ronin-rb / ronin-app Goto Github PK
View Code? Open in Web Editor NEW[WIP] A local web interface for Ronin.
Home Page: https://ronin-rb.dev
License: GNU Affero General Public License v3.0
[WIP] A local web interface for Ronin.
Home Page: https://ronin-rb.dev
License: GNU Affero General Public License v3.0
Add a route and view for displaying metadata for a specific encoder.
Add systemd
service files for running ronin-app
. foreman export systemd
can export the files. They must also depend on the redis.service
service.
Add the typical red asterisk to all required form fields.
Could add this as a CSS class.
.label.is-required::after {
content: ' *';
color: red;
}
Would also need to add the usual blurb text " means a required field" to the forms.
Add every Nmap::Command
scan option to the /nmap
form and Schemas::NmapParams
.
Add a POST /vulns
route which will enqueue a job for scanning a URL for web vulnerabilities using ronin-vulns.
Flush out the /db/
routes and views. Must provide access to all other database models (ex: OpenPort
, Port
, ASN
, Credential
, etc) with links to other routes.
/db/urls
/db/urls/:id
/db/url_schemes
/db/url_schemes/:id
/db/url_query_param_names
/db/url_query_param_names/:id
/db/mac_addresses
/db/mac_address/:id
/db/open_ports
/db/open_port/:id
/db/services
/db/service/:id
/db/ports
/db/port/:id
/db/oses
/db/oses/:id
/db/asns
/db/asn/:id
/db/passwords
/db/password/:id
/db/user_names
/db/user_name/:id
/db/email_addresses
/db/email_address/:id
/db/credentials
/db/credential/:id
/db/software
/db/software/:id
/db/software_vendors
/db/software_vendors/:id
/db/advisories
/db/advisory/:id
Since the app uses ronin-db and [roin-db] supports configuring multiple databases, it should be possible to switch to another database as the app is running. Possibly the current database name would be stored in the session
cookie or sent to Sidekiq workers which import data into the database? I'm not sure how we would tell ActiveRecord
to use another database, or whether we'd simply call ActiveRecord.establish_connection
again to switch to another database?
Add a GET /vulns
route and form for scanning a URL for web vulnerabilities using ronin-vulns.
Add a /network/dns
route and form for performing arbitrary DNS queries. It should use JavaScript to send another HTTP request to another route (ex: /network/dns/query
), which would send the DNS query using Ronin::Support::Network::DNS::Resolver
and return the response object as JSON, which would then be parsed and rendered by the JavaScript.
There should also be an Import
checkbox that causes both the DNS query and response as Ronin::DB::DNSQuery
and Ronin::DB::DNSRecord
records.
Implement a vanilla JavaScript component for auto-completing local paths using a Bulma dropdown menu. The JavaScript should make background requests to the server, which would then attempt to lookup the path and return possible matches.
Example Bulma CSS + JavaScript auto-complete code: https://github.com/mattmezza/bulmahead
Note that all JavaScript must be vanilla ES6+ JavaScript. JavaScript frameworks or React are not allowed.
Add a Nix build file so users can run nix shell
and have all of the dependencies installed within a nix environment. I'm not a NixOS user and know little about it, so I'll need help on this one.
Package ronin-app
as a gem. Add gemspec.yml
and ronin-app.gemspec
files. This will allow easily installing ronin-app
as a gem, or being added as a dependency.
For some reason ActiveRecord randomly times out when accessing the sqlite3 database. Not sure if we need to configure ActiveRecord to somehow avoid this?
ActiveRecord::ConnectionTimeoutError - could not obtain a connection from the pool within 5.000 seconds (waited 5.003 seconds); all pooled connections were in use:
We need to clear the ActiveRecord connection pool or obtain/release an individual connection for the app routes and the SideKiq workers.
ronin-db-activerecord
0.2.0
added an notes
association to IPAddress
, HostName
, MACAddress
, EmailAddress
, URL
, etc. All /db/
show.erb
views should display notes
as Notes
. Also add a _notes.erb
partial template for rendering a notes
Array.
Change the Docker config/image to mount ~/.local/share/ronin-db/
as a volume. This can be done using the VOLUME
keyword. This should allow users to pull down the ronin-app
docker image and quickly run it with docker, and not have to use docker-compose
or pass in complex options to docker run
.
Add routes for listing Ronin::Exploits
, loading and displaying an exploit's metadata. Will need to figure out how to execute an exploit from the backend and provide a shell-like interface on the frontend similar to ronin-exploits run
's post-exploitation shell.
Add routes for accessing Ronin::Repos::CacheDir
. It should list installed repos, allow installing a repo from a git URI, updating repo(s), or uninstalling a repo.
Sidekiq::Web
is mounted on /sidekiq
, separate from the App
, but wants a rack.session
cookie.
Add an "Advanced Options" link which shows/hides the advanced options on forms.
Use the DATABASE_NAME
env variable to select the database to connect to by name in config/database.rb
.
Add a route for importing nmap XML files. Also add a Sidekiq worker for importing nmap XML files. The "upload" form should use a <input type="filePath">
input to only upload the file path, which will then be passed to the Sidekiq worker.
Once the app stabilizes take some screenshots of the various pages and add them to the README.
Honor the DATABASE_URL
env variable when connecting to the database.
Add a route for importing masscan scan files. Also add a Sidekiq worker for importing masscan scan files. The "upload" form should use a <input type="filePath">
input to only upload the file path, which will then be passed to the Sidekiq worker.
Listen on localhost
by default. Only listen on 0.0.0.0
when within docker.
Add validations to Validations::SpiderParams
to validate that the host is roughly a host-name and that the domain is roughly a domain-name, and not say a URI.
Add a Workers::Vulns
sidekiq worker class that scans a URL for web vulnerabilities using Ronin::Vulns::URLScanner
. It must create a report of found vulnerabilities that is somehow passed back to the frontend.
Add a route for updating a repo.
Add a ronin-app
command which can start the app.
Add a /recon
route and Workers::Recon
worker class that calls the ronin-recon library.
Add a route for displaying information about a specific repo.
Add a /jobs
or /queue
route which inspects Sidekiq::API
and shows current running jobs.
Add every Spidr::Agent#initialize
option to the /spider
form and Validations::SpiderParams
.
Add a route for deleting a repo.
Publish a pre-built ronin-app
docker image that uses it's own database on a separate volume (see #40).
Add a route and a view for running a payload encoder with given input data and displaying the output.
Add a route for listing all payload encoders in Ronin::Payloads::Encoders
.
Add a fancy D3 network graph visualization that can visualize a single IP, Host, or URL, then show related database records as connected nodes. When the user clicks on another node, load that node's related database records and render them as additional connected nodes. This will allow the user to explore the database without loading ALL of the data into the browser at once.
Add every Masscan::Command
scan option to the /masscan
form and Schemas::MasscanParams
.
Add a dark-mode switch to change the --bg-color
to a dark midnight blue color. See the minimal JavaScript on my blog as an example.
Add routes for listing Ronin::Payloads
, loading and viewing metadata about a specific payload, or building a payload.
The menu and logo is currently left-justified and doesn't look correct. They should be horizontally centered.
Note: the app uses Bulma CSS's .hero
and .container
CSS helper classes for the logo and menu.
Add a "Add Note" text area and form to all /db/``show.erb
views to allow adding a new comment to the notes
association of the record. This may also require adding a _add_note.erb
partial template.
As the number of IPAddress
es, HostName
s, and URL
s increase in the database, there should be pagination on the views/db/*.erb
views which list the records.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.