Cybersecurity

User Tools

Site Tools

Trace: 02_discovery 03_how_internet_works 03_mapping 04_authorization
tbhm:03_mapping

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tbhm:03_mapping [2026/05/14 09:18] – TBHM import drewtbhm:03_mapping [2026/05/14 09:28] (current) – converted from markdown to dokuwiki syntax drew
Line 1: Line 1:
-Mapping+====== Mapping ======
  
-## Mapping Tips: +===== Mapping Tips: ===== 
-Google +  Google 
-Smart Directory Brute Forcing +  // Smart// Directory Brute Forcing 
-  RAFT lists (included in Seclists) +  RAFT lists (included in Seclists) 
-  SVN Digger (included in Seclists) +  SVN Digger (included in Seclists) 
-  Git Digger +  Git Digger 
-Platform Identification: +  Platform Identification: 
-  Wapplyzer (Chrome) +  Wapplyzer (Chrome) 
-  Builtwith (Chrome) +  Builtwith (Chrome) 
-  retire.js (cmd-line or Burp) +  retire.js (cmd-line or Burp) 
-  Check CVEs +  Check CVE's 
-Auxiliary +  Auxiliary 
-  WPScan +  WPScan 
-  CMSmap+  CMSmap
  
-## Directory Bruteforce Workflow+===== Directory Bruteforce Workflow =====
 After bruteforcing look for other status codes indicating you are denied or require auth then append list there to test for misconfigured access control. After bruteforcing look for other status codes indicating you are denied or require auth then append list there to test for misconfigured access control.
  
 Example: Example:
  
-```+<code>
 GET http://www.acme.com - 200 GET http://www.acme.com - 200
 GET http://www.acme.com/backlog/ - 404 GET http://www.acme.com/backlog/ - 404
 GET http://www.acme.com/controlpanel/ - 401 hmm.. ok GET http://www.acme.com/controlpanel/ - 401 hmm.. ok
 GET http://www.acme.com/controlpanel/[bruteforce here now] GET http://www.acme.com/controlpanel/[bruteforce here now]
-```+</code>
  
-## Mapping/Vuln Discovery using OSINT+===== Mapping/Vuln Discovery using OSINT =====
 Find previous/existing problem: Find previous/existing problem:
-Xssed.com +  * Xssed.com 
-Reddit XSS - /r/xss +  Reddit XSS - /r/xss 
-Punkspider +  Punkspider 
-xss.cx +  xss.cx 
-xssposed.org +  xssposed.org 
-twitter searching+  twitter searching
  
 Issues might already reported but use the flaw area and injection type to guide you to further injections or filter bypass Issues might already reported but use the flaw area and injection type to guide you to further injections or filter bypass
  
-## New Project: Maps+===== New Project: Maps =====
 New OSINT/Mapping project New OSINT/Mapping project
-250+ bounty programs +  * 250+ bounty programs 
-Crawl +  Crawl 
-DNS info + bruteforce +  DNS info + bruteforce 
-Bounty metadata (links, rewards, scope) +  Bounty metadata (links, rewards, scope) 
-API -> Intrigue+  API -> Intrigue
  
 https://github.com/bugcrowdlabs/maps https://github.com/bugcrowdlabs/maps
  
-### Using the Maps Project: Crawling+==== Using the Maps Project: Crawling ====
 Using + Ruby + Anemone + JSON + Grep Using + Ruby + Anemone + JSON + Grep
  
-```+<code>
 $cat test_target_json.txt | grep redirect $cat test_target_json.txt | grep redirect
  
Line 58: Line 58:
 https://test_target/redirect/?url=http://facebook.com/... https://test_target/redirect/?url=http://facebook.com/...
 https://test_target/redirect/?url=http://pinterest.com/... https://test_target/redirect/?url=http://pinterest.com/...
-```+</code>
  
-## New Tool: Intrigue+===== New Tool: Intrigue =====
 OSINT framework, simple to integrate. Features like: OSINT framework, simple to integrate. Features like:
-DNS Subdomain Brute force +  * DNS Subdomain Brute force 
-Web Spider +  Web Spider 
-Nmap Scan +  Nmap Scan 
-etc +  etc
 Code @ http://github.com/intrigueio/intrigue-core Code @ http://github.com/intrigueio/intrigue-core
  
tbhm/03_mapping.1778746727.txt.gz · Last modified: by drew
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki