Giter Site home page Giter Site logo

ronin-rb / ronin-support Goto Github PK

View Code? Open in Web Editor NEW
25.0 7.0 9.0 4.72 MB

A support library for Ronin. Like activesupport, but for hacking!

Home Page: https://ronin-rb.dev

License: GNU Lesser General Public License v3.0

Ruby 99.96% HTML 0.04%
ruby library infosec hacking-library binary http fuzzing dns ssl cidr

ronin-support's Introduction

ronin-support

CI Code Climate Gem Version

Description

ronin-support is a support library for Ronin. ronin-support provides many Core Extensions to Ruby's built-in classes as well as its own Classes/Modules. ronin-support can be used by other Ruby libraries, tools, or scripts.

tl;dr It's like pwntools combined with activesupport.

ronin-support is part of the ronin-rb project, a Ruby toolkit for security research and development.

Features

Synopsis

$ irb -r ronin/support
irb(main):001:0> "hello world".base64_encode
=> "aGVsbG8gd29ybGQ=\n"
irb(main):002:0> "aGVsbG8gd29ybGQ=\n".base64_decode
=> "hello world"

Examples

require 'ronin/support'
include Ronin::Support

string = "hello world"
puts string.base64_encode

data = "aGVsbG8gd29ybGQ=\n"
puts data.base64_decode

For more examples of the convenience methods provided by ronin-support, please see the API documentation.

Requirements

Install

$ gem install ronin-support

Gemfile

gem 'ronin-support', '~> 0.5'

Development

  1. Fork It!
  2. Clone It!
  3. cd ronin-support
  4. bundle install
  5. git checkout -b my_feature
  6. Code It!
  7. bundle exec rake spec
  8. git push origin my_feature

License

Copyright (c) 2006-2023 Hal Brodigan (postmodern.mod3 at gmail.com)

ronin-support is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ronin-support is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with ronin-support. If not, see https://www.gnu.org/licenses/.

ronin-support's People

Contributors

danghvu avatar djcas9 avatar gfvcastro avatar postmodern avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

shizen-yasei netconstructor danghvu redteamcaliber yonasbsd gfvcastro ai-mozi sh3llsp4wn

ronin-support's Issues

Add String.parse

There should be a method which parses single and double-quoted Strings.

Add a hash identification method

There should be a hash identification method that checks length/charset. It could be added to String or maybe Digest? Unsure on name or where in ronin-support it should be added to.

cc @nullthreat

Add Ronin::Network::Proxy

Add a Ronin::Network::Proxy class for analyzing and manipulating TCP(SSL)/UDP protocols. This Proxy class would probably heavily use IO.select (instead of EventMachine or nio4r) to watch for IO events, and have callbacks for inspect/manipulating data.

Add String#fuzz

Add a fuzz method to the String class. This method will enumerate over possible mutations of a String. Can probably backport most of the code from sophsec/wordlist.

Examples

# Replace ":" with "\0"
"Content-Type: text/html".fuzz(':' => "\0")

# Replace ":" and the ending with "\0"
"Content-Type: text/html".fuzz(/[:$]/ => "\0")

# Replace ":" with "\n", "\r\n", "\0" then "::"
"Content-Type: text/html".fuzz(':' => ["\n", "\r\n", "\0", "::"])

# Replace ":" with bytes
"Content-Type: text/html".fuzz(':' => (0..0x10))

Go 1.9 mode only

MRI 1.8.7 has been EOLed. 1.9.x provides many additional convenience methods (such as File.write / File.binwrite). We could require ruby_version >= 1.9.1 or add backports as a dependency.

  • Ubuntu 12 now provides Ruby 1.9.2 packages.
  • Fedora 17 now provides Ruby 1.9.3 packages.
  • OSX still provides Ruby 1.8.7, although most OSX users prefer using RVM or rbenv.
  • JRuby 1.7.0 will use 1.9 mode as the default mode.

Add Binary::Struct

Add a simple Binary Struct, similar to FFI::Struct but using Binary::Packer under the hood (see issue #18).

Example

class Packet < Binary::Struct

  layout :length, :uint,
         :data, [:uchar, 100]

  def length
    @length || data.length 
  end

end

pkt = Packet.unpack(buffer)
pkt.length # => 5
pkt.data   # => "hello"

pkt = Packet.new
pkt.data = "hello"
pkt.pack
# => "\x00\x00\x00\x05hello\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

String#unhexdump should handle alternate endianness.

Just noticed that readelf -x outputs a hexdump of hexadecimal integers, but in big-endian encoding.

String#unhexdump was originally written with the od utility in mind, which outputs little-endian packed integers.

Add missing ssl network methods

Ronin::Network::SSL is missing the following methods:

  • ssl_open? (just use tcp_open?)
  • ssl_connect_and_send
  • ssl_banner
  • ssl_send
  • ssl_server
  • ssl_server_session
  • ssl_server_loop
  • ssl_accept

Add Binary::Template

Add a translation layer between binary types (:uint, :float, etc) and Array#pack codes.

Example

Template::TYPES[uint32_be] # => "N"

template = Template.new(:uint, [:uchar, 20])
template.pack(1234, "hello")
# => "\x00\x00\x04\xD2hello\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
template.unpack(_)
# => [1234, "hello"]

Consolidate network helper methods, deprecate old ones.

The number of TCP/UDP/UNIX helper methods has steadily increased. I think it's time to combine some of these specialized methods. Also, should this change occur in 0.5.0 or 0.6.0?

  1. Combine tcp_connect and tcp_session into tcp_open. When not given a block, the socket will be returned. When given a block, the socket will be yielded, then closed. Also this method could be called tcp_socket or simply tcp.
  2. Combine tcp_server and tcp_server_session into tcp_listen. When not given a block, the socket will be returned. When given a block, the socket will be yielded, then closed.

Hash identification method?

Should ronin-support have a Hash identification method. This method would accept a String, and determine possible hashing algorithms that may have generated it.

Add Float#pack

There should be a Float#pack method to match Integer#pack.

0.5.0.rc1 Ronin::Wordlist#save failure 

require 'ronin/wordlist'
words = %w[foo bar baz]
wl = Ronin::Wordlist.new(words, 'o' => ['0', '()'])
wl.save('wlmutate')

results in:

<path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/fuzzing/extensions/string.rb:339:in `block in mutate': uninitialized constant String::StringScanner (NameError)
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/fuzzing/extensions/string.rb:318:in `each'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/fuzzing/extensions/string.rb:318:in `mutate'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:232:in `block in each'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:206:in `each'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:206:in `each_word'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:227:in `each'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:275:in `block in save'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:274:in `open'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc1/lib/ronin/wordlist.rb:274:in `save'

Ronin::Network::UDP::Proxy.start issue with socket.recv

Consider:

require 'ronin/network/udp/proxy'
require 'hexdump'

Ronin::Network::UDP::Proxy.start(:port => 1194, :server => ['meow.com', 1194]) do |proxy|
  address = lambda { |socket|
    addrinfo = socket.peeraddr

    "#{addrinfo[3]}:#{addrinfo[1]}"
  }
  hex = Hexdump::Dumper.new

  proxy.on_client_data do |client,server,data|
    puts "#{address[client]} -> #{proxy}"
    hex.dump(data)
  end

  proxy.on_server_data do |client,server,data|
    proxy.close! if data =~ /QUIT/

    puts "#{address[client]} <- #{proxy}"
    hex.dump(data)
  end

end

results in:

$ ruby udp_proxy.rb 
<path>/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc2/lib/ronin/network/udp/proxy.rb:118:in `recv': undefined method `recv' for nil:NilClass (NoMethodError)
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc2/lib/ronin/network/udp/proxy.rb:67:in `poll'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc2/lib/ronin/network/proxy.rb:190:in `listen'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc2/lib/ronin/network/proxy.rb:155:in `start'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-support-0.5.0.rc2/lib/ronin/network/proxy.rb:142:in `start'
    from udp_proxy.rb:4:in `<main>'

v0.5.0.rc2 ronin wordlist incomplete argument sanity checking

I don't think this is very important, but there is not great error handling for the arguments. Assume I use the following command:

ronin wordlist -v -i wlmutate -m "{o=>'4'}" 
<path>/.rvm/gems/ruby-1.9.3-p194/gems/parameters-0.4.2/lib/parameters/options.rb:159:in `merge!': can't convert nil into Hash (TypeError)
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/parameters-0.4.2/lib/parameters/options.rb:159:in `block in define'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1391:in `call'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1391:in `block in parse_in_order'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1347:in `catch'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1347:in `parse_in_order'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1341:in `order!'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1432:in `permute!'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1453:in `parse!'
    from <path>/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/optparse.rb:1443:in `parse'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-1.4.1/lib/ronin/ui/cli/command.rb:211:in `start'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-1.4.1/lib/ronin/ui/cli/command.rb:166:in `start'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-1.4.1/lib/ronin/ui/cli/cli.rb:137:in `start'
    from <path>/.rvm/gems/ruby-1.9.3-p194/gems/ronin-1.4.1/bin/ronin:25:in `<top (required)>'
    from <path>/.rvm/gems/ruby-1.9.3-p194/bin/ronin:23:in `load'
    from <path>/.rvm/gems/ruby-1.9.3-p194/bin/ronin:23:in `<main>'

This should probably give an error message that describes that I should be using a specific ruby hash syntax

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.