Ben, super dope content! Can you do a video on how to create and maintain a decent word list and the tricks ( Do's and Don'ts) and your recommendations?
I noticed in your ffuf command you don’t looked for a status of 500. Is that something you ever look for situationally? Sometimes I find that if you hit a route that is expecting certain parameters but they are missing from the request some applications will give you 500 errors
Also, you mentioned that I should do dir bruteforcing in the cloud. how exactly would I do that ? edit... Never mind, I saw on another video of yours that you mentioned running things on digitalocean.
thanks Ben. it was awesome and fun to learn things which i did in wrong. actually i came from CFT''s to web security penetration testing. A question! How long do you think i should spend on a program . and i am quite beginner in security.
I found an open redirect this way . There was an endpoint like "app-login" i tried to fuzz the part after the dash "login" and found "logout". Then i fuzzed for hidden parameters on this endpoint and found "redirect" wich was vulnerable to open redirect.
What is your approach if after 10 attempts you get banned by IP? Or what do you do if you generate so much traffic on the target and you need to slow down the requests per second?
Thank you so much! Can you please also make a video of how to make custom world list based of the webapplication? What regex's are your favourite in that matter?
Thanks ben for the great content♥️ but the video quality is so low I have set 1080p but thw quality is very poor in case of showing any text in the video those texts are a bit blurry
I just realized that we can use ffuf instead dirsearch. For Example domains.txt wordlist.txt extensions.txt ffuf -w domains.txt:D -w wordlist.txt:F -w extensions.txt:E -u D/F.E
![SAFEPLANET - ดาวเคราะห์ [ THE PLANET ]](http://i.ytimg.com/vi/4X1XL3I_k3c/mqdefault.jpg)
The titles are getting better Ben. Makes you wanna click the video. And the best part is you're not clickbaited.
Thanks. I’m trying to walk a fine line with what I put on titles and thumbnails!
I agree, because it’s very rare I will watch a video under 20 mins and clicked when I saw it. 🎉
FFUF is OP and so are you.
💪🏼💪🏼 thanks homie!
Hey Ben, thanks for sharing your knowledge! I would love to see approaches for custom wordlists, keep up the good work 👍
I'll see what I can come up with :)
Ben, super dope content! Can you do a video on how to create and maintain a decent word list and the tricks ( Do's and Don'ts) and your recommendations?
I got you! Give me a few weeks.
Loving this series
Thanks man. Great video.
Looking forward for the video for making custom wordlists.
Keep going brother , that's amazing 🙏
Thanks ! We love you man keep up the good work
Good presentation, and explains details that other hacking channels don't 👍
Great content bro cant thank enough
Great as usual♥️
exactly what I want. Thanks
And yes make a video on how to make a custom wordlist
I got you! Give me a few weeks.
@@NahamSec Request you to make video on " How to create/make custom wordlist based on the target?"
Another great video
feroxbuster is my favorite 🙂
your content is excellent. you really do work hard for us. hey ben please make a video on how to create own wordlist.
I noticed in your ffuf command you don’t looked for a status of 500. Is that something you ever look for situationally? Sometimes I find that if you hit a route that is expecting certain parameters but they are missing from the request some applications will give you 500 errors
Please make a dedicated video on how to make your own target specefic wordlist.
If there is scope given in bb program do we need to do directory bruteforcing?
Also, you mentioned that I should do dir bruteforcing in the cloud. how exactly would I do that ? edit... Never mind, I saw on another video of yours that you mentioned running things on digitalocean.
thank you, this was super helpful
it's highly important way many thanks 😍😍
thanks Ben. it was awesome and fun to learn things which i did in wrong. actually i came from CFT''s to web security penetration testing. A question! How long do you think i should spend on a program . and i am quite beginner in security.
iam at the same exact level. Iam curious to understand how this is taking you so far
great, thanks! how would you approach a targets list of several subdomains?
I found an open redirect this way . There was an endpoint like "app-login" i tried to fuzz the part after the dash "login" and found "logout". Then i fuzzed for hidden parameters on this endpoint and found "redirect" wich was vulnerable to open redirect.
did you try for xss on that redirect parameter?
@@hackersguild8445 Yes but i failed :(
It's awesome sir ...🔥🔥
What do you think about feroxbuster?
What is your approach if after 10 attempts you get banned by IP? Or what do you do if you generate so much traffic on the target and you need to slow down the requests per second?
You can lower the threads and use a proxy list
Wfuzz and ffuf i do prefer 🔥
Love ffuf!
Thank you so much!
Can you please also make a video of how to make custom world list based of the webapplication?
What regex's are your favourite in that matter?
Could u do a series on web hacking or smthg like that
Thanks Man ...
FFUF because easy to use and automate and fast !
Thanks You!!!
You have youtube channel
Thanks ben for the great content♥️ but the video quality is so low I have set 1080p but thw quality is very poor in case of showing any text in the video those texts are a bit blurry
I’m not experiencing that. Everything is shot in 1080 or higher.
@@NahamSec The part where you show SecLists github is in low resolution. Everything else looks good.
@nahamsec the other part is really fine but when you show some texts like you were mentioning about the seclist part it was not in good quality
@NahamSec are you doing your recon from the cloud / vps or local?
VPS using digital ocean. Check out the video description for some free goodies :)
Is it okay to do directory brute forcing to find assets?
Yes, but make sure you aren't sending too many requests and contextualizing your brute force.
dirsearch combined with ffuf (for files as it is more easily manageable)
I use gobuster and dirbuster
I like dirsearch ❤
I like gobuster and dirsearch
Dirsearch is ❤️
ooft the one-app thing is a good tip thanks for this
How to Brute Force in the Cloud?
He means using a vps like digitalocean I believe
17590 req/sec how????? :") my vps dont go to even 1000 req
Thank you! Could you please create a video about How to write a bash script for fuzzing directory on all the subdomains we got with ffuf?
hmm. Maybe!
I got one working one
@@Aolpha could you share please
Op bro
Personally, I prefer FFUF
with using FFUF :)
Axiom... do yourself a favor... look it up
It dosnt work these days servers just permanently block you
Next game pasword cracking
This is way too prescient
I just realized that we can use ffuf instead dirsearch. For Example
domains.txt
wordlist.txt
extensions.txt
ffuf -w domains.txt:D -w wordlist.txt:F -w extensions.txt:E -u D/F.E
There is a extension flag in ffuf . It would be with -e or -x check it out with ffuf -h command
@@tsrisanath8441 I didnt know thanks 😊👍
I'm struggling find .esp files which is pan os directory i don't know where to get it because i tried everything 🥲