Thursday, June 18, 2015

Qualys SSL labs API - A MultiThreaded python script to scan large number of servers and produce neat results

Hi Security enthusiast,

So if you were following closely on recent developments regarding SSL/TLS security, you might have heard that Qualys SSL labs released an API to automate the testing of internet hosted applications with their awesome hosted testing solution.


If you have not heard about it here is the location to their server testing page - https://www.ssllabs.com/ssltest/

And their API documentation here - https://github.com/ssllabs/ssllabs-scan/blob/master/ssllabs-api-docs.md

So now that the API is released you can automate testing of any number of servers with any language that is able to talk with qualys server via HTTP protocol. My company wanted to test all of our servers with SSL labs, so i thought why can't i automate it with python or something. So here it is, i made a multithreaded python script to test a large number of servers in one go and get results in neat format that my management wanted :-)

The script is intended for python 2.7

You can find the script here - https://github.com/moheshmohan/pyssltest

The script takes a text file as input with the urls to servers that you need test listed line by line and it initites ssl lab tests on each of them (25 threads parallel so 25 tests) and based on the result it generates a CSV file with extended information from the results

Please note that the script currently supports only one endpoint per url, i will enhance it in future to iterate through each endpoints, in case of urls with multiple endpoints.

The results will contain the following items each row

Input_URL - The input URL 
Domain - The domain 
IP - The IP address it resolved to 
returncode - The value returned from Qualys server (READY, ERROR etc) 
Grade - The Grade as per Qualys rating 
Secondary grade - Secondary Grade as per qualys rating 
Now it contains these items per each server. Basically these contain Y (yes) or N (no) values and the headings are self explanatory

Freak
Poodle_TLS 
Insecure renegotiation 
OpenSSL ccs 
Insecure DH
SSL v2 
Poodle_SSL
wrong domain 
cert expired 
self signed cert
No TLS1.2?
SSL v3
RC4
cert chain issue
CRIME
forward secrecy not supported?
weak private key?
weak signature
secure renegotiation
TLS 1.0
TLS 1.1
TLS 1.2 

Running the script

To run the script you can use the following command

python pyssltest.py -i inp.txt -o inp.csv -n

I will explain each switches,

-i <filename> :- A text file with target urls listed line by line 
-o <filename> :- A csv file to which the output will be written 
-n  :- Optional, To always initiate new tests. If this is omitted cached results from qualys is fetched 
Its pretty simple and fast way to run ssl labs against a bunch of servers.

Please provide some feedback about script on comments below.

Thanks for reading

Shooting awesome timelapse using raspberry pi

Hi folks,

So if you have a raspberry pi and a camera module one of the cool things that you can do is to make a rig that does time-lapse videos. So i just did that, believe me its awesome.

Now you all know from my previous posts that i do have a 3d printer, so i printed a neat little case for my raspberry pi and a sweet little camera mount. And i bought a custom camera module for raspberry pi from uctronics.com, they have a detachable lens and its kinda good quality and cheap too. Thanks uctronics :)

By the way, you can get the STL files for the Pi case and uctronics camera modules from the below links. Have fun print them :)



Here are some pics of the printed case and camera mount
pi


uctronics camera

Then i have used a xiaomi 5200 mah power-bank which kinda powers my pi with WiFi dongle, camera and thumb-drive for about a day. Awesome

So here is the Instagram pic of the whole setup, please like and comment if you like it :)

Now i installed a thumb-drive because i wanted pi to capture time-lapse on it, you know easy plug and play :) But you Linux on the pi detects the thumb-drive easily and assigns it a wired name. So i get the name

/media/C0D2-6E8C/
Which i hated when working with ssh or command prompt. So lets fix it first. There is a simple Linux command to define an alias for this location, be careful you may be having a different name for your thumb-drive find it out and use that. DO NOT USE THE SAME PATH AS MINE, FIND YOURS AND USE IT :-)

First we will make a folder so that it will be used as an alias for the mount location of the thumb-drive

sudo mkdir /media/tusb
sudo chmod 770 /media/tusb/

Now that we have the folder ready to act as the alias for the thumb-drive lets make an entry in the file systems table file, which is normally on the location "/etc/fstab" 

Lets edit the file

sudo nano /etc/fstab
Now add the following line onto the end of file. REMEMBER THIS MOUNT LOCATION IS FOR MY THUMBDRIVE, YOUR'S MAY VARY SO FIND AND CONFIRM THIS

 UUID=C0D2-6E8C /media/tusb vfat uid=1000,gid=1000,umask=007 0 0
Change the UUID as per your mount location. Once this is done reboot the pi

Voila we have the thumb-drive mounted on  "/media/tusb" when the pi restarts. We can do whatever recording you need on the location.

