β οΈ S3 Bucket Recon β οΈ
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
GitHub
awsome-websecurity-checklist/Mindmaps/S3-Bucket Recon.png at main Β· securitycipher/awsome-websecurity-checklist
Contribute to securitycipher/awsome-websecurity-checklist development by creating an account on GitHub.
π7
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
β€8π1
BGPView for Reconnaissance
- Get ASN Information
- Enumerate IP Prefixes for an ASN
- Retrieve IP Address Details
- Search ASN, IP, or Domain Together
- Upstreams
- Upstreams [ IPv4 ]
- Upstreams [ IPv6 ]
- All Peers
- Extract ASN Prefixes with Peer Details
- Downstreams
- Subdomain Enumeration from ASN
- Query ASN by Organization Name
Β© Yasin
- Get ASN Information
curl -s "https://api.bgpview.io/asn/AS12345" | jq
- Enumerate IP Prefixes for an ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes" | jq '.data.ipv4_prefixes[] | .prefix'
- Retrieve IP Address Details
curl -s "https://api.bgpview.io/ip/8.8.8.8" | jq
- Search ASN, IP, or Domain Together
curl -s "https://api.bgpview.io/search?query=example.com" | jq '.data'
- Upstreams
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq
- Upstreams [ IPv4 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv4_upstreams[] | {asn, name, description, country: .country_code}'
- Upstreams [ IPv6 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv6_upstreams[] | {asn, name, description, country: .country_code}'
- All Peers
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, description, country: .country_code})'
- Extract ASN Prefixes with Peer Details
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, description, country: .country_code, prefix: .prefix})'
- Downstreams
curl -s "https://api.bgpview.io/asn/AS12345/downstreams" | jq
- Subdomain Enumeration from ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes"
dig -x $prefix
done
- Query ASN by Organization Name
curl -s "https://api.bgpview.io/search?query=google" | jq '.data.asns[] | {asn, name, description}'
Please open Telegram to view this post
VIEW IN TELEGRAM
π12π³4β€2
CVE-2024-52052, -053, -054, -055, -056: Multiple vulnerabilitites in Wowza Streaming Engine, 5.1 - 9.4 rating π₯
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
π Link: https://nt.ls/8BudC
π Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
π Link: https://nt.ls/8BudC
π Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
π1
This media is not supported in your browser
VIEW IN TELEGRAM
1. Go to
chrome://extensions2. Turn on Developer mode
3. Copy the extension ID
4. Go to
~/Library/Application Support/Google/Chrome/Default/Extensions5. Find the matching
ID then find the manifest.json file!Please open Telegram to view this post
VIEW IN TELEGRAM
π7
CVE-2024-8932, -8929, -11233, -11236, -11234: Multiple vulnerabilities in PHP, 4.8 - 9.8 rating π₯
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
π Link 1 (tag, more precisely): https://nt.ls/yIHH8
π Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
π Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
π Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
π Link 1 (tag, more precisely): https://nt.ls/yIHH8
π Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
π Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
π Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
π3β€2
Black Friday & Cyber Monday Discount at Netlas π
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subscriptions for both monthly and annual billing cycles!
The best part? This isnβt just a one-time discount β itβs your forever price as long as your subscription remains active or until base prices are reconsidered π₯
All you need to claim your forever discount is the code: BFCM2024.
π Learn more here: https://nt.ls/2WiQ0
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subscriptions for both monthly and annual billing cycles!
The best part? This isnβt just a one-time discount β itβs your forever price as long as your subscription remains active or until base prices are reconsidered π₯
All you need to claim your forever discount is the code: BFCM2024.
π Learn more here: https://nt.ls/2WiQ0
π2β€1π³1
CyberWarFare Labs is offering 90% OFF for some of its certifications, perfect especially for those looking for their first certification or to improve your skills. I highly recommend it, especially if you want an affordable option for certifications.
#NotAPaidPromotion
#NotAPaidPromotion
π4
Please open Telegram to view this post
VIEW IN TELEGRAM
π4
CVE-2024-11667: Directory Traversal in Zyxel Firewalls, 7.3 ratingβοΈ
A vulnerability in the web interface of some firewalls allows an attacker to download or upload files using a special URL.
Search at Netlas.io:
π Link: https://nt.ls/agozE
π Dork: http.favicon.hash_sha256:9a02f3cf948f9409c25070f2f057b69dda5d0aaf7fa8d056552e8bda8295ca1f
Vendor's advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
A vulnerability in the web interface of some firewalls allows an attacker to download or upload files using a special URL.
Search at Netlas.io:
π Link: https://nt.ls/agozE
π Dork: http.favicon.hash_sha256:9a02f3cf948f9409c25070f2f057b69dda5d0aaf7fa8d056552e8bda8295ca1f
Vendor's advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
π9β€1πΏ1
Please open Telegram to view this post
VIEW IN TELEGRAM
1π3π₯2β€1