サイãƒãƒ¼æ”»æ’ƒã¨ã¯å®Ÿéš›ã©ã‚“ãªã‚‚ã®ãªã®ã‹ - Qiita
ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆ 「サイãƒãƒ¼æ”»æ’ƒã€ã£ã¦ã‚ˆãèžãã‘ã©ã€å®Ÿéš›ã©ã‚“ãªã‚‚ã®ãªã®ï¼Ÿã£ã¦ç–‘å•ã«æ€ã£ãŸã®ã§ã€ã‚µãƒ¼ãƒãƒ¼ã®80番ãƒãƒ¼ãƒˆã‚’FWã¨ã‹WAFを使ã‚ãšã«ç›´æŽ¥ãƒãƒƒãƒˆã«æ™’ã—ã¦ã©ã‚“ãªã‚¢ã‚¯ã‚»ã‚¹ãŒæ¥ã‚‹ã®ã‹è¦³å¯Ÿã—ã¦ã¿ãŸã€‚ ã¡ãªã¿ã«ã€ã“ã†ã„ã†ã‚„ã‚Šæ–¹ã®ã‚µã‚¤ãƒãƒ¼æ”»æ’ƒèª¿æŸ»ã‚’ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã¨è¨€ã†ã€‚ ãƒãƒƒãƒˆã«å‘ã‘ã¦ãƒãƒ¼ãƒˆã‚’直接開放ã™ã‚‹ã¨ã€é–‹æ”¾ã—ãŸç›´å¾Œã‹ã‚‰ã¾ã URLã‚‚å–å¾—ã—ã¦ã„ãªã„ã®ã«è‰²ã‚“ãªã‚¢ã‚¯ã‚»ã‚¹ãŒæ¥ã‚‹ã€‚ ä¸å¯©ãªã‚¢ã‚¯ã‚»ã‚¹ã¯ãŸãã•ã‚“ã‚ã‚Šã™ãŽã¦å…¨éƒ¨è¿½ãˆãªã„ãŒã€ã©ã‚“ãªã‚‚ã®ãŒã‚ã‚‹ã®ã‹ä¸€éƒ¨ã ã‘調ã¹ã¦ã¿ãŸã€‚ 普段ã¯ã—ã£ã‹ã‚Šå®ˆã‚‰ã‚Œã¦ã„ã¦æ°—ã¥ãã«ãã„ãŒã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã£ã¦æ€–ã„ã。 実際ã®ãƒã‚°(抜粋) 実際ã®ã‚¢ã‚¯ã‚»ã‚¹ãƒã‚°ã‹ã‚‰ç›®ã«ã¤ã„ãŸã‚‚ã®ã‚’抜粋ã—ã¦ã¿ãŸã€‚ 186.243.64.209 - - [16/Oct/2019:13:40:41 +0800] "GET ../../mnt/custom/ProductDefinition HTTP" 400
GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - puzzlepeaches/msprobe: Finding all things on-prem Microsoft for password spraying and enumeration.
GitHub - lcvvvv/kscan: Kscan是一款纯goå¼€å‘的全方ä½æ‰«æ器,具备端å£æ‰«æã€å议检测ã€æŒ‡çº¹è¯†åˆ«ï¼Œæš´åŠ›ç ´è§£ç‰åŠŸèƒ½ã€‚支æŒåè®®1200+,å议指纹10000+,应用指纹20000+ï¼Œæš´åŠ›ç ´è§£åè®®10ä½™ç§ã€‚
389, 636, 3268, 3269 - Pentesting LDAP | HackTricks
How I Tookover a ldap server.
GitHub - gwen001/s3-buckets-finder: Find AWS S3 buckets and test their permissions.
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
GitHub - maurosoria/dirsearch: Web path scanner
External Recon Methodology | HackTricks
GitHub - blark/aiodnsbrute: Python 3.5+ DNS asynchronous brute force utility
{{#tags}}- {{label}}
{{/tags}}