Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue for tracking some Discord topics #821

Open
3 of 20 tasks
six2dez opened this issue Jan 25, 2024 · 4 comments
Open
3 of 20 tasks

Issue for tracking some Discord topics #821

six2dez opened this issue Jan 25, 2024 · 4 comments
Assignees
Labels
bug Something isn't working

Comments

@six2dez
Copy link
Owner

six2dez commented Jan 25, 2024

@six2dez six2dez added the bug Something isn't working label Jan 25, 2024
@six2dez six2dez self-assigned this Jan 25, 2024
@kleozzy
Copy link
Contributor

kleozzy commented Jan 26, 2024

Origin ip flow: discover origin ip for domains and subs there are a bunch of tools that do this but I think reconftw already does this, not sure how well though.
So the idea is to match ips to subdomains and append dicovered paths/uris from subs to origin ips. Then run vuln scan on the ip based urls bypassing wafs and maybe other security restrictions. Can be also dont for fuzzing. Fuzz the origin ip as well.

Add Fuzzing paths to the main url list : Do we append discovered paths from fuzzing to the urls for further processing? For example for running them through gf and other tools and eventually end up with more targets for vuln testing. If not, we should append 200 hits on fuzzing in the url list from crawling and other sources and then proceed with the rest.

Verbose mode: A flag that will show the full output from each tool while they run so you can troubleshoot and find issues and tools that stuck . Also good to check on why some tools take to long and be able to see the progress of them.

@kleozzy
Copy link
Contributor

kleozzy commented Jan 26, 2024

Another nice tool for when Jira is detected : https://github.com/MayankPandey01/Jira-Lens

@kleozzy
Copy link
Contributor

kleozzy commented Jan 29, 2024

Maybe also have a look into brokenlinks, from what ive checked the current tool provides broken links only within the target scope , domain/subdomain but it doesnt detect thirdparty broken links which are good to find takeovers on and takeover broken links .

Maybe use another tool that can do that or adjust the flags.

@kleozzy
Copy link
Contributor

kleozzy commented Jan 31, 2024

Another workflow for IIS : Detect IIS servers , using nuclei or any other tool then run them against https://github.com/bitquark/shortscan for detecting diretories and file names for further exploitation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants