vscode python – No module named ‘src’

I've had some issues with running python code in vscode.

I have a project folder.
The code is in the "src" folder running a file one level below

the error

my terminal always said:

    from src.mymodule import *
ModuleNotFoundError: No module named 'src'

The solution

ctrl + p

Preferences: Open Settings (JSON)


"terminal.integrated.env.linux": {
    "PYTHONPATH": "${workspaceFolder}/src:${env:PYTHONPATH}"
  "terminal.integrated.env.osx": {
    "PYTHONPATH": "${workspaceFolder}/src:${env:PYTHONPATH}"
  "terminal.integrated.env.windows": {
    "PYTHONPATH": "${workspaceFolder}/src;${env:PYTHONPATH}"

One last step:

close the terminal running it
press on run code again

The issue is discussed here:


CyberChef – a web app for encryption, encoding, compression and data analysis

I've just noticed, I did't talk about tools which I use quite often, for several data conversion purposes.



The Cyber Swiss Army Knife
CyberChef is a simple, intuitive web app for carrying out all manner of cyber operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.

The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.

Thats what they say, and thats what it is.

It was developed by gchq (https://www.gchq.gov.uk/), which is the british inteligence agency. They have a few interesting tools made available on their github (https://github.com/gchq)

Useful Operations

  • From/To Hex
  • From/To Base64
  • URL Encode/Decode
  • Regular Expression
  • XOR Brute Force
  • Decode Text
  • CSV to JSON
  • JSON to CSV
  • RC2, RC4, DES, Triple, DES, AES Encrypt/Decrypt
  • Bitwise operations
  • HTTP request
  • JPath Expression
  • Strings
  • Extract Filepaths
  • Extract EXIF
  • Zip/Unzip
  • Tar/Untar
  • All the Hashes
  • Syntax Highlighting
  • Script Beautify
  • Render Image
  • ...



The "Magic" feature:
It automatically tries different things and mostly time gets a result.

AES Decryption

Base64 decode

Regular Expressions

This is something I often use to extract text/data or to put the data into the right format. (" => ', "..", => {data: ".."} )

If it doesn't work, you still can go to https://regex101.com/ to figure out why your Expression is wrong

How to use it

Well.. I don't like giving information away or online, if I don't have to..

I actually downloaded it and use it offline. It works just fine, I didn't see any difference.

from local: file:///S:/Portable/CyberChef_v9.21.0/CyberChef_v9.21.0.html

For several operations you might want to turn Auto Bake off
it calculates automatically on any change you do, which can slow down your process sometimes.

Further Readings

Recipes and Links to resources


  • Recipe 1: Extract base64, raw inflate & beautify
  • Recipe 2: Invoke Obfuscation
  • Recipe 3: From CharCode
  • Recipe 4: Group Policy Preference Password Decryption
  • Recipe 5: Using Loops and Labels
  • Recipe 6: Google ei Timestamps
  • Recipe 7: Multi-stage COM scriptlet to x86 assembly
  • Recipe 8: Extract hexadecimal, convert to hexdump for embedded PE file
  • Recipe 9: Reverse strings, character substitution, from base64
  • Recipe 10: Extract object from Squid proxy cache
  • Recipe 11: Extract GPS Coordinates to Google Maps URLs
  • Recipe 12: Big Number Processing
  • Recipe 13: Parsing DNS PTR records with Registers
  • Recipe 14: Decoding POSHC2 executables
  • Recipe 15: Parsing $MFT $SI Timestamps
  • Recipe 16: Decoding PHP gzinflate and base64 webshells
  • Recipe 17: Extracting shellcode from a Powershell Meterpreter Reverse TCP Script
  • Recipe 18: Recycle Bin Parser with Subsections and Merges
  • Recipe 19: Identify Obfuscated Base64 with Regular Expression Highlighting
  • Recipe 20: Using Yara rules with deobfuscated malicious scripts
  • Recipe 21: Inline deobfuscation of hex encoded VBE script attached to a malicious LNK file
  • Recipe 22: JA3 API search with HTTP Request and Registers
  • Recipe 23: Defeating DOSfuscation embedded in a malicious DOC file with Regular Expression capture groups
  • Recipe 24: Picking a random letter from a six-byte string
  • Recipe 25: Creating a Wifi QR code
  • Recipe 26: Extracting and Decoding a Multistage PHP Webshell
  • Recipe 27: Decoding an Auto Visitor PHP script
  • Recipe 28: De-obfuscation of Cobalt Strike Beacon using Conditional Jumps to obtain shellcode
  • Recipe 29: Log File Timestamp Manipulation with Subsections and Registers
  • Recipe 30: CharCode obfuscated PowerShell Loader for a Cobalt Strike beacon

