Hi, these are the notes I took while watching the “Esoteric subdomain enumeration techniques” talk given by Bharath Kumar on LevelUp 2017.
Hi, today’s tip is an Nmap option. It’s nothing extroardinary but I haven’t been aware of it for years and the day I stumbled on it, it has simply changed my life.
So I’m sharing it with you today on the off chance that you’re not using.
Hi, I’m very happy to present you this week’s five items! They each taught me something that I’ve started using or added to my pentest/bug bounty checklist.
1. Scanners benchmark
I enjoyed reading this Web Application Vulneability Scanners Benchmark for its precision and the number of open source tools mentioned.
Currently, I’m only using Burp Pro and none of the free open source scanners. But after reading this benchmark, I think I’m going to start playing with some of the open source tools too. ZAP and Arachni in particular seem to complement Burp Pro for all the vulnerability classes tested.
Sometimes when I am on a penetration test, I need confirmation for a vulnerability’s risk score, consequences (meaning real-life exploitation scenarios) or fix recommendations.
This happens mostly when vulnerabilities are not easily exploitable or have a low impact but, as a penetration tester, I must still report them and explain to clients why they should fix them. Examples of such vulnerabilities are the TRACE method being enabled, default Apache pages being accessible, etc.
When that happens, I check for the vulnerability class in question in one of these 4 sites:
Hi, this is the second edition of The 5 Hacking NewsLetter. It’s a few days late but better late than never, right?
Grab a nice cup of coffee (or herbal tea if you’re an old soul like me) and enjoy!
Also, don’t forget to subscribe if you prefer receiving this on your inbox.
CTFR by Sheila A. Berta
This is a great tool that I’ve just added to my testing arsenal. It gets subdomains of an HTTPS website in a few seconds by abusing certificate transparency logs.