Rafe Hart

Thoughts on security, privacy, and building software.

DNS Enumeration on Cygwin

19 February 2015

As part of pentesting your site, or that of a client, you will need to find all as much detail out about a domain and it’s IP ranges as possible, or at least demonstrate what can be found via automated tools. Typically this is done through dig, or a bruteforcing tool like dnsenum or fierce.pl. Dig is installed with the bind-utils cygwin package, and it straightforward to use (type ‘dig any domainname.com’, or look at man dig to get started).

Read More

ShellCheck

15 February 2015

This is a quick note to share a useful tool by Vidar ‘koala_man’ Holen, www.shellcheck.net. ShellCheck is a site that allows you to paste in your bash scripts and receive automated feed back on common errors and security holes.

Read More

Experiment finished?

15 February 2015

After 10 months of running the http://cygwin.rafaelhart.com sub-domain, I’m now getting about 500 hits a month on what is largely an SEO-un-optimized site, and with the other professional sites I’ve worked on, I’ve largely come to the conclusion that there are only two rules that matter for driving traffic to sites.

Read More

dtrx on Cygwin

22 January 2015

These days, most files that are compressed come in 7zip, zip or tar/gunzip format, though there are a myriad of other types out there. I first cut my teeth on arj, but those were the days of DOOM, Slackware 3.0 and floppy disks. When you do come across an unfamiliar format, it can slow down your workflow to look for the right switches, which is where dtrx - “Do the Right Extraction” comes in. It will extract bz2, cab, cpio, deb, gem, gz, lzh, lzma, rar, rpm, xz, 7z and a variety of other niche compressions. It depends on Python, and you can install it with:

Read More

WhatWeb on Cygwin

06 January 2015

HTTP fingerprinting on windows normally uses a windows based gui, like httprint, but there are some excellent command line options as well. Whatweb is a ruby program that identifies websites, their frameworks, language version, server version, etc. The current stable build is 0.4.6, which won’t work on cygwin, since it’s written for ruby 1.9, and cygwin currently ships with 2.0. Fortunately the git development copy 0.4.8 works just fine.

Read More

Meld on Cygwin

18 December 2014

Meld is a graphical diff and merge program for comparing files. It is particularly good at helping you review the differences between differing code. The project’s homepage is http://meldmerge.org, and like many good programs, it can run on Cygwin, though you will need X Windows up and running. Note that there is a Windows Installer at http://sourceforge.net/projects/meld-installer/, but the result won’t be integrated into your cygwin environment.

Read More