Mundo Ruby » Security http://www.mundoruby.com.ar Ruby Artists, Hackers y otras yerbas ... Wed, 12 Aug 2009 23:02:13 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 First stable beta of ESearchy is out! http://www.mundoruby.com.ar/2009/07/14/first-stable-beta-of-esearchy-is-out/ http://www.mundoruby.com.ar/2009/07/14/first-stable-beta-of-esearchy-is-out/#comments Tue, 14 Jul 2009 13:02:22 +0000 FreedomCoder http://www.mundoruby.com.ar/?p=145

Finally, after weeks of work, the first stable Beta of ESearchy is up and running in github’s gem repository.
Esearchy is a small library capable of searching the internet for email addresses. Currently, the supported search methods are engines such as Google, Bing, Yahoo, PGP servers, GoogleGroups, Linkedin, etc , but I intend to add many more.

Also, the library searches inside .pdf, .docx, .xlsx, .pptx, asn and .txt files for emails addresses and adds them to the list of found accounts. Finally, we have support for .docs files but for now only in Windows Platforms. (For more information visit: Github .

In order to install it you simple add the repository and then install the gem, as shown below.

  1. >  gem sources -a http://gems.github.com
  2. >  gem install FreedomCoder-esearchy

Once the gem is installed, you can create a new search opening and/or use the “esearchy” CLI tool but it’s really basic so far and it does not has all of the plugins.

  1. require ‘esearchy’
  2.  
  3. ESearchy::LOG.level = ESearchy::APP #Output to the stdout.
  4.  
  5. ESearchy.create "domain.com" do |d|
  6.   d.yahoo_key = "yourAPIkeygoeshere"
  7.   d.bing_key = "yourAPIkeygoeshere"
  8.   # if you want to also look in LinkedIn
  9.   d.company_name "Company Name"
  10.   #A user is needed in order to search within Linkedin
  11.   d.linkedin_credentials "myuser@linkedin.com", "mypwd"
  12.   d.maxhits = 50
  13.   d.search
  14.   d.save_to_file "company_emails.txt"
  15. end

If you have any comments, issues or want to submit a bug please do so on
http://github.com/FreedomCoder/esearchy/issues

Hopefully it will be useful to you.
:)

(Via 自由編碼人.) Original Link: First stable beta of ESearchy is out!

]]> http://www.mundoruby.com.ar/2009/07/14/first-stable-beta-of-esearchy-is-out/feed/ 0 Desinfecta tu html (sanitizer) http://www.mundoruby.com.ar/2009/06/13/desinfecta-tu-html-sanitizer/ http://www.mundoruby.com.ar/2009/06/13/desinfecta-tu-html-sanitizer/#comments Sat, 13 Jun 2009 12:17:03 +0000 FreedomCoder http://www.mundoruby.com.ar/?p=107

simple_sanitizer_html es un plugin muy sencillo que arme para Rails, que te permite básicamente escapar el html.
Lo interesante de este plugin es que solo debemos extender el modelo y de forma automática guarda todo los registros escapando el html en la base de datos.

Instalar simple_sanitizer_html

  http://github.com/chebyte/simple_sanitizer_html/tree/master

Uso Práctico

# ruby script/generate model Post title:string copy:text
class Post
 simple_sanitizer_html
end
$ ruby script/console
Loading development environment (Rails 2.3.2)
p >> p = Post.new
=> #<Post id: nil, title: nil, copy: nil, created_at: nil, updated_at: nil>
>> p.title = "<script>alert('hi tuquito')</script>"
=> "<script>alert('hi tuquito')</script>"
>> p.save
=> true
>> p.title
=> "&lt;script&gt;alert(&#39;hi tuquito&#39;)&lt;/script&gt;"
>>

Este plugin puede ser muy útil para prevenir ataques XSS o del estilo

(Via Chebyte’s Blog.) Original Link: Desinfecta tu html (sanitizer)

]]> http://www.mundoruby.com.ar/2009/06/13/desinfecta-tu-html-sanitizer/feed/ 0