Links

A collection of ruby security resources. They are all written in ruby, but may also assess other platforms.

Client-Side

  • The BeEF Project - BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser

Code Quality

  • Reek - Code smell detector for ruby
  • Rubocop - Robust ruby code analyzer, based on the community ruby style guide

DevOps

  • Gauntlt - Be mean to your code and like it

Exploitation

  • Metasploit - Penetration testing software
  • PEdump - Dump Your PE!
  • Ragweed - Scriptable Win32/Linux/OSX debugger written in ruby
  • Ronin - Ronin is a ruby platform for vulnerability research and exploit development
  • Ruby BlackBag (rbkb) - Ruby BlackBag. Misc ruby-based pen-testing/reversing tools. Inspired by Matasano BlackBag
  • Ruckus - A DOM-Inspired Ruby Smart Fuzzer

Network

  • PacketFu - Mid-level packet manipulation library for ruby

Scanning

  • Arachni - Web application security scanner framework
  • Gengiscan - Fingerprint server side technology
  • Metasploit - Penetration testing software
  • Ruby-nmap - Rubyful interface to the Nmap exploration tool and security / port scanner
  • Watobo - Enables security professionals to perform highly efficient (semi-automated ) web application security audit
  • WPScan - Black box WordPress vulnerability scanner

Static / Code Analysis

  • Brakeman - Rails security scanner
  • Bundler-Audit - Provides patch-level verification for Bundled apps
  • Codesake::Dawn - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks

Service Interaction

  • PwnedCheck - Checks an email address to see if it’s found on http://haveibeenpwned.com

Secure Coding

  • Loofah - General library for manipulating and transforming HTML/XML documents and fragments

Shellcode / Assembly

  • Crabstone - Ruby binding to the capstone disassembly library
  • FFI-udis86 - Provides Ruby FFI bindings for the udis86, a x86 and x86-64 disassembler
  • Metasm - Ruby assembly manipulation suite (now included in Metasploit)
  • Ronin-asm - Ruby DSL for crafting Assembly programs and Shellcode

Spidering

  • Anemone - Ruby library that makes it quick and painless to write programs that spider a website
  • Spidr - Ruby web spidering library that can spider a site, multiple domains, certain links or infinitely
  • Tarantula - Crawls your Rails 2.3 and 3.x applications, fuzzing data to see what breaks

Guides to securing ruby code / configuration / links / etc.

Other Ruby security resources

Maintained by Carl Sampson(@chs)