-
Notifications
You must be signed in to change notification settings - Fork 6
/
Busqueda Vulnerabilidades
76 lines (36 loc) · 1.94 KB
/
Busqueda Vulnerabilidades
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Lista:
https://www.exploit-db.com/papers : Relacionado con las vulnerabilidades y como son explotadas por los ciberatacantes.
Detectando un Movimiento lateral en SPLUNK: https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc
Burp Suite - Framework.
Logon Tracer: https://github.com/JPCERTCC/LogonTracer/
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discover
6. Amass - Subdomain discovery.
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
3. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files
21. JS-Scan - Endpoint discovery through JS files
22 GAU - Historical attack surface mapping
23 Parameth - Bruteforce GET and POST parameters
24 truffleHog - Find credentials in GitHub commits
Herameintas: uclei - YAML based template scanning.
Feed de vulnerabilidades: https://inthewild.io/feed
Identificación de brechas sobre Malawre o ransomware: https://www.binalyze.com/air --- Busqueda proactiva: https://cybermeisam.medium.com/blue-team-system-live-analysis-part-1-a-proactive-hunt-8258feb7cb14
Detectar vulnerabilidades en Linux: https://betterprogramming.pub/3-tools-to-detect-linux-vulnerabilities-ec42122cc41b
Catalogo de Vulnerabilidades Explotadas: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Validación en el sistema: ((https://medium.com/@wondersome/reconnaissance-tools-for-hacking-d8404399d1f5))
-----https://github.com/projectdiscovery/chaos-client
-----https://github.com/aboul3la/Sublist3r : Enlistar servicios para explotar
Tácticas blueTeam:
----https://www.kitploit.com/search/label/PowerShell