Penetrating Testing/Assessment Workflow & other fun infosec stuff
https://github.com/jivoi/pentest
My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*
| MongoDB University notes. | |
| Mongo Db is a document. | |
| Mongo Db uses JSON object/data. | |
| Mongo Db supports scaling out using sharing technique. | |
| Mongo Db supports scaling out vs scaling up. | |
| BSON: | |
| Mongo Db stores the data in the format of BSON. On the application side manogdb drivers map the BSON data into the native data types. |
| # Top ten (or whatever) memory utilizing processes (with children aggregate) - Can be done without the multi-dimensional array | |
| ps axo rss,comm,pid | awk '{ proc_list[$2] += $1; } END { for (proc in proc_list) { printf("%d\t%s\n", proc_list[proc],proc); }}' | sort -n | tail -n 10 | |
| # Download last file from index of | |
| NAME=`wget --quiet URL -O - | grep util-vserver | tail -n 1 | sed 's|</a>.*||;s/.*>//'`; wget URL$UTILVSERVER; | |
| # Delete newline | |
| tr -d "\n" < file1 > file2 | |
| # which procs have $PATH_REGEX open? | |
| find /proc -regex '/proc/[0-9]+/smaps' -exec grep -l "$PATH_REGEX" {} \; | cut -d'/' -f2 | |
| # Adding formatting to an xml document for easier reading | |
| xmllint --format <filename> > <output file> |
| # Top ten (or whatever) memory utilizing processes (with children aggregate) - Can be done without the multi-dimensional array | |
| ps axo rss,comm,pid | awk '{ proc_list[$2] += $1; } END { for (proc in proc_list) { printf("%d\t%s\n", proc_list[proc],proc); }}' | sort -n | tail -n 10 | |
| # Download last file from index of | |
| NAME=`wget --quiet URL -O - | grep util-vserver | tail -n 1 | sed 's|</a>.*||;s/.*>//'`; wget URL$UTILVSERVER; | |
| # Delete newline | |
| tr -d "\n" < file1 > file2 | |
| # which procs have $PATH_REGEX open? | |
| find /proc -regex '/proc/[0-9]+/smaps' -exec grep -l "$PATH_REGEX" {} \; | cut -d'/' -f2 | |
| # Adding formatting to an xml document for easier reading | |
| xmllint --format <filename> > <output file> |
| 0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/ | |
| 3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/ | |
| 3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/ | |
| 42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d | |
| acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/ | |
| ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html | |
| admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html | |
| adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. http://packetstormse |
| Shan KeerthisingheShan Keerthisinghe | |
| Information Security Consultant | ICS/OT | MS Certified Cloud Security Architect and Solutions Architect | DFIR | APT Researcher | Red Team | Active Defense Enthusiast | Bridging Offensive and Defensive Security...🛡️Information Security Consultant | ICS/OT | MS Certified Cloud Security Architect and Solutions Architect | DFIR | APT Researcher | Red Team | Active Defense Enthusiast | Bridging Offensive and Defensive Security | |
| Aidan RaneyAidan Raney | |
| Consulting Intelligence Analyst | OSINT Expert and Instructor | Vice Chair of Wisconsin Governor's Juvenile Justice Commission | Former Data Intelligence Program Manager | Former Fullstack JavaScript DeveloperConsulting Intelligence Analyst | OSINT Expert and Instructor | Vice Chair of Wisconsin Governor's Juvenile Justice Commission | Former Data Intelligence Program Manager | Former Fullstack JavaScript Developer | |
| #OSINT Tip - Deepweb Search Tools | |
| I've been working on a list of deep web search tools that allow you to search no |
| # This workflow will upload a Python Package to PyPI when a release is created | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| name: Upload Python Package |