API tools faq
paste
Advertisement
mylamour

Skill- hack

mylamour
Feb 24th, 2018
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.80 KB | None | 0 0
raw download clone embed print report diff
  1. - Reconnaissance
  2. - Passive/Semi-Passive
  3. - Third Party Resources
  4. - Locate Target Range
  5. - ARIN - https://www.arin.net/
  6. - Fingerprint Domain/Website
  7. - Shodan - https://www.shodan.io/
  8. - Censys - https://www.censys.io/
  9. - Zoomeye - https://www.zoomeye.org
  10. - Netcraft - https://www.netcraft.com/
  11. - Extended Network Information
  12. - Central Ops - https://centralops.net/co/DomainDossier.aspx
  13. - Robtex - https://www.robtex.net/
  14. - Metasploit Scanning
  15. - auxiliary/scanner/*
  16. - portscan/tcp
  17. - http/http_version
  18. - http/tomcat_enum
  19. - http/trace_axd
  20. - Google - site:<result from above> filetype:axd OR inurl:trace.axd
  21. - Command Line Recon
  22. - Network Information
  23. - nslookup <target>
  24. - DNS cache snooping
  25. - dig <target>
  26. - Security Mechanisms
  27. - halberd
  28. - Metadata
  29. - exiftool
  30. - strings
  31. - strings -e b (big endian) OR -e l (little endian)
  32. - People Search
  33. - Yahoo People Search - http://itools.com/tool/yahoo-people-search
  34. - Switchboard - http://www.switchboard.com/person
  35. - Google Finance - https://www.google.com/finance
  36. - Zaba - http://www.zabasearch.com/
  37. - Active
  38. - Command Line Recon Tools
  39. - General Recon
  40. - Recon-NG
  41. - Automated with https://github.com/jhaddix/domain
  42. - Domain/Subdomain Information
  43. - Fierce
  44. - The Harvester
  45. - Dirb
  46. - Dirbuster
  47. - Nmap
  48. - nmap -Pn -sSU -sV --top-ports 20 <target>
  49. - Create Custom Worldlist
  50. - cewl - https://digi.ninja/projects/cewl.php
  51. - wget - http://wiki.securityweekly.com/wiki/index.php/Episode129
  52. - Software
  53. - FOCA
  54. - SPARTA
  55. - Maltego
  56. - Dirbuster
  57. - Browser Extensions
  58. - Chrome
  59. - Firefox
  60. - Safari
  61. - Google Searching
  62. - site:"target name" jobs,careers,openings,etc
  63. - intitle:"index of <Keyword>"
  64. - Keyword
  65. - .bash_history
  66. - etc/shadow
  67. - finances.xls(x)
  68. - htpasswd
  69. - inurl:maillog
  70. - site:*.edu filetype:*.bak OR <keyword>
  71. - Keyword
  72. - *.conf
  73. - *.backup
  74. - Enumeration
  75. - Internal
  76. - Scanning
  77. - Map Internal Network
  78. - Command Line Tools
  79. - arp -a
  80. - ip neigh show
  81. - smbtree -NS 2>/dev/null
  82. - nbtscan -r <current_IPrange>
  83. - netdiscover -r <current_IPrange>
  84. - nmap -n -Pn -T5 -sS <current_IPrange>
  85. - nmap NSE scripts
  86. - NFS
  87. - SMB
  88. - Pivoting
  89. - SSH Proxy Tunneling with Proxychain
  90. - http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
  91. - External
  92. - Scanning
  93. - Nmap
  94. - Unicornscan
  95. - OneTwoPunch
  96. - Combines nmap and unicorn scan https://github.com/superkojiman/onetwopunch/blob/master/onetwopunch.sh
  97. - Exploitation
  98. - External
  99. - Web Vulnerability Scanners
  100. - Burp
  101. - https://portswigger.net/burp/
  102. - My Guide: http://pastebin.com/nNHYP9Jd
  103. - Wapiti
  104. - http://wapiti.sourceforge.net/
  105. - w3af
  106. - http://w3af.org/
  107. - Nikto
  108. - https://cirt.net/Nikto2
  109. - Framework
  110. - web2attack
  111. - https://github.com/santatic/web2attack
  112. - Command Line Tools
  113. - CMSmap
  114. - https://github.com/Dionach/CMSmap
  115. - WPscan
  116. - https://wpscan.org/
  117. - Joomscan
  118. - https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
  119. - Internal
  120. - LAN Attacks
  121. - Local Python Server -
  122. - Serve Shells/Exploits
  123. - Python -M SimpleHTTPServer <port>
  124. - LLMNR/NBT-NS Poisoning
  125. - Responder - https://github.com/SpiderLabs/Responder
  126. - Listen/respond to LLMNR NBTNS requests
  127. - Local Vulnerability Scanning
  128. - LinEnum- https://github.com/rebootuser/LinEnum
  129. - Unix-privesc-check
  130. - Linux_Exploit_Suggester
  131. - Comprehensive Linux Enumeration
  132. - http://www.rebootuser.com/?p=1623
  133. - Bypass AV
  134. - PowerSploit - Python Powershell Shell
  135. - https://www.hackingloops.com/powersploit-quick-shell-for-penetration-testing/
  136. - Download Files via Command Line
  137. - https://www.greyhathacker.net/?p=500
  138. - Reverse Shells
  139. - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
  140. - https://highon.coffee/blog/reverse-shell-cheat-sheet/
  141. - Attack Tools
  142. - Responder - https://github.com/SpiderLabs/Responder
  143. - SMBExec - https://github.com/pentestgeek/smbexec
  144. - WCE - http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions/
  145. - Post-Exploitation
  146. - Comprehensive Wiki
  147. - http://pwnwiki.io/#!index.md
  148. - Pivoting
  149. - Stealing Hashes
  150. - WCE - http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions/
  151. - Password Sniffing
  152. - Tcpdump
  153. - tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep –i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=||name=|name:|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-
  154. - Ngrep
  155. - ngrep -q -W byline "GET|POST HTTP"
  156. - Dsniff
  157. - dsniff -m
  158. - Attack Frameworks/Tools
  159. - Empire
  160. - http://www.powershellempire.com/
  161. - Armitage
  162. - http://blog.cobaltstrike.com/2016/05/25/raffis-abridged-guide-to-cobalt-strike/
  163. - Privilege Escalation
  164. - PowerSploit - https://github.com/PowerShellMafia/PowerSploit
  165. - Download Files via Command Line
  166. - https://www.greyhathacker.net/?p=500
  167. - Information Gathering
  168. - LinEnum - http://www.rebootuser.com/?p=1758
  169. - Exfiltration
  170. - Detection Capabilities
  171. - Egress-Assess
  172. - https://github.com/ChrisTruncer/Egress-Assess
  173. - Outbound Port Detection (find unfiltered outbound connections)
  174. - http://www.floyd.ch/?p=352
  175. - Network Exfiltration
  176. - Phishing
  177. - Important: Immediately pivot from initial host
  178. - Tools
  179. - Empire
  180. - https://enigma0x3.net/2016/03/15/phishing-with-empire/
  181. - Gophish
  182. - https://github.com/gophish/gophish
  183. - Initial Access Techniques
  184. - Office Macros
  185. - Tools for Internal Use
  186. - PowerView - stealuserhunter
  187. - Misc.
  188. - Find Exploits
  189. - Linux
  190. - Command line
  191. - searchsploit -e Windows 7
  192. - searchsploit windows 2007 | grep -i local
  193. - Web
  194. - Exploit-db
  195. - https://www.exploit-db.com/
  196. - Packet Storm
  197. - https://packetstormsecurity.com/files/tags/exploit
  198. - Various Automation
  199. - https://github.com/leebaird/discover
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!