Forem: Nitin Kumar

Built with Google Gemini: AI Essay Generator with Gemini

Nitin Kumar — Tue, 03 Mar 2026 12:47:15 +0000

This is a submission for the Built with Google Gemini: Writing Challenge

What I Built with Google Gemini

This Python script leverages the Google Gemini API to automate the generation of essays based on specific criteria defined in a CSV file. It's engineered to create datasets of student-like essays, complete with a specified type and percentage of errors, making it ideal for training NLP models, developing educational software, or generating content at scale.
The script intelligently infers the desired error type (e.g., spelling, grammar, punctuation) from the input CSV's filename, generates a unique essay for each row, and saves the output directly back into the same file, creating a seamless and efficient workflow.

Demo

I've uploaded my project to GitHub named gemini-essay-generator

Your browser does not support the video tag.

What I Learned

Technical Skills
- Gained hands-on experience with Python scripting and data handling using pandas for reading/writing CSV files.
- Learned to interact with the Google Gemini API, including constructing prompts dynamically and handling API responses.
- Practiced error handling and validation, ensuring the generated essays met word count and error constraints.
- Understood dependency management in Python projects and how a requirements.txt ensures reproducible environments.
Soft Skills
- Improved problem-solving and debugging when working with APIs and CSV-based data.
- Learned to manage project structure, separate configuration (API keys, CSVs) from logic, and read/interpret open-source code.
- Strengthened attention to detail, especially while ensuring generated essays had the required type and percentage of errors.
Unexpected Lessons
- Saw firsthand how automated AI generation can still require validation and retries — AI outputs are not always deterministic.
- Learned that file naming conventions can be leveraged to encode metadata (like error types) in a simple, scalable way.
- Realized the importance of lockfiles and reproducible environments; without them, collaborators may get inconsistent results.
Key Takeaway
- Working on this project highlighted the combination of data engineering, API integration, and reproducibility in real-world Python projects, and how thoughtful automation can save significant time when generating content at scale.

Google Gemini Feedback

What Worked Well
- The project structure was clear, with a single main script and example CSV that made it easy to understand how input/output worked.
- API integration with Google Gemini was straightforward; the existing functions for sending prompts and receiving responses worked reliably.
- Using pandas for CSV handling made batch processing simple and efficient, even for multiple essays at once.
- The filename-based configuration (to encode error type) was a clever, lightweight solution that avoided complex configuration files.
Challenges / Where I Needed More Support
- Initially, understanding how the Gemini API expected prompts and formatting took some trial and error; the API documentation assumed familiarity with prompt engineering.
- Handling edge cases with essay generation was tricky — sometimes the model returned fewer words than expected or misapplied the error types, requiring multiple retries.
- The project relied on requirements.txt and pip, so setting up a fully reproducible environment across different systems could be tricky without virtual environments or a lockfile.
- Some error handling and logging could be more robust; debugging failures when the API response was invalid required manual intervention.
Key Takeaway
- Overall, the project worked well for learning AI prompt integration, batch processing, and reproducibility, but highlighted the importance of robust error handling, reproducible environments, and clear API documentation for scaling such tools.

Sure.

Done.

Transition from pip to uv package manager

Nitin Kumar — Tue, 03 Mar 2026 12:30:27 +0000

So, you've already got your traditional pip package manager & transition to uv package manager? Or you're someone who's new to package manager topic?

Python Package Manager

Let's understand what a package manager mean.

A Python package manager is a tool that automates the process of installing, updating, configuring, and removing software packages (libraries) written for Python. Think of it as the software that connects your project to repositories of reusable code, fetches packages (and their dependencies), and manages them on your system or in specific environments.

Choosing uv over traditional pip

Now, let's understand why to choose uv over pip although both are open source !

Metric	uv	pip
Out-of-the-Box Availability	No	Yes
Package installation speed	Installs JupyterLab in 2.618 seconds	Installs JupyterLab in 21.409 seconds
Reproducible installs	Supports reproducible installs based on native locking	Supports reproducible installs through requirements.txt and pip-tools
Removal of transitive dependencies	Yes	No
Maturity and ecosystem support	Offers a new and growing ecosystem with increasing adoption	Offers a mature ecosystem and long-standing adoption
Licensing	Distributed under the MIT license	Distributed under the MIT license
Supporting organization	Developed by Astral, a private company focused on high-performance Python tooling	Developed by the Packaging Authority (PyPA), part of the Python Software Foundation (PSF)

You can learn more about their comparison in realpython's blog or this youtube video.

Working of uv package manager

So, it's clear why uv & not pip. But how does uv even works? How is it so fast than pip.

Bootstrapping & Setup

uv is distributed as a single compiled binary and can install Python versions, create virtual environments, and manage dependencies without requiring a pre-configured Python toolchain. Because it is written in Rust, startup time is nearly instant and it works consistently across platforms. In contrast, pip requires Python to already be installed and must be combined with tools like venv or virtualenv, making initial project setup more fragmented and error-prone. In CI environments, reducing setup steps can noticeably decrease build times, especially across multiple pipeline runs.

Dependency Resolution

uv uses a high-performance dependency resolver (inspired by modern solvers like PubGrub) that computes a fully consistent dependency graph before installation begins. This process is deterministic and optimized for speed, especially in large projects. While pip introduced a backtracking resolver in version 20.3, it can still be noticeably slower on complex dependency trees and may require multiple resolution attempts, increasing install time. In large dependency graphs, resolution with pip can take several seconds to minutes depending on conflicts, whereas uv often resolves the same graphs in a fraction of that time due to optimized algorithms.

Lockfile & Reproducibility

uv generates and enforces a native uv.lock file, ensuring reproducible installs across machines and CI pipelines. Every transitive dependency is pinned automatically. pip does not provide built-in lockfile support, relying instead on requirements.txt or external tools like pip-tools, which adds workflow complexity and can reduce determinism. Native locking reduces human error and prevents “works on my machine” problems that frequently arise in pip-based setups without strict version pinning.

Downloading Packages

uv performs parallel downloads and aggressively reuses a global cache, significantly reducing network and installation time. Benchmarks commonly show large projects installing in a fraction of the time compared to traditional tooling (for example, JupyterLab installing in roughly 2–3 seconds in controlled tests). pip typically handles downloads more sequentially and, while it caches packages, it does not optimize parallel fetching to the same extent, making cold installs slower. In some public comparisons, uv demonstrates installation speeds up to 5–10× faster than pip for large dependency sets.

Installation & Disk Efficiency

uv installs packages in parallel and uses hard-linking or symlinking from a shared global cache when possible, reducing redundant disk writes and saving storage across environments. pip installs packages sequentially and copies files into each environment, which can increase disk usage and slow down repeated environment creation in large projects. In multi-environment setups, uv’s deduplicated caching can significantly reduce storage overhead compared to pip’s per-environment duplication model.

