Hacktivities
Things related to making cyber security more fun
Sub pages:
In this page:
The Big List of Naughty Strings is an evolving list of strings which have a high probability of causing issues when used as user-input data. Fun when used in intruder.
Link: https://github.com/minimaxir/big-list-of-naughty-strings
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they’re valid.
Link: https://github.com/streaak/keyhacks
pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it’ll tell you what it is!
Link: https://github.com/bee-san/pyWhat
Usage: uvx --from "pywhat[optimize]" what <string/file/dir>
The GitHub also has some examples for figuring scanning entire github orgs / websites
Magika is a novel AI-powered file type detection tool that relies on the recent advance of deep learning to provide accurate detection. Under the hood, Magika employs a custom, highly optimized model that only weighs about a few MBs, and enables precise file identification within milliseconds, even when running on a single CPU. Magika has been trained and evaluated on a dataset of ~100M samples across 200+ content types (covering both binary and textual file formats), and it achieves an average ~99% accuracy on our test set.
Link: https://github.com/google/magika
Usage: uvx magika <file> or uvx magika -r <folder>
Using nmap: https://skelmis.co.nz/cheatsheets/nmap/
A ‘faster’ alternative to nmap: https://github.com/bee-san/RustScan
Check subdomains for subdomain takeovers and other DNS tomfoolery
Link: https://github.com/blacklanternsecurity/baddns
Basic Usage: uvx baddns <target domain>
With subdomain enumeration: docker run -it blacklanternsecurity/bbot:stable -f subdomain-enum -m baddns -t <target>
BEEĀ·bot is a multipurpose scanner, built to automate your Recon, Bug Bounties, and ASM!
Features:
- Subdomain enum
- Web spider
- email gatherer
- web scanner
- all the things