Ruby Security

Open-source Ruby projects categorized as Security

Top 23 Ruby Security Projects

  1. Metasploit

    Metasploit Framework

    Project mention: The Ultimate Guide to Cybersecurity: Protecting Yourself in the Digital Age | dev.to | 2025-01-19

    Antivirus Software: Norton Antivirus and McAfee. Firewall Solutions: Palo Alto Networks and Cisco Firepower. Penetration Testing Tools: Metasploit and Burp Suite. Threat Intelligence Platforms: Recorded Future and ThreatConnect.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  3. wpscan

    WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]

  4. Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    Project mention: Tiny JITs for a Faster FFI | news.ycombinator.com | 2025-02-12

    If you're looking for static typing a dynamic language is going to be a poor fit. I find a place for both. I love Rust, but trying to write a tool that consumed a GraphQL API with was a brutal exercise in frustation. I'd say that goes for typing of JSON or YAML or whatever structured format in general. It's refreshing being able to just work with data in the form I already know it's in. Ruby can be an incredibly productive language to work with.

    If you're looking for static analysis in general, please note that there are mature tools available. Rubocop¹ is probably the most popular and allows for linting and code formatting. Brakeman² is a vulnerability scanner for Rails. Sorbet³ is a static type checker.

    The tooling is there if you want to try things out. But, if you want a statically typed language then that's a debate that's been going since the dawn of programming language design. I doubt it's going to get resolved in this thread.

    ¹ - https://github.com/rubocop/rubocop

    ² - https://brakemanscanner.org/

    ³ - https://sorbet.org/

  5. WhatWeb

    Next generation web scanner

    Project mention: WhatWeb: Next Generation Web Scanner | news.ycombinator.com | 2024-07-15
  6. Rack::Attack

    Rack middleware for blocking & throttling

  7. WebHackersWeapons

    ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting

  8. SecureHeaders

    Manages application of security headers with many safe defaults

  9. Nutrient

    Nutrient - The #1 PDF SDK Library. Bad PDFs = bad UX. Slow load times, broken annotations, clunky UX frustrates users. Nutrient’s PDF SDKs gives seamless document experiences, fast rendering, annotations, real-time collaboration, 100+ features. Used by 10K+ devs, serving ~half a billion users worldwide. Explore the SDK for free.

    Nutrient logo
  10. inspec

    InSpec: Auditing and Testing Framework

  11. bundler-audit

    Patch-level verification for Bundler

  12. PasswordPusher

    🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

    Project mention: Password Pusher: Securely share sensitive information with automatic expiration | news.ycombinator.com | 2024-10-09
  13. authentication-zero

    An authentication system generator for Rails applications.

    Project mention: Rails for Everything | news.ycombinator.com | 2025-01-01

    Some simpler alternatives to consider:

    Rails 8 comes with a basic auth generator: https://www.bigbinary.com/blog/rails-8-introduces-a-basic-au...

    There's also https://github.com/lazaronixon/authentication-zero that goes beyond that.

  14. cocoapods-keys

    A key value store for storing per-developer environment and application keys

  15. rails-security-checklist

    :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  16. cfn_nag

    Linting tool for CloudFormation templates

  17. best-practices-badge

    🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

    Project mention: Netdata is shipping their new dashboard as closed source blobs | news.ycombinator.com | 2024-08-16
  18. invisible_captcha

    🍯 Unobtrusive and flexible spam protection for Rails apps

  19. RbNaCl

    Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)

  20. Hashids

    A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

  21. haiti

    :key: Hash type identifier (CLI & lib)

  22. linux-baseline

    DevSec Linux Baseline - InSpec Profile

    Project mention: Securing your Cloud Infrastructure: A comprehensive guide to hardening, scaling, automating and monitoring your servers | dev.to | 2024-08-26
  23. dawnscanner

    Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

  24. ronin

    Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd-party git repositories. (by ronin-rb)

    Project mention: Ronin: Free and Open Source Ruby Toolkit for Security Research and Development | news.ycombinator.com | 2024-03-19
  25. console1984

    The Rails console you love, 1984 style

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Ruby Security discussion

Log in or Post with

Ruby Security related posts

  • The Ultimate Guide to Cybersecurity: Protecting Yourself in the Digital Age

    1 project | dev.to | 19 Jan 2025
  • What are some common strategies for preventing SQL injection vulnerabilities in Rails beyond ActiveRecord?

    2 projects | dev.to | 23 Dec 2024
  • Penetration Testing | Kali Linux | Metasploitable2 | Hands-on Cybersecurity Lab

    1 project | dev.to | 25 Oct 2024
  • Password Pusher: Securely share sensitive information with automatic expiration

    1 project | news.ycombinator.com | 9 Oct 2024
  • Open Source Tool List for Web App Security

    2 projects | dev.to | 6 Oct 2024
  • Securely share sensitive information with automatic expiration and deletion

    1 project | news.ycombinator.com | 1 Sep 2024
  • Beyond Bugs: The Hidden Impact of Code Quality (Part 2) 🌟

    2 projects | dev.to | 30 Aug 2024
  • A note from our sponsor - CodeRabbit
    coderabbit.ai | 14 Feb 2025
    Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →

Index

What are some of the best open-source Security projects in Ruby? This list will help you:

# Project Stars
1 Metasploit 34,794
2 wpscan 8,773
3 Brakeman 7,065
4 WhatWeb 5,706
5 Rack::Attack 5,587
6 WebHackersWeapons 3,933
7 SecureHeaders 3,166
8 inspec 2,880
9 bundler-audit 2,695
10 PasswordPusher 2,214
11 authentication-zero 1,708
12 cocoapods-keys 1,554
13 rails-security-checklist 1,362
14 cfn_nag 1,263
15 best-practices-badge 1,239
16 invisible_captcha 1,185
17 RbNaCl 981
18 Hashids 973
19 haiti 827
20 linux-baseline 793
21 dawnscanner 738
22 ronin 703
23 console1984 700

Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai