Tag: pentest

Backdoors

A stealthy Python based Windows backdoor that uses Github as a C&C server

CanisRufus is a stealthy Python based Windows backdoor that uses Github as a command and control server. – https://github.com/maldevel/canisrufus The red wolf (Canis rufus or Canis lupus rufus), also known as the Florida wolf or Mississippi Valley wolf, is a canid of unresolved taxonomic identity native to the eastern United States. It is generally, morphologically, …

Web Penetration Testing

Web Application Information Gathering

Retrieve HTTP response header curl -I -i -X HEAD –insecure example.comcurl -I -i -X HEAD –insecure example.com echo -e ‘HEAD / HTTP/1.0\r\n\r\n’ | nc example.com 80echo -e ‘HEAD / HTTP/1.0\r\n\r\n’ | nc example.com 80 Malformed requests test GET / HTTP/3.1 Host: hostname User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html Accept-Language: en-US,en;q=0.5 Content-Length: …

OSINT

A Swiss Army Knife for OSINT

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. What Belati can do? Whois(Indonesian TLD Support) Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine Web Appalyzer Support DNS mapping / Zone Scanning Mail Harvester from Website & Search Engine Mail Harvester from MIT PGP …

Burp, Penetration Testing

Stunnel and Burp Pro

Stunnel Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled …

C/C++, libCurl

Send email with attachment using Gmail, C and libcurl – Part 3

Requirements * A Gmail account (Use a dedicated account! Do not use your personal one!) * Turn on “Access for less secure apps” under the security settings of the account. less secure apps * You may also have to enable IMAP in the account settings. The following code snippets is from Post-recon project. This project …

C++, libCurl

libcurl – Disable specific Protocols in Windows builds

libCurl – https://curl.haxx.se/docs/install.html The configure utility, unfortunately, is not available for the Windows environment, therefore, you cannot use the various disable-protocol options of the configure utility on this platform. However, you can use the following defines to disable specific protocols: HTTP_ONLY disables all protocols except HTTP CURL_DISABLE_FTP disables FTP CURL_DISABLE_LDAP disables LDAP CURL_DISABLE_TELNET disables TELNET …

C/C++, libCurl

Send email using Gmail, C and libcurl – Part 1

libcurl is a free and easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, …

OWASP, Penetration Testing

OWASP Secure Headers

OWASP Secure Headers Project involves setting headers from the server is easy and often doesn’t require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities. OWASP Secure Headers Project intends to raise awareness and use of these headers. – https://www.owasp.org/index.php/OWASP_Secure_Headers_Project Response Headers * HTTP Strict Transport Security (HSTS) …

Web Penetration Testing

Web application bruteforcer

Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports: Recursion (when doing directory discovery) Post data bruteforcing Header bruteforcing Output to HTML (easy for just clicking the links and checking the page, even with postdata!) Colored output Hide results by return code, word numbers, line numbers, etc. Url encoding Cookies …

Hacking, OSINT, Penetration Testing, Reconnaissance

Passive information gathering

Search Engines Gather information using search engines results Google Bing Reverse IP lookup using Bing: IP:x.y.z.yIP:x.y.z.y Yahoo Social Networking Sites Gather information using social networking websites Google+ LinkedIn Instagram Facebook Twitter Online databases Gather information using online databases whois shodan netcraft robtex dnshistory Online Tools Gather information using online tools mxtoolbox domain tools SSL Server …