Results 1 to 6 of 6

Thread: Python vs Ruby

Hybrid View

  1. #1
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default Python vs Ruby

    All the exploits in metasploit are written in Ruby. Is there ANY particular reason for this, for example, ease of programming, less time & effort consumming, more powerful etc etc. I've read few pages comparing them, like Matz one where he says that both languages provide almost the same power to the programmer.

    May be writing exploits for msf in Ruby was only personal choice, was it?
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    H.D. Moore was the original creator of metasploit. It was in fact written in perl all the way up to 2.7. When 3.0 was coded hdm switched to ruby. I'm not sure if there is any special reason but ruby is a simple and extremely powerful language. I'm pretty sure that's just what they decided on.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    8

    Default

    From developers_guide.pdf, that comes with metasploit 3.2:

    1.1 Why Ruby?
    During the development of the framework, the one recurring question that the
    Metasploit staff was continually asked was why Ruby was selected as the programming language. To avoid having to answer this question on an individual
    basis, the authors have opted for explaining their reasons in this document.
    The Ruby programming language was selected over other choices, such as python,
    perl, and C++ for quite a few reasons. The first (and primary) reason that Ruby
    was selected was because it was a language that the Metasploit staff enjoyed
    writing in. After spending time analyzing other languages and factoring in past
    experiences, the Ruby programming language was found to offer both a simple
    and powerful approach to an interpreted language. The degree of introspection
    and the object-oriented aspects provided by Ruby were something that fit very
    nicely with some of the requirements of the framework. The framework’s need
    for automated class construction for code re-use was a key factor in the decision
    making process, and it was one of the things that perl was not very well suited
    to offer. On top of this, the syntax is incredibly simplistic and provides the
    same level of language features that other more accepted languages have, like
    perl.
    The second reason Ruby was selected was because of its platform independent
    support for threading. While a number of limitations have been encountered
    during the development of the framework under this model, the Metasploit
    staff has observed a marked performance and usability improvement over the
    2.x branch. Future versions of Ruby (the 1.9 series) will back the existing
    threading API with native threads for the operating system the interpreter is
    compiled against which will solve a number of existing issues with the current
    implementation (such as permitting the use of blocking operations). In the
    meantime, the existing threading model has been found to be far superior when
    compared to a conventional forking model, especially on platforms that lack a
    native fork implementation like Windows.
    Another reason that Ruby was selected was because of the supported existence
    of a native interpreter for the Windows platform. While perl has a cygwin
    version and an ActiveState version, both are plagued by usability problems.
    The fact that the Ruby interpreter can be compiled and executed natively on
    Windows drastically improves performance. Furthermore, the interpreter is also
    very small and can be easily modified in the event that there is a bug.
    The Python programming language was also a language candidate. The reason
    the Metasploit staff opted for Ruby instead of python was for a few different
    reasons. The primary reason is a general distaste for some of the syntactical
    annoyances forced by python, such as block-indention. While many would argue
    the benefits of such an approach, some members of the Metasploit staff find it to
    be an unnecessary restriction. Other issues with Python center around limita-
    tions in parent class method calling and backward compatibility of interpreters.
    The C/C++ programming languages were also very seriously considered, but in
    the end it was obvious that attempting to deploy a portable and usable frame-
    work in a non-interpreted language was something that would not be feasible.

    Furthermore, the development time-line for this language selection would most
    likely be much longer.
    Even though the 2.x branch of the framework has been quite successful, the
    Metasploit staff encountered a number of limitations and annoyances with perl’s
    object-oriented programming model, or lack thereof. The fact that the perl
    interpreter is part of the default install on many distributions is not something
    that the Metasploit staff felt was worth detouring the language selection. In the
    end, it all came down to selecting a language that was enjoyed by the people
    who contribute the most to the framework, and that language ended up being
    Ruby.

  4. #4
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Thanks to both.....
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  5. #5
    Junior Member
    Join Date
    Aug 2007
    Posts
    55

    Default

    Quote Originally Posted by pureh@te View Post
    H.D. Moore was the original creator of metasploit. It was in fact written in perl all the way up to 2.7. When 3.0 was coded hdm switched to ruby. I'm not sure if there is any special reason but ruby is a simple and extremely powerful language. I'm pretty sure that's just what they decided on.
    I wouldn't exactly say it's "simple" .
    Ruby and Python are both intuitive, or let's say "easy to read". The main difference is that Ruby is completely Object Oriented and Python isn't (not completely). Python seems also to be more "mature": there are way more modules available.
    I like them both, and perl as well

  6. #6
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    14

    Default

    In all honesty, by the time you truly understand the specific advantages/disadvantages and differences between the languages, and pick the one you're going to write in, chances are you are familiar with all of them by that time, seeing as how in order to make an accurate and educated guess at which one is better, you need to know them. (What a run-on sentence)

    So just learn them all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •