Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "User:Postmodern/Ruby"

From NetSec
Jump to: navigation, search
(Created page with " * Terse syntax, with some similarities to Perl or Bash * Non-whitespace sensitive * [http://en.wikipedia.org/wiki/Duck_typing Duck Typing] * [http://en.wikipedia.org/wiki/Operat...")
 
(No difference)

Latest revision as of 16:22, 12 August 2012

  • Terse syntax, with some similarities to Perl or Bash
  • Non-whitespace sensitive
  • Duck Typing
  • Operator Overloading
  • Higher-order functions (aka lambdas)
  • Anonymous functions (aka closures or blocks)
  • Currying
  • Fully Object Orientated. Everything is an Object, even primitives (0x42.chr # => "A")
  • Every statement has a return value
  • Method-calls as messages
  • Multiple inheritence via Modules (aka Mixins)
  • Metaclasses
  • if, elsif, else, unless, case, break, continue, retry, return, for ... in, while, until, begin, ensure, raise/rescue, throw/catch statements.
  • In-line Regular Expressions ("hello world" =~ /[a-z0-9]+/)
  • Reflection
  • Meta-programming
  • Open Classes (aka Monkey Patching)
  • method_missing/const_missing methods
  • Continuations (aka Fibers)
  • Fully featured standard library
RPU0j.png This article needs immediate attention, and is in desperate need of content.

Learning

There are free ebooks and websites which teach you how to program in Ruby:

Of course, there are many other commercial books and websites on Ruby:

Installing

All Linux distributions provide packages for Ruby, and other Ruby development tools:

Debian / Ubuntu:

sudo apt-get install ruby1.9.1-full

RedHat / Fedora:

sudo apt-get install ruby ruby-dev irb rubygems

Mac OS X systems ship with an older version of Ruby already installed, however you will want to use the latest version (current 1.9.3). The easiest way to install Ruby on a *nix platform, which does not provide an recent version of Ruby, is with the Ruby Version Manager (RVM). RVM is a set of bash scripts which can download, compile, install and update Ruby all within one's home directory.

curl -L https://get.rvm.io | bash -s stable --ruby

Alternate Implementations

The primary implementation of Ruby is known as MRI (Matz Ruby Implementation) or CRuby. However, like any other programming language, Ruby also has many alternate implementations.

  • JRuby: Ruby implemented on the Java Virtual Machine (JVM). It may be slow to startup, but once running JRuby is extremely performant. Consider using JRuby for highly parallized/threaded programs.
  • Rubinius: Ruby implemented on LLVM. Rubinius has a small core of C++ that uses LLVM to interpret, compile and run Ruby code. The majority of Rubinius is actually written in Ruby, which makes the source-code extremely readable.
  • MacRuby: Ruby implemented on LLVM and Objective C. MacRuby can interface to any Mac OS X system library.
  • IronRuby: Ruby implemented ontop of the Microsoft .NET Dynamic Language Runtime (DLR).
  • MRuby: A custom C implementation of Ruby, designed for embedded systems. MRuby seeks to compete with Lua.
  • Ruby Motion: Uses MacRuby to compile Ruby to Objective C iOS apps.
  • Ruboto: JRuby optimized for the Android platform.

Development Tools

ruby is the Ruby interpreter.

$ ruby my_script.rb
$ ruby -Ilib bin/my_util

irb is the Ruby interactive console, similar to python or perlconsole. IRB also supports tab-completion, which can be enabled by adding require 'irb/completion' to your ~/.irbrc1 file.

$ irb
>> RUBY_VERSION
=> "1.9.3"

gem, or better known as RubyGems, is the package manager for Ruby. RubyGems allows you to install Ruby libraries, or Gems, from RubyGems.org. Installed Gems can be loaded with the require method:

$ gem install foo-bar
$ irb
>> require 'foo/bar'
=> true

ri is a Ruby Documentation indexing tool. RI allows you to quickly looking documentation for Ruby methods, from the command line:

$ ri Array#pack

rake is like Make, but for Ruby. Rake is used by Ruby projects to automate various tasks, such as testing, building or installing the project.

$ rake build

Bundler is a RubyGem that allows projects to lock-down their dependencies. Bundler is commonly used by developers to automatically install dependencies for a project (bundle install) or to generate new projects (bundle gem foo).

RSpec is a popular testing framework for Ruby. When a project grows beyond one file/Class/Module, it's generally a good idea to write tests for your code, to ensure nothing breaks.

Useful Libraries

For a complete listing of popular RubyGems by category, please see the Ruby Toolbox.

Console

External Resources

  • Terse syntax, with some similarities to Perl or Bash
  • Non-whitespace sensitive
  • Duck Typing
  • Operator Overloading
  • Higher-order functions (aka lambdas)
  • Anonymous functions (aka closures or blocks)
  • Currying
  • Fully Object Orientated. Everything is an Object, even primitives (0x42.chr # => "A")
  • Every statement has a return value
  • Method-calls as messages
  • Multiple inheritence via Modules (aka Mixins)
  • Metaclasses
  • if, elsif, else, unless, case, break, continue, retry, return, for ... in, while, until, begin, ensure, raise/rescue, throw/catch statements.
  • In-line Regular Expressions ("hello world" =~ /[a-z0-9]+/)
  • Reflection
  • Meta-programming
  • Open Classes (aka Monkey Patching)
  • method_missing/const_missing methods
  • Continuations (aka Fibers)
  • Fully featured standard library
RPU0j.png This article needs immediate attention, and is in desperate need of content.

Learning

There are free ebooks and websites which teach you how to program in Ruby:

Of course, there are many other commercial books and websites on Ruby:

Installing

All Linux distributions provide packages for Ruby, and other Ruby development tools:

Debian / Ubuntu:

sudo apt-get install ruby1.9.1-full

RedHat / Fedora:

sudo apt-get install ruby ruby-dev irb rubygems

Mac OS X systems ship with an older version of Ruby already installed, however you will want to use the latest version (current 1.9.3). The easiest way to install Ruby on a *nix platform, which does not provide an recent version of Ruby, is with the Ruby Version Manager (RVM). RVM is a set of bash scripts which can download, compile, install and update Ruby all within one's home directory.

curl -L https://get.rvm.io | bash -s stable --ruby

Alternate Implementations

The primary implementation of Ruby is known as MRI (Matz Ruby Implementation) or CRuby. However, like any other programming language, Ruby also has many alternate implementations.

  • JRuby: Ruby implemented on the Java Virtual Machine (JVM). It may be slow to startup, but once running JRuby is extremely performant. Consider using JRuby for highly parallized/threaded programs.
  • Rubinius: Ruby implemented on LLVM. Rubinius has a small core of C++ that uses LLVM to interpret, compile and run Ruby code. The majority of Rubinius is actually written in Ruby, which makes the source-code extremely readable.
  • MacRuby: Ruby implemented on LLVM and Objective C. MacRuby can interface to any Mac OS X system library.
  • IronRuby: Ruby implemented ontop of the Microsoft .NET Dynamic Language Runtime (DLR).
  • MRuby: A custom C implementation of Ruby, designed for embedded systems. MRuby seeks to compete with Lua.
  • Ruby Motion: Uses MacRuby to compile Ruby to Objective C iOS apps.
  • Ruboto: JRuby optimized for the Android platform.

Development Tools

ruby is the Ruby interpreter.

$ ruby my_script.rb
$ ruby -Ilib bin/my_util

irb is the Ruby interactive console, similar to python or perlconsole. IRB also supports tab-completion, which can be enabled by adding require 'irb/completion' to your ~/.irbrc1 file.

$ irb
>> RUBY_VERSION
=> "1.9.3"

gem, or better known as RubyGems, is the package manager for Ruby. RubyGems allows you to install Ruby libraries, or Gems, from RubyGems.org. Installed Gems can be loaded with the require method:

$ gem install foo-bar
$ irb
>> require 'foo/bar'
=> true

ri is a Ruby Documentation indexing tool. RI allows you to quickly looking documentation for Ruby methods, from the command line:

$ ri Array#pack

rake is like Make, but for Ruby. Rake is used by Ruby projects to automate various tasks, such as testing, building or installing the project.

$ rake build

Bundler is a RubyGem that allows projects to lock-down their dependencies. Bundler is commonly used by developers to automatically install dependencies for a project (bundle install) or to generate new projects (bundle gem foo).

RSpec is a popular testing framework for Ruby. When a project grows beyond one file/Class/Module, it's generally a good idea to write tests for your code, to ensure nothing breaks.

Useful Libraries

For a complete listing of popular RubyGems by category, please see the Ruby Toolbox.

Console

  • irbtools: Pimp out your IRB.
  • Ripl: Mimimal alternative to IRB, with tons of plugins.
  • Pry: Powerful alternative to IRB.

Database

  • Sequel: A SQL library for Ruby. Supports SQLite3, MySQL and Postgres.
  • DataMapper: An Object Relational Mapper (ORM). Supports SQLite3, MySQL, Postgres, Oracle, MSSQL, HSQL, MongoDB, Redis.
  • ActiveRecord: The Object Relational Mapper (ORM) of Ruby on Rails.
  • MongoMapper: An Object Relational Mapper (ORM) for the MongoDB.

Binary

  • FFI: Foreign Function Interface for Ruby. Allows you to write bindings to C libraries, entirely in Ruby.
  • BinStruct: Binary Structures.
  • RStruct: Yet another Ruby Binary Structure library.
  • ffi-udis86: Ruby FFI bindings to the udis86 dissassembler.

Exploitation

  • REX: Various Exploitation helper methods, extracted from Metasploit.
  • Ruby BlackBag (rbkb): Ruby BlackBag. Misc ruby-based pen-testing/reversing tools. Inspired by Matasano BlackBag.
  • Ragweed: scriptable Win32/Linux/OSX debugger written in Ruby.
  • Nerve: a cross platform hit tracer built on Ragweed.
  • Ronin: A Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits, Payloads, Scanners, etc, via Repositories. Provides a customized Ruby Console, built-in Database and many useful classes, modules, methods, libraries.

Network

  • packetfu: A library for reading a writing packets to an interface or to a libpcap-formatted file.
  • EventMachine: Evented IO for Ruby.
  • em-proxy: EventMachine TCP proxy.
  • net-dns: DNS client library for Ruby.
  • whois: Whois client for Ruby.

Scanners / Spiders

  • ruby-nmap: Automate nmap from Ruby.
  • Spidr: A versatile Web Spider. Spidr is designed to be fast and easy to use.
  • Anemone: A multi-threaded Web Spider, supporting various backend databases.
  • [http://arachni-sca
  • irbtools: Pimp out your IRB.
  • Ripl: Mimimal alternative to IRB, with tons of plugins.
  • Pry: Powerful alternative to IRB.

Database

  • Sequel: A SQL library for Ruby. Supports SQLite3, MySQL and Postgres.
  • DataMapper: An Object Relational Mapper (ORM). Supports SQLite3, MySQL, Postgres, Oracle, MSSQL, HSQL, MongoDB, Redis.
  • ActiveRecord: The Object Relational Mapper (ORM) of Ruby on Rails.
  • MongoMapper: An Object Relational Mapper (ORM) for the MongoDB.

Binary

  • FFI: Foreign Function Interface for Ruby. Allows you to write bindings to C libraries, entirely in Ruby.
  • BinStruct: Binary Structures.
  • RStruct: Yet another Ruby Binary Structure library.
  • ffi-udis86: Ruby FFI bindings to the udis86 dissassembler.

Exploitation

  • REX: Various Exploitation helper methods, extracted from Metasploit.
  • Ruby BlackBag (rbkb): Ruby BlackBag. Misc ruby-based pen-testing/reversing tools. Inspired by Matasano BlackBag.
  • Ragweed: scriptable Win32/Linux/OSX debugger written in Ruby.
  • Nerve: a cross platform hit tracer built on Ragweed.
  • Ronin: A Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits, Payloads, Scanners, etc, via Repositories. Provides a customized Ruby Console, built-in Database and many useful classes, modules, methods, libraries.

Network

  • packetfu: A library for reading a writing packets to an interface or to a libpcap-formatted file.
  • EventMachine: Evented IO for Ruby.
  • em-proxy: EventMachine TCP proxy.
  • net-dns: DNS client library for Ruby.
  • whois: Whois client for Ruby.

Scanners / Spiders

  • ruby-nmap: Automate nmap from Ruby.
  • Spidr: A versatile Web Spider. Spidr is designed to be fast and easy to use.
  • Anemone: A multi-threaded Web Spider, supporting various backend databases.
  • Arachni: Fully featured Web Vulnerability scanner.

Web

  • Nokogiri: A fast XML/HTML parser built ontop of libxml. Supports XPath and CSS-path searching of documents.
  • Mechanize: Automated head-less browser.
  • RestClient: A simple HTTP client library.
  • GScraper: Web-scraping interface to Google Search.
  • Buby: JRuby bindings to Burp.
  • Sinatra: A minimal library for creating web applications.

Resources

References

  • Make your own gem: Basic guide on publishing your first RubyGem.
  • GitRef: Reference to Git, the Distributed Version Control System (DVCS) prefered by Rubyists.
  • Ruby Style Guide: The defacto Ruby style-guide.

Talks