Comment on page
More Tools
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
- ​https://www.nmmapper.com/sys/tools/subdomainfinder/ : 8 Subdomain finder tools, sublist3r, amass and more
- ​https://github.com/gwen001/github-search/blob/master/github-subdomains.py : Subdomain discovery in github
- ​https://github.com/TypeError/Bookmarks/blob/master/README.md : BurpExtension to avoid dozens repeater tabs
- ​https://github.com/prodigysml/Dr.-Watson : Burp plugin, offline analysis to discover domains, subdomains and IPs
- ​https://github.com/fransr/postMessage-tracker : Chrome extension for tracking post-messages functions
- ​https://github.com/Quitten/Autorize : Automatic authentication tests (remove cookies and try to send the request)
- ​https://github.com/pikpikcu/xrcross: XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
- ​https://github.com/l0ss/Grouper2 : find security-related misconfigurations in Active Directory Group Policy.
- ​https://www.wietzebeukema.nl/blog/powershell-obfuscation-using-securestring : Securestring obfuscation
- ​https://windows-internals.com/faxing-your-way-to-system/ : Series of logs about Windows Internals
- ​https://bestestredteam.com/2018/10/02/tracking-pixel-in-microsoft-office-document/ : Track who open a document
- ​https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet : Active Directory Cheat Sheet
Tools q veo q pueden molar para analizar firmares (automaticas):
Post-crema:
y por aqui la metodologia owasp para analizar firmware: https://github.com/scriptingxss/owasp-fstm​
Firmware emulation: FIRMADYNE (https://github.com/firmadyne/firmadyne/) is a platform for automating the emulation and dynamic analysis of Linux-based firmware.
- ​https://www.hackerdecabecera.com/2019/12/blectf-capture-flag-en-formato-hardware.html : Bluetooth LE CTF
- IFS (Interplanetary File System) for phising: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/using-the-interplanetary-file-system-for-offensive-operations/​
- IP rotation services: https://medium.com/@lokeshdlk77/how-to-rotate-ip-address-in-brute-force-attack-e66407259212​
- ​https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/ : Resources for starting on BugBounties
- ​https://github.com/doyensec/awesome-electronjs-hacking : This list aims to cover Electron.js security related topics.
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Last modified 7mo ago