Tools

Secrets leaked in Postman collections

Trufflehog released a blogpost about secrets leaked on Postman collections. They interestingly break down how many and where are they leaking. https://trufflesecurity.com/blog/postman-carries-lots-of-secrets

JSON crack – visual JSON editor

JSON crack is a great tool for visualising JSONs. You can visually browse the contents and collapse or expand certain parts to make JSON easily browseable. https://jsoncrack.com/editor

JSON crack – visual JSON editor

JSON crack is a great tool for visualising JSONs. You can visually browse the contents and collapse or expand certain parts to make JSON easily browseable. https://jsoncrack.com/editor

cvemap from ProjectDiscovery

How many CVEs do you think were issued last year? 100? 1,000? 10,000? No, 24,804. Or 68 per day. It means “a” CVE doesn’t mean much. We need to find “the” CVE. The cvemap from Project Discovery is there to help us. It indexes CVEs along with attributes like the...

The Find command by @TomNomNom

My terminal workflow improved drastically after watching TomNomNom’s video with STÖK about using many useful bash commands. And it was only 36 minutes… That’s why I’m very happy to see Tom publishing his own videos because I know that he uses tools you and I use daily...

New free SSRF testing tool

@bebiksior created a tool that makes allows you to test SSRFs really easily. You no longer have to code something yourself if you need to control the HTTP response when testing for SSRFs. And it’s free to use! https://twitter.com/bebiksior/status/1723797751958257786

JS Monitoring implementation

I’ve been hearing about monitoring JS files for years now and I know that I should start doing it. Youssef Sammouda - Meta’s TOP1 hacker told me in my podcast that he chooses his targets based on monitoring JS files. But I still never got to it. Some of the reasons...

Caido catching more traction

For a long time, Burp suite was basically the HTTP proxy that everyone was using despite numerous problems that we have had with it. However, Burp’s competitor - Caido is getting more and more traction recently and is getting more people onboard. I’m happy to see it...

Shortcuts that speed up my hacking every day

Using shortcuts makes you more efficient in any job and hacking is no exception. Small gains here and there save you hours in the long run and simply allow you to find more bugs in the same amount of time. Moreover, I know it’s not 100% accurate but I have to admit...

XSS exploits made easy (and super cool)

When somebody would ask me about the real impact of an XSS, I used to say that the attacker can generally do exactly the same things as the victim. It was true - in theory, I could create a JS payload that would give me exact access to what the user is doing. The...