Skip to content
Snippets Groups Projects
Normal view Permalink
README.md 10.9 KiB
Newer Older
salt or ester's avatar
README.md
salt or ester committed
1 2 
# RUBICON - 4chan Command and Control Suite
salt or ester's avatar
Update README.md  
salt or ester committed
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 
# RUBICON 4CHAN COMMAND & CONTROL CENTER

## What is RUBICON?
**RUBICON** is a 4chan Command & Control Suite that has all sorts of neato APIs to run analytics or machine learning on 4chan boards and users.  It is [Dockerized](https://docs.docker.com/get-started/overview/), allowing for easy installation and compatibility across all platforms.

## Features

- Download All Current Threads/Comments on a 4chan Board
- Load Password Wordlists into RUBICON's [Redis Rainbow Table](https://gitgud.io/saltorester/rubicon/-/wikis/Rainbow-Table-API-Specification)
- [Encrypt](encrypttrip.php) a Password to get the Corresponding Insecure Tripcode
- [Decrypt](encrypttrip.php) a list of Insecure Tripcodes to get the Corresponding Passwords from Your [Rainbow Table](https://gitgud.io/saltorester/rubicon/-/wikis/Rainbow-Table-API-Specification)
- Get [Board Metrics and Statistics](boardstats.php)
  - Get Unique IPs per Thread
  - Get all Tripcode Users per Thread
  - Get all Named Users per Thread
  - Get all Capcode Users per Thread
  - Get the Signal2Noise Ratio per Thread to Identify Shills
- [Search](search.php)
  - Search Threads for a Named User
  - Search Threads for a Subject Keyword or Phrase
  - Search Threads for a Comment Keyword or Phrase

**PREMIUM FEATURES!**

- Botnet: Command & Control Center
- Botnet: VPN Switching (Nord, Express)
- Botnet: Automated Captcha Solving
- Botnet: Content Fuzzing (Organic Comments Based on Theme)
- Machine Learning: Supervised Learning
- Machine Learning: Unsupervised Learning
- Machine Learning: Semi-Supervised Learning
- Machine Learning: Reinforcement Learning
- Machine Learning: Deep Learning
- Dashboards & Analytics: Influencers
- Dashboards & Analytics: Shill Detection
- Dashboards & Analytics: Hivemind
- Full Data Model Access: All Boards, All Posts & Images


## How do I use RUBICON?
This wiki has all sorts of great information on RUBICON, including installation and API specifications.
Take a look:
+ [Rainbow Table APIs](https://gitgud.io/saltorester/rubicon/-/wikis/Rainbow-Table-API-Specification)
+ [Julius Module APIs](https://gitgud.io/saltorester/rubicon/-/wikis/Julius-API-Specification)
+ [Tripcode Encrypt/Decrypt APIs](https://gitgud.io/saltorester/rubicon/-/wikis/Tripcode-API-Specification)

# What is Julius?

**Julius** is a module in **RUBICON** which handles requests related to board search and statistics.

## Retrieving Your Dataset

To download all posts from a given board, use the following endpoint. This must be done first, otherwise the other endpoints will not be functional or may return stale data.

### **GET /julius/run**

+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/julius/run
+ Example response:
```
[30/05/2023 01:15:02\]/x/> scanning 34890163 
[30/05/2023 01:15:02\]/x/> scanning 34889739 
[30/05/2023 01:15:02\]/x/> scanning 34890685
[30/05/2023 01:15:02\]/x/> scanning 34892040
...
```

## Search the Dataset for Unique IPs per Thread
### **GET /julius/uniqueips**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/julius/uniqueips
+ Example response:

```
[["21676943",1],["34813865",116],["34849687",42],["34857977",63],
["34858375",85],["34867667",109],["34868239",103],["34868990",113],
["34869405",61],["34872097",76],["34874790",49]]
```

## Search the Dataset for Tripcode Users
### **GET /julius/alltripcodes**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/julius/alltripcodes
+ Example response:

```
[["34849687","!!jH3bLMw6N+k"],["34849687","!!jH3bLMw6N+k"],
["34858375","!!9Lm2qr\/d4NK"],["34868239","!OcAF\/xVAA."],
["34879130","!!f9JH9UwXtTr"],["34879130","!!f9JH9UwXtTr"],
["34879130","!!f9JH9UwXtTr"],["34879130","!!f9JH9UwXtTr"]]
```

## Search the Dataset for Capcode Users
### **GET /julius/capcode**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/julius/capcode
+ Example response:

```
[["21676943","mod"],["21676943","mod"],["21676943","mod"]]
```

## Search the Dataset for Named Users per Thread
### **GET /julius/namedusers**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/julius/namedusers
+ Example response:

```
[["34813865","Pommechrius"],["34813865","Aaron J"],["34813865","Aaron J"],
["34813865","Overman Z"],["34813865","Awesome"],["34849687","S3Anon"],
["34849687","S3Anon"],["34857977","Cerberus"],["34857977","Cult of Passion"],
...
```

## Search the Dataset for Named Users per Thread
### **POST /julius/namedusers**
+ Response 200 (application/json)
+ Example request: curl -X POST -d '{"name": "salt-or-ester"}' -H "Content-Type: application/json" localhost:8888/julius/search/name
+ Example response:

```
[["34884926","salt-or-ester"],["34884927","salt-or-ester"]
```

## Search the Dataset for Post Subject Keywords
### **POST /julius/subject**
+ Response 200 (application/json)
+ Example request: curl -X POST -d '{"subject": "/div/ - Divination General"}' -H "Content-Type: application/json" localhost:8888/julius/search/subject
+ Example response:

```
[["34893757","\/div\/ - Divination general: Real Lover Edition"]]
```

## Search the Dataset for Post Comment Keywords
### **POST /julius/comment**
+ Response 200 (application/json)
+ Example request: curl -X POST -d '{"comment": "might as well"}' -H "Content-Type: application/json" localhost:8888/julius/search/comment
+ Example response:

```
[["34875137","<a href=\"#p34876066\" class=\"quotelink\">&gt;&gt;34876066<\/a>
<br>That never happened. You might as well be asking what the name is of 
Toby Stark\u2019s assistant. You are brainwashed."],
["34886851","<a href=\"#p34887002\" class=\"quotelink\">&gt;&gt;34887002<\/a>
<br><span class=\"quote\">&gt;No<\/span><br>Anon you have to be invited to join 
the free world. You can&#039;t just walk in and say you want to join. 
You might as well quit this thread now but you&#039;re not becoming a man."],
...
```

## Get the Signal2Noise Metric From Your Dataset
The Signal2Noise metric provides a ratio of posts and posters.  This is useful in identifying shill threads.

### **GET /julius/s2n**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/julius/s2n
+ Example response:

```
[["21676943",0.5],["34813865",0.48945147679324896],
["34849687",0.45161290322580644],["34857977",0.43448275862068964],
["34858375",0.3601694915254237],["34867667",0.4052044609665427],
["34868239",0.39015151515151514],["34868990",0.4329501915708812],
...
```

# Encrypting and Decrypting Insecure Tricodes
**RUBICON** allows you to encrypt and decrypt multiple insecure tripcodes at once using 4chan's encryption algorithm.

## Encrypting Passwords
### **GET /encrypt/string**
+ Response 200 (application/json)
+ Example request: curl -X GET -d '{"stringToEncrypt":"salty"}' localhost:8888/encrypt/string
+ Example response:

```
xzsJ9xB1g2
```

## Decrypting Insecure Tripcodes
### **GET /decrypt/list**
+ Response 200 (application/json)
+ Example request: curl -X POST -d '{"tripcodeList":["pLcphjdEoI","RcZySq44CE","Ofltcn0wng"]}' -H "Content-Type: application/json" localhost:8888/decrypt/list
+ Example response:

```
[["pLcphjdEoI","comPUTER"],["RcZySq44CE","permutation3"],["Ofltcn0wng","smelly"]]
```


# RAINBOW TABLE APIs
## What is a rainbow table?
Rainbow tables are essentially large precomputed tables that contain pairs of plaintext passwords and their corresponding hashed values. These tables are generated in advance by hashing a vast number of possible plaintext passwords and storing the resulting hashes.