Virtual Environment Management

uv integrates virtual environment creation and management directly into its workflow, allowing commands like uv venv and uv sync to streamline setup. pip does not manage environments itself, requiring manual environment activation; mistakes in activation can lead to unintended global package installations and dependency conflicts. Consolidating environment and dependency management in one tool reduces operational friction and configuration mistakes.

Python Version Management

uv can download and manage multiple Python versions as part of its unified toolchain, reducing the need for additional version managers. pip cannot manage Python interpreters, forcing developers to rely on separate tools such as system package managers or pyenv, increasing setup fragmentation. A unified toolchain simplifies onboarding and standardizes development environments across teams.

Performance at Scale

uv is optimized for performance at scale, leveraging parallelism, aggressive caching, and compiled execution. In many real-world benchmarks, it demonstrates multiple-fold speed improvements over traditional workflows, especially in cold installs and CI/CD pipelines. pip, being implemented in Python and not heavily parallelized, can become a bottleneck in large CI/CD pipelines or enterprise-scale dependency graphs, where repeated installs compound time costs across builds.

How to setup

Now, that we know what's uv & how it's faster than pip, let's move to the implementation part.

What are the steps we need to perform to implement uv in our project. Let's begin from scratch. Took help from uv documentation JFYI.

Install uv

macOS / Linux

curl -LsSf https://astral.sh/uv/install.sh | sh

Windows (PowerShell)

irm https://astral.sh/uv/install.ps1 | iex

Or via pip (not recommended for full feature usage, but possible):

pip install uv

; you may use pipx instead of pip for installation in isolated environment.

Verify installation:

uv --version

Create new project

uv init PROJECT_NAME
cd PROJECT_NAME

; PROJECT_NAME is the name of your project

This creates:

pyproject.toml
.venv (optional depending on config)
Basic project structure

Install dependencies

Now, you need to add dependencies/libraries you need to install in your project. You've got 2 options - one with a requirements.txt file where your dependencies are present & another one without anything but you know what all dependencies you need.

If you've got requirements.txt file:

uv add -r requirements.txt

If you don't have that file:

uv add PACKAGE_NAME

then, ensure your environment is in sync with the pyproject.toml and uv.lock files:

uv sync

With this approach, you simply run uv sync when another developer clones the project, and uv automatically creates the virtual environment and installs the correct dependencies. Checkout this YouTube video for reference.

And, that's it !! You're good to use uv as your package manager instead of pip.

If you need to install any other package, just run uv add command & it'll automatically add in current virtual env, updates uv.lock file & add package to .toml file.

No need of requirements.txt file now to install same packages, just put uv sync & all files will be updated based on the shared .toml file.

What exactly happens after we do uv sync:

Read uv.lock
Create a virtual environment (if not present)
Install the exact pinned versions from the lock file
Reproduce the same dependency tree deterministically

So yes — everything needed for dependencies gets recreated automatically.

If you still need requirements.txt file to deploy on services not using uv, simply do

uv export -o requirements.txt

So, for sharing dependencies related to your project, just share .toml & .lock files & run uv sync in new system & it'll automatically install all dependencies.

Some errors:

You might get error while updating updating uv (uv self update), for resolution check this github resolution issue comment
You might get error while installing dependencies before doing uv init, this is due to no .toml file. You need to initialize uv project first by doing uv init even if you've project opened. It'll automatically take your project name & initialize with required files & you can install dependencies.

Hope you liked this tutorial on uv implementation in your python project. Let me know in comments how was your experience with uv & how much time is preserved by using it.

!! HAPPY DEVELOPING !! KEEP DEVELOPING !!

If this helped you even a little, feel free to connect with me on 👉 LinkedIn

Guide to publish your first PyPI library 🚀

Nitin Kumar — Sun, 08 Feb 2026 18:33:55 +0000

👀 Do you also want to be included in that elite, mysterious, and totally brag-worthy list of contributors for a public PyPI package?
Yes? No? Still scrolling like it’s an Instagram reel? 📱
Cool, let’s fix that.

Why to create a py package? 🤔🐍

Before you start dreaming about PyPI fame (and GitHub stars 🌟 that your relatives won’t understand), pause for a reality check.

First, decide if your project is actually PyPI-worthy. Before touching configs, sanity-check that your project is reusable (no hardcoded paths, credentials, or “works only on my laptop” local files 💻❌) & has a clear entry point (functions/CLI).

If your script is “run once and forget” — PyPI is overkill 💀
If others (or future-you, after 3 months of memory loss 🧠) can reuse it → publish it 🚀

Think of it like the World Cup 🏏 — not every gully cricketer makes it to the squad, but the good ones do 😉
Same rules apply here.

📂 Folder structure needed (yes, structure matters)

Just like India’s budget announcements 📊 — boring, structured, but very important.

my_package/
│
├── src/
│   └── my_package/
│       ├── __init__.py
│       ├── core.py
│       └── utils.py
│
├── tests/
│   └── test_basic.py
│
├── README.md
├── LICENSE
├── pyproject.toml
├── MANIFEST.in
└── .gitignore

Mess this up, and PyPI will treat your package the way Twitter treats breaking news — harshly 😬🐦.

Content of `pyproject.toml` ❤️‍🔥

This is the heart of deployment.
Mess this up and your package dies faster than a government promise during elections 🗳️😌.

[build-system]
requires = ["setuptools>=61.0", "wheel"]
build-backend = "setuptools.build_meta"

[project]
name = "my-package"
version = "0.1.0"
description = "Utility to validate API responses using schema rules"
readme = "README.md"
license = { file = "LICENSE" }
authors = [
    { name = "FIRSTNAME LASTNAME", email = "your@email.com" }
]
requires-python = ">=3.8"

dependencies = [
]

[project.urls]
Homepage = "https://github.com/yourname/my-package"

Yes, every line matters.
No, PyPI doesn’t care if “it worked locally” 😌❌.

Contents of `MANIFEST.in` (don’t skip 🙏)

Ensures non-code files are packaged.
Skipping this is like hosting the World Cup final without a trophy 🏆 — technically possible, emotionally devastating.

include README.md
include LICENSE

Without this, your PyPI page may break.
And users will judge you silently 🤐.

Key rules 🚨

There are some key rules while uploading your package on the PyPI website. These are non-negotiable — like ICC rules during finals 😤🏏:

Name must be unique on PyPI (yes, utils, helpers, test-lib are already taken 😑)
Version must follow semver
Once uploaded → cannot overwrite the same version (PyPI never forgets 😈)

Requirements 📋

A sample project which should adhere to these conditions
Any code editor. I’m using VS Code here (because obviously 💙)
A valid package name should be unique ⚠️
A PyPI & test.pypi Account

; PyPI account can be created from here & tutorial for the same is in this youtube video

TestPyPI account can be created from here & tutorial for the same is in this youtube video

Yes, two accounts.
No, PyPI doesn’t trust you immediately — neither should it 😌🔐.

