reconFTW – Yet another new recon tool

According to its GitHub page, reconFTW is desdribed as: ReconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target. ReconFTW uses a lot of techniques (passive, bruteforce, permutations, certificate transparency, source code scraping, analytics, DNS records…) for subdomain enumeration which helps you to get the maximum and the most interesting subdomains so that

explainshell.com – A tool to learn what all the command-line argument means

Have you ever had any doubts about the meaning of the arguments of some command-line tools? https://explainshell.com is a tool where you write the command and it explains you in an easy way the meaning of each of the parameters. For example if you write: ssh -i keyfile -f -N -L 1234:www.google.com:80 host The output of the ths tool will be: Or maybe: cut -d ‘ ‘ -f 1 /var/log/apache2/access_logs

Katana: a new crawling and spidering tool

A new web crawler and spidering tool from ProjectDiscovery.io has been released. Install katana requires Go 1.18 to install successfully. go install github.com/projectdiscovery/katana/cmd/katana@latest Usage Input Crawling Mode According to Katana’s documentation: Standard Mode Standard crawling modality uses the standard go HTTP library under the hood to handle HTTP requests/responses. This modality is much faster as it doesn’t have the browser overhead. Still, it analyzes HTTP responses body as is, without any javascript

Fixed – [oh-my-zsh] Can’t update: not a git repository.

This week I upgraded my Macbook to the latest version and since the update, I realized that every time I opened a new terminal I had this warning issue from Oh-my-Zsh. [oh-my-zsh] Can’t update: not a git repository. If you search a bit, there are several messages explaining that this error may be due to the application folder has been messed up and the .git folder being lost. It wasn’t

Burp Suite Academy lab – Stored XSS into HTML context with nothing encoded

This lab contains a stored cross-site scripting vulnerability in the comment functionality.To solve this lab, submit a comment that calls the alert function when the blog post is viewed. Access to the lab https://0a7900e404a806d2c000170700c90074.web-security-academy.net Solution Click on View post button: https://0a7900e404a806d2c000170700c90074.web-security-academy.net/post?postId=6 At the bottom of the page, there is a comments section where you can add a message. We can try to use the comment system to place our payload. Now access again to

Burp Suite Academy lab – Reflected XSS into HTML context with nothing encoded

Today we start a new series of CTF lab solutions. In this case, we start to solve labs from the Burp Suite Academy from portswigger.net Objective: This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.To solve the lab, perform a cross-site scripting attack that calls the alert function. Solution: The lab’s URL is always a random series of characters followed by the domain web-security-academy.netIn this case,

What is my external ip?

This is a small script to know what is our external ip from the terminal.

HTB Mongod

This is another of the Very easy HTB Starting Point boxes. $ nmap -sV -p- 10.129.143.75 –min-rate 5000 As we can see in the Nmap results we hava a MongoDB version 3.6.8 MongoDB is a NoSQL database.You can find more information in their documentation here: https://www.mongodb.com/docs To be able to interact with the db, we need to install the MongoDB package into our Kali Linux. it is included in the

How to fix – Warning apt-key is deprecated

Last week I tried to install Ulauncher into a Linux Mint 21 freshly installed. After installing Ulauncher using: sudo add-apt-repository ppa:agornostal/ulauncher && sudo apt update && sudo apt install ulauncher I got this error: «Warning apt-key is deprecated«. After some Googling, I found this that help me to fix it. Fixing process: $ sudo apt-key list Now, we need to remember the last 8 Hexa digits (99503176) of the corresponding

Bat overview

Bat is a cat clone tool with many extra features: Syntax highlighting Git integration Show non-printable characters Automatic paging File concatenation Installation For a macOs sytem. (For other systems check the specific installation description in the documentation) ❯ brew install bat Usage Display a single file on the terminal ❯ bat file.txt Display multiple files at once ❯ bat *.txt Read from the stdin and detect the syntax automatically ❯