Our great sponsors
-
SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
wpscan
WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
After our initial port scan, we might do more scans depending on what we find. In order to be as effective as possible, and to gather as much information as possible, pentesters are often running multiple scans simultaneously on a target. There are hundreds of tools out there for every service imaginable. Some of the tools worth mentioning are wpscan (https://wpscan.com/wordpress-security-scanner) for Wordpress sites or sqlmap (https://sqlmap.org/) for automatic SQL injection. For a more extensive list of tools check out https://0xcybery.github.io/ehtk/ or https://github.com/enaqx/awesome-pentest
We can also use tools such as Gobuster to scan websites for subpages. Gobuster has a ton of features, but we will be using the url parameter and provide it with a wordlist of words to search for. Operating systems such as Kali Linux or ParrotOS come pre-installed with wordlists, but there are plenty of useful wordlists on Github we can use - check out https://github.com/danielmiessler/SecLists. An example of this could be: Gobuster -u https://site-we-want-to-scan/ -w /path/to/wordlist -t threads -o gobuster_scan_from_website_root
After our initial port scan, we might do more scans depending on what we find. In order to be as effective as possible, and to gather as much information as possible, pentesters are often running multiple scans simultaneously on a target. There are hundreds of tools out there for every service imaginable. Some of the tools worth mentioning are wpscan (https://wpscan.com/wordpress-security-scanner) for Wordpress sites or sqlmap (https://sqlmap.org/) for automatic SQL injection. For a more extensive list of tools check out https://0xcybery.github.io/ehtk/ or https://github.com/enaqx/awesome-pentest
After our initial port scan, we might do more scans depending on what we find. In order to be as effective as possible, and to gather as much information as possible, pentesters are often running multiple scans simultaneously on a target. There are hundreds of tools out there for every service imaginable. Some of the tools worth mentioning are wpscan (https://wpscan.com/wordpress-security-scanner) for Wordpress sites or sqlmap (https://sqlmap.org/) for automatic SQL injection. For a more extensive list of tools check out https://0xcybery.github.io/ehtk/ or https://github.com/enaqx/awesome-pentest
Related posts
- Cyber Security iPhone Application Idea
- More than 400 start.me OSINT websites! More than 10KB of sources!
- The new biggest OSINT list! 302+ pages worth of OSINT, SOCMINT and CSINT! The largest list of OSINT sources with thousands of sources! Better than the last one! Better than downtown_soup! Better than the last two! More than 10KB of OSINT sources!
- 225 LINE OSINT LIST BIGGEST OF THEM ALL!
- The new biggest OSINT list! 209 pages worth of OSINT, SOCMINT and CSINT! The truly largest OSINT list with thousands of sources! 8KB of SOCMINT sources