GitBook: [master] 7 pages and 10 assets modified

SUMMARY.md

@@ -217,6 +217,7 @@
 * [69/UDP TFTP/Bittorrent-tracker](pentesting/69-udp-tftp.md)
 * [79 - Pentesting Finger](pentesting/pentesting-finger.md)
 * [80,443 - Pentesting Web Methodology](pentesting/pentesting-web/README.md)
+  * [AEM - Adobe Experience Cloud](pentesting/pentesting-web/aem-adobe-experience-cloud.md)
   * [Apache](pentesting/pentesting-web/apache.md)
   * [Artifactory Hacking guide](pentesting/pentesting-web/artifactory-hacking-guide.md)
   * [Buckets](pentesting/pentesting-web/buckets/README.md)

forensics/basic-forensic-methodology/windows-forensics/README.md

@@ -130,7 +130,7 @@ The files in the folder WPDNSE are a copy of the original ones, then won't survi
 
 Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced \(search for `Section start`\).
 
-![](../../../.gitbook/assets/image%20%28477%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
+![](../../../.gitbook/assets/image%20%28477%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
 
 ### USB Detective
 

mobile-apps-pentesting/ios-pentesting/README.md

@@ -601,7 +601,7 @@ Many apps log informative \(and potentially sensitive\) messages to the console
 5. Reproduce the problem.
 6. Click on the **Open Console** button located in the upper right-hand area of the Devices window to view the console logs on a separate window.
 
-![](../../.gitbook/assets/image%20%28466%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28466%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
 
 You can also connect to the device shell as explained in Accessing the Device Shell, install **socat** via **apt-get** and run the following command:
 

online-platforms-with-api.md

@@ -1,114 +1,114 @@
 # Online Platforms with API
 
-### [ProjectHoneypot](https://www.projecthoneypot.org/)
+## [ProjectHoneypot](https://www.projecthoneypot.org/)
 
 You can ask if an IP is related to suspicious/malicious activities. Completely free.
 
-### \*\*\*\*[**BotScout**](http://botscout.com/api.htm)\*\*\*\*
+## \*\*\*\*[**BotScout**](http://botscout.com/api.htm)\*\*\*\*
 
 Check if the IP address is related to a bot that register accounts. It can also check usernames and emails. Initially free.
 
-### [Hunter](https://hunter.io/)
+## [Hunter](https://hunter.io/)
 
 Find and verify emails.  
 Some free API requests free, for more you need to pay.  
 Commercial?
 
-### [AlientVault](https://otx.alienvault.com/api)
+## [AlientVault](https://otx.alienvault.com/api)
 
 Find Malicious activities related to IPs and Domains. Free.
 
-### [Clearbit](https://dashboard.clearbit.com/)
+## [Clearbit](https://dashboard.clearbit.com/)
 
 Find related personal data to a email \(profiles on other platforms\), domain \(basic company info ,mails and people working\) and companies \(get company info from mail\).  
 You need to pay to access all the possibilities.  
 Commercial?
 
-### [BuiltWith](https://builtwith.com/)
+## [BuiltWith](https://builtwith.com/)
 
 Technologies used by webs. Expensive...  
 Commercial?
 
-### [Fraudguard](https://fraudguard.io/)
+## [Fraudguard](https://fraudguard.io/)
 
 Check if a host \(domain or IP\) is related with suspicious/malicious activities. Have some free API access.  
 Commercial?
 
-### [FortiGuard](https://fortiguard.com/)
+## [FortiGuard](https://fortiguard.com/)
 
 Check if a host \(domain or IP\) is related with suspicious/malicious activities. Have some free API access.
 
-### [SpamCop](https://www.spamcop.net/)
+## [SpamCop](https://www.spamcop.net/)
 
 Indicates if host is related to spam activity. Have some free API access.
 
-### [mywot](https://www.mywot.com/)
+## [mywot](https://www.mywot.com/)
 
 Based on opinions and other metrics get if a domain is related with suspicious/malicious information.
 
-### [ipinfo](https://ipinfo.io/)
+## [ipinfo](https://ipinfo.io/)
 
 Obtains basic info from an IP address. You can test up to 100K/month.
 
