I've created some command aliases in my bash profile. There are also tools to create shortcuts for git commands. Other than that, I have created shell scripts that I copy to projects, and also some Rake commands.
I haven't spent enough time on some sort of centralization of "snippets" per se, since what I listed above covers the stuff I reuse the most.
This is a consulting offering at several low-end app sec firms (if you're a high-end appsec firm that does this stuff, sorry, I didn't know). It's one of those attractive "scales across every employee of the company" services consultants love. Happy to see it productized.
We're a mid-level appsec firm, how's that? :) The problem is that high, med, and low end attackers are using spear phishing to get a foothold inside many organizations. This is testing that everyone should be doing today. Read any recent mainstream media article about any breach and Cmd-F "phish".
Core Impact includes a module for doing phishing with client-side exploits. Probably more expensive than this, though. Metasploit will let you do similar things, but I don't know if it's packaged up nicely like Core Impact and the current post.
Right now there's no API or anything -- I wrote this just to see if I could. I'm not sure if I'll be putting up an API, because I figure by the time I'd do that I can just release the source for it. But if you really wanted I probably could provide an API it in a couple of days.
Exactly. The whole discussion here points to the major flaws in using text as CAPTCHA. Maybe if questions were more metaphorical they would be harder to guess, but then there is no absolute answer. I think a combination of text, image, and logic would be hardest to break.
If you were able to analyze the sentence structure of all 180 million questions, how many different sentence structures would there be? This all points to the fact that you can build algorithms to guess the answers eventually.
Not even just guess them but accurately determine them.
A few years back I was hired by a third party to build a system to break the CAPTCHA on a popular site for various evil deeds. Morals set aside, the money was good and I had a wedding to pay for. A CAPTCHA system becomes quite breakable when it becomes predictable. The system in question used an image based CAPTCHA that used the same (albeit annoying) font for each image, as well as a static distortion overlay and a second set of random distortion. By extracting a thousand sample images I was able to build a system in Perl that could determine the text with an estimated 98% success rate - and when it failed you would just request a new CAPTCHA.
My solution would be to mix up images with logic. I.E.
In the following list of images, which image number contains the green animal: {pic of zebra}, {pic of frog}, {pic of giraffe}
This would require image recognition as well as logic.
It can't work the way you explained it: I just solved your CAPTCHA with 33% success rate (waaay too high for a useful CAPTCHA). Perhaps if you ask for "the three pictures of X animal out of those 9", and you had a database with which animal has which property (and you also ran some fuzz over the images so no two images would ever be the same). I'm still skeptical...
That would assume that it is multiple choice - however if it's still free form text input, requiring the input to equal "frog" would solve that issue. Text + images + logic would offer a lot more hurdles than just any single one of those.
Also think about the way algorithms (like WolframAlpha) interpret the structure of the questions. Like some of the other commenters, switching some words around makes WolframAlpha fail.
It might be interesting to come up with a methodology for question structure that is harder for algorithms to interpret...?
I haven't spent enough time on some sort of centralization of "snippets" per se, since what I listed above covers the stuff I reuse the most.