WARCannon, a tool released on Black Hat is supposed to enable hackers to search for vulnerabilities on a large scale using data from CommonCrawl. It would be especially useful for those doing novel research like request smuggling. Then, testing the same bug on the...
Tools
A tool to find blind-XSS
When testing a website, ideally you have access to every user role in the system. However, it's often not the case, especially for bug bounties. Thus, access to the panel where contact us messages land is hard to obtain for most programs. However, that should not...
Finding bugs in regexes, even if you don’t know them well
Incorrect fixes for bugs often originate from badly written regular expressions. Regexes are not as hard as they seem at the beginning but they are also not easy to read and definitely not easy to write. Where are they used? In many places, for example when trying to...
Finally, a useful DB with CVEs
I’m often very frustrated when looking for information about CVEs. Often, I find a useless description, along with a score of like 9/10 which sounds great but later turns out not so exploitable. AttackerKB is a Rapid7 project that gathers information about CVEs and...
Parsing HTML responses with Python
We are continuing the topic of using python as a hacking tool. Today, I will focus on processing HTTP responses using the Beautiful Soup library. It’s useful to parse HTML and it allows you to scrape data from websites without having to use headless browsers which...
Processing URLs in terminal
When attacking any target, sooner or later you will want to take a look at some URLs. Where you can obtain them? From directory brute-force, gau, copy URLs from burp and many, many other sources. This article is not about obtaining URLs. It's about what to do next...
Client-side secret scanner
I am excited! I've been trying to find a good approach to finding secrets in javascript for a while but I didn't find a good one. Usually, what I was doing during pentests was downloading the JS files locally using Burp and then scanning them using gitleaks. A browser...
A few SSH commands that you’ll certainly use
SSH - I'm sure you have used it and not once. It actually has much more functionalities than just connecting to a remote server. I prepared for you a small cheat sheet with commands that I use. authorized_keys First and foremost, it's good to configure logging in...
Speed-up your dorking
Installing the binary git clone https://github.com/tomnomnom/hacks cd webpaste go build Installing the extension Chrome > 3 dots > More tools > Extensions Enable Developer Mode Click Load unpacked and mark the extension folder which is inside the webpaste...
How to identify impact of leaked private key?
Truffle Security, the company behind the secret scanning tool called truffleHog, created another tool - Driftwood. You can use it to identify the impact of a leaked private key. It's useful because the impact of this is not easy to check as, for example, of a...