Is ruby a good choice for infosec?

ruby-talk
1

Greetings rubyist,

The internet is full of python for infosec, is ruby a good choice too ? I
know metasploit and Ronin are built in ruby but python has more security
focused packages like paramiko..

What's your take?

Thank you,

Surya.

2

Sorry for the delay!

   The internet is full of python for infosec, is ruby a good choice too ? I
   know metasploit and Ronin are built in ruby but python has more security
   focused packages like paramiko..
   What's your take?

My take is the take of one who is not working in infosec, nor would he,
since information security is an impossible goal to reach, and those
who promise security know, or should know, that they are delivering
hopes rather than certainties.

Nevertheless, I can intuit that anybody who would really manage to
gain insights and obtain practical results from his work in this mined
field would need to become *very* intimate with the tools he uses. The
best is if he can develop them himself, but even if some pre-made
packages are used, certainly the sheer number of available packages is
not an advantage per se: why have twenty-five types of wrench
available, all with different handles and different build quality, if
the wrench you end up using is always the same one?

Ruby *as a language* (that is, not because of the libraries it
provides) offers great advantages of expressivity in the code you
write. The good programmer finds this of great value.

Carlo

···

Subject: Is ruby a good choice for infosec?
  Date: ven 06 dic 19 07:50:44 +0530

--
  * Se la Strada e la sua Virtu' non fossero state messe da parte,
* K * Carlo E. Prelz - fluido@fluido.as che bisogno ci sarebbe
  * di parlare tanto di amore e di rettitudine? (Chuang-Tzu)

3

Hi
Short answer, infosec community alway has a hype.
10 years back, the hype was Perl, then javascript, then PowerShell, then
Python, now it's C#, Go and Rust. So if you are looking for the hype learn
Go and C#.
However, all languages are great and can fill almost everything you need.
Existing external libraries is great. However, these libraries have been
built by people who know the language very well. So if you want to build
something, you can, but you need to know the language. A library like
paramiko is not for infosec, rather, infosec people use it. You can find a
similar library (better implementation) in Ruby called net-ssh.

Finally, pick the language you want/like. I picked Ruby and I had the same
concern you have now. Then, I built https://rubyfu.net while I'm developing
myself and I do whatever I want.

···

On Fri, 6 Dec 2019 at 08:53, Carlo E. Prelz <fluido@fluido.as> wrote:

        Subject: Is ruby a good choice for infosec?
        Date: ven 06 dic 19 07:50:44 +0530
Sorry for the delay!

> The internet is full of python for infosec, is ruby a good choice too
? I
> know metasploit and Ronin are built in ruby but python has more
security
> focused packages like paramiko..
> What's your take?

My take is the take of one who is not working in infosec, nor would he,
since information security is an impossible goal to reach, and those
who promise security know, or should know, that they are delivering
hopes rather than certainties.

Nevertheless, I can intuit that anybody who would really manage to
gain insights and obtain practical results from his work in this mined
field would need to become *very* intimate with the tools he uses. The
best is if he can develop them himself, but even if some pre-made
packages are used, certainly the sheer number of available packages is
not an advantage per se: why have twenty-five types of wrench
available, all with different handles and different build quality, if
the wrench you end up using is always the same one?

Ruby *as a language* (that is, not because of the libraries it
provides) offers great advantages of expressivity in the code you
write. The good programmer finds this of great value.

Carlo

--
  * Se la Strada e la sua Virtu' non fossero state messe da parte,
* K * Carlo E. Prelz - fluido@fluido.as che bisogno ci sarebbe
  * di parlare tanto di amore e di rettitudine? (Chuang-Tzu)

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

--

*Thank you!*
*Sabri.*

5

Dear Sabri.

Big fan of rubyfu.net!

Thank you to you and the community!

Regards,

Surya.

