Index
A
- ActionScript (AS) / More file upload issues
- Active Directory (AD)
- about / Password spraying
- Active Server Pages (ASP) / Efficient brute-forcing
- active Tor exit nodes
- reference / Torify
- Amazon Web Services (AWS) / Cloud infrastructure
- API authentication
- about / API authentication
- basic authentication / Basic authentication
- Bearer authentication / Bearer authentication
- API communication protocols
- about / API communication protocols
- SOAP / SOAP
- REST / REST
- API keys / API keys
- application assessment
- about / Application assessment
- WPScan / WPScan
- sqlmap / sqlmap
- droopescan / Droopescan
- Arachni / Arachni web scanner
- application penetration tests
- types / Types of assessments
- Arachni
- about / Arachni web scanner
- reference / Arachni web scanner
- identified issues / Arachni web scanner
- Arachni scan
- running / Arachni web scanner
- Arch Linux / Kali Linux alternatives
- assessments
- types / Types of assessments
- attack, Auth0
- reference / JWT quirks
- attack considerations / Attack considerations
- attack proxy
- about / The attack proxy
- Burp Suite / Burp Suite
- Zed Attack Proxy (ZAP) / Zed Attack Proxy
- Autorun Rule Engine (ARE)
- about / Automatic exploitation
- reference / Automatic exploitation
B
- BApp Store / Extending Burp
- authentication / Authentication and authorization abuse
- authorization / Authentication and authorization abuse, The Autorize flow
- Swiss Army knife / The Swiss Army knife
- basic authentication / Basic authentication
- Bearer authentication / Bearer authentication
- BeEF
- about / BeEF
- reference / BeEF
- hooking / Hooking
- social engineering attacks / Social engineering attacks
- social engineering modules / Social engineering attacks
- keylogger / The keylogger
- persistence / Persistence
- automatic exploitation / Automatic exploitation
- tunneling traffic / Tunneling traffic
- billion laughs attack
- about / A billion laughs
- black-box testing / Types of assessments
- BlackArch / Kali Linux alternatives
- blind XXE / Blind XXE
- Browser Exploitation Framework (BeEF) / More file upload issues
- brute-force attack
- about / Efficient brute-forcing
- content discovery / Content discovery
- persistent content discovery / Persistent content discovery
- payload processing / Payload processing
- Burp Collaborator
- about / Burp Collaborator
- Public Collaborator server / Public Collaborator server
- Private Collaborator server / Private Collaborator server
- Burp JWT support
- about / Burp JWT support
- Burp Suite / Burp Suite
- about / Burp Suite
- extending / Extending Burp
C
- CDNJS
- close-out meetings / Communication
- cloud infrastructure / Cloud infrastructure
- CMSmap
- reference / CMS scanners
- CMS scanners
- about / CMS scanners
- CO2 plugin
- reference / The Swiss Army knife
- code
- backdooring / Backdooring the code
- Collection Runner / Collection Runner
- collections
- about / Collections
- creating / Collections
- command-line interface (CLI) / File inclusion to remote code execution
- command and control servers (C2) / Cloud infrastructure
- Common Vulnerabilities and Exposures (CVEs) / Network assessment
- Composer
- reference / Abusing deserialization
- container breakout / Container breakout
- content delivery network (CDN) / CMS scanners
- content discovery
- about / Content discovery
- Burp Suite / Burp Suite
- OWASP ZAP / OWASP ZAP
- Gobuster / Gobuster
- credential exfiltration / Credential exfiltration
- cross-origin resource sharing (CORS)
- about / Cross-origin resource sharing
- reference / Cross-origin resource sharing
- CSRF attacks / CSRF
- CSRF tokens / CSRF
- custom protocols
- attacking / Attacking custom protocols
- CyberChef
- reference / Information leak, Persistence
D
- Database Management Systems (DBMS) / sqlmap
- Decoder module / Payload processing
- deserialization
- exploiting / Abusing deserialization, Deserialization exploit
- DeserLab / Attacking custom protocols, Protocol analysis
- DigitalOcean
- reference / Cloud infrastructure
- Distributed Component Object Model (DCOM) / SOAP
- Docker-SSH
- reference / Container breakout
- Docker container
- situational awareness / Situational awareness
- document type definition (DTD) / Internal and external references
- DOM-based XSS / DOM-based XSS
- droopescan
- reference / CMS scanners
- Drupal / CMS scanners
E
- ElevenPaths / Metadata
- Empire
- reference / Social engineering attacks
- external DTDs
- about / Internal and external references
- external entity expansion (XXE) / Privacy considerations
F
- file inclusion
- for remote code execution / File inclusion to remote code execution
- file upload
- issues / More file upload issues
- Fingerprinting Organizations with Collected Archives (FOCA)
- FuzzDB
- reference / Efficient brute-forcing
- Fuzzer module
- about / OWASP ZAP
G
- gadget chain / Abusing deserialization
- Gobuster / Content discovery
- about / Gobuster
- Google Cloud Engine
- reference / Cloud infrastructure
- Google hacking / LinkedIn scraping
- gray-box testing / Types of assessments
H
- hash-based message authentication code (HMAC) / JWTs
- Hash Toolkit
- reference / Async data exfiltration
I
- INetSim
- about / INet simulation
- INetSim binaries
- reference / INet simulation
- INet simulation / INet simulation
- information leak
- about / Information leak
- Infrastructure as a Service (IaaS) / Proxy cannon
- internal DTDs
- about / Internal and external references
- Internet service providers (ISPs) / Cloud infrastructure
- Intruder module / Payload processing
- intrusion prevention systems (IPS) / Behind seven proxies
J
- Joomla / CMS scanners
- JoomScan
- reference / CMS scanners
- JRuby
- about / Extending Burp
- reference / Extending Burp
- JWT4B
- reference / Burp JWT support
- about / Burp JWT support
- JWT RFC
- reference / JWT quirks
- JWTs
- about / JWTs
- characteristics / JWT quirks
- Jython
- about / Extending Burp
- reference / Extending Burp
K
- Kali Linux / Kali Linux
- alternatives / Kali Linux alternatives
- kickoff meetings / Communication
L
- LDAP (Lightweight Directory Access Protocol) / Password spraying
- Let's Encrypt
- reference / BeEF
- LinkedIn scraping / LinkedIn scraping
- Linode
- reference / Cloud infrastructure
- Local File Inclusion (LFI) / LFI
M
- malicious advertising (malvertising) / SOP
- man-in-the-browser (MITB) attack / Persistence
- man-in-the-middle (MITM) attack / Persistence
- MariaDB service / Network assessment
- masscan / Masscan
- Metasploit Framework (MSF) / Target mapping
- Meterpreter / Situational awareness
- Microsoft Azure
- reference / Cloud infrastructure
- MSFvenom / Situational awareness
- mysql_version
- module information / Looking for a way in
- running, on the target RHOSTS / Looking for a way in
N
- network assessment / Network assessment
- Nikto
- Nmap / Target mapping
- non-disclosure agreements (NDAs) / Privacy considerations
O
- obfuscating code / Obfuscating code
- open-source intelligence (OSINT) / Types of assessments
- Open Authorization (OAuth) / API keys
- out-of-band exploitation
- common scenario / A common scenario
- command / Command and control
- control / Command and control
- INet simulation / INet simulation
- confirmation / The confirmation
- async data exfiltration / Async data exfiltration
- data inference / Data inference
- Outlook Web Access (OWA) / Password spraying
- OWASP cross-site scripting (XSS) Filter Evasion Cheat Sheet
- reference / Polyglot payloads
- OWASP ZAP
- about / OWASP ZAP
P
- Packagist
- reference / Abusing deserialization
- packet capture (pcap) / Protocol analysis
- password spraying attacks
- about / Password spraying
- LinkedIn scraping / LinkedIn scraping
- metadata / Metadata
- cluster bomb / The cluster bomb
- payload processing / Payload processing
- Penetration Testing Framework (PTF) / Kali Linux alternatives
- penetration testing toolkit
- about / The tester's toolkit
- Kali Linux / Kali Linux
- Kali Linux alternatives / Kali Linux alternatives
- penetration testing tools
- persistence / Persistence
- persistent content discovery / Persistent content discovery
- persistent XSS attack / Persistent XSS
- polyglot payload
- about / Polyglot payloads
- same payload, different context / Same payload, different context
- code obfuscation / Code obfuscation
- port scanner
- about / The port scanner
- Postman
- about / Postman
- reference / Postman
- installing / Installation
- upstream proxy / Upstream proxy
- environment / The environment
- collections / Collections
- Private Collaborator server / Private Collaborator server
- proof of concept (POC) / More file upload issues
- property-oriented programming (POP) / Abusing deserialization
- protocol analysis / Protocol analysis
- ProxyCannon
- about / Proxy cannon
- reference / Proxy cannon
- using / Proxy cannon
- ProxyChains
- reference / Torify, Situational awareness
- about / Situational awareness
- Public Collaborator server
- about / Public Collaborator server
- service interaction / Service interaction
- Burp Collaborator client / Burp Collaborator client
R
- reflected XSS attack / Reflected XSS
- regex101
- reference / Polyglot payloads
- remote access trojan (RAT) / Social engineering attacks
- remote code execution / Remote code execution
- interactive shells / Interactive shells
- Remote File Inclusion (RFI) / RFI
- Request for Comments (RFC) / JWT quirks
- request forgery attack
- about / Request forgery
- port scanner / The port scanner
- REST
- about / REST
- return-oriented programming (ROP) / Deserialization exploit
- rules of engagement (ROE)
- about / Rules of engagement
- communication / Communication
- privacy considerations / Privacy considerations
- cleaning up / Cleaning up
S
- same-origin policy (SOP)
- about / SOP
- Samy worm / Persistent XSS
- Scalable Vector Graphics (SVG) / Polyglot payloads
- scanners
- WPScan / CMS scanners
- JoomScan / CMS scanners
- droopescan / CMS scanners
- CMSmap / CMS scanners
- SecLists
- wordlist / Efficient brute-forcing
- SecLists repository
- reference / Efficient brute-forcing
- security information and event management (SIEM) / Behind seven proxies
- security information and event monitoring (SIEM) / Cleaning up
- security operations center (SOC) / Efficient brute-forcing
- self-XSS / CSRF
- Server Message Block (SMB) / A common scenario
- SOAP
- social engineering modules, BeEF
- Fake Notification Bar / Social engineering attacks
- Fake Flash Update / Social engineering attacks
- Pretty Theft / Social engineering attacks
- Fake LastPass / Social engineering attacks
- SOCKS / Situational awareness
- software as a service (SaaS) / Cloud infrastructure
- SQL injection (SQLi) / Code obfuscation
- sqlmap / sqlmap
- SQLMapper / sqlmap helper
- statement of work (SoW) / Rules of engagement
- static-binaries / Situational awareness
- stored XSS / Persistent XSS
- Swiss Army knife
- about / The Swiss Army knife
- sqlmap helper / sqlmap helper
- Web shells / Web shells
T
- target mapping
- about / Target mapping
- masscan / Masscan
- WhatWeb / WhatWeb
- Nikto / Nikto
- CMS scanners / CMS scanners
- tcpdump / Protocol analysis
- Tor network / Behind seven proxies
- Tor Project
- Torsocks
- reference / Torify
U
- Universal Naming Convention (UNC) / A common scenario
- upstream SOCKS proxy
- configuring / Torify
V
- vulnerable Docker
- scenario / Vulnerable Docker scenario
- Vulnerable Docker VM / Vulnerable Docker scenario
W
- web application firewalls (WAFs) / Communication
- Web Services Description Language (WSDL) / SOAP
- Web shells / Web shells
- Weevely shell
- about / A better way to shell
- cleaning up / Cleaning up
- WhatWeb
- white-box testing / Types of assessments
- Wireshark / Protocol analysis
- WordPress / CMS scanners
- WordPress application
- by VM / Foothold
- WPScan
- reference / CMS scanners, WPScan
- about / WPScan
- features / WPScan
- wpscan tool
- reference / Foothold
X
- XML bomb attack
- about / A billion laughs
- XML External Entity attacks (XXE) / A common scenario
- XSS
- about / XSS
- reflected XSS / Reflected XSS
- persistent XSS / Persistent XSS
- DOM-based XSS / DOM-based XSS
- XXE attacks
- about / XXE attacks
- billion laughs / A billion laughs
- request forgery / Request forgery
- information leak / Information leak
- blind XXE / Blind XXE
- remote code execution / Remote code execution
Y
- ysoserial
- reference / Deserialization exploit
Z
- Zed Attack Proxy (ZAP) / Zed Attack Proxy