Collaborate Disseminate
Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc..
Now let’s say we know that there are entities on the internet that are serving a specif… Continue reading Identify hosts that are serving specific metric on Shodan
I wanted to scan two different networks such that one is my own local network in my house and the other is the local network of the library of my university. My aim was to find IP addresses of living hosts, and use these IPs to make a nmap… Continue reading Why nmap does not work in one network while it works properly in a different network
I’m currently learning how to discover web applications running on a machine using port scanning, vhost bruteforcing and directory fuzzing. When it comes to port scanning, there is one thing I can’t wrap my head around.
Let’s say I have sc… Continue reading Web application discovery: Can there be virtual hosts configured even when there is a response without host header?
I want to find out how -PS works for service discovery very well when there are the stealth scan options such as -sS, available in nmap.
I am currently testing nmap.scanme.org and I know there is a full TCP handshake on some ports so a ste… Continue reading Stealth scan or -PS
For my university cybersecurity project, I need to run some scanners, such as Nessus scanners or others, on some targeted network (unknown network structure). In the end, I will examine the scan results to build a map of the network.
My pr… Continue reading How to find a network in order to run network scans for research [closed]
When conducting an external pentest and the scope is broad covering everything owned by the client, how would you verify if the enumerated IP addresses belong to a client? Running ‘nslookup’ on the IP doesn’t always return anything and in … Continue reading Verifying IP addresses during pentest
I would like to enumerate all possible PGP e-mails related to North Korean top-level domain .kp
Few years ago I would have used theHarvester but I recently discovered that this useful tool doesn’t support PGP keyring search any more 🙁
If … Continue reading How to enumerate PGP keyring e-mails related to a specific ccTLD
How to search an entire network for connected devices? I am interested in finding misconfigured or unconfigured (default configuration) devices. I’m not on site, so I can’t just look in the network rack. I have access to the production sys… Continue reading Scan entire network for connected devices (unknown Subnet)
I am trying to write an application to create a network topology by discovering applications and dependencies and that should work to discover both Unix and Windows server machines. I have seen various tools available for that.
Do you know… Continue reading Discovery tool with nmap pros and cons [closed]
I am setting up AWS stuff and wondering how to setup a secure bastion host. They all say to only allow access to your IP address, but how can I do that if my IP address is changing every few hours or days (just in my house wifi, or going t… Continue reading How do you get a secure bastion host if your IP address is constantly changing?