| #!/usr/bin/env ruby -w | |
| ## Using ruby's standard OptionParser to get subcommand's in command line arguments | |
| ## Note you cannot do: opt.rb help command | |
| ## other options are commander, main, GLI, trollop... | |
| # run it as | |
| # ruby opt.rb --help | |
| # ruby opt.rb foo --help | |
| # ruby opt.rb foo -q | |
| # etc |
| #!/usr/bin/env ruby | |
| #/ Usage: <progname> [options]... | |
| #/ How does this script make my life easier? | |
| # ** Tip: use #/ lines to define the --help usage message. | |
| $stderr.sync = true | |
| require 'optparse' | |
| # default options | |
| flag = false | |
| option = "default value" |
| # dirty way to completely remove the automatic escaping of html in rails helpers | |
| # useful to get your Rails 2 -> 3 upgrade running to the point where the raw/.html_safe additions can be delegated | |
| module CustomHtmlSafe | |
| def html_safe? | |
| true | |
| end | |
| end | |
| class ActionView::OutputBuffer |
| require 'openssl' | |
| class String | |
| def encrypt(key) | |
| cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').encrypt | |
| cipher.key = Digest::SHA1.hexdigest key | |
| s = cipher.update(self) + cipher.final | |
| s.unpack('H*')[0].upcase | |
| end |
#Simple Authentication with Bcrypt
This tutorial is for adding authentication to a vanilla Ruby on Rails app using Bcrypt and has_secure_password.
The steps below are based on Ryan Bates's approach from Railscast #250 Authentication from Scratch (revised).
You can see the final source code here: repo. I began with a stock rails app using rails new gif_vault
##Steps
| #!/usr/bin/env python2 | |
| """ | |
| Author: takeshix <takeshix@adversec.com> | |
| PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org). | |
| Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP. | |
| """ | |
| import sys,struct,socket | |
| from argparse import ArgumentParser |
| #!/usr/bin/env ruby | |
| # | |
| # This code snippet shows how to enable SSL in Sinatra+Thin. | |
| # | |
| require 'sinatra' | |
| require 'thin' | |
| class MyThinBackend < ::Thin::Backends::TcpServer | |
| def initialize(host, port, options) |
| """ | |
| UDP Flooder. | |
| This is a 'Dos' attack program to attack servers, you set the IP | |
| and the port and the amount of seconds and it will start flooding to that server. | |
| (inspire from http://hazardedit.com/forum/viewtopic.php?t=73) | |
| Usage : ./flood_udp <ip> <port> <second> | |
| """ | |
| import time | |
| import socket |
NIST recommends that when users are trying to set a password you should reject those that are commonly used or compromised:
When processing requests to establish and change memorized secrets,
verifiers SHALL compare the prospective secrets against a list that
contains values known to be commonly-used, expected, or compromised.
But how do you know what are the compromised passwords? Luckily Troy Hunter put a lot of effort into building the "Have I Been Pwned (HIBP)" database with the SHA1 hashes of 501,636,842 passwords that have been compromised on the internet. Sweet.