Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

1337.yehg.net by Mind Map: 1337.yehg.net
0.0 stars - 0 reviews range from 0 to 5

1337.yehg.net

Recon

Web

Technology Sniffers, BuiltWith, https://builtwith.com/, WhatWeb, http://whatweb.net

Cloudflare Decloaker, http://www.crimeflare.com/cfs.html

NetCraft, http://toolbar.netcraft.com/site_report?url=www.facebook.com

Archive Finder, https://archive.is/

Malware Checker, https://quttera.com/website-malware-scanner

Google Index Retriever, https://www.elevenpaths.com/labstools/googleindexretriever/index.html

DNS

dig Online, https://www.digwebinterface.com/

Subdomain Scanner from SSL Certs, https://crt.sh/?, eg, https://crt.sh/?q=%25.facebook.com

DUMPSTER, https://dnsdumpster.com/

DMARC, http://mxtoolbox.com/SuperTool.aspx?action=dmarc:ebay.com&run=toolpage#

SPF, http://mxtoolbox.com/SuperTool.aspx?action=spf:ebay.com&run=toolpage#

DNSSec, http://dnssec-debugger.verisignlabs.com/verisignlabs.com, http://viewdns.info/dnssec/?domain=verisignlabs.com

DKIM, https://www.mail-tester.com/toolsresult?domainname=ebay.com&dkim_selector=dkim

NS History, http://whoisrequest.com/history/

Whois, whoisology.com

https://toolbox.googleapps.com/apps/main/

Mail Server

TLS Support, http://mxtoolbox.com/SuperTool.aspx?action=smtp:smtp.gmail.com&run=toolpage

All-in-One

https://1337.yehg.net/wsa.php, Last update: 2016-11-24

GHDB

https://www.exploit-db.com/google-hacking-database/

Shodan

https://www.shodan.io/search?query=facebook.com

Public Disclosure

https://www.openbugbounty.org/

www.zone-h.org/archive

http://www.hack-mirror.com/

Crypto

Hash Finder, http://finder.insidepro.com/, https://github.com/psypanda/hashID

Hash Verifier, http://verifier.insidepro.com/

Encrypt/Decrypt, AES, https://www.browserling.com/tools/aes-decrypt, https://www.browserling.com/tools/aes-encrypt

people

www.spokeo.com/

https://www.connectifier.com

https://www.crystalknows.com

http://www.zabasearch.com

https://pipl.com

Image

Tracer, https://blog.pinterest.com/en/our-crazy-fun-new-visual-search-tool, https://www.tineye.com, https://ctrlq.org/google/images/

Exif Viewer, http://metapicz.com/#landing

Meta Data

https://www.elevenpaths.com/labstools/metashield-analyzer-2/index.html

Web Vulnerability Assessment

XSS

XSSHunter, https://xsshunter.com/app, INFO: Registration required

Referer XSS Generator (IE only), https://1337.yehg.net/ie-referer-xsser.php

WebGun, XSS Payload Creator, http://brutelogic.com.br/webgun/

Flash-based XSSer, https://1337.yehg.net/flash-xsser.php

Encoders, CAL9000, https://1337.yehg.net/CAL9000/, YEHG Encoder, http://yehg.net/encoding/?, utf8.jp's JS Encoders, JSF*ck, http://utf-8.jp/public/jsfuck.html, JJEncode, http://utf-8.jp/public/jjencode.html

POST XSS Forwarder, http://whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://xss.progphp.com/xss1.html&foo=done

POC Testing and Creation, JSBin, https://jsbin.com/, JSFiddle, https://jsfiddle.net/, HTML Editors, https://1337.yehg.net/htmledit/, http://htmledit.squarefree.com/, http://ckeditor.com/, http://codepen.io/pen/, PHP Editor, http://phptester.net/

Shazzer, http://shazzer.co.uk/database

References, ScriptMapping, https://1337.yehg.net/ScriptMapping_Release_26Nov2007.htm, HTML5Sec Wiki, http://html5sec.org/, BrowserSec Wiki, https://code.google.com/archive/p/browsersec/wikis/Main.wiki

Security Headers

https://securityheaders.io/

SSL/TLS Scan

SSLLabs, https://www.ssllabs.com

Bypass/Evasion

Referer Check, https://1337.yehg.net/bypass_referrer_checker.php

Cloud-based WAF, CloudFlare, https://www.youtube.com/watch?v=pqdj0uIJb40, http://www.securityidiots.com/Web-Pentest/Information-Gathering/Cloudflare-Bypass/Part-2-Cloudflare-Security-Bypass.html

