Ruby Security

Open-source Ruby projects categorized as Security

Top 23 Ruby Security Projects

  • Metasploit

    Metasploit Framework

  • Project mention: Best Hacking Tools for Beginners 2024 | | 2024-02-01


  • wpscan

    WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
  • Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

  • Project mention: First commits in a Ruby on Rails app | | 2024-01-17

    Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

  • Rack::Attack

    Rack middleware for blocking & throttling

  • Project mention: Rails Authentication for Compliance | | 2023-10-28

    The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)

  • WhatWeb

    Next generation web scanner

  • WebHackersWeapons

    ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

  • twofactorauth

    List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • SecureHeaders

    Manages application of security headers with many safe defaults

  • Project mention: 4 Essential Security Tools To Level Up Your Rails Security | | 2023-05-31

    The secure_headers gem will automatically apply several headers that are related to security. This includes:

  • inspec

    InSpec: Auditing and Testing Framework

  • bundler-audit

    Patch-level verification for Bundler

  • Project mention: 4 Essential Security Tools To Level Up Your Rails Security | | 2023-05-31

    This Ruby gem is quite useful for detecting versions of gems that are known to be vulnerable to security issues. bundler-audit uses an open database of vulnerable gems called ruby-advisory-db and compares it to the versions that show up in your Gemfile.lock.

  • PasswordPusher

    🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.

  • Project mention: MSP Wants Admin Credentials Sent via Email with multiple Recipients | /r/sysadmin | 2023-12-07

    There's also the Password Pusher website:

  • cocoapods-keys

    A key value store for storing per-developer environment and application keys

  • rails-security-checklist

    :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  • authentication-zero

    An authentication system generator for Rails applications.

  • Project mention: An Introduction to LiteStack for Ruby on Rails | | 2023-10-04

    Subsequently, we need a way to authenticate our users to associate prompts with them. Rather than using an incumbent like Devise, I chose to use a different approach. The authentication-zero gem can flexibly generate an authentication system, as opposed to including it as an engine. Conveniently, it comes with options such as:

  • cfn_nag

    Linting tool for CloudFormation templates

  • Project mention: Setting up my own landing zone on AWS | | 2023-12-25

    .pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.

  • invisible_captcha

    🍯 Unobtrusive and flexible spam protection for Rails apps

  • RbNaCl

    Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)

  • Hashids

    A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

  • dawnscanner

    Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

  • haiti

    :key: Hash type identifier (CLI & lib)

  • Project mention: haiti v2.1.0 | /r/Rawsec | 2023-11-15
  • krane

    Kubernetes RBAC static analysis & visualisation tool (by appvia)

  • dradis-ce

    Dradis Framework: Collaboration and reporting for IT Security teams

  • Project mention: dradis-ce VS pwndoc - a user suggested alternative | | 2023-05-02
  • ronin

    Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories. (by ronin-rb)

  • Project mention: Ronin: Free and Open Source Ruby Toolkit for Security Research and Development | | 2024-03-19
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-03-19.

Ruby Security related posts


What are some of the best open-source Security projects in Ruby? This list will help you:

Project Stars
1 Metasploit 32,746
2 wpscan 8,212
3 Brakeman 6,906
4 Rack::Attack 5,480
5 WhatWeb 5,088
6 WebHackersWeapons 3,633
7 twofactorauth 3,342
8 SecureHeaders 3,129
9 inspec 2,810
10 bundler-audit 2,643
11 PasswordPusher 1,686
12 cocoapods-keys 1,545
13 rails-security-checklist 1,350
14 authentication-zero 1,302
15 cfn_nag 1,219
16 invisible_captcha 1,123
17 RbNaCl 978
18 Hashids 970
19 dawnscanner 726
20 haiti 698
21 krane 658
22 dradis-ce 628
23 ronin 624
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives