Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ brute force directories and files in webservers :
Fast
Easy and simple to use
Multithreading
Wildcard responses filtering (invalid webpages)
Keep alive connections
Support for multiple extensions
Support for every HTTP method
Support for HTTP request data
Support for raw request
Extensions excluding
Reporting (Plain text, JSON, XML, Markdown, CSV)
Recursive brute forcing
Target enumeration from an IP range
Sub-directories brute forcing
Force extensions
HTTP and SOCKS proxy support
HTTP cookies and headers support
HTTP headers from file
User agent randomization
Proxy host randomization
Batch processing
Request delaying
429 response code detecting
Multiple wordlist formats (lowercase, uppercase, capitalization)
Default configuration from file
Option to force requests by hostname
Option to add custom suffixes and prefixes
Option to whitelist response codes, support ranges (-i 200,300-399)
Option to blacklist response codes, support ranges (-x 404,500-599)
Option to exclude responses by sizes
Option to exclude responses by texts
Option to exclude responses by regexp(s)
Option to exclude responses by redirects
Options to display only items with response length from range
Option to remove all extensions from every wordlist entry
Quiet mode
Debug mode
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/maurosoria/dirsearch.git
2) cd dirsearch
3) python3 dirsearch.py -u <URL> -e <EXTENSIONS>
4) To can use SOCKS proxy or work with ../ in the wordlist, you need to install pips with requirements.txt: pip3 install -r requirements.txt
If you are using Windows and don't have git, you can install the ZIP file here. Dirsearch also supports Docker
Dirsearch requires python 3 or greater
5) dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]
Example:
root/
index.%EXT%
Passing the extensions "asp" and "aspx" (-e asp,aspx) will generate the following dictionary:
root/
index
index.asp
index.aspx
For wordlists without %EXT% (like SecLists), you need to use the -f | --force-extensions switch to append extensions to every word in the wordlists, as well as the "/". And for entries in the wordlist that you do not want to force, you can add %NOFORCE% at the end of them so dirsearch won't append any extension.
Example:
admin
home.%EXT%
api%NOFORCE%
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ brute force directories and files in webservers :
Fast
Easy and simple to use
Multithreading
Wildcard responses filtering (invalid webpages)
Keep alive connections
Support for multiple extensions
Support for every HTTP method
Support for HTTP request data
Support for raw request
Extensions excluding
Reporting (Plain text, JSON, XML, Markdown, CSV)
Recursive brute forcing
Target enumeration from an IP range
Sub-directories brute forcing
Force extensions
HTTP and SOCKS proxy support
HTTP cookies and headers support
HTTP headers from file
User agent randomization
Proxy host randomization
Batch processing
Request delaying
429 response code detecting
Multiple wordlist formats (lowercase, uppercase, capitalization)
Default configuration from file
Option to force requests by hostname
Option to add custom suffixes and prefixes
Option to whitelist response codes, support ranges (-i 200,300-399)
Option to blacklist response codes, support ranges (-x 404,500-599)
Option to exclude responses by sizes
Option to exclude responses by texts
Option to exclude responses by regexp(s)
Option to exclude responses by redirects
Options to display only items with response length from range
Option to remove all extensions from every wordlist entry
Quiet mode
Debug mode
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/maurosoria/dirsearch.git
2) cd dirsearch
3) python3 dirsearch.py -u <URL> -e <EXTENSIONS>
4) To can use SOCKS proxy or work with ../ in the wordlist, you need to install pips with requirements.txt: pip3 install -r requirements.txt
If you are using Windows and don't have git, you can install the ZIP file here. Dirsearch also supports Docker
Dirsearch requires python 3 or greater
5) dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]
Example:
root/
index.%EXT%
Passing the extensions "asp" and "aspx" (-e asp,aspx) will generate the following dictionary:
root/
index
index.asp
index.aspx
For wordlists without %EXT% (like SecLists), you need to use the -f | --force-extensions switch to append extensions to every word in the wordlists, as well as the "/". And for entries in the wordlist that you do not want to force, you can add %NOFORCE% at the end of them so dirsearch won't append any extension.
Example:
admin
home.%EXT%
api%NOFORCE%
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - maurosoria/dirsearch: Web path scanner
Web path scanner. Contribute to maurosoria/dirsearch development by creating an account on GitHub.
Forwarded from DailyCVE
π΅Unpatched Maxthon browser (Windows client) has dll hijacking vulnerability:
https://dailycve.com/unpatched-maxthon-browser-windows-client-has-dll-hijacking-vulnerability
https://dailycve.com/unpatched-maxthon-browser-windows-client-has-dll-hijacking-vulnerability
Dailycve
Unpatched Maxthon browser (Windows client) has dll hijacking vulnerability | CVE
Details:
The web browser is the Maxthon Browser.
There is a DLL hijacking flaw in the Maxthon browser (Windows client). Attackers are able to run malicious code exploiting this loophole.
Affected Versions:
Maxthon Browser (Windows client) 5
β¦
Forwarded from DailyCVE
π΅McAfee Agent authorization issue vulnerability (DC: 219-2021)
https://dailycve.com/mcafee-agent-authorization-issue-vulnerability
https://dailycve.com/mcafee-agent-authorization-issue-vulnerability
Dailycve
McAfee Agent authorization issue vulnerability | CVE
Details:
Mcafee McAfee Agent (MA) is a collection of Mcafee (Mcafee) client components that provide safe connectivity between the managed products and ePolicy Orchestrator (anti-virus software management platform). McAfee Agent for Windows previous toβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Microsoft's application to support the SpaceX Starlink Internet satellite group in an FCC lawsuit failed.
#bugs
#bugs
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Information leakage vulnerability due to improper implementation of Java API in Apache Tomcat (DC: 220-2021)
https://dailycve.com/information-leakage-vulnerability-due-improper-implementation-java-api-apache-tomcat
https://dailycve.com/information-leakage-vulnerability-due-improper-implementation-java-api-apache-tomcat
Dailycve
Information leakage vulnerability due to improper implementation of Java API in Apache Tomcat | CVE
Details:
The Apache Software Foundation has released an update for the Apache Tomcat vulnerability.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Support & Share undercode telegram links:
T.me/UndercodeUpdates
T.me/UndercodeTesting
T.me/DailyCve
T.me/UndercodeNews
t.me/UndercodeChat
T.me/Undercode_Testing
Enjoy & Stay safe !
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Support & Share undercode telegram links:
T.me/UndercodeUpdates
T.me/UndercodeTesting
T.me/DailyCve
T.me/UndercodeNews
t.me/UndercodeChat
T.me/Undercode_Testing
Enjoy & Stay safe !
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE TESTING
π΅Theonedev OneDev security vulnerability ((DC:221-2021)) :
https://dailycve.com/theonedev-onedev-security-vulnerability
https://dailycve.com/theonedev-onedev-security-vulnerability
Dailycve
Theonedev OneDev security vulnerability | CVE
Details:
Theonedev Onedev is a DevOps all-in-one framework based on Theonedev's JAVA squad. Container design, orchestration, CI, Git management, team coordination and other functions are provided by the framework, helping developers create a simple andβ¦
Forwarded from DailyCVE
π΅Unpatched/An SQL injection vulnerability exists in the website building system of Cixi Youcheng Network Technology Co., Ltd.:
https://dailycve.com/unpatchedan-sql-injection-vulnerability-exists-website-building-system-cixi-youcheng-network
https://dailycve.com/unpatchedan-sql-injection-vulnerability-exists-website-building-system-cixi-youcheng-network
Dailycve
Unpatched/An SQL injection vulnerability exists in the website building system of Cixi Youcheng Network Technology Co., Ltd. |β¦
Details:
Cixi Youcheng Network Co., Ltd. is positioned as a specialist Internet networking provider, supplying clients with a comprehensive network business combining network integration, marketing and service, and network services and product creation asβ¦
Cixi Youcheng Network Co., Ltd. is positioned as a specialist Internet networking provider, supplying clients with a comprehensive network business combining network integration, marketing and service, and network services and product creation asβ¦