References

Contributors
GitBook Desktop Editor
​Download and installation​
How to GitBook [Videos]
​Create GitBook online​
​Download and Install Gitbook package​
​Create GitBook with Editor​
Markdown [Documentations]
​Markdown docs - GitBook | Official docs​
​Mastering Markdown - GitHub | Mastering Markdown​
Beginner
​Ruby Tutorials - Tutorialspoint​
​Ruby programming Tutorials - Simple Free videos​
​Lynda: Ruby Essential Training - Commercial Training​
​Ruby from InfiniteSkills - Commercial Training​
​Quick Ruby syntax Cheat sheet​
​4Programmer.com - Ruby​
​Ruby Programming Tutorials - Free Video series​
​Ruby3arabi - Arabic Ruby community​
Books
​Ruby Learning​
​Working with TCP Sockets​
​Working with Unix Processes​
​Working with Ruby Threads​
​Ruby Cookbook​
​Learn Ruby The Hard Way​
​AllRubyBooks​
Sites, Topics and Articles
​Rubymonk.com​
​Byte manipulation in ruby​
​Ruby Format​
​Codewars​
​rubeque​
​Hackerrank​
​RubySec - Ruby Security Advisory​
​/r/ruby_infosec​
A dozen (or so) ways to start sub-processes in Ruby: [Part 1, Part 2, Part 3]
Hacking Tools built with ruby
Metasploit framework - Exploitation framework [ link ]
Beef framework - XSS framework [ link ]
Arachni - Web Application scanner framework [ link ]
Metasm - Assembly manipulation suite [ link ]
WPscan - WordPress vulnerability scanner [ link ]
WPXF - Wordpress Exploit Framework [ link ]
BufferOverflow kit - Exploitation tool Kit [ link ]
HTTP Traceroute [ link ]
CeWL - Custom Word List generator [ link ]
Ronin - Vulnerability research and exploit development framework [ link ]
Idb - Simplifys some common tasks for iOS pentesting & research [ link ]
Bettercap - Extensible MitM tool and framework [ link ]
WATOBO - The Web Application Security Toolbox [ link ]
Intrigue.io - Open Source project, discovering attack surface through OSINT [ link ]
OhNo - The Evil Image Builder & Meta Manipulator [ link ]
WhatWeb - Website Fingerprinter [ link ]
Relyze - reverse engineer similar to IDA-Pro supports Ruby plugins [ link ]
Capstone - multi-platform, multi-architecture disassembly framework supports Ruby [ link ]
Rabid - A CLI tool and library allowing to simply decode all kind of BigIP cookies [ link ]
Haiti - A CLI tool and library to identify the hash type of a given hash [ link ]
ctf-party - A library to enhance and speed up script/exploit writing for CTF players [ link ]
itdis - A small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not. [ link ]
nvd_feed_api - A simple ruby API/library for managing NVD CVE feeds. The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database. [ link ]
VBSmin - VBScript minifier CLI tool and library [ link ]
Pass Station - CLI & library to search for default credentials among thousands of Products / Vendors [ link ]
vrt-cli - A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI [ link ]
TLS map - CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnuTLS, NSS [ link ]
Fingerprinter - CMS/LMS/Library etc Versions Fingerprinter [ link ]
API-fuzzer - API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities [ link ]
oxml_xxe - Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) [ link ]
SSRF Proxy - Facilitates tunneling HTTP communications through servers vulnerable to SSRF [ link ]
XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods [ link ]
envizon - Network visualization & vulnerability management/reporting [ link ]
HellRaiser - Vulnerability Scanner [ link ]
YASUO - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network [ link ]
Evil-WinRM - WinRM shell for hacking/pentesting enhanced with a lot of features [ link ]
apullo - A scanner for taking basic fingerprints [ link ]
Pipal - Password analyser and statistics generator [ link ]
PacketFu - mid-level packet manipulation library for reading and writing packets to an interface or to a libpcap-formatted file [ link ]
PacketGen - library to generate, send and capture network packets [ link ]
ssllabs.rb - library for Qualys SSL Labs API, SSL/TLS security analysis [ link ]
XSpear - XSS scanning and parameter analysis tool [ link ]
Intrigue Core - framework for discovering attack surface [ link ]
BQM - Deduplicate custom BloudHound queries from different datasets and merge them in one customqueries.json file. [ link ]
zsteg - detect stegano-hidden data in PNG & BMP [ link, source ]
DC Detector - Spot all domain controllers in a Microsoft Active Directory environment; find computer name, FQDN, and IP address(es) of all DCs [ link ]
kh2hc - Convert OpenSSH known_hosts file hashed with HashKnownHosts to hashes crackable by Hashcat [ link ]
Source Code Analysis Tools (SAST)
Brakeman - static analysis tool which checks Ruby on Rails applications for security vulnerabilities [ link, source ]
dawnscanner - static analysis security scanner for ruby written web applications with Sinatra, Padrino and Ruby on Rails frameworks [ link, source ]
[ADD YOUR RUBY HACKING TOOL HERE!]
Shodan
FAQs
Last modified 5mo ago