Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Roman Rott – Ruby for Pentesters Slide 1 Roman Rott – Ruby for Pentesters Slide 2 Roman Rott – Ruby for Pentesters Slide 3 Roman Rott – Ruby for Pentesters Slide 4 Roman Rott – Ruby for Pentesters Slide 5 Roman Rott – Ruby for Pentesters Slide 6 Roman Rott – Ruby for Pentesters Slide 7 Roman Rott – Ruby for Pentesters Slide 8 Roman Rott – Ruby for Pentesters Slide 9 Roman Rott – Ruby for Pentesters Slide 10 Roman Rott – Ruby for Pentesters Slide 11 Roman Rott – Ruby for Pentesters Slide 12 Roman Rott – Ruby for Pentesters Slide 13 Roman Rott – Ruby for Pentesters Slide 14 Roman Rott – Ruby for Pentesters Slide 15 Roman Rott – Ruby for Pentesters Slide 16 Roman Rott – Ruby for Pentesters Slide 17 Roman Rott – Ruby for Pentesters Slide 18 Roman Rott – Ruby for Pentesters Slide 19 Roman Rott – Ruby for Pentesters Slide 20 Roman Rott – Ruby for Pentesters Slide 21
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

3 Likes

Share

Download to read offline

Roman Rott – Ruby for Pentesters

Download to read offline

OWASP Kyiv 27-05-2017 chapter meeting talk.
Video: https://www.youtube.com/watch?v=QtZy5wvAVAA

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Roman Rott – Ruby for Pentesters

  1. 1. RUBY FOR PENTESTERS by Roman Rott
  2. 2. RUBY FOR PENTESTERS PENTESTING FOR RUBYISTS VS
  3. 3. RUBY HAS ABILITIES AND TRICKS FOR DEALING WITH ALL STRINGS SCENARIOS ➤ Convert String/Binary to Hex; ➤ Convert Hex to String/Binary; ➤ Encode/Decode String; ➤ Regular Expressions; ➤ String extraction; ➤ Parsing HTML, XML, JSON, etc; ➤ Cryptography libs, MD5, SHA1,2 hash. Generating MySQL/ PostgreSQL, Windows Password Hashes, etc
  4. 4. TOOLS http://ronin-ruby.github.io/ Ronin Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits, Payloads, Scanners, etc, via Repositories.
  5. 5. TOOLS https://wpscan.org/ WPScan WordPress vulnerability scanner.
  6. 6. TOOLS https://www.morningstarsecurity.com/research/whatweb WhatWeb Recognizes web technologies including CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, etc
  7. 7. TOOLS https://github.com/rubysec/bundler-audit bundle-audit Patch-level verification for Bundler
  8. 8. TOOLS https://github.com/presidentbeef/brakeman brakeman Static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
  9. 9. FRAMEWORKS http://www.arachni-scanner.com/ Arachni Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.
  10. 10. FRAMEWORKS BeEF http://beefproject.com/ The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
  11. 11. FRAMEWORKS Metasploit
  12. 12. HELPERS https://github.com/iridakos/duckrails DuckRails Allows to quickly mock API endpoints, Setting response headers, Setting some advanced configuration (delays, dynamic headers, content type & status), etc.
  13. 13. HELPERS ➤ Oga - XML/HTML parser - https://github.com/YorickPeterse/oga ➤ html-pipeline - GitHub HTML processing filters and utilities. This module includes a small framework for defining DOM based content filters and applying them to user provided content. - https://github.com/jch/html-pipeline ➤ Happymapper allows you to parse XML data and convert it quickly and easily into ruby data structures. - https://github.com/dam5s/happymapper ➤ nokogiri - is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. - https://github.com/sparklemotion/nokogiri
  14. 14. BROWSER MANIPULATION Selenium Watir webdrivers
  15. 15. AUTOMATIZATION https://github.com/sophsec/ruby-nmap ruby-nmap
  16. 16. AUTOMATIZATION ➤ net-ping gem ➤ ruby-nmap gem ➤ etc.
  17. 17. AUTOMATIZATION Puppet https://puppet.com/ Chef Vagrant https://www.chef.io/chef/ https://www.vagrantup.com/ Docker https://www.docker.com/ +
  18. 18. COMMAND EXECUTION ➤ Kernel#` (back-ticks) ➤ Kernel#exec ➤ Kernel#system ➤ IO#popen ➤ Process#spawn ➤ %x"", %x[], %x{}, %x$’'$ ➤ Rake#sh
  19. 19. PACKAGING ➤ One-Click Ruby Application(OCRA) Builder ➤ Traveling-ruby ➤ RubyEncoder
  20. 20. EXTEND BURP SUITE USING JRUBY Jruby JRuby is a fully threaded Java implementation of the Ruby
  21. 21. The end.
  • trietptm

    Apr. 2, 2020
  • SurendiranS1

    Oct. 13, 2019
  • arAkgndz

    Oct. 4, 2017

OWASP Kyiv 27-05-2017 chapter meeting talk. Video: https://www.youtube.com/watch?v=QtZy5wvAVAA

Views

Total views

994

On Slideshare

0

From embeds

0

Number of embeds

12

Actions

Downloads

8

Shares

0

Comments

0

Likes

3

×