#Protocol
| Hacking - #Protocol
Payload:
https://github.com/swisskyrepo/PayloadsAllTheThings/ https://github.com/danielmiessler/SecLists/OWASP Cheatsheet:
https://github.com/OWASP/CheatSheetSerieshttps://github.com/qazbnm456/awesome-web-securityWriteup:
https://bu.gbounty.cc/index.php/2019/09/26/doan-xem/Standard:
http://www.pentest-standard.org/index.php/Main_Page-------------------------------------------------
Checklist:
https://wiki.owasp.org/index.php/Testing_Checklist https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab Quick
https://github.com/jhaddix/tbhm/blob/master/11_Auxiliary_Info.mdMethodology:
http://www.0daysecurity.com/pentest.html https://github.com/jhaddix/tbhm https://book.hacktricks.xyz/pentesting-methodology https://portswigger.net/kb/issues https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Methodology%20and%20Resources http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html --------------------
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_MethodologiesCVE Harvesting
Version: Production, Beta, Mobile, Dev, Old, Unknown/Proprietary
===[Pentest]===
Reconnaissance
ExploitDB
OSINT
Light Testing:
Misconfiguration
Email
<s>000’”)};–//
Subdomain Takeover
Information Leakage | User Enumeration
IDOR
Bruteforce: Login, OTP
Open Redirect
Path Traversal
Cache Poisoning
False2True
False Delete
Null Byte Injection
Unprotected Database
Heavy Testing:
Header
Session
HTTP Parameter Pollution
CRLF: Log, Response Splitting, Header Injection
HTTP Desync | Request Smuggling
XSS | HTML Injection
SQLi
CSRF | SSRF
Template Injection
Directory Traversal | File Inclusion: LFI/RFI
Log Injection > Execution
Deserialization
XXE
RCE
Command Injection
Fuzzing
Buffer Overflow
API
Upload
WAF
Poisoning
DNS
Cross-Origin
-------------
SVG
Emoji
Optional:
Race Conditions
Memory
OAuth
Extension
SEH
Use after free
Active Directory
Misc:
[Hacking - IoT]
[Hacking - Mobile]
===[Report|Web Application]===
[Organization]: Known Vulnerability
--------Recon--------
IP
History
Domain: In Scope, Out of Scope
Domain1: rDNS, Whois
Domain2: ...
Technology
Site1: Server, Firewall, Developer
Site2: ...
Directory
Entry Points: GET|POST, Cookies, Header
API
Admin
Site1: robots.txt, Admin UI, Entry Detail, Directory, Parameter
Site2: ...
Repository
File
Issue
Documentation
Support
Default
Version: Old/Deprecated | Beta/Staging | Unknown/Proprietary
Leakage:
Site1:
Site2:
--------Test--------
Suspicious:
Vulnerability1
Site1: Version, Known CVE, Writeup
Site2: ...
Vulnerability2
...
-------------------------------------------------------------------------------
# URL Method Description Vulnerability Note
1
http://localhost Cookie PHPSESSID=3l9hrft7npk
2
http://localhost UserAgent Mozilla/5.0
3
http://localhost/login GET Login page
4
http://localhost?id=1 GET Entry point id=1
5
http://localhost/login POST Entry point Username=abc
===[Bounty]===
Summary:
Severity:
Description:
Environment:
Reproduction steps:
Impact:
-----------------------------------
Description:
Vulnerable Endpoint:
Impact:
CVSS:
Proof of concept:
===[PDF]===
Protocol:
#Protocol
#Recon
Domain
Default
Repository
Infomation Leakage
SE
Filter
Dork
#Tools
Penetration Testing:
=================================================
Web Hacking 101
https://b-ok.cc/book/3653856/ab66e3The Web Application Hacker's Handbook
http://index-of.es/EBooks/11_TheWeb%20Application%20Hackers%20Handbook.pdf---------------------------------
PENTESTING-BIBLE
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Index
#Reconnaissance
| Hacking - #Recon
List:
Online
http://archive.ph/bNfwKIntercept: BurpSuite[HTML, JS, Cookies, Header]
Extension: Wappalyzer|Builtwith|Whatruns, uMatrix, webdev7, Shodan, postMessage-tracker
Packet: Wireshark
----------------------------
System: Process Hacker|Explorer, PChunter
Window: Window Spy, Window Detective
===[Workflow]===
Discovery:
Subdomain
Archive
OSINT
Default Assets
Other Version: Production, Beta, Mobile, Dev, Old, Unknown/Proprietary
IP
https://medium.com/bugbountywriteup/accessing-the-website-directly-through-its-ip-address-a-case-of-a-poorly-hidden-sql-injection-82833defbbc3Identify Technology:
Extension
Tools
Mapping:
Burpsuite BurpSmartBuster
Tools
Misc:
Documentation
API
Repository
Cloud
===[Lightning Recon]===
Domain:
subfinder -d target.com
http://archive.today/*.google.com https://chaos.projectdiscovery.io/#/ https://dnsdumpster.com/ https://subdomainfinder.c99.nl/ https://subbuster.cyberxplore.com https://securitytrails.com/list/apex_domain/google.com https://crt.sh/?q=%25.shopify.com https://www.abuseipdb.com/whois/66.249.83.87 https://google.com.ipaddress.com/Port:
https://hackertarget.com/nmap-online-port-scanner/ http://www.t1shopper.com/tools/port-scan/Virtual host:
https://pentest-tools.com/information-gathering/find-virtual-hosts https://hackertarget.com/server-info/Technology:
Wappalyzer | Builtwith | Whatruns
w3tech
https://w3techs.com/search What CMS?
https://whatcms.org/Misc:
https://www.shodan.io/ robots.txt + sitemap.xml + .git + Archive
Wayback
https://github.com/tomnomnom/waybackurls Social:
https://www.wikidata.org/w/index.php?search=pay.google.com&title=Special:Search&profile=advanced&fulltext=1&advancedSearch-current=%7B%7D&ns0=1&ns120=1 https://news.ycombinator.com/from?site=corp.google.com https://www.reddit.com/search/?q=site%3Acorp.google.com https://archive.4plebs.org/pol/search/text/%22corp.google%22/ https://archive.rebeccablacktech.com/g/search/text/%22corp.google%22/ https://twitter.com/search?q=corp.google&src=typed_query https://github.com/search https://www.google.com/search?q=site%3Apastebin.com+corp.google https://boardreader.com/ inurl:forum|viewthread|showthread|viewtopic|showtopic|"index.php?topic" | intext:"reading this topic"|"next thread"|"next topic"|"send private message"
===[Heavy Recon]===
[Search/Security] + [|SE]
http://archive.ph/*.google.com https://web.archive.org/web/*/google.com/* -------------
https://www.shodan.io/ https://censys.io/ https://searchdns.netcraft.com/?restriction=site+ends+with&host=.google.com&lookup=wait..&position=limited[Security/Hacking]
https://check-host.net/ https://urlscan.io/ https://sitereport.netcraft.com/?url= ------------
https://subdomainfinder.c99.nl/ https://subbuster.cyberxplore.com https://securitytrails.com/list/apex_domain/google.com https://crt.sh/?q=%25.shopify.com http://archive.ph/*.google.com https://dnsdumpster.com/ https://searchdns.netcraft.com/?restriction=site+ends+with&host=.google.com&lookup=wait..&position=limited https://sitereport.netcraft.com/?url= https://bgp.he.net/ https://www.virustotal.com/gui/[Domain]
dig, host, whois
subfinder -d target.com
Sublist3r, Knockpy, MassDNS
python knock.py example.com -w list.txt
./sublist3r.py -d example.com
Wayback
https://github.com/tomnomnom/waybackurls https://chaos.projectdiscovery.io/#/ https://viewdns.info ReverseWhois
https://viewdns.info/reversewhois https://google.com.ipaddress.com/ https://www.abuseipdb.com/whois/66.249.83.87 Social:
https://www.wikidata.org/w/index.php?search=pay.google.com&title=Special:Search&profile=advanced&fulltext=1&advancedSearch-current=%7B%7D&ns0=1&ns120=1 https://news.ycombinator.com/from?site=corp.google.com https://www.reddit.com/search/?q=site%3Acorp.google.com https://archive.4plebs.org/pol/search/text/%22corp.google%22/ https://archive.rebeccablacktech.com/g/search/text/%22corp.google%22/ https://twitter.com/search?q=corp.google&src=typed_query https://github.com/search https://www.google.com/search?q=site%3Apastebin.com+corp.google https://boardreader.com/ inurl:forum|viewthread|showthread|viewtopic|showtopic|"index.php?topic" | intext:"reading this topic"|"next thread"|"next topic"|"send private message"
-------------
Seclists
https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS Assetfinder
https://github.com/tomnomnom/assetfinder Altdns
https://github.com/infosec-au/altdns altdns -i subdomains.txt -o data_output -w words.txt -r -s results_output.txt
Commonspeak
https://pentester.io/commonspeak-bigquery-wordlists/ Domain Profiler
https://github.com/jpf/domain-profiler ./profile target.com
LinkFinder
https://github.com/GerbenJavado/LinkFinder ./linkfinder.py -i
https://target.com -o cli
------------------------------
https://www.zoomeye.org/searchResult?q=corp.google.com https://www.robtex.com/ https://app.binaryedge.io/services/query https://sslmate.com/certspotter/api/ https://censys.io/domain?q= https://community.riskiq.com/research https://recon.dev/dashboardIP Range:
http://whois.domaintools.com/ https://bgp.he.net/Screenshot:
Heavy: ./EyeWitness -f live.txt -d out --headless
Light: meg -d 10 -c 200 / live.txt
rDNS
https://www.yougetsignal.com/tools/web-sites-on-web-server/ http://reverseip.domaintools.com/search/ https://www.bing.com/search?q=ip%3A208.109.192.70 https://api.hackertarget.com/reverseiplookup/?q=208.109.192.70OSINT
Photon
https://github.com/s0md3v/Photon python3 photon.py -u target.com --keys --dns
Recon-NG
https://github.com/lanmaster53/recon-ng theHarvester
https://github.com/laramies/theHarvester---------------------------------------
Nmap | MASSCAN
Port knocking
https://nmap.org/book/nmap-defenses-trickery.html nmap -A -T4 -p- x.x.x.x xxx.xxx.xxx.xxx-yyy
nmap -sSV -T4 -O -p0-65535 apollo.sco.com
nmap -sC -sV -T4 -A target
Seclists
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Infrastructure Common Protocol
https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/curl-protocols.txtPort:
https://hackertarget.com/nmap-online-port-scanner/ http://www.t1shopper.com/tools/port-scan/Identify Technology:
Technology:
Wappalyzer | Builtwith | Whatruns
Builtwith
https://builtwith.com/ w3tech
https://w3techs.com/search What CMS?
https://whatcms.org/ WhatWeb
https://github.com/urbanadventurer/WhatWeb whatweb target.com
https://libraries.io Server Fingerprint:
nc 202.41.76.251 80
GET / HTTP/1.1
Firewall:
Wafw00f
https://github.com/EnableSecurity/wafw00f Version: Production, Beta, Mobile, Dev, Old, Unknown/Proprietary
Virtual host:
https://pentest-tools.com/information-gathering/find-virtual-hosts https://hackertarget.com/server-info/ VHostScan
https://github.com/codingo/VHostScan virtual-host-discovery
https://github.com/jobertabma/virtual-host-discovery |Favicon
Mapping:
Active|Passive Spider:
Burp Suite
Scrapy
Directory:
dirsearch
https://github.com/maurosoria/dirsearch ./dirsearch.py --url <target> -w <wordlist> -e <extension>
Dirb | DirBuster | Gobuster
Meg
https://github.com/tomnomnom/meg Arjun
https://github.com/s0md3v/Arjun python3 arjun.py -u
https:// Seclists
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content Quick Hit
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/quickhits.txt CMS URL
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content/URLs CMS
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content/CMS Frontpage
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/frontpage.txt robot
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/RobotsDisallowed-Top100.txt Directory
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content/SVNDigger raft
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-small-directories.txt API
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content/api Language:
PHP
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/Common-PHP-Filenames.txt https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/PHP.fuzz.txt Server:
Apache
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/apache.txt Nginx
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/nginx.txt Oracle
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/oracle.txt Tomcat
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/tomcat.txt Spring-boot
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/spring-boot.txt Weblogic
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/weblogic.txt Jboss
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/jboss.txt Admin Finder + robots.txt
http://aixoa.blogspot.com/2016/01/admin-page-wordlist.htmlLocate Entry points:
Query: POST|GET
Cookie
Login|Forget password mechanism
Header: User-Agent, Referer, Accept, Accept-Language, Host headers
Hidden form input
URL
Parameter name
------------------------
Profile page | Application settings
Shopping cart
File Manager
Message board
Blog
Log
Email
Network name, SSID
Default Assets:
Install script | Sample applications
Hardcoded String|URL
Control Panel
Password
Dork
Metafile
---------------------------------------
Misc:
Documentation
[API]
[Information Leakage]
S3recon
https://github.com/clarketm/s3recon s3recon "list.txt" -o "results.json" --public
google
apple
microsoft
amazon
uber
lyft
[Repository]
Gitrob
https://github.com/michenriksen/gitrob [|Default]
[Mobile]
[IoT]
[Cloud]
=================================================
LazyRecon
https://github.com/nahamsec/lazyreconReconnoitre
https://github.com/codingo/Reconnoitre-------------------------
theHarvester
https://github.com/laramies/theHarvesterOWASP Amass
https://github.com/OWASP/AmassRecon-ng
https://github.com/lanmaster53/recon-ngStriker
https://github.com/s0md3v/Striker-------------------------
Gitrob
https://github.com/michenriksen/gitrob Index