Thursday, December 15, 2016

Approximating GNU parted in Windows

I partition disks in Linux all the time. But, thanks to disk ghosting, I don't do much partitioning in Windows. When I do need to partition in Windows (like external drives), what do I use? Enter the Windows Disk Management Snap-in, diskmgmt.msc, first available in Windows 98.
If you're familiar with GNU parted, this Windows tool will make perfect sense. You see immediately your list of hard drives, their partitions, and can click on them to delete or resize. Click on free space to partition. There are some limitations, though. For example, you can't delete recovery partitions. For that, you can drop to the Windows command line and run diskpart. This tool is like Linux's fdisk.

Thursday, December 8, 2016

Identifying specific vulnerabilities in WordPress, by version

Exactly how vulnerable is your WordPress version? Ask the good folks over at the WordPress vulnerability database who have not only assembled a vulnerability list by version, but also provided a nice API for querying.

# WordPress 4.4.2 vulnerabilities, by type
$ curl -sS https://wpvulndb.com/api/v2/wordpresses/442 |\
  jq -r '.["4.4.2"]|.["vulnerabilities"]|.[].vuln_type' |\
  sort | uniq -c
      1 BYPASS
      1 CSRF
      1 LFI
      1 SSRF
      1 UNKNOWN
      5 XSS
Same thing, but list the titles and take a version as a parameter:
wpvulndb() {
    version=${1:?Check which WordPress version for vulnerabilities (eg 4.8.3)?}
    curl -sS "https://wpvulndb.com/api/v2/wordpresses/${version//./}" | \
      jq -r --arg version "$version" '.[$version]|.["vulnerabilities"]|.[].title'
}

wpvulndb 4.8.3