Tag: automatable

Business

How to use OWASP ZAP – Open Source Vulnerability Scanner

Overview OWASP ZAP is an open-source web application vulnerability scanner that runs on Java11+. It has features such as spidering, passive scanning, active scanning, fuzzing, automation, API and more. ZAP is available on operating systems such as Windows, Linux, Mac and cross platforms. You can download ZAP from here. If you are using Kali Linux, it comes preinstalled. In this article, we will discuss how to use ZAP, its features and results to take note of. How to use ZAP ZAP can be executed through the Automated Scan or the Manual Explore option. Automated Scan This method is an automatic scan. It is the main feature of ZAP. First, enter the URL to attack, and select a spider to use (traditional or ajax). Next, click attack and let it run to comp...
Business

Ffuf – URL Directory Finder/Fuzzer

Overview Ffuf (Fuzz Faster U Fool) is a URL Fuzzer (a.k.a. URL Directory Finder/Browser). This tool can discover hidden, sensitive or vulnerable files and routes in web applications and servers. Essentially, you give the tool a wordlist and it will brute force directories, showing if it is a valid directory or not. And conveniently, it comes preinstalled on Kali Linux installations. Some tools you may be similar to Ffuf are : Wfuzz (very similar to Ffuf) Dirb (single thread only) Dirbuster (has a GUI but often crashes) Gobuster Generally, they all do the same thing, with slight differences like: The reliability of the tool (the tool crashing) The efficiency of the tool (single thread vs multi-thread) The options provided (filtering capabilities) Th...
Business

Sublist3r – Subdomain Finder for Penetration Testing

Overview One aspect of the information-gathering stage of penetration testing is to expand the attack surface of the target. Thus, we use Sublist3r, a subdomain finder. It is a simple and easy-to-use python programme that can be used to find subdomains of a target. How to use Sublist3r The example shown is executed on a Kali Linux machine. You can install it by following the documentation on their GitHub page. After installing sublit3r, make sure to navigate to the location of the sublilt3r python file. To run sublist3r, use the command format: python3 sublit3r.py -d <domain> Here you can see Sublit3r using multiple search engines like Baidu, Yahoo and Google to search for the target's subdomains. At the bottom, we can see that 3 subdomains were found on tasty...
Business

Wappalyzer – Website Technology Identifier

Overview In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier. Wappalyzer is a tool that identifies technologies used on a website, such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more. It is also fast and easy to use. Wappalyzer is a free tool but more advanced services like access to their API require a monthly subscription. Fortunately, Wappalyzer is an open-source project, so you download their code from their GitHub. How to use Wappalyzer Wappalyzer lookup The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of...
DNSrecon – DNS Reconnaissance for Pentesting
Business

DNSrecon – DNS Reconnaissance for Pentesting

Overview The first stage of penetration testing is reconnaissance (information gathering). One method of reconnaissance is by gathering the target's DNS information, such as DNS records and DNS servers. This information can be used to piece together the network infrastructure of an organization. Additionally, it does not trigger an alert from the organisation's firewall or IDS/IPS. A tool that helps us accomplish this is DNSrecon. As the name implies, DNSrecon is a DNS reconnaissance tool that can extract DNS-related information from a website/domain. Here is a list of its features (according to the source repository): Check all NS Records for Zone Transfers. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT). Perform common S...