Now we have done that, lets think about capturing stuff through pi camera module. There are so many awesome tutorials in the internet to setup camera module for pi and do lot of stuff, so i am not going to get into details of setting those up, and yeah plugging in camera too. check YouTube videos for that and learn.

Now assuming that you have some basic understanding of setting up the camera module and taking first picture. I am going to proceed further. My plan is to have the put the pi on my bedroom window starting at night and record through the night to morning so i can have some visuals of sunrise.

There's a catch!!!!! Capturing pics at night and day means that you need some logic to adjust the exposure timing so that the results will be neat. If you use day exposure values throughout you will only get blank pics from night. So I wanted some logic to automate that for me.

I searched a lot and found a python script to do that job. A guy named craig did it as part of his project here. His code was available in github and i downloaded it. It was not working as i expected and i did modify it to fine tune for my requirement with some trial and error. Don't worry i have uploaded it on github too, here https://github.com/moheshmohan/rpidaynightcam

Now before the script can be ran on pi, you will need to install prerequisites softwares. Here are the commands to do that

first lets update all

sudo apt-get update

Now install these

sudo apt-get install python-picamera python3-picamera python-rpi.gpio

More

sudo apt-get install python-opencv python-matplotlib

Now we need some software to stitch all the frames captured during time-lapse

sudo apt-get install ffmpegsudo apt-get install mencodersudo apt-get install python-imaging

Now we need git to pull the python code from online repository

sudo apt-get install git-coredsudo apt-get install git-core

Now lets change into the thum-drive

cd /media/tusb

then lets clone the repository

git clone git://github.com/moheshmohan/rpidaynightcam.git

now lets go in

cd rpidaynightcam/

here you can see the main script rpidaynightcam.py and here is the command line help for it

Command Line Help

There are several options available for the program. Running the script with the -h option will display a helpful description of the options:
python rpidaynightcam.py -h

Taking Pictures

To take pictures of various objects, you can specify the number of pictures to take as well as a time delay between successive pictures. For example, to take 10 pictures:
sudo python rpidaynightcam.py -n 10
To take 10 pictures with a delay of 5 seconds between each:
sudo python rpidaynightcam.py -n 10 -d 5
Saving files to a different path:
sudo python rpidaynightcam.py -p /path/to/save/to
Set night time conditions:
sudo python rpidaynightcam.py -g
Take pictures until interrupted:
sudo python rpidaynightcam.py -n 0

Adjusting for light conditions

You can instruct the camera module to attempt to adjust for light conditions by specifying the --autoswitch:
sudo python rpidaynightcam.py --auto -n 0
This will continue taking pictures until the program is interrupted. In order to switch between day and night mode, you can specify at what light level you want to make the swap on. For example, if the camera is in night mode, then increasing light levels will make the picture brighter and brighter until the entire image is white. To swap to day mode, the camera calculates the R, G, and B average intensities, and compares it to the --day value. If the intensities are greater than the --day value, it will attempt to turn the camera on to day mode. The opposite occurs for --night values.
Both --day and --night are values in the range of 0 - 255. For example, to get the camera to switch to day mode when the average pixel intensity reaches 240, and switch to night mode when the average pixel intensity reaches 30:
sudo python rpidaynightcam.py --auto --day 240 --night 30 -n 0

Now i have not changed much on craig's script with arguments. Lets try to run the script so that even if the shell is closed the script will run until shutting down pi
sudo nohup python rpidaynightcam.py --auto -n 0 -d 30 &
This will indefinitely run the capture checking for day and night with 30 sec interval in between each frame. pretty cool :)
Now there will be lot of jpg files on the current folder, lets stitch them to an awesome movie
First move them into a newly created folder for easy archiving
mkdir t1mv *.jpg ./t1/

Now go in

cd t1

gather all file names to a text file

ls *.jpg > stills.txt

lets stitch them to an video named timelapse.avi

mencoder -nosound -ovc lavc -lavcopts vcodec=mpeg4:aspect=16/9:vbitrate=8000000 -vf scale=1280:720 -o timelapse.avi -mf type=jpeg:fps=24 mf://@stills.txt

cool now we have a final video ready to share.

