Page 13 - Hands-On Bug Hunting for Penetration Testers
P. 13
Table of Contents
Aircrack-ng 177
Wireshark 177
SpiderFoot 177
Resources 178
FuzzDB 178
Pentesting Cheatsheet 178
Exploit DB 178
Awesome Web Security 179
Kali Linux 179
Source Code Analysis (White Box) Tools 179
Pytaint 179
Bandit 180
Brakeman 180
Burp 180
Burp Extensions 180
JSON Beautifier 180
Retire.js 181
Python Scripter 181
Burp Notes 181
Burp REST API 181
SaaS-Specific Extensions 181
Using Burp Pro to Generate a CSRF PoC 182
Metasploit and Exploitation Frameworks 184
Summary 185
Questions 185
Further Reading 186
Chapter 12: Other (Out of Scope) Vulnerabilities 187
Technical Requirements 187
DoS/DDoS – The Denial-of-Service Problem 188
Sandboxed and Self-XSS – Low-Threat XSS Varieties 189
Non-Critical Data Leaks – What Companies Don’t Care About 190
Emails 190
HTTP Request Banners 190
Known Public Files 191
Missing HttpOnly Cookie Flags 191
Other Common No-Payout Vulnerabilities 191
Weak or Easily Nypassed Captchas 191
The HTTP OPTIONS Method Enabled 192
BEAST (CVE-2011-3389) and Other SSL-Based Attacks 192
Brute Forcing Authentication Systems 193
CSRF Logout 193
Anonymous Form CSRF 193
Clickjacking and Clickjacking-Enabled Attacks 194
Physical Testing Findings 194
Outdated Browsers 194
Server Information 195
[ vi ]
