SHOW:
|
|
- or go back to the newest paste.
| 1 | - Reconnaissance | |
| 2 | - Passive/Semi-Passive | |
| 3 | - Third Party Resources | |
| 4 | - Locate Target Range | |
| 5 | - ARIN - https://www.arin.net/ | |
| 6 | - Fingerprint Domain/Website | |
| 7 | - Shodan - https://www.shodan.io/ | |
| 8 | - Censys - https://www.censys.io/ | |
| 9 | - Zoomeye - https://www.zoomeye.org | |
| 10 | - Netcraft - https://www.netcraft.com/ | |
| 11 | - Extended Network Information | |
| 12 | - Central Ops - https://centralops.net/co/DomainDossier.aspx | |
| 13 | - Robtex - https://www.robtex.net/ | |
| 14 | - Metasploit Scanning | |
| 15 | - auxiliary/scanner/* | |
| 16 | - portscan/tcp | |
| 17 | - http/http_version | |
| 18 | - http/tomcat_enum | |
| 19 | - http/trace_axd | |
| 20 | - Google - site:<result from above> filetype:axd OR inurl:trace.axd | |
| 21 | - Command Line Recon | |
| 22 | - Network Information | |
| 23 | - nslookup <target> | |
| 24 | - DNS cache snooping | |
| 25 | - dig <target> | |
| 26 | - Security Mechanisms | |
| 27 | - halberd | |
| 28 | - Metadata | |
| 29 | - exiftool | |
| 30 | - strings | |
| 31 | - strings -e b (big endian) OR -e l (little endian) | |
| 32 | - People Search | |
| 33 | - Yahoo People Search - http://itools.com/tool/yahoo-people-search | |
| 34 | - Switchboard - http://www.switchboard.com/person | |
| 35 | - Google Finance - https://www.google.com/finance | |
| 36 | - Zaba - http://www.zabasearch.com/ | |
| 37 | - Active | |
| 38 | - Command Line Recon Tools | |
| 39 | - General Recon | |
| 40 | - Recon-NG | |
| 41 | - Automated with https://github.com/jhaddix/domain | |
| 42 | - Domain/Subdomain Information | |
| 43 | - Fierce | |
| 44 | - The Harvester | |
| 45 | - Dirb | |
| 46 | - Dirbuster | |
| 47 | - Nmap | |
| 48 | - nmap -Pn -sSU -sV --top-ports 20 <target> | |
| 49 | - Create Custom Worldlist | |
| 50 | - cewl - https://digi.ninja/projects/cewl.php | |
| 51 | - wget - http://wiki.securityweekly.com/wiki/index.php/Episode129 | |
| 52 | - Software | |
| 53 | - FOCA | |
| 54 | - SPARTA | |
| 55 | - Maltego | |
| 56 | - Dirbuster | |
| 57 | - Browser Extensions | |
| 58 | - Chrome | |
| 59 | - Firefox | |
| 60 | - Safari | |
| 61 | - Google Searching | |
| 62 | - site:"target name" jobs,careers,openings,etc | |
| 63 | - intitle:"index of <Keyword>" | |
| 64 | - Keyword | |
| 65 | - .bash_history | |
| 66 | - etc/shadow | |
| 67 | - finances.xls(x) | |
| 68 | - htpasswd | |
| 69 | - inurl:maillog | |
| 70 | - site:*.edu filetype:*.bak OR <keyword> | |
| 71 | - Keyword | |
| 72 | - *.conf | |
| 73 | - *.backup | |
| 74 | - Enumeration | |
| 75 | - Internal | |
| 76 | - Scanning | |
| 77 | - Map Internal Network | |
| 78 | - Command Line Tools | |
| 79 | - arp -a | |
| 80 | - ip neigh show | |
| 81 | - smbtree -NS 2>/dev/null | |
| 82 | - nbtscan -r <current_IPrange> | |
| 83 | - netdiscover -r <current_IPrange> | |
| 84 | - nmap -n -Pn -T5 -sS <current_IPrange> | |
| 85 | - nmap NSE scripts | |
| 86 | - NFS | |
| 87 | - SMB | |
| 88 | - Pivoting | |
| 89 | - SSH Proxy Tunneling with Proxychain | |
| 90 | - http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html | |
| 91 | - External | |
| 92 | - Scanning | |
| 93 | - Nmap | |
| 94 | - Unicornscan | |
| 95 | - OneTwoPunch | |
| 96 | - Combines nmap and unicorn scan https://github.com/superkojiman/onetwopunch/blob/master/onetwopunch.sh | |
| 97 | - Exploitation | |
| 98 | - External | |
| 99 | - Web Vulnerability Scanners | |
| 100 | - Burp | |
| 101 | - https://portswigger.net/burp/ | |
| 102 | - My Guide: http://pastebin.com/nNHYP9Jd | |
| 103 | - Wapiti | |
| 104 | - http://wapiti.sourceforge.net/ | |
| 105 | - w3af | |
| 106 | - http://w3af.org/ | |
| 107 | - Nikto | |
| 108 | - https://cirt.net/Nikto2 | |
| 109 | - Framework | |
| 110 | - web2attack | |
| 111 | - https://github.com/santatic/web2attack | |
| 112 | - Command Line Tools | |
| 113 | - CMSmap | |
| 114 | - https://github.com/Dionach/CMSmap | |
| 115 | - WPscan | |
| 116 | - https://wpscan.org/ | |
| 117 | - Joomscan | |
| 118 | - https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project | |
| 119 | - Internal | |
| 120 | - LAN Attacks | |
| 121 | - Local Python Server - | |
| 122 | - Serve Shells/Exploits | |
| 123 | - Python -M SimpleHTTPServer <port> | |
| 124 | - LLMNR/NBT-NS Poisoning | |
| 125 | - Responder - https://github.com/SpiderLabs/Responder | |
| 126 | - Listen/respond to LLMNR NBTNS requests | |
| 127 | - Local Vulnerability Scanning | |
| 128 | - LinEnum- https://github.com/rebootuser/LinEnum | |
| 129 | - Unix-privesc-check | |
| 130 | - Linux_Exploit_Suggester | |
| 131 | - Comprehensive Linux Enumeration | |
| 132 | - http://www.rebootuser.com/?p=1623 | |
| 133 | - Bypass AV | |
| 134 | - PowerSploit - Python Powershell Shell | |
| 135 | - https://www.hackingloops.com/powersploit-quick-shell-for-penetration-testing/ | |
| 136 | - Download Files via Command Line | |
| 137 | - https://www.greyhathacker.net/?p=500 | |
| 138 | - Reverse Shells | |
| 139 | - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet | |
| 140 | - https://highon.coffee/blog/reverse-shell-cheat-sheet/ | |
| 141 | - Attack Tools | |
| 142 | - Responder - https://github.com/SpiderLabs/Responder | |
| 143 | - SMBExec - https://github.com/pentestgeek/smbexec | |
| 144 | - WCE - http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions/ | |
| 145 | - Post-Exploitation | |
| 146 | - Comprehensive Wiki | |
| 147 | - http://pwnwiki.io/#!index.md | |
| 148 | - Pivoting | |
| 149 | - Stealing Hashes | |
| 150 | - WCE - http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions/ | |
| 151 | - Password Sniffing | |
| 152 | - Tcpdump | |
| 153 | - tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep –i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=||name=|name:|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line- | |
| 154 | - Ngrep | |
| 155 | - ngrep -q -W byline "GET|POST HTTP" | |
| 156 | - Dsniff | |
| 157 | - dsniff -m | |
| 158 | - Attack Frameworks/Tools | |
| 159 | - Empire | |
| 160 | - http://www.powershellempire.com/ | |
| 161 | - Armitage | |
| 162 | - http://blog.cobaltstrike.com/2016/05/25/raffis-abridged-guide-to-cobalt-strike/ | |
| 163 | - Privilege Escalation | |
| 164 | - PowerSploit - https://github.com/PowerShellMafia/PowerSploit | |
| 165 | - Download Files via Command Line | |
| 166 | - https://www.greyhathacker.net/?p=500 | |
| 167 | - Information Gathering | |
| 168 | - LinEnum - http://www.rebootuser.com/?p=1758 | |
| 169 | - Exfiltration | |
| 170 | - Detection Capabilities | |
| 171 | - Egress-Assess | |
| 172 | - https://github.com/ChrisTruncer/Egress-Assess | |
| 173 | - Outbound Port Detection (find unfiltered outbound connections) | |
| 174 | - http://www.floyd.ch/?p=352 | |
| 175 | - Network Exfiltration | |
| 176 | - Phishing | |
| 177 | - Important: Immediately pivot from initial host | |
| 178 | - Tools | |
| 179 | - Empire | |
| 180 | - https://enigma0x3.net/2016/03/15/phishing-with-empire/ | |
| 181 | - Gophish | |
| 182 | - https://github.com/gophish/gophish | |
| 183 | - Initial Access Techniques | |
| 184 | - Office Macros | |
| 185 | - Tools for Internal Use | |
| 186 | - PowerView - stealuserhunter | |
| 187 | - Misc. | |
| 188 | - Find Exploits | |
| 189 | - Linux | |
| 190 | - Command line | |
| 191 | - searchsploit -e Windows 7 | |
| 192 | - searchsploit windows 2007 | grep -i local | |
| 193 | - Web | |
| 194 | - Exploit-db | |
| 195 | - https://www.exploit-db.com/ | |
| 196 | - Packet Storm | |
| 197 | - https://packetstormsecurity.com/files/tags/exploit | |
| 198 | - Various Automation | |
| 199 | - https://github.com/leebaird/discover |
