According its Github description, SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. https://github.com/smicallef/spiderfoot Uses SpiderFoot is a versatile tool that serves both offensive and defensive
Setting Up Bluetooth on EndeavourOS: A Quick Guide
I had to set up Bluetooth on my EndeavourOS (an Arch-like distro), and here’s how I did it: Check the Bluetooth service status: $ sudo systemctl status bluetooth.service This command will display the current status of the Bluetooth service. Start and enable the Bluetooth service: $ sudo systemctl start bluetooth.service $ sudo systemctl enable bluetooth.service These command activates the Bluetooth service and ensures that it starts automatically when
Adding BlackArch Linux Repositories to Your Arch-based System
BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 2872 tools. BlackArch Linux is compatible with existing Arch installs. BlackArch Linux can be installed as a single distro using their ISOs and it is also compatible with existing/normal Arch installations. In this case it will act as an unofficial user repository. In this post we will cover the process of adding BlackArch repositories to
Kali Linux 2023.3 – What’s New and How to Upgrade
Kali Linux has released its latest version, Kali Linux 2023.3. While it may not shout about flashy features, this release is all about power under the hood.In this post, we’ll break down the changes in Kali Linux 2023.3 and guide you on upgrading. Revamped Internal Infrastructure The big news here is a major overhaul of Kali’s internal infrastructure. With Debian 12 in the house, the Kali team decided it was
A new discovery: SimpleHTTPserver
SimpleHTTPserver is a go enhanced version of the well known python simplehttpserver with in addition a fully customizable TCP server, both supporting TLS.It will be a handy tool during your pentests. Installing go install -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver@latest Help simplehttpserver -h Flag Description Example -listen Configure listening ip:port (default 127.0.0.1:8000) simplehttpserver -listen 127.0.0.1:8000 -path Fileserver folder (default current directory) simplehttpserver -path /var/docs -verbose Verbose (dump request/response, default false) simplehttpserver -verbose -tcp TCP
Testing Docker WordPress environment
Next few days I will enjoying some holidays and I wanted to play a bit with WordPress security. The first step is a testing environment to avoid messing with my own production WordPress.One of the easiest ways is a local environment using Docker. In this post, I will describe the steps to create a new WordPress installation where you will be able to test everything you need. I will be
«Inventory» by Trickiest: Simplifying Bug Bounty Success
In the ever-changing world of cybersecurity, bug bounty hunters play a crucial role in finding and fixing software vulnerabilities. They boost security for organizations and protect users from potential threats. To be the first in the hunt for vulnerabilities, you need the right tools and resources, and that’s where the Trickiest’s «Inventory» project comes in. Uncomplicated Bug Hunting Trickiest’s «Inventory» goes beyond being a simple repository. It’s a specialized toolkit
Security Update: Nuclei Vulnerability CVE-2023-37896
Introduction: Last week, a critical security vulnerability, identified as CVE-2023-37896, surfaced within the Nuclei project – a potent vulnerability scanner renowned for pinpointing security weaknesses. In this comprehensive blog post, we delve into the intricacies of this vulnerability, discuss its potential implications, and outline the steps users must take to safeguard their systems. Understanding the Vulnerability: The vulnerability, formally designated as CVE-2023-37896, casts a shadow over Nuclei versions predating 2.9.9.
Burp Suite Academy: Exploiting XXE to perform SSRF attacksBurp Suite Academy
This lab has a «Check stock» feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. This endpoint can be used to retrieve data about the instance, some of which might be sensitive. To solve the lab, exploit the XXE vulnerability to perform an SSRF attack that obtains the server’s IAM secret access
Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy
This lab has a «Check stock» feature that parses XML input and returns any unexpected values in the response. To solve the lab, inject an XML external entity to retrieve the contents of the /etc/passwd file. Checking the request using Burp: Looking at the Port Swigger XML external entity (XXE) injection documentation we can learn a bit about this vulnerability. Send to Repeater and add the payload. The response will be: