Merge branch 'main' into add_notes_edit

.github/workflows/ruby.yml

@@ -9,7 +9,6 @@ jobs:
       fail-fast: false
       matrix:
         ruby:
-          - '3.0'
           - '3.1'
           - '3.2'
           - '3.3'

.gitignore

@@ -1,6 +1,7 @@
 /Gemfile.lock
 /coverage
 /doc
+/pkg
 /log
 /man/*.1
 /tmp

.ruby-version

@@ -1 +1 @@
-ruby-3.1
+ruby-3.3

ChangeLog.md

@@ -1,4 +1,38 @@
-### 0.1.0 / 2023-XX-XX
+### 0.1.0 / 2024-07-22
 
 * Initial release:
+  * Provides a web interface to explore and search the
+    [ronin database][ronin-db].
+  * Allows managing [ronin-repos] from the web interface.
+  * Allows listing and building the built-in or installed 3rd-party
+    [payloads][ronin-payloads].
+  * Allows listing installed 3rd-party [exploits][ronin-exploits].
+  * Supports automating [nmap] and [masscan] scans and importing their results
+    into the [ronin database][ronin-db].
+  * Supports automating [spidering websites][ronin-web-spider] and importing all
+    visited URLs into the [ronin database][ronin-db].
+  * Supports performing recon using [ronin-recon] and importing all discovered
+    hostnames, IPs, and URLs into [ronin database][ronin-db].
+  * Supports testing URLs for web vulnerabilities using [ronin-vulns].
 
+[sqlite]: https://sqlite.org/
+[redis]: https://redis.io/
+[nmap]: https://nmap.org/
+[masscan]: https://github.com/robertdavidgraham/masscan#readme
+
+[Ruby]: https://www.ruby-lang.org/
+[dry-types]: https://dry-rb.org/gems/dry-types/
+[dry-schema]: https://dry-rb.org/gems/dry-schema/
+[dry-validation]: https://dry-rb.org/gems/dry-validation/
+
+[ronin-support]: https://github.com/ronin-rb/ronin-support#readme
+[ronin-repos]: https://github.com/ronin-rb/ronin-repos#readme
+[ronin-db]: https://github.com/ronin-rb/ronin-db#readme
+[ronin-payloads]: https://github.com/ronin-rb/ronin-payloads#readme
+[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme
+[ronin-exploits]: https://github.com/ronin-rb/ronin-exploits#readme
+[ronin-nmap]: https://github.com/ronin-rb/ronin-nmap#readme
+[ronin-masscan]: https://github.com/ronin-rb/ronin-masscan#readme
+[ronin-web-spider]: https://github.com/ronin-rb/ronin-web-spider#readme
+[ronin-recon]: https://github.com/ronin-rb/ronin-recon#readme
+[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme

Gemfile

@@ -3,8 +3,8 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'ruby-masscan', '~> 0.3', github: 'postmodern/ruby-masscan',
-                              branch: '0.3.0'
+# gem 'ruby-masscan', '~> 0.3', github: 'postmodern/ruby-masscan',
+#                               branch: 'main'
 
 # NOTE: do not auto-load gems which are meant to be executed at runtime
 gem 'puma',    require: false
@@ -13,35 +13,38 @@ gem 'sidekiq', require: false
 #
 # Ronin dependencies
 #
-gem 'ronin-support',    '~> 1.1', github: 'ronin-rb/ronin-support',
-                                  branch: '1.1.0'
-gem 'ronin-core',       '~> 0.2', github: 'ronin-rb/ronin-core',
-                                  branch: '0.2.0'
-gem 'ronin-db',         '~> 0.2', github: 'ronin-rb/ronin-db',
-                                  branch: '0.2.0'
-
-gem 'ronin-db-activerecord', '~> 0.2', github: 'ronin-rb/ronin-db-activerecord',
-                                       branch: '0.2.0'
-
-gem 'ronin-payloads',   '~> 0.1', github: 'ronin-rb/ronin-payloads'
-# gem 'ronin-exploits',   '~> 1.0', github: 'ronin-rb/ronin-exploits'
-gem 'ronin-vulns',      '~> 0.2', github: 'ronin-rb/ronin-vulns',
-                                  branch: '0.2.0'
-gem 'ronin-web-spider', '~> 0.2', github: 'ronin-rb/ronin-web-spider',
-                                  branch: '0.2.0'
-gem 'ronin-recon',      '~> 0.1', github: 'ronin-rb/ronin-recon'
-gem 'ronin-nmap',       '~> 0.1', github: 'ronin-rb/ronin-nmap'
-gem 'ronin-masscan',    '~> 0.1', github: 'ronin-rb/ronin-masscan'
-gem 'ronin-repos',      '~> 0.2', github: 'ronin-rb/ronin-repos',
-                                  branch: '0.2.0'
+# gem 'ronin-support',    '~> 1.1', github: 'ronin-rb/ronin-support',
+#                                   branch: 'main'
+# gem 'ronin-core',       '~> 0.2', github: 'ronin-rb/ronin-core',
+#                                   branch: 'main'
+# gem 'ronin-db',         '~> 0.2', github: 'ronin-rb/ronin-db',
+#                                   branch: 'main'
+
+# gem 'ronin-db-activerecord', '~> 0.2', github: 'ronin-rb/ronin-db-activerecord',
+#                                        branch: 'main'
+
+# gem 'ronin-payloads',   '~> 0.2', github: 'ronin-rb/ronin-payloads'
+# gem 'ronin-exploits',   '~> 1.1', github: 'ronin-rb/ronin-exploits',
+#                                   branch: 'main'
+# gem 'ronin-vulns',      '~> 0.2', github: 'ronin-rb/ronin-vulns',
+#                                   branch: 'main'
+# gem 'ronin-web-spider', '~> 0.2', github: 'ronin-rb/ronin-web-spider',
+#                                   branch: 'main'
+# gem 'ronin-recon',      '~> 0.1', github: 'ronin-rb/ronin-recon'
+# gem 'ronin-nmap',       '~> 0.1', github: 'ronin-rb/ronin-nmap'
+# gem 'ronin-masscan',    '~> 0.1', github: 'ronin-rb/ronin-masscan'
+# gem 'ronin-repos',      '~> 0.2', github: 'ronin-rb/ronin-repos',
+#                                   branch: 'main'
 
 group :development do
   gem 'rake', require: false
+  gem 'rack-test',        '~> 2.1', require: false
 
   gem 'rubygems-tasks',   '~> 0.2'
 
   gem 'rspec',            '~> 3.0', require: false
   gem 'simplecov',        '~> 0.20', require: false
+  gem 'capybara',         '~> 3.40', require: false
 
   gem 'kramdown',         '~> 2.0', require: false
   gem 'kramdown-man',     '~> 1.0', require: false

README.md

@@ -9,7 +9,8 @@
 ronin-app is a small web application that is meant to be ran locally by the
 user. It provides a web interface to [ronin-support], [ronin-repos], [ronin-db],
 [ronin-payloads], [ronin-exploits], as well as automating
-[ronin-nmap], [ronin-masscan], and [ronin-web-spider].
+[ronin-nmap], [ronin-masscan], [ronin-web-spider], [ronin-recon], and
+[ronin-vulns].
 
 ## Features
 
@@ -22,9 +23,65 @@ user. It provides a web interface to [ronin-support], [ronin-repos], [ronin-db],
   into the [ronin database][ronin-db].
 * Supports automating [spidering websites][ronin-web-spider] and importing all
   visited URLs into the [ronin database][ronin-db].
+* Supports performing recon using [ronin-recon] and importing all discovered
+  hostnames, IPs, and URLs into [ronin database][ronin-db].
+* Supports testing URLs for web vulnerabilities using [ronin-vulns].
 * Small memory footprint (~184K).
 * Fast (~1.251ms response time).
 
+## Screenshots
+
+<table>
+  <tbody>
+    <tr>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_nmap.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_masscan.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_recon.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_spider.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_scanning_vulns.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_db.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_db_ip_address.svg" />
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_repos.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_repos_show.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_payloads.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_payloads_show.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_payloads_build.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_exploits.svg" />
+      </td>
+      <td>
+        <img src="https://raw.githubusercontent.com/ronin-rb/ronin-app/main/screenshots/ronin_app_exploits_show.svg" />
+      </td>
+    </tr>
+  </tbody>
+</table>
+
 ## Synopsis
 
 ```
@@ -54,7 +111,15 @@ http://localhost:1337, if ran in a real terminal.
 * [redis-server][redis] >= 6.2
 * [nmap]
 * [masscan]
-* [Ruby] >= 3.0.0
+* [Ruby] >= 3.1.0
+
+**Note:** both `nmap` and `masscan` require additional Linux capabilities in
+order to be ran without `sudo` or `root` privileges.
+
+```shell
+sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which nmap)"
+sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$(which masscan)"
+```
 
 ## Security
 
@@ -146,3 +211,5 @@ along with ronin-app.  If not, see <http://www.gnu.org/licenses/>.
 [ronin-nmap]: https://github.com/ronin-rb/ronin-nmap#readme
 [ronin-masscan]: https://github.com/ronin-rb/ronin-masscan#readme
 [ronin-web-spider]: https://github.com/ronin-rb/ronin-web-spider#readme
+[ronin-recon]: https://github.com/ronin-rb/ronin-recon#readme
+[ronin-vulns]: https://github.com/ronin-rb/ronin-vulns#readme

Rakefile

@@ -40,3 +40,5 @@ Ronin::DB::Tasks.new(
     database: 'db/dev.sqlite3'
   }
 )
+
+task :setup => %w[man db:migrate]

app.rb

@@ -27,8 +27,8 @@
 require 'sinatra/reloader'
 
 # configuration
-require './config/database'
-require './config/sidekiq'
+require_relative 'config/database'
+require_relative 'config/sidekiq'
 
 # ronin libraries
 require 'ronin/repos'
@@ -39,6 +39,7 @@
 # param validations
 require 'ronin/app/validations/install_repo_params'
 require 'ronin/app/validations/import_params'
+require 'ronin/app/validations/http_params'
 
 # schema builders
 require 'ronin/app/schemas/payloads/encoders/encode_schema'
@@ -48,12 +49,12 @@
 require 'ronin/app/helpers/html'
 
 # worker classes
-require './workers/install_repo'
-require './workers/update_repo'
-require './workers/update_repos'
-require './workers/remove_repo'
-require './workers/purge_repos'
-require './workers/import'
+require_relative 'workers/install_repo'
+require_relative 'workers/update_repo'
+require_relative 'workers/update_repos'
+require_relative 'workers/remove_repo'
+require_relative 'workers/purge_repos'
+require_relative 'workers/import'
 
 require 'ronin/app/version'
 require 'sidekiq/api'
@@ -86,6 +87,10 @@ class App < Sinatra::Base
     include Pagy::Frontend
   end
 
+  after do
+    ActiveRecord::Base.connection_handler.clear_active_connections!
+  end
+
   get '/' do
     erb :index
   end
@@ -297,7 +302,7 @@ class App < Sinatra::Base
     erb :"exploits/index"
   end
 
-  get %r{/exploits(?<exploit_id>[a-z0-9_-]+(?:/[a-z0-9_-]+)*)} do
+  get %r{/exploits/(?<exploit_id>[A-Za-z0-9_-]+(?:/[A-Za-z0-9_-]+)*)} do
     @exploit = Ronin::Exploits.load_class(params[:exploit_id])
 
     erb :"exploits/show"
@@ -350,6 +355,28 @@ class App < Sinatra::Base
     erb :queue
   end
 
+  get '/network/http' do
+    erb :"network/http"
+  end
+
+  post '/network/http' do
+    result = Validations::HTTPParams.call(params)
+
+    if result.success?
+      kwargs = result.to_h
+      method = kwargs.delete(:method)
+      url    = kwargs.delete(:url)
+
+      @http_response = Ronin::Support::Network::HTTP.request(method,url,**kwargs)
+
+      erb :"network/http"
+    else
+      @params = params
+      @errors = result.errors
+      halt 400, erb(:"network/http")
+    end
+  end
+
   private
 
   #