ronin-recon 0.1.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.document +4 -0
- data/.github/workflows/ruby.yml +46 -0
- data/.gitignore +20 -0
- data/.rspec +1 -0
- data/.rubocop.yml +44 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/COPYING.txt +165 -0
- data/ChangeLog.md +36 -0
- data/Gemfile +62 -0
- data/README.md +391 -0
- data/Rakefile +74 -0
- data/bin/ronin-recon +16 -0
- data/data/completions/ronin-recon +95 -0
- data/data/templates/worker.rb.erb +67 -0
- data/data/wordlists/raft-small-directories.txt.gz +0 -0
- data/data/wordlists/subdomains-1000.txt.gz +0 -0
- data/examples/recon.rb +24 -0
- data/gemspec.yml +57 -0
- data/lib/ronin/recon/builtin/dns/lookup.rb +65 -0
- data/lib/ronin/recon/builtin/dns/mailservers.rb +64 -0
- data/lib/ronin/recon/builtin/dns/nameservers.rb +61 -0
- data/lib/ronin/recon/builtin/dns/reverse_lookup.rb +63 -0
- data/lib/ronin/recon/builtin/dns/srv_enum.rb +178 -0
- data/lib/ronin/recon/builtin/dns/subdomain_enum.rb +105 -0
- data/lib/ronin/recon/builtin/dns/suffix_enum.rb +168 -0
- data/lib/ronin/recon/builtin/net/ip_range_enum.rb +65 -0
- data/lib/ronin/recon/builtin/net/port_scan.rb +84 -0
- data/lib/ronin/recon/builtin/net/service_id.rb +75 -0
- data/lib/ronin/recon/builtin/ssl/cert_enum.rb +109 -0
- data/lib/ronin/recon/builtin/ssl/cert_grab.rb +76 -0
- data/lib/ronin/recon/builtin/ssl/cert_sh.rb +77 -0
- data/lib/ronin/recon/builtin/web/dir_enum.rb +121 -0
- data/lib/ronin/recon/builtin/web/email_addresses.rb +70 -0
- data/lib/ronin/recon/builtin/web/spider.rb +93 -0
- data/lib/ronin/recon/builtin.rb +34 -0
- data/lib/ronin/recon/cli/command.rb +40 -0
- data/lib/ronin/recon/cli/commands/completion.rb +61 -0
- data/lib/ronin/recon/cli/commands/irb.rb +57 -0
- data/lib/ronin/recon/cli/commands/new.rb +203 -0
- data/lib/ronin/recon/cli/commands/run.rb +420 -0
- data/lib/ronin/recon/cli/commands/test.rb +99 -0
- data/lib/ronin/recon/cli/commands/worker.rb +114 -0
- data/lib/ronin/recon/cli/commands/workers.rb +80 -0
- data/lib/ronin/recon/cli/debug_option.rb +45 -0
- data/lib/ronin/recon/cli/printing.rb +122 -0
- data/lib/ronin/recon/cli/ruby_shell.rb +51 -0
- data/lib/ronin/recon/cli/worker_command.rb +105 -0
- data/lib/ronin/recon/cli.rb +50 -0
- data/lib/ronin/recon/config.rb +371 -0
- data/lib/ronin/recon/dns_worker.rb +41 -0
- data/lib/ronin/recon/engine.rb +639 -0
- data/lib/ronin/recon/exceptions.rb +45 -0
- data/lib/ronin/recon/graph.rb +127 -0
- data/lib/ronin/recon/importer.rb +224 -0
- data/lib/ronin/recon/input_file.rb +81 -0
- data/lib/ronin/recon/message/job_completed.rb +60 -0
- data/lib/ronin/recon/message/job_failed.rb +69 -0
- data/lib/ronin/recon/message/job_started.rb +60 -0
- data/lib/ronin/recon/message/shutdown.rb +38 -0
- data/lib/ronin/recon/message/value.rb +76 -0
- data/lib/ronin/recon/message/worker_started.rb +51 -0
- data/lib/ronin/recon/message/worker_stopped.rb +51 -0
- data/lib/ronin/recon/mixins/dns.rb +639 -0
- data/lib/ronin/recon/mixins/http.rb +58 -0
- data/lib/ronin/recon/mixins.rb +21 -0
- data/lib/ronin/recon/output_formats/dir.rb +94 -0
- data/lib/ronin/recon/output_formats/dot.rb +155 -0
- data/lib/ronin/recon/output_formats/graph_format.rb +48 -0
- data/lib/ronin/recon/output_formats/graphviz_format.rb +115 -0
- data/lib/ronin/recon/output_formats/pdf.rb +43 -0
- data/lib/ronin/recon/output_formats/png.rb +43 -0
- data/lib/ronin/recon/output_formats/svg.rb +43 -0
- data/lib/ronin/recon/output_formats.rb +48 -0
- data/lib/ronin/recon/registry.rb +35 -0
- data/lib/ronin/recon/root.rb +33 -0
- data/lib/ronin/recon/scope.rb +112 -0
- data/lib/ronin/recon/value/parser.rb +113 -0
- data/lib/ronin/recon/value.rb +110 -0
- data/lib/ronin/recon/value_status.rb +87 -0
- data/lib/ronin/recon/values/cert.rb +168 -0
- data/lib/ronin/recon/values/domain.rb +88 -0
- data/lib/ronin/recon/values/email_address.rb +114 -0
- data/lib/ronin/recon/values/host.rb +137 -0
- data/lib/ronin/recon/values/ip.rb +123 -0
- data/lib/ronin/recon/values/ip_range.rb +155 -0
- data/lib/ronin/recon/values/mailserver.rb +61 -0
- data/lib/ronin/recon/values/nameserver.rb +61 -0
- data/lib/ronin/recon/values/open_port.rb +190 -0
- data/lib/ronin/recon/values/url.rb +218 -0
- data/lib/ronin/recon/values/website.rb +200 -0
- data/lib/ronin/recon/values/wildcard.rb +140 -0
- data/lib/ronin/recon/values.rb +32 -0
- data/lib/ronin/recon/version.rb +26 -0
- data/lib/ronin/recon/web_worker.rb +35 -0
- data/lib/ronin/recon/worker.rb +433 -0
- data/lib/ronin/recon/worker_pool.rb +203 -0
- data/lib/ronin/recon/workers.rb +260 -0
- data/lib/ronin/recon.rb +22 -0
- data/man/ronin-recon-completion.1 +76 -0
- data/man/ronin-recon-completion.1.md +78 -0
- data/man/ronin-recon-irb.1 +27 -0
- data/man/ronin-recon-irb.1.md +26 -0
- data/man/ronin-recon-new.1 +58 -0
- data/man/ronin-recon-new.1.md +59 -0
- data/man/ronin-recon-run.1 +137 -0
- data/man/ronin-recon-run.1.md +115 -0
- data/man/ronin-recon-test.1 +53 -0
- data/man/ronin-recon-test.1.md +55 -0
- data/man/ronin-recon-worker.1 +32 -0
- data/man/ronin-recon-worker.1.md +34 -0
- data/man/ronin-recon-workers.1 +29 -0
- data/man/ronin-recon-workers.1.md +31 -0
- data/man/ronin-recon.1 +57 -0
- data/man/ronin-recon.1.md +57 -0
- data/ronin-recon.gemspec +62 -0
- data/scripts/setup +58 -0
- metadata +364 -0
@@ -0,0 +1,371 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/exceptions'
|
22
|
+
|
23
|
+
require 'ronin/core/home'
|
24
|
+
require 'set'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Recon
|
28
|
+
#
|
29
|
+
# Represents configuration for the recon engine.
|
30
|
+
#
|
31
|
+
class Config
|
32
|
+
|
33
|
+
#
|
34
|
+
# Represents the set of workers to use.
|
35
|
+
#
|
36
|
+
# @api private
|
37
|
+
#
|
38
|
+
class Workers
|
39
|
+
|
40
|
+
include Enumerable
|
41
|
+
|
42
|
+
# The set of worker IDs.
|
43
|
+
#
|
44
|
+
# @return [Set<String>]
|
45
|
+
attr_reader :ids
|
46
|
+
|
47
|
+
#
|
48
|
+
# Initializes the workers.
|
49
|
+
#
|
50
|
+
# @param [Set<String>, Array<String>, Hash{String => Boolean}] workers
|
51
|
+
# The set of worker IDs.
|
52
|
+
#
|
53
|
+
# @raise [ArgumentError]
|
54
|
+
# The given workers argument was not a Set, Array, or Hash.
|
55
|
+
#
|
56
|
+
def initialize(workers)
|
57
|
+
case workers
|
58
|
+
when Set then @ids = workers.dup
|
59
|
+
when Array then @ids = workers.to_set
|
60
|
+
when Hash
|
61
|
+
@ids = DEFAULT.dup
|
62
|
+
|
63
|
+
workers.each do |worker_id,enabled|
|
64
|
+
if enabled then add(worker_id)
|
65
|
+
else delete(worker_id)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
else
|
69
|
+
raise(ArgumentError,"workers value must be a Set, Array, or Hash: #{workers.inspect}")
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
# The default workers configuration.
|
74
|
+
DEFAULT = Set[
|
75
|
+
'dns/lookup',
|
76
|
+
'dns/mailservers',
|
77
|
+
'dns/nameservers',
|
78
|
+
'dns/reverse_lookup',
|
79
|
+
'dns/srv_enum',
|
80
|
+
'dns/subdomain_enum',
|
81
|
+
'dns/suffix_enum',
|
82
|
+
'net/ip_range_enum',
|
83
|
+
'net/port_scan',
|
84
|
+
'net/service_id',
|
85
|
+
'ssl/cert_grab',
|
86
|
+
'ssl/cert_enum',
|
87
|
+
# NOTE: disabled due to rate limiting issues
|
88
|
+
# 'ssl/cert_sh',
|
89
|
+
'web/dir_enum',
|
90
|
+
'web/email_addresses',
|
91
|
+
'web/spider'
|
92
|
+
]
|
93
|
+
|
94
|
+
#
|
95
|
+
# Initializes the default workers.
|
96
|
+
#
|
97
|
+
# @return [Workers]
|
98
|
+
#
|
99
|
+
def self.default
|
100
|
+
new(DEFAULT)
|
101
|
+
end
|
102
|
+
|
103
|
+
#
|
104
|
+
# Adds a worker to the workers.
|
105
|
+
#
|
106
|
+
# @param [String] worker_id
|
107
|
+
# The worker ID to add.
|
108
|
+
#
|
109
|
+
# @return [self]
|
110
|
+
#
|
111
|
+
# @api public
|
112
|
+
#
|
113
|
+
def add(worker_id)
|
114
|
+
@ids.add(worker_id)
|
115
|
+
return self
|
116
|
+
end
|
117
|
+
|
118
|
+
#
|
119
|
+
# Deletes a worker from the workers.
|
120
|
+
#
|
121
|
+
# @param [String] worker_id
|
122
|
+
# The worker ID to disable.
|
123
|
+
#
|
124
|
+
# @api public
|
125
|
+
#
|
126
|
+
def delete(worker_id)
|
127
|
+
@ids.delete(worker_id)
|
128
|
+
return self
|
129
|
+
end
|
130
|
+
|
131
|
+
#
|
132
|
+
# Determines if the worker is enabled in the workers.
|
133
|
+
#
|
134
|
+
# @param [String] worker_id
|
135
|
+
# The worker ID to search for.
|
136
|
+
#
|
137
|
+
# @return [Boolean]
|
138
|
+
#
|
139
|
+
# @api public
|
140
|
+
#
|
141
|
+
def include?(worker_id)
|
142
|
+
@ids.include?(worker_id)
|
143
|
+
end
|
144
|
+
|
145
|
+
#
|
146
|
+
# Enumerates over each worker in the set.
|
147
|
+
#
|
148
|
+
# @yield [worker_id]
|
149
|
+
# The given block will be passed each worker ID in the set.
|
150
|
+
#
|
151
|
+
# @yieldparam [String] worker_id
|
152
|
+
# A worker ID in the set.
|
153
|
+
#
|
154
|
+
# @return [Enumerator]
|
155
|
+
# If no block is given, an Enumerator will be returned.
|
156
|
+
#
|
157
|
+
def each(&block)
|
158
|
+
@ids.each(&block)
|
159
|
+
end
|
160
|
+
|
161
|
+
#
|
162
|
+
# Compares the workers to another object.
|
163
|
+
#
|
164
|
+
# @param [Object] other
|
165
|
+
# The other object.
|
166
|
+
#
|
167
|
+
# @return [Boolean]
|
168
|
+
#
|
169
|
+
def eql?(other)
|
170
|
+
self.class == other.class && @ids == other.ids
|
171
|
+
end
|
172
|
+
|
173
|
+
alias == eql?
|
174
|
+
|
175
|
+
end
|
176
|
+
|
177
|
+
# The workers to use.
|
178
|
+
#
|
179
|
+
# @return [Workers]
|
180
|
+
#
|
181
|
+
# @api public
|
182
|
+
attr_reader :workers
|
183
|
+
|
184
|
+
# Params for individual workers.
|
185
|
+
#
|
186
|
+
# @return [Hash{String => Hash{Symbol => Object}}]
|
187
|
+
#
|
188
|
+
# @api public
|
189
|
+
attr_reader :params
|
190
|
+
|
191
|
+
# Concurrency values for individual workers.
|
192
|
+
#
|
193
|
+
# @return [Hash{String => Integer}]
|
194
|
+
#
|
195
|
+
# @api public
|
196
|
+
attr_reader :concurrency
|
197
|
+
|
198
|
+
#
|
199
|
+
# Initializes the recon engine configuration.
|
200
|
+
#
|
201
|
+
# @param [Workers] workers
|
202
|
+
# The workers to use.
|
203
|
+
#
|
204
|
+
# @param [Hash{String => Hash{Symbol => Object}}] params
|
205
|
+
# The params for individual workers.
|
206
|
+
#
|
207
|
+
# @param [Hash{String => Hash{Symbol => Object}}] concurrency
|
208
|
+
# The concurrency values for individual workers.
|
209
|
+
#
|
210
|
+
def initialize(workers: Workers.default, params: {}, concurrency: {})
|
211
|
+
@workers = workers
|
212
|
+
@params = params
|
213
|
+
@concurrency = concurrency
|
214
|
+
end
|
215
|
+
|
216
|
+
#
|
217
|
+
# Validates the loaded configuration data.
|
218
|
+
#
|
219
|
+
# @param [Object] data
|
220
|
+
# The loaded configuration data.
|
221
|
+
#
|
222
|
+
# @raise [InvalidConfig]
|
223
|
+
# The configuration data is not a Hash, does not contain Symbol keys,
|
224
|
+
# or does not contain Hashes.
|
225
|
+
#
|
226
|
+
# @return [true]
|
227
|
+
# The configuration data is valid.
|
228
|
+
#
|
229
|
+
def self.validate(data)
|
230
|
+
unless data.kind_of?(Hash)
|
231
|
+
raise(InvalidConfig,"must contain a Hash: #{data.inspect}")
|
232
|
+
end
|
233
|
+
|
234
|
+
if (workers = data[:workers])
|
235
|
+
unless (workers.kind_of?(Hash) || workers.kind_of?(Array))
|
236
|
+
raise(InvalidConfig,"workers value must be a Hash or an Array: #{workers.inspect}")
|
237
|
+
end
|
238
|
+
end
|
239
|
+
|
240
|
+
if (params_value = data[:params])
|
241
|
+
unless params_value.kind_of?(Hash)
|
242
|
+
raise(InvalidConfig,"params value must be a Hash: #{params_value.inspect}")
|
243
|
+
end
|
244
|
+
|
245
|
+
params_value.each do |worker_id,params_hash|
|
246
|
+
unless worker_id.kind_of?(String)
|
247
|
+
raise(InvalidConfig,"worker ID must be a String: #{worker_id.inspect}")
|
248
|
+
end
|
249
|
+
|
250
|
+
unless params_hash.kind_of?(Hash)
|
251
|
+
raise(InvalidConfig,"params value for worker (#{worker_id.inspect}) must be a Hash: #{params_hash.inspect}")
|
252
|
+
end
|
253
|
+
|
254
|
+
params_hash.each_key do |param_key|
|
255
|
+
unless param_key.kind_of?(Symbol)
|
256
|
+
raise(InvalidConfig,"param key for worker (#{worker_id.inspect}) must be a Symbol: #{param_key.inspect}")
|
257
|
+
end
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
261
|
+
|
262
|
+
if (concurrency_value = data[:concurrency])
|
263
|
+
unless concurrency_value.kind_of?(Hash)
|
264
|
+
raise(InvalidConfig,"concurrency value must be a Hash: #{concurrency_value.inspect}")
|
265
|
+
end
|
266
|
+
|
267
|
+
concurrency_value.each do |worker_id,concurrency|
|
268
|
+
unless worker_id.kind_of?(String)
|
269
|
+
raise(InvalidConfig,"worker ID must be a String: #{worker_id.inspect}")
|
270
|
+
end
|
271
|
+
|
272
|
+
unless concurrency.kind_of?(Integer)
|
273
|
+
raise(InvalidConfig,"concurrency value for worker (#{worker_id.inspect}) must be an Integer: #{concurrency.inspect}")
