mirror of
https://github.com/xalgord/My-Methodologies.git
synced 2024-11-21 19:23:08 +00:00
GITBOOK-103: vhost fuzzing using ffuf
This commit is contained in:
parent
9f91e76bff
commit
f8570d4673
2 changed files with 13 additions and 7 deletions
|
@ -2,7 +2,7 @@
|
||||||
description: 'description: For Personal Reference'
|
description: 'description: For Personal Reference'
|
||||||
---
|
---
|
||||||
|
|
||||||
# 🧑🏫 My Methodologies
|
# 🧑🏫 My Methodologies
|
||||||
|
|
||||||
#### Gathering Breached Credentials
|
#### Gathering Breached Credentials
|
||||||
|
|
||||||
|
@ -401,6 +401,12 @@ intitle:"Citrix Gateway" -site:[citrix.com](http://citrix.com/)
|
||||||
cat domains.txt | while read url; do dom=$(assetfinder --subs-only $url|tee $url.txt;crobat -s $url|tee -a $url.txt|subfinder -d $url -silent|tee -a $url.txt |cat $url.txt|httprobe|sort -u > final-$url.txt);echo -e "\e[1;33m[-]Working with $url""\e[1;32m\n -> done File saved. Please check :)""\n";done
|
cat domains.txt | while read url; do dom=$(assetfinder --subs-only $url|tee $url.txt;crobat -s $url|tee -a $url.txt|subfinder -d $url -silent|tee -a $url.txt |cat $url.txt|httprobe|sort -u > final-$url.txt);echo -e "\e[1;33m[-]Working with $url""\e[1;32m\n -> done File saved. Please check :)""\n";done
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### VHOST Fuzzing using FFUF
|
||||||
|
|
||||||
|
```
|
||||||
|
ffuf -w ~/wordlists/subdomains.txt -H "Host: FUZZ.ffuf.me" -u http://ffuf.me
|
||||||
|
```
|
||||||
|
|
||||||
#### Check all methods on domainlist for Information Disclosure
|
#### Check all methods on domainlist for Information Disclosure
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
12
SUMMARY.md
12
SUMMARY.md
|
@ -1,14 +1,14 @@
|
||||||
# Table of contents
|
# Table of contents
|
||||||
|
|
||||||
* [🧑🏫 My Methodologies](README.md)
|
* [🧑🏫 My Methodologies](README.md)
|
||||||
* [🕶 Google Dorks](google-dorks.md)
|
* [🕶️ Google Dorks](google-dorks.md)
|
||||||
* [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
|
* [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
|
||||||
* [📜 Scripts written by me for XSS](scripts-written-by-me-for-xss.md)
|
* [📜 Scripts written by me for XSS](scripts-written-by-me-for-xss.md)
|
||||||
* [🔼 Subdomain Takeover](subdomain-takeover.md)
|
* [🔼 Subdomain Takeover](subdomain-takeover.md)
|
||||||
* [✍ Tips and Write-ups](tips-and-write-ups.md)
|
* [✍️ Tips and Write-ups](tips-and-write-ups.md)
|
||||||
* [🔧 Tools and their Uses](tools-and-their-uses.md)
|
* [🔧 Tools and their Uses](tools-and-their-uses.md)
|
||||||
* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
|
* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
|
||||||
* [🕵 Recon strategies by other Hackers](recon-strategies-by-other-hackers/README.md)
|
* [🕵️ Recon strategies by other Hackers](recon-strategies-by-other-hackers/README.md)
|
||||||
* [🔎 Blind SQL Injection Detection and Exploitation (Cheat Sheet)](recon-strategies-by-other-hackers/blind-sql-injection-detection-and-exploitation-cheat-sheet.md)
|
* [🔎 Blind SQL Injection Detection and Exploitation (Cheat Sheet)](recon-strategies-by-other-hackers/blind-sql-injection-detection-and-exploitation-cheat-sheet.md)
|
||||||
* [🔎 How i got more than 100 vulnerabilities in just one site? (zseano-challenge)](recon-strategies-by-other-hackers/how-i-got-more-than-100-vulnerabilities-in-just-one-site-zseano-challenge.md)
|
* [🔎 How i got more than 100 vulnerabilities in just one site? (zseano-challenge)](recon-strategies-by-other-hackers/how-i-got-more-than-100-vulnerabilities-in-just-one-site-zseano-challenge.md)
|
||||||
* [🔎 JS is l0ve ❤️.](recon-strategies-by-other-hackers/js-is-l0ve-..md)
|
* [🔎 JS is l0ve ❤️.](recon-strategies-by-other-hackers/js-is-l0ve-..md)
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
* [🔎 How to Get Unique Subdomains on Large scope](recon-strategies-by-other-hackers/how-to-get-unique-subdomains-on-large-scope.md)
|
* [🔎 How to Get Unique Subdomains on Large scope](recon-strategies-by-other-hackers/how-to-get-unique-subdomains-on-large-scope.md)
|
||||||
* [🔎 Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters](recon-strategies-by-other-hackers/static-analysis-of-client-side-javascript-for-pen-testers-and-bug-bounty-hunters.md)
|
* [🔎 Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters](recon-strategies-by-other-hackers/static-analysis-of-client-side-javascript-for-pen-testers-and-bug-bounty-hunters.md)
|
||||||
* [🎯 subdomain-enumeration](subdomain-enumeration/README.md)
|
* [🎯 subdomain-enumeration](subdomain-enumeration/README.md)
|
||||||
* [🛠 CRLF](crlf.md)
|
* [🛠️ CRLF](crlf.md)
|
||||||
* [❌ xss](xss/README.md)
|
* [❌ xss](xss/README.md)
|
||||||
* [⛴ Ghetto XSS Cheatsheet](ghetto-xss-cheatsheet.md)
|
* [⛴️ Ghetto XSS Cheatsheet](ghetto-xss-cheatsheet.md)
|
||||||
* [🚀 Oneliners](oneliners.md)
|
* [🚀 Oneliners](oneliners.md)
|
||||||
|
|
Loading…
Reference in a new issue