A collection of ruby security resources. They are all written in ruby, but may also assess other platforms.

Client-Side

• The BeEF Project - BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser

Code Quality

• Reek - Code smell detector for ruby
• Rubocop - Robust ruby code analyzer, based on the community ruby style guide

DevOps

• Gauntlt - Be mean to your code and like it

Exploitation

• Metasploit - Penetration testing software
• PEdump - Dump Your PE!
• Ragweed - Scriptable Win32/Linux/OSX debugger written in ruby
• Ronin - Ronin is a ruby platform for vulnerability research and exploit development
• Ruby BlackBag (rbkb) - Ruby BlackBag. Misc ruby-based pen-testing/reversing tools. Inspired by Matasano BlackBag
• Ruckus - A DOM-Inspired Ruby Smart Fuzzer

Network

• PacketFu - Mid-level packet manipulation library for ruby

Scanning

• Arachni - Web application security scanner framework
• Gengiscan - Fingerprint server side technology
• Metasploit - Penetration testing software
• Ruby-nmap - Rubyful interface to the Nmap exploration tool and security / port scanner
• Watobo - Enables security professionals to perform highly efficient (semi-automated ) web application security audit
• WPScan - Black box WordPress vulnerability scanner

Static / Code Analysis

• Brakeman - Rails security scanner
• Bundler-Audit - Provides patch-level verification for Bundled apps
• Codesake::Dawn - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks

Service Interaction

• PwnedCheck - Checks an email address to see if it’s found on http://haveibeenpwned.com

Secure Coding

• Loofah - General library for manipulating and transforming HTML/XML documents and fragments

Shellcode / Assembly

• Crabstone - Ruby binding to the capstone disassembly library
• FFI-udis86 - Provides Ruby FFI bindings for the udis86, a x86 and x86-64 disassembler
• Metasm - Ruby assembly manipulation suite (now included in Metasploit)
• Ronin-asm - Ruby DSL for crafting Assembly programs and Shellcode

Spidering

• Anemone - Ruby library that makes it quick and painless to write programs that spider a website
• Spidr - Ruby web spidering library that can spider a site, multiple domains, certain links or infinitely
• Tarantula - Crawls your Rails 2.3 and 3.x applications, fuzzing data to see what breaks

Guides to securing ruby code / configuration / links / etc.

• Attacking Ruby on Rails Applications
• Ruby - Security101
• Ruby for Pentesters
• Ruby on Rails Cheatsheet
• Ruby on Rails Security - Veracode
• Ruby on Rails Security 101
• Ruby on Rails Security Guide
• Ruby on Rails: Security
• Ruby Security Reviewer's Guide

Other Ruby security resources

• Ruby Advisory Database - A database of vulnerable Ruby gems
• The Ruby Toolbox - Security Tools

Maintained by Carl Sampson(@chs)