Here is an interesting Presentation from

Jonathan Glass: How CyberChef is used for CyberSecurity


Markdown editors

I have searched and tested several editors during these days, and I was able to narrow down the selection to my needs. Typora and Mark Text.


Typora is beautiful, easy and just works. currently at Version free, when 1.0 is here, you need to buy a license.

Mark Text is beautiful, easy, has a better support for mermaid and IS FREE.
the only downside for me: on my ubuntu it has a slight lag.

Typora - typora.io | github

Markdown WYSIWYG

MD Code Editor

MarkText - marktext.app | github

Editor view

Source Code View

Write Clean Javascript Code

A awesome resouce on writing clean javascript code

based on Robert C. Martin's book
Clean Code: A Handbook of Agile Software Craftsmanship

"The only valid measurement of code quality is WTFs/minute"


  • Use meaningful and pronounceable variable names
  • Use the same vocabulary for the same type of variable
  • Use searchable names
  • Use explanatory variables
  • Avoid Mental Mapping
  • Don't add unneeded context
  • Use default arguments instead of short circuiting or conditionals


  • Function arguments (2 or fewer ideally)
  • Functions should do one thing
  • Function names should say what they do
  • Functions should only be one level of abstraction
  • Remove duplicate code
  • Set default objects with Object.assign
  • Don't use flags as function parameters
  • Avoid Side Effects
  • Don't write to global functions
  • Favor functional programming over imperative programming
  • Encapsulate conditionals
  • Avoid negative conditionals
  • Avoid conditionals
  • Avoid type-checking
  • Don't over-optimize
  • Remove dead code

Objects and Data Structures

  • Use getters and setters
  • Make objects have private members


  • Prefer ES2015/ES6 classes over ES5 plain functions
  • Use method chaining
  • Prefer composition over inheritance


  • Single Responsibility Principle (SRP)
  • Open/Closed Principle (OCP)
  • Liskov Substitution Principle (LSP)
  • Interface Segregation Principle (ISP)
  • Dependency Inversion Principle (DIP)


  • Single concept per test


  • Use Promises, not callbacks
  • Async/Await are even cleaner than Promises

Error Handling

  • Don't ignore caught errors
  • Don't ignore rejected promises


  • Use consistent capitalization
  • Function callers and callees should be close


  • Only comment things that have business logic complexity.
  • Don't leave commented out code in your codebase
  • Don't have journal comments
  • Avoid positional markers

Microservices, APIs, SOA

I found a great article on "Microservices, SOA, and APIs: Friends or enemies?"
check it out.. really easy to understand the differences


A little bit about Microservices:

It's often said.. complex code is spaghetti code (with meatballs = OOP), well structured layered code is lasagne code.. and microservices ravioli code.

On bigger applications.. a well thought out monolithic modular app might not be enough or at least not performant enough.

Big companies like Netflix talk about it.

The millions of users require:

  • fast startup times,
  • easy and reactive ui,
  • working movies (main functionality),
  • no downtimes and
  • always new features/updates.

The solution to this of course is a microservice application

Thoughts before creating microservice instead of monolithic applications:

  • Do you need to scale? How much concurrent users do you have?
  • Does your application or several parts really need to have a high-availability?
  • Do you develop in separate teams or is everyone on one team?


