GitBook: [master] 386 pages modified

SUMMARY.md

@@ -170,6 +170,7 @@
 * [69/UDP TFTP/Bittorrent-tracker](pentesting/69-udp-tftp.md)
 * [79 - Pentesting Finger](pentesting/pentesting-finger.md)
 * [80,443 - Pentesting Web Methodology](pentesting/pentesting-web/README.md)
+  * [Code Review Tools](pentesting/pentesting-web/code-review-tools.md)
   * [Symphony](pentesting/pentesting-web/symphony.md)
   * [XSS to RCE Electron Desktop Apps](pentesting/pentesting-web/xss-to-rce-electron-desktop-apps.md)
   * [Spring Actuators](pentesting/pentesting-web/spring-actuators.md)

pentesting/pentesting-web/README.md

@@ -378,5 +378,6 @@ Check for this vulnerabilities:
 * \*\*\*\*[**XSS \(Cross Site Scripting\)**](../../pentesting-web/xss-cross-site-scripting/)\*\*\*\*
 * \*\*\*\*[**XS-Search**](../../pentesting-web/xs-search.md)\*\*\*\*
 
-**More references** for each Web Vulnerability: [https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/](https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/)
+**More references** for each Web Vulnerability: [https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/](https://cyberzombie.in/bug-bounty-methodology-techniques-tools-procedures/)  
+**Another checklist**: [https://six2dez.gitbook.io/pentest-book/others/web-checklist](https://six2dez.gitbook.io/pentest-book/others/web-checklist)
 

pentesting/pentesting-web/code-review-tools.md

@@ -0,0 +1,80 @@
+# Code Review Tools
+
+## General
+
+```bash
+https://www.sonarqube.org/downloads/
+https://deepsource.io/signup/
+https://github.com/pyupio/safety
+https://github.com/returntocorp/semgrep
+https://github.com/WhaleShark-Team/cobra
+
+# Find interesting strings
+https://github.com/s0md3v/hardcodes
+https://github.com/micha3lb3n/SourceWolf
+https://libraries.io/pypi/detect-secrets
+```
+
+## JavaScript
+
+```text
+https://jshint.com/
+https://github.com/jshint/jshint/
+```
+
+## NodeJS
+
+```text
+https://github.com/ajinabraham/nodejsscan
+```
+
+## Electron
+
+```text
+https://github.com/doyensec/electronegativity
+```
+
+## Python
+
+```bash
+# bandit
+https://github.com/PyCQA/bandit
+# pyt
+https://github.com/python-security/pyt
+```
+
+## .NET
+
+```bash
+# dnSpy
+https://github.com/0xd4d/dnSpy
+
+# .NET compilation
+C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe test.cs
+```
+
+## Java
+
+```bash
+# JD-Gui
+https://github.com/java-decompiler/jd-gui
+
+# Java compilation step-by-step
+javac -source 1.8 -target 1.8 test.java
+mkdir META-INF
+echo "Main-Class: test" > META-INF/MANIFEST.MF
+jar cmvf META-INF/MANIFEST.MF test.jar test.class
+```
+
+| Task | Command |
+| :--- | :--- |
+| Execute Jar | java -jar \[jar\] |
+| Unzip Jar | unzip -d \[output directory\] \[jar\] |
+| Create Jar | jar -cmf META-INF/MANIFEST.MF \[output jar\] \* |
+| Base64 SHA256 | sha256sum \[file\] \| cut -d' ' -f1 \| xxd -r -p \| base64 |
+| Remove Signing | rm META-INF/_.SF META-INF/_.RSA META-INF/\*.DSA |
+| Delete from Jar | zip -d \[jar\] \[file to remove\] |
+| Decompile class | procyon -o . \[path to class\] |
+| Decompile Jar | procyon -jar \[jar\] -o \[output directory\] |
+| Compile class | javac \[path to .java file\] |
+

shells/shells/README.md

@@ -8,6 +8,12 @@
 
 ### **Auto-generated shells**
 
+* \*\*\*\*[**https://github.com/ShutdownRepo/shellerator**](https://github.com/ShutdownRepo/shellerator)\*\*\*\*
+* \*\*\*\*[**https://github.com/0x00-0x00/ShellPop**](https://github.com/0x00-0x00/ShellPop)\*\*\*\*
+* \*\*\*\*[**https://github.com/cybervaca/ShellReverse**](https://github.com/cybervaca/ShellReverse) ****
+* \*\*\*\*[**https://liftoff.github.io/pyminifier/**](https://liftoff.github.io/pyminifier/) ****
+* \*\*\*\*[**https://github.com/xct/xc/**](https://github.com/xct/xc/) ****
+* \*\*\*\*[**https://weibell.github.io/reverse-shell-generator/**](https://weibell.github.io/reverse-shell-generator/)\*\*\*\*
 * \*\*\*\*[**https://github.com/t0thkr1s/revshellgen**](https://github.com/t0thkr1s/revshellgen)\*\*\*\*
 * \*\*\*\*[**https://github.com/mthbernardes/rsg**](https://github.com/mthbernardes/rsg)\*\*\*\*