Showcase

A hacker's guide to SSL certificates, featuring TLSx — ProjectDiscovery Blog

Introduction In today's digital world, online security is more important than ever. As we rely increasingly on the internet, we must have a way to keep our communications private and secure. That's where SSL and TLS come in. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are like secret handshakes for the internet. They establish a secure connection between a website and your browser, ensuring that any information exchanged between them is private and can't be intercepted or tam

Using SpiderFoot for Offensive Reconnaissance: Part 1 – Discovery

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert…

Supercharge your hacking: Mindset, workflow, productivity and checklist - Labs Detectify

In this article, Gunnar Andrews writes how hacking is a challenge, but can be made easier with the right environment, workflows and mindset.

Enumerating WordPress Plugins at Scale - WPSec

Author: Duncan Jepson 22% of compromised WordPress websites occurred via vulnerabilities in their installed plugins. This was a staggering statistic to me when I first heard it. Because of this, I decided to take a bit of a dive into researching WordPress plugins and their vulnerabilities

Hacking Together an ASM Platform Using ProjectDiscovery Tools — ProjectDiscovery Blog

Introduction In this article, we’re going to walk through hacking together a simple attack surface monitoring platform by using ProjectDiscovery tools, bash, and flask. We will also be using MongoDB & Redis for scan data and scan queues. This tool was written for the pure purpose of this article, if you would like to contribute to it or fork the repository, I encourage you to! The whole concept of the ProjectDiscovery tool suite is that it is modular, allowing you to tweak it to your heart's c

Setting Up an Environment for Web Hacking

Security researcher Haoxi Tan provides all the tips and tricks for setting up the ultimate web hacking environment.

Using SpiderFoot for Offensive Reconnaissance: Part 2 – Validation

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert…

Top 5 OSINT Sources for Attack Surface Management

Probably the most frequently asked question we get from SpiderFoot users is “with so many options available, what API keys should I get for my use case?”…

New tool release: Discovering the origin host to bypass web application firewalls - Labs Detectify

TL/DR: Crowdsource hacker Luke “hakluke” Stephens documents a tool for discovering the origin host behind a reverse proxy which is useful for bypassing WAFs and other ...

What is SSRF (server-side request forgery)? | Tutorial & examples | Snyk Learn

Learn how to protect your code from server-side request forgery (SSRF) attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.

OSINT without APIs

We recently published a bunch of posts about the top 5 APIs for Threat Intelligence, Attack Surface Monitoring, Security Assessments and People…

How Serialized Cookies Led to RCE on a WordPress Website

Learn first-hand from a hacker about a remote code execution vulnerability: how to identify it, its risks, and remediation.

An OSINT Story: It’s late Friday evening…

Taking a little break from our regular OSINT-themed posts, we wanted to mix it up a little this time and talk about the power of OSINT through a little…

Implementing Nuclei into your GitHub CI/CD pipelines — ProjectDiscovery Blog

It is critical that an organisation secures all of their assets along their entire software supply chain. For instance, in a DevOps lifecycle, as a developer, ensuring the security and stability of your code is crucial. One effective way to do this is by implementing automated security testing as part of your continuous integration and deployment (CI/CD) pipeline. In this blog, we will explore how to use Nuclei, a powerful open-source tool for scanning web applications, in your GitHub CI/CD pip

Asset hijacking: the digital supply chain threat hiding in plain sight - IONIX

A dive into the digital supply chain threat of asset hijacking and how attackers abuse forgotten assets to distribute malicious content

What is directory traversal? | Tutorial & examples | Snyk Learn

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.

Email Hijacking - Protect Yourself From Supply Chain Attack - IONIX

A dive into the digital supply chain threat of mail hijacking and how attackers abuse compromised mail servers for phishing

Top 5 OSINT Sources for Threat Intelligence

Intel 471 empowers cybersecurity teams worldwide to be proactive with its TITAN platform and comprehensive coverage into the criminal underground.

5 methods for Bypassing XSS Detection in WAFs

5 fundamental techniques that are used for bypassing WAFs with XSS payloads. An excellent resource for hackers, but also a warning to developers: a WAF is not enough to thwart exploitation of a web application.

ProjectDiscovery's Best Kept Secrets — ProjectDiscovery Blog

A tour of ProjectDiscovery's less-known public tools, and how to use them by @pry0cc Introduction For those unaware, ProjectDiscovery is a group of talented hackers and creators that have massively disrupted the offensive tooling industry by creating tooling that genuinely makes the lives of hackers easier. If you’re active in the offensive security industry or bug bounty, you’ve likely heard of some of their brilliant flagship tools such as nuclei, httpx, dnsx, naabu and subfinder. These ar

7 things an EASM platform should do - Blog Detectify

Discover seven essential features of comprehensive External Attack Surface Management (EASM) platforms to fortify your digital defenses.

How to Share Social Media Credentials Securely

Sharing access to social media accounts is a common task for organisations - but it’s also a huge cybersecurity risk! In this article we discuss the secure way to share access, and the potential consequences if you don’t.

What is SQL injection (SQLi)? | Tutorial & examples | Snyk Learn

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.

Attackers vs Defenders: Mind the perspective gap - Blog Detectify

Why security defenders need an EASM solution that combines policy control, vulnerability detection, and a crowdsource element going forward

CSRF Attack | Tutorial & Examples | Snyk Learn

Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.

Hack with ‘goodfaith’ - A tool to automate and scale good faith hacking - Labs Detectify

Hack with 'Goodfaith' : A new tool that is intended to help hackers avoid generating traffic against out-of-scope targets and stay in scope. 

How To Hack Web Applications in 2022: Part 2 - Labs Detectify

From business logic vulnerabilities to server-side request forgery, ethical hacker details how you can hack web applications in simple steps

Discovering Vulnerabilities in WordPress Plugins at Scale - WPSec

Author: Luke (@hakluke) Stephens It always blows me away to think that WordPress runs 43% of all websites, including those without a content management system (CMS) 🤯. A single open source project is responsible for such a huge part of the internet! It's interesting to think about what might happ

An ethical hacker’s perspective on EASM - Blog Detectify

Insight into the methods that ethical hackers or even malicious attackers use to collect knowledge about an organization's assets.

Attack Surface Management - The importance of knowing what you have

One of the biggest cybersecurity risks to organisations today is not knowing what assets they have online, and the solution is having a good Attack Surface Management (ASM) program! It’s about more than just discovering assets.

Open redirect vulnerability | Tutorials & examples | Snyk Learn

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

Building a Fast One-Shot Recon Script for Bug Bounty — ProjectDiscovery Blog

Introduction In this article we are going to build a fast one-shot recon script to collect the bulk of the information we need to serve as a starting point for our bug bounty testing. This blog post is complementary to the article on building an attack surface monitoring solution. Automation, Computers vs Humans There are a lot of disagreements on the topic of automation, as humans can see or correct things that computers would overlook unless explicitly programmed to do so. Recursion inside

A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers — ProjectDiscovery Blog

Introduction Let's start with this: A DNS takeover is not the same as a subdomain takeover. Subdomain takeovers are old news. Hackers who caught onto them early made busloads of bounties by automating their detection and exploitation. They're still out there, but competition is fierce. Crafty hackers built bots that detect and report subdomain takeovers within minutes of them becoming vulnerable. DNS takeovers are the new Orange. They've become popular among seasoned bug bounty hunters, but a

Why Securing Attack Surface is Popular Right Now - Blog Detectify

An EASM program has become a necessity for security so your company's external assets don't fall into a state of vulnerability at some point.

Best Practices for Securing Your WordPress Site - WPSec

Author: Devansh Bordia WordPress is the world's most popular content management platform, used on 45% of websites. This also makes it an attractive target for malicious attackers! In 2021, more than 1.5 million WordPress websites were compromised. In this article, we will cover many ways that

Introducing ASNMap: A Golang CLI tool for speedy reconnaissance using ASN data — ProjectDiscovery Blog

If you're into hacking, there's a good chance that at least one of ProjectDiscovery's tools has been added to your toolbox over the last couple of years. In all honesty, ProjectDiscovery's tools now make up the majority of my toolbox. For this reason, I get excited when they release something new, and ASNMap is no exception. What are ASNs? An Autonomous System (AS) is one or more IP prefixes, typically run by one network operator, with a clearly defined routing policy. An Autonomous System Nu

Preventing Magecart Attacks Through Supply Chain Vulnerabilities - IONIX

What is the digital supply chain, and why is it risky? The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen...

