Epic Wordlists for Bug Bounty content discovery and API bugs!
Summary
TLDRIn this episode, the host discusses the importance of wordlists for pen testers and bounty hunters, highlighting Assetnote's curated wordlists and their monthly updated Wordless site. John Barber's script for cleaning up wordlists is praised for its efficiency. Low View High's script for finding security anomalies through header and path testing is introduced, along with Project Discovery's Nuclei scanning tool's update to version 2.2, which includes new features like unsafe attributes and HTTP fuzzing support. The episode ends with an announcement of an upcoming live performance by rapper Whitey Cracker.
Takeaways
- 🎥 Today's episode is sponsored by Pentester Lab, promoting their platform for learning penetration testing skills.
- 🔍 Wordlists are crucial for content discovery and enumerating subdomains in cybersecurity.
- 📈 Assetnote has released a curated selection of wordlists, including an API routes wordlist with approximately 953,000 entries.
- 🛠 John Barber has created a script to clean up wordlists, removing unnecessary lines and noise to improve efficiency.
- 🚫 The script by John Barber removes lines with over 100 characters, consecutive digits, and specific file formats to refine wordlists.
- 🔄 Low View High's script helps identify security anomalies by testing various headers and path bypasses.
- 📝 The nuclei scanning tool has been updated to version 2.2, introducing new features like unsafe attributes and raw HTTP library support.
- 🏎️ The update to nuclei allows for more control over malformed requests, opening up possibilities for detecting race conditions.
- 🤝 Nuclei's update also includes support for Burp Collaborator polling, enhancing the tool's capabilities in security testing.
- 🎤 Integrity will host a live session with rapper Whitey Cracker on their YouTube channel, promoting the artist and engaging the audience.
Q & A
What is the main topic of the video script?
-The main topic of the video script is about various updates and tools in the field of cybersecurity, specifically focusing on pen testing and bounty hunting tools and techniques.
Who sponsors the episode mentioned in the script?
-The episode is sponsored by the team at Pentester Lab.
What is the purpose of Wordlist in cybersecurity?
-Wordlists are used for content discovery, enumerating subdomains, and other enumeration tasks in cybersecurity.
What did Assetnote release that excited the speaker?
-Assetnote released a curated selection of wordlists they have created over the year, which includes an API routes wordlist containing approximately 953,000 possible API paths from the HTTP Archive dataset.
What did John the Ripper do with the wordlist released by Assetnote?
-John the Ripper cleaned up the wordlist by removing noisy characters and lines that are not needed, such as those with over 100 characters, consecutive digits, or ending with image and music file formats.
What is the benefit of using John the Ripper's script on wordlists?
-Using John the Ripper's script helps to remove unnecessary noise from wordlists, making them more efficient and relevant for use in pen testing, thus reducing unnecessary requests and potential false positives.
What is the purpose of the script created by Low View High?
-The script created by Low View High is designed to find anomalies in security measures that the security team or app developers might have overlooked. It tries different headers and path bypasses to identify vulnerabilities.
What is the significance of the update to the Nuclei scanning tool?
-The update to Nuclei version 2.2 introduces a raw HTTP library with an unsafe attribute, allowing for the sending of any kind of malformed request to detect interesting behavior and providing unlimited control over the send requests.
What new features does the updated Nuclei tool offer?
-The updated Nuclei tool offers new features such as HTTP flooding, fuzzing support, and the ability to add support for Burp Collaborative polling.
What event is Integrity hosting with Whitey Cracker?
-Integrity is hosting a live session with the rapper Whitey Cracker for the 1337 UP Live Session.
Where can viewers find the live performance by Whitey Cracker?
-Viewers can find the live performance by Whitey Cracker on Integrity's YouTube channel.
Outlines
🔍 Penetration Testing Tools and Techniques
In this segment, the speaker introduces the importance of 'wordless' in the toolkit of a penetration tester or bounty hunter, emphasizing its use for content discovery and subdomain enumeration. The speaker then discusses the release of curated word lists by Assetnote, which includes a monthly updated wordlist site and a script by John Barber to clean up and refine word lists. The script removes unnecessary characters and lines, focusing on relevance and efficiency in penetration testing. The speaker also mentions a script by Low View High for finding security anomalies through various header and path bypasses, suggesting its potential for automation and integration with tools like httpx and ffuf. Lastly, the speaker talks about the update to the project discovery's scanning tool Nuclei, version 2.2, which introduces new features like unsafe attribute, raw HTTP library support, and the ability to send malformed requests to detect interesting behaviors, including potential race conditions.
🎤 Upcoming Live Session with Whitey Cracker
The speaker announces an upcoming live session on Integrity's YouTube channel featuring the rapper Whitey Cracker. The live performance is part of the 1337 UP live session series and is scheduled for the 27th of November. The speaker encourages viewers to tune in for the live performance or to check out Whitey Cracker's Soundcloud for nerdcore beats in anticipation of the event. The segment concludes with a teaser for the next episode, indicating that the speaker plans to release a couple of episodes before taking a break in January.
Mindmap
Keywords
💡Wordlist
💡Penetration Testing (Pen Testing)
💡Bounty Hunter
💡Content Discovery
💡Subdomains
💡API Routes
💡Scripting
💡Curl
💡Nuclei
💡Race Conditions
💡Burp Collaborative Polling
Highlights
Sponsorship by Pentester Lab for enhancing pen testing skills.
Introduction of Wordless as a vital tool for content discovery and subdomain enumeration.
Assetnote's release of curated word lists for improved pen testing.
Comparison to the impact of Cyclists on the pen testing field.
Job's tweet emphasizing the importance of good word lists for asset discovery.
Introduction of Assetnote's wordlist site with monthly updates.
Release of an API routes word list containing over 953,000 possible API paths.
John Barber's script to clean up and optimize word lists.
Script's functionality to remove noisy characters and irrelevant lines from word lists.
Low View High's script to find security anomalies through various header and path bypasses.
Potential for automating the script to work with tools like httpx and ffuf.
Update to Project Discovery's Nuclei scanning tool to version 2.2 with new features.
New release of Nuclei allows sending malformed requests to detect interesting behaviors.
Mention of potential race condition testing similar to Turbo Intruder.
Addition of HTTP polling and fuzzing support in Nuclei.
Integration of Burp Collaborative Polling in Nuclei for collaborative security testing.
Upcoming live session with rapper Whitey Cracker by Integrity.
Encouragement for listeners to stay curious and tune in for the next episode.
Transcripts
hi my name is stuck and this
is bounty thursdays
[Music]
today's episode is sponsored by no other
than the amazing team over
at pentester lab if you want to up your
pen testing game and
start from the beginning to advanced
check out pentasyslab.com
okay so wordless is a really important
part of any
pen tester or bounty hunters tool kit
it's used for content discovery or
enumerating subdomains and other stuff
so when the team over at asset note
dropped
a curated selection of some of the
amazing word lists that they have
created over the year
i kind of lost it a bit that's so cool
we haven't seen anything
on this level since uh cyclists
started to be really to the level where
it is today
so i'm just gonna read straight out what
job said in this tweet
good word lists are so important when
discovering content
on an asset at acid note we build a
wordless site that
updates itself on a monthly basis for
added value we included some of our best
word lists that we manually collected
too
and then just short after that another
tweet came out i've just added the api
routes word list containing
953 000-ish
possible api pass from the http archive
data set
downloaded over at wordlist.assetnote.io
short after that was released john
barber spent some time looking at these
and
find a really cool way to just clean up
this word list a bit
to you know purge them a bit
remove some of the lines that aren't
needed so he created a script
that's really useful in any kind of case
when you're creating word lists
so it removes noisy characters any any
line that has over 100 characters going
to be removed
um if there's more consecutive digits in
the end
it's most likely like an id is going to
be removed there's a lot of small things
that he added here that's gonna just
remove all that extra stuff you know you
probably don't need to fuss with
something that ends with a image file
format
or music file format like mp3 or web or
something
so this is a really cool script i
absolutely recommend you to use that on
all your current word lists to remove
that extra noise because
even though requests are free um
it's always nice to not shug everything
that you have at a target so
be a little bit polite and also it's
good for you to
know that what you're throwing at it's
actually relevant
otherwise it's just idiotic when you're
doing all this fussing you end up with
having a lot of for ones or three
authentication things that are in your
way you're like i wish i could bypass
that
low view high has created a really
simple script that could help you with
the process of
finding the anomalies that the security
team or
the app developers hasn't really thought
about so
when you run the script it's going to
try all these different headers
it's going to try all these different
path bypasses and all these other things
it's really really useful and this is a
simple bash script that uses curl
um it's something that i think is worth
building upon
maybe maybe this could be automated so
if you're
running httpx and getting a 403 or ffuf
or something it's going to just kick off
and
and do all these bypasses and see if you
can get a 200.
i i it has huge potentials for anyone
that's interested in
in just building upon it so definitely
check out low view highs github repo
and contribute to a bypass for xx
the project discovery's template
scanning tool nuclei
has been updated to version 2.2 and it
has a
massive amount of cool new features i'm
just going to read this straight out for
you
earlier versions of nuclei use the base
go
http library the requests were strictly
validated and
non-specific compliant requests were
dropped
the new release comes with a unsafe
attribute
using our raw http library which allows
sending
any kind of malform request to detect
interesting behavior
and allow unlimited control over the
send requests
and this will also open up potentials to
play around with race conditions
using the idea based around let's say
turbo intruder where
all the requests get skewed up and have
a gate where
in the end all the requests are being
released at the same time with the same
byte
so we have a lot of really interesting
ways to play around with this here
you can also add some new http pooling
and some fussing support yeah there's
there's there's some really cool stuff
in here
you can also even add in support for
a burp collaborative polling so if
you're sending a request out and you
want to make sure if it hits
and and talks to your collaborator you
you can just submit your
burp collaborative bid there and see
if you have a hit it's really
interesting
i love this kind of innovation when it's
coming out and
man i'm going to play around with 10
plays that's for sure
this friday that is tomorrow if you're
watching it
on thursday the 27th of november
integrity is bringing our all-time
favorite rapper whitey cracker
live on the stage for the 1337
up live session it's gonna be really
cool so make sure you head over to the
integrity's youtube channel to check
that live performance out
but if you want to start listening to
the beast already now you can head over
to whitey cracker
soundcloud for some of those nice
nerdcore beats this is about everything
we have for this week but lo and behold
the new episode will be out already next
week
because i'm gonna smash out a couple of
episodes here uh
for the for the end of the year before i
take my break in january
so until next time or until next week
stay curious
[Music]
Посмотреть больше похожих видео
Fuzzing for beginners! FFuF - Hacker Tools
Scanning All Vulnerability Disclosure Programs For Automated API Hacking
OpenWrt 23.05.4 Stable Clash-Wall 24.08.2024 For x86-64 UEFI Support | REYRE-WRT
Redmi 13C HyperOS Update 1.0.1.0 Finally Received
10 Hal Baru di CODEIGNITER 4 (Yang Harus Kalian Ketahui)
iOS 17.4 RC is Out! - What's New?
5.0 / 5 (0 votes)