Pentesting
  • API Pentesting
  • Pivoting techniques
  • Aquatone
  • NOSQL injections
  • Basic LDAP Injection
  • Basic authentication bypass
  • SERVER SIDE REQUEST FORGERY (SSRF)
  • SQL injections
  • SSTI
  • Easy - No Protections
  • GENERAL INFORMATION
  • XML External Entity (XXE) Injection Payloads
  • Post exploitation techniques
  • Hashcat Cheatsheet
  • John The Ripper Cheatsheet
  • Cracking files
  • Wordlists & co.
  • WinRM (Windows Remote Management) Pentesting
  • API windows
  • Command find priv /esc
  • Crawl/Fuzz
  • HTTP Request Smuggling
  • Api keys
  • Pivoting, Tunneling, and Port Forwarding
  • Shells & Payloads
  • API Recon
  • API Token Attacks
Powered by GitBook
On this page

Crawl/Fuzz

PreviousCommand find priv /escNextHTTP Request Smuggling

Last updated 1 year ago

# Crawlers dirhunt hakrawler -domain python3 sourcewolf.py -h gospider -s " -o output -c 10 -d 1 gospider -S sites.txt -o output -c 10 -d 1 gospider -s " -o output -c 10 -d 1 --other-source --include-subs # Fuzzers # ffuf # Discover content ffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w six2dez/OneListForAll/onelistforall.txt -u # Headers discover ffuf -mc all -ac -u -w six2dez/OneListForAll/onelistforall.txt -c -H "FUZZ: Hellothereheadertesting123 asd" # Ffuf - burp ffuf -replay-proxy http:127.0.0.1:8080 # Fuzzing extensions # General .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml,.inc # Backups '.bak','.bac','.old','.000','.~','.01','._bak','.001','.inc','.Xxx' # kr # kr brute -w onelistforallmicro.txt -x 100 --fail-status-codes 404 kr scan -w routes-small.kite -A=apiroutes-210228 -x 100 --ignore-length=34 # chameleon # ./chameleon -u -a -A # Best wordlists for fuzzing: # - raft-large-directories-lowercase.txt - directory-list-2.3-medium.txt - RobotsDisallowed/top10000.txt # - # # # # AIO: # Check # Pro tip: set "Host: localhost" as header # Custom generated dictionary gau example.com | unfurl -u paths # Get files only sed 's#/#\n#g' paths.txt |sort -u # Other things gau example.com | unfurl -u keys gau example.com | head -n 1000 |fff -s 200 -s 404 # Hadrware devices admin panel # default-http-login-hunter.sh # Dirsearch dirsearch -r -f -u --extensions=htm,html,asp,aspx,txt -w six2dez/OneListForAll/onelistforall.txt --request-by-hostname -t 40 # dirb dirb -r -o dirb-10.11.1.111.txt # wfuzz wfuzz -c -z file,six2dez/OneListForAll/onelistforall.txt --hc 404 # gobuster gobuster dir -u -w six2dez/OneListForAll/onelistforall.txt -s '200,204,301,302,307,403,500' -e # Cansina # python3 cansina.py -u example.com -p PAYLOAD # Ger endpoints from JS # LinkFinder # python linkfinder.py -i -d python linkfinder.py -i burpfile -b # JS enumeration # # Tip, if 429 add one of these headers: Client-Ip: IP X-Client-Ip: IP X-Forwarded-For: IP X-Forwarded-For: 127.0.0.1

https://url.com/
https://url.com/
https://example.com/"
https://example.com/"
https://url.com/FUZZ
https://hackxor.net
https://github.com/assetnote/kiterunner
https://whatever.com/
https://whatever.com/
https://github.com/iustin24/chameleon
http://testphp.vulnweb.com
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext
https://github.com/random-robbie/bruteforce-lists
https://github.com/google/fuzzing/tree/master/dictionaries
https://github.com/six2dez/OneListForAll
https://github.com/foospidy/payloads
https://wordlists.assetnote.io/
https://github.com/InfosecMatter/default-http-login-hunter
https://10.10.0.1:443/
https://10.11.1.111
http://10.11.1.111
http://10.11.1.11/FUZZ
http://10.11.1.111
https://github.com/deibit/cansina
https://github.com/GerbenJavado/LinkFinder
https://example.com
https://github.com/KathanP19/JSFScan.sh
Page cover image