Quick self-note 🙂
different ways to search for content in a string in python
- Basic (and quickest)
- String.find (second quickest and doesn’t need additional module)
- re.match (uses regex engine, most powerful)
if re.search('content', string)
Good discussion here : https://stackoverflow.com/questions/4901523/whats-a-faster-operation-re-match-search-or-str-find
Been dabbling in go recently and I was surprised that the default install doesn’t setup the $GOPATH environment variable.
If you are running it on a Linux box, here is how your can set the $GOPATH variable
Add the following lines to ~/.bashrc file
Trying to sharpen my programming skills :). Just heard about BODMAS and mind blown about the simplicity of the acronym.
Essentially BODMAS is a simple way to remember the order a programming language (that follows this standard) processes operators in a statement.
Bracket, Of, Division, Multiplication, Addition and Subtraction
Great slide deck by Uwe Friedsrichsen on resilient patterns to use when designing applications
I love when engineering teams share their tricks of trade for other organizations to benefit. While this might seem counter-intuitive, sharing knowledge makes the entire ecosystem better.
Etsy‘ engineering team does a great job of publishing their architecture, methodologies and code at https://codeascraft.com.
This particular article on how they optimize their caching infrastructure (https://codeascraft.com/2017/11/30/how-etsy-caches/) is pretty enlightening. I always thought the best method to load balance objects (app hits, cache requests, queues etc) to hosts was to use mod operations. In this blog post Etsy’ team talk about using consistent hashing instead of modulo hashing.
At a high level, it allows cache nodes to fail and not impact the overall performance of the application drastically in addition to making it easy to scale the number of nodes. This method is useful when you have a large amount of cache nodes.
More reference links
We had a recent challenge at work which required us to execute different actions based on which office a particular workstation was located in. Since we have unique network ranges per office, I thought this would be a good variable to use. Just for future reference, here is how we accomplished this in a batch file. The workstations were running Windows 7
FOR /f "tokens=3" %%I IN (
‘netsh interface ip show address "Local Area Connection" ^| findstr "IP Address"’
) DO SET ipAddress=%%I
REM "Office 1"
IF NOT x%ipAddress:10.130=%==x%ipAddress% (
ECHO "Office 1" + %ipAddress%
ECHO "do_something_else" )
REM "Office 2"
IF NOT x%ipAddress:10.140=%==x%ipAddress% (
ECHO "Office 2" + %ipAddress%
ECHO "do_something_else" )
Details of function used
- netsh interface ip show address “Local Area Connection” : With this command we are extracting the IP information of just the LAN port
- findstr “IP Address” : returns the line containing “IP Address”
- IF NOT x%ipAddress:10.130=%==x%ipAddress% : We are using the substitution function and returning false if the new string doesnt match the original
- FOR /f “tokens=3” : Using the functions in the FOR loop to extract the third variable in the matching line
Following up from my post earlier this month regarding building a security application that scans publicly available data (Google) and report on potential information leakage from a hostname.
I created a repo on github if anyone is interested in contributing. First thing any good developer does is to check code in early and often :). The repo is at https://github.com/kudithipudi/security-domainscan
Here’s the sudo code I put together as a framework to build on
for each line
write to log
connect to google api
get results for hostname
return number of results
I think the best way to learn a new (programming) language is to address a real world problem :). So here is one, I want to solve in the next few months.
One of the things I like to do as part of a evaluation security process is to check the amount of public information available for a website. I frequently find that people find information leakage from websites they thought were secure or not publicly accessible.
The idea is to create a python script to do the following
- Must have
- Inject list of hostnames and do the following
- Check whether they resolve to a public IP or not
- If resolving to public IP, check the amount of data being exposed by this site by doing a quick google search
- Report on the amount of information available sorted by amount
- Nice to have
- take domain name instead of hostnames and try to do a domain transfer and capture all hostnames in the domain
- leverage Google API instead of web scraping
- web interface to allow input and show output
Why python? Well, I have been trying to learn it for sometime now and I think it is time to put all that learning to use :).
Anyone interested in joining the fun?
Just for my notes.. Even though the CVV numbers on a credit card, look like numbers :), don’t treat them as integers in your code. Some of the numbers start with a 0.. so 059 might become 59 by the time you try to process it if you capture the CVV field as an integer.
Just treat them like a string.
And obviously you are not storing them anywhere in your application/network :). Or you might end up in the headlines like some of our retailers.
For my records, syntax for running a simple for loop in command prompt
[code]for %i in (SERVER1 SERVER2) do nslookup %i [/code]
- Looks like the variable can only be single characters. i.e you cannot name the variable %server
- For using the same syntax in a batch file, you have to add another % to the variable. i.e. %i becomes %%i