This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Keybase proof | |
I hereby claim: | |
* I am ehsahil on github. | |
* I am ehsahil (https://keybase.io/ehsahil) on keybase. | |
* I have a public key ASAX_QruRWe-ErPVC5AN0Mz185L-jxM8rZ1HBmpwFrCiOAo | |
To claim this, I am signing this object: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Tools based on a resolver.rb by @melvinsh | |
#Repository: https://github.com/melvinsh/subresolve | |
#Modified by @ehsahil for Personal Use. | |
require 'socket' | |
require 'colorize' | |
begin | |
domain = ARGV[0] | |
rescue | |
puts "Usage: ruby subdomain.rb domain" | |
exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Tool based on a resolver.rb by @melvinsh | |
#Original Repository: https://github.com/melvinsh/subresolve | |
#Modified by @ehsahil for Personal Use. | |
require 'socket' | |
require 'colorize' | |
begin | |
file = File.open(ARGV[0], "r") | |
rescue | |
puts "Usage: ruby recon.rb wordlist" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Finding subdomains via Nmap. | |
nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub1000.lst | |
nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub10000.lst | |
nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub100000.lst | |
nmap --script dns-brute --script-args dns-brute.domain=domain.com,dns-brute.threads=6,dns-brute.hostlist=./sub1000000.lst |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'socket' | |
require 'colorize' | |
begin | |
file = File.open(ARGV[0], "r") | |
rescue | |
puts "Usage: ruby resolve.rb filename (where filename contains a list of domains)" | |
exit | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Listing AWS bucket content. (Testing for list permission) | |
Sahils-MacBook-Pro:~ sahil$ aws s3 ls s3://bucket | |
2. Writing on AWS Bucket. (Testing for write Permission) | |
Sahils-MacBook-Pro:~ sahil$ aws s3 cp test.txt s3://bucket (Copying test.txt into the bucket with no public file read permission) | |
Sahils-MacBook-Pro:~ sahil$ aws s3 mv test.txt s3://bucket (Moving test.txt into the bucket with no public file read permission) | |
Copy test.txt file into the aws s3 bucket with public file read permission. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Basics Filters: | |
1. City | |
Example City:New Delhi. | |
2. Country | |
Example: Country:INDIA | |
3. Port | |
Example:Ports: 8443, 8080, 8180 etc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
“Hackme.tld” API_key | |
“Hackme.tld” secret_key | |
“Hackme.tld” aws_key | |
“Hackme.tld” Password | |
“Hackme.tld” FTP | |
“Hackme.tld” login | |
“Hackme.tld” github_token | |
“Hackme.tld” http:// & https:// | |
“Hackme.tld” amazonaws | |
“Hackme.tld” digitaloceanspaces |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-Commands | |
443.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names:domain.com | |
“hackme.tld” + internal | |
“hackme.tld” + sandbox | |
“hackme.tld” + Staging |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tips from @jobertabma, co-founder of HackerOne -- https://twitter.com/jobertabma/status/998769037445230592 | |
0x00: I visit the product and marketing pages and read up what the products do. I identify how the product it exposed to the end user. This will give me an idea what the initial attack surface looks like, what data they're protecting, how users interact with each other, and what the learning curve looks like. I sign up for any number of accounts that is required to test the features. This will give me insight into the individual features. I do some light fingerprinting of the frameworks they use.I've even talked to engineers, product managers, and executives before even looking at something. | |
0x01: I prioritize based on features and then weakness type. I generally set a goal for myself to go after particular information, e.g. for an email provider I might ask myself: "I want to get access to someone's emails." Because I know what their features do, I can make an educated guess which features process ema |
OlderNewer