The Google Hacking Database (GHDB) is a collection of search queries that use Google’s search syntax in creative ways to uncover vulnerabilities, exposed databases, login portals with default credentials, sensitive files, and other information that might not be intended for public access. All contained Dorks are categorized in several categories:
tools
Tor install and usage (Arch based distro)
Install and configuration $ yay -S tor nyx torsocks torbrowser-launcher $ sudo systemctl status tor $ ss -nlt Usage Torify a command $ wget -qO – https://api.ipify.org; echo x1x1.y1y1.z1z1.t1t1 $ torsocks wget -qO – https://api.ipify.org; echo x2x2.y2y2.z2z2.t2.t2 $ sudo systemctl stop tor$ torsocks wget -qO – https://api.ipify.org; echo Torify a shell $ source torsocks on Tor mode activated. Every command will be torified for this shell. $ wget -qO –
Nuclei v3 is here
Last week nuclei was uptated to v3. This is a summary of the Nuclei v3 new features: Project discovery blog post with the full description can be found here: https://blog.projectdiscovery.io/nuclei-v3-featurefusion/ Note: By the time I uploaded my systems it has been released Nuclei v3.0.1 fixing some issues introduced with v3.0The full changelog can be checked here: https://github.com/projectdiscovery/nuclei/compare/v3.0.0…v3.0.1 $ nuclei –up $ nuclei –version
Rengine 2.0 has finally arrived
After some waiting, Rengine 2.0 is here and it comes with many changes: New additions overview: Install $ git clone https://github.com/yogeshojha/rengine.git$ edit .env(Remember to change the Postgres password) $ sudo ./install.sh The first clean installation try gave these issues. Then tried the same migration fix I needed for the old reNgine version. $ docker-compose -f docker-compose.yml exec web python3 manage.py migrate After that, a second installation attempt everything was fine.
OWASP Juice Shop
According to its Github description: OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! https://github.com/juice-shop/juice-shop It can be a very helpful tool to learn and practice your hacking
Anew: Yet Another Useful Tool for your scripts
Anew is a handy tool created by Tomnomnom for appending lines to a file while ensuring that duplicates are not added, making it useful for scripting and data processing tasks. Install go install -v github.com/tomnomnom/anew@latest Help Usage (Examples from its Github)
SpiderFoot: Your Ultimate OSINT Companion
According its Github description, SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. https://github.com/smicallef/spiderfoot Uses SpiderFoot is a versatile tool that serves both offensive and defensive
A new discovery: SimpleHTTPserver
SimpleHTTPserver is a go enhanced version of the well known python simplehttpserver with in addition a fully customizable TCP server, both supporting TLS.It will be a handy tool during your pentests. Installing go install -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver@latest Help simplehttpserver -h Flag Description Example -listen Configure listening ip:port (default 127.0.0.1:8000) simplehttpserver -listen 127.0.0.1:8000 -path Fileserver folder (default current directory) simplehttpserver -path /var/docs -verbose Verbose (dump request/response, default false) simplehttpserver -verbose -tcp TCP
«Inventory» by Trickiest: Simplifying Bug Bounty Success
In the ever-changing world of cybersecurity, bug bounty hunters play a crucial role in finding and fixing software vulnerabilities. They boost security for organizations and protect users from potential threats. To be the first in the hunt for vulnerabilities, you need the right tools and resources, and that’s where the Trickiest’s «Inventory» project comes in. Uncomplicated Bug Hunting Trickiest’s «Inventory» goes beyond being a simple repository. It’s a specialized toolkit
Project Discovery – Fuzzing Templates
Project Discovery has many amazing tools and useful repositories. Nuclei is one of the tools used daily and one of the best template lists for nuclei usage is Nuclei-Templates. Besides that awesome template collection, it exists that could help to find that finding is hiding with Nuclei-Templates. According to its description: Fuzzing templates are used with nuclei scanner which powers the actual scanning engine. This repository contains various fuzzing templates for the