Ruby and Security

Carl Sampson, CSSLP
Carl Sampson, CSSLPCarl Sampson is a Senior Product Security Engineer at salesforce.com
Ruby and Security It’s not just for Python…
About Me • Carl Sampson • Twitter: @chs • Web: www.chs.us • Product Security Engineer at Salesforce • Former developer turned appsec guy • OWASP Indy chapter leader • Ruby enthusiast
Why Ruby? • One of the easiest languages to read and parse by anyone regardless of style – an_object.empty? – 3.times { puts “Hello, World” } – list_numbers.each {|num| print num} – [1, 2, 3].length
Why Ruby? • Package management system that makes it easy to share and modify tools – Standard format for distributing Ruby programs and libraries – RubyGems (http://rubygems.org)
Why Ruby? • Powerful introspection and object-oriented capabilities – Find out information about classes – Dynamically create classes/methods – Objectspace
Why Ruby? • Platform-independent support for multithreading – Leverages native features of the OS
Why Ruby? • Can be compiled and run natively on most platforms • Doesn’t require libraries such as cygwin to build on windows • Easy to embed within another application – API for calling from within C
Why Ruby? • Robust standard library included – 20, 964 functions and classes – Well-documented • Dash • Omniref (https://www.omniref.com/) • Ruby-doc (http://www.ruby-doc.org/) • Ri
Why Ruby? • Easy to extend existing classes to meet new needs (open classes) – Ruby classes are never closed
Why Ruby?
Why Ruby? • Easy to hook native libraries – FFI (interface with c-style libraries) – DL (bridge to dlopen) • Easy to extend using C
Why Ruby? • Lends itself to Domain Specific Language (DSL) creation – Programming language designed specifically to express solutions to problems in a specific domain – Sinatra – DSL for defining how to handle HTTP requests – Chef – DSL for automating server management tasks – Rspec – DSL for testing – ActiveRecord migrations
Why Ruby? • IRB – REPL for programming in ruby – Allows execution of Ruby commands with immediate response, allowing experimenting in real time – Blocks, mixins and monkey patching
Why Ruby? • Binary string processing and pattern matching
Why Ruby? • First-class regular expressions – Borrowed from Perl – Built-in without needing to include extra modules
Why Ruby? • Network protocol and file format parsing are well supported in Ruby – Most network protocols built in – Most everything else available as a gem
Why Ruby? • Cryptography, specifically comprehensive OpenSSL bindings – Exposes a huge portion of the API
Projects Using Ruby? • Metasploit – Ported from Perl in 2006 • Why? – Platform independent support for threading – Native interpreter for Windows – Enjoyed by the people that contribute to the framework
Projects Using Ruby? • Metasm – Assembler – Disassembler – Compiler – Part of the Metasploit project – https://github.com/jjyg/metasm
Projects Using Ruby • Ronin – Platform for vulnerability research and exploit development – Subprojects for database access, web scraping /spidering, assembly programming and shellcoding generation, exploit and payload crafting, bruteforcers, SQL injection, etc. – https://github.com/ronin-ruby/
Projects Using Ruby • Ruckus – DOM-inspired ruby fuzzer – Great for network protocols – Declare structures like you’re writing C • Define network protocol headers – Built in mutators for fuzzing
Projects Using Ruby • BeEF – Browser Exploitation Framework Project – Pen testing tool that focuses on the browser – http://beefproject.com/
Projects Using Ruby • Gauntlt – BE MEAN TO YOUR CODE AND LIKE IT – DSL (based on Cucumber) for interfacing with popular testing tools – http://gauntlt.org/
Projects Using Ruby • PEDump – Supports MZ & PE formats – Can dump every part of the executable – https://github.com/zed-0xff/pedump
Projects Using Ruby • Ruby BlackBag (rbkb) – Based on Matasano BlackBag – Misc Pen-testing/reversing tools – https://github.com/emonti/rbkb
Projects Using Ruby • Ragweed – Scriptable Win32/Linux/OSX debugger – https://github.com/tduehr/ragweed
Projects Using Ruby • PacketFu – Mid-level packet manipulation library – https://github.com/todb/packetfu
Projects Using Ruby • Arachni – Web application security scanner framework – Multiple deployment options (CLI, Web, Distributed) – Extensive security checks – Automated, distributed, high-performance JavaScript/DOM security debugger – http://www.arachni-scanner.com/
Projects Using Ruby • Brakeman – Open-source vulnerability scanner specifically designed for RoR applications – Developed and maintained by Twitter – http://brakemanscanner.org/
Projects Using Ruby • WPScan – Black box WordPress vulnerability scanner – http://wpscan.org/
Projects Using Ruby • RailsGoat – Vulnerable version of the RoR framework – OWASP project – https://github.com/OWASP/railsgoat
References • https://www.blackhat.com/presentations/bh-usa- 09/TRACY/BHUSA09-Tracy-RubyPentesters-PAPER.pdf • http://matasano.com/research/ruby_for_pentesters/Ruby- For-Pentesters.pdf • http://rubysecurity.info/
1 of 32

Ruby and Security

Download to read offline
Software

A discussion of ruby and security

Carl Sampson, CSSLP
Carl Sampson, CSSLPCarl Sampson is a Senior Product Security Engineer at salesforce.com

Recommended

Code for Startup MVP (Ruby on Rails) Session 1 by
Code for Startup MVP (Ruby on Rails) Session 1Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1Henry S
575 views16 slides
Go: What's Different ? by
Go: What's Different ?Go: What's Different ?
Go: What's Different ?Tarun Vashisth
24 views25 slides
Ruby in office time reboot by
Ruby in office time rebootRuby in office time reboot
Ruby in office time rebootKentaro Goto
1.7K views47 slides
Rubykaigi 2017-nishimotz-v6 by
Rubykaigi 2017-nishimotz-v6Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6Takuya Nishimoto
4.2K views26 slides
Why ruby by
Why rubyWhy ruby
Why rubyBill Chea
589 views8 slides
What's the "right" PHP Framework? by
What's the "right" PHP Framework?What's the "right" PHP Framework?
What's the "right" PHP Framework?Barry Jones
6K views41 slides

More Related Content

What's hot

Ruby Midwest 2010 jRuby by Charles Nutter by
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterSteven Chau
394 views17 slides
easyM2R by
easyM2ReasyM2R
easyM2RCarsten Klee
351 views10 slides
Repeating History...On Purpose...with Elixir by
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirBarry Jones
2.4K views57 slides
TSSJS 2011 - JRuby by
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRubyCharles Nutter
550 views20 slides
Scala vs ruby by
Scala vs rubyScala vs ruby
Scala vs rubyKamil Lelonek
1.7K views22 slides
Joe Damato by
Joe DamatoJoe Damato
Joe DamatoOntico
957 views115 slides

What's hot(20)

Ruby Midwest 2010 jRuby by Charles Nutter by Steven Chau
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles Nutter
Steven Chau394 views
easyM2R by Carsten Klee
easyM2ReasyM2R
easyM2R
Carsten Klee351 views
Repeating History...On Purpose...with Elixir by Barry Jones
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with Elixir
Barry Jones2.4K views
TSSJS 2011 - JRuby by Charles Nutter
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRuby
Charles Nutter550 views
Scala vs ruby by Kamil Lelonek
Scala vs rubyScala vs ruby
Scala vs ruby
Kamil Lelonek1.7K views
Joe Damato by Ontico
Joe DamatoJoe Damato
Joe Damato
Ontico957 views
Making CLI app in ruby by Huy Do
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in ruby
Huy Do1.8K views
Ruby formatters by Visuality
Ruby formattersRuby formatters
Ruby formatters
Visuality389 views
Day 1 - Intro to Ruby by Barry Jones
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to Ruby
Barry Jones990 views
Ruby on Rails : First Mile by Gourab Mitra
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First Mile
Gourab Mitra982 views
Crystal by Kamil Lelonek
CrystalCrystal
Crystal
Kamil Lelonek1.8K views
Ruby on rails by Batzorigt Rentsen
Ruby on railsRuby on rails
Ruby on rails
Batzorigt Rentsen112 views
Introduction To Rails by Eric Gruber
Introduction To RailsIntroduction To Rails
Introduction To Rails
Eric Gruber1.2K views
Programming languages used in Firefox OS by Prathamesh Chavan
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OS
Prathamesh Chavan424 views
Enterprise messaging by ColdFusionConference
Enterprise messagingEnterprise messaging
Enterprise messaging
ColdFusionConference1.5K views
CBDW2014 - Down the RabbitMQ hole with ColdFusion by Ortus Solutions, Corp
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusion
Ortus Solutions, Corp1.6K views
Ruby Beyond Rails by Gaveen Prabhasara
Ruby Beyond RailsRuby Beyond Rails
Ruby Beyond Rails
Gaveen Prabhasara2.5K views
10 Things you should know about Ruby by sikachu
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Ruby
sikachu5.1K views
Rfselenium2 redhat by Joonas Jauhiainen
Rfselenium2 redhatRfselenium2 redhat
Rfselenium2 redhat
Joonas Jauhiainen935 views
Ruby on Rails from an ASP.NET Perspective by Buddy Lindsey
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET Perspective
Buddy Lindsey368 views

