INFORMATION GATHERING | PENETRATION TESTING
Web Reconnaissance Or Information Gathering – Part 1
WHAT'S INFORMATION GATHERING IS ?
Information gathering is the first phase of penetration testing in which we collect publicly available information or internal information about target while performing active reconnaissance as well as passive reconnaissance which we can use it our further testing phases.
Target: Our target is nothing but web application on which we’ll perform testing.
Active Reconnaissance: It means whenever we engage with target to get information is called active reconnaissance.
Passive Reconnaissance: It means when we collect publicly available information about target without engaging with target is known as passive reconnaissance.
Vulnerability: Vulnerability is nothing but the weakness or lack of security which we found in the target.
In this blog we have talked about How to gather information about your target like - Active Reconnaissance, Passive Reconnaissance and about Google Dork
To Read Full Article And take Practical Knowledge From Given Link Below :
https://www.jewkoiyie.com/web-reconnaissance-or-information-gathering-part-1/
Web Reconnaissance Or Information Gathering – Part 1
WHAT'S INFORMATION GATHERING IS ?
Information gathering is the first phase of penetration testing in which we collect publicly available information or internal information about target while performing active reconnaissance as well as passive reconnaissance which we can use it our further testing phases.
Target: Our target is nothing but web application on which we’ll perform testing.
Active Reconnaissance: It means whenever we engage with target to get information is called active reconnaissance.
Passive Reconnaissance: It means when we collect publicly available information about target without engaging with target is known as passive reconnaissance.
Vulnerability: Vulnerability is nothing but the weakness or lack of security which we found in the target.
In this blog we have talked about How to gather information about your target like - Active Reconnaissance, Passive Reconnaissance and about Google Dork
To Read Full Article And take Practical Knowledge From Given Link Below :
https://www.jewkoiyie.com/web-reconnaissance-or-information-gathering-part-1/
INFORMATION GATHERING | PENETRATION TESTING
Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site)
SSL Certificate Parsing
SSL Certificate Parsing is another way to find different domain names related to the target. But before that what SSL certificate is, SSL stands for Secure Socket Layer, it is used to encrypt web traffic, because of SSL we see HTTPS in the url field instead of HTTP in maximum websites.
Subdomain Enumeration
Subdomain enumeration is the process of finding subdomains of a target.
What is Whois Lookup?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Take a look To my Article on This :-
https://jewkoiyie.com/web-reconnaissance-or-information-gathering-part-2-whois-lookup-tools-site/
Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site)
SSL Certificate Parsing
SSL Certificate Parsing is another way to find different domain names related to the target. But before that what SSL certificate is, SSL stands for Secure Socket Layer, it is used to encrypt web traffic, because of SSL we see HTTPS in the url field instead of HTTP in maximum websites.
Subdomain Enumeration
Subdomain enumeration is the process of finding subdomains of a target.
What is Whois Lookup?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Take a look To my Article on This :-
https://jewkoiyie.com/web-reconnaissance-or-information-gathering-part-2-whois-lookup-tools-site/
👍1
Bug Bounty pinned «INFORMATION GATHERING | PENETRATION TESTING Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site) SSL Certificate Parsing SSL Certificate Parsing is another way to find different domain names related to the target. But before…»
INFORMATION GATHERING | PENETRATION TESTING
Directory Brute Forcing – Web Reconnaissance Or Information Gathering – Part 3
Directory Brute-Forcing : Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
Main 2 Type of Tool To Find Hidden Directory :
Dirbuster and Gobuster
Dirb :
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Gobuster :
Gobuster is another tool which can be used to find the same.
Check out My Full Article :
https://jewkoiyie.com/directory-brute-forcing-web-reconnaissance-or-information-gathering-part-3/
Directory Brute Forcing – Web Reconnaissance Or Information Gathering – Part 3
Directory Brute-Forcing : Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
Main 2 Type of Tool To Find Hidden Directory :
Dirbuster and Gobuster
Dirb :
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Gobuster :
Gobuster is another tool which can be used to find the same.
Check out My Full Article :
https://jewkoiyie.com/directory-brute-forcing-web-reconnaissance-or-information-gathering-part-3/
❤2
INFORMATION GATHERING | PENETRATION TESTING
Website’s Directory Crawling Using Spider – Web Reconnaissance
Spidering the site :
Spidering is another way of finding the directories and the paths through web spidering or web crawling.
Web Crawling or Spidering: It is a process used to identify all pages on a site. This process is done with the help of a web spider tool, in this, we’ll use Burp Spider version 1.7.36 or OWASP Zap.
Check out the Full Article on Spider Tool :
https://jewkoiyie.com/websites-directory-crawling-using-spider-web-reconnaissance-part-4/
Website’s Directory Crawling Using Spider – Web Reconnaissance
Spidering the site :
Spidering is another way of finding the directories and the paths through web spidering or web crawling.
Web Crawling or Spidering: It is a process used to identify all pages on a site. This process is done with the help of a web spider tool, in this, we’ll use Burp Spider version 1.7.36 or OWASP Zap.
Check out the Full Article on Spider Tool :
https://jewkoiyie.com/websites-directory-crawling-using-spider-web-reconnaissance-part-4/
This Cheatsheet provides various tips for using Netcat for both Linux and Unix 🔥🌿🌿🌱☘️🌼🍀
All Syntex is designed for the original netcat
Here is Netcat 🌿Cheatsheet 🔥
All Syntex is designed for the original netcat
Here is Netcat 🌿Cheatsheet 🔥
Google warns that Russian and Belarusian hackers are targeting Ukraine and European allies through phishing attacks.
Read details: https://thehackernews.com/2022/03/google-russian-hackers-target.html
Read details: https://thehackernews.com/2022/03/google-russian-hackers-target.html
👍1
A new browser extension allows users to automatically check whether or not the WhatsApp Web code on their browser has been altered or tampered with, providing an extra layer of security for millions of desktop users.
Details: https://thehackernews.com/2022/03/heres-how-to-find-if-whatsapp-web-code.html
Details: https://thehackernews.com/2022/03/heres-how-to-find-if-whatsapp-web-code.html
Multiple vulnerabilities, including command injection, have been discovered in popular Software Package Managers—such as Composer, Bundler, Poetry, Yarn, pnpm, Pip, and Pipenv, some of which have not yet fixed the reported issues.
Read: https://thehackernews.com/2022/03/multiple-security-flaws-discovered-in.html
Read: https://thehackernews.com/2022/03/multiple-security-flaws-discovered-in.html
Google is officially buying cybersecurity company Mandiant in an all-cash deal approximately valued at $5.4 billion.
Read: https://thehackernews.com/2022/03/google-buys-cybersecurity-firm-mandiant.html
Read: https://thehackernews.com/2022/03/google-buys-cybersecurity-firm-mandiant.html
A newly discovered vulnerability (CVE-2022-25636) in the Netfilter #firewall module of Linux kernel could be exploited to gain root privileges on vulnerable systems, escape containers or cause a kernel panic.
Details: https://thehackernews.com/2022/03/new-linux-bug-in-netfilter-firewall.html
Details: https://thehackernews.com/2022/03/new-linux-bug-in-netfilter-firewall.html
If you use Git on a daily basis,
This cheat sheet is very useful!🔥
#github #developers #git #infosec #cybersecurity
This cheat sheet is very useful!🔥
#github #developers #git #infosec #cybersecurity
👍1