Ronin "faster" 0.2.3 has been released
2009 / 05 / 07 — 1.9.x, CIDR, IPAddr, cache, cacheable, database, each, enumerable, extlib, faster, globbed, init, ip, iterate, overlay, overlays, performance, ronin, ruby, ruby19, rubygem, subcommands, try
The wait is over, Ronin 0.2.3 (code-named "faster") has finally been released. This release contains new code, more specs, some very important architectural changes and a few bug-fixes.
Ronin on Ruby 1.9.1
Probably the most important news in Ronin 0.2.3, is that Ronin is now Ruby 1.9.1 compatible. Ronin can now take advantage of the considerable performance improvements in Ruby 1.9.1-p0. If you tend to do security research and find yourself having to use Ruby 1.9.1, you should look into using Ronin.
Ronin also saw various architectural changes to help reduce load-times. The ronin/models.rb file was removed, which loaded models from the other Ronin libraries before the Database was setup. Now other Ronin libraries can call the Database.update! method, which will run non-destructive auto-migrations on the Database. Ronin::UI::CommandLine saw yet more refactoring. With the new Ronin::UI::CommandLine, sub-commands are loaded on-demand, instead of all at once.
Together these architectural changes have dramatically improved the load-time of Ronin's console. On systems that rarely run the Ruby interpreter, start-up times for Ronin should look like the following:
$ time (echo exit | (ronin > /dev/null)) real 0m3.841s user 0m1.141s sys 0m0.514s
On systems that regularly run the Ruby interpreter (thus caching frequently used memory and data) start-up times for Ronin will be a little quicker:
$ time (echo exit | (ronin > /dev/null)) real 0m1.656s user 0m1.137s sys 0m0.478s
New Convenience Methods
In 0.2.3 the IPAddr#each and IPAddr.each methods were added. It's somewhat common to need to iterate over a range of IP addresses. Say you have a CIDR notation IP address, and need to iterate over every IP address covered by it's netmask. Simply create a new IPAddr object and call each:
ip = IPAddr.new('10.1.1.1/24') ip.each do |addr| ... end
IPAddr.each('10.1.1-5.*') do |addr| ... end
Both IPAddr#each and IPAddr.each can iterate over IPv6 addresses.
Net.http_powered_by(:url => 'http://www.stalkdaily.com/') # => "PHP/5.2.9" Net.http_server(:url => 'http://www.darkc0de.com/) # => "Apache/2.2.11 (Unix) PHP/4.4.9 mod_ssl/2.2.11 OpenSSL/0.9.8c mod_fastcgi/2.4.6 Phusion_Passenger/2.1.2 DAV/2 SVN/1.4.2"
String#pad was also added in 0.2.3. The pad method doesn't do a lot, it merely pads a String out to a maximum length:
"hello".pad('A', 48) # => "helloAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
If you hate having to deal with exceptions in Ruby, the try method might prove useful. The try method simple attempts to run a block of code, catching and ignoring any exceptions that were raised:
require 'resolv' try do Resolv.getaddress('might.not.exist.com') end
Ronin::Objectify was replaced by the new Ronin::Cacheable module. Cacheable provides reliable caching and loading of Contextified objects with Ronin's Database. Using the new Cacheble module, the data you want cached into the database must be defined in a cache block:
ronin_exploit do cache do self.name = 'stupidhttpd' self.version = '0.2' self.author(:name => 'Postmodern') end ... end
The use of a cache block creates a separation between the data to be cached and the code which will eventually be loaded.
As of 0.2.3, overlays now support the automatic loading of the lib/init.rb file. So if you have code you'd like automatically loaded (maybe extensions to the Array class) from your Overlay, simply require it in the lib/init.rb file.
The loading of Extensions from Overlays became a little more robust in 0.2.3. If an exception is encountered when loading an extension file, the exception will be printed and the file ignored.