ronin-brute

• Website
• Source
• Issues
• Documentation
• Discord | Mastodon

Description

ronin-brute is a micro-framework and tool for bruteforcing network services.

Features

• Uses asynchronous I/O and fibers.
• Supports defining new bruteforcer modules as plain old Ruby class.
• Supports builtin bruteforcers for:
  • HTTP Basic-Auth
  • HTTP login form
  • FTP
  • POP3
  • IMAP
  • MySQL
  • Telnet
  • SSH
• Supports loading additional bruteforcer modules from Ruby files or from installed 3rd-party git repositories.

Synopsis

$ ronin-brute

Examples

Start the bruteforceable http/basic_auth docker container in another terminal. The valid credentials are admin and password1234.

Finds the first valid username and password:

require 'ronin/brute/builtin/http/basic_auth'

Ronin::Brute::HTTP::BasicAuth.find_first(
  usernames: Wordlist.open('usernames.txt'),
  passwords: Wordlist.open('passwords.txt'),
  params: {
    host: '0.0.0.0',
    port: 8000
  }
)
# => ["admin", "password1234"]

Requirements

• Ruby >= 3.1.0
• async ~> 2.0
• async-io ~> 1.0
• async-http ~> 0.60
• net-telnet ~> 0.2
• net-ssh ~> 7.2
• ruby-mysql ~> 4.1
• wordlist ~> 1.0
• ronin-support ~> 1.0
• ronin-core ~> 0.2
• ronin-repos ~> 0.1

Install

$ gem install ronin-brute

Gemfile

gem 'ronin-brute', '~> 0.1'

gemspec

gem.add_dependency 'ronin-brute', '~> 0.1'

Development

1. Fork It!
2. Clone It!
3. cd ronin-brute/
4. bundle install
5. git checkout -b my_feature
6. Code It!
7. bundle exec rake spec
8. git push origin my_feature

License

Copyright (c) 2023-2024 Hal Brodigan (postmodern.mod3@gmail.com)

ronin-brute is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ronin-brute is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with ronin-brute. If not, see https://www.gnu.org/licenses/.