Thoughts on security, privacy, and building software.
19 February 2015
As part of pentesting your site, or that of a client, you will need to find all as much detail out about a domain and it’s IP ranges as possible, or at least demonstrate what can be found via automated tools. Typically this is done through dig, or a bruteforcing tool like dnsenum or fierce.pl. Dig is installed with the bind-utils cygwin package, and it straightforward to use (type ‘dig any domainname.com’, or look at man dig to get started).
15 February 2015
This is a quick note to share a useful tool by Vidar ‘koala_man’ Holen, www.shellcheck.net. ShellCheck is a site that allows you to paste in your bash scripts and receive automated feed back on common errors and security holes.
15 February 2015
After 10 months of running the http://cygwin.rafaelhart.com sub-domain, I’m now getting about 500 hits a month on what is largely an SEO-un-optimized site, and with the other professional sites I’ve worked on, I’ve largely come to the conclusion that there are only two rules that matter for driving traffic to sites.
22 January 2015
These days, most files that are compressed come in 7zip, zip or tar/gunzip format, though there are a myriad of other types out there. I first cut my teeth on arj, but those were the days of DOOM, Slackware 3.0 and floppy disks. When you do come across an unfamiliar format, it can slow down your workflow to look for the right switches, which is where dtrx - “Do the Right Extraction” comes in. It will extract bz2, cab, cpio, deb, gem, gz, lzh, lzma, rar, rpm, xz, 7z and a variety of other niche compressions. It depends on Python, and you can install it with:
06 January 2015
HTTP fingerprinting on windows normally uses a windows based gui, like httprint, but there are some excellent command line options as well. Whatweb is a ruby program that identifies websites, their frameworks, language version, server version, etc. The current stable build is 0.4.6, which won’t work on cygwin, since it’s written for ruby 1.9, and cygwin currently ships with 2.0. Fortunately the git development copy 0.4.8 works just fine.
18 December 2014
Meld is a graphical diff and merge program for comparing files. It is particularly good at helping you review the differences between differing code. The project’s homepage is http://meldmerge.org, and like many good programs, it can run on Cygwin, though you will need X Windows up and running. Note that there is a Windows Installer at http://sourceforge.net/projects/meld-installer/, but the result won’t be integrated into your cygwin environment.