What is code injection? | Tutorial & examples | Snyk Learn

Learn how to protect your applications against malicious code injection by exploiting a vulnerable web app as part of this Snyk Learn lesson.

Open redirect vulnerability | Tutorials & examples | Snyk Learn

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.

XXE attack | Tutorials & Examples | Snyk Learn

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.

4 fundamental questions on EASM - Blog Detectify

Let’s explore four big questions that are solved by having a comprehensive External Attack Surface Management (EASM) program in place.

Using SpiderFoot to Investigate Phishing Domains Targeting Ukrainian…

My name is Luke, but you might know me as @hakluke! I’m a cybersecurity professional, primarily focusing on application security and red teaming.…

Implementing Nuclei into your Bitbucket CI/CD Pipeline for Scanning Live Web Applications — ProjectDiscovery Blog

Security is a crucial factor for both small and large enterprises. This has led to the evolution of DevOps into DevSecOps, which integrates security at an internal level. As we have discussed in previous blogs, it is important to implement security within your DevOps cycle to ensure that it becomes DevSecOps. This approach introduces security at an early phase and helps mitigate multiple misconfigurations early on. In this blog, we will explore how to use Nuclei, a powerful open-source tool for

Top 5 OSINT Sources for Penetration Testing and Bug Bounties

One of the key trends in information security over the last decade has been the proliferation of the concept that monitoring an organization’s external…

How to Get the Most Out of Your Penetration Test 🤷

Penetration testing is a great way to improve the security of your org. Much of the test’s value will be determined by your readiness. Here’s how to prepare.

SSRF vulnerabilities and where to find them - Labs Detectify

SSRF vulnerabilities aren't a new threat vector but they're often misunderstood. Here are details about what it is and where it can be found.

Scaling security automation with Docker - Labs Detectify

Docker automation is possible. Gunnar Andrews discusses how ethical hackers can scale their automation workflow by using Docker.

Hakluke: Creating the perfect bug bounty automation - Labs Detectify

Bug Bounty Automation is the key to success for many expert bug bounty hunters including Hakluke. He walks through how he does it.

The Ultimate Guide to Finding Bugs With Nuclei — ProjectDiscovery Blog

Efficient, extensible, flexible, open source vulnerability scanning. Introduction Nuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes. The Nuclei engine uses YAML-based templates to define the steps required to detect a vulnerability. As an open-source tool we encourage community contributions to the library of templates, and development of the codebase. This means whenever a new CVE is published, someone can create a Nucle

What is directory traversal? | Tutorial & examples | Snyk Learn

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.

All the OSINT You Can Get From a Single Webpage Request

Before busting out your arsenal of tools to rip a website apart, it can be really useful to just go back to basics and start by simply making a request to…

Meet a Hacker Hero: Hakluke- Blog Detectify

Meet Hakluke. He's been nominated by the Detectify network as a Hacker Hero. He gives his tips for both Red and Blue teams.

How OSINT Can Be Used to Elevate DFIR

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert…

How To Hack Web Applications in 2022: Part 1 - Labs Detectify

A step-by-step guide on how to hack a web application from an ethical hacker so your security team can better learn what threats to consider.

5 Python Libraries for Automating OSINT Operations

Python is a pretty common choice for a lot of security specialists developing tooling due to its elegant syntax and a huge library of handy modules,…

What are logging vulnerabilities? | Tutorial & examples | Snyk Learn

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.

Hakluke's huge list of resources for beginner hackers - Labs Detectify

This is the ultimate list of resources for beginner hackers from Hakluke which includes the best blogs, influencers, youtube channels, etc.

DOM Based XSS | Tutorial & Examples | Snyk Learn | Snyk Learn

Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.

How to Manage Vulnerable and Outdated Components | Snyk Learn | Snyk Learn

A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.

Subdomain reconnaissance: enhancing a hacker's EASM - Labs Detectify

This blog provides a few advanced subdomain reconnaissance techniques to enhance an ethical hacker’s EASM techniques.

Using SpiderFoot to Investigate a Public Bug Bounty Program

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert…

Proxify - A portable CLI-based HTTP/Socks proxy written in Golang — ProjectDiscovery Blog

In this blog we’ll discuss the basics of proxies, explain what Proxify is and how it can be used. You’ll learn how to: 1. Install and run Proxify 2. Customize proxy output files and addresses 3. Use DSL language to match and/or replace requests/responses from CLI. 4. Use Proxify to log all HTTP requests from Burp Suite or a web browser. 5. Set up Proxify on a VPS to hide the true source of your traffic But first, let's start by defining a proxy and what it can be used for. What is a pr

Common Security Vulnerabilities in Core AWS Services - Labs Detectify

Devansh Bordia explores a series of common misconfigurations in AWS Services that lead to security vulnerabilities.

Determining hacking targets with recon and automation - Labs Detectify

Finding hacking targets can be a challenge. Gunnar Andrews talks through how recon and automation can be powerful tools for ethical hackers.

How to Hack APIs in 2021 - Labs Detectify

Detectify Crowdsource is not your average bug bounty platform. It’s an invite-only community of the best ethical hackers who are passionate about securing modern technologies ...

Top 5 OSINT Sources for People Investigations

If you’re one of the thousands of people getting started in Information Security, Cyber Security or Private Investigation, you have probably already heard…

Top mistakes when implementing EASM - Blog Detectify

How to ensure an EASM tool provides a unified view of assets and infrastructure, enabling you to better navigate across disparate applications

How to Break Into WordPress Installations, and How Implementing 2-Factor-Authentication Can Prevent It - WPSec

Author: Luke Stephens Like any system, there are many ways to break into a WordPress installation, to name a few: Exploiting an out of date, vulnerable WordPress coreExploting vulnerable plugins or themesMan-in-the-middle attacksSocial engineering One of the most common ways to break into

DNS Server Hijacking Explained: Examples & Mitigation - IONIX

A dive into the digital supply chain threat of name server hijacking and how attackers can abuse compromised DNS to steal customer data

Discovering the Infrastructure of an iCloud Phishing Scam

In a lot of major cities in the world, pickpocketing and phone-snatch robberies are very common. Modern smartphones are expensive and easy to sell, and it…

ReDoS | Tutorials & Examples | Snyk Learn

Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization

Security in WordPress plugin development - WPSec

While WordPress core is well-tested and widely used, it allows plugins to be installed. Those plugins can be developed by, well, anyone! They enable many significant enhancements to the core platform but also have the potential to compromise the security of the entire website, even when they are not

How to protect (and quicken) your WordPress instances with a reverse proxy - WPSec

WordPress powers about 60% of all websites on the internet, which is a staggering figure by any standard. Most of these WordPress instances lack many basic security features that can mean the difference between your website being hacked and… well, not hacked. In this article, we're going to run t

Hacking or coding - Should you learn code before hacking? Labs Detectify

Some of the advantages that coding knowledge can give you when you start ethical hacking. Aimed at developers who want to learn hacking.

What is broken access control | Tutorial & Examples | Snyk Learn

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.

10 Types of Web Vulnerabilities that are Often Missed - Labs Detectify

Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty ...

Gone in 120 seconds

<p>There is never enough time to respond to cloud exfiltration of exposed data, secure configuration is the only prevention</p>

Building Your Own Historical DNS Solution with DNSx — ProjectDiscovery Blog

If you’ve been following these blogs, you’ll see that in the last article, we hacked together a basic attack surface monitoring platform using projectdiscovery tools. Using some of those basic building blocks, we’re going to build a basic historical DNS bot that will continuously enumerate domains and then alert us for the existence of new domains. We will also be able to request the results from a flask API. I will be forking the old project as a starting point, so if you haven’t already read

Security Concepts for Developers: Trivial Packages

Discover the hidden risks of using trivial packages in development. Learn how small, seemingly insignificant dependencies can lead to significant security vulnerabilities.

Insecure Design | Tutorials & Examples | Snyk Learn

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.

Happy National Hunting & Fishing Day - Netragard

Discover how 'fishing' and 'hunting' takes on a new meaning in cybersecurity. Explore threat hunting, social engineering, and modern phishing tactics.