker accepts
+        #     -O cert|domain|email_address|host|ip_range|ip|mailserver|nameserver|open_port|url|website|wildcard,
+        #         --outputs                    The value type(s) the worker outputs
+        #     -I passive|active|aggressive,    Specifies the intensity of the recon worker
+        #         --intensity
+        #     -h, --help                       Print help information
+        #
+        # ## Arguments
+        #
+        #     PATH                             The path to the new recon workerfile
+        #
+        class New < Command
+
+          include Core::CLI::Generator
+
+          template_dir File.join(ROOT,'data','templates')
+
+          usage '[options] FILE'
+
+          # Mapping of recon worker types and their file/class names.
+          WORKER_TYPES = {
+            worker: {
+              file:  'worker',
+              class: 'Worker'
+            },
+
+            dns: {
+              file:  'dns_worker',
+              class: 'DNSWorker'
+            },
+
+            web: {
+              file:  'web_worker',
+              class: 'WebWorker'
+            }
+          }
+
+          option :type, short: '-t',
+                        value: {type: WORKER_TYPES.keys},
+                        desc: 'The type for the new recon worker' do |type|
+                          @worker_type = WORKER_TYPES.fetch(type)
+                        end
+
+          include Core::CLI::Generator::Options::Author
+          include Core::CLI::Generator::Options::Summary
+          include Core::CLI::Generator::Options::Description
+          include Core::CLI::Generator::Options::Reference
+
+          # Mapping of value types and their class names.
+          VALUE_TYPES = {
+            cert:          'Cert',
+            domain:        'Domain',
+            email_address: 'EmailAddress',
+            host:          'Host',
+            ip_range:      'IPRange',
+            ip:            'IP',
+            mailserver:    'Mailserver',
+            nameserver:    'Nameserver',
+            open_port:     'OpenPort',
+            url:           'URL',
+            website:       'Website',
+            wildcard:      'Wildcard'
+          }
+
+          option :accepts, short: '-A',
+                           value: {
+                             type: VALUE_TYPES
+                           },
+                           desc: 'The value type(s) the worker accepts' do |value|
+                             @accepts << value
+                           end
+
+          option :outputs, short: '-O',
+                           value: {
+                             type: VALUE_TYPES
+                           },
+                           desc: 'The value type(s) the worker outputs' do |value|
+                             @outputs << value
+                           end
+
+          option :intensity, short: '-I',
+                             value: {
+                               type: [:passive, :active, :aggressive]
+                             },
+                             desc: 'Specifies the intensity of the recon worker' do |intensity|
+                               @intensity = intensity
+                             end
+
+          argument :path, desc: 'The path to the new recon worker file'
+
+          description 'Creates a new recon worker file'
+
+          man_page 'ronin-recon-new.1'
+
+          # The worker type information.
+          #
+          # @return [Hash{Symbol => String}, nil]
+          attr_reader :worker_type
+
+          # The values class names which the new worker will accept.
+          #
+          # @return [Set<String>]
+          attr_reader :accepts
+
+          # The values class names which the new worker will output.
+          #
+          # @return [Set<String>]
+          attr_reader :outputs
+
+          # The intensity level for the new worker.
+          #
+          # @return [:passive, :active, :aggressive, nil]
+          attr_reader :intensity
+
+          #
+          # Initializes the `ronin-recon new` command.
+          #
+          # @param [Hash{Symbol => Object}] kwargs
+          #   Additional keyword arguments.
+          #
+          def initialize(**kwargs)
+            super(**kwargs)
+
+            @worker_type = WORKER_TYPES.fetch(:worker)
+            @accepts     = Set.new
+            @outputs     = Set.new
+          end
+
+          #
+          # Runs the `ronin-recon new` command.
+          #
+          # @param [String] file
+          #   The path to the new recon worker file.
+          #
+          def run(file)
+            @directory  = File.dirname(file)
+            @file_name  = File.basename(file,File.extname(file))
+            @class_name = CommandKit::Inflector.camelize(@file_name)
+
+            mkdir @directory unless File.directory?(@directory)
+
+            erb "worker.rb.erb", file
+            chmod '+x', file
+          end
+
+        end
+      end
+    end
+  end
+end