Ruby
Contents
Ruby
Ruby is an interpreted, dynamically typed, reflective, semi-Functional and Object Orientated scripting language. Ruby is said to be semi-Functional because it supports hire-order functions (aka lambdas) and closures (aka blocks). Ruby was created by Yukihiro "Matz" Matsumoto and was first released in 1995. Matz's goal was to combine powerful features from various other programming languages, and create a programming language maximized for developer happiness; as opposed to computational efficiency. Ruby's Object Model mirrors that of Smalltalk, the syntax shares some similarities with Bash, Perl, Python, and the scoping rules for closures was taken from LISP.
This article needs immediate attention, and is in desperate need of content. |
Key Features
In Ruby everything is an Object, even primitives such as Integers and Strings are Objects. Thus, you can call methods on primitives:
0x42.chr # => "A" "hello".reverse # => "olleh" 1.5.round # => 2
Since everything in Ruby is an Object, every statement has a return value; there is no void in Ruby:
result = if x > 10 "high" else "low" end
Ruby does have the concept of null, which is the nil Object.
Of course, every Object is created from a Class. Ruby allows you to introspect (or reflect) Objects and Classes:
0x42.class # => Fixnum Fixnum.ancestors # => [Fixnum, Integer, Numeric, Comparable, Object, Kernel, BasicObject] 0x42.methods # => [:to_s, :-@, :+, :-, :*, :/, :div, :%, :modulo, :divmod, :fdiv, :**, :abs, :magnitude, :==, :===, :<=>, :>, :>=, :<, :<=, :~, :&, :|, :^, :[], :<<, :>>, :to_f, :size, :zero?, :odd?, :even?, :succ, :integer?, :upto, :downto, :times, :next, :pred, :chr, :ord, :to_i, :to_int, :floor, :ceil, :truncate, :round, :gcd, :lcm, :gcdlcm, :numerator, :denominator, :to_r, :rationalize, :singleton_method_added, :coerce, :i, :+@, :eql?, :quo, :remainder, :real?, :nonzero?, :step, :to_c, :real, :imaginary, :imag, :abs2, :arg, :angle, :phase, :rectangular, :rect, :polar, :conjugate, :conj, :between?, :nil?, :=~, :!~, :hash, :class, :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, :taint, :tainted?, :untaint, :untrust, :untrusted?, :trust, :freeze, :frozen?, :inspect, :methods, :singleton_methods, :protected_methods, :private_methods, :public_methods, :instance_variables, :instance_variable_get, :instance_variable_set, :instance_variable_defined?, :instance_of?, :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, :respond_to_missing?, :extend, :display, :method, :public_method, :define_singleton_method, :object_id, :to_enum, :enum_for, :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__]
Ruby also supports anonymous functions, aka closures or blocks. Closures allow you to pass a block of code to a function as an Object, which the function can then call back to. One good example of this is the Integer#times method, which simply calls a block of code n-times:
10.times { puts "haha I'm using blocks!" } # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks! # haha I'm using blocks!
Since every statement has a return value, and blocks are just groupings of statements, we can use them to transform data:
(1..10).map { |i| i * 2 } # => [2, 4, 6, 8, 10, 12, 14, 16, 18, 20] ["racecar", "dog", "radar", "cat"].select { |word| word == word.reverse } # => ["racecar", "radar"]
Learning
There are free ebooks and websites which teach you how to program in Ruby:
- TryRuby in your browser!
- The Humble Little Ruby Book
- Programming in Ruby (1.8): The Pragmatic Programmer's Guide
- The Bastards Book of Ruby
- Learning Ruby (blog)
Of course, there are many other commercial books and websites on Ruby:
- Programming Ruby 1.9: The Pragmatic Programmers’ Guide
- The Ruby Programming Language
- Well Grounded Rubyist
- Eloquent Ruby
- Ruby Reloaded (online course)
- Ruby Off Rails (online course)
Installing
All Linux distributions provide packages for Ruby, and other Ruby development tools:
Debian / Ubuntu:
sudo apt-get install ruby1.9.1-full
RedHat / Fedora:
sudo apt-get install ruby ruby-dev irb rubygems</code> Mac OS X systems ship with an older version of Ruby already installed, however you will want to use the latest version (current 1.9.3). The easiest way to install Ruby on a *nix platform, which does not provide an recent version of Ruby, is with the [https://rvm.io/ Ruby Version Manager (RVM)]. RVM is a set of bash scripts which can download, compile, install and update Ruby all within one's home directory. <pre>curl -L https://get.rvm.io | bash -s stable --ruby
Alternate Implementations
The primary implementation of Ruby is known as MRI (Matz Ruby Implementation) or CRuby. However, like any other programming language, Ruby also has many alternate implementations.
- JRuby: Ruby implemented on the Java Virtual Machine (JVM). It may be slow to startup, but once running JRuby is extremely performant. Consider using JRuby for highly parallized/threaded programs.
- Rubinius: Ruby implemented on LLVM. Rubinius has a small core of C++ that uses LLVM to interpret, compile and run Ruby code. The majority of Rubinius is actually written in Ruby, which makes the source-code extremely readable.
- IronRuby: Ruby implemented ontop of the Microsoft .NET Dynamic Language Runtime (DLR).
- MRuby: A custom C implementation of Ruby, designed for embedded systems. MRuby seeks to compete with Lua.
Development Tools
ruby is the Ruby interpreter.
$ ruby my_script.rb
$ ruby -Ilib bin/my_util
irb is the Ruby interactive console, similar to python or perlconsole. IRB also supports tab-completion, which can be enabled by adding require 'irb/completion' to your ~/.irbrc1 file.
$ irb >> RUBY_VERSION => "1.9.3"
gem, or better known as RubyGems, is the package manager for Ruby. RubyGems allows you to install Ruby libraries, or Gems, from RubyGems.org. Installed Gems can be loaded with the require method:
$ gem install foo-bar $ irb >> require 'foo/bar' => true
ri is a Ruby Documentation indexing tool. RI allows you to quickly looking documentation for Ruby methods, from the command line:
$ ri Array#pack
rake is like Make, but for Ruby. Rake is used by Ruby projects to automate various tasks, such as testing, building or installing the project.
$ rake build
Bundler is a RubyGem that allows projects to lock-down their dependencies. Bundler is commonly used by developers to automatically install dependencies for a project (bundle install) or to generate new projects (bundle gem foo).
RSpec is a popular testing framework for Ruby. When a project grows beyond one file/Class/Module, it's generally a good idea to write tests for your code, to ensure nothing breaks.
Useful Libraries
For a complete listing of popular RubyGems by category, please see The Ruby Toolbox.
Console
- irbtools: Pimp out your IRB.
- Ripl: Mimimal alternative to IRB, with tons of plugins.
- Pry: Powerful alternative to IRB.
Database
- Sequel: A SQL library for Ruby. Supports SQLite3, MySQL and Postgres.
- DataMapper: An Object Relational Mapper (ORM). Supports SQLite3, MySQL, Postgres, Oracle, MSSQL, H2, MongoDB, Redis.
- ActiveRecord: The Object Relational Mapper (ORM) of Ruby on Rails.
Web
- Nokogiri: Fast XML/HTML parser built ontop of libxml. Supports XPath and CSS-path searching of documents.
- Mechanize: Automated head-less browser.
- RestClient: Simple HTTP interface.
- Sinatra: A minimal library for creating web-apps.
Binary
- FFI: Foreign Function Interface for Ruby. Allows you to write bindings to C libraries, entirely in Ruby.
- BinStruct: Binary Structures.
- ffi-udis86: Ruby FFI bindings to the udis86 dissassembler.
Exploitation
- REX: Various Exploitation helper methods, extracted from Metasploit.
- Ruby BlackBag (rbkb): Ruby BlackBag. Misc ruby-based pen-testing/reversing tools. Inspired by Matasano BlackBag.
- Ronin: A Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits, Payloads, Scanners, etc, via Repositories. Provides a customized Ruby Console, built-in Database and many useful classes, modules, methods, libraries.
Scanners / Spiders
- ruby-nmap: Automate nmap from Ruby.
- Spidr: A versatile Web Spider. Spidr is designed to be fast and easy to use.
- Anemone: A multi-threaded Web Spider, supporting various backend databases.
- Arachni: Fully featured Web Vulnerability scanner.
Resources
- #ruby on irc.freenode.net
- /r/ruby: A sub-reddit for news and questions about Ruby.
- GitHub: where the majority of Ruby projects are hosted and developers collaborate.
- RubyGems.org: repository for all Ruby libraries)
- Ruby Toolbox: Groups popular RubyGems by category.
- RubyDoc: Hosts documentation for Ruby core, stdlib and all RubyGems.