SecApps

https://secapps.com/#login, INFO: Useful when you don't have client-side certificate key to intercept the app's traffic with standalone proxy tools like Burp

XFS

Sample POC, https://1337.yehg.net/cross_site_framing.php

Cross Site Framing Exploit Generator (Samy's QuickJack), http://samy.pl/quickjack/

CSRF

GET-based Image Tag, https://1337.yehg.net/cross_site_request_forgery.php

Two-Stage CSRF Prompt Bypass Generator (GET-based), https://1337.yehg.net/two-stage_csrf_prompt_bypass_generator.php

Two-Stage CSRF Token Bypass Generator (GET-based), https://1337.yehg.net/two-stage_csrf_token_bypass_generator.php

Browser Addons

Chrome, http://bl0g.yehg.net/2012/06/google-chrome-add-ons-for-web-app.html

Firefox, https://addons.mozilla.org/en-US/firefox/collections/yehgdotnet/webhacker/

Reverse Tab Hijacker

https://1337.yehg.net/tab_jacker.php, Non-Vulnerable Demo, https://jsbin.com/lapitinelo, Vulnerable Demo, https://jsbin.com/hizozuyije

Misc

JSBeautifier, http://jsbeautifier.org/

SQL Injection

http://www.sqlinjectionwiki.com/

http://websec.ca/kb/sql_injection

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

Database Type, MySQL, http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet, http://websec.ca/kb/sql_injection#MySQL_Default_Databases, https://dl.packetstormsecurity.net/papers/general/MySQL_OOB_Hacking.pdf, Oracle, http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet, http://websec.ca/kb/sql_injection#Oracle_Default_Databases, Ingres, http://pentestmonkey.net/cheat-sheet/sql-injection/ingres-sql-injection-cheat-sheet, MSSQL, http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet, http://websec.ca/kb/sql_injection#MSSQL_Default_Databases, PostgreSQL, http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet, DB2, http://pentestmonkey.net/cheat-sheet/sql-injection/db2-sql-injection-cheat-sheet, Informix, http://pentestmonkey.net/cheat-sheet/sql-injection/informix-sql-injection-cheat-sheet, MSAccess, http://nibblesec.org/files/MSAccessSQLi/MSAccessSQLi.html, SQLite, https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet

Evasion Techniques, https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/, http://pentestmonkey.net/blog/exploiting-a-tricky-sql-injection-with-sqlmap, http://www.forkbombers.com/2016/07/sqlmap-tamper-scripts-update.html

Others

Burp to CSV/SQLite, https://labs.nccgroup.trust/reflux/

TypoFinder, https://labs.nccgroup.trust/typofinder/

WebSite Cloning, wget -mk -nH URL, beef Rest API, SET tool, HTML Editor online, https://html-online.com/editor/

CMS, wpscan, https://wpscan.org/, https://wpscans.com/#section-features

References

Blogs, http://blog.portswigger.net/, https://blog.sucuri.net/, https://www.netsparker.com/blog/, http://www.websecgeeks.com/

https://peteris.rocks/blog/exotic-http-headers/

Notable Advisories

SSRF, http://www.security-assessment.com/files/documents/advisory/SplunkAdvisory.pdf

XXE, http://nerdint.blogspot.sg/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html, ..

X-HTTP-Method-Override: GET/POST, http://www.security-assessment.com/files/documents/advisory/Cisco-Prime-Infrastructure-Release.pdf

Exploitable Session Fixation (Noob to learn), http://www.security-assessment.com/files/documents/advisory/Oracle_WebLogic_Server_Session_Fixation_via_HTTP_POST.pdf

Non-File-Upload Vulnerability in File Upload, Command Execution, .., http://www.vantagepoint.sg/research/11-vp-2014-007-remote-command-injection-in-symantec-encryption-gateway

Servers

Apache, http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html

WAFs

https://www.mazinahmed.net/uploads/Evading%20All%20Web-Application%20Firewalls%20XSS%20Filters.pdf

Proof of Concept Files

File Upload/Rename Testing

Executable file extensions, https://www.amazon.com/clouddrive/share/bwfJrR6AUvNMLgckqHDRn10v4kZ3eeXIfEyOvyt4CbL?ref_=cd_ph_share_link_copy

