Forwarded from DIMOOON 🇺🇦🦅🇺🇸
Находим XSS в "одну команду"
https://github.com/s0md3v/XSStrike
https://github.com/Emoe/kxss
https://github.com/projectdiscovery/subfinder
subfinder -d $target > target
cat target | gauplus | grep "=" > urls
cat urls | kxss
python3 xsstrike.py --seeds urls -f /path/to/payloads.txt
https://github.com/bp0lr/gauplushttps://github.com/s0md3v/XSStrike
https://github.com/Emoe/kxss
https://github.com/projectdiscovery/subfinder
Forwarded from SHADOW:Group
🖍 Автозаполнение полезных нагрузок в Burp Suite
Если вам лень все время писать полезную нагрузку в Burp Suite, то вы можете использовать расширение под названием HopLa.
Данное расширение добавляет поддержку автозаполнения и выбора полезной нагрузки, чтобы упростить процесс атаки. Кроме того, при необходимости вы можете добавить свои собственные списки.
#web #burp
Ссылка на GitHub
Если вам лень все время писать полезную нагрузку в Burp Suite, то вы можете использовать расширение под названием HopLa.
Данное расширение добавляет поддержку автозаполнения и выбора полезной нагрузки, чтобы упростить процесс атаки. Кроме того, при необходимости вы можете добавить свои собственные списки.
#web #burp
Ссылка на GitHub
Mobile Pentest
====================================================
Начнем с этого https://habr.com/ru/post/513928/
====================================================
https://manifestsecurity.com/appie/ - ALL IN ONE
====================================================
https://book.hacktricks.xyz/mobile-apps-pentesting/android-checklist
https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x03-overview
====================================================
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://mobexler.com/checklist.htm
====================================================
DefconRU - https://defcon.ru/category/mobile-security/
====================================================
Статьи:
https://dou.ua/lenta/articles/android-app-secutity-testing/
https://spy-soft.net/drozer/
https://spy-soft.net/tools-for-reversing-applications/#i-3
https://spy-soft.net/best-vulnerability-scanners/#QARK
[1] https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
[2] https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
[3] https://www.hackingarticles.in/android-pentest-automated-analysis-using-mobsf/
[4] https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
[5] https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
[6] https://www.hackingarticles.in/android-penetration-testing-frida/
[7] https://www.hackingarticles.in/android-penetration-testing-drozer/
[8] https://resources.infosecinstitute.com/topic/android-penetration-tools-walkthrough-series-drozer/#gref
[9] https://medium.com/@ashrafrizvi3006/how-to-test-android-application-security-using-drozer-edc002c5dcac
[10] https://github.com/Ignitetechnologies/Android-Penetration-Testing
=========================================================================
Уязвимое приложение InsecureBankv2. Цикл статей:
[1] https://infosecwriteups.com/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
[2] https://infosecwriteups.com/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
[3] https://infosecwriteups.com/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
[4] https://danishzia.medium.com/diva-android-app-walkthrough-bce72b7f273a
[5] https://samsclass.info/128/proj/M504.htm
=========================================================================
[1] Подписать apk - https://github.com/patrickfav/uber-apk-signer/releases/tag/v1.2.1
[2] https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/smali-changes
[3] https://github.com/51j0/Android-CertKiller
=========================================================================
Эмуляторы Android:
Genymotion https://www.genymotion.com/
NoxPlayer https://www.bignox.com/
====================================================
Начнем с этого https://habr.com/ru/post/513928/
====================================================
https://manifestsecurity.com/appie/ - ALL IN ONE
====================================================
https://book.hacktricks.xyz/mobile-apps-pentesting/android-checklist
https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x03-overview
====================================================
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://mobexler.com/checklist.htm
====================================================
DefconRU - https://defcon.ru/category/mobile-security/
====================================================
Статьи:
https://dou.ua/lenta/articles/android-app-secutity-testing/
https://spy-soft.net/drozer/
https://spy-soft.net/tools-for-reversing-applications/#i-3
https://spy-soft.net/best-vulnerability-scanners/#QARK
[1] https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
[2] https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
[3] https://www.hackingarticles.in/android-pentest-automated-analysis-using-mobsf/
[4] https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
[5] https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
[6] https://www.hackingarticles.in/android-penetration-testing-frida/
[7] https://www.hackingarticles.in/android-penetration-testing-drozer/
[8] https://resources.infosecinstitute.com/topic/android-penetration-tools-walkthrough-series-drozer/#gref
[9] https://medium.com/@ashrafrizvi3006/how-to-test-android-application-security-using-drozer-edc002c5dcac
[10] https://github.com/Ignitetechnologies/Android-Penetration-Testing
=========================================================================
Уязвимое приложение InsecureBankv2. Цикл статей:
[1] https://infosecwriteups.com/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
[2] https://infosecwriteups.com/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
[3] https://infosecwriteups.com/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
[4] https://danishzia.medium.com/diva-android-app-walkthrough-bce72b7f273a
[5] https://samsclass.info/128/proj/M504.htm
=========================================================================
[1] Подписать apk - https://github.com/patrickfav/uber-apk-signer/releases/tag/v1.2.1
[2] https://book.hacktricks.xyz/mobile-apps-pentesting/android-app-pentesting/smali-changes
[3] https://github.com/51j0/Android-CertKiller
=========================================================================
Эмуляторы Android:
Genymotion https://www.genymotion.com/
NoxPlayer https://www.bignox.com/
Хабр
Android изнутри: сравнение Dalvik и ART
Привет, Хабр! Около полугода назад я публиковал подробный «гайд» по JVM. Пост, в целом, зашел, а в комментариях спросили, не планируется ли “чего-то по андроиду”. Наконец, у меня дошли руки. В...