Regular expressions (or regex) offer a way to look into a text file, a form, or a command line output and locate strings that match a specific pattern. This allows you to extract emails, phone numbers, keys that match a given structure, etc. You can think of regex as a search function on steroids....
Basic or extended regex?
Regular expressions (regex) come in several flavours. The two main ones you will come across are: – Basic Regular Expressions (BRE) – Extended Regular Expressions (ERE) From a practical standpoint, the main difference between the two lies in the way they handle special characters. These characters perform a special task or give a certain...
Your ideal Kali Linux setup
Even if you’re just barely scratching the surface of ethical hacking, I’m sure you’ve figured out that the very first skill you need to acquire is using Linux. If you don’t already have some good practical knowledge of Linux, this should be your prime focus. You’ve also likely read or heard about Kali Linux...
Clusterbomb or pitchfork?
Clusterbomb and pitchfork are terms you will come across when fuzzing web apps using tools like FFUF or Burp Suite. Let’s see how this works with FFUF. FFUF has two wordlist modes : clusterbomb and pitchfork. These modes will matter when you want to fuzz two separate positions in your target URL, using two wordlists. Here...
What is FFUF?
FFUF is a command line tool that helps you find hidden endpoints in web apps (files and directories that are not linked by another page on the same web site or from the Internet). Hackers use FFUF to widen their attack surface by mapping out the target web site more extensively than what they...
What is Dirb?
Dirb is a command line tool you can use to fuzz web sites or web apps. Dirb finds files and directories on your target site that are not directly linked from a publicly accessible page on the site or from the Internet. This means Dirb can map out your target beyond what you may...
What are wordlists?
Wordlists are text files containing a sequence of commonly used words. This can be lists of common user names, passwords, web site directories, typical files on a web site, etc. You will mostly use wordlists for fuzzing purposes (enumerating web directories and files), using tools such as Dirb, FFUF or Burp Suite. You will...
What is fuzzing?
Fuzzing is a method for testing web sites or the input fields of software programs. Software developers use fuzzing to test their programs by sending strings of characters (generally unusual strings of characters) into their programs’ input streams to see if any of that will cause memory leaks, errors or crashes. A hacker will...
What is Nmap?
Nmap is a command line network recon tool that is very likely to become your preferred hacking buddy when you need to probe and map out a local or remote network. It’s available for Linux (if you’re using Kali Linux, you’ll find it pre-installed), Mac OS X and Windows (see here for installation details)....
What is a ping sweep?
A ping sweep is when you ping a range of IP addresses to check which ones are responding. A ping sweep is usually one of the first things you want to do when you are connected to a network you want to know more about. One of my favorite command line tools to do...