Scripted PDF, https://www.amazon.com/clouddrive/share/qx4UOhz89H8U3PVVSsq65jZU3Io5OLWQbTPUh3dJPB3?ref_=cd_ph_share_link_copy

EICAR, https://www.amazon.com/clouddrive/share/IfEIRTfini9Fnwb2nIxk1jY3WTu4L8UuseKm28bb2af?ref_=cd_ph_share_link_copy, https://www.eicar.org/download/eicar.com.txt

Malicious MSG, https://www.trustwave.com/Resources/SpiderLabs-Blog/Down-the-Rabbit-Hole--Extracting-Maliciousness-from-MSG-Files-Without-Outlook/?page=1&year=0&month=0

Evidence of Hacked

Image Evidence, https://1337.yehg.net/poc/beenhacked.jpg

DLL Hijacker

https://www.amazon.com/clouddrive/share/QBsFiKc6ffYj1WJi45AYnHMSL6Ep8uWWBei1KWOZJ62?ref_=cd_ph_share_link_copy

Misc

Your IP Info

http://yehg.net/i/

Malware Analysis

Virus Total

https://www.virustotal.com/#url

Jotti

https://virusscan.jotti.org/en

PDF analaysis

https://www.malwaretracker.com/pdf.php

JSUnpacker

http://jsunpack.jeek.org/

File analysis

https://github.com/quarkslab/irma

References

https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/

References

SecList Wiki

https://github.com/enaqx/awesome-pentest

https://github.com/danielmiessler/SecLists

pentest-standard

http://www.pentest-standard.org/index.php/Main_Page

vulnerability-assessment.co.uk

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

CVE Details

https://www.cvedetails.com/

CVSS

v2 Calculator, https://nvd.nist.gov/CVSS/v2-calculator

v3 Calculator, https://nvd.nist.gov/CVSS/v3-calculator

CWE

https://cwe.mitre.org/

CAPEC

https://capec.mitre.org/

Others

https://github.com/jhaddix/pentest-bookmarks/blob/wiki/BookmarksList.md

http://godbolt.org/ (C -> ASM)

OWASP

https://github.com/OWASP/owasp-masvs

https://blog.appcanary.com/2017/http-security-headers.html

Advisories

http://www.security-assessment.com/advisory/all/all/archive.htm

Bounty

https://cobalt.io/

https://www.hackerone.com/

DevSecOps

http://www.devsecops.org/

Python Tools

https://github.com/dloss/python-pentest-tools

https://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks

Scanners

HackerTarget

https://hackertarget.com/

Pentest-Tools

https://pentest-tools.com/home

Thickclient Vulnerability Assessment

References

https://social.technet.microsoft.com/wiki/contents/articles/255.forced-integrity-signing-of-portable-executable-pe-files.aspx, https://msdn.microsoft.com/en-us/library/dn195769.aspx

http://dl.acm.org/citation.cfm?id=1966987

http://www.slideshare.net/nullbind/thick-application-penetration-testing-crash-course

http://www.slideshare.net/sanjucsrf/thick-client-application-security-assessment

Windows

Section, Binary Analysis, HeartBleed Analyzer, https://labs.nccgroup.trust/heartbleed/, Windows Binary Analyzer, https://labs.nccgroup.trust/NCCGroupWindowsBinaryAnalyzer/, https://www.elevenpaths.com/labstools/pesto/index.html, .Net, http://www.blueinfy.com/#ILText, Fetch Hardcoded String With Call Detail From IL, Memory Analysis, memgrep, https://github.com/nccgroup/memgrep, Registry Analysis, http://www.nirsoft.net/utils/regscanner.html, http://registry-finder.com/, UI Manipulation, https://github.com/yehgdotnet/winmanipulate, info, API Hooking, .Net, https://github.com/0xd4d/dnSpy, Java, http://www.aspectsecurity.com/tools/javasnoop, Traffic Manipulation, EchoMirage, Security Bypass, Application Whitelisting Bypass, http://subt0x10.blogspot.sg/2016/04/bypass-application-whitelisting-script.html, http://subt0x10.blogspot.sg/2016/09/application-whitelisting-bypass-csiexe.html, http://subt0x10.blogspot.sg/2016/09/bypassing-application-whitelisting.html, http://subt0x10.blogspot.sg/2016/04/bypass-application-whitelisting-script.html, https://labs.nettitude.com/blog/fun-with-windows-binaries-application-whitelist-bypass-using-msiexec/, Runtime Analysis, SpyStudio, http://www.nektra.com/products/spystudio-api-monitor/, SysInternals, https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

