Copilot generated Python script

Had an epiphany to try writing a working "Python" script using "Copilot". My prompt was basically requesting a "Python" script to ask the user to input a URL to search for either "robot.txt" or "robots.txt" and saving the file with the URL appended to the filename.

The Python code is as follows.

import requests

def check_robots_txt(url):
    # Ensure the URL starts with http:// or https://
    if not url.startswith(('http://', 'https://')):
        url = 'http://' + url

    # Check for robots.txt
    robots_url = url.rstrip('/') + '/robots.txt'
    response = requests.get(robots_url)

    if response.status_code == 200:
        print(f"Found robots.txt at {robots_url}")
        print("Contents of robots.txt:")
        print(response.text)
        filename = f"{url.replace('http://', '').replace('https://', '').replace('/', '_')}_robots.txt"
        with open(filename, 'w') as file:
            file.write(response.text)
        print(f"The contents have been saved to {filename}")
    else:
        print(f"No robots.txt found at {robots_url}")

    # Check for robot.txt
    robot_url = url.rstrip('/') + '/robot.txt'
    response = requests.get(robot_url)

    if response.status_code == 200:
        print(f"Found robot.txt at {robot_url}")
        print("Contents of robot.txt:")
        print(response.text)
        filename = f"{url.replace('http://', '').replace('https://', '').replace('/', '_')}_robot.txt"
        with open(filename, 'w') as file:
            file.write(response.text)
        print(f"The contents have been saved to {filename}")
    else:
        print(f"No robot.txt found at {robot_url}")

# Input URL from the user
url = input("Enter the URL: ")
check_robots_txt(url)

Worked like a charm. Enhanced the script by adding 2 more features.

• Trying either HTTP or HTTPS.
• Allowing manual input of URL or reading from a list.
   

import requests

def fetch_and_save_file(url, file_type):
    response = requests.get(url)
    if response.status_code == 200:
        print(f"Found {file_type} at {url}")
        print(f"Contents of {file_type}:")
        print(response.text)
        filename = f"{url.replace('http://', '').replace('https://', '').replace('/', '_')}_{file_type}.txt"
        with open(filename, 'w') as file:
            file.write(response.text)
        print(f"The contents have been saved to {filename}")
    else:
        print(f"No {file_type} found at {url}")

def check_robots_txt(url):
    # Ensure the URL starts with http:// or https://
    if not url.startswith(('http://', 'https://')):
        url = 'http://' + url

    # Try both http and https if the initial attempt fails
    for protocol in ['http://', 'https://']:
        for file_type in ['robots.txt', 'robot.txt']:
            file_url = protocol + url.lstrip('http://').lstrip('https://').rstrip('/') + f'/{file_type}'
            fetch_and_save_file(file_url, file_type)

def process_urls(urls):
    for url in urls:
        check_robots_txt(url)

if __name__ == "__main__":
    try:
        choice = input("Enter '1' to input URL manually or '2' to read from a file: ")
        if choice == '1':
            url = input("Enter the URL: ")
            process_urls([url])
        elif choice == '2':
            file_path = input("Enter the path to the text file: ")
            with open(file_path, 'r') as file:
                urls = [line.strip() for line in file.readlines()]
            process_urls(urls)
        else:
            print("Invalid choice. Please enter '1' or '2'.")
    except Exception as e:
        print(f"An error occurred: {e}")

VMware Workstation Pro is now free for personal use!!!

VMware Workstation Pro is now free for personal use!!!  However, it was not straight forward to install on Ubuntu as I encountered error messages when attempting installation.

After spending a few hours scouring the Internet for answers and troubleshooting, I found the answer and decided to document the steps.

1. Install "make" and "gcc" on Ubuntu.

2. Install VMware Workstation Pro (for personal use) using the bundle downloaded from Broadcom's website.

3. Run the following script to overcome the issue of not being able to build VMware modules due to Ubuntu Kernel version incompatibility.

#!/bin/bash

git clone https://github.com/mkubecek/vmware-host-modules

cd vmware-host-modules

git checkout workstation-17.5.0

sudo make ; sudo make install

Viola! VMware Workstation Pro 17.5.2 should work now. Do note that the version listed above was through trial and error. 

Brute force

Been awhile since I've performed a brute force attack.  In this demo, I use "Hydra" from "Kali" to attack my test "Virtual Machine" (VM) running "File Transfer Protocol" (FTP).

It's pretty amazing that "Hydra" is still maintained and used for so many years.

Simple session hijacking demo

Been a long time since I've had to demo "session hijacking". Picked DVWA as the vulnerable web application to demonstrate "cookie theft" and "session hijacking" using "Burp".

Scenario: A man-in-the-middle (MiTM) scenario is where a "Hacker" positions themselves between a client and server. In a successful MiTM situation, the "Hacker" can use a "web proxy" like "Burp" to intercept traffic between a victim and web application. The "Hacker" is able to capture the victim's post-authentication cookie to impersonate the authenticated victim.

Simple file carving demo

 Been awhile since I've done hands on "file carving". I was pleasantly surprised that it is so much easier now to "carve" files from "Wireshark". 

Scenario: A "Hacker" is at an open Wi-Fi operated by a Cafe. The "Hacker" uses "Wireshark" to capture network traffic traversing the wireless network. One user transfers an "Excel Spreadsheet" containing personal data onto an FTP server. The "Hacker" is able to successfully "carve" the transferred file from the network packets captured.

"Snap" update issue

 "Ubuntu" uses "Snap" for "Firefox" by default since 22.04 which has this annoying "pop-up" warning every other day. I wrote the following script to aid upgrading of "Snap" apps.

#!/bin/bash
sudo killall firefox
sudo snap refresh
echo -e "\nIf specific Snap app is still pending update, please use the following commands.\nsudo snap refresh <appname>\nkill <pid>\nsudo snap refresh"

DoH update

 Support for DNS over HTTPS (DoH) in browsers has improved since I last researched it.

In "Brave", it is just a simple click to enable it.

 

For other browsers like "Firefox", you can refer to this link to enable DoH using "OpenDNS".

However, the "OpenDNS" option fails for some sites so I switched to "Cloudflare" instead.

DNS security on Android

 Android has come a long way. I only recently found out that I can define my own DNS settings instead of relying on my ISP's DNS servers which I don't trust to be secure enough.

Whilst my go-to DNS on "Desktops" is "OpenDNS" but it is not compatible with the "Private DNS Mode" in "Android". 

I am using the DNS offering from "Cloudflare" instead. "Google" is an option but do note that you will be surrendering even more information about your traffic to them.  

Easily access the section by searching DNS in "Android" then entering the DNS service's hostname that you want to use into the "Private DNS provider hostname" field. 

Why "Ubuntu"?

I was asked recently why I use "Ubuntu" instead of "Windows". 

I was casually playing around with "Ubuntu" since version 7.10 but what pushed me to seriously switch full-time was the anger over being forced to fork out money in a short span of time to upgrade to "Snow Leopard" and "Windows 7".

Version 8.04 LTS was so reliable for 3 years and there was no turning back.

There's also a trove of tools that are native to Linux that I use personally and for work. There's all sorts of "commandlinefu" that you can perform from the "Terminal".  

And yes... "Ubuntu" is free.

 

Latest "extension"

 Been awhile since I've updated on what useful privacy "extensions" that I use in "Firefox". "HTTPS Everywhere" and "uBlock Origin" I've used for years but "Adnauseam" is a new one.

Batch DNSSEC check

 Wrote a simple Shell script that can check if a list of URLs have DNSSEC enabled.

 

#!/bin/bash
## Set variables ##
_now=$(date +"%m_%d_%Y")

## Curl Sidn Labs API ##
while IFS= read -r line; do
    curl http://portfolio.sidnlabs.nl/check/$line >> "dnsseccheck_$_now.txt"
done < dnstargets.txt
cat "dnsseccheck_$_now.txt"


##Please edit "dnstargets.txt" in current folder.
##Results will be stored in current folder.
##Written by commandrine.
##Last updated on 6 Apr 2021.