STRLCPY/Cipherops

GITBOOK-13: change request with no subject merged in GitBook
Adwaith committed with gitbook-bot 1 year ago

c3270a31

1 parent dc27ada5

.gitbook/assets/image (5).png
.gitbook/assets/image (6).png

■ ■ ■ ■ ■ ■

SUMMARY.md

		skipped 33 lines
34	34		* [Link Extraction Tools](link-extraction-tools.md)
35	35		* [Parameter and web fuzzing tools](parameter-and-web-fuzzing-tools.md)
36	36
	37	+	## 🥲 Exploitation
	38	+
	39	+	* [Exploitation Tools Categorized by Vulnerability Type](exploitation/exploitation-tools-categorized-by-vulnerability-type.md)
	40	+	* [File Inclusion,CSRF Injection,Directory Traversal](exploitation/file-inclusion-csrf-injection-directory-traversal.md)
	41	+	* [GraphQL Injection,Insecure Deserialization,Header Injection](exploitation/graphql-injection-insecure-deserialization-header-injection.md)
	42	+	* [Insecure Direct Object References, Open Redirect, Request Smuggling](exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md)
	43	+

■ ■ ■ ■ ■ ■

exploitation/exploitation-tools-categorized-by-vulnerability-type.md

1	+	# Exploitation Tools Categorized by Vulnerability Type
2	+
3	+	```markdown
4	+	Here's the list of exploitation tools categorized by vulnerability type:
5	+
6	+	CRLF Injection:
7	+	1. [CRLFsuite](https://github.com/Nefcore/CRLFsuite) - A fast tool specially designed to scan CRLF injection
8	+	2. [crlfuzz](https://github.com/dwisiswant0/crlfuzz) - A fast tool to scan CRLF vulnerability written in Go
9	+	3. [CRLF-Injection-Scanner](https://github.com/MichaelStott/CRLF-Injection-Scanner) - Command line tool for testing CRLF injection on a list of domains.
10	+	4. [Injectus](https://github.com/BountyStrike/Injectus) - CRLF and open redirect fuzzer
11	+
12	+	```
13	+
14	+	```markdown
15	+	Command Injection:
16	+	1. [commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool.
17	+	```
18	+
19	+	```markdown
20	+	CORS Misconfiguration:
21	+	1. [Corsy](https://github.com/s0md3v/Corsy) - CORS Misconfiguration Scanner
22	+	2. [CORStest](https://github.com/RUB-NDS/CORStest) - A simple CORS misconfiguration scanner
23	+	3. [cors-scanner](https://github.com/laconicwolf/cors-scanner) - A multi-threaded scanner that helps identify CORS flaws/misconfigurations
24	+	4. [CorsMe](https://github.com/Shivangx01b/CorsMe) - Cross Origin Resource Sharing MisConfiguration Scanner
25	+
26	+	```
27	+

■ ■ ■ ■ ■ ■

exploitation/file-inclusion-csrf-injection-directory-traversal.md

1	+	# File Inclusion,CSRF Injection,Directory Traversal
2	+
3	+	```markdown
4	+	Here are the three File Inclusion,CSRF Injection,Directory Traversal. :
5	+
6	+	File Inclusion:
7	+
8	+	1. [liffy](https://github.com/mzfr/liffy) - Local file inclusion exploitation tool.
9	+	2. [Burp-LFI-tests](https://github.com/Team-Firebugs/Burp-LFI-tests) - Fuzzing for LFI using Burpsuite.
10	+	3. [LFI-Enum](https://github.com/mthbernardes/LFI-Enum) - Scripts to execute enumeration via LFI.
11	+	4. [LFISuite](https://github.com/D35m0nd142/LFISuite) - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner.
12	+	5. [LFI-files](https://github.com/hussein98d/LFI-files) - Wordlist to brute force for LFI.
13	+	r
14	+	```
15	+
16	+	```markdown
17	+	CSRF Injection:
18	+
19	+	1. [XSRFProbe](https://github.com/0xInfection/XSRFProbe) - The Prime Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit.
20	+	```
21	+
22	+	```markdown
23	+	Directory Traversal:
24	+
25	+	1. [dotdotpwn](https://github.com/wireghoul/dotdotpwn) - DotDotPwn - The Directory Traversal Fuzzer.
26	+	2. [FDsploit](https://github.com/chrispetrou/FDsploit) - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
27	+	3. [off-by-slash](https://github.com/bayotop/off-by-slash) - Burp extension to detect alias traversal via NGINX misconfiguration at scale.
28	+	4. [liffier](https://github.com/momenbasel/liffier) - Tired of manually adding dot-dot-slash to your possible path traversal? This short snippet will increment ../ on the URL.
29	+	```
30	+

