- Note the byte quantity (bottom right)
- Note the time spend to answer
- Use comparer to diff responses
- Encode space with %20 or +
- En intruder es un fuzzer
- Snipper:
- Highlight varaible and click on Add & at the right
- Runtime file <= it has a lower RAM footprint
- use common.txt
- Configure include encoding and not
- Use HEAD (or OPTIONS) instead of GET for faster intruder (better than 10 threads). If there is a redireciton, it will use GET anyway. So earn time on not found
- Snipper:
- /?p=42 is nice for wordpress
- Use proxychain for other tool, or python3 sqlmap --proxy localhost:8080
- Target: for auto scan, right click scan, setting, deep
- Con1: Can be blocked by wasp
- Con2: Can slowen your compu and takes time
- Con3: It can be intrusive, it can drop tables! And already happened to a consultor
Burp: Nesus: Mejor para benchmark Zap: Nikto: Nuclei
- Find subdominios:
- Find ports, httpx to see if it is HTTP
- C-r Repeater
- C-f Filter
- https://portswigger.net/web-security/sql-injection/cheat-sheet
- https://github.com/wpscanteam/wpscan
- https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/wordpress
- https://osint.sh/subdomain/
- https://github.com/sqlmapproject/sqlmap
- https://github.com/projectdiscovery/nuclei
- Find vuln
- Intrude multiple subdomain
- By command line