One Paragraph of project description goes here
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
#!/usr/bin/env ruby -w | |
## Using ruby's standard OptionParser to get subcommand's in command line arguments | |
## Note you cannot do: opt.rb help command | |
## other options are commander, main, GLI, trollop... | |
# run it as | |
# ruby opt.rb --help | |
# ruby opt.rb foo --help | |
# ruby opt.rb foo -q | |
# etc |
require 'openssl' | |
class String | |
def encrypt(key) | |
cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').encrypt | |
cipher.key = Digest::SHA1.hexdigest key | |
s = cipher.update(self) + cipher.final | |
s.unpack('H*')[0].upcase | |
end |
/ | |
$$$lang-translate.service.js.aspx | |
$367-Million-Merger-Blocked.html | |
$defaultnav | |
${idfwbonavigation}.xml | |
$_news.php | |
$search2 | |
£º | |
.0 | |
/0 |
#!/usr/bin/env python2 | |
""" | |
Author: takeshix <takeshix@adversec.com> | |
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org). | |
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP. | |
""" | |
import sys,struct,socket | |
from argparse import ArgumentParser |
#Simple Authentication with Bcrypt
This tutorial is for adding authentication to a vanilla Ruby on Rails app using Bcrypt and has_secure_password.
The steps below are based on Ryan Bates's approach from Railscast #250 Authentication from Scratch (revised).
You can see the final source code here: repo. I began with a stock rails app using rails new gif_vault
##Steps
import os | |
import logging.config | |
import structlog | |
from .app import app | |
timestamper = structlog.processors.TimeStamper(fmt="iso") | |
pre_chain = [ | |
# Add the log level and a timestamp to the event_dict if the log entry is not from structlog. | |
structlog.stdlib.add_log_level, |
NIST recommends that when users are trying to set a password you should reject those that are commonly used or compromised:
When processing requests to establish and change memorized secrets,
verifiers SHALL compare the prospective secrets against a list that
contains values known to be commonly-used, expected, or compromised.
But how do you know what are the compromised passwords? Luckily Troy Hunter put a lot of effort into building the "Have I Been Pwned (HIBP)" database with the SHA1 hashes of 501,636,842 passwords that have been compromised on the internet. Sweet.
#!/usr/bin/env ruby | |
# | |
# This code snippet shows how to enable SSL in Sinatra+Thin. | |
# | |
require 'sinatra' | |
require 'thin' | |
class MyThinBackend < ::Thin::Backends::TcpServer | |
def initialize(host, port, options) |
#!/usr/bin/env ruby | |
#/ Usage: <progname> [options]... | |
#/ How does this script make my life easier? | |
# ** Tip: use #/ lines to define the --help usage message. | |
$stderr.sync = true | |
require 'optparse' | |
# default options | |
flag = false | |
option = "default value" |