Command line for the beginner - Using the command line in developing for the...Jim Birch
This document provides an introduction to using the command line interface for web development. It begins with basic commands and concepts like archiving files. It then covers more advanced topics such as connecting to servers via SSH, using version control with Git, and automating tasks with Grunt or Gulp. The document aims to bring beginners up to an intermediate level of command line proficiency and provide pointers to resources for continuing to an advanced level.
This document discusses code review and the Android framework source code. It provides instructions on how to access and view the framework source code in Eclipse, as well as an alternate online source viewer. It gives examples of modifying framework classes like SeekBar and AsyncTask. Finally, it asks if there are any questions.
Ansible is an open source automation tool that allows users to configure, manage, and deploy software on remote machines without requiring an agent. It uses SSH to connect to nodes and executes modules written in Python. Playbooks allow users to automate multiple tasks by defining YAML files containing a list of commands. Ansible is agentless and can manage hundreds of nodes with a single command.
Hack information of any website using webkillerSoniakohli6
For hacking any website or web application, information gathering phase about the target is must. Hackers use different tools for collecting unique information about the target. Web killer is another information-gathering tool with nice options to scan the target. In this tool, we have all the option to perform information gathering and this tool is completely built on the python programming language.
The document discusses node.js basics including setting up a development environment, using npm commands, executing JavaScript files, using external files, function scopes, and closures. It provides code examples and explanations of key concepts like requiring modules, exports vs module.exports, and how variable scoping works differently inside and outside of functions in JavaScript.
This document discusses using Symfony2 as a web framework for developers familiar with Midgard. It notes that Symfony2 is becoming the standard PHP framework and can integrate Midgard components. It provides instructions for setting up a Symfony2 project, integrating Midgard databases and queries, and using MidCOM components with some compatibility work. Examples are given for routing, controllers, templates, and interacting with Midgard.
This document provides an introduction to Symfony2 by walking through how to download and set up a basic Symfony project. It explains some key Symfony concepts like routing, controllers, and separation of concerns. The document downloads the Symfony Standard Edition, checks the configuration, and demonstrates a simple "hello world" controller to greet the user. It explains how Symfony routes URLs to code via routing configurations and controllers that handle requests and return responses.
Setting up the Red5 environment, building sample applications and integrating with flash. We will look at how Red5 works within the flash IDE and build a sample chat application, video streaming, and multi-user environment.
Command line for the beginner - Using the command line in developing for the...Jim Birch
This document provides an introduction to using the command line interface for web development. It begins with basic commands and concepts like archiving files. It then covers more advanced topics such as connecting to servers via SSH, using version control with Git, and automating tasks with Grunt or Gulp. The document aims to bring beginners up to an intermediate level of command line proficiency and provide pointers to resources for continuing to an advanced level.
This document discusses code review and the Android framework source code. It provides instructions on how to access and view the framework source code in Eclipse, as well as an alternate online source viewer. It gives examples of modifying framework classes like SeekBar and AsyncTask. Finally, it asks if there are any questions.
Ansible is an open source automation tool that allows users to configure, manage, and deploy software on remote machines without requiring an agent. It uses SSH to connect to nodes and executes modules written in Python. Playbooks allow users to automate multiple tasks by defining YAML files containing a list of commands. Ansible is agentless and can manage hundreds of nodes with a single command.
Hack information of any website using webkillerSoniakohli6
For hacking any website or web application, information gathering phase about the target is must. Hackers use different tools for collecting unique information about the target. Web killer is another information-gathering tool with nice options to scan the target. In this tool, we have all the option to perform information gathering and this tool is completely built on the python programming language.
The document discusses node.js basics including setting up a development environment, using npm commands, executing JavaScript files, using external files, function scopes, and closures. It provides code examples and explanations of key concepts like requiring modules, exports vs module.exports, and how variable scoping works differently inside and outside of functions in JavaScript.
This document discusses using Symfony2 as a web framework for developers familiar with Midgard. It notes that Symfony2 is becoming the standard PHP framework and can integrate Midgard components. It provides instructions for setting up a Symfony2 project, integrating Midgard databases and queries, and using MidCOM components with some compatibility work. Examples are given for routing, controllers, templates, and interacting with Midgard.
This document provides an introduction to Symfony2 by walking through how to download and set up a basic Symfony project. It explains some key Symfony concepts like routing, controllers, and separation of concerns. The document downloads the Symfony Standard Edition, checks the configuration, and demonstrates a simple "hello world" controller to greet the user. It explains how Symfony routes URLs to code via routing configurations and controllers that handle requests and return responses.
Setting up the Red5 environment, building sample applications and integrating with flash. We will look at how Red5 works within the flash IDE and build a sample chat application, video streaming, and multi-user environment.
Exploring Async PHP (SF Live Berlin 2019)dantleech
(note slides are missing animated gifs and video)
As PHP programmers we are used to waiting for network I/O, in general we may not even consider any other option. But why wait? Why not jump on board the Async bullet-train and experience life in the fast lane and give Go and NodeJS a run for the money. This talk will aim to make the audience aware of the benefits, opportunities, and pitfalls of asynchronous programming in PHP, and guide them through the native functionality, frameworks and PHP extensions though which it can be facilitated.
GUIDE - Migrating AWS EBS backed AMI's between RegionsRob Linton
This document summarizes the process for migrating AWS EBS-backed AMIs between regions. The key steps are:
1) Identify the source AMI and its backing EBS snapshot.
2) Create a new volume from the snapshot and attach it to an EC2 instance.
3) Set up a target instance in the destination region and attach a blank volume.
4) Copy the target instance's private key to the source instance.
5) Use dd and ssh to copy the data from the source volume to the target volume.
6) Create a snapshot from the target volume and generate a new AMI.
This document summarizes the steps taken in a Capture the Flag (CTF) challenge to read a file called flag.txt located at http://192.168.56.10/. The challenge involved 7 levels that exploited vulnerabilities like SQL injection, file inclusion, and remote desktop access to ultimately gain a shell on the database server at 192.168.56.12 in order to find the flag file. Detailed commands and techniques are provided for each level to bypass authentication, read local files, upload a web shell, enable remote desktop, scan for open ports, and execute commands on the database server.
The document discusses Node.js and provides instructions for installing Node.js via different methods:
1) Homebrew can be used to install Node.js on OSX by running "brew install node.js".
2) nDistro allows creating and installing Node.js distributions within seconds by specifying module and Node binary version dependencies in a .ndistro file.
3) Node.js can be compiled from source by cloning the Node.js repository via git or downloading the source, running configuration, make, and make install commands.
Automated Image & Restore (AIR) is an open source forensic imaging tool with a graphical user interface. It provides an easy front-end for disk/partition imaging using dd and dcfldd commands. Key features include support for hashing algorithms, SCSI tape drives, network imaging, splitting images, and detailed session logging. The tutorial demonstrates installing and using AIR to create a forensic image of a file on a Linux system and copy it to a CD-ROM for evidence preservation.
사내 발표자료 겸 만들었는데, ECS Fargate를 이용하실 분들이라면, 편리하게 쓰실 수 있도록 최대한 상세하게 만들어 보았습니다.
사실 CloudFormation 등 배포는 좀 더 편리하게 할 수 있지만, 회사 사정도 있고, 제가 일단 그런 기술을 너무 늦게 알았기 때문에 다루지는 않았습니다.
Creating a modern web application using Symfony API Platform, ReactJS and Red...Jesus Manuel Olivas
The API Platform framework is a set of tools to help you building API-first projects. The API project Platform is built on top of the Symfony framework, it means you can reuse all your Drupal 8 and Symfony skills and benefit of the incredible amount of Symfony documentation and community bundles.
During this session, you will learn how to use the API Platform project to create a modern web application using Symfony, Doctrine, ReactJS, Redux, Redux-Saga, Ant Design and DVA.
Like many others, WordPress has been my personal blogging tool for a long time. A powerful tool for easy publishing! That is what everyone wants.
Large sites like TechCrunch and TheNextWeb use it exactly for that reason. And more enterprises seem to discover it as good solution to their too-expensive publication tools. But keeping those WordPress instances running requires skills and knowledge.
Because of WordPress extendibility and its very active community, you can do this too. This tutorial will teach you how use Ansible, Composer, WP-CLI, WP REST API, and Elasticsearch can push WordPress from a personal blogging tool into an enterprise-worthy level application. Out with FTP based SCM ... in with automated deployment, dependency management, and utterly fast search.
1. Appledoc is a documentation generation tool that can be used to automatically generate documentation from code comments.
2. The process of setting up Appledoc involves fetching the Appledoc source code from GitHub, building the Appledoc project, installing the Appledoc shell, and integrating Appledoc into an Xcode project by adding a script to the build phases.
3. Documentation is created by adding specific tags like @param and @return to comments above classes, methods, and other code elements. Appledoc parses these comments and generates HTML documentation.
Shodan is basically a search engine which helps to find (routers, switches, Scada etc.) mainly vulnerable systems on the internet .It is widely known as Google for hackers
It was launched in 2009 by computer programmer John Matherly. It is mainly a search engine of service banners in which metadata (data about data) is sent from the server to client. Shodan currently probes for 50+ ports.
How to deploy and scale your meteor appsDesignveloper
I believe that you already had a good preparation after digesting our previous blog What To Consider Before Deploying A Meteor App, right? Now, it’s time to get your hands dirty. Ready? I’m going to show you how to bring your app into practice.
In this tutorial we will build a "nameservice", a mapping of strings to other strings (similar to Namecoin, ENS, or Handshake), in which to buy the name, the buyer has to pay the current owner more than the current owner paid to buy it!
This document provides a step-by-step guide to replicating data from on-premise to cloud using AWS DataSync. It outlines setting up the necessary infrastructure components like creating a VPC, S3 bucket, security groups, and deploying the DataSync agent on an EC2 instance. It then walks through creating a DataSync task to copy files from S3 to an EFS file system, mounting the EFS on another EC2 instance to verify the files were successfully copied.
Spraykatz is a credentials gathering tool automating remote procdump and parse of lsass process. Spraykatz is a tool able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.
This document summarizes the steps taken to solve a Capture the Flag (CTF) challenge involving accessing a file called flag.txt across multiple systems. The CTF was broken into levels involving bypassing login, local file inclusion, uploading a web shell via FTP, gaining remote desktop access, creating users, scanning ports, and ultimately reading the flag file from a database server. A variety of techniques were used, including SQL injection, file path manipulation, and exploiting unsecured services.
Setting up the hyperledger composer in ubuntukesavan N B
The document provides steps to set up Hyperledger Composer in Ubuntu by:
1. Installing development tools like composer-cli, generator-hyperledger-composer, and composer-rest-server.
2. Starting Hyperledger Fabric.
3. Creating a business network definition from a sample, modifying files, and defining models and transactions.
4. Building a business network archive (.bna) file.
5. Deploying the .bna file to the running Hyperledger Fabric.
6. Generating a REST API using composer-rest-server to interact with the business network.
This document provides instructions for installing and configuring the Apache web server on UNIX systems. It discusses downloading and unpacking the Apache source code, running the configure script, compiling the code, and installing the Apache files. It also explains how to configure Apache by editing the httpd.conf file to set parameters like the listening port, document root, and virtual directories. The document outlines how to start, stop and restart Apache using the apachectl script for easy management.
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltStack
An overview on the benefits and best practices of using SaltStack for consistency and automation in highly available enterprise environments such as financial services.
This document provides an overview of Amazon Elastic MapReduce (EMR), including:
1) EMR allows users to quickly and cost-effectively process vast amounts of data by providing a managed Hadoop framework and supporting popular distributed frameworks like Spark.
2) The document demonstrates how to use EMR for tasks like clickstream analysis, log processing, and genomic research through example use cases.
