2. About Me
• Carl Sampson
• Twitter: @chs
• Web: www.chs.us
• Product Security Engineer at Salesforce
• Former developer turned appsec guy
• OWASP Indy chapter leader
• Ruby enthusiast
3. Why Ruby?
• One of the easiest languages to read and
parse by anyone regardless of style
– an_object.empty?
– 3.times { puts “Hello, World” }
– list_numbers.each {|num| print num}
– [1, 2, 3].length
4. Why Ruby?
• Package management system that makes it
easy to share and modify tools
– Standard format for distributing Ruby programs
and libraries
– RubyGems (http://rubygems.org)
5. Why Ruby?
• Powerful introspection and object-oriented
capabilities
– Find out information about classes
– Dynamically create classes/methods
– Objectspace
7. Why Ruby?
• Can be compiled and run natively on most
platforms
• Doesn’t require libraries such as cygwin to
build on windows
• Easy to embed within another application
– API for calling from within C
8. Why Ruby?
• Robust standard library included
– 20, 964 functions and classes
– Well-documented
• Dash
• Omniref (https://www.omniref.com/)
• Ruby-doc (http://www.ruby-doc.org/)
• Ri
9. Why Ruby?
• Easy to extend existing classes to meet new
needs (open classes)
– Ruby classes are never closed
11. Why Ruby?
• Easy to hook native libraries
– FFI (interface with c-style libraries)
– DL (bridge to dlopen)
• Easy to extend using C
12. Why Ruby?
• Lends itself to Domain Specific Language (DSL)
creation
– Programming language designed specifically to
express solutions to problems in a specific domain
– Sinatra – DSL for defining how to handle HTTP
requests
– Chef – DSL for automating server management tasks
– Rspec – DSL for testing
– ActiveRecord migrations
13. Why Ruby?
• IRB
– REPL for programming in ruby
– Allows execution of Ruby commands with
immediate response, allowing experimenting in
real time
– Blocks, mixins and monkey patching
15. Why Ruby?
• First-class regular expressions
– Borrowed from Perl
– Built-in without needing to include extra modules
16. Why Ruby?
• Network protocol and file format parsing are
well supported in Ruby
– Most network protocols built in
– Most everything else available as a gem
17. Why Ruby?
• Cryptography, specifically comprehensive
OpenSSL bindings
– Exposes a huge portion of the API
18. Projects Using Ruby?
• Metasploit
– Ported from Perl in 2006
• Why?
– Platform independent support for threading
– Native interpreter for Windows
– Enjoyed by the people that contribute to the
framework
19. Projects Using Ruby?
• Metasm
– Assembler
– Disassembler
– Compiler
– Part of the Metasploit project
– https://github.com/jjyg/metasm
20. Projects Using Ruby
• Ronin
– Platform for vulnerability research and exploit
development
– Subprojects for database access, web scraping
/spidering, assembly programming and
shellcoding generation, exploit and payload
crafting, bruteforcers, SQL injection, etc.
– https://github.com/ronin-ruby/
21. Projects Using Ruby
• Ruckus
– DOM-inspired ruby fuzzer
– Great for network protocols
– Declare structures like you’re writing C
• Define network protocol headers
– Built in mutators for fuzzing
22. Projects Using Ruby
• BeEF
– Browser Exploitation Framework Project
– Pen testing tool that focuses on the browser
– http://beefproject.com/
23. Projects Using Ruby
• Gauntlt
– BE MEAN TO YOUR CODE AND LIKE IT
– DSL (based on Cucumber) for interfacing with
popular testing tools
– http://gauntlt.org/
24. Projects Using Ruby
• PEDump
– Supports MZ & PE formats
– Can dump every part of the executable
– https://github.com/zed-0xff/pedump
25. Projects Using Ruby
• Ruby BlackBag (rbkb)
– Based on Matasano BlackBag
– Misc Pen-testing/reversing tools
– https://github.com/emonti/rbkb
29. Projects Using Ruby
• Brakeman
– Open-source vulnerability scanner specifically
designed for RoR applications
– Developed and maintained by Twitter
– http://brakemanscanner.org/
30. Projects Using Ruby
• WPScan
– Black box WordPress vulnerability scanner
– http://wpscan.org/
31. Projects Using Ruby
• RailsGoat
– Vulnerable version of the RoR framework
– OWASP project
– https://github.com/OWASP/railsgoat