  • Scalability:
  • Microservices can be monitored really well, giving you metrics to find services with high hardware requirements or faulting services
  • run multiple instances for particular services, making reaction times really fast by also giving you a high availability (in case they crash)
  • You can run/scale on multiple Servers / PaaS Instances (Pivotal, AWS, ...) with different spec requirements depending on what your microservices needs
  • Improved Isolation:
  • every Microservice should be one logical part and thus can be updated or refactored or exchanged separate without affecting the others
  • By doing only one particular job (bounded context).. your microservices become easier to read, test and optimize
  • You can use multiple programming languages in one project. eg. node.js, ruby, c#, python, c, R.. in the end you talk via API
  • Background Services:
  • You can run background jobs, which wait for events to start working. they can do things without your interaction.


  • Distributed System Complexity (Logging, Monitoring, Network, Msg Queues, Multiple Instances, )
  • with more Services, more parts can fail
  • Architecture causes network-load and can be slowed down by network-latency
  • May have double code for same helper functionalities

Programming Services it is highly recommended to apply the principles of

12 Factor Apps


  • Code is Version controlled with many deploys [Codebase]
  • Dependencies are declared and isolated in a manifest [Dependencies]
  • Configurations are stored in ENVironment variables, not config files [Config]
  • Service are attached Resources, which can be consumed over Network (local or 3rd Party) and can be detached at will [Backing Service]
  • Build and Run stages are seperated. Providing a faster, tested and better Release Management. [Build, release, run]
  • Services are Stateless. They share nothing. They only use persistent data from backing stores. Thus they can easily be scaled. [Process]
  • To fit the concurrency needs, services are exported via Port Binding. [Concurrency]
  • Processes should be designed to be disposable without hassle [Disposable]
  • You should have a similar Developement and Production environment, designed for continuous integration. [Dev/Prod parity]
  • Logs should be treated as Event Streams. The App should never be concerned of storing logs. [Logs]
  • Management Tasks running as Processes: no local terminal, no direct db access. [Admin processes]

online courses, moocs and video lecture portals

I often use e-learning portals to learn new stuff.
You don't need them exactly, nowadays you could learn everything on youtube, medium, github or free e-books.

However, the good about courses/e-learning portals is, the authors do create more courses, get feedback and get better at teaching stuff. You often get a certificate, which can be motivating seeing your progress.

There are also courses made by universities or colleges. Here you can often buy a qualified certification.
These are usually different: high quality, academic correctness where the information comes from. Since I am used to it.. I love this as well. But they often expect previous knowledge to understand the topics.

And there are learning portal joint-ventures from big companies like microsoft, ibm, ...

I found there is a pile full of learning portals out there.
I wanted to give you a list of some for IT and computer science related topics I use.

Search Portals

But first.. there's a company which created a search portal to find online courses:

There is also a search portal for certificates:

Academic Education Sites

HPI (Hasso Plattner Institut): http://open.hpi.de/

High quality business, software, new it technology and it law related (german) courses.

A good thing is.. you can enter the courses even afterwards.. if you don't mind learning for the knowledge not for the certificate. Or qualified certificates which can be credited as ECTS if you are a student.

These are the courses I absolved here:

About Semantic Web Technologies

  • Information Service Engineering (semanticweb2017)
  • Linked Data Engineering (semanticweb2016)


  • Blockchain: Hype oder Innovation? (blockchain2018)
  • IT-Recht für Software-Entwickler

edX: https://www.edx.org/

Lots of high quality university courses from MIT, Harvard University, University of California Berkley, RWTH Aachen, Technische Universität München, Hongkong University of Science and Technologie, Kyoto University, Peking University...

on different topics

Architecture, Art & Culture, Biology & Life Sciences, Business & Management, Chemistry, Communication, Computer Science, Data Analysis & Statistics, Design, Economics & Finance, Education & Teacher Training, Electronics, Energy & Earth Sciences, Engineering, Environmental Studies, Ethics, Food & Nutrition, Health & Safety, History, Humanities, Language, Law, Literature, Math, Medicine, Music, Philanthropy, Philosophy & Ethics, Physics, Science, Social Sciences

You can get paid qualified certificates which can be credited as ECTS or just view the courses and maybe upgrade to a verified certificate later. You can also get a Micromasters Degree for certain topics.

