Subdomain discovery is an important part of information gathering. More details about subdomains in the article “How to search subdomains and build graphs of network structure with Amass” (although Amass itself was updated to version 3, and examples of commands in that article are given for Amass 2.x – therefore,Read More
Reconnoitre: Web Application Analysis Assistant
A lot of different amateur scanners and ‘frameworks’ have already been reviewed. Usually they are quite simple (and sometimes even buggy). But anyway, it is interesting for me to get acquainted with them, since quite often they contain some kind of zest – an interesting feature that you might oneRead More
How to find web server virtual host
This is a virtual host scanner manual, devoted to VHostScan tool. What are virtual hosts? A web server can host more than one site. Each of this site is a virtual host. The name (identifier) of the virtual host can be: Domain name Subdomain (of any level, for example, kali.tools,Read More
Network pivoting: concept, examples, techniques, tools
Table of contents 1. What is pivoting 2. Pivoting example 3. Redirecting (forwarding) SSH ports 4. Pivoting with ncat 5. References (more pivoting methods) 6. Pivoting tools What is pivoting Often during a penetration test or security assessment, everything starts with an external network — with research and pentesting of machines and services available fromRead More
How to bypass Cloudflare, Incapsula, SUCURI and another WAF
Web application firewalls (WAF) are add-ons (modules) of web servers (such as mod_security for Apache), or services (such as Cloudflare, Incapsula, SUCURI) that before sending a request received from a user to a web-server, analyze it and, if it can be dangerous, block or modify it. Application firewalls can additionallyRead More
How to analyze POST requests in web browsers
Modern websites are becoming more complex, using more and more libraries and web technologies. For debugging purposes, developers of complex websites and web applications required new tools. They are “Developer Tools” integrated into the web browsers themselves: Chrome devtools Firefox Developer Tools They come with browsers by default (Chrome andRead More
How to create a proxy on shared hosting
I wrote in a previous article about how to get a large number of proxies, and how to compose a list in a convenient format that can be imported into programs that use proxies. But sometimes not a list with unreliable proxies, but just one additional IP address is needed,Read More
How to test email sending in PHP on Windows
Emailing is an important feature of a website. Email can be used to confirm registration, recover a password, send a notification, etc. When writing your web application, or for debugging purposes, you may need to check the work of sending emails on your local computer. To send emails in PHP,Read More
How to add reCAPTCHA v3 to protect against parsing and spam
In this post I will show code examples for integrating reCAPTCHA v3 on the site to protect from browsing the page with bots (parsing), to protect against automatic actions on the site and to block spam. The reCAPTCHA v3 integration documentation for the site is rather poor and confusing. IRead More
How to parse proxy lists
What is a proxy? What are proxies for? A proxy is a generic name for technologies, the main result of which is that another computer makes a request to a remote host for you, and then sends you the result. That is, a proxy is an intermediary. Proxies have variousRead More