Ronin 0.2.1 "notashellscript" released

HTML, console, diagnostics, dorks, environment, extensions, fail, git, github, libxml2, milw0rm, nmap, nokogiri, notashellscript, overlays, platform, print_error, print_info, print_warning, refactor, rewrite, ronin, scanners, solid, subcommands, unescaped, verbose

Yesterday Ronin 0.2.1, code-name "notashellscript", was released. That's right, we finally surpassed the awkward 0.1.x phase. Although, I completely forgot to write about Ronin 0.2.0, code-named "solid", which is where most of the action occurred.

Ronin 0.2.0 saw the complete refactoring and specing of the Platform code, which manages Overlays and their Extensions. Besides the huge amount of bug-fixes, modularization and renaming, Overlays can now have their own top-level lib/ directories. Also, all of the lib/ directories contained within an Overlay and it's Extensions are added to the $LOAD_PATH upon activation. This allows for easier requiring of code embedded within Overlays.

Ronin 0.2.0 also saw the addition of the ronin/environment file, which loads all of the convenience methods, configuration from ~/.ronin/config.rb and starts Ronin's Database. The environment file makes it easier to load up all of Ronin (minus the Platform code) in an IRB session and get hacking.

Grey bearded hackers bemoan how every exploit, library and framework have their own special leet diagnostic printing format. Some prefer the defacto "[*] Message" while others go for the saucy "{+} Message". Well grey beards you have one more reason to bemoan, UI::Diagnostics was added to Ronin 0.2.0. The UI::Diagnostics module adds the print_info, print_warning and print_error methods to a class. The output of these methods are controlled by the UI::Verbose module.

Ronin 0.2.1, code-name "notashellscript", had a couple but still important changes. Ronin 0.2.1 has dropped REXML in favour of Nokogiri for XML support. Nokogiri brings faster XML/HTML parsing and building to Ronin, providing it's own set of bindings to libxml2.

UI::CommandLine was rewritten in Ronin 0.2.1. Now sub-commands are accessible by both the ronin sub-command --options style and git style sub-commands, such as ronin-command --options. The git style sub-commands provide a more direct way of calling sub-commands.

Many of Ronin's other libraries received convenience sub-commands which simply start the Ronin console with the specific library pre-loaded. Ever wanted to jump right into Ronin Dorks or Ronin Scanners, now you totally can:

$ ronin-scanners
>> Scanners::Nmap.scan(:targets => '10.1.1.*', :syn_scan => true)

Finally, I've started to practice what I preach by setting up my own Ronin Overlay to experiment with. Of course, the Overlay is hosted on github.com, so feel free to clone and fork away. To install the Overlay under Ronin, use the following command:

$ ronin install git://github.com/postmodern/postmodern-ronin.git

So far, I've added an extension which parses the exploit lists on milw0rm.com. The milw0rm extensions is accessible within Ronin using the following code:

$ ronin
>> puts Ronin.milw0rm.remote.recent

Ironically, while testing the extension I noticed that milw0rm does not properly escape the titles of their exploits, resulting in unescaped < and > characters in their HTML.