Education Sites

Pluralsight - https://www.pluralsight.com/

High quality Software development, IT Ops, Professional Business, Data Professional, IT-Security, Design, Photography courses. Some courses have a clearly knowledge prequirements.

Price is a monthly or annually fee
35 $ / Month or 299 $ annually
or the premium version with certification practice exams for 449 $ annuall

There are some weekly free courses... I recommend you to check it out!

Udemy - https://www.udemy.com/

Medium to high quality.. for lots of different interesting topics. Often very good and easy explanation. Lots of trainers.. so every course might be different.
Prices for courses are ~10-12 EUR.. 100 EUR

Coursera - https://www.coursera.org/

High quality university like MIT, Princeton, UCS or Google courses
You can take courses, get specializations, professional certificates, master track certificates or even degrees. You often need to know pre-requirements
Price range is from free to 30k (masters degree), depending on what program you choose

Udacity - https://eu.udacity.com

high quality courses on computer science, programming, autonomous systems, business and career from the big companies like google, nvidia, kaggle, amazon, ibm, unity
Price is 500-999 $ for a topic related nanodegree

React.js Tutorials

Right now I'm absorbing React.js tutorials/best practice for a new project I'm about to do. I'm going to write here soon about it.

Here are some great React Tutorials I found:

The videos is really good to follow and its practical.
They are usually between 5-15 min

In general I can recommend every YouTube tutorial by

The Net Ninja

Here are more of those


useful python ressource: python101

Everything is on the web. I would even say there is quantity over quality.
That's why finding good ressources saves often lot's of time.

Here is a good site about python3:


It's a ebook to support the writer but you can also read online.
It encounters a lot of python things you should know.

Here's the TOC:

Part I - Learning the Basics
Chapter 1 - IDLE Programming
Chapter 2 - All About Strings
Chapter 3 - Lists, Tuples and Dictionaries
Chapter 4 - Conditional Statements
Chapter 5 - Loops
Chapter 6 - Python Comprehensions
Chapter 7 - Exception Handling
Chapter 8 - Working with Files
Chapter 9 - Importing
Chapter 10 - Functions
Chapter 11 - Classes

Part II - Learning from the Library
Chapter 12 - Introspection
Chapter 13 - The csv Module
Chapter 14 - configparser
Chapter 15 - Logging
Chapter 16 - The os Module
Chapter 17 - The email / smtplib Module
Chapter 18 - The sqlite Module
Chapter 19 - The subprocess Module
Chapter 20 - The sys Module
Chapter 21 - The threading module
Chapter 22 - Working with Dates and Time
Chapter 23 - The xml module

Part III - Intermediate Odds and Ends
Chapter 24 - The Python Debugger
Chapter 25 - Decorators
Chapter 26 - The lambda
Chapter 27 - Code Profiling
Chapter 28 - An Intro to Testing

Part IV - Tips, Tricks and Tutorials
Chapter 29 - Installing Packages
Chapter 30 - ConfigObj
Chapter 31 - Parsing XML with lxml
Chapter 32 - Python Code Analysis
Chapter 33 - The requests package
Chapter 34 - SQLAlchemy
Chapter 35 - virtualenv

Part V - Packaging and Distribution
Chapter 36 - Creating Modules and Packages
Chapter 37 - How to Add Your Code to PyPI
Chapter 38 - The Python egg
Chapter 39 - Python wheels
Chapter 40 - py2exe
Chapter 41 - bbfreeze
Chapter 42 - cx_Freeze
Chapter 43 - PyInstaller
Chapter 44 - Creating an Installer