General

Cvemap from ProjectDiscovery

Introduction Cvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases. It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at aspects like how likely a vulnerability can be exploited, critical deadlines, probability assessments, and real-world exploit data. Cvemap integrates diverse and high-value

Packet Crafting and Network Exploration with Scapy

According to its main page, Scapy is a powerful interactive packet manipulation library written in Python. Scapy is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. https://scapy.net/ Install Depending on your OS and the installation method you want to use there are several options to install Scapy. pip install scapy sudo apt

Google Hacking Database

The Google Hacking Database (GHDB) is a collection of search queries that use Google’s search syntax in creative ways to uncover vulnerabilities, exposed databases, login portals with default credentials, sensitive files, and other information that might not be intended for public access. All contained Dorks are categorized in several categories:

Tor install and usage (Arch based distro)

Install and configuration $ yay -S tor nyx torsocks torbrowser-launcher $ sudo systemctl status tor $ ss -nlt Usage Torify a command $ wget -qO – https://api.ipify.org; echo x1x1.y1y1.z1z1.t1t1 $ torsocks wget -qO – https://api.ipify.org; echo x2x2.y2y2.z2z2.t2.t2 $ sudo systemctl stop tor$ torsocks wget -qO – https://api.ipify.org; echo Torify a shell $ source torsocks on Tor mode activated. Every command will be torified for this shell. $ wget -qO –

Yay mind map cheat-sheet

Today I share a small sheet sheet to learn to use yay. Yay is an AUR helper and Pacman wrapper that streamlines the management of packages on Arch Linux. It acts as a bridge between the official Arch repositories and the AUR, making it easier for users to install, update, and remove software.

«Inventory» by Trickiest: Simplifying Bug Bounty Success

In the ever-changing world of cybersecurity, bug bounty hunters play a crucial role in finding and fixing software vulnerabilities. They boost security for organizations and protect users from potential threats. To be the first in the hunt for vulnerabilities, you need the right tools and resources, and that’s where the Trickiest’s «Inventory» project comes in. Uncomplicated Bug Hunting Trickiest’s «Inventory» goes beyond being a simple repository. It’s a specialized toolkit

Feroxbuster – content discovery tool

According its description: Feroxbuster is a simple, fast, recursive content discovery tool written in Rust. Install ❯ curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash -s $HOME/.local/bin Useful options Target selection: Composite settings: Proxy settings: Request settings: Request filters: Response filters: Client settings: Scan settings: Dynamic collection settings: Output settings: Update settings: Usage examples ❯ ./feroxbuster -u https://ginandjuice.shop/ -w ~/tools/SecLists/Discovery/Web-Content/raft-medium-directories.txt -s 200

How to search for specific text in linux using grep

If you’re working with Linux and need to find a particular piece of text in a file or directory, you can use the following grep command. This is a powerful text-searching tool that allows you to search for specific patterns or strings of text within a file or directory. grep -rnw ‘/path/where/to/find’ -e ‘text_to_search’ -r: Tells grep to search recursively through all files in the specified directory and its subdirectories.-n:

Can’t post this week

This week my dad is moving to a new house, so I won’t be able to post our weekly article. Next week will be back as usual. Have a nice week!

HTB Responder

This is another of the HTB Starting Point boxes classified as very easy. $ nmap -p- -min-rate 5000 10.129.225.204 –open -v If we try to access to http://10.129.225.204 we’ll be redirected to http://unika.htb but we can’t see the site. So, let’s add it to our /etc/hostsNow we’ll obtain the correct site: $ whatweb http://unika.htb Here we can see that this site runs with php, over an Windows Apache webserver. Checking