- Create a directory for the project/task
- Use this directory to save everything related to the project at hand
- Use the script command to save everything to a file named by dayMonthYear-dirname
mkdir pentest.target.company.com
cd pentest.target.company.com
script "$(date +%d%m%Y)-$(pwd | tr '/' '\n' | tail -1)"
- Save your findings with screenshots in a document or system
Nmap with 20 random decoys, shows open ports, syn scan, top 100 ports
nmap -D RND:20 --open -sS p --top-ports 100 -oN nmap-open-ports target.company.com
Send 60k pkts/s with no decoys
nmap -p- --min-rate=60000 --open -sS -oN nmap-open-ports target.company.com
Map directories.
gobuster dir -u https://tareget.company.com -w /usr/share/wordlists/big.txt -t 100 -e --no-error -r -o gobuster-out
-t 100 -> 100 threads
-e -> show extended/full URLs
-r -> follow redirects
-o <file> -> save output
Browse to the found paths/URLs to see what they look like.
hydra -v -t10 -l user01 -P passwords.txt -s 2121 ftp://target.company.com
-v -> verbose
-t10 -> 10 threads
-l login -> - login to test or -L <file>
-P <pass file> -> wordlist
-s <port> -> tcp port
hydra -v -t10 -l user01 -P passwords.txt -s 2121 ftp://target.company.com
whafw00f -v https://target.company.com
nuclei
Sitemap.xml robots.txt send content to waybackmachine
whatweb
nc -v target.company.com 80 -C
OPTIONS /lfjdaljfkda HTTP/1.0<enter>
-C -> Keep connection open to accept input
echo https://target.company.com/ | html-tool comments
echo https://target.company.com/ | html-tool tags script
echo https://target.company.com/ | html-tool tags title
echo https://target.company.com/ | html-tool attribs scr
echo https://target.company.com/ | html-tool attribs scr href
echo https://target.company.com/ | html-tool attribs scr href | grep -i '.js'
echo https://target.company.com/ | html-tool attribs scr href | grep -i '.xml'
echo https://target.company.com/ | html-tool attribs scr href | grep -i '.php'
getJS --complete --url https://target.company.com
cat urls.txt | getJS
Use common params to burteforce the app
gobuster dir -u https://adm.otimatel.com.br -w /usr/share/wordlists/dirb/big.txt -e -t 100 -r --no-error -o found_files.txt -x py,bkp,old,txt,xml
grep 200 found_files.txt
cat <<EOF > lista
page
url
pg
file
files
arquivo
id
EOF
for PARAM in $(cat lista.txt); do curl http://target.company.com/download.php?${PARAM}=download.php; done
cp /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt paramlist.txt
wfuzz -c -z paramlist.txt https://target.compnay.com/download.php?FUZZ=download.php
-c -> color
-z -> payload worlist
User aritmetic, ex:
https://target.compnay.com/product.php?id=10
https://target.compnay.com/product.php?id=10-2
https://target.compnay.com/product.php?id=10+2