I\'m wondering if there is a place where I can find up-to-date information regar
ID: 661895 • Letter: I
Question
I'm wondering if there is a place where I can find up-to-date information regarding ethical hacking with Ruby. I do find lot of Python information, which is OK, but I have 4 years of experience coding Ruby for DevOps/Sysadmin/networking related scripts.
I'd like to learn more of Information Security, and will rather code my own penetration test tools using a language I'm more familiar with.
If there's no other option I can dig into Python, but before I make that call I'd like to hear from others that use Ruby to create their own pen-test tools.
Explanation / Answer
I'm a Python programmer myself, in my opinion there isn't any limitation to Ruby compared to Python when it comes to coding your pentesting tools. So if you are familiar with Ruby, go for Ruby. It can be handy to understand other programming/scripting languages to analyze an exploit. From this perspective I'd encourage you to try and port exploits from Python to Ruby. Apart from the more low level stuff in Python (stuff which requires ctypes might take a bit more time to understand) you can generally just look at the protocol spec or Python code to find out how it works.
Metasploit was completely written in Ruby, have a look at the framework as you will most likely use it a lot. If you want to code your own pentesting tools then just port Python scripts to Ruby or take the concepts from the tool's description..
One of the more interesting tools you have in Python is scapy. It was the pioneering library for packet crafting. For Ruby you have Scruby(not actively developed anymore) and the more recent and maintained PacketFu.
To automate nmap scanning you can use ruby-nmap which is an interface to nmap.