ENNAENNA

Brakeman

๐Ÿ•ธ Web Scanning ยท Ruby

Brakeman is a static analysis tool that scans Ruby on Rails application source code for security vulnerabilities. It requires no setup or configuration to run and does not need the application's dependencies to be installed. Brakeman checks for over 20 vulnerability types including SQL injection, cross-site scripting, command injection, mass assignment, unsafe redirects, and Rails-specific issues like unscoped finds and dangerous send calls. It produces detailed reports with confidence ratings and integrates into CI pipelines for continuous security scanning.

7.2kstars
766forks
112issues
Updated 3d ago
+I use this
View on GitHubOfficial Website

Installation

$ gem install brakeman

Use Cases

  • CI/CD security scanning for Rails applications
  • Finding SQL injection and XSS in Ruby code
  • Detecting Rails-specific security misconfigurations
  • Pre-deployment security gate for Rails projects

Tags

sastruby-on-railsstatic-analysiscode-scanningci-cdbrakemanrailsrubysecuritysecurity-auditsecurity-toolssecurity-vulnerabilityvulnerabilities

Details

Category
๐Ÿ•ธ Web Scanning
Language
Ruby
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/presidentbeef/brakeman

Official Website

brakemanscanner.org

Releases

github.com/presidentbeef/brakeman/releases

Issues

github.com/presidentbeef/brakeman/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Semgrep

OCaml

Lightweight static analysis engine for finding bugs and enforcing code standards across 30+ languages with custom rules.

Compare Brakeman vs Semgrep

Bearer

Go

SAST tool scanning code for security risks, sensitive data flows, and vulnerabilities.

Compare Brakeman vs Bearer

Bandit

Python

Python static analysis security linter to find common code vulnerabilities.

Compare Brakeman vs Bandit

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast