Top 23 Ruby Security Projects
Metasploit FrameworkProject mention: Metasploit module OSX/local/persistence not working properly | reddit.com/r/hacking | 2021-11-21
Git hub link for easier reading https://github.com/rapid7/metasploit-framework/issues/15896
A static analysis security vulnerability scanner for Ruby on Rails applicationsProject mention: Fixing Just One False Positive in Brakeman | dev.to | 2021-11-08
This is pretty easy to handle. In the case where a splatted array is the only argument to a method, we'll simply use the elements of the array as the argument list. (Check out the pull request here)
Run Linux Software Faster and Safer than Linux with Unikernels.
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.Project mention: How do I respond to a security researcher? | reddit.com/r/Wordpress | 2021-11-18
It's not difficult to use an off the shelf scanner to identify potentially vulnerable scripts on someones site then email them asking for money while alluding to other potential vulnerabilities.
Rack middleware for blocking & throttlingProject mention: Limiting the amount of calls user can make to an api | reddit.com/r/rails | 2021-11-11
Second vote for rack-attack!
Next generation web scannerProject mention: The most important step in hacking - Enumeration | dev.to | 2021-07-12
Manages application of security headers with many safe defaults
Authorization service and frontend for Docker registry (v2)Project mention: Suggestions for self hosted container registries? | reddit.com/r/selfhosted | 2021-08-03
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
InSpec: Auditing and Testing FrameworkProject mention: Checking compliance of controls? Job help | reddit.com/r/cybersecurity | 2021-09-17
Patch-level verification for Bundler
A key value store for storing per-developer environment and application keysProject mention: Can my app be open source on GitHub ? If yes, is there any things I need to be careful about ? | reddit.com/r/iOSProgramming | 2021-11-14
For storing API keys I can recommend you https://github.com/orta/cocoapods-keys
Linting tool for CloudFormation templatesProject mention: Container security best practices: Comprehensive guide | dev.to | 2021-11-16
If you are using infrastructure as code, incorporate IaC scanning tools like Apolicy, Checkov, tfsec, or cfn_nag to validate the configuration of your infrastructure before it is created or updated. Similar to other linting tools, apply IaC scanning tools locally and in your pipeline, and consider blocking changes that introduce security issues.
Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
:honey_pot: Unobtrusive and flexible spam protection for Rails apps
A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
test and add dawnscanner
Kubernetes RBAC static Analysis & visualisation toolProject mention: Kubernetes Security Checklist 2021 | dev.to | 2021-10-18
RBAC Rights should be audited regularly (KubiScan, Krane)
Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.Project mention: Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata. | reddit.com/r/aws | 2021-11-04
A security extension for devise, meeting industry-standard security demands for web applications.
CIS Docker Benchmark - InSpec Profile
Open Cloud Security Posture Management EngineProject mention: GitHub - OpenCSPM/opencspm: Open Cloud Security Posture Management Engine | reddit.com/r/bag_o_news | 2021-08-12
Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.Project mention: Generate and test domain typos and variations | news.ycombinator.com | 2021-10-14
:key: Hash type identifier (CLI & lib)Project mention: Haiti v1.2.2 release | reddit.com/r/Rawsec | 2021-08-24
Ruby Security related posts
Metasploit module OSX/local/persistence not working properly
1 project | reddit.com/r/hacking | 21 Nov 2021
How do I respond to a security researcher?
1 project | reddit.com/r/Wordpress | 18 Nov 2021
Meterpretering over the internet via pdf exploit
1 project | reddit.com/r/HowToHack | 15 Nov 2021
Can my app be open source on GitHub ? If yes, is there any things I need to be careful about ?
2 projects | reddit.com/r/iOSProgramming | 14 Nov 2021
Limiting the amount of calls user can make to an api
1 project | reddit.com/r/rails | 11 Nov 2021
Fixing Just One False Positive in Brakeman
2 projects | dev.to | 8 Nov 2021
Authenticate Room - Rockyou Won't Load in Burpsuite?
1 project | reddit.com/r/tryhackme | 8 Nov 2021
What are some of the best open-source Security projects in Ruby? This list will help you:
Are you hiring? Post a new remote job listing for free.