Posts From Category: Ruby

Two Gems Updated

PwnedCheck

PwnedCheck is a gem that checks http://haveibeenpwned.com to see if an email address or user handle has been involved in a breach.

How to Install

gem install PwnedCheck

How to Use

require 'pwnedcheck'

# The 4 cases.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
# mralexgray is a user id in snapchat
list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray']

list.each do |item|
  begin
    sites = PwnedCheck::check(item)
    if sites.length == 0
      puts "#{item} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        #site is a hash of data returned
        puts item
        puts "\tTitle=#{site['Title']}"
        puts "\tBreach Date=#{site['BreachDate']}"
        puts "\tDescription=#{site['Description']}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{item} --> #{e.message}"
  end
end
require 'pwnedcheck'

# The 4 cases to check for pastes.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
# mralexgray is a user id in snapchat
list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray']

list.each do |item|
  begin
    sites = PwnedCheck::check_pastes(item)
    if sites.length == 0
      puts "#{item} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        #site is a hash of data returned
        puts item
        puts "\tSource=#{site['Source']}"
        puts "\tTitle=#{site['Title']}"
        puts "\tDate=#{site['Date']}"
        puts "\tEmail Count=#{site['EmailCount']}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{item} --> #{e.message}"
  end
end

Jekyll-Clicky

Jekyll-clicky is a gem to add clicky analytics to a site generated with Jekyll.

Installation

Add this line to your application’s Gemfile:

And then execute:

$ bundle

Or install it yourself as:

$ gem install jekyll-clicky

Usage Add-

jekyll_clicky:              #Add this if you want to track with Clicky analytics
  site:
    id: ###          # Required - replace with your tracking id

to _config.yml in your jekyll site directory. Replace ### with the id of your clicky site.

Read More

Elixir vs Ruby - A Simple Test

A coworker of mine is really excited about Elixir and it’s performance.   So, I created a little program in both Ruby and Elixir to return an array containing the squares of numbers from 1 to 1000.

This is the Ruby version.   It uses a gem called Parallel that I found quickly from searching. It uses all available processors and uses threads.

require 'parallel'
Parallel.map(1..1000) do |i|
  i * i
end

Running this a few times gives results like this-

real	0m0.118s
user	0m0.090s
sys	0m0.059s

This is the Elixir version. It uses no external libraries. It uses all available processors and uses threads.

defmodule Parallel do
  def pmap(collection, func) do
    collection
    |> Enum.map(&(Task.async(fn -> func.(&1) end)))
    |> Enum.map(&Task.await/1)
  end
end

Parallel.pmap 1..1000, &(&1 * &1)

Running this a few times gives results like this-

real	0m0.271s
user	0m0.258s
sys	0m0.176s

Ruby is considerably faster on this simple example.  Definitely going to experiment more…

Read More

Ruby and Security Presentation

ruby

So, a couple of weeks ago I presented to the Indy OWASP Chapter about a topic near and dear to my heart- ruby and security. I really had a great time creating and giving the presentation and hope to expand it for a future talk.

Read More

PwnedCheck updated to also check for Snapchat

PwnedCheck is a ruby gem that I wrote that checks an email address, phone number, or username against the new site by Troy Hunt called haveibeenpwned.com. His site aggregates data from breaches and allows you to check to see if your data has been compromised. Use it as follows-

Installation

gem install PwnedCheck

Usage:

require 'pwnedcheck'

# The 4 cases.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
# mralexgray is a user id in snapchat
list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray']

list.each do |item|
  begin
    sites = PwnedCheck::check(item)
    if sites.length == 0
      puts "#{item} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        puts "#{item} --> #{site}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{item} --> #{e.message}"
  end
end

Output:

foo@bar.com --> Adobe
foo@bar.com --> Gawker
foo@bar.com --> Stratfor
foo232323ce23ewd@bar.com --> Not found on http://haveibeenpwned.com
foo.bar.com --> Not found on http://haveibeenpwned.com
mralexgray --> Snapchat

The code is available at http://github.com/sampsonc/PwnedCheck and the gem page is http://rubygems.org/gems/PwnedCheck.

Read More

PwnedCheck passed 1000 downloads!

I’m so excited. My first experiment with creating and publishing a ruby gem seems to have been successful! As of this post it’s been downloaded 1069 times in the past 4 days. PwnedCheck is a ruby gem that I wrote that checks an email address against the new site by Troy Hunt called haveibeenpwned.com. His site aggregates password dumps from breaches and allows you to check to see if your password has been compromised. Use it as follows-

Installation

gem install PwnedCheck

Usage:

require 'pwnedcheck'

# The 3 cases.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
addresses = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com']

addresses.each do |address|
  begin
    sites = PwnedCheck::check(address)
    if sites.length == 0
      puts "#{address} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        puts "#{address} --> #{site}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{address} --> #{e.message}"
  end
end

The code is available at http://github.com/sampsonc/PwnedCheck and the gem page is http://rubygems.org/gems/PwnedCheck.

Read More

New ruby gem to access @haveibeenpwned.

So, I decided to figure out how to create a ruby gem and decided to start with a simple gem that checks an email address against http://haveibeenpwned.com.

Installation

gem install PwnedCheck

Usage:

require 'pwnedcheck'

# The 3 cases.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
addresses = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com']

addresses.each do |address|
  begin
    sites = PwnedCheck::check(address)
    if sites.length == 0
      puts "#{address} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        puts "#{address} --> #{site}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{address} --> #{e.message}"
  end
end

The code is available at http://github.com/sampsonc/PwnedCheck and the gem page is http://rubygems.org/gems/PwnedCheck.

Let me know what you think!

Read More

#ruby code to access the @haveibeenpwned api.

This is just some ruby I whipped up really quickly to access the API of havibeenpwned.com which is a cool new site by Troy Hunt that aggregates password dump information from breaches and allows you to search for your email address.

I think the code is pretty self-explanatory, but comment or send me a line if you have questions/suggestions/criticism/etc!

require 'mechanize'
require 'addressable/uri'

agent = Mechanize.new

File.open('addresses.txt').each do |line|
  line = line.chomp
  begin
    target = "http://haveibeenpwned.com/api/breachedaccount/#{line}"
    page = agent.get Addressable::URI.parse(target)
  rescue Mechanize::ResponseCodeError  => e
    case e.response_code
      when '404'
        puts "#{line} => Not Found"
      when '400'
        puts "#{line} => Bad Request"
      else
        puts "#{line} => #{e.message}"
     end
  else
    puts "#{line} => #{page.content}"
  end
end

Read More