This is going to be a pretty short one, I had an all-week event at work last week so I didn’t have a lot of time to do things that I would talk about on here.
Sephiroth Updates
Sephiroth is a tool I wrote many years ago to help build block lists for common server platforms that might want to behave differently for different IP addresses. It is so named because the main target was “I want to block the cloud”, and I liked Final Fantasy 7.
Anyways, this week saw a number of updates, including a new contributor. DEVisions added support for Caddy’s newer format, and I added support for blocking Vultr ip ranges as well as a meta “target” _all which will let you build a blocklist for all of the providers Sephiroth knows about.
I also did a bunch of work on setting up automatic deployments for the docker container as well as a trusted publisher workflow for PyPI, that way it’ll be easier for me in the future to come back, fix or add something, and cut a new release without having to remember how to do everything.
If you know of authoritative first-hand ways to get IP ranges for IBM Cloud, Salesforce, various VPN providers, Tencent Cloud, Alibaba Cloud, etc, I would love if you opened an issue with the details. Specifically I want things that are more detailed than “here’s their ASN.”
Natlas On My Mind
Is my data relational after all?
I spent a decent amount of time this week thinking about changes to Natlas. I have a branch where I was working on cutting over to the elasticsearch-dsl library so that I could have object-mapped documents. But the more I thought about it, the more I thought maybe what I actually want is just… to store my scan data in a relational database.
Elasticsearch has been great, helpful, just shove files into it and worry about it later. Expose the query language directly to the user. No worries. But as I’ve evolved as a developer, and as I’ve looked into more advanced features, it’s become evident that this has been a limiting factor. For instance, it is hard to do port-level statistics with my current elastic document structure. I could break it out so that I have ports as individual documents, but now I have relationships in my elasticsearch data, but not explicitly.
The biggest downside to this change would be that I wouldn’t have the elastic query language at my disposal anymore, so I’d need to come up with a query language / query builder to enable basically all the same things that I currently already get for free. But, there’s also an upside.
Natlas as a DNS Recon Platform
I’ve long been obsessed with DNS reconnaissance. I love it, and I specifically love the challenge of finding all the domain names that point to an IP address, given the distributed nature of the DNS hierarchy. I have access to a bunch of TLD zones now, and I would love to hook this up to Natlas and allow natlas to collect more domain-aware information. Screenshots of web services on different vhosts. Web fingerprints of those services. Etc.
If I bring my port scan data into postgres, along with all of this DNS data, I could start to construct really interesting queries and do interesting research.
Natlas as a… Django app
One thing that has been weighing on me with Natlas is it’s usage of Flask. It’s been fun and challenging to rewrite a bunch of things to work with the modern sqlalchemy, and I generally like the batteries-not-included nature of flask. I like that there isn’t a lot of magic. Just functions that run when you make a GET request, or functions that run when you make a POST request, etc.
But the flask ecosystem feels considerably less polished than the Django ecosystem, and a number of useful tools that I’d like to use are not availble except as django apps. Examples include django-anymail, dj-stripe, the django-debug-toolbar, and djangoql. Anymail alone feels like enough of a reason to switch, if I’m being honest.
Another benefit of switching to django is that django is used by a lot of companies, so there are a lot of Django developers out there. So if, in the future, I’m able to turn this into an actual project that makes money, I’d be able to find developers who are familiar with the paradigm we’re working in.
I’d just ban the use of things like ModelForm and enforce strict typing from the beginning, to curb some of the problems I have with Django, I suppose.
But I will say… the thought of basically doing a complete framework rewrite (every view has to change, every database query has to change, every ORM model has to change, every template file has to change, etc), all to just get the project back to exactly where it is right now but with a different framework? That sounds terrible… Stay tuned to see if I do it, I guess.
Interesting Links
- PROTOCOL - Internet Engineering Task Force - My second episode of PROTOCOL is out, talking about the IETF and RFCs. It didn’t get as much attention as my first episode, but nevertheless I persist. My next episode is about IANA and will be out on Wednesday at 10am Pacific!
- OKLCH in CSS - CSS 4 introduces a new way to declare colors and color palettes. Pretty interesting stuff.
- IPv6 is Hard - IPv6 is hard, except it’s not that hard, and setting it up in a broken state is worse than not setting it up at all, because it contributes to the notion that it’s hard.
- Postgresql Upserts - As I’m doing a lot of research into efficient database queries to deal with millions of updates a day, I found this article on the notion of an “upsert” really helpful.
- HTML Legends Example - This is just a cool codepen I saw that creates a nice effect for legends on form fields in HTML. Looks nice.
- Leaking Youtube Emails for $10,000 - An interesting and elaborate attack to leak the email address associated with any youtube channel.
- Kasm Workspaces - I saw this in a Lawrence Systems video and it seems super useful to host some virtual browsers and whatnot locally on my network. I haven’t tried it yet, but I really like the idea, and I’ll like it even more if I can setup different virtual browser profiles with different vpn settings, accounts, extensions, etc.
- Undergrad upends 40-year-old data science conjecture - An undergrad student found an interesting way to search hash tables much faster than previously thought possible. No idea if we’ll see this in real application anytime soon, but it’s pretty interesting nonetheless.
Upcoming Projects
- Defcon Call for Music/Tracks - I intend to submit as a performing artist as well as submit a soundtrack track again this year. I have a really fun idea for a track and am currently waiting on production.
- I want to publish one non-PROTOCOL video this month. I think I might publish a video on invalid nameserver research, because I think it’s pretty interesting.