starter part 5

10. Enumeration (Active):

• -Discovering other websites on the same server - vhosts https://geekflare.com/multiple-domains-on-one-server-with-apache-nginx/

• -Gathering dns information actively https://medium.com/@kalhara.sampath/active-and-passive-information-gathering-techniques-5b1c15290ee7

• -Discovering subdomains https://geekflare.com/find-subdomains/

• -Alive domains with httprobe https://www.youtube.com/watch?v=-MV3k8ZeFhk

• -Extracting usernames, machine names, network resources, shares https://resources.infosecinstitute.com/topic/process-scanning-and-enumeration/

• -Discovering ports and services https://nmap.org/book/port-scanning-tutorial.html

• -Vulnerability scan with nmap https://isc.sans.edu/forums/diary/Using+Nmap+As+a+Lightweight+Vulnerability+Scanner/26098/ https://www.forensicsinstitute.org/vulnerability-scanning-essentials-with-nmap/

• -Auto and Manual port enumeration https://github.com/21y4d/nmapAutomator https://fareedfauzi.gitbook.io/oscp-notes/port-scanning/nmap-scanning

• -Discovering sensitive files https://controls-assessment-specification.readthedocs.io/en/latest/control-14/control-14.5.html https://github.com/m8r0wn/ActiveReign

• -Security Countermeasures http://etutorials.org/Networking/network+security+assessment/Chapter+3.+Internet+Host+and+Network+Enumeration/3.5+Enumeration+Countermeasures/

Study

The Art of Subdomain Enumeration - a reference for subdomain enumeration techniques

Practice

Tryhackme rooms for introduction to some popular tools (@xan0er)

• Tmux https://tryhackme.com/room/rptmux

• Nmap https://tryhackme.com/room/rpnmap

• Web Scanning https://tryhackme.com/room/rpwebscanning

• Sublist3r https://tryhackme.com/room/rpsublist3r

• Web Scanning https://tryhackme.com/room/rpwebscanning

  Subdomain Finding: https://bitbucket.org/LaNMaSteR53/recon-ng https://github.com/michenriksen/aquatone https://github.com/aboul3la/Sublist3r https://github.com/rbsec/dnscan https://github.com/Cleveridge/cleveridge-subdomain-scanner

  vhosts extraction: https://pentest-tools.com/information-gathering/find-virtual-hosts https://github.com/jobertabma/virtual-host-discovery https://github.com/ChrisTruncer/EyeWitness httpscreenshot https://github.com/breenmachine/httpscreenshot/ WAF (+ WAF type) — https://github.com/EnableSecurity/wafw00f https://github.com/danielmiessler/SecLists https://github.com/yasinS/sandcastle https://digi.ninja/projects/bucket_finder.php

   

  Open Source tool list : Google Hacking https://pentest-tools.com/information-gathering/google-hacking Goohak https://github.com/1N3/Goohak/ Goog D0rker https://github.com/ZephrFish/GoogD0rker/ Dnsscan https://github.com/rbsec/dnscan Sn1per https://github.com/1N3/Sn1per (for web) Gitrob https://github.com/michenriksen/gitrob (for github) Trufflehog https://github.com/dxa4481/truffleHog RepoSessed https://github.com/IOActive/RepoSsessed Git All Secrets https://github.com/anshumanbh/git-all-secrets Knockpy https://github.com/guelfoweb/knock Sublist3r https://github.com/aboul3la/Sublist3r massdns https://github.com/blechschmidt/massdns nmap https://nmap.org masscan https://github.com/robertdavidgraham/masscan EyeWitness https://github.com/ChrisTruncer/EyeWitness DirBuster https://sourceforge.net/projects/dirbuster/ dirsearch https://github.com/maurosoria/dirsearch Gitrob https://github.com/michenriksen/gitrob git-secrets https://github.com/awslabs/git-secrets sandcastle https://github.com/yasinS/sandcastle bucket_finder https://digi.ninja/projects/bucket_finder.php GoogD0rker https://github.com/ZephrFish/GoogD0rker/ waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050Sn1per https://github.com/1N3/Sn1per/ XRay https://github.com/evilsocket/xray wfuzz https://github.com/xmendez/wfuzz/ patator https://github.com/lanjelot/patator datasploit https://github.com/DataSploit/datasploit hydra https://github.com/vanhauser-thc/thc-hydra changeme https://github.com/ztgrace/changeme MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/ Apktool https://github.com/iBotPeaches/Apktool dex2jar https://sourceforge.net/projects/dex2jar/ sqlmap http://sqlmap.org/ oxml_xxe https://github.com/BuffaloWill/oxml_xxe/

  XXE Injector https://github.com/enjoiz/XXEinjector The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool ground-control https://github.com/jobertabma/ground-control ssrfDetector https://github.com/JacobReynolds/ssrfDetector LFISuit https://github.com/D35m0nd142/LFISuite GitTools https://github.com/internetwache/GitTools dvcs-ripper https://github.com/kost/dvcs-ripper tko-subs https://github.com/anshumanbh/tko-subs HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer Race the Web https://github.com/insp3ctre/race-the-web ysoserial https://github.com/GoSecure/ysoserial PHPGGC https://github.com/ambionics/phpggc CORStest https://github.com/RUB-NDS/CORStest retire-js https://github.com/RetireJS/retire.js getsploit https://github.com/vulnersCom/getsploit Findsploit https://github.com/1N3/Findsploit bfac https://github.com/mazen160/bfac WPScan https://wpscan.org/ CMSMap https://github.com/Dionach/CMSmap Amass https://github.com/OWASP/Amass