Month: August 2018

Setting up a Python Twisted Instance in Docker

What is Python Twisted?  According to Wikipedia: “Twisted is an event-driven network programming framework written in Python and licensed under the MIT License. Twisted projects variously support TCP, UDP, SSL/TLS, IP multicast, Unix domain sockets, a large number of protocols (including HTTP, XMPP, NNTP, IMAP, SSH, IRC, FTP, and others), and much more. Twisted is based on the event-driven programmingparadigm, which means that users of Twisted write short callbacks which are called by the framework.” Docker Image download […]

How to Block Shodan Scans

Shodan is a internet device scanner that records geographic location, ports, certain vulnerabilities, banner info and much much more information about devices on the internet.  As Google spiders web page content and URL’s, Shodan spiders devices ports and their banners, along with other information. It might be in a network administrator’s best interests to block […]

Using the Shodan Command-Line Interface

If you are not familiar with Shodan, it is a great search engine to find devices and banners on the internet.  Want to search for ssh servers in China?  See if the United States Navy is running any outdated IIS 5.0 servers?  Find all DNS hostnames for the Ford Motor Corporation? Shodan can help us […]

Simple OS Command Injection

Below is an example of simple OS command injection. OS command injection is a vulnerability where we can inject an Operating System command into the URL or code of a web page and have it execute on the server. This is a critical flaw and can be used to run commands on the webserver underlying […]

Cool ASCII Symbols

Unique ASCII symbols that might have some value.   ㊀ ㊁ ㊂ ㊃ ㊄ ㊅ ㊆ ㊇ ㊈ ㊉ ㊊ ㊋ ㊌ ㊍ ㊎ ㊏ ㊐ ㊑ ㊒ ㊓ ㊔ ㊕ ㊖ ㊗ ㊘ ㊙ ㊚ ㊛ ㊜ ㊝ ㊞ ㊟ ㊠ ㊡ ㊢ ㊣ ㊤ ㊥ ㊦ ㊧ ㊨ ㊩ ㊪ ㊫ ㊬ ㊭ […]

Enumerating Sub-Domains of a Website

Although there are many tools out there that do a great job of enumerating sub-domains, I feel the one that does the best is www.netcraft.com.  It is also very good at fingerprinting a web server as well. Netcraft provides research data and analysis among many of its services.  When you enter a website into Netcraft’s search bar, […]

Knoxss.me XSS Vulnerability Scanner

I’ve been using the professional version of knoxss.me XSS scanner for a little while now and I feel its probably the best XSS scanner out there that I have seen.  I was able to find a vulnerable site on my first day of using it. knoxss.me was written by Brute Logic I would also recommend […]

RSnake’s XSS Cheat Sheet

Below is a mirror of RSnake’s original XSS Cheatsheet and Character Encoding Calculator https://www.in-secure.org/misc/xss/xss.html

Google Hacking Manual – TheV0iD

# Google Hacking Manual  # Author: TheV0iD  # Date: 2014.06.11  —————————  What are Dorks?  —————————-   Using dorks is not hard, it’s pretty easy if you know what you are doing and also it’s a cool way to step in the hacking world.    Dorks are keywords that if used on search-engines can return some specific […]