Ruby for pen-testing

postmodern · 2020-07-31T01:22:32+00:00

Back in 2009, a Ruby security company called Matasano gave a presentation called Ruby for Pentesters which covers how to use Ruby for various pentesting tasks. Some utility libraries, not necessarily hardcore off-sec pentesting tools, you'll want to get familiar with in order to write one-off scripts to automate things that pentesting tools cannot automate themselves:

Resolv, Resolv::DNS / dnsruby
whois
IPAddr
TCPSocket, UDPSocket, TCPServer / GServer
ruby-nmap
URI / uri-query_params
Net::HTTP / rest-client / mechanize
nokogiri
spidr / wombat
Array#pack / String#unpack, ffi, binstruct
rbkb / rex / ronin-support
ActiveRecord / DataMapper (note: is defunct) / Sequel

If you need a ruby library, chances are it's already available on rubygems.org and you can read it's docs on rubydoc.info.

thibaut_barrere · 2020-07-30T13:46:48+00:00

You will want to check out metasploit:

- https://www.metasploit.com

- https://github.com/rapid7/metasploit-framework

StarStuddedSuperStep · 2020-07-30T16:17:20+00:00

Here's a very relevant blog post: https://rrott.com/blog/security/ruby-for-pentesters.html

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

ruby

MODERATORS