■ ■ ■ ■ ■ ■

exploitation/graphql-injection-insecure-deserialization-header-injection.md

1	+	# GraphQL Injection,Insecure Deserialization,Header Injection
2	+
3	+	```markdown
4	+	// Some codeHere are the web security tools related to GraphQL Injection, Insecure Deserialization, and Header Injection:
5	+
6	+	### Header Injection
7	+
8	+	- [headi](https://github.com/mlcsec/headi) - Customizable and automated HTTP header injection.
9	+
10	+	```
11	+
12	+	<pre class="language-markdown"><code class="lang-markdown"><strong>### Insecure Deserialization
13	+	</strong><strong>
14	+	</strong>- [ysoserial](https://github.com/frohoff/ysoserial) - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
15	+	- [GadgetProbe](https://github.com/BishopFox/GadgetProbe) - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
16	+	- [ysoserial.net](https://github.com/pwntester/ysoserial.net) - Deserialization payload generator for a variety of .NET formatters
17	+	- [phpggc](https://github.com/ambionics/phpggc) - PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from the command line or programmatically.
18	+
19	+	</code></pre>
20	+
21	+	```markdown
22	+	### GraphQL Injection
23	+
24	+	- [inql](https://github.com/doyensec/inql) - InQL - A Burp Extension for GraphQL Security Testing
25	+	- [GraphQLmap](https://github.com/swisskyrepo/GraphQLmap) - GraphQLmap is a scripting engine to interact with a GraphQL endpoint for pentesting purposes.
26	+	- [shapeshifter](https://github.com/szski/shapeshifter) - GraphQL security testing tool
27	+	- [graphql_beautifier](https://github.com/zidekmat/graphql_beautifier) - Burp Suite extension to help make GraphQL requests more readable
28	+	- [clairvoyance](https://github.com/nikitastupin/clairvoyance) - Obtain GraphQL API schema despite disabled introspection!
29	+
30	+	Please note that these tools are intended for security testing purposes and should only be used on authorized systems.
31	+	```
32	+

■ ■ ■ ■ ■ ■

exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md

1	+	# Insecure Direct Object References, Open Redirect, Request Smuggling
2	+
3	+	```markdown
4	+	Here are the Insecure Direct Object References,Open Redirect and Request Smuggling tools:
5	+
6	+	## Insecure Direct Object References
7	+	- [Autorize](https://github.com/Quitten/Autorize) - Automatic authorization enforcement detection extension for Burp Suite written in Jython developed by Barak Tawily
8	+
9	+	```
10	+
11	+	```markdown
12	+	## Open Redirect
13	+	- [Oralyzer](https://github.com/r0075h3ll/Oralyzer) - Open Redirection Analyzer
14	+	- [Injectus](https://github.com/BountyStrike/Injectus) - CRLF and open redirect fuzzer
15	+	- [dom-red](https://github.com/Naategh/dom-red) - Small script to check a list of domains against open redirect vulnerability
16	+	- [OpenRedireX](https://github.com/devanshbatham/OpenRedireX) - A Fuzzer for OpenRedirect issues
17	+
18	+	```
19	+
20	+	```markdown
21	+
22	+	## Request Smuggling
23	+	- [http-request-smuggling](https://github.com/anshumanpattnaik/http-request-smuggling) - HTTP Request Smuggling Detection Tool
24	+	- [smuggler](https://github.com/defparam/smuggler) - Smuggler - An HTTP Request Smuggling/Desync testing tool written in Python 3
25	+	- [h2csmuggler](https://github.com/BishopFox/h2csmuggler) - HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
26	+	- [tiscripts](https://github.com/defparam/tiscripts) - Scripts used to create Request Smuggling Desync payloads for CLTE and TECL style attacks.2
27	+
28	+	```
29	+

■ ■ ■ ■ ■ ■

overview/recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md

		skipped 40 lines
41	41		command: cat subdomains.txt \| dnsx -a -resp-only \| nrich -
42	42		```
43	43
44		-	<figure><img src="../../../.gitbook/assets/image (6).png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
	44	+	<figure><img src="../../../.gitbook/assets/image (5).png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
45	45
46	46		<mark style="color:green;">Technique 4:</mark> Choosing the Right Target When dealing with applications that have numerous subdomains, selecting the right subdomain to start hunting can be challenging. Utilize the interesting subs gf pattern list to identify interesting subdomains worth investigating. Execute the following command:
47	47
		skipped 44 lines

GITBOOK-13: change request with no subject merged in GitBook