GithubHelp home page GithubHelp logo

mmg1 / webhacking Goto Github PK

View Code? Open in Web Editor NEW

This project forked from kbahaxor/webhacking

0.0 0.0 0.0 5.82 MB

WebHacking checklist

Home Page: https://www.zawadidone.nl/

Python 95.59% PHP 4.24% Shell 0.17%

webhacking's Introduction

WebHacking

....

Task Checklist

Recon and analysis

  • Manual application discovery
  • Automated discovery(Subdomaintakeover)
  • Harvesting public information

Session management

  • Session fixation
  • Weak session token quality
  • Weak session token management
  • Weak logout
  • Cross-site request forgery
  • Weak CORS
  • Session token protection
  • No session timeout
  • Session encryption (SSL/TLS)

Authentication

  • Password strength enforcement
  • Authentication bypass
  • Unauthenticated URL access
  • Password brute force
  • Default account(admin)

Authorization

  • Insecure authorization design
  • Only client side authorization
  • Variable manipulation
  • Direct access to resources
  • IDOR

Client side attacks

  • Reflected XSS
  • Stored XSS
  • DOM based XSS
  • Wrong content-type
  • HTTP header injection
  • Malicious URL redirect
  • Clickjacking

Miscellaneous tests

  • LFI
  • RFI
  • XML external entity injection
  • OS command injection
  • SQL injection
  • Malicious file upload

Information disclosure

  • Backup files
  • Leaking stackt-traces
  • Comments
  • Path disclosure
  • Directory listing

Help

FAQ

References

webhacking's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.