Steps to create & upload 🚀

Install build tools 🛠️

pip install --upgrade build twine

build → creates wheel & source
twine → uploads to PyPI (your final boss 🎮)

Build your package 📦

python -m build

If this executes successfully (pray to the Python gods 🐍🙏), it will create:

dist/
├── my_package-0.1.0-py3-none-any.whl
└── my_package-0.1.0.tar.gz

If it fails — congrats 🎉, you’re officially learning 🤨

Upload to testPyPI (optional but smart 🧠)

twine upload --repository testpypi dist/*

Then install your uploaded package from testPyPI:

pip install --index-url https://test.pypi.org/simple/ my-package

Test import + functionality here.
Break things now, not in production 😬🔥.

Upload to real PyPI 🌍

twine upload dist/*

; make sure dist/* uploads everything inside dist/.

And boom 💥 — Congratulations, you’ve just uploaded your own package! 🎉🎉
Take a moment. Screenshot it. Flex on LinkedIn 😎.

Something more 👀

Common mistakes ❌

❌ Hardcoded paths
❌ Forgot README / LICENSE
❌ Version conflict
❌ Import errors due to bad structure
❌ Uploading secrets accidentally (this one hurts the most 💀🔐)

Pro tips 💡

✅ Add CLI using entry-points
✅ Automate release via GitHub Actions
✅ Tag versions (v0.1.0)
✅ Add __version__ inside package
✅ Use ruff / black before publishing

Clean code = happy users 😊.

Hope you’ve successfully created your first package on PyPI 🐍🎯
Do share your package name in comments — let’s hype each other like World Cup fans 🇮🇳🏏.

I’ve recently committed pyshrink. Do check it out 👀✨.

Also, if you’ve got questions, confusion, or existential doubts about packaging — comment it out 💬😄.

Author
😎 Nitin Kumar

Guide to Publishing a Python Project as a VS Code Extension

Nitin Kumar — Sat, 07 Feb 2026 20:10:20 +0000

How I Built and Published My Own VS Code Extension (Yes, You Can Too 😌)

Have you ever built a small tool and thought,

“Hmm… this would actually be useful inside VS Code 🤔”

And then immediately followed it up with:

“Nah, publishing a VS Code extension sounds complicated.”

Yeah… same.
But I did it anyway. And surprisingly, it wasn’t that painful (for once).

So in this article, I’ll walk you through how to convert your Python project into a VS Code Extension and publish it to the VS Code Marketplace — step by step, in a casual, no-BS way.

Think of this as a tutorial, not a corporate manual 📘
(We already have enough of those in 2026.)

What You’ll Need (a.k.a. Prerequisites)

Before we summon the VS Code gods, make sure you have these things ready:

✅ A VS Code Marketplace account
👉 Create one here
(Corporate account preferred, unless you enjoy random verification issues)
✅ A Python project you actually want to ship
Mine was: pyshrink
✅ Visual Studio Code (obviously)
👉 Download VS Code
✅ A stable internet connection
Because npm without internet is just… meditation 🧘‍♂️

Let’s Get Our Hands Dirty 🧑‍💻

I’m assuming your Python project already exists in a directory called project1
(Rename it if you like — VS Code doesn’t judge, people do.)

Environment Setup (The “Please Don’t Skip This” Section)

Before creating a VS Code extension, we need Node.js tooling.
Yes, even for a Python project. Welcome to modern development 😬

Step 1: Check Node.js version

node -v

Step 2: Check npm version

npm -v

If these commands fail, pause everything and install Node.js first.
No shortcuts here.

Step 3: Install required global tools

We’ll install:

yo → scaffolding tool
generator-code → VS Code extension generator
vsce → VS Code Extension CLI

npm install -g yo generator-code vsce

Step 4: Verify npm global path (optional but helpful)

npm config get prefix

This helps when VS Code or your terminal pretends it “can’t find” globally installed packages 🙃

Scaffold Your VS Code Extension

Now comes the magic ✨

Step 1: Generate the extension boilerplate

yo code

You’ll be prompted with a bunch of questions:

TypeScript or JavaScript?
Extension name?
Description?

👉 Choose TypeScript if you’re unsure.
It’s basically JavaScript with better life choices.

Once done, you’ll have a shiny new extension structure ready to customize.

Configure VS Code Commands (Where Your Extension Gets a Brain 🧠)

Your extension doesn’t do anything unless you tell VS Code what commands it supports.

Step 1: Edit `package.json`

Look for:

contributes.commands

This is where you define commands like:

--help
--run
or any custom command your tool needs

Step 2: Add activation events

Inside the same package.json, add your commands under:

activationEvents

Technically, VS Code might infer them automatically…
But let’s not rely on assumptions — that’s how bugs are born 🐛

Compile TypeScript (Yes, This Matters)

Step 1: Compile the extension

npm run compile

This generates the extension.ts output required for VS Code to run your extension.

Common Error (Almost Guaranteed 😅)

❌ Cannot find module vscode

Quick fix:

npm i --save-dev @types/vscode @types/node

Run compile again and breathe.

Test Your Extension Locally (Before the World Sees It)

This is where we test the extension inside VS Code itself, using something called Extension Dev Host.

Think of it as a sandbox version of VS Code that won’t embarrass you publicly.

Steps to test

Press F5
In the new VS Code window:

Press CTRL + SHIFT + P
1. Run your commands (--help, etc.)

Your output should appear under the OUTPUT tab.

If Extension Dev Host Doesn’t Open 😤

This is a known VS Code issue.
Check this GitHub thread:
👉 https://github.com/microsoft/vscode/issues/58470

Fix it before moving on — publishing broken extensions is how legends are not made.

Package Your VS Code Extension 📦

Now for the fun part — turning your project into a .vsix file.

Important Rule

Make sure README.md exists in the root directory
vsce will refuse to cooperate otherwise.

Step 1: Compile again (just to be safe)

npm run compile

Step 2: Package the extension

npx vsce package

🎉 You’ll now see a .vsix file — this is your extension, ready for the marketplace.

Upload to VS Code Marketplace 🚀

Time to go public.

Steps to publish

Sign in to Visual Studio Marketplace
Go to Publisher Management
Select your publisher
Click New Extension → Visual Studio Code
Upload your .vsix file
Click Continue
Review auto-filled details (tags matter for SEO 👀)
Click Save & Upload
Wait while it shows “verifying”
Once verified, make it Public

Congrats — you’re officially a VS Code Extension Author 🎩

Editing & Re-uploading Your Extension

Any time you change your code:

Compile TypeScript
Package Extension
Upload to marketplace

Yes, every time.
No, there’s no shortcut (yet).

