I wrote a SQLMap tamper script that helped me out in something that vanilla SQLMap could not. The issue was that in order for a SQL Injection to be possible, the payload needed to bypass a preg_mat...
Writing your own SQLMap Tamper Scripts
OS Commands with Python
First of all, I’m going to open this entire post by saying that this is for prototyping only. If you can use a python function or python module that has been built and tested properly rather than u...
My Nmap Cheat Sheet
Nmap is one of the cornerstones of penetration testing. It’s one of, if not the first command you run before you even consider what attack surface to focus on on your target. It’s the way to find o...
I made a Honeypot with Cowrie
To give credit where it is due, I decided to set up a honeypot as inspired by John Hammond. Recently he made a youtube video that described his setup and the resulting display of hundreds of red te...
Web Penetration Test Enumeration Guide
Everyone has their own methods they follow, and enumeration in general is a bit of an art form. This page will serve as kind of a reminder for myself for when I take a break from it and forget some...
Python Web Exploit Boilerplate
If I find a potential attack vector in which I can use Burpsuite Repeater or something, and I just generally want to work with the command line, I typically will code up a quick python script to in...
SQLMap ALL the Things!
SQLMap is a tremendous tool that we all should know in the infosec field. For those that don’t, it is a Swiss Army Knife of SQL Injections. The basic idea is that generally speaking, SQL Injections...
I use Arch, BTW
I use Arch, BTW. And you can too! The initial setup to getting to a useable Arch install can be daunting, and I had to read a bunch of different sources to learn how to do things the right way. Ge...
My Docker Cheat Sheet
This is my docker cheat sheet. There are many like it, but this one is mine. I’m not about to teach anyone anything that they can’t find on Docker docs, in fact that’s probably where you should go...
Vim Tricks
Vim (short for Vi-IMproved) is the greatest editor. Some may try to convince you that Nano is the greatest, some would say Notepad++, some would even say Emacs. These people are wrong. If anyone te...