mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
GITBOOK-4312: No subject
This commit is contained in:
parent
01fe8fd29e
commit
a78eefaa44
7 changed files with 56 additions and 49 deletions
|
@ -49,7 +49,7 @@
|
||||||
* [Specific Software/File-Type Tricks](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md)
|
* [Specific Software/File-Type Tricks](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md)
|
||||||
* [Decompile compiled python binaries (exe, elf) - Retreive from .pyc](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md)
|
* [Decompile compiled python binaries (exe, elf) - Retreive from .pyc](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md)
|
||||||
* [Browser Artifacts](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md)
|
* [Browser Artifacts](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md)
|
||||||
* [Desofuscation vbs (cscript.exe)](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
|
* [Deofuscation vbs (cscript.exe)](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
|
||||||
* [Local Cloud Storage](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md)
|
* [Local Cloud Storage](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md)
|
||||||
* [Office file analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md)
|
* [Office file analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md)
|
||||||
* [PDF File analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md)
|
* [PDF File analysis](generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md)
|
||||||
|
|
|
@ -1500,7 +1500,7 @@ find / -type f -iname ".*" -ls 2>/dev/null
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
for d in `echo $PATH | tr ":" "\n"`; do find $d -name "*.sh" 2>/dev/null; done
|
for d in `echo $PATH | tr ":" "\n"`; do find $d -name "*.sh" 2>/dev/null; done
|
||||||
for d in `echo $PATH | tr ":" "\n"`; do find $d -type -f -executable 2>/dev/null; done
|
for d in `echo $PATH | tr ":" "\n"`; do find $d -type f -executable 2>/dev/null; done
|
||||||
```
|
```
|
||||||
|
|
||||||
### **Web files**
|
### **Web files**
|
||||||
|
|
|
@ -254,6 +254,7 @@ Launch some kind of **spider** inside the web. The goal of the spider is to **fi
|
||||||
* [**SpiderSuite**](https://github.com/3nock/SpiderSuite): Spider Suite is an advance multi-feature GUI web security Crawler/Spider designed for cyber security professionals.
|
* [**SpiderSuite**](https://github.com/3nock/SpiderSuite): Spider Suite is an advance multi-feature GUI web security Crawler/Spider designed for cyber security professionals.
|
||||||
* [**jsluice**](https://github.com/BishopFox/jsluice) (go): It's a Go package and [command-line tool](https://github.com/BishopFox/jsluice/blob/main/cmd/jsluice) for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.
|
* [**jsluice**](https://github.com/BishopFox/jsluice) (go): It's a Go package and [command-line tool](https://github.com/BishopFox/jsluice/blob/main/cmd/jsluice) for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.
|
||||||
* [**ParaForge**](https://github.com/Anof-cyber/ParaForge): ParaForge is a simple **Burp Suite extension** to **extract the paramters and endpoints** from the request to create custom wordlist for fuzzing and enumeration.
|
* [**ParaForge**](https://github.com/Anof-cyber/ParaForge): ParaForge is a simple **Burp Suite extension** to **extract the paramters and endpoints** from the request to create custom wordlist for fuzzing and enumeration.
|
||||||
|
* [**katana**](https://github.com/projectdiscovery/katana) (go): Awesome tool for this.
|
||||||
|
|
||||||
### Brute Force directories and files
|
### Brute Force directories and files
|
||||||
|
|
||||||
|
|
|
@ -49,7 +49,7 @@ Pentesting APIs involves a structured approach to uncovering vulnerabilities. Th
|
||||||
|
|
||||||
### **Tools and Resources for API Pentesting**
|
### **Tools and Resources for API Pentesting**
|
||||||
|
|
||||||
* **kiterunner**: Excellent for discovering API endpoints. Use it to scan and brute force paths and parameters against target APIs.
|
* [**kiterunner**](https://github.com/assetnote/kiterunner): Excellent for discovering API endpoints. Use it to scan and brute force paths and parameters against target APIs.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
kr scan https://domain.com/api/ -w routes-large.kite -x 20
|
kr scan https://domain.com/api/ -w routes-large.kite -x 20
|
||||||
|
@ -59,6 +59,7 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
|
||||||
```
|
```
|
||||||
|
|
||||||
* Additional tools like **automatic-api-attack-tool**, **Astra**, and **restler-fuzzer** offer tailored functionalities for API security testing, ranging from attack simulation to fuzzing and vulnerability scanning.
|
* Additional tools like **automatic-api-attack-tool**, **Astra**, and **restler-fuzzer** offer tailored functionalities for API security testing, ranging from attack simulation to fuzzing and vulnerability scanning.
|
||||||
|
* [**Cherrybomb**](https://github.com/blst-security/cherrybomb): It's an API security tool that audit your API based on an OAS file(the tool written in rust).
|
||||||
|
|
||||||
### **Learning and Practice Resources**
|
### **Learning and Practice Resources**
|
||||||
|
|
||||||
|
|
|
@ -150,6 +150,10 @@ Working payload: `"/><script>alert(1);</script>`
|
||||||
|
|
||||||
### 'unsafe-eval'
|
### 'unsafe-eval'
|
||||||
|
|
||||||
|
{% hint style="danger" %}
|
||||||
|
This is not working, for more info [**check this**](https://github.com/HackTricks-wiki/hacktricks/issues/653).
|
||||||
|
{% endhint %}
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
Content-Security-Policy: script-src https://google.com 'unsafe-eval';
|
Content-Security-Policy: script-src https://google.com 'unsafe-eval';
|
||||||
```
|
```
|
||||||
|
|
|
@ -70,7 +70,7 @@ Check if the token lasts more than 24h... maybe it never expires. If there is a
|
||||||
|
|
||||||
[**See this page.**](../generic-methodologies-and-resources/brute-force.md#jwt)
|
[**See this page.**](../generic-methodologies-and-resources/brute-force.md#jwt)
|
||||||
|
|
||||||
### Modify the algorithm to None (CVE-2015-9235)
|
### Modify the algorithm to None
|
||||||
|
|
||||||
Set the algorithm used as "None" and remove the signature part.
|
Set the algorithm used as "None" and remove the signature part.
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
|
# Online Platforms with API
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
|
@ -9,132 +9,135 @@ Other ways to support HackTricks:
|
||||||
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||||||
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
|
## [ProjectHoneypot](https://www.projecthoneypot.org/)
|
||||||
# [ProjectHoneypot](https://www.projecthoneypot.org/)
|
|
||||||
|
|
||||||
You can ask if an IP is related to suspicious/malicious activities. Completely free.
|
You can ask if an IP is related to suspicious/malicious activities. Completely free.
|
||||||
|
|
||||||
# [**BotScout**](http://botscout.com/api.htm)
|
## [**BotScout**](http://botscout.com/api.htm)
|
||||||
|
|
||||||
Check if the IP address is related to a bot that register accounts. It can also check usernames and emails. Initially free.
|
Check if the IP address is related to a bot that register accounts. It can also check usernames and emails. Initially free.
|
||||||
|
|
||||||
# [Hunter](https://hunter.io/)
|
## [Hunter](https://hunter.io/)
|
||||||
|
|
||||||
Find and verify emails.
|
Find and verify emails.\
|
||||||
Some free API requests free, for more you need to pay.
|
Some free API requests free, for more you need to pay.\
|
||||||
Commercial?
|
Commercial?
|
||||||
|
|
||||||
# [AlientVault](https://otx.alienvault.com/api)
|
## [AlientVault](https://otx.alienvault.com/api)
|
||||||
|
|
||||||
Find Malicious activities related to IPs and Domains. Free.
|
Find Malicious activities related to IPs and Domains. Free.
|
||||||
|
|
||||||
# [Clearbit](https://dashboard.clearbit.com/)
|
## [Clearbit](https://dashboard.clearbit.com/)
|
||||||
|
|
||||||
Find related personal data to a email \(profiles on other platforms\), domain \(basic company info ,mails and people working\) and companies \(get company info from mail\).
