GITBOOK-103: vhost fuzzing using ffuf

This commit is contained in:
Xalgord 2024-04-30 18:16:37 +00:00 committed by gitbook-bot
parent 9f91e76bff
commit f8570d4673
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 13 additions and 7 deletions

View file

@ -2,7 +2,7 @@
description: 'description: For Personal Reference' description: 'description: For Personal Reference'
--- ---
# 🧑🏫 My Methodologies # 🧑🏫 My Methodologies
#### Gathering Breached Credentials #### Gathering Breached Credentials
@ -401,6 +401,12 @@ intitle:"Citrix Gateway" -site:[citrix.com](http://citrix.com/)
cat domains.txt | while read url; do dom=$(assetfinder --subs-only $url|tee $url.txt;crobat -s $url|tee -a $url.txt|subfinder -d $url -silent|tee -a $url.txt |cat $url.txt|httprobe|sort -u > final-$url.txt);echo -e "\e[1;33m[-]Working with $url""\e[1;32m\n -> done File saved. Please check :)""\n";done cat domains.txt | while read url; do dom=$(assetfinder --subs-only $url|tee $url.txt;crobat -s $url|tee -a $url.txt|subfinder -d $url -silent|tee -a $url.txt |cat $url.txt|httprobe|sort -u > final-$url.txt);echo -e "\e[1;33m[-]Working with $url""\e[1;32m\n -> done File saved. Please check :)""\n";done
``` ```
#### VHOST Fuzzing using FFUF
```
ffuf -w ~/wordlists/subdomains.txt -H "Host: FUZZ.ffuf.me" -u http://ffuf.me
```
#### Check all methods on domainlist for Information Disclosure #### Check all methods on domainlist for Information Disclosure
``` ```

View file

@ -1,14 +1,14 @@
# Table of contents # Table of contents
* [🧑🏫 My Methodologies](README.md) * [🧑🏫 My Methodologies](README.md)
* [🕶 Google Dorks](google-dorks.md) * [🕶 Google Dorks](google-dorks.md)
* [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md) * [🌀 Possible "Content-Type" Header values](possible-content-type-header-values.md)
* [📜 Scripts written by me for XSS](scripts-written-by-me-for-xss.md) * [📜 Scripts written by me for XSS](scripts-written-by-me-for-xss.md)
* [🔼 Subdomain Takeover](subdomain-takeover.md) * [🔼 Subdomain Takeover](subdomain-takeover.md)
* [ Tips and Write-ups](tips-and-write-ups.md) * [ Tips and Write-ups](tips-and-write-ups.md)
* [🔧 Tools and their Uses](tools-and-their-uses.md) * [🔧 Tools and their Uses](tools-and-their-uses.md)
* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md) * [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
* [🕵 Recon strategies by other Hackers](recon-strategies-by-other-hackers/README.md) * [🕵 Recon strategies by other Hackers](recon-strategies-by-other-hackers/README.md)
* [🔎 Blind SQL Injection Detection and Exploitation (Cheat Sheet)](recon-strategies-by-other-hackers/blind-sql-injection-detection-and-exploitation-cheat-sheet.md) * [🔎 Blind SQL Injection Detection and Exploitation (Cheat Sheet)](recon-strategies-by-other-hackers/blind-sql-injection-detection-and-exploitation-cheat-sheet.md)
* [🔎 How i got more than 100 vulnerabilities in just one site? (zseano-challenge)](recon-strategies-by-other-hackers/how-i-got-more-than-100-vulnerabilities-in-just-one-site-zseano-challenge.md) * [🔎 How i got more than 100 vulnerabilities in just one site? (zseano-challenge)](recon-strategies-by-other-hackers/how-i-got-more-than-100-vulnerabilities-in-just-one-site-zseano-challenge.md)
* [🔎 JS is l0ve ❤️.](recon-strategies-by-other-hackers/js-is-l0ve-..md) * [🔎 JS is l0ve ❤️.](recon-strategies-by-other-hackers/js-is-l0ve-..md)
@ -28,7 +28,7 @@
* [🔎 How to Get Unique Subdomains on Large scope](recon-strategies-by-other-hackers/how-to-get-unique-subdomains-on-large-scope.md) * [🔎 How to Get Unique Subdomains on Large scope](recon-strategies-by-other-hackers/how-to-get-unique-subdomains-on-large-scope.md)
* [🔎 Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters](recon-strategies-by-other-hackers/static-analysis-of-client-side-javascript-for-pen-testers-and-bug-bounty-hunters.md) * [🔎 Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters](recon-strategies-by-other-hackers/static-analysis-of-client-side-javascript-for-pen-testers-and-bug-bounty-hunters.md)
* [🎯 subdomain-enumeration](subdomain-enumeration/README.md) * [🎯 subdomain-enumeration](subdomain-enumeration/README.md)
* [🛠 CRLF](crlf.md) * [🛠 CRLF](crlf.md)
* [❌ xss](xss/README.md) * [❌ xss](xss/README.md)
* [ Ghetto XSS Cheatsheet](ghetto-xss-cheatsheet.md) * [ Ghetto XSS Cheatsheet](ghetto-xss-cheatsheet.md)
* [🚀 Oneliners](oneliners.md) * [🚀 Oneliners](oneliners.md)