Example Extension & Final Thoughts

You can check out my sample project here:
👉 GitHub: https://github.com/nitinkumar30/pyshrink-vscode/

Or try my first published extension directly:
👉 VS Code Marketplace: Pyshrink

If you’ve:

Built your own extension 🚀
Got stuck somewhere 🧩
Or have a cool idea brewing ☕

Drop a comment with your extension link or issue — I’ll try to help ASAP. 😄

And if this helped you even a little, feel free to connect with me on
👉 LinkedIn

Happy hacking & may your extensions never crash on activation 😄

How to Build India's Cheapest (Yet Most Effective) Penetration Testing Tool 🔥

Nitin Kumar — Sun, 21 Dec 2025 18:45:19 +0000

Introduction

Hey there, cyber warriors! Ever wondered how security researchers make those jaw-dropping demos where a simple USB stick can bring down an entire network? Well, buckle up because today we're diving deep into the world of HID (Human Interface Device) attacks using none other than the legendary Digispark ATTiny85 – your ticket to penetration testing glory without burning a hole in your pocket! 💸

In a country where we're masters at making the most with the least (जैसे कि मुंबई में 10 फ़ुट के कमरे में 5 लोग रहना), it shouldn't surprise you that we can build a professional-grade pentesting tool for less than the price of a decent Dosa! 😂

Let's get started with this mind-blowing journey of turning a ₹350 chip into a security professional's secret weapon!

Objective

Our main objective here (drumroll please 🥁) is to create an affordable, stealthy HID device that mimics a wireless mouse/keyboard dongle capable of executing pre-programmed attacks autonomously upon insertion. Think of it as your personal digital jadoo (magic) that works as soon as it touches the target system.

🎯 Specific Goals:

Build a functional HID attack device under ₹500
Make it appear as a legitimate wireless mouse dongle
Execute automated payload sequence: wake system → open browser to specific URL → close browser → execute shutdown command
Ensure device maintains HID functionality post-attack (for stealth)
Keep everything undetected by traditional antivirus solutions (because who doesn't love flying under the radar? 🦅)

Hardware Requirements

Remember how we said we're going budget-friendly? Well, here's where we prove it! 🤑

Main Hardware (The Hero of Our Story):

Digispark ATTiny85 USB Development Board – ₹350-500 [Techtonics Purchase Link]

This little beauty is cheaper than your monthly chai consumption but more dangerous to unpatched systems! 💻💥

Optional Accessories (Because We Like to Dress Up Our Toys):

USB Enclosure/Case – ₹100-200 (To make it look fancy like those premium wireless mouse dongles)
USB Extension Cable – ₹50 (For harvesting those components, just like mom uses empty containers 🥡)
Breadboard Jumper Wires (if not included) – ₹30
Soldering Kit (If you're feeling extra DIY) – ₹200-500 [Local Electronics Store]

💡 Pro Tip: You can always salvage components from old USB devices lying around. Remember, in Indian households, nothing goes to waste! 🏠🗑️

Other Alternatives (For Those Who Want to Spend More 💸):

Arduino Pro Micro – ₹600-800 [Robokits Purchase Link]
Pre-made BadUSB Modules – ₹800-1200 [Nilgiri Stores Purchase Link]

But why spend more when you can build the same thing for less? As they say, "सस्ता सोना चाँदी से भी चमकदार होता है!"

Software Requirements

Let's get our digital workspace ready – it's time to install some serious stuff!

Arduino IDE (The Boss Software) 👑:

Absolutely free and open-source! No excuses for not downloading this:

🔗 Download Link: https://www.arduino.cc/en/software

It's like downloading WhatsApp but for hardware hackers!

Digistump Board Package (The Magical Add-on):

Don't worry, no magic wand required, just some simple copy-pasting! Follow these steps:

Open Arduino IDE
Go to File → Preferences
In "Additional Boards Manager URLs" field, paste: http://digistump.com/package_digistump_index.json
Click OK
Go to Tools → Board → Boards Manager
Search for "Digistump"
Install "Digistump AVR Boards by Digistump"

💡 This is like adding a new channel to your TV – suddenly you can see way cooler content!

How To: The Complete DIY Guide 🛠️

Step 1: Assembling Hardware (Or Not Assembling, Depending on Your Mood)

The beauty of the Digispark (yes, there's beauty in simplicity!) is that it comes pre-assembled. You just need to plug it in... well, almost!

But if you're feeling fancy and want to make it look like a premium wireless mouse dongle, here's the plan:

Option 1: Plug & Play – Just use the existing micro-USB connector. Fast, easy, no soldering required. Perfect for those who hate DIY with a passion!
Option 2: Stealth Mode (काला घोड़ा अंधेरे में दौड़ता है):
1. Desolder the micro-USB connector (if you're brave enough 🤯)
2. Salvage an old USB-A male connector (from a broken mouse or an extension cable)
3. Solder wires directly to the ATTiny85 chip:
  - VCC → 5V
  - GND → GND
  - D+ → Pin 3
  - D- → Pin 4
4. Enclose everything in a nice USB-shaped case
5. Add some hot glue for that premium waterproof feel! 😎

Step 2: What Will We Do Exactly?

Here's the evil plan (but a very authorized one!):

Device wakes up the sleeping computer (because we're polite like that 😇)
Automatically opens a browser to visit your specified website
Closes the browser (keeping things clean like our moms taught us!)
Opens Command Prompt (CMD)
Executes a shutdown command with a 60-second countdown
Maintains mouse functionality so it looks like a genuine wireless mouse dongle (nobody suspects the cute little mouse!)

Step 3: The Payload – What Makes This Device Dangerous 😈

Here's the exact code that will bring tears to a system administrator's eyes:

#include "DigiKeyboard.h"

void setup() {
  DigiKeyboard.delay(3000);
  DigiKeyboard.sendKeyStroke(0); // Initialize
  DigiKeyboard.delay(100);

  // Wait for system to fully wake up
  DigiKeyboard.delay(3000);

  // Open Run dialog
  DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
  DigiKeyboard.delay(500);

  // Launch Chrome/Edge with the specified URL
  DigiKeyboard.print("chrome.exe https://nitinkumar30.netlify.app/");
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
  DigiKeyboard.delay(8000);

  // Close browser
  DigiKeyboard.sendKeyStroke(KEY_F4, MOD_ALT_LEFT);
  DigiKeyboard.delay(1000);

  // Open CMD
  DigiKeyboard.sendKeyStroke(KEY_R, MOD_GUI_LEFT);
  DigiKeyboard.delay(500);
  DigiKeyboard.print("cmd");
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
  DigiKeyboard.delay(1000);

  // Execute shutdown command
  DigiKeyboard.print("shutdown /s /t 60");
  DigiKeyboard.sendKeyStroke(KEY_ENTER);
}

void loop() {
  // Nothing to do here (single shot attack)
}

💡 Understanding the Payload:

DigiKeyboard.delay() – Gives system time to process actions
sendKeyStroke(KEY_R, MOD_GUI_LEFT) – Equivalent to pressing Windows Key + R
DigiKeyboard.print() – Types text characters
MOD_ALT_LEFT / MOD_GUI_LEFT – Modifier keys (Alt, Windows key)

Step 4: Instructions to Upload Payload (The Moment of Truth!) ⚡

Open Arduino IDE – Make sure you've installed the Digistump package as discussed earlier
Select Board Settings:
- Go to Tools → Board → Select "Digispark (Default - 16.5mhz)"
Paste Your Payload Code – Copy-paste the code from above into the IDE
Click Verify – Make sure there are no compilation errors. If there are, double-check your typing (we've all been there! 👀)
Click Upload – This is where things get interesting!
NOW (and only NOW) plug in your Digispark – This device uploads code when connected, not before!
Watch for the success message: "Micronucleus done. Thank you!" (It's like the device is saying "thanks for making me dangerous!")

