by Proofpoint
by Austin Hudson
Here’s a quick tip to find forgotten database dumps using this small but quick fuzz list: | |
/back.sql | |
/backup.sql | |
/accounts.sql | |
/backups.sql | |
/clients.sql | |
/customers.sql | |
/data.sql | |
/database.sql | |
/database.sqlite |
Redirect dorks | |
/{payload} | |
?next={payload} | |
?url={payload} | |
?target={payload} | |
?rurl={payload} | |
?dest={payload} | |
?destination={payload} | |
?redir={payload} |
Recommended extentions for BurpSuite | |
JSON Beautifier | |
Param Miner | |
HTTP Request Smuggler | |
Backslash Powered Scanner | |
Reflected Parameters | |
Software Vulnerability Scanner | |
Java Deserialization Scanner | |
. Net Beautifier | |
Copy As Python-Request |
Free stuff is always exciting. But, what if it is free and awesome? Free tools and resources you’re gonna love. | |
Let's start! | |
1. UI Garage | |
Daily UI inspiration & patterns for designers, developers to find inspiration, tools and the best resources for your project. | |
Link: https://uigarage.net/ | |
2. Remove bg |
Free stuff is always exciting. But, what if it is free and awesome? Free tools and resources you're gonna love. Part 2. | |
Let's start! | |
1. Caniuse.com | |
"Can I use" provides up-to-date browser support tables for support of front-end web technologies on desktop and mobile web browsers. | |
Link: https://caniuse.com/ | |
2. Javascript.info | |
Modern JavaScript Tutorial: simple, but detailed explanations with examples and tasks, including: closures, document and events, object oriented programming and more. |
❌❌ :RECON CHECKLIST:❌❌ | |
1. Subdomain Enumeration: subfinder-amass-altdns-sublister-assetfinder-findomain | |
2.Resolving Subdomains: HTTPX/HTTPROBE | |
3. Screenshotting: HTTPX/AQUATONE/EYEWITNESS/GOWITNESS | |
4. Port Scan: Nmap/Zenmap/Aquatone/Amass | |
5. Directory Bruteforce: FFUF/Dirsearch/Dirbuster | |
6. Crawling: waybackurls/gau | |
7. Finding endpoints from JS: relative-url-extracter | |
8. Manual Recon: Burp Suite |
#!/bin/bash | |
# Referenced and tweaked from http://stackoverflow.com/questions/6174220/parse-url-in-shell-script#6174447 | |
proto="$(echo $1 | grep :// | sed -e's,^\(.*://\).*,\1,g')" | |
# remove the protocol | |
url="$(echo ${1/$proto/})" | |
# extract the user (if any) | |
userpass="$(echo $url | grep @ | cut -d@ -f1)" | |
pass="$(echo $userpass | grep : | cut -d: -f2)" | |
if [ -n "$pass" ]; then |
#!/usr/bin/env python3 | |
# | |
# inputs: nmap.xml (nmap scan xml output), subdomains.csv (optional virtualhost info, hostname + ip address csv file) | |
# output: url listing (useful for tools like EyeWitness) | |
# | |
# sample usage: ./nmap-http-url.py nmap.xml subdomains.csv | sort -u | gowitness file -f - | |
# | |
description = ''' | |
Generate HTTP URLs from Nmap XML (and optionally additional VirtualHost listing, taken from e.g. subdomain enumeration). |
nmap -p- -v -T4 --open -sV -O --script=banner --script=http-headers --script=hostmap-crtsh --script http-cross-domain-policy --script http-cors --script=asn-query --script http-vhosts --script fingerprint-strings --script http-open-proxy.nse --script http-ls --script=http-git --script=http-php-version --script=http-apache-server-status --script=http-webdav-scan --script=http-aspnet-debug --script="couchdb-databases.nse" --script=mongodb-info --script=hadoop-datanode-info.nse --script=membase-http-info --script=dns-srv-enum --script ftp-anon --script http-bigip-cookie --script http-svn-info -PE -PS80,53,22,21,8000,8080,8443,445,22,80,139,389,443,445,623,636,999,1080,1880,1098,1099,2379,2443,3128,3389-3398,3443,3632,4001,4443,4848,5001,5002,5443,5800,5836,5900-5910,5985,5986,6002,6379,6782-6784,6739,6443,7001,7002,7071,7443,8000-8010,8080,8081,8118,8443,8444,8500,8888,9001,9060,9090,9093,9099,9100,9901,9999,10000,10250,10255,10256,11211,38801,53281 | |
PA80,53,22,21,8000,8080,8443,445,22,80,139,389,443,445,623,636, |
by Proofpoint
by Austin Hudson