Security Awareness for all users

Month January 2020

Cryptography Review

Those who are working in IT department, they sure aware of Cryptography method where nowadays are been used for encryption of the traffic. There are four types of Cryptography key that can be used in daily usage such as Public… Continue Reading →

Monkey Testing Review

While I was surfing the internet, I found the terms “Monkey Testing” where it has nothing to do with Penetration Testing. Monkey Testing can be categorized as a software testing technique. Why Monkey Testing? As we all know, Monkey is… Continue Reading →

PHP Object Injection Vulnerabilities

Nowadays, PHP can be considered as one compulsory programming language needed to build up a website for any organization. For Developer point of view, PHP is very easy to code compared with other website programming language. Below are the example… Continue Reading →

Penetration Testing with Perl Language

Previously, I have published a post that related to Python Penetration Testing where I will be sharing about Penetration Testing using Perl Language this round. For those who are not familiar with PERL for Penetration Testing, the user will need… Continue Reading →

Penetration Testing using Python Code

Nowadays, programming is considered as a very important element in the industry especially IT. In this post, I would like to share a brief knowledge about Penetration Testing using Python code which can be useful for other people out there…. Continue Reading →

Gobuster Review Tools

Introduction and credit

Before I start to review the tools, I would like to give credit to OJ Reeves and Christian Mehlmauer for Gobuster tools.

Gobuster is been used for Bruteforce Dir, Vhost and DNS of the target's domain which will provide the attacker on the information on the website.

For those who don't have Gobuster installed in their machine, below are the instruction that can be followed to ensure the tools installed in the machine.

Installation of Gobuster

Mac OS Installation

To install gobuster on Mac OS machine, the user will have to run brew for the installation. The user can read here on brew installation on Mac OS.

Firstly, open the Terminal base and type the command brew install go buster and will have wait for it to be completed. The progress to be complete is normally depending on the internet connection.

The screenshot above is taken to show that it was successfully completed using the brew command. In my case, it just takes around a few minutes to fully installed on the machine.

Kali Linux Operating System

For those are using Kali Linux Operating System, you can use the command as below

sudo apt-get install gobuster

Once it has been completely installed on the machine, you can run the command gobuster and the interface will appear something like follows:

Usage of Gobuster.

Some of the people outside there should aware of the command gobuster -u <ip address/url address> -w /usr/share/wordlists/dirb/common.txt However, those commands are not been used anymore in gobuster where they have modified to a new command which is slightly different from the old commands.

The new commands can be used as shown below:

gobuster dir -u <ip address/url address> -w /usr/share/wordlists/dirb/common.txt --wildcard

Due to testing progress, it will take a few minutes for it to complete. For any user to understand what the status code is can look at the information that i will share.

HTTP Status Code

Source: Wikipedia

  • 200 (Means the website is OK!)
  • 204 (Means that website can be accessed but there will be no content available)
  • 301 ( Means that the website address have been redirecting or moved permanently from the previous address)
  • 302 ( Means that the website have been moved back to the previous address)
  • 307 ( Means that the website is temporarily moved to the different url)
  • 401 ( Means that unauthorized user can't be able to access the website)
  • 403 ( Means that the website have been blacklist to the public)

Source: Gobuster and Brew

Reference and Credit: OJ Reeves and Christian Mehlmauer

Introduction and credit Before I start to review the tools, I would like to give credit to OJ Reeves and Christian Mehlmauer for Gobuster tools. Gobuster is been used for Bruteforce Dir, Vhost and DNS of the target’s domain which… Continue Reading →

Cross-origin resource sharing Review

Cross-origin resource sharing can be considered as one of the attacks that the website application server vulnerabilities. Normally, it will enable any controlled access to the bug located where it will run the Cross-origin rules such as Access-Cross-Allow-Origin: However, this… Continue Reading →

© 2024 — Powered by Threatninja