appsecco/bugcrowd-levelup-subdomain-enumeration

Stars
632
Rank 71,124 (Top 2 %)
Language
Python
Created over 7 years ago
Updated almost 6 years ago

appsecco/bugcrowd-levelup-subdomain-enumeration

appsecco

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

This repository contains all the talk materials, videos and scripts from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference.

cheatsheet.pdf - cheat sheet on the sub-domain enumeration techniques covered in the talk
cloudflare_enum.py - A script to do DNS enumeration using Cloudflare service
crt_psql.sh - Extract sub-domains for a given domain using crt.sh postgres interface
esoteric_subdomain_enumeration_techniques.pdf - Slides from the talk
subdomain_enum_censys.py - Extract sub-domains for a given domain using Censys.io API
subdomain_enum_crtsh.py - Extract sub-domains for a given domain using crt.sh RSS feed
subdomain_wordlist.txt - A collection of sub-domain names(around 3 million)

Presentation

Slides are available at: https://speakerdeck.com/yamakira/esoteric-sub-domain-enumeration-techniques

Video

Video is available at: https://youtu.be/e_Gq99CKAys

Feedback/Suggestions

breaking-and-pwning-apps-and-servers-aws-azure-training

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

dvna

Damn Vulnerable NodeJS Application

the-art-of-subdomain-enumeration

This repository contains all the supplement material for the book "The art of sub-domain enumeration"

vulnerable-apps

spaces-finder

A tool to hunt for publicly accessible DigitalOcean Spaces

attacking-cloudgoat2

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

dvja

Damn Vulnerable Java (EE) Application

defcon24-infra-monitoring-workshop

Defcon24 Workshop Contents : Ninja Level Infrastructure Monitoring

defcon-26-workshop-attacking-and-auditing-docker-containers

DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source

sqlinjection-training-app

A simple PHP application to learn SQL Injection detection and exploitation techniques.

VyAPI

VyAPI - A cloud based vulnerable hybrid Android App

using-docker-kubernetes-for-automating-appsec-and-osint-workflows

Repository for all the workshop content delivered at nullcon X on 1st of March 2019

json-flash-csrf-poc

This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.

dvcsharp-api

Damn Vulnerable C# Application (API)

practical-recon-levelup0x02

This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd LevelUp 0x02 virtual conference

winmanipulate

A simple tool to manipulate window objects in Windows

opa-traefik-microservice-authz

Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).

raneto-docker

Docker container for Markdown based Raneto Knowledgebase

osint-viz-platform-reconvillage

The repository for Building visualisation platforms for OSINT data using open source solutions

docker-data-science-toolbox

Data Science Command Line Toolbox in a docker container

docker-datasploit

Docker container for datasploit framework

sqlinjectionloginbypass

A simple app to demo SQL Injection login bypass

owasp-threat-dragon-gitlab

OWASP Threat Dragon with Gitlab Integration

kubeseco

Application Security Workflow Automation using Docker and Kubernetes

alldaydevops-aism

All Day DevOps - Automated Infrastructure Security Monitoring and Defence (ELK + AWS Lambda)

devsecops-using-cloudnative-workshop

This repo contains workshop material delivered at #nullcon2020

datasploit-ansible

Ansible Playbook for setting up Datasploit

ansible-module-owasp-zap

Ansible module for OWASP ZAP using Python API to scan web targets for security issues

alldaydevops-shua

This repository contains all the talk materials and ebook from the talk System Hardening Using Ansible given at All Day DevOps 2016 online conference

owasp-webgoat-dot-net-docker

Docker container for running OWASP WebGoat.NET application

nullblr-bachaav-aismd

null Bangalore Public Bachaav 10 December 2016 Automated Infrastructure Security Monitoring & Defence

prowler-aws-securityhub-integration

Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks

c0c0n-2019-ctf-writeups

CTF write-ups from c0c0n 2019 CTF challenges that we participated

bsides-delhi-recon

This repository contains all the material from the talk "Doing recon like it's 2017" given at Bsides Delhi 2017 conference

django-rev-shell

A simple django app to provide a reverse shell when deployed and invoked.

nodejs-google-idp-sample

Presentation with proof of concept code on using Google as Identity Provider for Web API authentication using NodeJS as backend and VueJS as frontend

container-image-scanner-api

A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses

automated-defence-ssh-bruteforce-aws

Source code for Automated Defence - Blocking SSH bruteforce attacks in AWS

secrets-in-google-cloud-run-with-google-cloud-build

Baking secrets in Google Cloud Run containers using Google Cloud Build

owasp-bayarea-adef

asn-search-api

A Golang API over MaxMind ASN database

kubernetes-ptaas-scripts

Scripts to generate kubeconfig files required to perform a PT.

http-basics-docker