Similar to Ruby and Security

Evalution about programming language part 1 by
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1Synapseindiappsdevelopment
322 views10 slides
sl slides-unit-1.pptx by
sl slides-unit-1.pptxsl slides-unit-1.pptx
sl slides-unit-1.pptxSRAVANTHISALLARAM1
466 views166 slides
Exploring Ruby on Rails and PostgreSQL by
Exploring Ruby on Rails and PostgreSQLExploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQLBarry Jones
3.2K views60 slides
Rubyonrails 090715105949-phpapp01 by
Rubyonrails 090715105949-phpapp01Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01sagaroceanic11
426 views26 slides
Swt by
SwtSwt
SwtNgoc Anh
298 views12 slides
An introduction to the ruby ecosystem by
An introduction to the ruby ecosystemAn introduction to the ruby ecosystem
An introduction to the ruby ecosystemGeison Goes
1.8K views19 slides

Similar to Ruby and Security(20)

Evalution about programming language part 1 by Synapseindiappsdevelopment
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1
Synapseindiappsdevelopment322 views
sl slides-unit-1.pptx by SRAVANTHISALLARAM1
sl slides-unit-1.pptxsl slides-unit-1.pptx
sl slides-unit-1.pptx
SRAVANTHISALLARAM1466 views
Exploring Ruby on Rails and PostgreSQL by Barry Jones
Exploring Ruby on Rails and PostgreSQLExploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQL
Barry Jones3.2K views
Rubyonrails 090715105949-phpapp01 by sagaroceanic11
Rubyonrails 090715105949-phpapp01Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01
sagaroceanic11426 views
Swt by Ngoc Anh
SwtSwt
Swt
Ngoc Anh298 views
An introduction to the ruby ecosystem by Geison Goes
An introduction to the ruby ecosystemAn introduction to the ruby ecosystem
An introduction to the ruby ecosystem
Geison Goes1.8K views
Rails - getting started by True North
Rails - getting startedRails - getting started
Rails - getting started
True North522 views
faastRuby - Building a FaaS platform with Redis (RedisConf19) by Paulo Arruda
faastRuby - Building a FaaS platform with Redis (RedisConf19)faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)
Paulo Arruda49 views
Building A FaaA Platform With Redis: Paulo Arruda by Redis Labs
Building A FaaA Platform With Redis: Paulo ArrudaBuilding A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo Arruda
Redis Labs306 views
Ruby On Rails by iradarji
Ruby On RailsRuby On Rails
Ruby On Rails
iradarji1.2K views
Meetup. Technologies Intro for Non-Tech People by IT Arena
Meetup. Technologies Intro for Non-Tech PeopleMeetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech People
IT Arena138 views
An introduction to Rails 3 by Blazing Cloud
An introduction to Rails 3An introduction to Rails 3
An introduction to Rails 3
Blazing Cloud846 views
Go - A Key Language in Enterprise Application Development? by C4Media
Go - A Key Language in Enterprise Application Development?Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?
C4Media180 views
Be faster then rabbits by Vladislav Bauer
Be faster then rabbitsBe faster then rabbits
Be faster then rabbits
Vladislav Bauer1.1K views
Ruby in prijatelji by Oto Brglez
Ruby in prijateljiRuby in prijatelji
Ruby in prijatelji
Oto Brglez782 views
Lois Patterson: Markup Languages and Warp-Speed Documentation by Jack Molisani
Lois Patterson: Markup Languages and Warp-Speed DocumentationLois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed Documentation
Jack Molisani562 views
Markup languages and warp-speed documentation by Lois Patterson
Markup languages and warp-speed documentationMarkup languages and warp-speed documentation
Markup languages and warp-speed documentation
Lois Patterson519 views
Why ruby and rails by Reuven Lerner
Why ruby and railsWhy ruby and rails
Why ruby and rails
Reuven Lerner472 views
ruby pentest by testgmailnormal
ruby pentestruby pentest
ruby pentest
testgmailnormal612 views
Rapid With Spring Roo by Morten Lileng
Rapid With Spring RooRapid With Spring Roo
Rapid With Spring Roo
Morten Lileng525 views

