Well with the delay of the Librem5 development board I ordered I've had to find other things to keep me busy. So in my search for something to keep me occupied I ran across an open source web application scanner called WAScan (not to be confused with https://github.com/mrschyte/wascan/blob/master/wascan.py) written in Python . That was neat, it aligns with improving my sec knowledge, so I pulled it out of Github. Maybe that was my mistake, but it was a happy mistake.

The scanner was missing any dependency management, so I rolled it into pipenv and added the missing BeautifulSoup dependency updated the PipFile (similar to requirements.txt) and fixed the dated import string. It seemed to work, was only about 5,000 lines of code and was GPL 3.0 licensed. Great! It was also written in Python 2, well that's a problem. Everything should be Python 3 either now or very soon as the Python 2 end of life has been declared. So I can help with that right? Sure I can.

There is this great tool for automatically upgrading your Python code called 2to3. It's pretty decent at upgrading the codebase automatically, it doesn't catch everything but it's a good start. Most of the rest of the migration was working to .decode() the byte strings which are the new default for Python 3 for the functions that expect normal strings.

So not all that interesting but it was enough for me to learn the codebase. I decided pretty early in the process that I didn't want to contribute back to the project, there were just too many design decisions and coding patterns that I didn't want to repeat or encourage. Hard forking isn't exactly a helpful way of working on open source code, but it gives me the freedom to work the way I want to. So I started rewriting the application on the Cement Framework, which necessitated a change from pipenv to virtualenv cause pipenv doesn't believe in subshell PATHs... Well so much for the brave new way to do dependency management and local dev.

I started with the fingerprinting functionality, which partially works right now, and I'm in the middle of migrating the signatures to SQLite. Potentially I'm looking at adding ssdeep for fuzzy hash matching which will vastly improve fingerprinting. It's a work in progress, but the rewrite is beginning to be useful and it's keeping me busy while I wait for the Librem5 dev board.