3) It outlines the agenda which will cover Hadoop fundamentals, EMR features, how to get started, supported tools, and additional resources.
Amazon EMR enables fast processing of large structured or unstructured datasets, and in this presentation we'll show you how to setup an Amazon EMR job flow to analyse application logs, and perform Hive queries against it. We also review best practices around data file organisation on Amazon Simple Storage Service (S3), how clusters can be started from the AWS web console and command line, and how to monitor the status of a Map/Reduce job.
Finally we take a look at Hadoop ecosystem tools you can use with Amazon EMR and the additional features of the service.
See a recording of the webinar based on this presentation on YouTube here:
Check out the rest of the Masterclass webinars for 2015 here: http://aws.amazon.com/campaigns/emea/masterclass/
See the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
Exploring Async PHP (SF Live Berlin 2019)dantleech
(note slides are missing animated gifs and video)
As PHP programmers we are used to waiting for network I/O, in general we may not even consider any other option. But why wait? Why not jump on board the Async bullet-train and experience life in the fast lane and give Go and NodeJS a run for the money. This talk will aim to make the audience aware of the benefits, opportunities, and pitfalls of asynchronous programming in PHP, and guide them through the native functionality, frameworks and PHP extensions though which it can be facilitated.
GUIDE - Migrating AWS EBS backed AMI's between RegionsRob Linton
This document summarizes the process for migrating AWS EBS-backed AMIs between regions. The key steps are:
1) Identify the source AMI and its backing EBS snapshot.
2) Create a new volume from the snapshot and attach it to an EC2 instance.
3) Set up a target instance in the destination region and attach a blank volume.
4) Copy the target instance's private key to the source instance.
5) Use dd and ssh to copy the data from the source volume to the target volume.
6) Create a snapshot from the target volume and generate a new AMI.
This document summarizes the steps taken in a Capture the Flag (CTF) challenge to read a file called flag.txt located at http://192.168.56.10/. The challenge involved 7 levels that exploited vulnerabilities like SQL injection, file inclusion, and remote desktop access to ultimately gain a shell on the database server at 192.168.56.12 in order to find the flag file. Detailed commands and techniques are provided for each level to bypass authentication, read local files, upload a web shell, enable remote desktop, scan for open ports, and execute commands on the database server.
The document discusses Node.js and provides instructions for installing Node.js via different methods:
1) Homebrew can be used to install Node.js on OSX by running "brew install node.js".
2) nDistro allows creating and installing Node.js distributions within seconds by specifying module and Node binary version dependencies in a .ndistro file.
3) Node.js can be compiled from source by cloning the Node.js repository via git or downloading the source, running configuration, make, and make install commands.
Automated Image & Restore (AIR) is an open source forensic imaging tool with a graphical user interface. It provides an easy front-end for disk/partition imaging using dd and dcfldd commands. Key features include support for hashing algorithms, SCSI tape drives, network imaging, splitting images, and detailed session logging. The tutorial demonstrates installing and using AIR to create a forensic image of a file on a Linux system and copy it to a CD-ROM for evidence preservation.
사내 발표자료 겸 만들었는데, ECS Fargate를 이용하실 분들이라면, 편리하게 쓰실 수 있도록 최대한 상세하게 만들어 보았습니다.
사실 CloudFormation 등 배포는 좀 더 편리하게 할 수 있지만, 회사 사정도 있고, 제가 일단 그런 기술을 너무 늦게 알았기 때문에 다루지는 않았습니다.
Creating a modern web application using Symfony API Platform, ReactJS and Red...Jesus Manuel Olivas
The API Platform framework is a set of tools to help you building API-first projects. The API project Platform is built on top of the Symfony framework, it means you can reuse all your Drupal 8 and Symfony skills and benefit of the incredible amount of Symfony documentation and community bundles.
During this session, you will learn how to use the API Platform project to create a modern web application using Symfony, Doctrine, ReactJS, Redux, Redux-Saga, Ant Design and DVA.
