Jump to content

KRONZY

Member
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

  • Days Won

    2

 Content Type 

Posts posted by KRONZY

    Recrutare Staff site IT

    in Services

    Posted

    Salut, cautam persoane care sa se alature unei echipe de redactie in cadrul unui site de stiri IT / Tehnologie / Securitate, suntem in cautare de persoane serioase. Articolele postate trebuie sa fie originale (nu copy paste de pe alte site-uri), si sa fie usor de inteles.

     

    Model aplicatie:

    - Nume:

    - Nick discord

    Castiguri vor fi pentru toata lumea implicata si serioasa. In 2-3 luni daca merge bine treaba nu pot garanta bani (poate 6-12 luni) dar stiu pe cineva de la o firma mare din ro iar staff-ul va putea sa ceara produse (de pe numeletau@1337x.vip) pentru review, dupa review produsele vor ramane la scriitori.

    Tutoriale Pentesting

    in Other

    Posted 

     Wi-Fi Security/         2015-02-08 08:27    -   [unknown item..]
 Web App Security/       2015-02-08 08:27    -   [unknown item..]
 System Security/        2015-02-08 08:27    -   [unknown item..]
 Ruby and Metasploit/    2015-02-08 08:27    -   [unknown item..]
 Network Security/       2015-02-08 08:26    -   [unknown item..]

     

    This is the hidden content, please

     

    Dom Based XSS/HTML Injection *.*.nokia.com

    in Other

    Posted

    On 8/31/2018 at 12:27 AM, OLTEANuadv said:

    Nu ca as fi eu cel mai mare cunoscator in xssuri sau mai stiu eu ce vulnerabilitati insa cu o amarata de poza pe care o pui intr-un search ce faci?Adica mai vede cineva searchu ala sau ce ca nu inteleg?

     

    https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003) 

    HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.

    Nu mai posta de +1, mersi.

     

    T/C INACTIV

    Sublist3r

    in Cracked Programs

    Posted

    Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.

    subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.

     

    Sublist3r

     

    installation 

    git clone https://github.com/aboul3la/Sublist3r.git

    Recommended Python Version:

    Sublist3r currently supports Python 2 and Python 3.

    • The recommended version for Python 2 is 2.7.x
    • The recommened version for Python 3 is 3.4.x

    Dependencies:

    Sublist3r depends on the requestsdnspython, and argparse python modules.

    These dependencies can be installed using the requirements file:

    • Installation on Windows: 
    c:\python27\python.exe -m pip install -r requirements.txt
    • Installation on Linux 
    sudo pip install -r requirements.txt

    Alternatively, each module can be installed independently as shown below.

    Requests Module (http://docs.python-requests.org/en/latest/)

    • Install for Windows: 
    c:\python27\python.exe -m pip install requests
    • Install for Ubuntu/Debian: 
    sudo apt-get install python-requests
    • Install for Centos/Redhat: 
    sudo yum install python-requests
    • Install using pip on Linux: 
    sudo pip install requests

    dnspython Module (http://www.dnspython.org/)

    • Install for Windows: 
    c:\python27\python.exe -m pip install dnspython
    • Install for Ubuntu/Debian: 
    sudo apt-get install python-dnspython
    • Install using pip: 
    sudo pip install dnspython

    argparse Module

    • Install for Ubuntu/Debian: 
    sudo apt-get install python-argparse
    • Install for Centos/Redhat: 
    sudo yum install python-argparse
    • Install using pip: 
    sudo pip install argparse

    for coloring in windows install the following libraries 

    c:\python27\python.exe -m pip install win_unicode_console colorama

    Usage

    Short Form Long Form Description
    -d --domain Domain name to enumerate subdomains of
    -b --bruteforce Enable the subbrute bruteforce module
    -p --ports Scan the found subdomains against specific tcp ports
    -v --verbose Enable the verbose mode and display results in realtime
    -t --threads Number of threads to use for subbrute bruteforce
    -e --engines Specify a comma-separated list of search engines
    -o --output Save the results to text file
    -h --help show the help message and exit

    Examples

    • To list all the basic options and switches use -h switch:

    python sublist3r.py -h

    • To enumerate subdomains of specific domain:

    python sublist3r.py -d example.com

    • To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :

    python sublist3r.py -d example.com -p 80,443

    • To enumerate subdomains of specific domain and show the results in realtime:

    python sublist3r.py -v -d example.com

    • To enumerate subdomains and enable the bruteforce module:

    python sublist3r.py -b -d example.com

    • To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines

    python sublist3r.py -e google,yahoo,virustotal -d example.com

    Using Sublist3r as a module in your python scripts

    Example 

    import sublist3r 
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)

    The main function will return a set of unique subdomains found by Sublist3r

    Function Usage:

    • domain: The domain you want to enumerate subdomains of.
    • savefile: save the output into text file.
    • ports: specify a comma-sperated list of the tcp ports to scan.
    • silent: set sublist3r to work in silent mode during the execution (helpful when you don't need a lot of noise).
    • verbose: display the found subdomains in real time.
    • enable_bruteforce: enable the bruteforce module.
    • engines: (Optional) to choose specific engines.

    Example to enumerate subdomains of Yahoo.com: 

    import sublist3r 
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None)

    Download
    This is the hidden content, please

ABOUT LEAKS COMMUNITY

LEAKS.RO is a resource community where aspiring webmasters can share content and receive support for a wide variety of software platforms — no license required.

HELPFUL LINKS

OUR COMMUNITY

×
×
  • Create New...