Recently uploaded

Airline Booking Software by
Airline Booking SoftwareAirline Booking Software
Airline Booking SoftwareSharmiMehta
9 views26 slides
What is API by
What is APIWhat is API
What is APIartembondar5
13 views15 slides
FOSSLight Community Day 2023-11-30 by
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30Shane Coughlan
7 views18 slides
Top-5-production-devconMunich-2023-v2.pptx by
Top-5-production-devconMunich-2023-v2.pptxTop-5-production-devconMunich-2023-v2.pptx
Top-5-production-devconMunich-2023-v2.pptxTier1 app
8 views42 slides
.NET Deserialization Attacks by
.NET Deserialization Attacks.NET Deserialization Attacks
.NET Deserialization AttacksDharmalingam Ganesan
5 views50 slides
predicting-m3-devopsconMunich-2023.pptx by
predicting-m3-devopsconMunich-2023.pptxpredicting-m3-devopsconMunich-2023.pptx
predicting-m3-devopsconMunich-2023.pptxTier1 app
8 views24 slides

Recently uploaded(20)

Airline Booking Software by SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta9 views
What is API by artembondar5
What is APIWhat is API
What is API
artembondar513 views
FOSSLight Community Day 2023-11-30 by Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan7 views
Top-5-production-devconMunich-2023-v2.pptx by Tier1 app
Top-5-production-devconMunich-2023-v2.pptxTop-5-production-devconMunich-2023-v2.pptx
Top-5-production-devconMunich-2023-v2.pptx
Tier1 app8 views
.NET Deserialization Attacks by Dharmalingam Ganesan
.NET Deserialization Attacks.NET Deserialization Attacks
.NET Deserialization Attacks
Dharmalingam Ganesan5 views
predicting-m3-devopsconMunich-2023.pptx by Tier1 app
predicting-m3-devopsconMunich-2023.pptxpredicting-m3-devopsconMunich-2023.pptx
predicting-m3-devopsconMunich-2023.pptx
Tier1 app8 views
The Path to DevOps by John Valentino
The Path to DevOpsThe Path to DevOps
The Path to DevOps
John Valentino5 views
The Era of Large Language Models.pptx by AbdulVahedShaik
The Era of Large Language Models.pptxThe Era of Large Language Models.pptx
The Era of Large Language Models.pptx
AbdulVahedShaik7 views
How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile... by Stefan Wolpers
How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile...How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile...
How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile...
Stefan Wolpers42 views
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation by HCLSoftware
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationDRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
HCLSoftware6 views
Using Qt under LGPL-3.0 by Burkhard Stubert
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0
Burkhard Stubert13 views
Bootstrapping vs Venture Capital.pptx by Zeljko Svedic
Bootstrapping vs Venture Capital.pptxBootstrapping vs Venture Capital.pptx
Bootstrapping vs Venture Capital.pptx
Zeljko Svedic15 views
Transport Management System - Shipment & Container Tracking by Freightoscope
Transport Management System - Shipment & Container TrackingTransport Management System - Shipment & Container Tracking
Transport Management System - Shipment & Container Tracking
Freightoscope 5 views
Playwright Retries by artembondar5
Playwright RetriesPlaywright Retries
Playwright Retries
artembondar56 views
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... by TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 views
Introduction to Git Source Control by John Valentino
Introduction to Git Source ControlIntroduction to Git Source Control
Introduction to Git Source Control
John Valentino7 views
ADDO_2022_CICID_Tom_Halpin.pdf by TomHalpin9
ADDO_2022_CICID_Tom_Halpin.pdfADDO_2022_CICID_Tom_Halpin.pdf
ADDO_2022_CICID_Tom_Halpin.pdf
TomHalpin95 views
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P... by NimaTorabi2
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
Unlocking the Power of AI in Product Management - A Comprehensive Guide for P...
NimaTorabi216 views
Benefits in Software Development by John Valentino
Benefits in Software DevelopmentBenefits in Software Development
Benefits in Software Development
John Valentino5 views
JioEngage_Presentation.pptx by admin125455
JioEngage_Presentation.pptxJioEngage_Presentation.pptx
JioEngage_Presentation.pptx
admin1254558 views