Like many others, WordPress has been my personal blogging tool for a long time. A powerful tool for easy publishing! That is what everyone wants.
Large sites like TechCrunch and TheNextWeb use it exactly for that reason. And more enterprises seem to discover it as good solution to their too-expensive publication tools. But keeping those WordPress instances running requires skills and knowledge.
Because of WordPress extendibility and its very active community, you can do this too. This tutorial will teach you how use Ansible, Composer, WP-CLI, WP REST API, and Elasticsearch can push WordPress from a personal blogging tool into an enterprise-worthy level application. Out with FTP based SCM ... in with automated deployment, dependency management, and utterly fast search.
1. Appledoc is a documentation generation tool that can be used to automatically generate documentation from code comments.
2. The process of setting up Appledoc involves fetching the Appledoc source code from GitHub, building the Appledoc project, installing the Appledoc shell, and integrating Appledoc into an Xcode project by adding a script to the build phases.
3. Documentation is created by adding specific tags like @param and @return to comments above classes, methods, and other code elements. Appledoc parses these comments and generates HTML documentation.
Shodan is basically a search engine which helps to find (routers, switches, Scada etc.) mainly vulnerable systems on the internet .It is widely known as Google for hackers
It was launched in 2009 by computer programmer John Matherly. It is mainly a search engine of service banners in which metadata (data about data) is sent from the server to client. Shodan currently probes for 50+ ports.
How to deploy and scale your meteor appsDesignveloper
I believe that you already had a good preparation after digesting our previous blog What To Consider Before Deploying A Meteor App, right? Now, it’s time to get your hands dirty. Ready? I’m going to show you how to bring your app into practice.
In this tutorial we will build a "nameservice", a mapping of strings to other strings (similar to Namecoin, ENS, or Handshake), in which to buy the name, the buyer has to pay the current owner more than the current owner paid to buy it!
This document provides a step-by-step guide to replicating data from on-premise to cloud using AWS DataSync. It outlines setting up the necessary infrastructure components like creating a VPC, S3 bucket, security groups, and deploying the DataSync agent on an EC2 instance. It then walks through creating a DataSync task to copy files from S3 to an EFS file system, mounting the EFS on another EC2 instance to verify the files were successfully copied.
Spraykatz is a credentials gathering tool automating remote procdump and parse of lsass process. Spraykatz is a tool able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.
This document summarizes the steps taken to solve a Capture the Flag (CTF) challenge involving accessing a file called flag.txt across multiple systems. The CTF was broken into levels involving bypassing login, local file inclusion, uploading a web shell via FTP, gaining remote desktop access, creating users, scanning ports, and ultimately reading the flag file from a database server. A variety of techniques were used, including SQL injection, file path manipulation, and exploiting unsecured services.
Setting up the hyperledger composer in ubuntukesavan N B
The document provides steps to set up Hyperledger Composer in Ubuntu by:
1. Installing development tools like composer-cli, generator-hyperledger-composer, and composer-rest-server.
2. Starting Hyperledger Fabric.
3. Creating a business network definition from a sample, modifying files, and defining models and transactions.
4. Building a business network archive (.bna) file.
5. Deploying the .bna file to the running Hyperledger Fabric.
6. Generating a REST API using composer-rest-server to interact with the business network.
This document provides instructions for installing and configuring the Apache web server on UNIX systems. It discusses downloading and unpacking the Apache source code, running the configure script, compiling the code, and installing the Apache files. It also explains how to configure Apache by editing the httpd.conf file to set parameters like the listening port, document root, and virtual directories. The document outlines how to start, stop and restart Apache using the apachectl script for easy management.
SaltConf14 - Ben Cane - Using SaltStack in High Availability EnvironmentsSaltStack
An overview on the benefits and best practices of using SaltStack for consistency and automation in highly available enterprise environments such as financial services.
This document provides an overview of Amazon Elastic MapReduce (EMR), including:
1) EMR allows users to quickly and cost-effectively process vast amounts of data by providing a managed Hadoop framework and supporting popular distributed frameworks like Spark.
2) The document demonstrates how to use EMR for tasks like clickstream analysis, log processing, and genomic research through example use cases.
3) It outlines the agenda which will cover Hadoop fundamentals, EMR features, how to get started, supported tools, and additional resources.
Amazon EMR enables fast processing of large structured or unstructured datasets, and in this presentation we'll show you how to setup an Amazon EMR job flow to analyse application logs, and perform Hive queries against it. We also review best practices around data file organisation on Amazon Simple Storage Service (S3), how clusters can be started from the AWS web console and command line, and how to monitor the status of a Map/Reduce job.
Finally we take a look at Hadoop ecosystem tools you can use with Amazon EMR and the additional features of the service.
See a recording of the webinar based on this presentation on YouTube here:
Check out the rest of the Masterclass webinars for 2015 here: http://aws.amazon.com/campaigns/emea/masterclass/
See the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
Similar to Subdomain enumeration is a crucial phase in cybersecurity, particularly during reconnaissance and vulnerability assessment processes. (20)
SARS-CoV-2 is the virus responsible for the COVID-19 pandemic that started in...Varun Mithran
SARS-CoV-2 is the virus responsible for the COVID-19 pandemic that started in late 2019. It belongs to the coronavirus family, similar to the virus that caused the SARS outbreak in 2002-2003.
Procedure During an ECG, electrodes are placed on specific parts of the patient’s limbs and chest. These electrodes record the electrical signals generated by the heart as it contracts and relaxes
Apply now for "Raspberry Pi for beginners" video course as Self learning Varun Mithran
"For a beginner ideal to dive into the exciting possibilities with the PI (for PC). Comprehensible and well explained. I will use the course again and again to try out new things."
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
2. GETTING SUBDOMAINS FROM “https://bgp.he.net/”
The website can take:
name of the company
domain name
We can get following information from the site:
ASN of the company
The range of IP address that the company owns
list of subdomains of the company
nameservers of the company
whois information
We have extracted these information from the site, out of which two nameservers are
important. Also, we can scan these IPs in the next step of pentesting to see which
ports are open.
3. Note: This website does not provide information about domains/subdomains that are
hosted in cloud platforms like amazon, etc. Since, out target is hosted in amazon, we
could not get much information about subdomains. Nevertheless, this is a good
starting points to gather information about a target.
GETTING SUBDOMAINS USING THE WEBSITE
“https://crt.sh”
The website can take:
name of the company. Ex. “tsp”
root domain of the company. Ex. “tsp.gov”
Certificate fingerprint of the company, amongst others
In return, the site provides us with the following:
various other root domains associated with the company
subdomains of the company
The website returns the following information amongst many others, all of which
cannot be shown in the screenshot
4. As a pentester, we will need to gather these information in a text file. Here are the
steps to do all these in the command line.
The json file is of the json format:
jq is a json parser that is used to deal with json files. Above is the screenshot of first
element present in json array. We will need to parse this file and extract all the
subdomains of “tsp.gov” from it to a new file. I have created this basic command for
this purpose.
The above command parses the json_file.txt using the jq command. It extract all the
common_name from the array(here. common_name represent subdomain). From the
array of extracted subdomains, the grep command will search for all unique
subdomains of the target root domain (“.tst.gov”), and extract them to the
“final_subdomain” file.
This site has given us a total of “49” subdomains in a text file.
5. VIRUSTOTAL (https://www.virustotal.com/gui/)
Type in the domain name in the search bar in the search section
The subdomain are listed in the “RELATION” section
There is a copy bar at the right side as shown in the above image.Copy and paste it in
a file for further processing.
6. We can use the api provided by virustotal to get all the subdomains using command
line as shown. However, this will only give the sub-domain for the target domain, and
will not provide recursive subdomains. Try and come up with a solution of this to
automate the process.
Add the -o output.txt to save the information
Log into the site, and copy the api key provided in the key section into the avove
command. Also, replace the “{domain}” with the target domain.
Output of subdomains from the GUI of virustotal:
Virus total has given a total of 39 subdomains.
9. Using api to gather subdomains
children_only=false means that even subdomain of subdomain will be returned.
include_inactive=true means that even those domains that has no dns information will
be returned.
This will give us an output in the form of json. Our goal is to create a file with only
subdomain names. The command below will help us do that.
jq will extract the subdomains from the json file. Here, subdomains are returned
without the domain part. Therefore, we use awk to add the remainder to the
subdomains and output the final_output file.
The final output file is of the following format:
Total number of subdomains found using this site:
10. SUBDOMAIN FINDER
(https://subdomainfinder.c99.nl/)
This site can be very useful as it provides a list of all the scans be dates. As a pentester,
we can make use of this facility to find the list of subdomain from earlier and can use
this step for domain takeover.
It can do may other interesting things as shown in the link https://api.c99.nl/
The GUI shows all the subdomains, but subdomains without IP cannot be copied from
the site.
We need to manually copy all the subdomain into a file. The site offers paid API.
Now, we need to convert this into a file containing only the domain names.
11. The final output is in the format given below:
Total number of subdomains gathered from this site are 65:
URLSCAN (https://urlscan.io/)
This site is mostly useful for gathering various other informations about the domain. It
also gives subdomains.
12. TURBOLISTER
This tool is the fork of “SUBLIST3R” which is used to find domain using both
scrapping techinique and bruteforce technique. We will use the scrapping technique to
find the subdomains which is run by default. This is an extension which provides
various other functionality to deal with the output.
Search Engine and Sites used by Sublist3r/Turbolist3r
BaiduEnum
YahooEnum
GoogleEnum
BingEnum
AskEnum
NetcraftEnum
DNSdumpster
Virustotal
ThreatCrowd
CrtSearch
PassiveDNS
How does Sublist3r/Turbolist3r scrap for subdomains ?
SEARCH ENGINE MODULE
This module automatically searches from a domain in the given search engine upto “n”
pages. From each page, it extracts unique urls, and processes it to find subdomains.
SITE MODULE
This module extracts the subdomains as provided by the given site.
The tool can be downloaded from this github repository.
13. The tool requires three dependencies to run:
1) dnslib
2) requests
3) argparse
The three dependencies can be downloaded as shown in the screenshots below:
Running the tool:
14. The output of the tool is as shown:
Total number of subdomain given by this tool:
Note: There are better tools available in the market with better source of finding
domains. Do not use this tool.
ASSETFINDER
We will be using tomnomnom’s assetfinder which can be downloaded from the link
https://github.com/tomnomnom/assetfinder
What modules does the tool use?
Virustotal
urlscan.io
crtsh
certpotter (https://sslmate.com/certspotter/)
bufferoverrun (https://dns.bufferover.run/dns) (not found on web)
facebook api (https://graph.facebook.com/certificates?fields=domains)
spyse (using both subdomain and subdomain endpoints)
hackertarget (https://hackertarget.com/)
threatcrowd
web archeve (also called waybackmachine)
(https://archive.org/help/wayback_api.php)
16. AMASS
TYPES OF FUNCTIONALITY PROVIDED MY AMASS
INTEL (for finding root domain and other high level information)
ENUM (for finding subdomains)
1. DEFAULT (passive mode and active mode)
2. BRUTE
We can checkout all the api’s, certificates, etc using the command “amass enum -list”
There are various modules used in amass:
SETTING UP THE CONFIG FILE IN AMASS
Installing from the commandline
The binary shoud be present in $GOPATH/bin
17. Copy the content of config.ini file from
https://github.com/0xdekster/deksterecon/blob/master/amass-config.ini to the above
created file.
You will first have to create an API key for the third-party sites. Once the key is
created, open the config file and paste the api key to the respective site.
18. BRUTE FORCING THE SUBDOMAIN
TOOL:MASSDNS
tool: dnsvalidator (https://github.com/vortexau/dnsvalidator)
use dns validator to find dns resolvers before using bruteforce