feat: new web app notes

syselement · syselement · commit 62cd89626118 · 2025-02-19T19:44:57.000+01:00
diff --git a/peh/1-intro/README.md b/peh/1-intro/README.md
@@ -1,5 +1,7 @@
 # 1. Introduction & Networking
 
+---
+
 ## Intro
 
 **Ethical hackers** are *allowed and hired* to try to hack into an organization by assessing its security posture.
diff --git a/peh/2-lab/README.md b/peh/2-lab/README.md
@@ -1,5 +1,7 @@
 # 2. Lab Set Up, Linux & Python
 
+---
+
 ## Lab Set Up
 
 > **Virtualizers**
diff --git a/peh/3-eth-hack/capstone.md b/peh/3-eth-hack/capstone.md
@@ -1,4 +1,4 @@
-# Capstone Labs
+# Capstone Practical Labs
 
 Import all the [VMs](https://drive.google.com/drive/folders/1xJy4ozXaahXvjbgTeJVWyY-eUGIKgCj1) into [VMWare Workstation Pro (free)](https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware%20Workstation%20Pro) or Virtualbox and change Network adapter to `NAT`.
 
diff --git a/peh/3-eth-hack/recon.md b/peh/3-eth-hack/recon.md
@@ -127,6 +127,57 @@ amass enum -d syselement.com
 
 ➡️ [httprobe](https://github.com/tomnomnom/httprobe) - take a list of domains and probe for working (alive) http and https servers
 
+➡️ [assetfinder](https://github.com/tomnomnom/assetfinder) - find domains and subdomains related to a given domain
+
+```bash
+# Go is necessary (installed via pimpmykali.sh)
+go get -u github.com/tomnomnom/assetfinder
+
+# or in Kali
+sudo apt install assetfinder
+```
+
+```bash
+assetfinder syselement.com
+
+assetfinder --subs-only tesla.com
+```
+
+### Automated domain recon script
+
+- Little `bash` script for sub-domains hunting
+
+```bash
+#!/bin/bash
+
+url=$1
+
+if [ ! -d "$url" ]; then
+	mkdir $url
+fi
+
+if [ ! -d "$url/recon" ]; then
+	mkdir $url/recon
+fi
+
+# Assetfinder
+echo "[+] Harvesting subdomains with assetfinder..."
+assetfinder $url >> $url/recon/assets.txt
+# get only subdomains containing $url
+cat $url/recon/assets.txt | grep $1 >> $url/recon/final.txt
+rm $url/recon/assets.txt
+
+# Amass
+# echo "[+] Harvesting subdomains with amass..."
+# amass enum -d $url >> $url/recon/f.txt
+# sort -u $url/recon/f.txt >> $url/recon/final.txt
+# rm $url/recon/f.txt
+
+
+```
+
+
+
 ---
 
 ## Website technologies
diff --git a/peh/6-webapp/1-web-lab.md b/peh/6-webapp/1-web-lab.md
@@ -0,0 +1 @@
+# Web App Lab Setup
diff --git a/peh/6-webapp/2-web-sqli.md b/peh/6-webapp/2-web-sqli.md
@@ -0,0 +1,2 @@
+# Web App - SQL Injection
+
diff --git a/peh/6-webapp/3-web-xss.md b/peh/6-webapp/3-web-xss.md
@@ -0,0 +1,2 @@
+# Web App - XSS
+
diff --git a/peh/6-webapp/4-web-cmd-injection.md b/peh/6-webapp/4-web-cmd-injection.md
@@ -0,0 +1,2 @@
+# Web App - Command Injection
+
diff --git a/peh/6-webapp/5-web-file-upload.md b/peh/6-webapp/5-web-file-upload.md
@@ -0,0 +1,2 @@
+# Web App - Insecure File Upload
+
diff --git a/peh/6-webapp/6-web-auth-attacks.md b/peh/6-webapp/6-web-auth-attacks.md
@@ -0,0 +1,2 @@
+# Web App - Authentication Attacks
+
diff --git a/peh/6-webapp/7-web-xxe.md b/peh/6-webapp/7-web-xxe.md
@@ -0,0 +1,2 @@
+# Web App - XXE
+
diff --git a/peh/6-webapp/8-web-idor.md b/peh/6-webapp/8-web-idor.md
@@ -0,0 +1,2 @@
+# Web App - IDOR
+
diff --git a/peh/6-webapp/9-web-capstone-lab.md b/peh/6-webapp/9-web-capstone-lab.md
@@ -0,0 +1 @@
+# Web App - Capstone Practical Lab
diff --git a/peh/6-webapp/README.md b/peh/6-webapp/README.md
@@ -1 +1,18 @@
-# 6. Web Application
+# 6. Web Application
+
+---
+
+## Sections
+
+1. [Web App Lab Setup](2-web-lab.md)
+2. [Web App - SQL Injection](3-web-sqli.md)
+3. [Web App - XSS](4-web-xss.md)
+4. [Web App - Command Injection](5-web-cmd-injection.md)
+5. [Web App - Insecure File Upload](6-web-file-upload.md)
+6. [Web App - Authentication Attacks](7-web-auth-attacks.md)
+7. [Web App - XXE](8-web-xxe.md)
+8. [Web App - IDOR](9-web-idor.md)
+9. [Web App - Capstone Practical Lab](10-web-capstone-lab.md)
+
+---
+
diff --git a/peh/README.md b/peh/README.md
@@ -40,3 +40,6 @@ Instructor: [Heath Adams - The Cyber Mentor](https://www.thecybermentor.com/)
 > ### ❗ Disclaimer
 >
 > * **Do not use the covered attacks and techniques on real IP addresses, hosts or networks without proper authorization!**
+
+---
+
diff --git a/peh/peh-references.md b/peh/peh-references.md
@@ -80,6 +80,7 @@
 - [crt.sh](https://crt.sh/)
 - [amass](https://github.com/owasp-amass/amass)
 - [httprobe](https://github.com/tomnomnom/httprobe)
+- [assetfinder](https://github.com/tomnomnom/assetfinder)
 - [BuiltWith.com](https://builtwith.com/)
 - [Wappalyzer.com](https://www.wappalyzer.com/)
 - [WhatWeb](https://github.com/urbanadventurer/WhatWeb/)

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Capstone Labs`
	`1`	`+# Capstone Practical Labs`
`2`	`2`
`3`	`3`	Import all the [VMs](https://drive.google.com/drive/folders/1xJy4ozXaahXvjbgTeJVWyY-eUGIKgCj1) into [VMWare Workstation Pro (free)](https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware%20Workstation%20Pro) or Virtualbox and change Network adapter to `NAT`.
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Web App - Insecure File Upload`
	`2`	`+`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Web App - Authentication Attacks`
	`2`	`+`