pentesting

App Attest allows your app to attach a hardware-backed assertion as a part of the request. Your server can use assertion to verify the request came from your genuine app, on a genuine Apple device.

Hello spoooopyyy hackers 🎃

This is a Hacktoberfest only issue! 👻

This is also data-sciency!

The Problem

Our English dictionary contains words that aren't English, and does not contain common English words.

Examples of non-common words in the dictionary:

"hlithskjalf",
  "hlorrithi",
  "hlqn",
  "hm",
  "hny",
  "ho",
  "hoactzin",
  "hoactzine

I testing bruteforce my opencart store.

this is body request:

-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="username"

^USER^
-----------------------------34237939373614592773956005873
Content-Disposition: form-data; name="password"

^PASS^
-----------------------------34237939373614592773956005873
Content-Disposition: form-dat

Can we have a feature where a normal brute force is running based on HTTP response like 403/401 do a recursive brute force on that endpoint?

⭐ Challenge idea

Description

Several users originally missing security question answers - most notably bjoern.k

RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.

Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:

[!]
[~]
[>]
| {}

If any of these characters appear in any of the tests, fail the CI. E

What would you like to happen?
The sections 4.7.11.1 Testing for Local File Inclusion & 4.7.11.2 Testing for Remote File Inclusion address two attack vectors that are very similar one to the other. Given this situation and the few documentation on the Remote injection one, my proposal would be to merge both in a single section called Testing for File Injection.

Is there a way to skip the nmap scan and go straight to the attacking routes? In case i already know the target list is full of open rtsp port IPs.

pentesting

Here are 1,739 public repositories matching this topic...

sqlmapproject / sqlmap

blaCCkHatHacEEkr / PENTESTING-BIBLE

qeeqbox / social-analyzer

OWASP / owasp-mstg

Ciphey / Ciphey

The Problem

maurosoria / dirsearch

n1nj4sec / pupy

infosecn1nja / Red-Teaming-Toolkit

vanhauser-thc / thc-hydra

byt3bl33d3r / CrackMapExec

ffuf / ffuf

OJ / gobuster

bkimminich / juice-shop

⭐ Challenge idea

Description

RustScan / RustScan

rmusser01 / Infosec_Reference

v1s1t0r1sh3r3 / airgeddon

TheKingOfDuck / fuzzDicts

dstotijn / hetty

OWASP / wstg

OlivierLaflamme / Cheatsheet-God

urbanadventurer / WhatWeb

infobyte / faraday

ysrc / xunfeng

arismelachroinos / lscript

tanprathan / MobileApp-Pentest-Cheatsheet

carlospolop / hacktricks

bluscreenofjeff / Red-Team-Infrastructure-Wiki

commixproject / commix

Ullaakut / cameradar

FSecureLABS / drozer

Improve this page

Add this topic to your repo