STRLCPY/Cipherops

GITBOOK-20: change request with no subject merged in GitBook
Adwaith committed with gitbook-bot 1 year ago

054b489e

1 parent 19c56f30

overview/resourses/30-cybersecurity-search-engines.md 30-cybersecurity-search-engines.md

Content is identical

■ ■ ■ ■ ■ ■

SUMMARY.md

		skipped 4 lines
5	5		* [🌏 Journeying Through the World of Ethical Hacking with Cipher-ops](journeying-through-the-world-of-ethical-hacking-with-cipher-ops.md)
6	6		* [Let's Start](lets-start/README.md)
7	7		* [🥳 Exploring Top Platforms and Websites for Hacking Practice and Learning](lets-start/exploring-top-platforms-and-websites-for-hacking-practice-and-learning.md)
8		-	* [Offensive virtual machine's](lets-start/offensive-virtual-machines.md)
9		-	* [cybersecurity YouTube channels](lets-start/cybersecurity-youtube-channels.md)
10	8
11	9		## Overview
12	10
13	11		* [Resourses](overview/resourses/README.md)
14		-	* [30 cybersecurity search engines](overview/resourses/30-cybersecurity-search-engines.md)
15		-	* [Essential Linux Commands](overview/resourses/essential-linux-commands.md)
16		-	* [Damn Vulnerabilities List Lab](overview/resourses/damn-vulnerabilities-list-lab.md)
17		-	* [Try-Hack-me Roadmap](overview/resourses/try-hack-me-roadmap.md)
18		-	* [OSINT](overview/osint.md)
	12	+	* [30 cybersecurity search engines](30-cybersecurity-search-engines.md)
	13	+	* [Essential Linux Commands](essential-linux-commands.md)
	14	+	* [Damn Vulnerabilities List Lab](damn-vulnerabilities-list-lab.md)
	15	+	* [Try-Hack-me Roadmap](try-hack-me-roadmap.md)
	16	+	* [Offensive virtual machine's](overview/resourses/offensive-virtual-machines.md)
	17	+	* [cybersecurity YouTube channels](overview/resourses/cybersecurity-youtube-channels.md)
	18	+	* [All DAMN vulnerable resources](overview/resourses/all-damn-vulnerable-resources.md)
	19	+	* [OSINT](osint.md)
19	20
20	21		***
21	22
22		-	* [ℹ Recon Tips](recon-tips/README.md)
23		-	* [Subdomain Enumeration](recon-tips/subdomain-enumeration.md)
24		-	* [One Liner from Awesome bug bounty](recon-tips/one-liner-from-awesome-bug-bounty.md)
25		-	* [Resources](recon-tips/resources/README.md)
26		-	* [Best Recon Technique For Active Subdomain Enumeration](recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md)
27		-	* [Mastering the Art of Information Gathering](recon-tips/resources/mastering-the-art-of-information-gathering.md)
28		-	* [Introducing 20 web-application hacking tools🔥🤩🌵](recon-tips/resources/introducing-20-web-application-hacking-tools.md)
29		-	* [All DAMN vulnerable resources](recon-tips/resources/all-damn-vulnerable-resources.md)
	23	+	* [ℹ Recon Tips](overview/recon-tips/README.md)
	24	+	* [Subdomain Enumeration](overview/recon-tips/subdomain-enumeration.md)
	25	+	* [One Liner from Awesome bug bounty](overview/recon-tips/one-liner-from-awesome-bug-bounty.md)
	26	+	* [Best Recon Technique For Active Subdomain Enumeration](recon-tips/best-recon-technique-for-active-subdomain-enumeration.md)
	27	+	* [Mastering the Art of Information Gathering](recon-tips/mastering-the-art-of-information-gathering.md)
30	28		* [Web Application](web-application/README.md)
31		-	* [PORT SCANNING](web-application/port-scanning.md)
32		-	* [Subdomain Takeover Resources](web-application/subdomain-takeover-resources.md)
33		-	* [Technology Identification](web-application/technology-identification.md)
34		-	* [Content Discovery Tools](web-application/content-discovery-tools.md)
35		-	* [Link Extraction Tools](web-application/link-extraction-tools.md)
36		-	* [Parameter and web fuzzing tools](web-application/parameter-and-web-fuzzing-tools.md)
37		-	* [Screenshots](web-application/screenshots.md)
38		-	* [File Inclusion,CSRF Injection,Directory Traversal](web-application/file-inclusion-csrf-injection-directory-traversal.md)
39		-	* [GraphQL Injection,Insecure Deserialization,Header Injection](web-application/graphql-injection-insecure-deserialization-header-injection.md)
40		-	* [Exploitation Tools Categorized by Vulnerability Type](web-application/exploitation-tools-categorized-by-vulnerability-type.md)
41		-	* [Insecure Direct Object References, Open Redirect, Request Smuggling](web-application/insecure-direct-object-references-open-redirect-request-smuggling.md)
	29	+	* [PORT SCANNING](port-scanning.md)
	30	+	* [Subdomain Takeover Resources](subdomain-takeover-resources.md)
	31	+	* [Technology Identification](technology-identification.md)
	32	+	* [Content Discovery Tools](content-discovery-tools.md)
	33	+	* [Link Extraction Tools](link-extraction-tools.md)
	34	+	* [Parameter and web fuzzing tools](parameter-and-web-fuzzing-tools.md)
	35	+	* [Screenshots](screenshots.md)
	36	+	* [File Inclusion,CSRF Injection,Directory Traversal](exploitation/file-inclusion-csrf-injection-directory-traversal.md)
	37	+	* [GraphQL Injection,Insecure Deserialization,Header Injection](exploitation/graphql-injection-insecure-deserialization-header-injection.md)
	38	+	* [Exploitation Tools Categorized by Vulnerability Type](exploitation/exploitation-tools-categorized-by-vulnerability-type.md)
	39	+	* [Insecure Direct Object References, Open Redirect, Request Smuggling](exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md)
	40	+	* [Introducing 20 web-application hacking tools🔥🤩🌵](web-application/introducing-20-web-application-hacking-tools.md)
	41	+	* [Disclosed Reports 📝](web-application/disclosed-reports.md)
42	42
43	43		## 🐦 Twitter Threads
44	44
		skipped 2 lines

web-application/content-discovery-tools.md content-discovery-tools.md

Content is identical
overview/resourses/damn-vulnerabilities-list-lab.md damn-vulnerabilities-list-lab.md

Content is identical
overview/resourses/essential-linux-commands.md essential-linux-commands.md

Content is identical
web-application/exploitation-tools-categorized-by-vulnerability-type.md exploitation/exploitation-tools-categorized-by-vulnerability-type.md

Content is identical
web-application/file-inclusion-csrf-injection-directory-traversal.md exploitation/file-inclusion-csrf-injection-directory-traversal.md

Content is identical
web-application/graphql-injection-insecure-deserialization-header-injection.md exploitation/graphql-injection-insecure-deserialization-header-injection.md

Content is identical
web-application/insecure-direct-object-references-open-redirect-request-smuggling.md exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md

Content is identical
web-application/link-extraction-tools.md link-extraction-tools.md

Content is identical
overview/osint.md osint.md

Content is identical
recon-tips/README.md overview/recon-tips/README.md

Content is identical
recon-tips/one-liner-from-awesome-bug-bounty.md overview/recon-tips/one-liner-from-awesome-bug-bounty.md

Content is identical
recon-tips/subdomain-enumeration.md overview/recon-tips/subdomain-enumeration.md

Content is identical
recon-tips/resources/all-damn-vulnerable-resources.md overview/resourses/all-damn-vulnerable-resources.md

Content is identical
lets-start/cybersecurity-youtube-channels.md overview/resourses/cybersecurity-youtube-channels.md

Content is identical
lets-start/offensive-virtual-machines.md overview/resourses/offensive-virtual-machines.md

Content is identical
web-application/parameter-and-web-fuzzing-tools.md parameter-and-web-fuzzing-tools.md

Content is identical
web-application/port-scanning.md port-scanning.md

Content is identical

■ ■ ■ ■ ■ ■

recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md recon-tips/best-recon-technique-for-active-subdomain-enumeration.md

		skipped 18 lines
19	19		Command: altdns -i hackerone.txt -o data_output -r -s final.txt -w words.txt
20	20		```
21	21
22		-	<figure><img src="../../../.gitbook/assets/image (8).png" alt="Active Subdomain Enumeration Using FFUF"><figcaption><p>Active Subdomain Enumeration Using FFUF</p></figcaption></figure>
	22	+	<figure><img src="../.gitbook/assets/image (8).png" alt="Active Subdomain Enumeration Using FFUF"><figcaption><p>Active Subdomain Enumeration Using FFUF</p></figcaption></figure>
23	23
24	24		<mark style="color:green;">Technique 2:</mark> Favicon Hashes Favicons, the icons representing your website, possess unique hash values that can aid in discovering domains sharing the same hash function. Use the FavFreak tool to calculate favicon hashes. Execute the following command:
25	25
		skipped 1 lines
27	27		Command: cat urls.txt \| python3 favfreak.py
28	28		```
29	29
30		-	<figure><img src="../../../.gitbook/assets/image (3).png" alt="Favicon hash detecting using FavFreak"><figcaption><p>Favicon hash detecting using FavFreak</p></figcaption></figure>
	30	+	<figure><img src="../.gitbook/assets/image (3).png" alt="Favicon hash detecting using FavFreak"><figcaption><p>Favicon hash detecting using FavFreak</p></figcaption></figure>
31	31
32	32		Once the hash is calculated, you can use the same on internet search engines such as shodan to get the mass websites.
33	33
		skipped 7 lines
41	41		command: cat subdomains.txt \| dnsx -a -resp-only \| nrich -
42	42		```
43	43
44		-	<figure><img src="../../../.gitbook/assets/image.png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
	44	+	<figure><img src="../.gitbook/assets/image.png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
45	45
46	46		<mark style="color:green;">Technique 4:</mark> Choosing the Right Target When dealing with applications that have numerous subdomains, selecting the right subdomain to start hunting can be challenging. Utilize the interesting subs gf pattern list to identify interesting subdomains worth investigating. Execute the following command:
47	47
		skipped 19 lines
67	67		Command: cat dorks.txt \| uncover
68	68		```
69	69
70		-	<figure><img src="../../../.gitbook/assets/image (1).png" alt=""><figcaption><p>uncover tool link <a href="https://github.com/projectdiscovery/uncover">https://github.com/projectdiscovery/uncover</a></p></figcaption></figure>
	70	+	<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption><p>uncover tool link <a href="https://github.com/projectdiscovery/uncover">https://github.com/projectdiscovery/uncover</a></p></figcaption></figure>
71	71
72	72
73	73
		skipped 11 lines
85	85		Command: naabu -host target.com
86	86		```
87	87
88		-	<figure><img src="../../../.gitbook/assets/image (9).png" alt=""><figcaption><p>Finding open ports and service running using naabu</p></figcaption></figure>
	88	+	<figure><img src="../.gitbook/assets/image (9).png" alt=""><figcaption><p>Finding open ports and service running using naabu</p></figcaption></figure>
89	89
90	90		:clap:Thank you for taking the time to explore these amazing reconnaissance techniques. :smile:We hope you found this blog informative and useful in your endeavors.
91	91

recon-tips/resources/mastering-the-art-of-information-gathering.md recon-tips/mastering-the-art-of-information-gathering.md

Content is identical
web-application/screenshots.md screenshots.md

Content is identical
web-application/subdomain-takeover-resources.md subdomain-takeover-resources.md

Content is identical
web-application/technology-identification.md technology-identification.md

Content is identical
overview/resourses/try-hack-me-roadmap.md try-hack-me-roadmap.md

Content is identical

■ ■ ■ ■ ■ ■

recon-tips/resources/README.md web-application/disclosed-reports.md

1		-	# Resources
	1	+	# Disclosed Reports 📝
2	2
3	3		## <mark style="color:green;">Bug Bounty Resources & Disclosed Reports: A Valuable Collection of Insights 📝</mark>
4	4
		skipped 205 lines

recon-tips/resources/introducing-20-web-application-hacking-tools.md web-application/introducing-20-web-application-hacking-tools.md

Content is identical

GITBOOK-20: change request with no subject merged in GitBook