The 5 Hacking NewsLetter 2

T5HN2.png Hi, this is the second edition of The 5 Hacking NewsLetter. It’s a few days late but better late than never, right?
Grab a nice cup of coffee (or herbal tea if you’re an old soul like me) and enjoy!

Also, don’t forget to subscribe if you prefer receiving this on your inbox.

1. Tool of the week

CTFR by Sheila A. Berta

This is a great tool that I’ve just added to my testing arsenal. It gets subdomains of an HTTPS website in a few seconds by abusing certificate transparency logs.
For quick reference, here’s how to install and use it:

git clone
cd ctfr/
pip install -r requirements.txt
python -h		# Show help
python -d	# Get subdomains of HTTPS website

2. Tweet of the week


This is one of the best definitions of hacking I’ve ever heard! It rings especially true on days I am doing pentest challenges (when I known for a fact that there is a vulnerability but can’t find it for hours).

3. Webcast that taught me a lot of testing tips

SANS Webcast: OSINT for Pentesters Finding Targets and Enumerating Systems

I think this webcast could be very helpful if you’re a pentester or bug bounty hunter. It offers many tips, some of which I haven’t been using and will help improve my recon process.

4. Bug bounty write-up of the week

Stored XSS, and SSRF in Google using the Dataset Publishing Language by Craig Arendt

$18,337 for a stored XSS and a SSRF on Google! I love this insight on where and what to test in order to find such vulnerabilities on highly tested targets like Google.

My takeaways:

  • The XSS payload is JavaScript put inside an XML CDATA section injected in an XML tag. The CDATA section prevents the JavaScript from being executed as XML.
  • The Dataset Publishing Language tool generates a zip file. It was downloaded, unzipped, modified to add the payload, then zipped again and uploaded.

5. Another web app security podcast & Youtube channel I like

Absolute AppSec Youtube channel & podcast

Although started recently, this podcast / Youtube channel looks very promising. They tackle different security topics with a focus on Web app security.

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…