Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 22:20:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #183 from L1xPy/patch-1

Browse source 
Update README.md
This commit is contained in:
Carlos Polop 2021-08-15 23:54:28 +02:00 committed by GitHub
commit 105f282a5e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting/pentesting-web/README.md
View file

@ -282,7 +282,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
* You should also check discovered JS files with [**RetireJS**](https://github.com/retirejs/retire.js/) or [**JSHole**](https://github.com/callforpapers-source/jshole) to find if it's vulnerable.
* **Javascript Deobfuscator and Unpacker** \([https://lelinhtinh.github.io/de4js/](https://lelinhtinh.github.io/de4js/)\)
* **Javascript Beautifier** \([http://jsbeautifier.org/](https://beautifier.io/)\)
* **BrainFuck deobfuscation** \(javascript with chars:"\[\]!+" [https://ooze.ninja/javascript/poisonjs/](https://ooze.ninja/javascript/poisonjs/)\)
* **JsFuck deobfuscation** \(javascript with chars:"\[\]!+" [https://ooze.ninja/javascript/poisonjs/](https://ooze.ninja/javascript/poisonjs/)\)
* In several occasions you will need to **understand regular expressions** used, this will be useful: [https://regex101.com/](https://regex101.com/)
* You could also **monitor the files were forms were detected**, as a change in the parameter or the apearance f a new form may indicate a potential new vulnerable functionality.