Reading List

The Selfish Gene
The Psychopath Test: A Journey Through the Madness Industry
Bad Science
The Feynman Lectures on Physics
The Theory of Everything: The Origin and Fate of the Universe


ifknot's favorite books »

Saturday 24 September 2016

Site testing with Google Skipfish


skipfish


Skipfish is Google's active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.


https://code.google.com/archive/p/skipfish

Install:


brew install skipfish 

But...


 It looks like the Homebrew package manager port of Skipfish is broken. It doesn't properly changes the path of the signatures directory to point to /usr/local/Cellar/skipfish/2.10b/libexec/signatures.

Fix:

skipfish -z /usr/local/Cellar/skipfish/2.10b/libexec/signatures ...other commands

Setup:

touch dictionaries/empty.wlln -s dictionaries/empty.wl skipfish.wlmkdir ../out

Run:


skipfish -z /usr/local/Cellar/skipfish/2.10b/libexec/signatures -o ../out/ http://example.com


Results:

Then view the result in your browser:

 firefox ../out/index.html

Just a friendly advice, Don’t be evil!
Be careful where you use this tool, this is an extremely powerful crawler which can eat up any websites’ bandwidth overnight. 


Posted by at No comments:
Labels: ,

Saturday 10 September 2016

Migrating to Bitbucket and turning my markdown frown upside down with Dillinger WYSIWYG and Cloudup image drop spot.

Check out my fancy markdown https://bitbucket.org/ifknot/liblog


Why move from GitHub to Bitbucket?


Bitbucket, similar to GitHub, is a web based GIT hosting service for your projects. It offers free private repositories with free private wikis on accounts of up to 5 users(!) and you can switch any repo public and back again anytime. So develop in private and publicise when you're ready. 

GitHub’s  free account doesn’t allow for private repos and their lowest paid option (for organizations) only allows up to 10 private repos. Bitbucket, on the other hand, offers unlimited private repos. 

It's easy to import directly from GitHub with the click of a button - well done Bitbucket.

What to move first?

I moved over liblog the logging software that I first blogged about way back in Jan 2014 but wanted to have a nice front piece for when I chose to make it public. This can be easily achieved using markdown in a README.md file pushed to the repo. 


Markdown frown. 

dillinger.io
Markdown is (quite) easy but slow to hand roll but with the excellent online WYSIWYG markdown editor Dillinger "Type some Markdown on the left... see HTML in the right" I found it pleasurable to work with and get some decent looking results.

Gratis image drop.

A free account on Cloudup gives you space to drop pics/vids/music/docs and have nifty short URLS to them for your markdown/blog/web

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)