JamesMarino/useful_information_gathering.md

Last active July 31, 2020 13:11

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/JamesMarino/81f8ab40011871b851fdcc8bd8acd9ca.js"></script>
Save JamesMarino/81f8ab40011871b851fdcc8bd8acd9ca to your computer and use it in GitHub Desktop.

Download ZIP

Various useful commands

Raw

useful_information_gathering.md

Useful Information Gathering

List all DNS Records

dig any example.com @`dig +short  SOA example.com | cut -d' ' -f1`

Get Nameservers

nslookup 1.2.3.4

Directory Listing of Bucket - Access to Everyone

aws s3 ls s3://example.com/ --no-sign-request --region ap-southeast-2`

Directory Listing of Bucket - Access to Authenticated AWS Users

aws s3 ls s3://example.com/ --region ap-southeast-2

Copy all files from S3 Bucket

aws s3 sync s3://example.com/ . --no-sign-request --region ap-southeast-2

Scanning Ports

nmap example.com

Cloning a site

wget --mirror --convert-links --adjust-extension --page-requisites --no-parent "https://example.com"

Generating RSA Key Pairs

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

ARP Poising

mitmf --arp --spoof --gateway <IP of Gateway> --target <IP of Target> -i eth0

DNS Spoofing

mitmf --arp --spoof --gateway <IP of Gateway> --target <IP of Target> -i eth0 --dns

Apache Server Directory Scrape

# Recursively
wget -r -np -nH –cut-dirs=3 -R index.html http://example.com/my/directory/

# Just in that directory
wget -m -np http://example.com/my/directory/

References

Flaws Site

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment