mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 12:43:23 +00:00
GitBook: [master] 3 pages modified
This commit is contained in:
parent
7ceef54f8f
commit
1a615e7777
3 changed files with 8 additions and 1 deletions
|
@ -243,6 +243,10 @@ Once you have finished looking for subdomains you can use [**dnsgen** ](https://
|
|||
While looking for **subdomains** keep an eye to see if it is **pointing** to any type of **bucket**, and in that case [**check the permissions**](pentesting/pentesting-web/buckets/)**.**
|
||||
Also, as at this point you will know all the domains inside the scope, try to [**brute force possible bucket names and check the permissions**](pentesting/pentesting-web/buckets/).
|
||||
|
||||
### Monitorization
|
||||
|
||||
You can **monitor** if **new subdomains** of a domain are created by monitoring the **Certificate Transparency** Logs [**sublert** ](https://github.com/yassineaboukir/sublert/blob/master/sublert.py)does.
|
||||
|
||||
### Looking for vulnerabilities
|
||||
|
||||
Check for possible [**subdomain takeovers**](pentesting-web/domain-subdomain-takeover.md#subdomain-takeover).
|
||||
|
|
|
@ -184,7 +184,8 @@ Information about SSL/TLS vulnerabilities:
|
|||
|
||||
Launch some kind of **spider** inside the web. The goal of the spider is:
|
||||
|
||||
* Find all **files** and **folders** \([**gospider**](https://github.com/jaeles-project/gospider)**,** [**dirhunt**](https://github.com/Nekmo/dirhunt)**,** [**envie**](https://github.com/saeeddhqan/evine)\). [Broken link checker](https://github.com/stevenvachon/broken-link-checker) \(lets see if you can takeover something\). You can also find links using [**urlgrab**](https://github.com/IAmStoxe/urlgrab), which supports JS rendering.
|
||||
* Find all **files** and **folders** \([**gospider**](https://github.com/jaeles-project/gospider)**,** [**dirhunt**](https://github.com/Nekmo/dirhunt)**,** [**envie**](https://github.com/saeeddhqan/evine)**,** [**hakrawler**](https://github.com/hakluke/hakrawler)\). [Broken link checker](https://github.com/stevenvachon/broken-link-checker) \(lets see if you can takeover something\). You can also find links using [**urlgrab**](https://github.com/IAmStoxe/urlgrab), which supports JS rendering.
|
||||
* You can also find paths without accessing the web page using [**meg**](https://github.com/tomnomnom/meg), [**gau**](https://github.com/lc/gau)**.**
|
||||
* Find all **possible parameters** for each executable file. You can help yourself in this matter using [ParamSpider](https://github.com/devanshbatham/ParamSpider).
|
||||
* Read the next section "**Special Findings**" to search for more information on each file found.
|
||||
* [hakrawler](https://github.com/hakluke/hakrawler) can also be interesting
|
||||
|
|
|
@ -263,6 +263,8 @@ If you want to read about how can you exploit meta-data in AWS [you should read
|
|||
|
||||
{% embed url="https://github.com/smaranchand/bucky" %}
|
||||
|
||||
{% embed url="https://github.com/tomdev/teh\_s3\_bucketeers" %}
|
||||
|
||||
\*\*\*\*
|
||||
|
||||
## **List of Open Buckets**
|
||||
|
|
Loading…
Reference in a new issue