Page 193 - Hands-On Bug Hunting for Penetration Testers
P. 193
Other Tools Chapter 11
Although undeniably useful, in this book, I've chosen to focus more on scanners that
interact directly with the application property at hand. SpiderFoot is wonderful for the kind
of in-depth research that goes into preparing social engineering attacks, such as getting
emails and position titles, and understanding the relationships between key corporate
players. It's also great for finding related, dependent systems that could be compromised as
a way of ultimately infiltrating an organization.
Fortunately (or unfortunately) for us, those types of attacks are out of scope for most
pentesting engagements. Social engineering attacks and attacking vendors/third parties are
almost always called out in a testing guideline's rules of engagement as forbidden behavior.
It's a cool scanner and useful tool, just not for our purposes.
Resources
These are general sources of educational content; aggregated tutorials, snippets, and
walkthroughs that are rich with insight.
FuzzDB
FuzzDB (IUUQT HJUIVC DPN GV[[EC QSPKFDU GV[[EC) is a dictionary of attack patterns
contributed by the open source security community. Along with curated collections, such
as SecLists, it's a great source for things such as XSS inputs.
Pentesting Cheatsheet
JDow.io (IUUQT KEPX JP) provides a handy resource called the Web Application
Penetration Testing cheatsheet that walks through many of the steps in a pentesting
engagement, complete with code snippets and descriptions of how to accomplish each step.
Exploit DB
Exploit DB (IUUQT XXX FYQMPJU EC DPN ) bills itself as the ultimate archive of exploits,
shellcode, and security papers (their emphasis). It is run by Offensive Security, an
organization also responsible for one of the more prestigious security certifications, the
Offensive Security Certified Professional (OSCP ) cert. Exploit DB also contains a handy
database of Google Dorks, which we will dive into further in our chapter on SQL injection.
[ 178 ]
