Moon

Ronin "faster" 0.2.3 has been released

2009 / 05 / 07 — 1.9.x, CIDR, IPAddr, cache, cacheable, database, each, enumerable, extlib, faster, globbed, init, ip, iterate, overlay, overlays, performance, ronin, ruby, ruby19, rubygem, subcommands, try

The wait is over, Ronin 0.2.3 (code-named "faster") has finally been released. This release contains new code, more specs, some very important architectural changes and a few bug-fixes.

Ronin on Ruby 1.9.1

Probably the most important news in Ronin 0.2.3, is that Ronin is now Ruby 1.9.1 compatible. Ronin can now take advantage of the considerable performance improvements in Ruby 1.9.1-p0. If you tend to do security research and find yourself having to use Ruby 1.9.1, you should look into using Ronin.

Faster Load-Times

Ronin also saw various architectural changes to help reduce load-times. The ronin/models.rb file was removed, which loaded models from the other Ronin libraries before the Database was setup. Now other Ronin libraries can call the Database.update! method, which will run non-destructive auto-migrations on the Database. Ronin::UI::CommandLine saw yet more refactoring. With the new Ronin::UI::CommandLine, sub-commands are loaded on-demand, instead of all at once.

Together these architectural changes have dramatically improved the load-time of Ronin's console. On systems that rarely run the Ruby interpreter, start-up times for Ronin should look like the following:

$ time (echo exit | (ronin > /dev/null))

real	0m3.841s
user	0m1.141s
sys	0m0.514s

On systems that regularly run the Ruby interpreter (thus caching frequently used memory and data) start-up times for Ronin will be a little quicker:

$ time (echo exit | (ronin > /dev/null))

real	0m1.656s
user	0m1.137s
sys	0m0.478s

New Convenience Methods

In 0.2.3 the IPAddr#each and IPAddr.each methods were added. It's somewhat common to need to iterate over a range of IP addresses. Say you have a CIDR notation IP address, and need to iterate over every IP address covered by it's netmask. Simply create a new IPAddr object and call each:

ip = IPAddr.new('10.1.1.1/24')
ip.each do |addr|
  ...
end

Well that's sort of cool, but what if you have a globbed IP address, similar to the ones nmap accepts? IPAddr.each has you covered:

IPAddr.each('10.1.1-5.*') do |addr|
  ...
end

Both IPAddr#each and IPAddr.each can iterate over IPv6 addresses.

Net.http_powered_by and Net.http_server also got added in 0.2.3. These methods provide quick access to the X-Powered-By and Server HTTP headers, respectively.

Net.http_powered_by(:url => 'http://www.stalkdaily.com/')
# => "PHP/5.2.9"

Net.http_server(:url => 'http://www.darkc0de.com/)
# => "Apache/2.2.11 (Unix) PHP/4.4.9 mod_ssl/2.2.11 OpenSSL/0.9.8c mod_fastcgi/2.4.6 Phusion_Passenger/2.1.2 DAV/2 SVN/1.4.2"

String#pad was also added in 0.2.3. The pad method doesn't do a lot, it merely pads a String out to a maximum length:

"hello".pad('A', 48)
# => "helloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

If you hate having to deal with exceptions in Ruby, the try method might prove useful. The try method simple attempts to run a block of code, catching and ignoring any exceptions that were raised:

require 'resolv'

try do
  Resolv.getaddress('might.not.exist.com')
end

Cacheable

Ronin::Objectify was replaced by the new Ronin::Cacheable module. Cacheable provides reliable caching and loading of Contextified objects with Ronin's Database. Using the new Cacheble module, the data you want cached into the database must be defined in a cache block:

ronin_exploit do
  cache do
    self.name = 'stupidhttpd'
    self.version = '0.2'
    self.author(:name => 'Postmodern')
  end

  ...
end

The use of a cache block creates a separation between the data to be cached and the code which will eventually be loaded.

Overlays

As of 0.2.3, overlays now support the automatic loading of the lib/init.rb file. So if you have code you'd like automatically loaded (maybe extensions to the Array class) from your Overlay, simply require it in the lib/init.rb file.

The loading of Extensions from Overlays became a little more robust in 0.2.3. If an exception is encountered when loading an extension file, the exception will be printed and the file ignored.

Comments

blog comments powered by Disqus