How to set up Mutillidae – Linux

Mutillidae is a vulnerable framework where you can practice OWASP top 10, https://owasp.org/www-project-top-ten/ Download https://sourceforge.net/projects/mutillidae/ sudo git clone https://github.com/webpwnized/mutillidae.git 1. Install the required repositories (in this case I’m using php 7.3) sudo apt-get install php7.3-curl php7.3-mbstring php7.3-xml Extra Show php Read more…

Hiding public IP – Anonsurf

Anonsurf uses TOR iptables to anonymize the whole system. Anonsurf gives users the capability of starting or stopping the I2P project. https://github.com/Und3rf10w/kali-anonsurf Installation 1. Download the file from github git clone https://github.com/Und3rf10w/kali-anonsurf.git 2. Run installer located in the download folder Read more…

SMTP lab (hMailServer)

This has been writen to explain the steps to set a basic insecure SMTP lab. We are using hMailServer to act as a mail server & Thunderbird as mail client. https://www.hmailserver.com/ https://www.thunderbird.net/ Mail Server (hMailServer) 1. Start the wizzard 2. Read more…

Crunch – How to

Crunch is a utility that is used to create wordlists using letters, numbers, and symbols for every possible combination or according to specific rules. Syntax to create the wordlist (lowercase letters, then uppercase letters, then numbers and finally symbols) crunch Read more…

Magescan how to – Magento

Used to test the quality and security of a Magento site you don’t have access to. This is a scanner for Magento https://github.com/steverobbins/magescan Installation 1. Download it from https://github.com/steverobbins/magescan/releases. (.phar file) 2. Show help -h, –help = Display this help Read more…

Sqlmap how to

 sqlmap is one of the most popular and powerful SQL injection automation tool out there. Given a vulnerable http request URL, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all Read more…

Nessus How to

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities, it uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It is a paid tool Read more…

dirsearch how to

dirsearch is a simple command line tool designed to brute force directories and files in websites. https://github.com/maurosoria/dirsearch Installation 1. Download the source code git clone https://github.com/maurosoria/dirsearch.git ls cd dirsearch/ ls 2. To execute the program ./dirsearch.py python3 dirsearch.py How to Read more…

Gobuster How to

Gobuster is a tool used to brute-force on URLs (directories and files) in websites and DNS subdomains. Gobuster can be downloaded through the apt- repository and thus execute the following command for installing it. https://github.com/OJ/gobuster Gobuster is a tool used Read more…

Joomscan how to

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. It not only detects known offensive vulnerabilities, but also is able to Read more…

laravel – schedule task – crontab

Laravel is a web application framework with expressive, elegant syntax. https://www.easylaravelbook.com/blog/introducing-the-laravel-5-command-scheduler/ https://laravel.com/docs/5.8/scheduling#scheduling-artisan-commands The Laravel command scheduler allows you to manage your task execution dates and times using easily understandable PHP syntax. You’ll manage the task execution definitions in app/Console/Kernel.php Scheduling Read more…

How to use Bettercap 2

Bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing Read more…

wFuzz how to

WFuzz is a web application bruteforcer that can be considered an alternative to Burp Intruder as they both have some common features. With both Wfuzz and Burp Intruder we can bruteforce different web applications elements, like GET/POST parameters, cookies, forms, Read more…

Web Application Tools

List of known tools that can help with your Web Application testing. Proxy Burp Suite – Integrated platform for performing security testing of web applications. Extensions Freddy the Serial(isation) Killer – detecting and exploiting serialisation libraries/APIs. Tplmap – Burp Suite Read more…