references.md

References

• Contributors
  • GitBook Desktop Editor
    • Download and installation
  • How to GitBook [Videos]
    • Create GitBook online
    • Download and Install Gitbook package
    • Create GitBook with Editor
  • Markdown [Documentations]
    • Markdown docs - GitBook | Official docs
    • Mastering Markdown - GitHub | Mastering Markdown
• Beginner
  • Ruby Tutorials - Tutorialspoint
  • Ruby programming Tutorials - Simple Free videos
  • Lynda: Ruby Essential Training - Commercial Training
  • Ruby from InfiniteSkills - Commercial Training
  • Quick Ruby syntax Cheat sheet
  • 4Programmer.com - Ruby
  • Ruby Programming Tutorials - Free Video series
  • Ruby3arabi - Arabic Ruby community
• Books
  • Ruby Learning
  • Working with TCP Sockets
  • Working with Unix Processes
  • Working with Ruby Threads
  • Ruby Cookbook
  • Learn Ruby The Hard Way
  • AllRubyBooks
• Sites, Topics and Articles
  • Rubymonk.com
  • Byte manipulation in ruby
  • Ruby Format
  • Codewars
  • rubeque
  • Hackerrank
  • RubySec - Ruby Security Advisory
  • /r/ruby_infosec
  • A dozen (or so) ways to start sub-processes in Ruby: [Part 1, Part 2, Part 3]
• Hacking Tools built with ruby
  • Metasploit framework - Exploitation framework [ link ]
  • Beef framework - XSS framework [ link ]
  • Arachni - Web Application scanner framework [ link ]
  • Metasm - Assembly manipulation suite [ link ]
  • WPscan - WordPress vulnerability scanner [ link ]
  • WPXF - Wordpress Exploit Framework [ link ]
  • BufferOverflow kit - Exploitation tool Kit [ link ]
  • HTTP Traceroute [ link ]
  • CeWL - Custom Word List generator [ link ]
  • Ronin - Vulnerability research and exploit development framework [ link ]
  • Idb - Simplifys some common tasks for iOS pentesting & research [ link ]
  • Bettercap - Extensible MitM tool and framework [ link ]
  • WATOBO - The Web Application Security Toolbox [ link ]
  • Intrigue.io - Open Source project, discovering attack surface through OSINT [ link ]
  • OhNo - The Evil Image Builder & Meta Manipulator [ link ]
  • WhatWeb - Website Fingerprinter [ link ]
  • Relyze - reverse engineer similar to IDA-Pro supports Ruby plugins [ link ]
  • Capstone - multi-platform, multi-architecture disassembly framework supports Ruby [ link ]
  • Rabid - A CLI tool and library allowing to simply decode all kind of BigIP cookies [ link ]
  • Haiti - A CLI tool and library to identify the hash type of a given hash [ link ]
  • ctf-party - A library to enhance and speed up script/exploit writing for CTF players [ link ]
  • itdis - A small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not. [ link ]
  • nvd_feed_api - A simple ruby API/library for managing NVD CVE feeds. The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database. [ link ]
  • VBSmin - VBScript minifier CLI tool and library [ link ]
  • Pass Station - CLI & library to search for default credentials among thousands of Products / Vendors [ link ]
  • vrt-cli - A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI [ link ]
  • TLS map - CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL, GnuTLS, NSS [ link ]
  • Fingerprinter - CMS/LMS/Library etc Versions Fingerprinter [ link ]
  • API-fuzzer - API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities [ link ]
  • oxml_xxe - Tool for embedding XXE/XML exploits into different filetypes (docx/xlsx, odt/ods, svg, xml, etc.) [ link ]
  • SSRF Proxy - Facilitates tunneling HTTP communications through servers vulnerable to SSRF [ link ]
  • XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods [ link ]
  • envizon - Network visualization & vulnerability management/reporting [ link ]
  • HellRaiser - Vulnerability Scanner [ link ]
  • YASUO - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network [ link ]
  • Evil-WinRM - WinRM shell for hacking/pentesting enhanced with a lot of features [ link ]
  • apullo - A scanner for taking basic fingerprints [ link ]
  • Pipal - Password analyser and statistics generator [ link ]
  • PacketFu - mid-level packet manipulation library for reading and writing packets to an interface or to a libpcap-formatted file [ link ]
  • PacketGen - library to generate, send and capture network packets [ link ]
  • ssllabs.rb - library for Qualys SSL Labs API, SSL/TLS security analysis [ link ]
  • XSpear - XSS scanning and parameter analysis tool [ link ]
  • Intrigue Core - framework for discovering attack surface [ link ]
  • BQM - Deduplicate custom BloudHound queries from different datasets and merge them in one customqueries.json file. [ link ]
• Source Code Analysis Tools (SAST)
  • Brakeman - static analysis tool which checks Ruby on Rails applications for security vulnerabilities [ link, source ]
  • dawnscanner - static analysis security scanner for ruby written web applications with Sinatra, Padrino and Ruby on Rails frameworks [ link, source ]
  • [ADD YOUR RUBY HACKING TOOL HERE!]