-### [securitytrails](https://securitytrails.com/app/account)
+## [securitytrails](https://securitytrails.com/app/account)
 
 This platform give information about domains and IP addresses like domains inside an IP or inside a domain server, domains owned by an email \(find related domains\), IP history of domains \(find the host behind CloudFlare\), all domains using a nameserver....  
 You have some free access.
 
-### [fullcontact](https://www.fullcontact.com/)
+## [fullcontact](https://www.fullcontact.com/)
 
 Allows to search by email, domain or company name and retrieve "personal" information related. It can also verify emails. There is some free access.
 
-### [RiskIQ](https://www.spiderfoot.net/documentation/)
+## [RiskIQ](https://www.spiderfoot.net/documentation/)
 
 A lot of information from domains and IPs even in the free/community version.
 
-### [\_IntelligenceX](https://intelx.io/)
+## [\_IntelligenceX](https://intelx.io/)
 
 Search Domains, IPs and emails and get info from dumps. Have some free access.
 
-### [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
+## [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
 
 Search by IP and gather information related to suspicions activities. There is some free access.
 
-### [Greynoise](https://viz.greynoise.io/)
+## [Greynoise](https://viz.greynoise.io/)
 
 Search by IP or IP range and get information about IPs scanning the Internet. 15 days free access.
 
-### [Shodan](https://www.shodan.io/)
+## [Shodan](https://www.shodan.io/)
 
 Get scan information of an IP address. Have some free api access.
 
-### [Censys](https://censys.io/)
+## [Censys](https://censys.io/)
 
 Very similar to shodan
 
-### [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/)
+## [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/)
 
 Find open S3 buckets searching by keyword.
 
-### [Dehashed](https://www.dehashed.com/data)
+## [Dehashed](https://www.dehashed.com/data)
 
 Find leaked credentials of emails and even domains  
 Commercial?
 
-### [psbdmp](https://psbdmp.ws/)
+## [psbdmp](https://psbdmp.ws/)
 
 Search pastebins where a email appeared. Commercial?
 
-### [emailrep.io](https://emailrep.io/key)
+## [emailrep.io](https://emailrep.io/key)
 
 Get reputation of a mail. Commercial?
 
-### [ghostproject](https://ghostproject.fr/)
+## [ghostproject](https://ghostproject.fr/)
 
 Get passwords from leaked emails. Commercial?
 
-### [Binaryedge](https://www.binaryedge.io/)
+## [Binaryedge](https://www.binaryedge.io/)
 
 Obtain interesting info from IPs
 
-### [haveibeenpwned](https://haveibeenpwned.com/)
+## [haveibeenpwned](https://haveibeenpwned.com/)
 
 Search by domain and email and get if it was pwned and passwords. Commercial?
 
@@ -117,3 +117,4 @@ Search by domain and email and get if it was pwned and passwords. Commercial?
 [https://www.netcraft.com/](https://www.netcraft.com/) \(in a commercial tool?\)
 
 [https:/https://www.nmmapper.com/sys/tools/subdomainfinder/](https://www.nmmapper.com/) \(in a commercial tool?\)
+

pentesting-web/saml-attacks/README.md

@@ -6,7 +6,7 @@
 
 ## Attacks Graphic
 
-![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%281%29.png)
 
 ## Tool
 

pentesting/pentesting-web/README.md

@@ -69,6 +69,7 @@ Search **for** [**vulnerabilities of the web application** **version**](../../se
 
 Some **tricks** for **finding vulnerabilities** in different well known **technologies** being used:
 
+* \*\*\*\*[**AEM - Adobe Experience Cloud**](aem-adobe-experience-cloud.md)\*\*\*\*
 * \*\*\*\*[**Apache**](apache.md)\*\*\*\*
 * \*\*\*\*[**Artifactory**](artifactory-hacking-guide.md)\*\*\*\*
 * \*\*\*\*[**Buckets**](buckets/)\*\*\*\*

pentesting/pentesting-web/aem-adobe-experience-cloud.md

@@ -0,0 +1,4 @@
+# AEM - Adobe Experience Cloud
+
+Find vulnerabilities and missconfigurations with [https://github.com/0ang3el/aem-hacker](https://github.com/0ang3el/aem-hacker)
+