ronin-brute
Description
ronin-brute is a micro-framework and tool for bruteforcing network services.
Features
- Uses asynchronous I/O and fibers.
- Supports defining new bruteforcer modules as plain old Ruby class.
- Supports builtin bruteforcers for:
- HTTP Basic-Auth
- HTTP login form
- FTP
- POP3
- IMAP
- MySQL
- Telnet
- SSH
- Supports loading additional bruteforcer modules from Ruby files or from installed 3rd-party git repositories.
Synopsis
$ ronin-brute
Examples
Start the bruteforceable http/basic_auth
docker
container in another terminal. The valid
credentials are admin
and password1234
.
Finds the first valid username and password:
require 'ronin/brute/builtin/http/basic_auth'
Ronin::Brute::HTTP::BasicAuth.find_first(
usernames: Wordlist.open('usernames.txt'),
passwords: Wordlist.open('passwords.txt'),
params: {
host: '0.0.0.0',
port: 8000
}
)
# => ["admin", "password1234"]
Requirements
- Ruby >= 3.1.0
- async ~> 2.0
- async-io ~> 1.0
- async-http ~> 0.60
- net-telnet ~> 0.2
- net-ssh ~> 7.2
- ruby-mysql ~> 4.1
- wordlist ~> 1.0
- ronin-support ~> 1.0
- ronin-core ~> 0.2
- ronin-repos ~> 0.1
Install
$ gem install ronin-brute
Gemfile
gem 'ronin-brute', '~> 0.1'
gemspec
gem.add_dependency 'ronin-brute', '~> 0.1'
Development
- Fork It!
- Clone It!
cd ronin-brute/
bundle install
git checkout -b my_feature
- Code It!
bundle exec rake spec
git push origin my_feature
License
Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)
ronin-brute is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
ronin-brute is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with ronin-brute. If not, see https://www.gnu.org/licenses/.