This document discusses why Ruby is a good programming language for security projects. It provides examples of security tools and frameworks built with Ruby, including Metasploit, BeEF, Arachni, Brakeman, WPScan, and RailsGoat. Ruby offers features like an easy-to-read syntax, package management with RubyGems, powerful object-oriented capabilities, platform independence, and support for domains like network protocols that make it well-suited for security applications.

1. Ruby and Security
It’s not just for Python…

2. About Me
• Carl Sampson
• Twitter: @chs
• Web: www.chs.us
• Product Security Engineer at Salesforce
• Former developer turned appsec guy
• OWASP Indy chapter leader
• Ruby enthusiast

3. Why Ruby?
• One of the easiest languages to read and
parse by anyone regardless of style
– an_object.empty?
– 3.times { puts “Hello, World” }
– list_numbers.each {|num| print num}
– [1, 2, 3].length

4. Why Ruby?
• Package management system that makes it
easy to share and modify tools
– Standard format for distributing Ruby programs
and libraries
– RubyGems (http://rubygems.org)

5. Why Ruby?
• Powerful introspection and object-oriented
capabilities
– Find out information about classes
– Dynamically create classes/methods
– Objectspace

6. Why Ruby?
• Platform-independent support for
multithreading
– Leverages native features of the OS

7. Why Ruby?
• Can be compiled and run natively on most
platforms
• Doesn’t require libraries such as cygwin to
build on windows
• Easy to embed within another application
– API for calling from within C

8. Why Ruby?
• Robust standard library included
– 20, 964 functions and classes
– Well-documented
• Dash
• Omniref (https://www.omniref.com/)
• Ruby-doc (http://www.ruby-doc.org/)
• Ri

9. Why Ruby?
• Easy to extend existing classes to meet new
needs (open classes)
– Ruby classes are never closed

10. Why Ruby?

11. Why Ruby?
• Easy to hook native libraries
– FFI (interface with c-style libraries)
– DL (bridge to dlopen)
• Easy to extend using C

12. Why Ruby?
• Lends itself to Domain Specific Language (DSL)
creation
– Programming language designed specifically to
express solutions to problems in a specific domain
– Sinatra – DSL for defining how to handle HTTP
requests
– Chef – DSL for automating server management tasks
– Rspec – DSL for testing
– ActiveRecord migrations

13. Why Ruby?
• IRB
– REPL for programming in ruby
– Allows execution of Ruby commands with
immediate response, allowing experimenting in
real time
– Blocks, mixins and monkey patching

14. Why Ruby?
• Binary string processing and pattern matching

15. Why Ruby?
• First-class regular expressions
– Borrowed from Perl
– Built-in without needing to include extra modules

16. Why Ruby?
• Network protocol and file format parsing are
well supported in Ruby
– Most network protocols built in
– Most everything else available as a gem

17. Why Ruby?
• Cryptography, specifically comprehensive
OpenSSL bindings
– Exposes a huge portion of the API

18. Projects Using Ruby?
• Metasploit
– Ported from Perl in 2006
• Why?
– Platform independent support for threading
– Native interpreter for Windows
– Enjoyed by the people that contribute to the
framework

19. Projects Using Ruby?
• Metasm
– Assembler
– Disassembler
– Compiler
– Part of the Metasploit project
– https://github.com/jjyg/metasm

20. Projects Using Ruby
• Ronin
– Platform for vulnerability research and exploit
development
– Subprojects for database access, web scraping
/spidering, assembly programming and
shellcoding generation, exploit and payload
crafting, bruteforcers, SQL injection, etc.
– https://github.com/ronin-ruby/

21. Projects Using Ruby
• Ruckus
– DOM-inspired ruby fuzzer
– Great for network protocols
– Declare structures like you’re writing C
• Define network protocol headers
– Built in mutators for fuzzing

22. Projects Using Ruby
• BeEF
– Browser Exploitation Framework Project
– Pen testing tool that focuses on the browser
– http://beefproject.com/

23. Projects Using Ruby
• Gauntlt
– BE MEAN TO YOUR CODE AND LIKE IT
– DSL (based on Cucumber) for interfacing with
popular testing tools
– http://gauntlt.org/

24. Projects Using Ruby
• PEDump
– Supports MZ & PE formats
– Can dump every part of the executable
– https://github.com/zed-0xff/pedump

25. Projects Using Ruby
• Ruby BlackBag (rbkb)
– Based on Matasano BlackBag
– Misc Pen-testing/reversing tools
– https://github.com/emonti/rbkb

26. Projects Using Ruby
• Ragweed
– Scriptable Win32/Linux/OSX debugger
– https://github.com/tduehr/ragweed

27. Projects Using Ruby
• PacketFu
– Mid-level packet manipulation library
– https://github.com/todb/packetfu

28. Projects Using Ruby
• Arachni
– Web application security scanner framework
– Multiple deployment options (CLI, Web,
Distributed)
– Extensive security checks
– Automated, distributed, high-performance
JavaScript/DOM security debugger
– http://www.arachni-scanner.com/

29. Projects Using Ruby
• Brakeman
– Open-source vulnerability scanner specifically
designed for RoR applications
– Developed and maintained by Twitter
– http://brakemanscanner.org/

30. Projects Using Ruby
• WPScan
– Black box WordPress vulnerability scanner
– http://wpscan.org/

31. Projects Using Ruby
• RailsGoat
– Vulnerable version of the RoR framework
– OWASP project
– https://github.com/OWASP/railsgoat

32. References
• https://www.blackhat.com/presentations/bh-usa-
09/TRACY/BHUSA09-Tracy-RubyPentesters-PAPER.pdf
• http://matasano.com/research/ruby_for_pentesters/Ruby-
For-Pentesters.pdf
• http://rubysecurity.info/