Wednesday, January 24, 2018
xss payload

How to XSS with file upload functionality

Sometimes file upload functionality is vulnerable to XSS attack if there is a lack of sanitization. User restricted area with an uploaded image or profile picture is everywhere, providing more chances...
Zenmap GUI

How to use nmap for network mapping

Nmap (Network Mapper) is a free and open source utility for network discovery and security audit. It is useful for network inventory, managing services, and host. It uses RAW IP packets...

How to use weevely for post-exploitation

Weevely is a stealthy and tiny command line web shell that stimulate terminal like connection. It is designed for remote server administration and penetration testing. This shell is useful for web...
sqlmap

How to use sqlmap for automated database takeover

With SQLmap you can take over or dump full databases, can escalate privileges, bypass CSRF tokens, can detect XSS. It is very useful for parameter pollution or parameter fuzzing to bypass...
Burpsuite CSRF attack

How to use non csrf token forms for DDOS

Web applications not using Anti csrf tokens may lead to denial of service attack. Yes, it is possible! With the help of intruder functionality in burp suite, it is possible to...
pelican

Static site generator every penetration tester should rely on

In this post, we're gonna discuss static site generators powered by Python, JavaScript, and Ruby on Rails. we can also call it as a blog and there are tons of static...
chrome flag

Chrome flags and Chrome urls – Part 2

Welcome to fun with chrome flags. In a previous post, I've discussed six flags which are used as per the need. Here I'll explain few settings to enhance the security of the...
Featured image

Chrome flags and Chrome urls – Part 1

As discussed in the previous post go to Chrome OS wiki and Welcome to fun with chrome flags. Many of the Chrome users might not aware of the capability of the chrome...
Mantra

Browser every penetration tester should rely on

In this post, we are gonna look on Pen-test friendly browser and how effective we can make our penetration test with and without the automated tools. so below are some newbie tips...
Atom

Text editor every penetration tester should rely on

Today I come up with three text editor every developer or penetration tester should use. Vi or Vim First text editor we're gonna discuss here is Vim. As a linux user, we...

APLICATIONS

WhatsApp Business Account Features Officially Revealed

Highlights New FAQ listing shows WhatsApp Business app is in development WhatsApp earlier said to extend its app for businesses The WhatsApp Business will...

HOT NEWS