Bad news. The server hosting The Ruby Toolbox went bust on the evening of June 7th. While I do have backups, the original source code is in a very outdated state so I currently don't feel it makes sense to try and get it running again.

For the time being, here is a very stripped down version of the Ruby Toolbox's contents.

Update June 13th: I'd like to invite you to join the discussion on the future of the Toolbox on github. You can also get in touch directly on Twitter.

 Score 8.39


Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's whitelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.) ActiveRecord extensions for sanitization are available in the `loofah-activerecord` gem (see

 Rubygem loofah
 Score 3.93


Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.

 Rubygem brakeman
 Score 0.36


Adds methods to set and authenticate against one time passwords. Inspired in AM::SecurePassword"

 Score 0.34


Tarantula is a big fuzzy spider. It crawls your Rails 2.3 and 3.x applications, fuzzing data to see what breaks.

 Rubygem tarantula
 Score 0.3

Xss terminate

 Score 0.27


JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby

 Rubygem json-jwt
 Github nov/json-jwt
 Score 0.26

Rails xss

This plugin replaces the default ERB template handlers with erubis, and switches the behaviour to escape by default rather than requiring you to escape. This is consistent with the behaviour in Rails 3.0.

 Rubygem rails_xss
 Github NZKoz/rails_xss
 Score 0.09

Param protected

Provides two class methods on ActiveController::Base that filter the params hash for that controller's actions. You can think of them as the controller analog of attr_protected and attr_accessible.

 Score 0.04


Codesake::Dawn is a security source code scanner for ruby powered code. Starting from January 07, 2015 this gem is renamed to dawnscanner and this version is no longer supported. Please, upgrade your Gemfile.

 Score 0.03


Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment

 Score 0.03


A rack middleware for whitelisting and blacklisting IPs

 Rubygem alpaca
 Github jeffchao/alpaca
 Score 0.02


Shell execution made easy and secure

 Rubygem shellex