- Cybersecurity
- Computer Networking
- Developer Operations (DevOps)
- Domain Specific Task: DevOps
Using search operators like site:, inurl:, intitle:, intext:, filetype:, ext:, AND, OR, -, and " ", we can run deep and targeted searches on certain websites, in the intention of finding accidentally leaked files/endpoints/information. This is called Dorking. For educational purposes, we take tesla.com and list all (potentially) unintentionally public files and links.
wireshark is a free and open-source (🎉) utility that can capture all packets that are sent and received by the device, using a packet capture library installed on the system. These can be saved to a file called packet capture (.pcap) which can be used for later analysis, or distribution. One such file is given to us to be analysed. This repo contains the answers to the questions asked in the problem definition.
A bash script named vault_sweeper that can:
- Recursively scan specified directories for sensitive or malformed environment files.
- Validate and sanitize the contents of these files based on security constraints.
- Create a directory called logs/ and add the respective logs in it. Create a user called maintainer and ensure the directory can be accessed only by the same.
- Collect and log metadata such as file user, permissions, ACLs, and modification details inside the logs/ directory.
- Generate secure output files from valid data.