References

  • Hacking Tools built with ruby

    • Metasploit framework - Exploitation framework [ link ]

    • Beef framework - XSS framework [ link ]

    • Arachni - Web Application scanner framework [ link ]

    • Metasm - Assembly manipulation suite [ link ]

    • WPscan - WordPress vulnerability scanner [ link ]

    • WPXF - Wordpress Exploit Framework [ link ]

    • BufferOverflow kit - Exploitation tool Kit [ link ]

    • HTTP Traceroute [ link ]

    • CeWL - Custom Word List generator [ link ]

    • Ronin - Vulnerability research and exploit development framework [ link ]

    • Idb - Simplifys some common tasks for iOS pentesting & research [ link ]

    • Bettercap - Extensible MitM tool and framework [ link ]

    • WATOBO - The Web Application Security Toolbox [ link ]

    • Intrigue.io - Open Source project, discovering attack surface through OSINT [ link ]

    • OhNo - The Evil Image Builder & Meta Manipulator [ link ]

    • WhatWeb - Website Fingerprinter [ link ]

    • Relyze - reverse engineer similar to IDA-Pro supports Ruby plugins [ link ]

    • Capstone - multi-platform, multi-architecture disassembly framework supports Ruby [ link ]

    • Rabid - A CLI tool and library allowing to simply decode all kind of BigIP cookies [ link ]

    • Haiti - A CLI tool and library to identify the hash type of a given hash [ link ]

    • ctf-party - A library to enhance and speed up script/exploit writing for CTF players [ link ]

    • itdis - A small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not. [ link ]

    • nvd_feed_api - A simple ruby API/library for managing NVD CVE feeds. The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database. [ link ]

    • VBSmin - VBScript minifier CLI tool and library [ link ]

    • Pass Station - CLI & library to search for default credentials among thousands of Products / Vendors [ link ]

    • vrt-cli - A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI [ link ]

    • TLS map - CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnuTLS, NSS [ link ]

    • Fingerprinter - CMS/LMS/Library etc Versions Fingerprinter [ link ]

    • API-fuzzer - API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities [ link ]

    • oxml_xxe - Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) [ link ]

    • SSRF Proxy - Facilitates tunneling HTTP communications through servers vulnerable to SSRF [ link ]

    • XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods [ link ]

    • envizon - Network visualization & vulnerability management/reporting [ link ]

    • HellRaiser - Vulnerability Scanner [ link ]

    • YASUO - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network [ link ]

    • Evil-WinRM - WinRM shell for hacking/pentesting enhanced with a lot of features [ link ]

    • apullo - A scanner for taking basic fingerprints [ link ]

    • Pipal - Password analyser and statistics generator [ link ]

    • PacketFu - mid-level packet manipulation library for reading and writing packets to an interface or to a libpcap-formatted file [ link ]

    • PacketGen - library to generate, send and capture network packets [ link ]

    • ssllabs.rb - library for Qualys SSL Labs API, SSL/TLS security analysis [ link ]

    • XSpear - XSS scanning and parameter analysis tool [ link ]

    • Intrigue Core - framework for discovering attack surface [ link ]

    • BQM - Deduplicate custom BloudHound queries from different datasets and merge them in one customqueries.json file. [ link ]

    • zsteg - detect stegano-hidden data in PNG & BMP [ link, source ]

    • DC Detector - Spot all domain controllers in a Microsoft Active Directory environment; find computer name, FQDN, and IP address(es) of all DCs [ link ]

    • kh2hc - Convert OpenSSH known_hosts file hashed with HashKnownHosts to hashes crackable by Hashcat [ link ]

  • Source Code Analysis Tools (SAST)

    • Brakeman - static analysis tool which checks Ruby on Rails applications for security vulnerabilities [ link, source ]

    • dawnscanner - static analysis security scanner for ruby written web applications with Sinatra, Padrino and Ruby on Rails frameworks [ link, source ]

    • [ADD YOUR RUBY HACKING TOOL HERE!]

Last updated