**RUBICON** utilizes [redis](https://redis.io/docs/about/) in many areas to increase speed and efficiency to replace what would normally require intensive i/o or processing.  Using redis, we can crack tripcodes with incredible speed, assuming your wordlists are comprehensive.

## Preparing Wordlists
The **RUBICON** Command & Control Center has various features that require user input for the initial setup.  Because tripcode testing is a key component of the suite, it's important we have proper wordlists in place to allow us to generate and crack tripcodes. 

**RUBICON** is containerzied, meaning the image is immutable, however you can keep wordlists locally and RUBICON will automatically copy them into the image for ingestion into redis.

To do this, create a folder called "wordlists", filled with plain-text wordlist files, and run the RUBICON Docker image from the parent directory.  There are many places to find wordlists for your specific purposes -- [SecLists](https://github.com/danielmiessler/SecLists) has a nice collection.  A popular (but small) wordlist [ignis-1M.txt](https://raw.githubusercontent.com/ignis-sec/Pwdb-Public/master/wordlists/ignis-1M.txt) is included in the Docker image by default.

## Loading wordlists into RUBICON
Calling the API below, RUBICON will scan the wordlists you've provided in your "wordlists" directory at runtime, then load them into redis.  You can have multiple wordlists in this directory and RUBICON will load them all.

### **GET /rainbow/build**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/rainbow/build

Depending on the size of your wordlists, it may take some time to build your rainbow table.  You can understand the status of the operation by calling the '/rainbow/count' API.

### **GET /rainbow/count**
+ Response 200 (application/json)
+ Example request: curl -X GET http://localhost:8888/rainbow/build
+ Example response: 8079256

Here we can see redis is holding 8079256 password/hash combinations.  This API can be run multiple times and you will know the process is finished when the build count no longer increases.

## Removing wordlists from RUBICON
You can easily remove all wordlists from redis by using the "purge" API.  Please note - this will remove **all** password/hash combinations from RUBICON.

### **DELETE /rainbow/purge**
+ Response 200 (application/json)
+ Example request: curl -X DELETE localhost:8888/rainbow/purge
salt or ester's avatar
README.md
salt or ester committed
232 
## Application Detail
salt or ester's avatar
Update README.md  
salt or ester committed
233 
Check out the [WIKI](https://gitgud.io/saltorester/rubicon/-/wikis/home) which has comprehensive documentation.
salt or ester's avatar
README.md
salt or ester committed
234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 

## Installation - Docker
RUBICON is containerized and can be pulled directly from Docker Hub.  This means the application and all it's dependencies are stored in an immutable image you can pull and run in your docker client.  Containerization also provides cross-platform compatibility.

### Install Windows Docker Desktop
https://docs.docker.com/desktop/install/windows-install/

### Install MacOS Docker Desktop
https://docs.docker.com/desktop/install/mac-install/

### Install Linux Docker Desktop
https://docs.docker.com/desktop/install/linux-install/

## Pull the RUBICON Docker Image
```
docker pull saltorester/rubicon
```
salt or ester's avatar
README.md  
salt or ester committed
252 
## Run the RUBICON Docker Image
salt or ester's avatar
README.md
salt or ester committed
253 254 255 
```
docker run -d -p 8888:8888 saltorester/rubicon
```
salt or ester's avatar
README.md  
salt or ester committed
256 257 258 

## Use RUBICON!
Just navigate your browser to [http://localhost:8888](http://localhost:8888).  The data model will automatically build, as will your Rainbow Table using the default wordlist (ignus-100k.txt).