How to use nmap to find security vulnerabilities

Tagged nmap, security, vulnerability  Languages bash
$ brew install nmap
$ cd /usr/local/share/nmap/scripts
$ git clone git@github.com:scipag/vulscan.git
$ nmap -sV -A -oX nmap-report.xml --script=vulscan/vulscan.nse snippets.aktagon.com
$ xsltproc nmap-report.xml -o nmap-report.html
  • sV: Probe open ports to determine service/version info
  • A: Enable OS detection, version detection, script scanning, and traceroute

Also see: https://nmap.org/ https://github.com/scipag/vulscan http://www.openvas.org/ https://observatory.mozilla.org/

Analyze Nginx's access logs with goaccess

Tagged access, analytics, goaccess, log  Languages bash

Show all statistics

sudo zcat /var/log/nginx/*.access.log.* | goaccess --log-format=COMBINED

Show server errors

sudo zcat /var/log/nginx/*.access.log.* | awk '$9~/500/' | goaccess --log-format=COMBINED

How to test ActiveRecord associations in Rails

Tagged activerecord, rails  Languages ruby

spec_helper.rb

def assert_association(model, name, type, options)
  reflection = model.reflect_on_association(name)
  assert reflection, "#{model} has no association named #{name}"
  assert_equal type, reflection.macro
  assert_equal options.sort, reflection.options.sort
end
require 'spec_helper'

describe Order do
  it "has associations" do
    assert_association Order, :organization, :belongs_to, {}
    assert_association Order, :items, :has_many, class_name: Order::Item
  end
end

How to use the html/template package in Golang

Tagged golang, html, template, reload  Languages go, bash

Features:

  • template reloading
  • view helpers
  • HTML files are embedded in the binary
package main

import (
    rice "github.com/GeertJohan/go.rice"
    "gitlab.com/christianhellsten/go-utils/log"
    "html/template"
    "net/http"
    "os"
    "path/filepath"
    "strings"
)

type renderTemplateFunc func(w http.ResponseWriter, tmpl string, p interface{})

var renderTemplate renderTemplateFunc
var templates = template.New("").Funcs(templateMap)
var templateBox *rice.Box

func loadTemplates() {
    if config.debug {
        renderTemplate = renderTemplateDev
    } else {
        renderTemplate = renderTemplateProd
        newTemplate := func(path string, _ os.FileInfo, _ error) error {
            if path == "" {
                return nil
            }
            templateString, err := templateBox.String(path)
            if err != nil {
                log.Fatal("Unable to parse: path=%s, err=%s", path, err)
            }
            templates.New(filepath.Join("tmpl", path)).Parse(templateString)
            return nil
        }
        // Load and parse templates from binary or disk
        templateBox = rice.MustFindBox("tmpl")
        templateBox.Walk("", newTemplate)
    }
}

var (
    templateMap = template.FuncMap{
        "Upper": func(s string) string {
            return strings.ToUpper(s)
        },
    }
)

func renderTemplateProd(w http.ResponseWriter, tmpl string, p interface{}) {
    err := templates.ExecuteTemplate(w, tmpl, p)
    if err != nil {
        http.Error(w, err.Error(), http.StatusInternalServerError)
    }
}

func renderTemplateDev(w http.ResponseWriter, tmpl string, p interface{}) {
    t, _ := template.ParseFiles(tmpl)
    t.Execute(w, p)
}

Usage:

go get
go get github.com/GeertJohan/go.rice/rice
rice embed-go
go build

Reference: https://github.com/jmcfarlane/golang-templates-example

Testing Whenever with Rspec

Tagged cron, rspec, whenever  Languages ruby
require 'spec_helper'
require 'whenever'

describe Whenever do
  def gen_cron(stage:)
    x = Whenever::JobList.new(
      file: Rails.root.join("config", "schedule.rb").to_s,
      set: "stage=#{stage}"
    ).generate_cron_output
    x.gsub(Dir.pwd, "")
  end

  it "generates correct cron configuration for each stage" do
    [ :qa, :production ].each do |stage|
      expected = File.read("spec/fixtures/#{stage}.cron")
      cron = gen_cron(stage: stage)
      # NOTE: Uncomment to update expected cron configuration
      #File.open("spec/fixtures/#{stage}.cron", "w") {|x| x << cron }
      assert_equal expected.strip, cron.strip
    end
  end
end

How to get the latest version number from a list of git tags

Tagged bash, git, version, zsh  Languages bash

This will print the latest version number that a git repository has been tagged with:

$ git tag -l 'v*' | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | tail -n 1
v1.5.6

Note that some versions of the sort command have a —version-sort switch, and some don’t:

sort: unrecognized option `--version-sort'
Try `sort --help' for more information.

Simple content negotation in Golang

Tagged accept, go  Languages go
func DoSomething(r *http.Request) string {
    accept := r.Header.Get("Accept")
    switch accept {
    case "application/json":
        return renderJSON()
    case "application/xml":
        return renderXML()
    }
    return renderHTML()
}