BeEF VS Hanami

Ha, fun to see this again! Back before everything was HTTPS, it was fun to use the Browser Exploitation Framework (https://beefproject.com) which had a script included that did this. Though in those cases I wasn't in control of the gateway, so ARP spoofing was required to get other devices to route through me.

For example IOS WebKit has a bunch of vulnerabilities announced recently. and one of those could be used via the Browser Exploitation Framework to install malware on your phone with you just clicking the link.

Motivation is a key part, so those attacks are more theoretical than practically dangerous, however there is a class of attacks that's based on the fact that your browser can make arbitrary network connections, so unprivileged javascript can be used for some scans of your local network - for example, your router's internally accessible admin page or some vulnerability in a printer accessible in local network, as the attacker might guess commonly used models, the internal IP addresses they use by default, etc. For example, you might take a look at https://beefproject.com/

This is something that kind of annoys me; there's even a /r/rails sub-reddit specifically for Ruby on Rails stuff. Understandably Rails helped put Ruby on the map. Before Rails, Ruby was just another fringe language. Rails became massively popular, helped many startups quickly build their Web 2.0 sites, and become successful companies (ex: GitHub, LinkedIn, AirBnB, etc). Like others have said, "Rails is where the money is at". However, this posses a problem for the Ruby community: whenever Rails becomes less popular, so does Ruby. I wish the Ruby ecosystem wasn't so heavily centralized around Rails, and that we diversified our uses of Ruby a bit. There's of course Sinatra, dry-rb, Hanami, Dragon Ruby, SciRuby, and a dozen security tools written in Ruby such as Metasploit, BeFF, Arachni, and Ronin.

If you can open any webpage there then I would recommend using BeEF https://beefproject.com/

Perhaps https://beefproject.com/

If you want an example of what exploiting a browser can do, see the capabilities of the Browser Exploitation Framework (BEef): https://github.com/beefproject/beef/wiki/BeEF-modules

Take a look at BeEF framework - https://beefproject.com/ that's pretty much all the things you can do from a browser.

With a clean architectural design and a primary object methodology, Hanami is counted among the best ruby frameworks that have gained popularity as an alternative to Rails. Hanami is “sorted” in design and provides small files that can be used independently to create a project stack. Hanami is lightweight and consumes fewer resources claiming 60% lesser memory than other big Ruby frameworks.

No, it's just no longer over-hyped. Ruby is settling into being a mature production language, similar to Python, Java, .NET, C++, etc. As you can see from the RedMonk 2023 data Ruby is very much still alive with tons of repositories on GitHub. Besides Shopify, GitHub is another big Ruby/Rails shop. Also, besides Rails, there are other new and upcoming projects like Hanami, DragonRuby, and Ronin.

Hanami 2 (hanamirb.org)

On all my application tutorials I start by setting up an application level REPL, it's basically a console script that loads all the files inside your project, if you're using a framework like Ruby on Rails or Hanami you already have a console by running the command console also.

This is something that kind of annoys me; there's even a /r/rails sub-reddit specifically for Ruby on Rails stuff. Understandably Rails helped put Ruby on the map. Before Rails, Ruby was just another fringe language. Rails became massively popular, helped many startups quickly build their Web 2.0 sites, and become successful companies (ex: GitHub, LinkedIn, AirBnB, etc). Like others have said, "Rails is where the money is at". However, this posses a problem for the Ruby community: whenever Rails becomes less popular, so does Ruby. I wish the Ruby ecosystem wasn't so heavily centralized around Rails, and that we diversified our uses of Ruby a bit. There's of course Sinatra, dry-rb, Hanami, Dragon Ruby, SciRuby, and a dozen security tools written in Ruby such as Metasploit, BeFF, Arachni, and Ronin.

Welcome! Ruby isn't exactly "dying", but the hype/popularity is definitely fading. This is primarily because Ruby is no longer "new", most of Ruby's popularity came from Rails, and now Rails is no longer the "new hotness". However, Ruby still has lots of awesome features and lots of awesome other libraries and frameworks, such as the new fancy irb gem that uses reline, nokogiri, chunky_png, the async gems, Dragon Ruby, SciRuby, Ronin, and the new Hanami web framework.

Data Oriented Web Development with Ruby (upcoming book) by Peter Solnica, who is on the Hanami core team. Learning Hanami wouldn't be a bad idea either.

After about 5 laps around Clean architecture since I came across hanami/hanami: The web, with simplicity., I'm finally getting it down in my gut, so I'll summarize.

View on GitHub

If it’s just an issue with Rails, then might I suggest looking at https://hanamirb.org - it’s a framework, but one built from the lessons learned from rails and all who followed.