Archives

Here are all the past articles.

OWASP

I: Abuse of Functionality
II: Exploitation of Authentication
III: Injection
IV: Injection Part II

Data Forensics

Photorec
Windows

Kali

Nikto
John the Ripper
Shred
Burp Suite Set Up Tutorial Small Intruder
I: Wireshark

Web App Vulns

Subdomains
Baker's Dozen

Etcetera

One Time Pad
PHP Backdoor File Analysis
Hiring Procedures
SPF and Email Spoofing

Subdomain Search

Finding unmaintained subdomains is the cruise control for cool, and some easy money while doing bug bounties.
The tool I use is SubBrute by The Rook. Download it from Github and you may also need to download Python if you do not have it.

Run it in Command Prompt

subbrute.py yelp.com -o stuffFound.txt



subbrute.py: script name
yelp.com: url to test
-o yepName.txt: output found urls
Included in the SubBrute's file package there is 'name.text' which is the list of subdomains that the Python script will be attempting to access. Note there is also a 'names_small.txt' for quick runs.
The command can also run multiple domains at the same time like this:
subbrute.py yelp.com hotmail.com -o stuffFound.txt
You can also import a list of domains to test like so:
subbrute.py -t ManyDomains.txt

Pro Tip

Subdomains can also have subdomains! Example:command.calendar.gmail.com
subbrute.py gmail.com > stuffFound.txt
subbrute.py -t stuffFound.txt



Findings will print to both to screen and file.