Tutoriales

reNgine: A brief overview

ReNgine is a very complete recon tool that can be very helpful to centralize all your recon in one site. Its main website defines it as: «The only web application recon tool you will ever need!« Currently is capable of performing: Subdomain Discovery Vulnerability Detection IPs and Open Ports Identification Directory and files fuzzing Screenshot Gathering Endpoints Gathering OSINT Although reNgine can be installed in a local machine, it is

Script to update go version

Although Go installation it’s a pretty straight-forward process, it can be done even easier if a script is used to install and update your golang installation. We are going to use update-golang script. $ go version $ git clone https://github.com/udhos/update-golang.git $ sudo ./update-golang.sh $ go version To finish the setup, the shell PATH should be updated. The path ‘/usr/local/go/bin’ is added to PATH using ‘/etc/profile.d/golang_path.sh’. Only if needed, GOROOT is

Wordlists for your daily work

When we do pentesting and bug bounty the most important phase is always recon and one of the most important elements for your recon is the wordlist. It is said that «Your recon is as good as your wordlist is». In our Kali Linux, there are by default different good wordlists at /usr/share/wordlists: $ cd /usr/share/wordlists dirb dirbuster fasttrack.txt fern-wifi metasploit nmap.lst rockyou.txt wfuzz While dirb, dirbuster and wfuzz can

FinalRecon (web reconnaissance tool)

As it is described in its website: FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple. https://github.com/cbk914/finalrecon Installation $ sudo apt install finalrecon Usage $ finalrecon.py <arguments> url

Ngrok: External connectivity for your PoCs

Ngrok is an application that helps you to give a way to access your local service from the Internet. It can be a useful tool to test your PoCs. This app has a free tier for your projects with non-commercial use. Installation and configuration https://ngrok.com/docs/getting-started Signup into Ngrok and download the app. It is a portable app, so you just have to download the file and run it. No dependencies

Oh my Zsh (Mac OS / Linux) – Install + Config

If Zsh shell is not previously installed: $ sudo apt install zsh Change the default shell: $ chsh -s /bin/zsh# usermod –shell /usr/bin/zsh <username> Note: This process will need to be done for every user in the system that wants to use this shell (root included) Install Oh My Zshhttps://ohmyz.sh/ $ sh -c «$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)» PowerLevel10k ZSH theme https://github.com/romkatv/powerlevel10k git clone –depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k Add the powerlevel10k theme to

Nuclei Vulnerability Scanner – Install

Nuclei is a vulnerability scanner tool from ProjectDiscovery. Using a template system, Nuclei becomes an extensible and highly configurable application that can be very helpful in pentests or bug bounty processes. In this first post, I’ll show how to install Nuclei in a Kali Linux inside a MacBook Pro with the new M1 Pro CPU. Kali Linux is installed using a VMware Fusion for Apple Silicon beta version. More info can be

Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF Documentation: https://mobsf.github.io/docs/#/ Linux requirements: Install Git: sudo apt-get install git Install Python 3.8-3.9: sudo apt-get install python3.8 Install JDK 8+: sudo apt-get install openjdk-8-jdk Install the following dependencies:sudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf For the

Pyenv install and ussage

Install $ sudo apt-get install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git$ curl https://pyenv.run | bash If we are using ZSH then we will now add the proper lines to our .zshrc. $ echo ‘export PYENV_ROOT=»$HOME/.pyenv»‘ >> ~/.zshrc$ echo ‘export PATH=»$PYENV_ROOT/bin:$PATH»‘ >> ~/.zshrc$ echo -e ‘if command -v pyenv 1>/dev/null 2>&1; then\n eval «$(pyenv init -)»\nfi’ >> ~/.zshrc Restart

BurpSuite: FoxyProxy and Burp CA cert installation

This post will guide you to install FoxyProxy plugin and the Burp CA cert in a Kali machine.  Install FoxyProxy FoxyProxy setup Run BurpSuite Access to the localhost:8080 site and download the CA cert.  Install the certificate Test