Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4312: No subject

Browse source
This commit is contained in:
CPol 2024-04-16 03:52:03 +00:00 committed by gitbook-bot
parent 01fe8fd29e
commit a78eefaa44
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
7 changed files with 56 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -49,7 +49,7 @@
* [Specific Software/File-Type Tricks](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md)
* [Decompile compiled python binaries (exe, elf) - Retreive from .pyc](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md)
* [Browser Artifacts](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md)
* [Desofuscation vbs (cscript.exe)](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
* [Deofuscation vbs (cscript.exe)](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
* [Local Cloud Storage](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md)
* [Office file analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md)
* [PDF File analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md)

2
linux-hardening/privilege-escalation/README.md
View file

@ -1500,7 +1500,7 @@ find / -type f -iname ".*" -ls 2>/dev/null
```bash
for d in `echo $PATH | tr ":" "\n"`; do find $d -name "*.sh" 2>/dev/null; done
for d in `echo $PATH | tr ":" "\n"`; do find $d -type -f -executable 2>/dev/null; done
for d in `echo $PATH | tr ":" "\n"`; do find $d -type f -executable 2>/dev/null; done
```
### **Web files**

1
network-services-pentesting/pentesting-web/README.md
View file

@ -254,6 +254,7 @@ Launch some kind of **spider** inside the web. The goal of the spider is to **fi
* [**SpiderSuite**](https://github.com/3nock/SpiderSuite): Spider Suite is an advance multi-feature GUI web security Crawler/Spider designed for cyber security professionals.
* [**jsluice**](https://github.com/BishopFox/jsluice) (go): It's a Go package and [command-line tool](https://github.com/BishopFox/jsluice/blob/main/cmd/jsluice) for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.
* [**ParaForge**](https://github.com/Anof-cyber/ParaForge): ParaForge is a simple **Burp Suite extension** to **extract the paramters and endpoints** from the request to create custom wordlist for fuzzing and enumeration.
* [**katana**](https://github.com/projectdiscovery/katana) (go): Awesome tool for this.
### Brute Force directories and files

3
network-services-pentesting/pentesting-web/web-api-pentesting.md
View file

@ -49,7 +49,7 @@ Pentesting APIs involves a structured approach to uncovering vulnerabilities. Th
### **Tools and Resources for API Pentesting**
* **kiterunner**: Excellent for discovering API endpoints. Use it to scan and brute force paths and parameters against target APIs.
* [**kiterunner**](https://github.com/assetnote/kiterunner): Excellent for discovering API endpoints. Use it to scan and brute force paths and parameters against target APIs.
```bash
kr scan https://domain.com/api/ -w routes-large.kite -x 20
@ -59,6 +59,7 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
```
* Additional tools like **automatic-api-attack-tool**, **Astra**, and **restler-fuzzer** offer tailored functionalities for API security testing, ranging from attack simulation to fuzzing and vulnerability scanning.
* [**Cherrybomb**](https://github.com/blst-security/cherrybomb): It's an API security tool that audit your API based on an OAS file(the tool written in rust).
### **Learning and Practice Resources**

4
pentesting-web/content-security-policy-csp-bypass/README.md
View file

@ -150,6 +150,10 @@ Working payload: `"/><script>alert(1);</script>`
### 'unsafe-eval'
{% hint style="danger" %}
This is not working, for more info [**check this**](https://github.com/HackTricks-wiki/hacktricks/issues/653).
{% endhint %}
```yaml
Content-Security-Policy: script-src https://google.com 'unsafe-eval';
```

2
pentesting-web/hacking-jwt-json-web-tokens.md
View file

@ -70,7 +70,7 @@ Check if the token lasts more than 24h... maybe it never expires. If there is a
[**See this page.**](../generic-methodologies-and-resources/brute-force.md#jwt)
### Modify the algorithm to None (CVE-2015-9235)
### Modify the algorithm to None
Set the algorithm used as "None" and remove the signature part.

91
todo/online-platforms-with-api.md
View file

@ -1,4 +1,4 @@
# Online Platforms with API
<details>
@ -9,132 +9,135 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
# [ProjectHoneypot](https://www.projecthoneypot.org/)
## [ProjectHoneypot](https://www.projecthoneypot.org/)
You can ask if an IP is related to suspicious/malicious activities. Completely free.
# [**BotScout**](http://botscout.com/api.htm)
## [**BotScout**](http://botscout.com/api.htm)
Check if the IP address is related to a bot that register accounts. It can also check usernames and emails. Initially free.
# [Hunter](https://hunter.io/)
## [Hunter](https://hunter.io/)
Find and verify emails.
Some free API requests free, for more you need to pay.
Find and verify emails.\
Some free API requests free, for more you need to pay.\
Commercial?
# [AlientVault](https://otx.alienvault.com/api)
## [AlientVault](https://otx.alienvault.com/api)
Find Malicious activities related to IPs and Domains. Free.
# [Clearbit](https://dashboard.clearbit.com/)
## [Clearbit](https://dashboard.clearbit.com/)
Find related personal data to a email \(profiles on other platforms\), domain \(basic company info ,mails and people working\) and companies \(get company info from mail\).
You need to pay to access all the possibilities.
Find related personal data to a email (profiles on other platforms), domain (basic company info ,mails and people working) and companies (get company info from mail).\
You need to pay to access all the possibilities.\
Commercial?
# [BuiltWith](https://builtwith.com/)
## [BuiltWith](https://builtwith.com/)
Technologies used by webs. Expensive...
Technologies used by webs. Expensive...\
Commercial?
# [Fraudguard](https://fraudguard.io/)
## [Fraudguard](https://fraudguard.io/)
Check if a host \(domain or IP\) is related with suspicious/malicious activities. Have some free API access.
Check if a host (domain or IP) is related with suspicious/malicious activities. Have some free API access.\
Commercial?
# [FortiGuard](https://fortiguard.com/)
## [FortiGuard](https://fortiguard.com/)
Check if a host \(domain or IP\) is related with suspicious/malicious activities. Have some free API access.
Check if a host (domain or IP) is related with suspicious/malicious activities. Have some free API access.
# [SpamCop](https://www.spamcop.net/)
## [SpamCop](https://www.spamcop.net/)
Indicates if host is related to spam activity. Have some free API access.
# [mywot](https://www.mywot.com/)
## [mywot](https://www.mywot.com/)
Based on opinions and other metrics get if a domain is related with suspicious/malicious information.
# [ipinfo](https://ipinfo.io/)
## [ipinfo](https://ipinfo.io/)
Obtains basic info from an IP address. You can test up to 100K/month.
# [securitytrails](https://securitytrails.com/app/account)
## [securitytrails](https://securitytrails.com/app/account)
This platform give information about domains and IP addresses like domains inside an IP or inside a domain server, domains owned by an email \(find related domains\), IP history of domains \(find the host behind CloudFlare\), all domains using a nameserver....
This platform give information about domains and IP addresses like domains inside an IP or inside a domain server, domains owned by an email (find related domains), IP history of domains (find the host behind CloudFlare), all domains using a nameserver....\
You have some free access.
# [fullcontact](https://www.fullcontact.com/)
## [fullcontact](https://www.fullcontact.com/)
Allows to search by email, domain or company name and retrieve "personal" information related. It can also verify emails. There is some free access.
# [RiskIQ](https://www.spiderfoot.net/documentation/)
## [RiskIQ](https://www.spiderfoot.net/documentation/)
A lot of information from domains and IPs even in the free/community version.
# [\_IntelligenceX](https://intelx.io/)
## [\_IntelligenceX](https://intelx.io/)
Search Domains, IPs and emails and get info from dumps. Have some free access.
# [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
## [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
Search by IP and gather information related to suspicions activities. There is some free access.
# [Greynoise](https://viz.greynoise.io/)
## [Greynoise](https://viz.greynoise.io/)
Search by IP or IP range and get information about IPs scanning the Internet. 15 days free access.
# [Shodan](https://www.shodan.io/)
## [Shodan](https://www.shodan.io/)
Get scan information of an IP address. Have some free api access.
# [Censys](https://censys.io/)
## [Censys](https://censys.io/)
Very similar to shodan
# [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/)
## [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/)
Find open S3 buckets searching by keyword.
# [Dehashed](https://www.dehashed.com/data)
## [Dehashed](https://www.dehashed.com/data)
Find leaked credentials of emails and even domains
Find leaked credentials of emails and even domains\
Commercial?
# [psbdmp](https://psbdmp.ws/)
## [psbdmp](https://psbdmp.ws/)
Search pastebins where a email appeared. Commercial?
# [emailrep.io](https://emailrep.io/key)
## [emailrep.io](https://emailrep.io/key)
Get reputation of a mail. Commercial?
# [ghostproject](https://ghostproject.fr/)
## [ghostproject](https://ghostproject.fr/)
Get passwords from leaked emails. Commercial?
# [Binaryedge](https://www.binaryedge.io/)
## [Binaryedge](https://www.binaryedge.io/)
Obtain interesting info from IPs
# [haveibeenpwned](https://haveibeenpwned.com/)
## [haveibeenpwned](https://haveibeenpwned.com/)
Search by domain and email and get if it was pwned and passwords. Commercial?
[https://dnsdumpster.com/](https://dnsdumpster.com/)\(in a commercial tool?\)
### [IP2Location.io](https://www.ip2location.io/)
[https://www.netcraft.com/](https://www.netcraft.com/) \(in a commercial tool?\)
[https://www.nmmapper.com/sys/tools/subdomainfinder/](https://www.nmmapper.com/) \(in a commercial tool?\)
It detects IP geolocation, data center, ASN and even VPN information. It offers free 30K queries per month.
[https://dnsdumpster.com/](https://dnsdumpster.com/)(in a commercial tool?)
[https://www.netcraft.com/](https://www.netcraft.com/) (in a commercial tool?)
[https://www.nmmapper.com/sys/tools/subdomainfinder/](https://www.nmmapper.com/) (in a commercial tool?)
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
@ -144,9 +147,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>