Here are some videos i captured with this setup (i played around with exposure values in some :) ) And oh yeah watch for the bloom effect when sun rises, the script automatically adjusts the exposure time based on ambient light :-)







Hope you like them. Please do comment, subscribe to my youtube, click some ads :D , share this page to support me. Thanks folks

See ya next time

Sunday, June 14, 2015

Beginning of my 3d printing saga - First mistake

Hi Readers,

So it begins here like i have told in the preface page i finally decided to buy a kit. Having decided that i began searching to find an Indian seller who sells the kit, Indian because i was afraid of any customs tax if i order it from ebay.com or aliexpress.com. After lot of searching i finally found a seller who sells the kit for INR 25k but was it a mistake? You tell me :)

Update 25th July 2015

After writing this blog many people pinged me in Facebook and asked me to reveal the name of the seller. So far i thought, what is done is done, why should i go behind them? But then i saw a post on one of the 3D printing group in Facebook where someone is trashing the seller for posting an advertisement. To my surprise the guy pointed out my blog and kept on accusing the seller for bad stuff and fraud. Somehow my name got dragged into all that, then seller addressed a post to me claiming that he did the right thing. I am pretty upset with his mindset and i think its time for me to reveal the name of the seller. So the website i bought the kit is roborium.com and they actually sourced it from a company called rapid innovation http://www.rapid-innovation.com/. I still don't want to reveal the names of people i interacted with as they still are my friends in Facebook.

Again i would have kept quiet if the seller actually accepted the parts were crap and may be took some courage to agree their mistake. I don't want anything from them, but instead they tried to justify their misdeeds with more rubbish. I think its time for me to tell this to the world.

The order

So without thinking much i made the order, though the vendor web site was pretty new to me, i somehow trusted them. May be its because i found a guy who runs the site on Facebook, so i was relived and i knew it will be OK. After i made the order, few days later they messaged me and told it may take a while because they got lot of orders. If memory serves me right this happened somewhere around October 2014. This delay lasted for one or two weeks and they finally shipped it. Nightmare! they shipped it through DTDC couriers and that too it was a land shipment, meaning it will be delayed further. To add to further disappointment, DTDC shipped it to wrong location first and it went back and all sorts of delay happened. I did contact DTDC and they couldn't do anything about it. I did contact the vendor guy on Facebook and he too complained to DTDC but nothing much; the delay just didn't go away. Bad Timing, I got frustrated, you don't know the frustration that a kid has when he waits for his new toy :-)

So after lots and lots of waiting finally it arrived!!!! To my horror the package was tore open. see for yourself.
Luckily nothing was lost from the pack, but everything was mixed up and out of place. No major damages.... Thanks God!!!

The Good


Well most of the stuff from the kit were in good condition. For example the electronics, Frame and threaded screws etc


3d printer ramps board
The Ramps board
Prusa i3 kit
Hardware
The Frame and other hardware like threaded rods and smooth rods, bearings were all kinda good stuff. There were some minor issues though; like the m5 threaded rods had their ends cut in such a way that its hard to put in nut on it. And some bearings in the pack were not so smooth too. They seemed like cheap ones made in house.

The Bad


There are many things in the kit which were not exactly like what i had in mind about 
my first 3d printer. For example see the hot end
reprap j hotend
It took me lot of stuff and work to assemble the hotend
Horror they sent short JST connetors for motors.
These crappy hot-end and really really short JST motor connectors again forced me to buy lot of stuff to fix them, like the cement to keep thermal sensor and heat cartridge in place. DuPont connectors, wires, crimping tools, heat shrink tubing and heat gun. damn lot of stuff.

So these things needed an upgrade and looks like i wasted money :(

The Ugly


Now comes the worst stuff from the kit i got.. The printed parts!!! they were ridiculous and not usable at all. see for yourself

Printed parts

Bad prints :(

Bad parts

Bad prints
bad prints
bad prints
bad prints
nothing fits

Now its obvious that i need to get new replacements for these items. So clearly buying the kit was a wrong choice that i made.

You can read more about the replacements i bought for these parts in the next post.

But eventually I made the printer working and here is a video of it powering up for first time