"but the ecosystem is the biggest problem by promoting magic."
This argument isn't entirely true anymore. The Ruby ecosystem has mostly moved away from meta-programming, and embraced classical OOP. Rubyists now tend to avoid `method_missing` and `const_missing` when possible, and abandoned the craze of making everything a DSL. The most meta-programming that Rubyists still use on a regular basis is defining `self.included` on modules in order to inject other modules. Also, Rubyists have embraced API documentation, such as YARD, in order to document and communicate any "magic" that might exist or occur.
There is a significant anti-Ruby sentiment in the tech industry right now, especially in certain fields like InfoSec, that is being pushed by a very vocal subset of the community. Whenever they see Ruby come up, they will try pushing the meme that Ruby is dead/dying/irrelevant and cite TIOBE; despite Ruby developers continuing to release new libraries, frameworks, and tooling. Or they will claim no popular websites use Ruby; apparently GitHub, LinkedIn, and AirBnB are not popular enough? Or claim MetaSploit is the only security tool written in Ruby; off the top of my head I can think of BeFF, CeWL, Evil-WinRM, and Ronin. Or claim no company uses or supports Ruby; GitHub, Shopify, Stripe all use and support Ruby. Or they will derail any positive discussion about Ruby into some intractable debate about Static vs Dynamic Typing, GC, interpretive languages, etc; even though many of the arguments against Ruby can equally be applied to Python, and yet there's no similar criticism of Python. It's really annoying and inconsistent.
Recently there was a news story about how a typo in a US military address (.mil) caused top secret emails to accidentally be sent to a similar Mali address (.ml). This blog post shows how to find all valid TLD typos using a little bit of Ruby and the ronin-support library.
There is not a Python equivalent to Ronin as a whole, to my knowledge. There are however Python libraries that provide some of the features of Ronin. For example, pwntools can be used for packing binary data and generating shellcode for exploits, however it is more of a library instead of an exploit framework (frameworks run 3rd party code and manage the control flow) and has a fairly minimal API when compared to Ronin's many libraries. There are also dozens of bespoke Python exploit "frameworks" on GitHub, but none of them that I've seen support installing 3rd party repositories of exploits. The scope of Ronin is much bigger than just an exploit framework or vulnerability scanner. YMMV
It might still be. The original metasploit developers had a habit of vendoring all of their dependencies to create a mono-repo that "just worked" (tm), even after Bundler was created, which beefed up their SLoC count. Plus there's lots of miscellaneous supporting code that was added for various past exploits. However, while some see "largest Ruby codebase" as bragging rights, wise Software Engineers will see that as a liability to be avoided.
However, Crystal aims to support the lowest common denominator between POSIX and Windows, so not all of the Windows standard APIs are supported out-of-the-box. Other Windows specific libraries will need to be created specifically for Windows users/developers.
You can write "complected" monoliths in any language. You can also write SOAs in any language. If you need native performance, Crystal is a better option, as it provides much of the same syntax, semantics, and stdlib as Ruby, but with Strong Typing. Go is a bit too simple.
