whip_lash + webapp   109

GitHub - MilindPurswani/Syborg: Recursive DNS Subdomain Enumerator with dead-end avoidance system
Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server.
pentest  webapp  domain 
9 days ago by whip_lash
5 Subdomain Takeover #ProTips
Patrik was already featured in our interview series when we touched upon his research on subdomain takeovers, but now we’ll go deeper into his process. He’ll share his ProTips and methodology behind finding vulnerable subdomains.
webapp  pentest  domain 
9 days ago by whip_lash
The Top 8 Burp Suite Extensions That I Use to Hack Web Sites - TrustFoundry
Here’s a short list of extensions, in no particular order, that we use on nearly every engagement in 2019.
burp  webapp  pentest  pentesting 
9 days ago by whip_lash
Linux 25 PHP Security Best Practices For Sys Admins - nixCraft
Here are twenty-five php security best practices for Linux and Unix sysadmins for configuring PHP securely.
php  security  webapp 
28 days ago by whip_lash
Upgrade from LFI to RCE via PHP Sessions - RCE Security
As you might know PHP5 stores it’s session files by default under /var/lib/php5/sess_[PHPSESSID]
php  webapp  pentest 
5 weeks ago by whip_lash
Bluebird Promises Tutorial
Bluebird is a fully-featured Promise library for JavaScript. The strongest feature of Bluebird is that it allows you to "promisify" other Node modules in order to use them asynchronously. Promisify is a concept applied to callback functions. This concept is used to ensure that every callback function which is called returns some value.

So if a Node JS module contains a callback function which does not return a value, and if we Promisify the node module, all the function's in that specific node module would automatically be modified to ensure that it returns a value.

So you can use BlueBird to make the MongoDB module run asynchronously. This just adds another level of ease when writing Node.js applications.
nodejs  development  webapp 
5 weeks ago by whip_lash
GoSecure/dtd-finder: List DTDs and generate XXE payloads using those local DTDs.
Identify DTDs on filesystem snapshot and build XXE payloads using those local DTDs.
xxe  webapp 
6 weeks ago by whip_lash
SSRF in the Wild - The Startup - Medium
When looking for SSRF vulnerabilities, file upload URLs, proxies and webhooks are good places to start. But also pay attention to the SSRF entry points that are less obvious: URLs embedded in files that are processed by the application, hidden API endpoints that accept URLs as input, and HTML tag injections.
ssrf  pentest  webapp 
7 weeks ago by whip_lash
HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger
HTTP requests are traditionally viewed as isolated, standalone entities. In this paper, I'll explore forgotten techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous commercial and military systems, rain exploits on their visitors, and harvest over $70k in bug bounties.
webapp  pentest  security  http  requestsmuggling 
8 weeks ago by whip_lash
HTTP Request Smuggler - PortSwigger
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.
burp  requestsmuggling  webapp  pentest 
8 weeks ago by whip_lash
XXE Payloads
xxe  webapp  pentest 
11 weeks ago by whip_lash
It's been more than two years since Chris Frohoff and Garbriel Lawrence have presented their research into Java object deserialization vulnerabilities ultimately resulting in what can be readily described as the biggest wave of remote code execution bugs in Java history.

Research into that matter indicated that these vulnerabilities are not exclusive to mechanisms as expressive as Java serialization or XStream, but some could possibly be applied to other mechanisms as well.
java  webapp  deserialization  security  pentest 
11 weeks ago by whip_lash
A Deep Dive into XXE Injection
Favorite tweet:

A Deep Dive into XXE Injection : https://t.co/3W46hJEpuI pic.twitter.com/kOrt0SyOLa

— Binni Shah (@binitamshah) July 25, 2019
xxe  webapp  pentest 
12 weeks ago by whip_lash
Hacking JavaScript with JavaScript - Jarrod Overson - Medium
About a half-dozen ready-made JavaScript parsers are available in the node.js ecosystem. Others exist outside of node but if you plan to manipulate JavaScript you’re not going to find better tools in another language. The parsers are as simple to use as any other library but the complexity comes from understanding how to use their output. These JavaScript parsers produce an Abstract Syntax Tree, an AST.
javascript  webapp  pentest 
12 weeks ago by whip_lash
Intro to CakePHP for Bug Hunters - Tenable TechBlog - Medium
This guide is here to help you fast track that process for an application built using CakePHP.
php  cakephp  webapp  security  pentest 
july 2019 by whip_lash
Using Burp Suite match and replace settings to escalate your user privileges and find hidden features | Security and Bug Hunting
Favorite tweet:

I use @Burp_Suite's match/replace rules to find hidden features and elevate my client-side user permissions - my latest blog post covers some common examples and other #bugbountytips you can use in your own testing: https://t.co/mSn8PXILli #BugBounty pic.twitter.com/iWTVPBBAY7

— Jon Bottarini (@jon_bottarini) June 17, 2019
burp  webapp  pentest 
june 2019 by whip_lash
Analyse your HTTP response headers
Quickly and easily assess the security of your HTTP response headers
development  security  test  web  webapp 
may 2019 by whip_lash
Favorite tweet:

There has been some really awesome .NET research done recently, this whitepaper is a great reference when you come across .NET deserialization bugs/when code auditing. Machines running .NET have just become so much easier to own: https://t.co/xdo5YYgYto

— shubs (@infosec_au) April 4, 2019
dotnet  webapp  pentest  deserialization 
april 2019 by whip_lash
data: URI image encoder
This form will allow you to generate a valid data: URI from a file on your computer or from a web site.
data  html  image  datauri  webapp  pentest 
february 2019 by whip_lash
XXE that can Bypass WAF Protection – Wallarm
Unfortunately, bypasses exist for the WAFs of both categories.

Below we show several methods the bad guys can use to fool a WAF and get XXE through.
xxe  waf  webapp  pentest 
january 2019 by whip_lash
Top 5 Frontend Development Topics To Learn in 2019
The barebones of the idea is looking for topics I’m excited to learn about, that will give me some momentum in future learning, and where I can either get paid to take it or there’s a clear market for the skill.

Below I apply that framework based on what I’m seeing right now in the web development ecosystem, and for each area I recommend I’ve rounded up some resources to help you get started.
frontend  webapp  development 
january 2019 by whip_lash
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely
embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is
extremely easy to mistake for Cross-Site Scripting (XSS), or miss entirely. Unlike XSS, Template Injection can be used to
directly attack web servers' internals and often obtain Remote Code Execution (RCE), turning every vulnerable
application into a potential pivot point.
templateinjection  webapp  pentest 
january 2019 by whip_lash
Occurs when invalid user input is embedded into the template
• Often XSS attack occurs but SSTI can be missed
• Can lead to a remote code execution (RCE)
• Developer error or intentional exposure
templateinjection  webapp  pentest 
january 2019 by whip_lash
GitHub - epinna/tplmap: Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.
injection  template  pentest  webapp 
january 2019 by whip_lash
learn-json-web-tokens/README.md at master · dwyl/learn-json-web-tokens · GitHub
JSON Web Tokens (JWTs) make it easy to send read-only signed "claims" between services (both internal and external to your app/site). Claims are any bits of data that you want someone else to be able to read and/or verify but not alter.
authentication  security  webdev  webapp  jwt  json 
january 2019 by whip_lash
The Ultimate PHP Security Checklist - DZone Security
This security checklist aims to give developers a list of PHP security best practices they can follow to help improve the security of their code.
php  webapp  security 
january 2019 by whip_lash
GitHub - Neilpang/acme.sh: A pure Unix shell script implementing ACME client protocol
It's probably the easiest & smartest shell script to automatically issue & renew the free certificates from Let's Encrypt.
encryption  ssl  github  webapp 
december 2018 by whip_lash
Laudanum download | SourceForge.net
Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.
webapp  pentest  webshell 
december 2018 by whip_lash
GitHub - raz-varren/xsshell: An XSS reverse shell framework
XSShell is a cross-site-scripting reverse shell... Okay, well maybe it's not a true reverse shell, but it will allow you to interact in real time with an XSS victim's browser.

Just run the xsshell binary to setup your listener endpoint, do your XSS thing to get the exploit js onto the victim's browser, and as soon as they run it you should see something like this popup in your console
xss  webapp 
december 2018 by whip_lash
LightBulb Framework - Tools For Auditing WAFS - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
LightBulb is an open source python framework for auditing web application firewalls and filters.
wap  webapp  pentest 
december 2018 by whip_lash
XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.
It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.
xss  pentest  webapp 
december 2018 by whip_lash
GitHub - Voorivex/pentest-guide: Penetration tests cases, resources and guidelines.
This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 10 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.
pentest  security  owasp  webapp 
november 2018 by whip_lash
Homoglyph Attack Generator and Punycode Converter
This app is meant to make it easier to generate homographs based on Homoglyphs than having to search for look-a-like character in Unicode, then coping and pasting.
unicode  webapp  homograph 
september 2018 by whip_lash
Bypassing CSRF tokens with Python's CGIHTTPServer | Pure Hacking
There are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp Repeater, and (cautiously) even Burp Proxy. There's also Grep-Extract and pitchfork attack type specifically for Intruder. And, you might even develop your Burp Extension to do it. Sqlmap has a --csrf-token and a --csrf-url for the same purpose, or you can just configure Burp as previously stated, and run sqlmap through Burp using --proxy.

Now, here's another way, using CGIHTTPServer from python.
bugbounty  pentest  webapp  csrf 
september 2018 by whip_lash
JSON Web Tokens - jwt.io
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

JWT.IO allows you to decode, verify and generate JWT.
authentication  javascript  json  security  webapp  pentest 
august 2018 by whip_lash
maK-/parameth: This tool can be used to brute discover GET and POST parameters
This tool can be used to brute discover GET and POST parameters

Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them.
pentest  webapp 
july 2018 by whip_lash
danielmiessler/RobotsDisallowed: A harvest of the Disallowed directories from the robots.txt files of the world's top websites.
The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt files of the world's top websites--specifically the Alexa 100K.

This list of Disallowed directories is a great way to supplement content discovery during a web security assessment, since the website owner is basically saying "Don't go here; there's sensitive stuff in there!".
pentest  webapp  wordlist  gobuster 
july 2018 by whip_lash
GerbenJavado/LinkFinder: A python script that finds endpoints in JavaScript files
LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities.
javascript  pentest  webapp 
july 2018 by whip_lash
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay update on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your webapp. The goal of Retire.js is to help you detect use of version with known vulnerabilities.
javascript  security  pentest  webapp 
july 2018 by whip_lash
Web Application Penetration Testing Tool: Tracy
Tracy is a pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.
webapp  pentest  xss 
july 2018 by whip_lash
SANS Penetration Testing | Modern Web Application Penetration Testing Part 1, XSS and XSRF Together | SANS Institute
Now the code. The important parts are getting the script to run, we used a body onload. The script runs each one of the forms. The forms each contain one of the XSRF attacks. Each form loads in a different iframe. The first one runs, then the second one waits from the iframe onload to fire before it runs, and so on. Victim logs in, they check their queue, the XSS runs, the XSRF runs, they have lost control of the application, attacker win, or in this case a very effective demonstration of risk.
xss  csrf  xsrf  webapp  pentest 
june 2018 by whip_lash
SANS Penetration Testing | Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks | SANS Institute
Favorite tweet:

SANS | #PenTest Blog

Modern Web App Pen Testing Part 2, Hash Length Extension Attacks
by @adriendb (SEC642)

Blog: https://t.co/8TR2Z7OKYu pic.twitter.com/3YA3ncesym

— SANS Pen Test (@SANSPenTest) June 28, 2018
hashextension  hash  webapp  pentest  security 
june 2018 by whip_lash
Attacking Java Deserialization | NickstaDB
In this blog post I’ll attempt to clear up some confusion around deserialization vulnerabilities and hopefully lower the bar to entry in exploiting them using readily available tools. I’ll be focusing on Java, however the same concepts apply to other languages. I’ll also be focusing on command execution exploits in order to keep things simple.
java  pentesting  webapp  deserialization 
may 2018 by whip_lash
Advanced Web Shell (Full Sources) : netsec
There's multiple things that makes DAws better than every Web Shell out there
webshell  webapp  pentesting  security 
may 2018 by whip_lash
cloudtracer/paskto: Paskto - Passive Web Scanner
Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then processed through Nikto and known URL lists to identify interesting content.
webapp  pentest 
february 2018 by whip_lash
Replicator helps developers to reproduce issues discovered by pen testers. The pen tester produces a Replicator file which contains the findings in the report. Each finding includes a request, associated session rules or macros, and logic to detect presence of the vulnerability. The tester sends the Replicator file to the client alongside the report. Developers can then open the file within Burp and replicate the issues. When vulnerabilities have been fixed, Replicator provides confirmation that the attack vector used in the pen test is now blocked. A retest is still recommended, in case alternative attack vectors remain exploitable.
burp  webapp  pentest  report 
february 2018 by whip_lash
http-form-brute NSE Script
Performs brute force password auditing against http form-based authentication.
namp  nse  pentest  webapp  bruteforce 
january 2018 by whip_lash
GOWPT - Go Web Application Penetration Test - KitPloit - PenTest Tools for your Security Arsenal ☣
GOWPT is the younger brother of wfuzz a swiss army knife of WAPT, it allow pentester to perform huge activity with no stress at all, just configure it and it's just a matter of clicks.
webapp  pentest 
december 2017 by whip_lash
Tutorial: Implementing a DDoS-resistant Website Using AWS Services - AWS WAF and AWS Shield Advanced
This tutorial shows you how to use several AWS services together to build a resilient, highly secure website.
aws  webapp  webdesign  webdev  website 
november 2017 by whip_lash
« earlier      
per page:    204080120160

Copy this bookmark: