Security

A CLI tool & library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns. Methods for base64, digest (hash), flag, rot (Caesar), hexadecimal, case, cgi (URL encoding/decoding, HTML escaping/unescaping), binary, leet (1337), decimal, XOR, whitespace strip, IP/URI/domain/email defang/refang.

This add-on allows you to upload and parse output produced from the WPScan WordPress security scanner into Dradis.

Provides security, reliability and consistency to Puppet masterless environments

see summary

A ruby based VM that lets one add secure scripting to ruby applications.

This is the simple REST client for Security Command Center API V1beta2. Simple REST clients are Ruby client libraries that provide access to Google services via their HTTP REST API endpoints. These libraries are generated and updated automatically based on the discovery documents published by the service, and they handle most concerns such as authentication, pagination, retry, timeouts, and logging. You can use this client to access the Security Command Center API, but note that some services may provide a separate modern client that is easier to use.

S3 Bucket security hardening tool

A Jekyll plugin that makes your PWA / Website available offline and lets you install on desktop and mobile. It generates and injects a precache list into a Workbox v5.1.4 service worker and handles the registration process in a secure way.

Ronin Scanners is a Ruby library for Ronin that provides Ruby interfaces to various third-party security scanners. Ronin is a Ruby platform designed for information security and data exploration tasks. Ronin allows for the rapid development and distribution of code over many of the common Source-Code-Management (SCM) systems.

Apigee Connect allows the Apigee hybrid management plane to connect securely to the MART service in the runtime plane without requiring you to expose the MART endpoint on the internet. If you use Apigee Connect, you do not need to configure the MART ingress gateway with a host alias and an authorized DNS certificate. Note that google-cloud-apigee_connect-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-apigee_connect instead. See the readme for more details.

Pipeline detects security vulnerabilities in code.

JWTear, a modular command-line tool to parse, create and manipulate JWT tokens for security testing purposes.

Commandline tools for creation, distribution, and execution of Lightweight Environment for Network Security Education (LENSE)

Financial information scraper gem. Uses Yahoo Finance API.

Embed QuickPay's secure payments directly into your Ruby applications. Learn more at https://tech.quickpay.net

IMMUNIO protects your web app from security vulnerabilities by monitoring requests in realtime. After a two minute installation, your application will be protected from many of the top classes of attacks, including Cross-Site Scripting (XSS), SQL Injection, Remote Command Execution, and Bruteforce. This agent gem works in conjunction with the IMMUNIO service. Go to https://immun.io to learn more and create an account.

Hambuger Store is an easy, lightweight way to store data about your pipeline instances. As you go through your pipeline, you're going to produce a lot of information that's relevant to your pipeline instance, and having to store that in a text file or pass parameters between jobs can get very unwieldy very quickly. Hamburger Store utilizes two AWS services (Dyanmo DB and Key Management Service) to provide an easy way to securely store the data your pipeline needs, without the bother of having to set it up yourself.

CLI tool for your CI/CD to make sure a recent and secure ruby version is used.

Secure, encrypted file uploads using Crypt19 and CarrierWave

This gem makes it easy to configure a dynamic Content-Security-Policy header for your Rails application. You can easily customize the rules in your controllers, and you can also update the rules in your views.

Handle mobile secrets the secure way with ease

Apache module providing secure downloading functionality, just like Mongrel Secure Download does for mongrel.

Our APIs allow easy and secure access to bank account data and payment initiation. The account data accessible are account holder's personal information, account balances, transaction history and much more. The available payment methods depend on the banks implementation but typically are domestic transfers, SEPA credit transfer, instant SEPA credit transfer, fast payment scheme, and SWIFT international payments.

Audit Ruby package dependencies for security vulnerabilities.

crypto-lite - cryptographic secure hash functions and public key signature algorithms made easy

An alternative to attr_protected that supports a simpler, more secure params assignment mindset while also encouraging obviousness.

Assured Workloads for Government secures government workloads and accelerates the path to running compliant workloads on Google Cloud. Note that google-cloud-assured_workloads-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-assured_workloads instead. See the readme for more details.

Ghoul is a simple yet good looking interface for your git repositories written in sinatra. It is currently only for demonstration purposes and use on your secure local machine as it does not enforce any authentication as of yet.

This is the simple REST client for Web Security Scanner API V1beta. Simple REST clients are Ruby client libraries that provide access to Google services via their HTTP REST API endpoints. These libraries are generated and updated automatically based on the discovery documents published by the service, and they handle most concerns such as authentication, pagination, retry, timeouts, and logging. You can use this client to access the Web Security Scanner API, but note that some services may provide a separate modern client that is easier to use.

This add-on allows you to upload and parse output produced from Brakeman Ruby on Rails security scanner into Dradis.

This is the simple REST client for Web Security Scanner API V1. Simple REST clients are Ruby client libraries that provide access to Google services via their HTTP REST API endpoints. These libraries are generated and updated automatically based on the discovery documents published by the service, and they handle most concerns such as authentication, pagination, retry, timeouts, and logging. You can use this client to access the Web Security Scanner API, but note that some services may provide a separate modern client that is easier to use.

codesake.com is an application security startup providing code review and penetration test services for Ruby powered web applications. codesake_commons is the gem containing common ground routines useful across the project

A String subclass to simplify handling of: 1. Binary data, including HEX encoding and Bin64 encoding. 2. Encryption such as RSA, AES, and digest methods such as SHA and MD5.

Parses a hash string of the format `'{ :a => "something" }'` into an actual ruby hash object `{ a: "something" }`. This is useful when you by mistake serialize hashes and save it in database column or a text file and you want to convert them back to hashes without the security issues of executing `eval(hash_string)`. By default only following classes are allowed to be deserialized: * TrueClass * FalseClass * NilClass * Numeric * String * Array * Hash A HashParser::BadHash exception is thrown if unserializable values are present.

Dataplex is an intelligent data fabric that provides a way to centrally manage, monitor, and govern your data across data lakes, data warehouses and data marts, and make this data securely accessible to a variety of analytics and data science tools. Note that google-cloud-dataplex-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-dataplex instead. See the readme for more details.

Passphrase is a library and command-line tool for generating passphrases using the Diceware Method. The method selects words from a predefined database of more-or-less recognizable words, making the resulting passphrases easier to remember and type. And because the words are selected randomly, the result is more secure.

Foreman plug-in for managing security compliance reports

AquaticPrime is a cryptographically secure licensing method for shareware applications. The Ruby implementation currently only generates licenses, and is intended for use in online stores.

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors.

Adds attribute encryption to ActiveRecord models

Acra helps you easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartmentalise data stored in large sharded schemes.

Generates Rails code implementing a model security and authentication system for your Rails app.

Web service for sharing secrets more securely

click securities client library for ruby.

This is the simple REST client for Web Security Scanner API V1alpha. Simple REST clients are Ruby client libraries that provide access to Google services via their HTTP REST API endpoints. These libraries are generated and updated automatically based on the discovery documents published by the service, and they handle most concerns such as authentication, pagination, retry, timeouts, and logging. You can use this client to access the Web Security Scanner API, but note that some services may provide a separate modern client that is easier to use.

gem-status gets the list of gems you use from Gemfile.lock file and runs some checks on those gems. Checks that can be run are: * Does it has a license? If it does not, it can be a problem for distributing your software with this gem. * Is it Gpl? If it is, it can be a problem if your software or other gems are not GPL compatible. * Is the same in Rubygems.org? This is for people who uses his own gem server. This checks the gems are the same. * Does it has security alerts? This will search into the commits and into security mailing lists for possible security messages.

Build a highly secure, multi-tenant rails app without data leak.

ronin-db is a database library for managing and querying security data. ronin-db provides common ORM models for interacting with the database's SQL tables and querying/storing security data, such as URLs, email addresses, host names, IPs, ports, etc. ronin-db also provides CLI commands for managing the database(s).

Binary Authorization is a service on Google Cloud that provides centralized software supply-chain security for applications that run on Google Kubernetes Engine (GKE) and GKE on-prem. Note that google-cloud-binary_authorization-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-binary_authorization instead. See the readme for more details.

The dbi-dbrc library provides an interface for storing database connection information, including passwords, in a locally secure file only accessible by you, or root. This allows you to avoid hard coding login and password information in your programs that require such information. This library can also be used to store login and password information for logins on remote hosts, not just databases.