0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] 3 pages modified

This commit is contained in:
CPol 2021-02-02 09:28:03 +00:00 committed by gitbook-bot
parent 7ceef54f8f
commit 1a615e7777
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
external-recon-methodology.md
View File

@ -243,6 +243,10 @@ Once you have finished looking for subdomains you can use [**dnsgen** ](https://
While looking for **subdomains** keep an eye to see if it is **pointing** to any type of **bucket**, and in that case [**check the permissions**](pentesting/pentesting-web/buckets/)**.**
Also, as at this point you will know all the domains inside the scope, try to [**brute force possible bucket names and check the permissions**](pentesting/pentesting-web/buckets/).
### Monitorization
You can **monitor** if **new subdomains** of a domain are created by monitoring the **Certificate Transparency** Logs [**sublert** ](https://github.com/yassineaboukir/sublert/blob/master/sublert.py)does.
### Looking for vulnerabilities
Check for possible [**subdomain takeovers**](pentesting-web/domain-subdomain-takeover.md#subdomain-takeover).

3
pentesting/pentesting-web/README.md
View File

@ -184,7 +184,8 @@ Information about SSL/TLS vulnerabilities:
Launch some kind of **spider** inside the web. The goal of the spider is:
* Find all **files** and **folders** \([**gospider**](https://github.com/jaeles-project/gospider)**,** [**dirhunt**](https://github.com/Nekmo/dirhunt)**,** [**envie**](https://github.com/saeeddhqan/evine)\). [Broken link checker](https://github.com/stevenvachon/broken-link-checker) \(lets see if you can takeover something\). You can also find links using [**urlgrab**](https://github.com/IAmStoxe/urlgrab), which supports JS rendering.
* Find all **files** and **folders** \([**gospider**](https://github.com/jaeles-project/gospider)**,** [**dirhunt**](https://github.com/Nekmo/dirhunt)**,** [**envie**](https://github.com/saeeddhqan/evine)**,** [**hakrawler**](https://github.com/hakluke/hakrawler)\). [Broken link checker](https://github.com/stevenvachon/broken-link-checker) \(lets see if you can takeover something\). You can also find links using [**urlgrab**](https://github.com/IAmStoxe/urlgrab), which supports JS rendering.
* You can also find paths without accessing the web page using [**meg**](https://github.com/tomnomnom/meg), [**gau**](https://github.com/lc/gau)**.**
* Find all **possible parameters** for each executable file. You can help yourself in this matter using [ParamSpider](https://github.com/devanshbatham/ParamSpider).
* Read the next section "**Special Findings**" to search for more information on each file found.
* [hakrawler](https://github.com/hakluke/hakrawler) can also be interesting

2
pentesting/pentesting-web/buckets/aws-s3.md
View File

@ -263,6 +263,8 @@ If you want to read about how can you exploit meta-data in AWS [you should read
{% embed url="https://github.com/smaranchand/bucky" %}
{% embed url="https://github.com/tomdev/teh\_s3\_bucketeers" %}
\*\*\*\*
## **List of Open Buckets**