Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.
ronin commands.ronin irb Ruby REPL.ronin
libraries.Usage: ronin [options] [COMMAND [ARGS...]]
Options:
-h, --help Print help information
Arguments:
[COMMAND] The command name to run
[ARGS ...] Additional arguments for the command
Commands:
archive
asn
banner-grab
bitflip
cert-dump
cert-gen
cert-grab
completion
decode, dec
decrypt
dns
dns-proxy
email-addr
encode, enc
encrypt
entropy
escape
extract
grep
help
hexdump
highlight
hmac
homoglyph
host
http
ip
iprange
irb
md5
netcat, nc
new
pack
proxy
public-suffix-list
quote
rot
sha1
sha256
sha512
strings
tld-list
tips
typo
typosquat
unarchive
unescape
unhexdump
unpack
unquote
url
xor
Additional Ronin Commands:
$ ronin-repos
$ ronin-wordlists
$ ronin-db
$ ronin-web
$ ronin-fuzzer
$ ronin-masscan
$ ronin-nmap
$ ronin-recon
$ ronin-payloads
$ ronin-exploits
$ ronin-vulns
$ ronin-app
List ronin commands:
$ ronin help
View a man-page for a command:
$ ronin help COMMAND
Get a random tip on how to use ronin:
$ ronin tips
Open the Ronin Ruby REPL:
$ ronin irb
, Jµ ▓▓█▓
J▌ ▐▓██▌ ████ ██ ▐███D
╓▄▓▓█████▌ ██µ ████ ▄███ÖJ██▌ ███▌
,╓µ▄▄▄▄▄▄▄▄µ;, ,▄▓██████████ ▐███ ▐███▀ ███▌ ████µ ▄███
¬∞MÆ▓███████████████████████▓M ▄██████▀▀╙████▌ ████▌ ████ ▄███ J█████ ███▌
`█████▀▀▀▀▀███████ -████▀└ ████ ▐█████n ▄███O ███▌ ██████████
▓████L ████▀ ▓████ ▓███Ö ███████ ███▌ ▓███ ▐█████████▀
▄████▀ ,╓▄▄▄█████ J████Ü ,███▌ ▄███████████ J███▀ ████ █████
J█████████████████─ ████▌ ████ ████`██████▌ ████ ▐███Ü ▐███Ü
███████████▀▀▀╙└ ▐████ J███▌ ▓███▌ ²█████ J███Ü ███▌ ▀█▌
▓██████████▌ ████▌ ████ ;████ ▀███▀ ███▌ J▀▀▀- █
▄█████▀ ▀█████µ ▐████ ,▄▓████▀ ████▀ ███ J███ `
J█████- ╙▀███▄ ████████████▀╙ J█▀▀▀ █U ▀█▌
████▀ ▀███ ▄████████▀▀ ╨ █
▓██▀ ²▀█▄ █▀▀▀╙└
▄██╜ ╙W
J█▀
▌└
┘
irb(ronin)>
Starts and opens the interactive Web UI for Ronin:
$ ronin-app
Hexdumps data in a variety of formats:
$ ronin hexdump /bin/ls
Un-hexdumps a hexdump file back into it's original raw binary data:
$ ronin unhexdump -o data.bin hexdump.txt
Print all printable strings from a file:
$ ronin strings /bin/ls
Print all alphabetic strings from a file:
$ ronin strings --alpha /bin/ls
Print all alpha-numeric strings from a file:
$ ronin strings --alpha-num /bin/ls
Print all numeric strings from a file:
$ ronin strings --numeric /bin/ls
Print all hexadecimal strings from a file:
$ ronin strings --hex /bin/ls
Enumerate through all of the Bit-flips of a domain name:
$ ronin bitflip microsoft --alpha-num --append .com
licrosoft.com
oicrosoft.com
iicrosoft.com
eicrosoft.com
Microsoft.com
mhcrosoft.com
mkcrosoft.com
mmcrosoft.com
macrosoft.com
mycrosoft.com
...
