SASTGriper: Finding vulnerable Code via grep.

Before you start reading this I want to make sure the whole project is based upon this grep command.

grep -irnE  “regexp” ./pathtoFolder. I haven’t done anything new or I m not even bragging. I m starting and posting this for feedbacks and features which are going to be added in the upcoming versions. Feel free to give any suggestions, feedback.
I have only added a user interface where you can click a button which is mentioning your desired file and a visual studio code’s window will be opened and the cursor will directly point to that line number. You can add a breakpoint directly to the line number in visual studio code.
The example is shown here is mentioning Damn Vulnerable NodeJS Application
1. Let us hunt some SQL operations and functions.
Screenshot 2019-09-21 at 12.21.38 AM
After Clicking on Open In Visual Studio. The File will be opened and the cursor will be prompt on the desired line.
Screenshot 2019-09-21 at 12.21.58 AM
2. Searching for the dangerous eval function in the code.
Screenshot 2019-09-21 at 12.29.13 AM
When Open In Visual Studio Code is Clicked.
Screenshot 2019-09-21 at 12.29.29 AM
3 When Authentication related functions are searched.
Screenshot 2019-09-21 at 12.32.54 AM
You can search for multiple things at once by simply giving a regex.
Screenshot 2019-09-21 at 12.32.30 AM

Break restricted Environments. Spawn a shell, Evade common detections.

So Usually while solving CTF or doing some pentesting project you stuck on getting a shell because of some restricted shell environment or some detection tools.

While searching on this topic I came to this amazing link https://gtfobins.github.io/#+shell

The list on the website contains an awesome comprehensive list of some daily or uncommon bin exe which can help you to break free restriction in restricted environments. Usage of the Environment variable and how to elevate privilege is also mentioned out there. Few of the binary usages are quite uncommon could easily be used for malicious purposes. All n all a great information.

I tried my hands on a few of them.

1blog

2ndblog3rd4blog

Writing Chrome Extension. The javascript Journey.

So it has been many years that I m coding python now its time to turn to javascript as it is going everywhere. Although my first love will be python sometimes you gotta have options. That is what the economy says so let’s not get philosophical.

I need a framework that is easy to learn and it is fun to work upon so I choose google chrome extension to learn javascript.

The framework can be broken into different components easily

1. The first is manifest.json

manifest.json: as the name suggests it is the manifesto of the application. It is a synopsis kind of thing what an application going to perform it generally looks like this

Screenshot 2019-08-08 at 3.21.14 PM.png

for more information please refer to https://developer.chrome.com/extensions/getstarted

2.background scripts

Background scripts: These are the cron job kinda scripts which can be controlled via event generation mechanism. Mainly remains in listening mode

3. Front End scripts or Content scripts. They operate on the front end with the front HTML just like a normal script. They also provide events to the background scripts

3.Options page: if you want a separate tab for your extension that is what you are looking for.

Here is the complete architectural view.

Screenshot 2019-08-08 at 3.28.31 PM

 

 

 

 

Book Marathon: 50th law The real gangsta book.

photo6165840928741370214

Being a huge fan of Robert Greene and 50 cent I gotta order this one. Last week it finally arrived, and the book was so indulging that it took me only 6 days to finish it.

Every chapter starts with some part of 50 cent’s life. Then followed by Robert Greene analysis of the story.

I don’t wanna write a big review so lets us start.

There are 10 laws mentioned.

1. See things what they are . Don’t give yourself false delusions. Embracing reality, it will liberate you.

2. Don’t rely on anybody. Be self-reliant . A real man never relies on anybody. People rely on him.

3. Turn shit into Sugar. You see an opportunity you grab it. That is all.

4. Keep your momentum going on. Never settle down.

5.Know when to be an asshole. The world isn’t good

6.Lead from the front . They will follow.

7.Know your environment inside-out . It will open treasures.

8. Respect the process, have patience, embrace boredom. The mastery will follow.

9. Push yourself to the limit, let your ego go shatter.

10. Remember death and create a sense of urgency to get your things done

 

 

 

Book Marathon(2019): You, your gf and her ex are just a third body problem in mathematics.A journey of mathematics through real life’s phenomena and patterns.

The joy of X by Steven Strogatz should be a beginner book for anyone who is fond of real mathematics. The book clearly shows what is a normal mathematics book lacks. They lack the soul of Mathematics. Mathematics is the language of the Universe. It is very sad the mathematics they teach in school and university is nowhere close to this Universal Language.

Here are the key points and what I have learned from the book.

1.Starting from the rock How our ancestors started counting

2.The patterns of the number in war and friendship of enemies.

3.How complex numbers come in the mathematical Scene.

4.How the number of workers and the hour problem works.

5.How the fountain’s parabola follows the quadratic equation.

6.How with the ellipse’s geometry help in designing a billiard’s table on which whatever shoot you take it is going to get into the hole.

7. How periodic motion has sin and cos function be it the time of sunrise, the time of sunset.

photo6165699899195238566

photo6165699899195238565

8.How the value of pie calculated.

9. How ‘e’ the exponential function become the playboy of mathematics.

10.How suddenly the internet’s data boom makes the Statistics the new hero in the town.

11.How normal distribution tells about the lies of people while dating.

photo6163589524064675968

12.How google page rank works in laymen terms

13.How the love affair between you and your partner is just a sin and cos function (push and pull technique)

Screen Shot 2019-04-13 at 11.15.55 AM

4/5 grab if you have an interest in mathematics and you didn’t do well in school. The book will make you love mathematics. 

 

 

 

 

 

 

Book Marathon 2019: A short, delightful introduction of economics.

So you want to know about economics by roop pai is a great and enjoyable read for a person who doesn’t know much about economics.

Here are the pros and key points of the book.

1.The ancient history of trade and economics.How it all started

2.How an economy forms and what are its cogwheels.

3. How many types of economy is there?

4.How demand and supply effect inflation.

5.Why some countries currency have much more value than their counterparts

6. Simple and precise examples demonstrated with the help of pictures and cartoons.

photo6161337724250990666

7.Why black pepper was priced more than gold in Europe.

8. Once India had a share of 25% of the world’s GDP and How East India took over it.

9.How the price of different things is decided.

10.How economics is a brilliant amalgam of Mathematics and behavioral psychology.

Cons: 

As a newbie in economics, I didn’t find anything out of the context and irrational in this book. So personally recommending this book to everyone who wants to understand economics as a beginner.

4.5/5 Price: Rs 160

 

Book Marathon 2019: Mastery By Robert Greene Review.

 

This year I started with the Robert green collection with the book called “The Concise Mastery

The book is a great introspection of the people who have marked their presence with their talents, skills, art, and craftsmanship. The book depicts how they reach a state called flow in their work How social environments, personal situations, their habits, motivations affect them.

Here are the key points which I have learned and want to mention.

1. There are three stages of mastery.

  • 1. The Apprentice stage
    2. Creative / Active stage
    3. Mastery

2. Always have a curiosity like a child.

3. Somethings will take the time you have to dedicate yourself to it.

4. Follow a master in the field. Avoid False gods and masters.

5. Don’t run for glamour and fame it will abandon you but your skills won’t.

6. Avoid this if you want to be a master

Envy, Conformism, Rigidity, Self-obsessiveness, laziness, flightiness and passive aggression

7. Speak through your words and actions.

8. Craft the appropriate persona

9. Embrace the reality, Don’t overestimate or underestimate yourself .See yourself as others see you

The book takes you to the journey of different masters and their life so no more spoiling simply pick this book up and I m quite sure you will enjoy the book

I give it 4.5/5 and this book will always be the part of the shelf reminding me of the path to follow.