Ruso Scripting Language
A tiny DSL for describing a single security question.
Language reference →Hopeless Labs
We build Ruso — an open vulnerability-scanning ecosystem. Write a small script that asks one security question, run it from your terminal or CI, and get a structured answer.
name "Exposed Redis"
severity high
tcp redis { host "{{scan_host}}" port 6379 }
send redis
redis.write "PING\r\n"
match redis.response contains "+PONG" # no auth requiredOne file, one question. Compile it, ship it, install it from the registry.
Scripts are plain text describing probes and matches. No framework, no boilerplate — diff them, review them, version them.
Source compiles to compact bytecode that a tiny runtime executes. The same artifact runs locally, in CI, and from the registry.
Publish a check once and anyone can install it. The registry turns one person's research into everyone's tooling.
Four pieces that fit together: a language to express checks, a runtime and CLI to run them, and a registry to share them.
A tiny DSL for describing a single security question.
Language reference →Compile, scan, and report from your terminal or CI.
CLI reference →A compact bytecode VM that executes scans fast.
Bytecode format →Browse, publish, and install community scan scripts.
Open the registry →The quick start walks you from install to your first finding.