⏰ Important Timing Tip: You have 60 seconds after clicking upload to plug in the device. Set an alarm if you're prone to forgetting! ⏰

Testing & Deployment (The Fun Part!) 🎯

Before unleashing this digital beast on actual targets (with proper written permissions, of course!), let's test it safely:

Safe Testing Protocol:

Prepare a test computer (one you own or have explicit permission to test)
Save all work (no one likes losing data!)
Plug in your Digispark and watch the magic unfold 🎩✨
If shutdown command executes, quickly cancel it by typing shutdown /a in CMD

Deployment Tips:

The device maintains HID functionality post-attack, so it appears as a legitimate mouse even after the payload execution
Most systems don't have USB-based antivirus scanning for HID devices (which is why this method works so well!)

💡 Security Pro Tip: This attack is so effective because it bypasses traditional antivirus detection. AVs are looking for malicious files, not legitimate keyboard inputs!

Why This Method Works Like Magic ✨

Undetectable & Stealthy:

Appears as Standard HID Device – Your Digispark looks like any other USB mouse or keyboard to the system
No File Write Required – Unlike USB drives, this device doesn't mount as storage, so it can't be scanned by file-based antivirus
Keyboard/Mouse Input – Antivirus won't flag you for typing "shutdown /s" because, technically, that's what it looks like to the system
Physical Appearance – With proper casing, it literally looks like a wireless mouse dongle, making it completely innocuous in appearance

As they say, the best hiding place is in plain sight! 🙈

Legal & Ethical Reminder (Read This Before Getting Overconfident!) ⚠️

🚨 SERIOUS BUSINESS SECTION – PLEASE READ CAREFULLY 🚨

This technique is EXTREMELY powerful and should only be used in authorized penetration testing scenarios with:

Written permission from the system/network owner
Proper documentation and approval from relevant authorities
Compliance with IT Act 2000 (India) and similar regulations elsewhere
Responsible disclosure practices if vulnerabilities are found

❌ DON'TS:

Don't plug this into random public computers (like in cyber cafes)
Don't use it to prank friends (trust us, they won't find it funny when their computer shuts down)
Don't test on systems you don't own without explicit written permission
Don't lose your job/face legal consequences because you thought this was a joke 😅

✅ DOs:

Use in authorized pentesting engagements
Document all testing activities
Follow responsible disclosure practices
Educate organizations about USB security risks

Summary

Let's wrap this up faster than a shutdown command executes! 😂

We've learned how to:

Build a professional-grade HID attack device for under ₹500 💰
Make it appear absolutely legitimate as a wireless mouse dongle 🖱️
Program it to execute automated payloads without file-based antivirus detection 🛡️
Understand the technical aspects while keeping costs minimal 📉

Key Takeaways:

Cost-Effective: ₹350 hardware gives you professional capabilities
Undetectable: Appears as legitimate HID device
Autonomous: Executes attacks without user interaction
Reusable: Can be reprogrammed for different payloads
Stealthy: Maintains mouse functionality for disguise

The Digispark ATTiny85 is like the "Aam Aadmi" of penetration testing hardware – affordable, accessible, and shockingly effective! Whether you're a security professional, researcher, or hobbyist, this device proves that sometimes the cheapest solution is the most powerful one.

So go ahead, build your own, test responsibly, and remember – with great power (and cheap hardware) comes great responsibility! 👨‍💻✨

And hey, if this article helped you, you know what to do – smash that like button! (Just kidding, there's no like button, but you get the point 😂)

Quick Fix for Git's "Error Setting Certificate File" Issue

Nitin Kumar — Wed, 09 Apr 2025 10:16:04 +0000

Have you anytime got an error regarding git while uploading files to remote repo via git from your system about setting certificate file?

Use case :-)

I've just experienced this & let me tell you, I've just ran the PUSH command of git:

git push -u origin main

The exact error I've got was:

error: unable to access 'https://github.com/nitinkumar30/BDD-allure-test-project.git/': error setting certificate file: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

The file actually didn't exists & need to put it inside. Also, when I've checked the certificate file - ca-bundle.crt, it was present in another location.

Solution :-)

The specified file ca-bundle.crt should be present & your git should pointing to that certificate while connecting/interacting with the remote repo. But, while pushing code, we're getting file isn't present in the specified directory. It's present in another directory.
So, we can point our git to new directory where that certificate is present. I've tried searching & got it in the directory - C:/Program Files/Git/usr/ssl/certs/ca-bundle.crt instead of C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt .

We can directly do this using following git command of git config :

git config --global http.sslCAInfo C:\Program Files\Git\usr\ssl\certs\ca-bundle.crt

This'll direct it to the certificate file for git.

But but but wait, here's a catch. Now, git is directing that certificate to both the locations right? How to remove the old redirected directory for bundle certificate?

We've a command to delete/unset all old certificate bundle directory.

git config --global --unset-all http.sslCAInfo

And, to check all the locations where this certificate is directing, we can check with following git command:

git config --global --get-all http.sslCAInfo

But one more problem here, when we're running our file again to push, we're getting another error:

error setting certificate file: C:/Program

Why so?

Because of the space between the command 'Program' & 'Files' although it's a folder name, it'll take it as 2 different entities.

Now to resolve it, we'll edit the command like this:

 git config --global http.sslCAInfo C:/Program\ Files/Git/usr/ssl/certs/ca-bundle.crt

; '\' will ignore the space between 'Program' & 'Files'. Hence, will run as expected.

You can now check all the set paths of certificate bundle.

Hope this helped you, in case you've got this error anytime during your git. It's a small yet typical error one gets who might take whole day to debug.

I'm btw, using PyCharm Community to run & connect to my github repo directly.

Implement BDD in python using behave & allure

Nitin Kumar — Tue, 08 Apr 2025 10:59:31 +0000

So, what's BDD, Behave, Allure? Let's first understand this.

Behavior-Driven Development (BDD) is a development approach that enhances collaboration between developers, testers, and non-technical stakeholders by using natural language to define the software’s behavior. It focuses on the what (desired outcomes) instead of the how (implementation). Using Gherkin syntax (Given-When-Then), BDD helps define test scenarios in an easy-to-understand format, making requirements clear for everyone involved.

Behave is a Python BDD framework that allows writing tests in Gherkin syntax. It integrates with tools like Selenium to automate browser interactions. Behave lets you define test scenarios in feature files and link them to Python functions (step definitions). It automatically executes these tests to verify application behavior in real-world scenarios.

Allure is a popular test reporting framework that provides an interactive, user-friendly interface for visualizing test results. It integrates with various testing frameworks (including Behave) and generates detailed reports that help teams understand the health of their applications.

Now, that you understood what each of them means, let's understand how to actually implement BDD in python using behave & allure.

Before going through the code, let's see the project structure for clear understanding:

.\
│
├── config\
│   └── configreader.py     # File created for some methods to call from defined properties files
│
├── features\
│   ├── login.feature     # Sample demo login feature created
│   └── loginAgain.feature  # Actual usable login feature file used
│
├── screenshots\      # Directory used to store screenshots
│   ├── 1.png
│   ├── 2.png
│   └── 3.png
│
├── steps\
│   ├── test_steps.py     # Step def file for the login feature file
│   └── utils.py    # Additional methods created as a utility file
│
├── xpaths\
│   └── loginPage.properties    # Expected xpaths for the login page is described here
│
└──  config.properties    # All the configuration related data is present here

This is the low-end structure of it. Folder structure will depend on how big is your project.

We've different type of files present:

.feature files (gherkin language)
.py files (of course)
.properties files (where main data is being hold)

Following are the recommended (important) libraries to install:

Required Tools:

PyCharm Community as an IDLE (Download from here )

First, we need to create a feature file which is being created typically by Business Analyst. Following is the code for sample feature file (login.feature)

Feature: Login functionality validation using credentials

  Scenario Outline: Successful login with provided credentials
    Given User is on login page
    When User provides valid login credentials as <username> and <password>
    Then User will be displayed with a current page title

    Examples: Valid
      | username | password |
      | nitin    | kumar    |
      | black    | eagle    |

    Examples: Invalid
      | username | password |
      | nitin    | nitin    |

Here; we're taking 3 different credentials for testing, 2 are valid & last one is invalid credentials.

Now, that we've created the feature file, we need to create a step def file as well to implement them. So, we've test_steps.py as step def files should always starts from 'test_' keyword.

First, we need to import all the libraries, methods & necessary data we've created:

import time

from behave import given, when, then
from selenium import webdriver
from selenium.webdriver.common.by import By

from config.configreader import *
from utils import *

Now, we need to implement all the @given, @when & @then from feature files.

@given('User is on login page')
def step_impl(context):
    context.driver = webdriver.Chrome()
    context.driver.get(get_property_value('URL'))
    addScreenshot(context, '1')
    time.sleep(2)

here; 1st & 2nd line is understandable. In 3rd line, we're initializing Chrome driver. In 4th line, we're importing some data 'URL' from properties file & in 5th line, I'm taking screenshot & adding it into our allure report with filename as '1'. Then, I'm taking a 2secs nap.

@when('User provides valid login credentials as {username} and {password}')
def step_impl(context, username, password):
    context.driver.find_element(By.XPATH, get_loginPage_xpath_value('XPATHusername')).send_keys(username)
    context.driver.find_element(By.XPATH, get_loginPage_xpath_value('XPATHpassword')).send_keys(password)
    addScreenshot(context, '2')
    context.driver.find_element(By.XPATH, get_loginPage_xpath_value('XPATHloginBtn')).click()

Here; we're just providing credentials & clicking on login button.

@then('User will be displayed with a current page title')
def step_impl(context):
    time.sleep(2)
    assert context.driver.title == get_property_value(
        'titleHomepage'), 'Wrong title captured or wrong web portal redirected !'
    addScreenshot(context, '3')
    context.driver.quit()

; Here, we're just checking the page's title & validating it with the provided data in config file.

One file which I want to highlight is utils.py file where a method I've created - addScreenshot().

def addScreenshot(context, filename):
    screenshot_path = 'screenshots/' + filename + '.png'
    # Capture the screenshot
    context.driver.save_screenshot(screenshot_path)

    # Attach the screenshot to the Allure report
    with open(screenshot_path, 'rb') as file:
        allure.attach(file.read(), filename, attachment_type=allure.attachment_type.PNG)

; Here, I've captured the screenshot & added into the allure report which is customized with our reporting part.

Now, every file we've created. Other files you can check in my GitHub Repository.

We need to run the project now. To run & see the report, we need a 2-step command to run.

Go to terminal of our IDLE & run following 2 commands.

 behave features/loginAgain.feature -f allure_behave.formatter:AllureFormatter -o loginAgain

; loginAgain.feature is the feature file we're running & loginAgain is the directory where all the reporting files will be generated

and then ...

 allure serve loginAgain

;loginAgain is the same directory we've generated above.

The report will be generated & will be displayed in your browser as html file

Keep Testing | Keep Automating | Keep Learning

Feel free to reach out to me via LinkedIn, Instagram or checkout my Portfolio.

Add SSH key in GitLab account

Nitin Kumar — Wed, 22 Jan 2025 09:24:09 +0000

Today, we'll see how we can add SSH key to our GitLab account so that we can push, pull & perform tasks from our GitLab in local machine.

First, we need to have a GitLab account without any SSH key (preferred).

Now, we need to create SSL certificate. Remember, Gitlab only allows some hashing methods for this. Following is the list:

Now, we need to open Command Prompt in our local machine & enter following command:-

ssh-keygen -t ed25519 -C "YOUR_MAIL_ID"

; since I want to use ed25519 hashing algo, I've used that. For others, use those names.

Then, just press enter for the prompts, for simplicity, it'll ask for the filename & any passphrase we wanna use.
Keys will be generated after you press enter. It'll look like this :-

Now, files will be generated like below :-

You open the file with extension .pub just generated & copy whole file content.

Go to the SSL page in Gitlab & click on Add new Key button

In the SSL content, paste the key copied from file.
Put other details as needed & click on Add Key button.

Your key will be added successfully with other SSH key & fingerprint details.

Now, just to check your gitlab is connected to your local machine, put below command & press Enter :-

 ssh -vT git@gitlab.com

You must see a message 'Welcome to Gitlab, [YOUR_USERNAME]!' in the screen along with some other details.

Feel free to reach out to me via LinkedIn, Instagram or checkout my Portfolio.

HAPPY HACKING !!!

My VAPT Learning Journey

Nitin Kumar — Sun, 15 Dec 2024 20:06:49 +0000

I'm very passionate about Cyber Security, and so I was thinking of starting a series where I'll try to update you about the progress, topics, and related labs each day for better hands-on practice.

The topics will be mostly from Portswigger Website. Also, for some more practical discussion, I'll refer to Kontra.

If you're also a beginner & want to begin your journey in Cyber Security, you can follow my VAPT tutorial with labs series & if you're an expert or in this journey, you can help me out with some suggestions.

Following are the topics that I'll cover during this journey:

Server Side topics

Client Side topics

Advanced topics

Let me know my plan & your ideas, suggestions, or pointers to discuss this. I'm open to collaboration too. I'll try to create more concise but informative blogs on each topic & it's solution.

We can check our leaderboard/dashboard here.

To get started, you need to create an account in Portswigger & my main focus will be on this website only.

Let's Hack !!

Bibliography

Erasing evidence after attacking a host

Nitin Kumar — Fri, 06 Sep 2024 18:21:02 +0000

After attacking any host, the most important part is removing any evidence. If any ethical hacker got evidence about the attacker(i.e. you), then you might be in legal trouble. So, today, we'll look into some common methods to remove evidence from the host machine so that ALMOST every trace can be removed, almost because every criminal does leave some or the other trace that can be traced back. Small things might lead to the attacker.

For eg:- Let's say you're using the Tor Browser for searching something on the dark web. If you've maximized the browser, you might get traced with the window size and other details.

For our convenience, we'll be using Kali Linux & work on it only. In real life, you might be compromising some other machine, but the method and process of clearing the tracks are exactly the same.

How to wipe out all the logs and bash history so that we can get undetected after completing our attack.

Topics covered:

Delete the history of commands executed in terminal
Delete the history file, optional to the 1st one
Delete system logs
Delete auth logs used during login & sudo runs
Empty the file contents for not being suspicious
Delete logs & services used
Delete all files under the temporary directory
BONUS KNOWLEDGE

Open the terminal & execute some commands for it:

 history

In order to not get caught, we need to delete all the history commands run during the attack. So, to perform it, simply type:

history -c

;-c is for clear, after executing it, no history will be present.

We can also delete the history file. In order to search the history file, simply type the below command:

echo $HISTFILE

To remove the history file, just type:

rm .bash_history

(If your history file name is bash_history)

P.S.:- You don't need to perform it if history is cleared.

After clearing history, we need to delete the system log. For that, we need to change the directory to /var/ directory. So, run the command:

cd /var/log

This directory contains all the logs of the tools and the services used in the machine. We now need to delete the logs of the tools and the services used during our attack.

One of the important file we need to delete is auth.log file. This is the auth logs which stores any login attempts done during our attack. Let's say we've used SSH service, it'll log that too. So, we need to delete it.

sudo rm auth.log

Another important file we need to delete is sys.log file. It registers the system information. For that, write the command:

sudo rm sys.log

Let's suppose we don't want to remove/delete a file, because deleting them might be suspicious & might be recovered from recovery tools. So, for that, what we do it make the file empty.

Let's say we've a log file called kern.log which stores the kernel logs, we need to empty this file. First check the contents of the file:

cat kern.log

Then, to empty the file contents, type the command:

sudo truncate -s 0 kern.log

Now, the contents of the file are empty.

Now, we need to remove/delete the logs & services that we used during the attack. So, let's say we've used PostgreSQL, we need to navigate to that directory using cd:

cd PostgreSQL

Let's say we need to delete the file postgresql-16-main.log, we'll give the command:

sudo rm postgresql-16-main.log

Now, we need to delete all the files under the temporary directory so that whatever services or tools we've used/installed can be made undetected. To perform that, type the command:

sudo rm -rf /tmp/*

BONUS KNOWLEDGE

Let's learn how to securely delete any file so that data recovery tools can't even recover them. For that, we need to install another tool - secure-delete

sudo apt install secure-delete

Now, in order to permanently delete any file, let's say file name is file.py, type the command:

sudo shred -vfzu file.py

Also, we need to permanently delete the tools we've used during the attack right? For that, write the below command:

sudo apt remove --purge secure-delete

The last thing we need to do here is restart the machine/system so that it also clears the active memory consumption. For that, type the command:

sudo reboot

And your system will be restarted..!

This was a small thing, yet a big thing that might help you after successfully attacking the host. It's the last yet important step to how to stay safe from unethical hacking.

This knowledge & article is strictly for educational purposes!!

HAPPY HACKING HACKERS !!!

Liked it? Give it a star & save it, so that next time you try something SUSPICIOUS, don't forget to try them out.

Connect with me on LinkedIn or GitHub

Slack chatGPT AI bot

Nitin Kumar — Wed, 10 Jul 2024 20:41:40 +0000

Features

OpenAI chatGPT bot for Slack app mostly used in corporate

This bot is another app to be used as a chatGPT integrated there

.env file for all generated tokens

Working

Tokens used

SLACK_BOT_TOKEN
SLACK_APP_TOKEN
OPENAI_API_KEY

Applications used

How to's

1. generate OpenAI token

Step 1: Navigate to openAI web app

Step 2: Login and click on Create new secret key button

Step 3: Provide a name to the token to be generated & click on Create secret key button

Step 4: Paste the token hence generated

2. Create & configure app in slack

Step 1: Navigate to Slack API web app

Step 2: Click on Create New App button

Step 3: Click from scratch >> provide App name >> Select the workspace from your profile >> Click on Create App

Step 4: Go to OAuth & Permissions from left menu bar >> Add Bot token scopes (chat:write & chat:write.public)

Step 5: Click on Install to workspace >> Click Allow button

Step 6: Copy the Bot User OAuth Token hence generated

Step 7: Go to Basic Information >> App-Level Tokens >> Generate Token and Scopes >> Provide any token name >> Add Scope (connections:write) >> Click on Generate

Step 8: Copy the token hence generated
Step 9: Go to Socket Mode & enable socket mode
Step 10: Go to Interactivity & Shortcuts & enable it(if not already)

Step 11: Go to Event Subscriptions >> enable Enable Events >> Click on **
Subscribe to bot events** >> Add Bot user events (message.im & app_mention) >> Click on Save Changes

Step 12: Now, reinstall the app (As we've done in step 5)

Step 13: Go to App Home >> Enable Allow users to send Slash commands and messages from the messages tab

How to run

First run the python script
Then, navigate to the slack web app and type the prompt
You'll get response in slack web app

Bibliography

Linkedin post

GitHub Repo

Reference YouTube Link

Author

Nitin Kumar

Keep building bots !!

Challenges for a perfect resume

Nitin Kumar — Wed, 20 Mar 2024 09:49:05 +0000

How a perfect resume should look like??

Nothing is perfect, not even your resume.

There isn't any word like perfect resume
Every resume is unique in their own way
You just need to understand what you've written in your resume
Resume is first impression of you in front of the hiring manager.
Make your resume ATS(Applicant Tracking System) friendly, most of the companies are using these systems to take less time to shortlist candidates.
You should be able to let the interviewer understand every single content on your resume.

Some mistakes I've seen till now in many candidates (11 as of now, might add more later):

Contact details should always be mentioned at the beginning.

Anything, related to contacting you should be mentioned in the beginning. For eg- Phone no, you social media links, portfolio, etc.

Not proper dates in their professional journey:

You should always check the dates are properly mentioned for all your experienced journey.

Not prioritizing job role/company name

Always prioritize role/company name/duration. If possible, make them bold to emphasize more strength on them. Other details are less important for even hiring managers.

Not providing information in correct heading

Since, this is academic projects, as header says, you should not be working on that now. It should be ~~Working~~ Worked. Or, you can write header as Projects only, to be relevant to your information.