Base64 encode a string:
$ ronin encode --base64 --string "foo bar baz"
Zm9vIGJhciBiYXo=
Zlib compresses, Base64 encodes, and then URI encode a string:
$ ronin encode --zlib --base64 --uri --string "foo bar"
%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A
Base64 decode a string:
$ ronin decode --base64 --string "Zm9vIGJhciBiYXo="
foo bar baz
URI decode, Base64 decode, and then zlib inflates a string:
$ ronin decode --uri --base64 --zlib --string "%65%4A%78%4C%79%38%39%58%53%45%6F%73%41%67%41%4B%63%41%4B%61%0A"
foo bar
URI escape a string:
$ ronin escape --uri --string "foo bar"
foo%20bar
URI unescape a string:
$ ronin unescape --uri --string "foo%20bar"
foo bar
Convert a file into a quoted C string:
$ ronin quote --c file.bin
"..."
Convert a file into a quoted JavaScript string:
$ ronin quote --js file.bin
Unquote a C string:
$ ronin unquote --c --string '"\x66\x6f\x6f\x20\x62\x61\x72"'
foo bar
Extract high-entropy data from a file:
$ ronin entropy -e 5.0 index.html
Grep for common patterns of data:
$ ronin grep --hash index.html
Extract common patterns from data:
$ ronin extract --hash index.html
Generate a random typo of a word:
$ ronin typo microsoft
microssoft
Enumerate over every typo variation of a word:
$ ronin typo --enum microsoft
microosoft
microsooft
microssoft
Generate a random homoglyph version of a word:
$ ronin homoglyph CEO
CEO
Enumerate over every homoglyph variation of a word:
$ ronin homoglyph --enum CEO
ϹEO
СEO
ⅭEO
CEO
CΕO
CЕO
CEO
CEΟ
CEО
CEO
Syntax-highlights a file:
$ ronin highlight index.html
AES-256 encrypt a file:
$ ronin encrypt --cipher aes-256-cbc --password "..." file.txt > encrypted.bin
Decrypt data:
$ ronin decrypt --cipher aes-256-cbc --password "..." encrypted.bin
Generates a HMAC for a file:
$ ronin hmac --hash sha1 --password "too many secrets" data.txt
Generates a HMAC for a string:
$ ronin hmac --hash sha1 --password "too many secrets" --string "..."
Calculate an MD5 checksum of a string:
$ ronin md5 --string "hello world"
5eb63bbbe01eeed093cb22bb8f5acdc3
Calculate the MD5 checksum of a file:
$ ronin md5 file.txt
Calculate the MD5 checksum of every line in a file:
$ ronin md5 --multiline file.txt
Calculate an SHA1 checksum of a string:
$ ronin sha1 --string "hello world"
2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
Calculate the SHA1 checksum of a file:
$ ronin sha1 file.txt
Calculate the SHA1 checksum of every line in a file:
$ ronin sha1 --multiline file.txt
Calculate an SHA256 checksum of a string:
$ ronin sha256 --string "hello world"
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
Calculate the SHA256 checksum of a file:
$ ronin sha256 file.txt
Calculate the SHA256 checksum of every line in a file:
$ ronin sha256 --multiline file.txt
Calculate an SHA512 checksum of a string:
$ ronin sha512 --string "hello world"
309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
Calculate the SHA512 checksum of a file:
$ ronin sha512 file.txt
Calculate the SHA512 checksum of every line in a file:
$ ronin sha512 --multiline file.txt
ROT-13 encodes a string:
$ ronin rot --string "The quick brown fox jumps over the lazy dog"
Gur dhvpx oebja sbk whzcf bire gur ynml qbt
XOR encodes a string:
$ ronin xor --key ABC --string "The quick brown fox jumps over the lazy dog"
"\x15*&a36(!(a 1.5-a$,9b)4/32b,7'1a6+$b/ 8:a&,&"
Query the ASN of an IP address:
$ ronin asn -I 4.2.2.1
4.0.0.0/9 AS3356 (US) LEVEL3
Get the system's external/public IP address:
$ ronin ip --public
Convert an IP address to decimal format:
$ ronin ip --decimal 127.0.0.1
2130706433
Convert a file of IP addresses into URLs:
$ ronin ip --file targets.txt --http
Enumerate over every IP address in the IP CIDR range:
$ ronin iprange 10.1.0.0/15
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
...
Enumerate over every IP address in the IP glob range:
$ ronin iprange 10.1-3.0.*
10.1.0.1
10.1.0.2
10.1.0.3
10.1.0.4
10.1.0.5
10.1.0.6
10.1.0.7
10.1.0.8
10.1.0.9
10.1.0.10
...
Enumerate over every IP address between two IP addresses:
$ ronin iprange --start 10.0.0.1 --stop 10.0.3.33
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
10.0.0.6
10.0.0.7
10.0.0.8
10.0.0.9
10.0.0.10
Connect to a remote TCP service:
$ ronin netcat -v example.com 80
Listen on a local TCP port:
$ ronin netcat -v -l 1337
Connect to a remote SSL/TLS service:
$ ronin netcat -v --ssl example.com 443
Connect to a remote UDP service:
$ ronin netcat -v -u example.com 1337
Listen on a local UDP port:
$ ronin netcat -v -u -l 1337
Opens a UNIX socket:
$ ronin netcat -v --unix /path/to/unix.socket
Hexdump all data received from a socket:
$ ronin netcat --hexdump example.com 80
GET / HTTP/1.1
Host: example.com
User-Agent: Ruby
00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.|
00000010 0a 41 67 65 3a 20 32 35 30 38 30 36 0d 0a 43 61 |.Age: 250806..Ca|
00000020 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 |che-Control: max|
00000030 2d 61 67 65 3d 36 30 34 38 30 30 0d 0a 43 6f 6e |-age=604800..Con|
00000040 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f |tent-Type: text/|
00000050 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 |html; charset=UT|
...
Query DNS records:
$ ronin dns -t TXT github.com
Find all registered TLDs for a host name:
$ ronin host --enum-tlds --registered github.com
github.ac
github.actor
github.ae
github.africa
github.agency
github.ai
...
Find all registered public suffixes for a host name:
$ ronin host --enum-suffix --registered github.com
example.com.ag
example.ai
example.al
example.am
example.com.ar
example.at
example.co.at
example.or.at
example.com.au
example.be
example.com.bh
...
Find all subdomains that have addresses:
$ ronin host --enum-subdomains subdomains.txt --has-addresses google.com
www.google.com
mail.google.com
smtp.google.com
ns1.google.com
ns2.google.com
m.google.com
ns.google.com
blog.google.com
admin.google.com
news.google.com
vpn.google.com
ns3.google.com
...
Enumerate over every possible typosquat variation of a domain:
$ ronin typosquat microsoft.com
microosoft.com
microsooft.com
microssoft.com
Find all of the registered typosquat domains for a valid domain:
$ ronin typosquat --registered microsoft.com
Find all of the typosquat domains with addresses for a valid domain:
$ ronin typosquat --has-addresses microsoft.com
Find all of the unregistered typosquat domains for a valid domain:
$ ronin typosquat --unregistered microsoft.com
De-obfuscate an email address:
$ ronin email-addr --deobfuscate "john [dot] smith [at] example [dot] com"
john.smith@example.com
Enumerate through all of the obfuscations of an email address:
$ ronin email-addr --enum-obfuscations john.smith@example.com
john.smith @ example.com
john.smith AT example.com
john.smith at example.com
john.smith[AT]example.com
john.smith[at]example.com
...
Dump information about a SSL/TLS certificate:
$ ronin cert-dump https://example.com/
Download a SSL/TLS certificate from a host and port:
$ ronin cert-grab github.com:443
Generate a new SSL/TLS certificate:
$ ronin cert-gen -c test.com -O "Test Co" -U "Test Dept" \
-L "Test City" -S NY -C US
Perform an HTTP GET request (with syntax highlighting):
$ ronin http https://example.com/
Send an HTTP request with additional headers:
$ ronin http --post --header "Authorization: ..." https://foo.bar/
Send an HTTP request with a known User-Agent string:
$ ronin http --post --user-agent chrome-android https://foo.bar/
Send an HTTP request with a custom User-Agent string:
$ ronin http --post --user-agent-string "..." https://foo.bar/
Open an interactive HTTP shell:
$ ronin http --shell https://example.com/
https://example.com/> help
help [COMMAND] Prints the list of commands or additional help
get PATH[?QUERY] [BODY] Performs a GET request
head PATH[?QUERY] Performs a HEAD request
patch PATH[?QUERY] [BODY] Performs a PATCH request
post PATH[?QUERY] [BODY] Performs a POST request
put PATH [BODY] Performs a PUT request
copy PATH DEST Performs a COPY request
delete PATH[?QUERY] Performs a DELETE request
lock PATH[?QUERY] Performs a LOCK request
options PATH[?QUERY] Performs a OPTIONS request
mkcol PATH[?QUERY] Performs a MKCOL request
move PATH[?QUERY] DEST Performs a MOVE request
propfind PATH[?QUERY] Performs a PROPFIND request
proppatch PATH[?QUERY] Performs a PROPPATCH request
trace PATH[?QUERY] Performs a TRACE request
unlock PATH[?QUERY] Performs a UNLOCK request
cd PATH Changes the base URL path
headers [{set | unset} NAME [VALUE]] Manages the request headers
Print the HTTP status of every URL in a file:
$ ronin url --file urls.txt --status
Generate a new Ruby script with ronin-support preloaded:
$ ronin new script foo.rb
Generate a new Ruby project with a Gemfile:
$ ronin new project foo
Generate a new nokogiri Ruby script for parsing HTML/XML:
$ ronin new nokogiri foo.rb
Generate a new ronin-web-server Ruby script:
$ ronin new web-server my_server.rb
Generate a new ronin-web-server based web app:
$ ronin new web-app my_app
Generate a new ronin-web-spider Ruby script:
$ ronin new web-spider --host=example.com my_spider.rb
Generate a ronin-listener-dns script:
$ ronin new dns-listener my_dns_listener.rb
Generate a ronin-dns-proxy script:
$ ronin new dns-proxy my_dns_proxy.rb
Generate a ronin-listener-http script:
$ ronin new http-listener my_http_listener.rb
Generate a ronin-exploits script:
$ ronin new exploit my_exploit.rb
Generate a ronin-payloads script:
$ ronin new payload my_payload.rb
Archive files:
$ ronin archive -o archive.zip file1.txt file2.txt
Archive files using tar format:
$ ronin archive -o archive.tar file1.txt file2.txt
Unarchive files:
$ ronin unarchive arch1.tar arch2.zip
Unarchive a file with explicit format:
$ ronin unarchive -f zip arch2.jar
curl -o ronin-install.sh https://raw.githubusercontent.com/ronin-rb/scripts/main/ronin-install.sh && bash ronin-install.sh
See the manual install instructions for how to install Ronin and it's additional dependencies on your platform.
If you prefer using Docker, there are also Docker images available:
docker pull roninrb/ronin
docker run -it roninrb/ronin
Additionally, if you want to mount your home directory into the docker image:
docker run --mount type=bind,source="$HOME",target=/home/ronin -it ronin
cd ronin./scripts/setupgit checkout -b my_featurebundle exec rake specgit push origin my_featureCopyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)
Ronin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Ronin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with Ronin. If not, see https://www.gnu.org/licenses/.
FAQs
Unknown package
We found that ronin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.