|
Find related personal data to a email (profiles on other platforms), domain (basic company info ,mails and people working) and companies (get company info from mail).\
|
||||||
You need to pay to access all the possibilities.
|
You need to pay to access all the possibilities.\
|
||||||
Commercial?
|
Commercial?
|
||||||
|
|
||||||
# [BuiltWith](https://builtwith.com/)
|
## [BuiltWith](https://builtwith.com/)
|
||||||
|
|
||||||
Technologies used by webs. Expensive...
|
Technologies used by webs. Expensive...\
|
||||||
Commercial?
|
Commercial?
|
||||||
|
|
||||||
# [Fraudguard](https://fraudguard.io/)
|
## [Fraudguard](https://fraudguard.io/)
|
||||||
|
|
||||||
Check if a host \(domain or IP\) is related with suspicious/malicious activities. Have some free API access.
|
Check if a host (domain or IP) is related with suspicious/malicious activities. Have some free API access.\
|
||||||
Commercial?
|
Commercial?
|
||||||
|
|
||||||
# [FortiGuard](https://fortiguard.com/)
|
## [FortiGuard](https://fortiguard.com/)
|
||||||
|
|
||||||
Check if a host \(domain or IP\) is related with suspicious/malicious activities. Have some free API access.
|
Check if a host (domain or IP) is related with suspicious/malicious activities. Have some free API access.
|
||||||
|
|
||||||
# [SpamCop](https://www.spamcop.net/)
|
## [SpamCop](https://www.spamcop.net/)
|
||||||
|
|
||||||
Indicates if host is related to spam activity. Have some free API access.
|
Indicates if host is related to spam activity. Have some free API access.
|
||||||
|
|
||||||
# [mywot](https://www.mywot.com/)
|
## [mywot](https://www.mywot.com/)
|
||||||
|
|
||||||
Based on opinions and other metrics get if a domain is related with suspicious/malicious information.
|
Based on opinions and other metrics get if a domain is related with suspicious/malicious information.
|
||||||
|
|
||||||
# [ipinfo](https://ipinfo.io/)
|
## [ipinfo](https://ipinfo.io/)
|
||||||
|
|
||||||
Obtains basic info from an IP address. You can test up to 100K/month.
|
Obtains basic info from an IP address. You can test up to 100K/month.
|
||||||
|
|
||||||
# [securitytrails](https://securitytrails.com/app/account)
|
## [securitytrails](https://securitytrails.com/app/account)
|
||||||
|
|
||||||
This platform give information about domains and IP addresses like domains inside an IP or inside a domain server, domains owned by an email \(find related domains\), IP history of domains \(find the host behind CloudFlare\), all domains using a nameserver....
|
This platform give information about domains and IP addresses like domains inside an IP or inside a domain server, domains owned by an email (find related domains), IP history of domains (find the host behind CloudFlare), all domains using a nameserver....\
|
||||||
You have some free access.
|
You have some free access.
|
||||||
|
|
||||||
# [fullcontact](https://www.fullcontact.com/)
|
## [fullcontact](https://www.fullcontact.com/)
|
||||||
|
|
||||||
Allows to search by email, domain or company name and retrieve "personal" information related. It can also verify emails. There is some free access.
|
Allows to search by email, domain or company name and retrieve "personal" information related. It can also verify emails. There is some free access.
|
||||||
|
|
||||||
# [RiskIQ](https://www.spiderfoot.net/documentation/)
|
## [RiskIQ](https://www.spiderfoot.net/documentation/)
|
||||||
|
|
||||||
A lot of information from domains and IPs even in the free/community version.
|
A lot of information from domains and IPs even in the free/community version.
|
||||||
|
|
||||||
# [\_IntelligenceX](https://intelx.io/)
|
## [\_IntelligenceX](https://intelx.io/)
|
||||||
|
|
||||||
Search Domains, IPs and emails and get info from dumps. Have some free access.
|
Search Domains, IPs and emails and get info from dumps. Have some free access.
|
||||||
|
|
||||||
# [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
|
## [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
|
||||||
|
|
||||||
Search by IP and gather information related to suspicions activities. There is some free access.
|
Search by IP and gather information related to suspicions activities. There is some free access.
|
||||||
|
|
||||||
# [Greynoise](https://viz.greynoise.io/)
|
## [Greynoise](https://viz.greynoise.io/)
|
||||||
|
|
||||||
Search by IP or IP range and get information about IPs scanning the Internet. 15 days free access.
|
Search by IP or IP range and get information about IPs scanning the Internet. 15 days free access.
|
||||||
|
|
||||||
# [Shodan](https://www.shodan.io/)
|
## [Shodan](https://www.shodan.io/)
|
||||||
|
|
||||||
Get scan information of an IP address. Have some free api access.
|
Get scan information of an IP address. Have some free api access.
|
||||||
|
|
||||||
# [Censys](https://censys.io/)
|
## [Censys](https://censys.io/)
|
||||||
|
|
||||||
Very similar to shodan
|
Very similar to shodan
|
||||||
|
|
||||||
# [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/)
|
## [buckets.grayhatwarfare.com](https://buckets.grayhatwarfare.com/)
|
||||||
|
|
||||||
Find open S3 buckets searching by keyword.
|
Find open S3 buckets searching by keyword.
|
||||||
|
|
||||||
# [Dehashed](https://www.dehashed.com/data)
|
## [Dehashed](https://www.dehashed.com/data)
|
||||||
|
|
||||||
Find leaked credentials of emails and even domains
|
Find leaked credentials of emails and even domains\
|
||||||
Commercial?
|
Commercial?
|
||||||
|
|
||||||
# [psbdmp](https://psbdmp.ws/)
|
## [psbdmp](https://psbdmp.ws/)
|
||||||
|
|
||||||
Search pastebins where a email appeared. Commercial?
|
Search pastebins where a email appeared. Commercial?
|
||||||
|
|
||||||
# [emailrep.io](https://emailrep.io/key)
|
## [emailrep.io](https://emailrep.io/key)
|
||||||
|
|
||||||
Get reputation of a mail. Commercial?
|
Get reputation of a mail. Commercial?
|
||||||
|
|
||||||
# [ghostproject](https://ghostproject.fr/)
|
## [ghostproject](https://ghostproject.fr/)
|
||||||
|
|
||||||
Get passwords from leaked emails. Commercial?
|
Get passwords from leaked emails. Commercial?
|
||||||
|
|
||||||
# [Binaryedge](https://www.binaryedge.io/)
|
## [Binaryedge](https://www.binaryedge.io/)
|
||||||
|
|
||||||
Obtain interesting info from IPs
|
Obtain interesting info from IPs
|
||||||
|
|
||||||
# [haveibeenpwned](https://haveibeenpwned.com/)
|
## [haveibeenpwned](https://haveibeenpwned.com/)
|
||||||
|
|
||||||
Search by domain and email and get if it was pwned and passwords. Commercial?
|
Search by domain and email and get if it was pwned and passwords. Commercial?
|
||||||
|
|
||||||
[https://dnsdumpster.com/](https://dnsdumpster.com/)\(in a commercial tool?\)
|
### [IP2Location.io](https://www.ip2location.io/)
|
||||||
|
|
||||||
[https://www.netcraft.com/](https://www.netcraft.com/) \(in a commercial tool?\)
|
It detects IP geolocation, data center, ASN and even VPN information. It offers free 30K queries per month.
|
||||||
|
|
||||||
[https://www.nmmapper.com/sys/tools/subdomainfinder/](https://www.nmmapper.com/) \(in a commercial tool?\)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
[https://dnsdumpster.com/](https://dnsdumpster.com/)(in a commercial tool?)
|
||||||
|
|
||||||
|
[https://www.netcraft.com/](https://www.netcraft.com/) (in a commercial tool?)
|
||||||
|
|
||||||
|
[https://www.nmmapper.com/sys/tools/subdomainfinder/](https://www.nmmapper.com/) (in a commercial tool?)
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
||||||
|
@ -144,9 +147,7 @@ Other ways to support HackTricks:
|
||||||
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||||
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
||||||
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue