Hi, this is the second edition of The 5 Hacking NewsLetter. It’s a few days late but better late than never, right?
Grab a nice cup of coffee (or herbal tea if you’re an old soul like me) and enjoy!

1. Tool of the week #

CTFR by Sheila A. Berta

This is a great tool that I’ve just added to my testing arsenal. It gets subdomains of an HTTPS website in a few seconds by abusing certificate transparency logs.

For quick reference, here’s how to install and use it:

git clone https://github.com/UnaPibaGeek/ctfr.git
cd ctfr/
pip install -r requirements.txt
python ctfr.py -h		# Show help
python ctfr.py -d example.com	# Get subdomains of HTTPS website

2. Tweet of the week #

This is one of the best definitions of hacking I’ve ever heard! It rings especially true on days I am doing pentest challenges (when I known for a fact that there is a vulnerability but can’t find it for hours).

3. Webcast that taught me a lot of testing tips #

SANS Webcast: OSINT for Pentesters Finding Targets and Enumerating Systems

I think this webcast could be very helpful if you’re a pentester or bug bounty hunter. It offers many tips, some of which I haven’t been using and will help improve my recon process.

4. Bug bounty write-up of the week #

Stored XSS, and SSRF in Google using the Dataset Publishing Language by Craig Arendt

$18,337 for a stored XSS and a SSRF on Google! I love this insight on where and what to test in order to find such vulnerabilities on highly tested targets like Google.

My takeaways:

• The XSS payload is JavaScript put inside an XML CDATA section injected in an XML tag. The CDATA section prevents the JavaScript from being executed as XML.
• The Dataset Publishing Language tool generates a zip file. It was downloaded, unzipped, modified to add the payload, then zipped again and uploaded.

5. Another web app security podcast & Youtube channel I like #

Absolute AppSec Youtube channel & podcast

Although started recently, this podcast / Youtube channel looks very promising. They tackle different security topics with a focus on Web app security.

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…