prototype-pollution-explained
dnstwist
| prototype-pollution-explained | dnstwist | |
|---|---|---|
| 3 | 23 | |
| 75 | 4,550 | |
| - | - | |
| 0.0 | 7.6 | |
| over 1 year ago | about 1 month ago | |
| JavaScript | Python | |
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
prototype-pollution-explained
-
Learning about ports and exploiting them
If you already know your NMAP command and switches, you can look up these sources to search what exploit to use depending on what port is open: - https://snyk.io/vuln/ - https://www.cvedetails.com/vulnerability-search.php - https://cve.mitre.org/cve/search_cve_list.html - https://nvd.nist.gov/vuln/search - https://www.rapid7.com/db/
-
Awesome Penetration Testing
Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
- Could someone please explain some to me how Prototype Pollution attack works with handlebars?
dnstwist
- Have I Been Squatted?
-
Domain Permutation - HaveIBeenSquatted & dnstwist
I recently stumbled upon 2 cool domain permutation tools: HIBS & dnstwist
-
Accounting got phished. Paid out big bucks
https://dnstwist.it/ - check your domain now
-
Phishing campaign defence advice
You can hunt down evil twin domains with https://dnstwist.it/
- adjacent domain names
- Alternative To Domain Tools
-
Typosquatting list
I periodically run dnstwist and add whatever it finds to our block list.
- List of 26 services for OSINT | BLUE TEAMS | RED TEAMS
-
God damn. In situations like this how can I detect the fake one? This is truly scary.
Pi-hole (with every reasonable blocklist I can find) protects me from many of these domains. NextDNS would be another option for DNS-based blocking for people who don't want to administer it themselves. I also plan to use DNSTwist to generate additional blocklists for typo-based phishing that I can plug into the Pi-hole for important sites.
- Google Search Ads showing fake bitwarden web vault site as top result.
What are some alternatives?
scapy - Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
opensquat - The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.
Cppcheck - static analysis of C/C++ code
dnschef - DNSChef - DNS proxy for Penetration Testers and Malware Analysts
Metasploit - Metasploit Framework
urlcrazy - Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
octoDNS - Tools for managing DNS across multiple providers
amass - In-depth attack surface mapping and asset discovery
WhatBreach - OSINT tool to find breached emails, databases, pastes, and relevant information
pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
Watcher - Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.