···

On Fri, 6 Dec 2019, 15:22 KING SABRI, <king.sabri@gmail.com> wrote:

Hi
Short answer, infosec community alway has a hype.
10 years back, the hype was Perl, then javascript, then PowerShell, then
Python, now it's C#, Go and Rust. So if you are looking for the hype learn
Go and C#.
However, all languages are great and can fill almost everything you need.
Existing external libraries is great. However, these libraries have been
built by people who know the language very well. So if you want to build
something, you can, but you need to know the language. A library like
paramiko is not for infosec, rather, infosec people use it. You can find a
similar library (better implementation) in Ruby called net-ssh.

Finally, pick the language you want/like. I picked Ruby and I had the same
concern you have now. Then, I built https://rubyfu.net while I'm
developing myself and I do whatever I want.

On Fri, 6 Dec 2019 at 08:53, Carlo E. Prelz <fluido@fluido.as> wrote:

        Subject: Is ruby a good choice for infosec?
        Date: ven 06 dic 19 07:50:44 +0530
Sorry for the delay!

> The internet is full of python for infosec, is ruby a good choice
too ? I
> know metasploit and Ronin are built in ruby but python has more
security
> focused packages like paramiko..
> What's your take?

My take is the take of one who is not working in infosec, nor would he,
since information security is an impossible goal to reach, and those
who promise security know, or should know, that they are delivering
hopes rather than certainties.

Nevertheless, I can intuit that anybody who would really manage to
gain insights and obtain practical results from his work in this mined
field would need to become *very* intimate with the tools he uses. The
best is if he can develop them himself, but even if some pre-made
packages are used, certainly the sheer number of available packages is
not an advantage per se: why have twenty-five types of wrench
available, all with different handles and different build quality, if
the wrench you end up using is always the same one?

Ruby *as a language* (that is, not because of the libraries it
provides) offers great advantages of expressivity in the code you
write. The good programmer finds this of great value.

Carlo

--
  * Se la Strada e la sua Virtu' non fossero state messe da parte,
* K * Carlo E. Prelz - fluido@fluido.as che bisogno ci
sarebbe
  * di parlare tanto di amore e di rettitudine? (Chuang-Tzu)

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

--

*Thank you!*
*Sabri.*

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

6

InfoSec is a broad term, and what you want to do with it is really up to you. Cryptography is one aspect, vulnerability testing is another.

Ruby is best for developer performance and rapid-prototyping. Much like Python and Perl, Ruby lets you build a working tool quickly. The mistake we often make is assuming we need the perfect language to build the perfect tool. If the quickly built solution solves the problem, then you win. Coding in C is much more performant that Ruby, but if the Ruby solution is fast enough, and has good documentation and tests, then you don't need to do all the extra work for a C solution.

My current career plan is to do better Ruby and look for work doing rapid prototypes for customers. If I can quickly show that something can be done then my team has a better chance at getting the long term work. If requirements for the production solution include things like performance, compiled code, or other machine efficiency items then maybe re-write in Go. If we develop a quick solution that works we are already learning things about the domain that might not have been obvious. That makes the re-write easier and better.

Leam

···

On 12/5/19 9:20 PM, Surya Poojary wrote:

Greetings rubyist,

The internet is full of python for infosec, is ruby a good choice too ? I know metasploit and Ronin are built in ruby but python has more security focused packages like paramiko..

What's your take?

Thank you,

Surya.

7

Hi
I don't think it matters what language you learn to code in, once you have
the basic concepts and techniques down, then you can pick up most new
languages fairly quickly.

I've written tools in Ruby, Go, Python, Perl and quite a few others.

I gave this talk at Wild West Hackinfest last year where I showed how to
write a basic testing script with Google and a lot of copy/paste.

Robin

···

On Fri, 6 Dec 2019 at 02:21, Surya Poojary <suryapjr@gmail.com> wrote:

Greetings rubyist,

The internet is full of python for infosec, is ruby a good choice too ? I
know metasploit and Ronin are built in ruby but python has more security
focused packages like paramiko..

What's your take?

Thank you,

Surya.

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

--
x