hopeless/labs

Hopeless Labs

Security tooling for people who read the source.

We build Ruso — an open vulnerability-scanning ecosystem. Write a small script that asks one security question, run it from your terminal or CI, and get a structured answer.

redis-exposed.rsl
name "Exposed Redis"
severity high

tcp redis { host "{{scan_host}}" port 6379 }

send redis
redis.write "PING\r\n"
match redis.response contains "+PONG"   # no auth required

One file, one question. Compile it, ship it, install it from the registry.

Small and readable

Scripts are plain text describing probes and matches. No framework, no boilerplate — diff them, review them, version them.

Fast and portable

Source compiles to compact bytecode that a tiny runtime executes. The same artifact runs locally, in CI, and from the registry.

Open and shared

Publish a check once and anyone can install it. The registry turns one person's research into everyone's tooling.

The Ruso ecosystem

Four pieces that fit together: a language to express checks, a runtime and CLI to run them, and a registry to share them.

Start scanning in minutes.

The quick start walks you from install to your first finding.

Quick start