Test Data Generator

SG NRIC

https://samliew.com/nric-generator

Credit Card

http://www.getcreditcardnumbers.com/

Mobile Vulnerability Assessment

Android

APK Decompiler, http://www.javadecompilers.com/apk, http://www.decompileandroid.com/

APK Scanner, https://hackapp.com/scanner

Protection bypass for pentestability

Cert Pinning, http://sh3llc0d3r.com/certificate-pinning/, https://github.com/sh3llc0d3r1337/MobilePentest/tree/master/SSLPinningExample

Infrastructure Vulnerability Assessment

metasploit

search cve:2009 type:exploit app:client

https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/

searchxploit

searchsploit -u

searchsploit afd windows local searchsploit -t oracle windows searchsploit -p 39446

https://www.exploit-db.com/searchsploit/#what

Services/Products

rdp, rdesktop (ip) -r disk:share=/home/hacker/shared, rdp-sec-check, https://labs.portcullis.co.uk/download/rdp-sec-check-0.8.tar.gz

smb, smbclient -L 192.168.1.1 -U guest% smbclient //host/share -U " "%" ", pass-the-hash, https://github.com/inquisb/keimpx, https://github.com/nccgroup/easyda, https://github.com/Kevin-Robertson/Invoke-TheHash

nfs, showmount -e <ip address> mount -t nfs <ip address>:/<path> <source path on scanning machine>

vpn, https://github.com/SpiderLabs/ikeforce, ./ikeforce.py [target] [mode] -w /path-to/wordlist.txt [optional] -t 5 1 1 2 Example (find all AM transforms): ./ikeforce.py 192.168.1.110 -a -s 1 Example (enum mode): ./ikeforce.py 192.168.1.110 -e -w groupnames.txt -s 1 Example (brute mode): ./ikeforce.py 192.168.1.110 -b -i groupid -u dan -k psk123 -w passwords.txt -s 1

snmp, cisco, ./cisc0wn.sh, https://github.com/nccgroup/cisco-SNMP-enumeration, - Checks SNMP is enabled on the route - Brute forces the SNMP Read Only and Read Write community strings (can edit which wordlist it uses in script header) - Enumerates information such as IOS version, hostname, Arp table, Routing table, interface list and IP addresses using the RO or RW community string. If RW community was found it will then download the router config automatically. It then searches and displays any enable or telnet passwords in clear text. - If it finds Cisco type 7 encoded enable or telnet passwords it will auto decode them. - It will display the Enable secret type 5 password and attempt to crack the MD5. It uses John first with its built in wordlist for speed. If this fails it will try and full crack.

mongodb, https://github.com/stampery/mongoaudit

django,rails, https://www.slideshare.net/levigross/pentesting-django-and-rails

Password

Generate intelligent wordlist, cewl, https://digi.ninja/projects/cewl.php#usage, root@kali:~# cewl -d 4 -m 8 -w docswords.txt http://docs.kali.org CeWL 5.0 Robin Wood (robin@digininja.org) (www.digininja.org) root@kali:~# wc -l docswords.txt 4093 docswords.txt

GodSpeed Scanning

https://github.com/nccgroup/port-scan-automation, Hardware, https://www.amazon.com/TRIPP-Gigabit-Ethernet-Adapter-U336-002-GB/dp/B00VEA4POW/ref=sr_1_24?ie=UTF8&qid=1481657313&sr=8-24&keywords=USB+3.0+to+tri+Port+Ethernet+Adapter, https://www.amazon.com/Gigabit-Ethernet-Adapter-Converter-Microsoft/dp/B00SAS8OMK/ref=pd_sbs_147_3?_encoding=UTF8&psc=1&refRID=GRNN7AGAFKYMZBSBHZP5, http://www.lazada.sg/catalog/?q=usb+to+ethernet

Covertness

Protocol, ICMP Tunnelling, http://www.commonexploits.com/icmp-shell-fun/

AV Bypass, Metasploit AV Bypass, https://github.com/nccgroup/metasploitavevasion

Search

Exploits, https://exploits.shodan.io/?q=fckeditor, https://vulners.com/

Tools, https://github.com/SpiderLabs, https://github.com/nccgroup, https://www.nccgroup.trust/uk/our-research/?research=Public+tools, https://github.com/mwrlabs

Post-Exploitation

https://github.com/yehgdotnet/Invoke-TheHash

https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/

https://github.com/mwrlabs/wePWNise

https://github.com/n1nj4sec/pupy/wiki

Custom Exploit Coding

Sample Python Code, ..

https://www.elevenpaths.com/labstools/pyshell2bin/index.html

Local Privilege Escalation

Linux, via Crontab, .., http://www.security-assessment.com/files/documents/advisory/Watchguard-XCS-final.pdf, ..

Windows, AD Security, https://docs.google.com/presentation/d/1g_r_K2L1e3f6VPZEsmTGZSpq62N0ncZRqZs1fYBVeKA/mobilepresent?slide=id.p6, http://adsecurity.org/, https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

References

https://pentest.blog/

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

Secure Code Audit

Tools of Trade

notepad++

grep --color=always system vuln.php | more, grepify, https://github.com/nccgroup/grepify

ncccodenavi, https://github.com/nccgroup/ncccodenavi/wiki/Getting-Started

filelocatorpro, https://www.mythicsoft.com/filelocatorpro

dtsearch, https://dtsearch.com/

yasca, http://www.scovetta.com/yasca.html

appcodescan, http://www.blueinfy.com/#AppCodeScan2

Knowledgebase

Security Innovation TeamMentor, https://www.teammentor.net/angular/guest/home, https://www36.teammentor.net/teamMentor, https://vulnerabilities.teammentor.net/teamMentor

HP Fortify, https://vulncat.hpefod.com/en/weakness

AttackFlow, http://www.attackflow.com/KnowledgeBase

Exploitation Research

Fuzzers

.Net, https://github.com/nccgroup/dotnetpefuzzing

Layer 8 Vulnerability Assessment

Stealth Delivery

Office Shell Code Payload, http://subt0x10.blogspot.sg/2016/02/javascript-office-shellcode-execution.html, http://www.blackhillsinfosec.com/?p=4806, https://bitbucket.org/jsthyer/psploitgen

Malicious Link Payload, http://subt0x10.blogspot.sg/2016/12/mimikatz-delivery-via-clickonce-with.html

JavaScript Attachment Payload, http://subt0x10.blogspot.sg/2016/09/shellcode-via-jscript-vbscript.html

PDF Credential Stealer Payload, https://isc.sans.edu/forums/diary/Mixed+Messages+Novel+Phishing+Attempts+Trying+to+Steal+Your+Email+Password+Goes+Wrong/21881/

Wireless Vulnerability Assessment

Types

AC, https://wiki.gentoo.org/wiki/AC1200_Wireless_Adapters, https://blog.danielscrivano.com/installing-rtl8812au-on-linux-for-wireless-dual-band-usb-adapters/, Drivers, https://github.com/diederikdehaas/rtl8812AU, modprobe 8812au, https://github.com/diederikdehaas/rtl8814AU, modprobe 8814au, http://palshack.org/monitor-mode-with-alfa-ac1200-rtl8812au/

Tools

http://gpo.zugaina.org/net-wireless

Hardwares

https://www.amazon.com/Alfa-Long-Range-Dual-Band-Wireless-External/dp/B00VEEBOPG/ref=sr_1_2?ie=UTF8&qid=1470725203&sr=8-2&keywords=alfa+ac1200

http://hackerwarehouse.com/product/alfa-802-11bgn-long-range-usb-wireless-adapter/

https://www.amazon.com/Alfa-Long-Range-Dual-Band-Wireless-External/dp/B00VEEBOPG/ref=sr_1_2?ie=UTF8&qid=1470725203&sr=8-2&keywords=alfa+ac1200

Incident Detection and Monitoring

References

https://blogs.dropbox.com/tech/2017/02/meet-securitybot-open-sourcing-automated-security-at-scale/

IoT/Embedded Device Vulnerability Assessment

References

https://github.com/chorankates/h4ck

DOS/Stress Vulnerability Assessment

http://locust.io/

OSINT

ClearWeb

https://blog.kissmetrics.com/alternative-search-engines/

DarkWeb