This talk is about how ruby can be used to write exploits and carry out penetration tests using the Metasploit Framework which happens to be the largest ruby project so far. MSF provides array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. I shall give a quick intro to the interfaces that MSF provides, different components of the framework, and how it can be used in different phases of security analysis and pen-testing. I shall mainly talk about the usage of ruby for scripting payloads and other exploits.
Security is something that is largely ignored by developers and other IT professionals. I intend to show how MSF makes it simple enough through the use of ruby.
NOTE: This is not a tutorial on security or vulnerability exploitation as RubyConf is not the forum for it. The main focus of this talk will be to demonstrate usage of ruby for pen-testing.
Audience: It can very well be a Beginner level talk since in terms of ruby, I'll stick to the basics; but I wont spend too much time trying to explain pen-test concepts like vulnerability, exploit, payload, etc; so a basic understanding of these would help.