Epic Wordlists for Bug Bounty content discovery and API bugs!

STÖK

26 Nov 202006:23

Summary

TLDRIn this episode, the host discusses the importance of wordlists for pen testers and bounty hunters, highlighting Assetnote's curated wordlists and their monthly updated Wordless site. John Barber's script for cleaning up wordlists is praised for its efficiency. Low View High's script for finding security anomalies through header and path testing is introduced, along with Project Discovery's Nuclei scanning tool's update to version 2.2, which includes new features like unsafe attributes and HTTP fuzzing support. The episode ends with an announcement of an upcoming live performance by rapper Whitey Cracker.

Takeaways

🎥 Today's episode is sponsored by Pentester Lab, promoting their platform for learning penetration testing skills.
🔍 Wordlists are crucial for content discovery and enumerating subdomains in cybersecurity.
📈 Assetnote has released a curated selection of wordlists, including an API routes wordlist with approximately 953,000 entries.
🛠 John Barber has created a script to clean up wordlists, removing unnecessary lines and noise to improve efficiency.
🚫 The script by John Barber removes lines with over 100 characters, consecutive digits, and specific file formats to refine wordlists.
🔄 Low View High's script helps identify security anomalies by testing various headers and path bypasses.
📝 The nuclei scanning tool has been updated to version 2.2, introducing new features like unsafe attributes and raw HTTP library support.
🏎️ The update to nuclei allows for more control over malformed requests, opening up possibilities for detecting race conditions.
🤝 Nuclei's update also includes support for Burp Collaborator polling, enhancing the tool's capabilities in security testing.
🎤 Integrity will host a live session with rapper Whitey Cracker on their YouTube channel, promoting the artist and engaging the audience.

Q & A

What is the main topic of the video script?
-The main topic of the video script is about various updates and tools in the field of cybersecurity, specifically focusing on pen testing and bounty hunting tools and techniques.
Who sponsors the episode mentioned in the script?
-The episode is sponsored by the team at Pentester Lab.
What is the purpose of Wordlist in cybersecurity?
-Wordlists are used for content discovery, enumerating subdomains, and other enumeration tasks in cybersecurity.
What did Assetnote release that excited the speaker?
-Assetnote released a curated selection of wordlists they have created over the year, which includes an API routes wordlist containing approximately 953,000 possible API paths from the HTTP Archive dataset.
What did John the Ripper do with the wordlist released by Assetnote?
-John the Ripper cleaned up the wordlist by removing noisy characters and lines that are not needed, such as those with over 100 characters, consecutive digits, or ending with image and music file formats.
What is the benefit of using John the Ripper's script on wordlists?
-Using John the Ripper's script helps to remove unnecessary noise from wordlists, making them more efficient and relevant for use in pen testing, thus reducing unnecessary requests and potential false positives.
What is the purpose of the script created by Low View High?
-The script created by Low View High is designed to find anomalies in security measures that the security team or app developers might have overlooked. It tries different headers and path bypasses to identify vulnerabilities.
What is the significance of the update to the Nuclei scanning tool?
-The update to Nuclei version 2.2 introduces a raw HTTP library with an unsafe attribute, allowing for the sending of any kind of malformed request to detect interesting behavior and providing unlimited control over the send requests.
What new features does the updated Nuclei tool offer?
-The updated Nuclei tool offers new features such as HTTP flooding, fuzzing support, and the ability to add support for Burp Collaborative polling.
What event is Integrity hosting with Whitey Cracker?
-Integrity is hosting a live session with the rapper Whitey Cracker for the 1337 UP Live Session.
Where can viewers find the live performance by Whitey Cracker?
-Viewers can find the live performance by Whitey Cracker on Integrity's YouTube channel.

Outlines

00:00

🔍 Penetration Testing Tools and Techniques

In this segment, the speaker introduces the importance of 'wordless' in the toolkit of a penetration tester or bounty hunter, emphasizing its use for content discovery and subdomain enumeration. The speaker then discusses the release of curated word lists by Assetnote, which includes a monthly updated wordlist site and a script by John Barber to clean up and refine word lists. The script removes unnecessary characters and lines, focusing on relevance and efficiency in penetration testing. The speaker also mentions a script by Low View High for finding security anomalies through various header and path bypasses, suggesting its potential for automation and integration with tools like httpx and ffuf. Lastly, the speaker talks about the update to the project discovery's scanning tool Nuclei, version 2.2, which introduces new features like unsafe attribute, raw HTTP library support, and the ability to send malformed requests to detect interesting behaviors, including potential race conditions.

05:01

🎤 Upcoming Live Session with Whitey Cracker

The speaker announces an upcoming live session on Integrity's YouTube channel featuring the rapper Whitey Cracker. The live performance is part of the 1337 UP live session series and is scheduled for the 27th of November. The speaker encourages viewers to tune in for the live performance or to check out Whitey Cracker's Soundcloud for nerdcore beats in anticipation of the event. The segment concludes with a teaser for the next episode, indicating that the speaker plans to release a couple of episodes before taking a break in January.

Mindmap

Keywords

💡Wordlist

A wordlist in the context of the video refers to a collection of words or terms used for various security testing purposes, such as content discovery and enumerating subdomains. The video highlights the importance of good wordlists in pen testing and bounty hunting, mentioning that Assetnote has created a wordlist site that updates monthly and includes curated lists. The wordlist is crucial as it aids in identifying potential vulnerabilities or hidden resources within a target's infrastructure.

💡Penetration Testing (Pen Testing)

Penetration testing, often shortened to pen testing, is the practice of testing a computer system, network, or web application to find vulnerabilities that an attacker could exploit. In the video, pen testing is mentioned as a key area where wordlists are essential tools for discovering and testing security weaknesses in systems.

💡Bounty Hunter

In the cybersecurity realm, a bounty hunter refers to an individual who actively searches for and reports security vulnerabilities in software or systems in exchange for bounties or rewards. The video is titled 'Bounty Thursdays,' indicating that it is focused on content relevant to cybersecurity bounty hunters, including the use of wordlists for discovering vulnerabilities.

💡Content Discovery

Content discovery is the process of identifying and mapping out the content of a website or network. In the video, this is related to using wordlists to enumerate subdomains and other resources that might be overlooked but could pose security risks. It's a critical part of the initial reconnaissance phase in both pen testing and bounty hunting.

💡Subdomains

Subdomains are subsets of a primary domain, like 'blog.example.com' where 'blog' is the subdomain of 'example.com'. The video discusses the use of wordlists for enumerating subdomains, which is a technique used to find all the different parts of a domain that might be used to host different services or applications, potentially revealing hidden entry points for security testing.

💡API Routes

API routes refer to the endpoints or paths used to access specific functionalities provided by an application programming interface (API). The video mentions the addition of an API routes wordlist containing a large number of possible API paths from the HTTP Archive dataset, which can be used to discover and test APIs for vulnerabilities.

💡Scripting

Scripting, as mentioned in the video, involves writing small programs or scripts to automate tasks, such as cleaning up wordlists or performing security tests. John Barber is highlighted for creating a script to clean wordlists by removing unnecessary lines and characters, which is a practical example of how scripting can enhance the efficiency of security testing.

💡Curl

Curl is a command-line tool used for transferring data with URLs. In the video, it is mentioned as part of a simple bash script that uses curl to perform various security tests, including header and path bypasses. Curl is a common tool in the arsenal of security professionals for making HTTP requests to test web services.

💡Nuclei

Nuclei is an open-source project discovery and vulnerability scanning tool. The video discusses an update to Nuclei, version 2.2, which includes new features like the unsafe attribute for sending malformed requests and support for race conditions. This update is significant because it expands the capabilities of security testers to discover and exploit a wider range of potential vulnerabilities.

💡Race Conditions

A race condition in computing is a situation where the system's response depends on the sequence or timing of other uncontrollable events. It's a type of bug that can lead to unexpected outcomes. The video suggests that the updated Nuclei tool allows for playing around with race conditions, which could help security testers identify and exploit timing-related vulnerabilities in systems.

💡Burp Collaborative Polling

Burp Collaborative Polling is a feature mentioned in the context of the updated Nuclei tool. It allows for the sharing of findings between different instances of the Burp Suite, a widely used web vulnerability scanner. This feature is beneficial for collaborative security testing efforts, where multiple testers can share and verify findings more efficiently.

Highlights

Sponsorship by Pentester Lab for enhancing pen testing skills.

Introduction of Wordless as a vital tool for content discovery and subdomain enumeration.

Assetnote's release of curated word lists for improved pen testing.

Comparison to the impact of Cyclists on the pen testing field.

Job's tweet emphasizing the importance of good word lists for asset discovery.

Introduction of Assetnote's wordlist site with monthly updates.

Release of an API routes word list containing over 953,000 possible API paths.

John Barber's script to clean up and optimize word lists.

Script's functionality to remove noisy characters and irrelevant lines from word lists.

Low View High's script to find security anomalies through various header and path bypasses.

Potential for automating the script to work with tools like httpx and ffuf.

Update to Project Discovery's Nuclei scanning tool to version 2.2 with new features.

New release of Nuclei allows sending malformed requests to detect interesting behaviors.

Mention of potential race condition testing similar to Turbo Intruder.

Addition of HTTP polling and fuzzing support in Nuclei.

Integration of Burp Collaborative Polling in Nuclei for collaborative security testing.

Upcoming live session with rapper Whitey Cracker by Integrity.

Encouragement for listeners to stay curious and tune in for the next episode.