Recon Phase [ ] Identify web server, technologies and database [ ] Subsidiary and Acquisition Enumeration [ ] Reverse Lookup [ ] ASN & IP Space Enumeration and Service Enumeration [ ] Google Dorking [ ] Github Recon [ ] Directory Enumeration [ ] IP Range Enumeration [ ] JS Files Analysis [ ] Subdomain Enumeration and Bruteforcing [ ] […]
Features Listen on various ports for Log4Shell exploitation. Detect exploitation in request line and headers. Log to file and Azure blob storage. Usage Install Poetry: curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python3 – Fetch this GitHub repository git clone https://github.com/thomaspatzke/Log4Pot.git Change directory into the local copy with cd Log4Pot Install pycurl dependencies (Debian / Ubuntu): apt install libcurl4-openssl-dev libssl-dev python3-dev build-essential Install […]
Burp suite has always been used to burst a variety of forms used to submit the login authentication, today i am going guide you how to use Use the Burp Suite to brute force HTTP Basic authentication. HTTP Basic authentication HTTP Basic authentication is a simple request and response mechanism through which the server can request authentication information (user ID […]
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply. Features Fast And Simple SYN/CONNECT probe based scanning. Optimized for ease of […]
Small scope Medium scope Large scope Network Preparation Registration Authentication Session Profile/Account details Forgot/reset password Input handling Error handling Application Logic Other checksInfrastructure CAPTCHA Security Headers
With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat actors to pollute the parameters in the URL and the request body. This could lead to behavior changes in the app, such as cross-site scripting, privilege changes or granting unwanted access. HPP remains a risk […]
Content: The best way to search this list is by: Simply pressing command + F to search for a keyword Go through our Content Menu. Scanners Passive and Active scan plugins. Active Scan++ – ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Burp Vulners Scanner – Vulnerability scanner based on vulners.com search API. Additional Scanner checks – Collection of […]
Tools, Tutorials and References for AWS penetration testing: Defensive (Hardening, Security Assessment, Inventory) ScoutSuite: https://github.com/nccgroup/ScoutSuite – Multi-Cloud Security auditing tool for AWS, Google Cloud and Azure environments (Python) Prowler: https://github.com/toniblyx/prowler – CIS benchmarks and additional checks for security best practices in AWS (Shell Script) CloudSploit: https://github.com/cloudsploit/scans – AWS security scanning checks (NodeJS) CloudMapper: https://github.com/duo-labs/cloudmapper – helps you analyze your AWS […]
The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance with a target’s account lockout policy the ability to increase the IP pool that authentication attempts originate from for operational security purposes the ability to quickly extend […]
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle (MITM) HTTP/1.1 proxy with logs Project based database storage (SQLite) Scope support Headless management API using GraphQL Embedded web interface (Next.js) […]
ratched is a Man-in-the-Middle (MitM) proxy that specifically intercepts TLS connections. It is intended to be used in conjunction with the Linux iptabes REDIRECT target; all connections that should be intercepted can be redirected to the local ratched port. Through the SO_ORIGINAL_DST sockopt, ratched can determine the intended destination (before iptables packet mangling) and tries to establish a connection to […]
CRLF refers to the special character elements “Carriage Return” and “Line Feed.” These elements are embedded in HTTP headers and other software code to signify an End of Line (EOL) marker. Many internet protocols, including MIME (e-mail), NNTP (newsgroups) and, more importantly, HTTP, use CRLF sequences to split text streams into discrete elements. Web application developers split HTTP and other […]
A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. To effectively mitigate buffer overflow vulnerabilities, it is important to understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit these vulnerabilities. Key Concepts of Buffer Overflow […]
What is SQL Injection? How will SQL Injection impact my business? How do I prevent SQL Injection? What is SQL Injection? SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database – letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things – by tricking the application into […]
Cross-site Scripting (XSS) is a client-side code injection attack in which an attacker can execute malicious scripts to victim site or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. XSS flaws can be difficult to identify and remove from a web application. XSS attacks categorized into three types […]
Nmap has a multitude of options, when you first start playing with this excellent tool, it can be a bit daunting. In this cheat sheet, you will find a series of practical example commands for running Nmap and getting the most of this powerful tool. Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan […]
Latest in Cyber Security