|
274
|
+
end
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
return true
|
279
|
+
end
|
280
|
+
|
281
|
+
#
|
282
|
+
# Loads configuration from a YAML file.
|
283
|
+
#
|
284
|
+
# @param [String] path
|
285
|
+
# The path to the YAML configuration file.
|
286
|
+
#
|
287
|
+
# @raise [InvalidConfigFile]
|
288
|
+
# The configuration file contained invalid YAML.
|
289
|
+
#
|
290
|
+
def self.load(path)
|
291
|
+
yaml = YAML.load_file(path)
|
292
|
+
|
293
|
+
begin
|
294
|
+
validate(yaml)
|
295
|
+
rescue InvalidConfig => error
|
296
|
+
raise(InvalidConfigFile,"invalid config file (#{path.inspect}): #{error.message}")
|
297
|
+
end
|
298
|
+
|
299
|
+
workers = if (workers_value = yaml[:workers])
|
300
|
+
Workers.new(workers_value)
|
301
|
+
else
|
302
|
+
Workers.default
|
303
|
+
end
|
304
|
+
|
305
|
+
params = yaml.fetch(:params,{})
|
306
|
+
concurrency = yaml.fetch(:concurrency,{})
|
307
|
+
|
308
|
+
return new(workers: workers, params: params, concurrency: concurrency)
|
309
|
+
end
|
310
|
+
|
311
|
+
# The path to the `~/.config/ronin-recon/config.yml` file.
|
312
|
+
DEFAULT_PATH = File.join(Core::Home.config_dir('ronin-recon'),'config.yml')
|
313
|
+
|
314
|
+
#
|
315
|
+
# The default configuration to use.
|
316
|
+
#
|
317
|
+
# @return [Config]
|
318
|
+
#
|
319
|
+
# @api public
|
320
|
+
#
|
321
|
+
def self.default
|
322
|
+
if File.file?(DEFAULT_PATH)
|
323
|
+
load(DEFAULT_PATH)
|
324
|
+
else
|
325
|
+
new
|
326
|
+
end
|
327
|
+
end
|
328
|
+
|
329
|
+
#
|
330
|
+
# Overrides the workers.
|
331
|
+
#
|
332
|
+
# @param [Workers, Set<String>, Array<String>] new_workers
|
333
|
+
# The new workers value.
|
334
|
+
#
|
335
|
+
# @return [Workers]
|
336
|
+
# The new workers value.
|
337
|
+
#
|
338
|
+
# @raise [ArgumentError]
|
339
|
+
# An invalid workers value was given.
|
340
|
+
#
|
341
|
+
# @api public
|
342
|
+
#
|
343
|
+
def workers=(new_workers)
|
344
|
+
@workers = case new_workers
|
345
|
+
when Workers then new_workers
|
346
|
+
when Set, Array, Hash then Workers.new(new_workers)
|
347
|
+
else
|
348
|
+
raise(ArgumentError,"new workers value must be a #{Workers}, Set, Array, or Hash: #{new_workers.inspect}")
|
349
|
+
end
|
350
|
+
end
|
351
|
+
|
352
|
+
#
|
353
|
+
# Compares the configuration with another object.
|
354
|
+
#
|
355
|
+
# @param [Object] other
|
356
|
+
# The other object.
|
357
|
+
#
|
358
|
+
# @return [Boolean]
|
359
|
+
#
|
360
|
+
def eql?(other)
|
361
|
+
self.class == other.class &&
|
362
|
+
@workers == other.workers &&
|
363
|
+
@params == other.params &&
|
364
|
+
@concurrency == other.concurrency
|
365
|
+
end
|
366
|
+
|
367
|
+
alias == eql?
|
368
|
+
|
369
|
+
end
|
370
|
+
end
|
371
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#
|
3
|
+
# ronin-recon - A micro-framework and tool for performing reconnaissance.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
|
6
|
+
#
|
7
|
+
# ronin-recon is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU Lesser General Public License as published
|
9
|
+
# by the Free Software Foundation, either version 3 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# ronin-recon is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU Lesser General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU Lesser General Public License
|
18
|
+
# along with ronin-recon. If not, see <https://www.gnu.org/licenses/>.
|
19
|
+
#
|
20
|
+
|
21
|
+
require 'ronin/recon/worker'
|
22
|
+
require 'ronin/recon/mixins/dns'
|
23
|
+
|
24
|
+
require 'ronin/support/network/dns'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Recon
|
28
|
+
#
|
29
|
+
# Base class for all DNS related workers.
|
30
|
+
#
|
31
|
+
# @api public
|
32
|
+
#
|
33
|
+
class DNSWorker < Worker
|
34
|
+
|
35
|
+
include Mixins::DNS
|
36
|
+
|
37
|
+
intensity :passive
|
38
|
+
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|