Threat Intelligence Tools – URLScan.io

by
This entry is part 6 of 18 in the series Incident Response and Forensics

Views: 54Urlscan.io is a free service developed to assist in scanning and analysing websites. It is used to automate the process of browsing and crawling through websites to record activities and interactions. When a URL is submitted, the information recorded includes the domains and IP addresses contacted, resources requested from the domains, a snapshot of the … Read more

Threat Intelligence

by
This entry is part 16 of 18 in the series Incident Response and Forensics

Views: 9Threat Intelligence Foundation: Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns on how to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments. To mitigate against risks, we can start by trying to answer a few simple questions: … Read more

PenTest 101 – Cheat Sheet

by

Views: 39 Command Description sudo nano /etc/hosts Opens the /etc/hosts with nano to start adding hostnames sudo nmap -p 80,443,8000,8080,8180,8888,10000 –open -oA web_discovery -iL scope_list Runs an nmap scan using common web application ports based on a scope list (scope_list) and outputs to a file (web_discovery) in all formats (-oA) eyewitness –web -x web_discovery.xml -d <nameofdirectorytobecreated> Runs eyewitness using a … Read more

Gobuster Cheat Sheet

by

Views: 69Common Gobuster Commands dir Mode With content length dns Mode With Show IP Base domain validation warning when the base domain fails to resolve Wildcard DNS is also detected properly: vhost Mode s3 Mode Available Modes Switch Description dir Directory brute-forcing mode dns DNS subdomain brute-forcing mode vhost Virtual host brute-forcing mode (not the … Read more

Complete Guide on ffuf

by
This entry is part 5 of 7 in the series Red Team Engagements

Views: 88In web application penetration testing, entry points are areas of an application where a user can input data or interact with the system, which an attacker could potentially exploit. Identifying these points is crucial because they represent potential paths for unauthorized access, data manipulation, or other malicious actions. Common entry points include form fields, … Read more

Fuff – Cheat Sheet

by

Views: 53Ffuf commands Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/ Sub-domain Fuzzing ffuf -w wordlist.txt:FUZZ -u http://nlabs.local:PORT/ … Read more