Not providing duration/marks

Marks doesn't matter once you enter corporate, but for freshers, it's one of the factor to shortlist candidates as it shows how you've tackled your college academics & other activities which'll eventually affect your corporate journey.
Duration is necessary to validate if there's any backlogs/gaps between your academic journey or career gaps as well during your professional journey.

Customizing your social media profiles with a professional username

Customizing your social media with a professional username is sometimes crucial when you're applying for SMM like roles. Moreover, it shows your professional growth & formal ettiquete to understand. No one wants to search for nitin-kumar-8cfg90 or nitin-the-badboy-of-india on LinkedIn. This isn't considered professional profile. Try to customize it as a username which can used for multiple social media, for easy sharing too.

Making resume like your canvas

Hiring managers don't want to see your drawing skills in resume, even if you're asking referral for a painter job. You can write everything pointwise which'll be helpful for ATS as well as humans to understand & shortlist you.

Manage your resume.docx with formal document

Sharing your resume as docx or any other file type might change the formatting of file contents. Also, name your resume as YOURNAME_ROLE_Resume.pdf instead of some other random names. Always share resumes in pdf format.

No need to write complete book about your professional journey

Write pointwise about your professional journey but not more than 5 points, all of those should be small & to-the-point.

Use bold text type precisely

Don't use bold type everywhere, only use it wherever applicable like headers, roles, etc. Resume should look neat & clean so that it can be soothening to eyes to read for hiring manager as well as the interview panels.

Format your contact details

Always format your contact details. They might end up going to new line which may not be taken up by ATS systems. Try to format them in single line only.

Some tips for referrals:

Never just share your resume, share things in body of your mail. Following are the things you can add in your body:

i. Write 50-60 words about you & your professional journey, skills
ii. Share relevant job id's if you have. You can go to the company's careers portal & check it.
iii. Politely ask them to check for any relevant oppurtunities if they might have relevant to your skills. Mention skills in body as well.
iv. Go through some email writing tutorials

Try to write a formal & informative subject line. Following are some examples:

It's always better to check & read every details in your resume whatever you've written as there might be questions arising to mind of HR/hiring people.
Search for people over LinkedIn for the company's opening you're applying for. Referrals increases your chance of shortlisting of your resume.
Connect more with like minded people over internet & keep sharing your knowledge so that in case of doubt over any topic, you can have a healthy discussion over it.

Golden tip:

Always have some format to ask for referrals on Linkedin. That format should be short enough & informative to include all your information including job id/job link.

Steps to follow:

Step 1: Search for employees in company you need job & you already have job id/job link.
Step 2: Click on connect button to connect with person & ask for referral. Some people only have follow button, leave them.
Step 3: Make a short format(I'll provide one which I was using for my job hunting) & use it across.
Step 4: Click on Add a note in below. Make sure to use link shortners so that message can be short enough to fit inside.

Step 5: Put that short message after clicking on Add a note there.
Step 6: Now, submit so that person can see that message whenever he'll accept your request, also prior he can see that a note is being shared.

TEMPLATE_1:

Hi CONCERNED_PERSON,
Seeking a referral for the job of 'JOBO_TITLE' (JOB_id) @ COMPANY_NAME. Resume: YOUR_RESUME_LINK_SHORTENED, Contact: MAIL_ID /PHONE_NUMBER.

TEMPLATE_2:

Hi CONCERNED_PERSON, can you please refer me in JOB_TITLE role with Job ID - JOB_id? My resume - YOUR_RESUME_LINK_SHORTENED . Contact: MAIL_ID /PHONE_NUMBER. Revert me back in case you need anything else. Job link - JOB_LINK.

Keep hustling, job searching is a big process which demands your constant work along with working on your skills and relevant projects. Work on medium/high level projects to get into the eyes of hiring managers. Moreover, showcase them into your connections to get recommendations.

Feel free to reach out to me via LinkedIn, Instagram or checkout my Portfolio.

HAPPY HACKING !!!

Forem: Nitin Kumar

Built with Google Gemini: AI Essay Generator with Gemini

What I Built with Google Gemini

Demo

What I Learned

Google Gemini Feedback

Transition from pip to uv package manager

Python Package Manager

Choosing uv over traditional pip

Working of uv package manager

Bootstrapping & Setup

Dependency Resolution

Lockfile & Reproducibility

Downloading Packages

Installation & Disk Efficiency

Virtual Environment Management

Python Version Management

Performance at Scale

How to setup

Install uv

Create new project

Install dependencies

Guide to publish your first PyPI library 🚀

Why to create a py package? 🤔🐍

📂 Folder structure needed (yes, structure matters)

Content of pyproject.toml ❤️‍🔥

Contents of MANIFEST.in (don’t skip 🙏)

Key rules 🚨

Requirements 📋

Steps to create & upload 🚀

Install build tools 🛠️

Build your package 📦

Upload to testPyPI (optional but smart 🧠)

Upload to real PyPI 🌍

Something more 👀

Common mistakes ❌

Pro tips 💡

Guide to Publishing a Python Project as a VS Code Extension

How I Built and Published My Own VS Code Extension (Yes, You Can Too 😌)

What You’ll Need (a.k.a. Prerequisites)

Let’s Get Our Hands Dirty 🧑‍💻

Environment Setup (The “Please Don’t Skip This” Section)

Step 1: Check Node.js version

Step 2: Check npm version

Step 3: Install required global tools

Step 4: Verify npm global path (optional but helpful)

Scaffold Your VS Code Extension

Step 1: Generate the extension boilerplate

Configure VS Code Commands (Where Your Extension Gets a Brain 🧠)

Step 1: Edit package.json

Step 2: Add activation events

Compile TypeScript (Yes, This Matters)

Step 1: Compile the extension

Common Error (Almost Guaranteed 😅)

Test Your Extension Locally (Before the World Sees It)

Steps to test

If Extension Dev Host Doesn’t Open 😤

Package Your VS Code Extension 📦

Important Rule

Step 1: Compile again (just to be safe)

Step 2: Package the extension

Upload to VS Code Marketplace 🚀

Steps to publish

Editing & Re-uploading Your Extension

Example Extension & Final Thoughts

How to Build India's Cheapest (Yet Most Effective) Penetration Testing Tool 🔥

Introduction

Objective

Hardware Requirements

Main Hardware (The Hero of Our Story):

Optional Accessories (Because We Like to Dress Up Our Toys):

Other Alternatives (For Those Who Want to Spend More 💸):

Software Requirements

Arduino IDE (The Boss Software) 👑:

Digistump Board Package (The Magical Add-on):

How To: The Complete DIY Guide 🛠️

Step 1: Assembling Hardware (Or Not Assembling, Depending on Your Mood)

Step 2: What Will We Do Exactly?

Step 3: The Payload – What Makes This Device Dangerous 😈

Step 4: Instructions to Upload Payload (The Moment of Truth!) ⚡

Content of `pyproject.toml` ❤️‍🔥

Contents of `MANIFEST.in` (don’t skip 🙏)

Step 1: Edit `package.json`