Ruby and Security

  • 1. Ruby and Security It’s not just for Python…
  • 2. About Me • Carl Sampson • Twitter: @chs • Web: www.chs.us • Product Security Engineer at Salesforce • Former developer turned appsec guy • OWASP Indy chapter leader • Ruby enthusiast
  • 3. Why Ruby? • One of the easiest languages to read and parse by anyone regardless of style – an_object.empty? – 3.times { puts “Hello, World” } – list_numbers.each {|num| print num} – [1, 2, 3].length
  • 4. Why Ruby? • Package management system that makes it easy to share and modify tools – Standard format for distributing Ruby programs and libraries – RubyGems (http://rubygems.org)
  • 5. Why Ruby? • Powerful introspection and object-oriented capabilities – Find out information about classes – Dynamically create classes/methods – Objectspace
  • 6. Why Ruby? • Platform-independent support for multithreading – Leverages native features of the OS
  • 7. Why Ruby? • Can be compiled and run natively on most platforms • Doesn’t require libraries such as cygwin to build on windows • Easy to embed within another application – API for calling from within C
  • 8. Why Ruby? • Robust standard library included – 20, 964 functions and classes – Well-documented • Dash • Omniref (https://www.omniref.com/) • Ruby-doc (http://www.ruby-doc.org/) • Ri
  • 9. Why Ruby? • Easy to extend existing classes to meet new needs (open classes) – Ruby classes are never closed
  • 11. Why Ruby? • Easy to hook native libraries – FFI (interface with c-style libraries) – DL (bridge to dlopen) • Easy to extend using C
  • 12. Why Ruby? • Lends itself to Domain Specific Language (DSL) creation – Programming language designed specifically to express solutions to problems in a specific domain – Sinatra – DSL for defining how to handle HTTP requests – Chef – DSL for automating server management tasks – Rspec – DSL for testing – ActiveRecord migrations
  • 13. Why Ruby? • IRB – REPL for programming in ruby – Allows execution of Ruby commands with immediate response, allowing experimenting in real time – Blocks, mixins and monkey patching
  • 14. Why Ruby? • Binary string processing and pattern matching
  • 15. Why Ruby? • First-class regular expressions – Borrowed from Perl – Built-in without needing to include extra modules
  • 16. Why Ruby? • Network protocol and file format parsing are well supported in Ruby – Most network protocols built in – Most everything else available as a gem
  • 17. Why Ruby? • Cryptography, specifically comprehensive OpenSSL bindings – Exposes a huge portion of the API
  • 18. Projects Using Ruby? • Metasploit – Ported from Perl in 2006 • Why? – Platform independent support for threading – Native interpreter for Windows – Enjoyed by the people that contribute to the framework
  • 19. Projects Using Ruby? • Metasm – Assembler – Disassembler – Compiler – Part of the Metasploit project – https://github.com/jjyg/metasm
  • 20. Projects Using Ruby • Ronin – Platform for vulnerability research and exploit development – Subprojects for database access, web scraping /spidering, assembly programming and shellcoding generation, exploit and payload crafting, bruteforcers, SQL injection, etc. – https://github.com/ronin-ruby/
  • 21. Projects Using Ruby • Ruckus – DOM-inspired ruby fuzzer – Great for network protocols – Declare structures like you’re writing C • Define network protocol headers – Built in mutators for fuzzing
  • 22. Projects Using Ruby • BeEF – Browser Exploitation Framework Project – Pen testing tool that focuses on the browser – http://beefproject.com/
  • 23. Projects Using Ruby • Gauntlt – BE MEAN TO YOUR CODE AND LIKE IT – DSL (based on Cucumber) for interfacing with popular testing tools – http://gauntlt.org/
  • 24. Projects Using Ruby • PEDump – Supports MZ & PE formats – Can dump every part of the executable – https://github.com/zed-0xff/pedump
  • 25. Projects Using Ruby • Ruby BlackBag (rbkb) – Based on Matasano BlackBag – Misc Pen-testing/reversing tools – https://github.com/emonti/rbkb
  • 26. Projects Using Ruby • Ragweed – Scriptable Win32/Linux/OSX debugger – https://github.com/tduehr/ragweed
  • 27. Projects Using Ruby • PacketFu – Mid-level packet manipulation library – https://github.com/todb/packetfu
  • 28. Projects Using Ruby • Arachni – Web application security scanner framework – Multiple deployment options (CLI, Web, Distributed) – Extensive security checks – Automated, distributed, high-performance JavaScript/DOM security debugger – http://www.arachni-scanner.com/
  • 29. Projects Using Ruby • Brakeman – Open-source vulnerability scanner specifically designed for RoR applications – Developed and maintained by Twitter – http://brakemanscanner.org/
  • 30. Projects Using Ruby • WPScan – Black box WordPress vulnerability scanner – http://wpscan.org/
  • 31. Projects Using Ruby • RailsGoat – Vulnerable version of the RoR framework – OWASP project – https://github.com/OWASP/railsgoat