Copied from https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
target=10.0.0.1; gobuster -u http://$target -r -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt -t 150 -l | tee $target-gobuster
target=10.0.0.1; nikto -h http://$target:80 | tee $target-nikto
target=10.0.0.1; wpscan --url http://$target:80 --enumerate u,t,p | tee $target-wpscan-enum
Tuesday, January 28, 2020
[dns][reconnaissance] DNS Enumeration updated on 20200128
whois domain.com
dnsrecon -d domain.com
dnsenum domain.com
gobuster -m dns -t 100 -u domain.com -w /usr/share/wordlists/metasploit/namelist.txt
dnsrecon -d domain.com
dnsenum domain.com
gobuster -m dns -t 100 -u domain.com -w /usr/share/wordlists/metasploit/namelist.txt
Monday, January 27, 2020
[Tor]Specify the Exit Node of Tor
#vi /etc/tor/torrc
Add the following two lines on the very bottom:
ExitNodes {br}
StrictNodes 1
:wq
#/etc/init.d/tor restart
Among others, the br above, representing Brazil, is a country code. By using this way, we can confine the exit node in Brazil.
In terms of more country codes, you can refer to:
https://en.wikipedia.org/wiki/Country_code_top-level_domain
Add the following two lines on the very bottom:
ExitNodes {br}
StrictNodes 1
:wq
#/etc/init.d/tor restart
Among others, the br above, representing Brazil, is a country code. By using this way, we can confine the exit node in Brazil.
In terms of more country codes, you can refer to:
https://en.wikipedia.org/wiki/Country_code_top-level_domain
Sunday, January 26, 2020
A network hidden script through Tor and Privoxy
#!/usr/bin/perl -w
$|=1;
if( -e '/etc/init.d/tor'){
print "Tor: Installed!\n";
}else{
die "Tor: Not installed! Please install Tor through \'apt-get update\; apt-get install tor\'!\n";
}
print "Starting Tor...\n";
system('/etc/init.d/tor start 2>/dev/null');
sleep(2);
print "Check Tor\'s status...";
$output=sprintf(`netstat -anteup|grep tor|grep \'127.0.0.1:9050\'|wc -l`);
chop($output);
if($output==1){
print "ok!\n";
}else{
die "failed!\n";
}
if ( -e '/etc/init.d/privoxy'){
print "Privoxy: Installed!\n";
}else{
die "Privoxy: Not installed! Please install Privoxy through \'apt-get update\; apt-get install privoxy\'!\n";
}
print "Checking Privoxy\'s configuration...\n";
$output=sprintf(`cat /etc/privoxy/config|grep forward-socks5|grep -v \'#\'|wc -l`);
chop($output);
if($output==0){
die "forward-socks5 has been tweaked yet!\n";
}
$output=sprintf(`cat /etc/privoxy/config|grep \'\\[::1\\]:8118\'|grep -v \'#\'|wc -l`);
chop($output);
if($output!=0){
die "listen-address IPv6 has not been disabled yet!\n";
}
print "Complete!\n";
print "Starting Privoxy...\n";
system('/etc/init.d/privoxy start 2>/dev/null');
sleep(2);
print "Check Privoxy\'s status...";
$output=sprintf(`netstat -anteup|grep \'127.0.0.1:8118\'|wc -l`);
chop($output);
if($output==1){
print "ok!\n";
}else{
die "failed!\n";
}
print <<EndOutput;
HTTP/S Proxy: 127.0.0.1:8118
Socks5 Proxy: 127.0.0.1:9050
EndOutput
exit(0);
$|=1;
if( -e '/etc/init.d/tor'){
print "Tor: Installed!\n";
}else{
die "Tor: Not installed! Please install Tor through \'apt-get update\; apt-get install tor\'!\n";
}
print "Starting Tor...\n";
system('/etc/init.d/tor start 2>/dev/null');
sleep(2);
print "Check Tor\'s status...";
$output=sprintf(`netstat -anteup|grep tor|grep \'127.0.0.1:9050\'|wc -l`);
chop($output);
if($output==1){
print "ok!\n";
}else{
die "failed!\n";
}
if ( -e '/etc/init.d/privoxy'){
print "Privoxy: Installed!\n";
}else{
die "Privoxy: Not installed! Please install Privoxy through \'apt-get update\; apt-get install privoxy\'!\n";
}
print "Checking Privoxy\'s configuration...\n";
$output=sprintf(`cat /etc/privoxy/config|grep forward-socks5|grep -v \'#\'|wc -l`);
chop($output);
if($output==0){
die "forward-socks5 has been tweaked yet!\n";
}
$output=sprintf(`cat /etc/privoxy/config|grep \'\\[::1\\]:8118\'|grep -v \'#\'|wc -l`);
chop($output);
if($output!=0){
die "listen-address IPv6 has not been disabled yet!\n";
}
print "Complete!\n";
print "Starting Privoxy...\n";
system('/etc/init.d/privoxy start 2>/dev/null');
sleep(2);
print "Check Privoxy\'s status...";
$output=sprintf(`netstat -anteup|grep \'127.0.0.1:8118\'|wc -l`);
chop($output);
if($output==1){
print "ok!\n";
}else{
die "failed!\n";
}
print <<EndOutput;
HTTP/S Proxy: 127.0.0.1:8118
Socks5 Proxy: 127.0.0.1:9050
EndOutput
exit(0);
Saturday, January 25, 2020
Monday, January 20, 2020
Common activities of IT Risk Practitioner
According to <Risk Management Policy>: Carry out IT Risk Assessment annually.
According to <Risk Management Policy>: Maintain Risk Assessment ledger, Risk Register records, KRI list, and Risk Appetite.
According to <Risk Management Policy>: Periodically generate IT Risk Monitoring report so that Management could oversee risks in a real-time manner.
According to <Change Management Procedure>: Oversee Change Risks during Change Management progress as a SME.
According to <Project Management Policy>: Oversee project Risks during Project Management progress as a SME.
According to <Third-party Management Policy>: Oversee Third-party Risks during Third-party management progress as a SME. Check Master Agreements and SOWs and ensure that remediations of IT Risk are covered.
According to <System Management Policy>: During Requirement Specification documentation period, maintain a System Security Requirement template and ensure that the template is able to integrated into each Requirement Specification document.
According to <System Management Policy>: During System Design and Implementation phases, launch Threat Modeling in order to uncover system risks in advance.
According to <System Management Policy>: During UAT phase, coordinate with project teams to complete those IT Risk-related test cases.
According to <Risk Management Policy>: Maintain Risk Assessment ledger, Risk Register records, KRI list, and Risk Appetite.
According to <Risk Management Policy>: Periodically generate IT Risk Monitoring report so that Management could oversee risks in a real-time manner.
According to <Change Management Procedure>: Oversee Change Risks during Change Management progress as a SME.
According to <Project Management Policy>: Oversee project Risks during Project Management progress as a SME.
According to <Third-party Management Policy>: Oversee Third-party Risks during Third-party management progress as a SME. Check Master Agreements and SOWs and ensure that remediations of IT Risk are covered.
According to <System Management Policy>: During Requirement Specification documentation period, maintain a System Security Requirement template and ensure that the template is able to integrated into each Requirement Specification document.
According to <System Management Policy>: During System Design and Implementation phases, launch Threat Modeling in order to uncover system risks in advance.
According to <System Management Policy>: During UAT phase, coordinate with project teams to complete those IT Risk-related test cases.
Wednesday, January 15, 2020
Utilize HTTrack to crawl Dark Web
Utilize HTTrack to crawl Dark Web
Reference: http://www.httrack.com/html/httrack.man.html
Install Tor:
#apt-get update
#apt-get install tor
Install HTTrack:
#apt-get install httrack
Install Privoxy:
#apt-get install privoxy
Some Preparation:
#mkdir -p /usr/local/sbin/httrack_log
#vi /etc/privoxy/config
---------------------------------
#Uncomment the following line:
forward-socks5t / 127.0.0.1:9050 .
#And comment the following line:
#listen-address [::1]:8118
#:wq!
---------------------------------
Lauch a scan:
#/etc/init.d/tor start
#/etc/init.d/privoxy start
#httrack "http://gdaqpaukrkqwjop6.onion/" -O "/usr/local/sbin/httrack_log" "+gdaqpaukrkqwjop6.onion/*" -v -P 127.0.0.1:8118 -s0
Reference: http://www.httrack.com/html/httrack.man.html
Install Tor:
#apt-get update
#apt-get install tor
Install HTTrack:
#apt-get install httrack
Install Privoxy:
#apt-get install privoxy
Some Preparation:
#mkdir -p /usr/local/sbin/httrack_log
#vi /etc/privoxy/config
---------------------------------
#Uncomment the following line:
forward-socks5t / 127.0.0.1:9050 .
#And comment the following line:
#listen-address [::1]:8118
#:wq!
---------------------------------
Lauch a scan:
#/etc/init.d/tor start
#/etc/init.d/privoxy start
#httrack "http://gdaqpaukrkqwjop6.onion/" -O "/usr/local/sbin/httrack_log" "+gdaqpaukrkqwjop6.onion/*" -v -P 127.0.0.1:8118 -s0
Tuesday, January 14, 2020
Three common web crawlers running under Kali Linux
1) SkipFish
#mkdir -p /usr/local/sbin/skipfish_log; skipfish -o /usr/local/sbin/skipfish_log http://www.163.com; tree -a /usr/local/sbin/skipfish_log; grep -nR test /usr/local/sbin/skipfish_log
2) Metasploit
msf5>use auxiliary/crawler/msfcrawler
3) HTTrack
#mkdir -p /usr/local/sbin/httrack_log; httrack http://www.163.com -O /usr/local/sbin/httrack_log; tree -a /usr/local/sbin/httrack_log; grep -nR test /usr/local/sbin/httrack_log
#mkdir -p /usr/local/sbin/skipfish_log; skipfish -o /usr/local/sbin/skipfish_log http://www.163.com; tree -a /usr/local/sbin/skipfish_log; grep -nR test /usr/local/sbin/skipfish_log
2) Metasploit
msf5>use auxiliary/crawler/msfcrawler
3) HTTrack
#mkdir -p /usr/local/sbin/httrack_log; httrack http://www.163.com -O /usr/local/sbin/httrack_log; tree -a /usr/local/sbin/httrack_log; grep -nR test /usr/local/sbin/httrack_log
A list of Firewall Auditing manufacturers
https://www.firemon.com/products/policy-optimizer/
https://www.algosec.com/firewall-analyzer/
https://www.manageengine.com/products/firewall/firewall-compliance-management.html
https://www.tufin.com/features/compliance-audit-readiness
https://www.skyboxsecurity.com/products/skybox-firewall-assurance
https://www.titania.com/products/nipper/
https://www.solarwinds.com/free-tools/firewall-browser (free & commercial)
https://www.niiconsulting.com/Firesec.html
https://www.wallparse.com/ (free)
https://www.algosec.com/firewall-analyzer/
https://www.manageengine.com/products/firewall/firewall-compliance-management.html
https://www.tufin.com/features/compliance-audit-readiness
https://www.skyboxsecurity.com/products/skybox-firewall-assurance
https://www.titania.com/products/nipper/
https://www.solarwinds.com/free-tools/firewall-browser (free & commercial)
https://www.niiconsulting.com/Firesec.html
https://www.wallparse.com/ (free)
Monday, January 13, 2020
Subscribe to:
Posts (Atom)