Now that The Big Refactor has been completed and Ronin 2.0.0 has been released, it is now time to start focusing on the next big set of new features. I am calling this next big push “Phase 2”; think of The Big Refactor as “Phase 1”.

High-Level Plan

  • Import data from more external tools into the ronin-db.
    • nmap
    • masscan
  • Create a modular, recursive, and async recon engine.
    • Add additional worker classes for port scanning, subdomain enumeration, directory enumeration, etc.
  • Create a modular rule-based security scanning engine.
  • Create a protocol agnostic C2.
    • Initially support TCP, HTTP, and DNS, but should allow supporting any transport protocol.
    • Initially support JSON RPC 2.0 as the command message format, but should allow supporting any C2 command message format.
  • Create a local-only web interface for Ronin.
    • Allow searching and navigating all of ronin-db and it’s many models.
    • Allow performing nmap scans and importing the data into the ronin-db.
      • Map all of nmap’s options to HTTP form fields.
    • Allow performing masscan scans and importing the data into the ronin-db.
      • Map all of masscan’s options to HTTP form fields.
    • Allow spidering websites and import every URL into the ronin-db.
    • Allow performing recon and importing the results into the ronin-db.

New Libraries

  • ronin-dns-proxy (Done) - A configurable DNS proxy server library.
  • ronin-exfil-dns (Done) - A DNS server for receiving exfiltrated data.
  • ronin-exfil-http (Done) - A HTTP server for receiving exfiltrated data.
  • ronin-exfil (Done) - A Ruby CLI utility for receiving exfiltrated data.
  • ronin-web-session_cookie (Done) - A library for parsing and deserializing various session cookies.
  • ronin-wordlists (WIP) - A tool for managing and downloading wordlists.
  • ronin-nmap (WIP) - A tool for automating nmap, and querying or importing nmap XML into ronin-db.
  • ronin-masscan (WIP) - A tool for automating masscan, and querying or importing masscan output files into ronin-db.
  • ronin-recon (WIP) - A modular recursive recon engine.
  • ronin-scanner (Planned) - A modular scanner engine that can be hooked up to ronin-recon.
  • ronin-c2 (Prototyping) - A protocol agnostic C2 server.
  • ronin-app (WIP) - A local Web App for automated recon, scanning, and exploring the ronin-db.

If you want to see the complete list of GitHub Issues or see what is currently being worked on, checkout the GitHub Project Board. If any of these new projects seem interesting to you, consider joining our Discord server and getting involved.

If Ronin interests you or you like the work we do, consider donating to Ronin on GitHub, Patreon, or Open Collective so we can continue building high-quality free and Open Source security tools and Ruby libraries.