The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Ruby Security Projects
-
wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
WebHackersWeapons
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting
-
twofactorauth
List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
PasswordPusher
🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.
-
rails-security-checklist
:key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
-
Hashids
A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
-
dawnscanner
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
-
ronin
Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories. (by ronin-rb)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Metasploit
Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”
The first line of defense should be to put rate-limiting on your login endpoints. rack-attack can help with that. I recommend to limit the login attempts to 5 per minute for a username and block the IP for 30 minutes. You should also limit the number of login attempts from the same IP address, but this needs to be adjusted to the application you are working on, because if it is a tool used in classrooms, it might be legit to have 50 logins within a few minutes from the same IP. (I have a few post written about rack-attack)
The secure_headers gem will automatically apply several headers that are related to security. This includes:
This Ruby gem is quite useful for detecting versions of gems that are known to be vulnerable to security issues. bundler-audit uses an open database of vulnerable gems called ruby-advisory-db and compares it to the versions that show up in your Gemfile.lock.
Project mention: MSP Wants Admin Credentials Sent via Email with multiple Recipients | /r/sysadmin | 2023-12-07There's also the Password Pusher website: https://pwpush.com/
Subsequently, we need a way to authenticate our users to associate prompts with them. Rather than using an incumbent like Devise, I chose to use a different approach. The authentication-zero gem can flexibly generate an authentication system, as opposed to including it as an engine. Conveniently, it comes with options such as:
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
Project mention: dradis-ce VS pwndoc - a user suggested alternative | libhunt.com/r/dradis-ce | 2023-05-02
Project mention: Ronin: Free and Open Source Ruby Toolkit for Security Research and Development | news.ycombinator.com | 2024-03-19
Ruby Security related posts
- Ronin: Free and Open Source Ruby Toolkit for Security Research and Development
- First commits in a Ruby on Rails app
- Metasploit: Add Systemd BSOD QR Payload?
- Is Ruby a dying language?
- Metasploit explained for pentesters
- Effective Adversary Emulation
- A guide to Auth & Access Control in web apps 🔐
-
A note from our sponsor - WorkOS
workos.com | 29 Apr 2024
Index
What are some of the best open-source Security projects in Ruby? This list will help you:
Project | Stars | |
---|---|---|
1 | Metasploit | 32,790 |
2 | wpscan | 8,238 |
3 | Brakeman | 6,910 |
4 | Rack::Attack | 5,482 |
5 | WhatWeb | 5,102 |
6 | WebHackersWeapons | 3,645 |
7 | twofactorauth | 3,342 |
8 | SecureHeaders | 3,129 |
9 | inspec | 2,813 |
10 | bundler-audit | 2,645 |
11 | PasswordPusher | 1,700 |
12 | cocoapods-keys | 1,545 |
13 | rails-security-checklist | 1,350 |
14 | authentication-zero | 1,313 |
15 | cfn_nag | 1,220 |
16 | invisible_captcha | 1,123 |
17 | RbNaCl | 977 |
18 | Hashids | 970 |
19 | dawnscanner | 729 |
20 | haiti | 704 |
21 | krane | 662 |
22 | dradis-ce | 631 |
23 | ronin | 624 |
Sponsored