Posts

How to install Gopherus properly in linux

-
Gopherus If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server. And for more information you can get a blog on the same  Blog on Gopherus git clone https://github.com/tarunkant/Gopherus.git sudo apt install python2-minimal sudo wget https://bootstrap.pypa.io/pip/2.7/get-pip.py sudo python2 get-pip.py python2 -m pip --version ./install.sh 
Post a Comment
Read more

How to Pick Unique Bug Bounty Targets | Stand Out and Earn More! 🎯

-
Image
Post a Comment
Read more

Compare sha256 checksum of a file

-
Image
 sha256sum  <filename> python3 -c 'print("Equal" if "checksum of file" == "checksum provided" else "Not equal")' Equal
Post a Comment
Read more

pip error in Kali Linux: error: externally-managed-environment : SOLVED

-
 error: externally-managed-environment × This environment is externally managed ╰─> To install Python packages system-wide, try apt install     python3-xyz, where xyz is the package you are trying to     install.     If you wish to install a non-Kali-packaged Python package,     create a virtual environment using python3 -m venv path/to/venv.     Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make     sure you have pypy3-venv installed.     If you wish to install a non-Kali-packaged Python application,     it may be easiest to use pipx install xyz, which will manage a     virtual environment for you. Make sure you have pipx installed.     For more information, refer to the following:     * https://www.kali.org/docs/general-use/python3-external-packages/     * /usr/share/doc/python3.12/README.venv note: If you believe this is a mistake, please contac...
Post a Comment
Read more

Install & setup Genymotion for APK Dynamic Analysis in MobSF in Linux

-
Image
Download Genymotion   .bin file Type command:  chmod +x filename.bin                             ./filename.bin Create an account in Genymotion website. Log in to the the App. Click the "+" button on the top and add a device(phone model). Run this command in terminal: "docker run -it --rm \ -p 8000:8000 \ -p 1337:1337 \ -e MOBSF_ANALYZER_IDENTIFIER=<adb device identifier> \ opensecurity/mobile-security-framework-mobsf:latest" In the <adb device identifier>  add your value at his  place   docker run -it --rm \ -p 8000:8000 \ -p 1337:1337 \ -e MOBSF_ANALYZER_IDENTIFIER=192.168.58.102:5555 \ opensecurity/mobile-security-framework-mobsf:latest Press enter.
Post a Comment
Read more

Change font size in Burp suit Professional

-
Image
  Increase font size of request and response Settings --> User Interface --> HTTP message display
Post a Comment
Read more

Approaching Login Pages and Authentication Mechanisms

-
Image
 1. Weak Credentials Try default credentials like "admin:admin", "admin:unknown" Google for default credentials. Ask ChatGPT for defaults. Brute force using burp intruder and check for "200 status code". 2. Username Enumeration Through error message The "username is invalid" error message can indicate whether a username exists in the database. ffuf -request r.txt —fr "Username is invalid" -w ~/Downloads/wordlists/usgrnames.txt When brute-forcing, relying on error messages, codes, or response lengths can be confusing, as valid and invalid responses may look similar. Use FFUF to filter out invalid responses and return only valid usernames. Username Enumeration through Forget Password : 3. Username Enumeration through Forget Password If you find a username, use the same method to brute-force passwords by analyzing response codes and lengths. Some reset password pages may lack request limits, allowing unrestricted attempts. 4. Enumerate t...
Post a Comment
Read more