Tumgik
Visit Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Fun Fact
Kazakhstan’s Minister of Communications and Informatics has blocked the Tumblr site because it contained 60 sites of terrorism, extremism, and pornography in 2015.
#massdns
cyspaceglobal · 4 years
Photo
Tumblr media
#Massdns #security #Services by #CyspaceGlobal #SSH #vulnerabilities #malware #endpointsecurity #cybersecurity #exploits #cloudsecurity #mssp #Autonomousdriving #informationsecurity #infosec #security #datasecurity #cybercrime #soc #secops #ransomware #cyberdefense #phishing #ransomware #devsecops #cyberattack #securityoperations #malware #appsec #cyberattacks #securityandrisk #siem https://www.instagram.com/p/CDJAB3TAmYw/?igshid=g24w9bd4o73v
#massdns#security#services#cyspaceglobal#ssh#vulnerabilities#malware#endpointsecurity#cybersecurity#exploits#cloudsecurity#mssp#autonomousdriving#informationsecurity#infosec#datasecurity#cybercrime#soc#secops#ransomware#cyberdefense#phishing#devsecops#cyberattack#securityoperations#appsec#cyberattacks#securityandrisk#siem
0 notes
hackgit · 2 years
Text
[Media] ​​LiveTargetsFinder
​​LiveTargetsFinder Generates lists of live hosts and URLs for targeting, automating the usage of Massdns, Masscan and nmap to filter out unreachable hosts Given an input file of domain names, this script will automate the usage of MassDNS to filter out unresolvable hosts, and then pass the results on to Masscan to confirm that the hosts are reachable and on which ports. The script will then generate a list of full URLs to be used for further targeting (passing into tools like gobuster or dirsearch, or making HTTP requests), a list of reachable domain names, and a list of reachable IP addresses. As an optional last step, you can run an nmap version scan on this reduced host list, verifying that the earlier reachable hosts are up, and gathering service information from their open ports. https://github.com/allyomalley/LiveTargetsFinder
Tumblr media
#cybersecurity#infosec#infosecurity#pentesting#bugbounty#hacking#hackers
0 notes
neko73 · 3 years
Text
@massdn(だんます)
職場で陽性者が出た途端、慌てて接種予約をする者達、在宅勤務にしなかった組織を批判する者、政権批判する者、「もう手遅れだ…」と隣でぶつぶつ言ってる先輩、過重労働から解放されるためにマスク外す宣言する先輩、演説し始める反ワクチンの者が現れ、バッドエンド映画の始まりみたい。
Twitter for iPhoneから
0 notes
chataro777 · 3 years
Quote
From Twitter: 新人「クレーマーが受話器の向こうで『上の者に代われ』と言っています」僕「よほどのことがない限り上には取り次がないし、そのレベルであれば君でも大丈夫だよ!どうしても無理そうなら僕が変わってあげるから…」新人「お待たせしました、確認したところお客様であれば私で十分とのことです」— だんます (@massdn) May 10, 2021
http://twitter.com/massdn
#IFTTT#Twitter
0 notes
thehackernewsco · 5 years
Photo
Tumblr media
Scan whole internet domains, with speed of 3,50,000 domains per second | TheHackerNews.Co #dig #massdns #nslookup #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #thehackernews
0 notes
mrhackerco · 5 years
Photo
Tumblr media
Scan whole internet domains, with speed of 3,50,000 domains per second | MrHacker.Co #dig #massdns #nslookup #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker
0 notes
hacknews · 5 years
Photo
Tumblr media
Scan whole internet domains, with speed of 3,50,000 domains per second #dig #massdns #nslookup #hacking #hacker #cybersecurity #hack #ethicalhacking #hacknews
0 notes
mynetdiary-blog1 · 6 years
Text
仕事が出来る上司とは、部下に慕われるこんな人 8選
一生ついていこうと思った、ホワイトすぎる上司の発言をまとめました。
1.
偉い人「明日の朝、若いもんにちょっと早く出勤してもらって雪掻きしてもらおうかと笑」
部長「それは職務命令?時間外手当付けるの?あと足挫いたり怪我したら労災だよね?わかって言ってんの?」
いいぞ、もっと言ってくれ。
— ますだん (@massdn) January 22, 2018
2.
#IT業界イイ現場オブザイヤー2017
大きい障害を引き起こして落ち込んでたある日。
部長「失敗するってことは、それだけ仕事をしてるってことだ。だから失敗してもいい。頭ならいくらでも下げてやる。それでお前が成長したら、それでいいんだよ」
イケメンすぎて泣く。
— 干物@風紋 (@lipliple) December 2, 2017
3.
今日まで様々な上司に仕えていますが今の上司は素晴らしい方です。
「上司の仕事は部…
View On WordPress
#Twitter#ためになる#コミュニケーション#ツイッターまとめ#上司#仕事#社会・仕事 > Twitterまとめ
0 notes
cyspaceglobal · 4 years
Text
Tumblr media
#Massdns #security #Services by #CyspaceGlobal
#SSH #vulnerabilities #malware #endpointsecurity #cybersecurity #exploits #cloudsecurity #mssp #Autonomousdriving#informationsecurity #infosec #security #datasecurity #cybercrime #soc #secops #ransomware #cyberdefense #phishing #ransomware #devsecops #cyberattack #securityoperations #malware #appsec #cyberattacks #securityandrisk #siem #infosecurity #computersecurity #redteam #blueteam #datascience #iot #machinelearning #pentesting #securityfirst #privacy #dataengineering #dataprivacy #incidentresponse
0 notes
Photo
Tumblr media
@AngularJS_News : Python, datascience, jose_theoj, massdns & much more… https://t.co/pObui5U6Vp https://t.co/VYRYQEFE1l
#Angular#Angularjs#Vue#Vuejs#Vue.js#Javascript#Node#React#Webdev
0 notes
Photo
Tumblr media
How to do reconnaissance attack over your target the correct way
A team of information security experts explains that a domain name represents some kind of label for IP addresses on the Internet. Since some companies move their infrastructure to the cloud, we must find business servers in the set of IP addresses in the cloud, such as finding a needle in a haystack. This is why domains provide a good link to IP addresses.
The goal is to find all the domain names of a single entity. This can only be achieved step by step with the correlation of vertical and horizontal domains. In the text, a word denotes the entity of interest in the correlation process.
Vertical domain mapping: with the domain name, the vertical domain mapping is a method of searching for domains that match the same base domain. This process is called subdomain enumeration 1.
Horizontal domain mapping: with the domain name, horizontal domain mapping is a method of searching for domain names, which have a different second-level domain name but match the same entity 1.
Tumblr media
As an example, eff.org has been selected as an objective.
For the first step, experts say that you should perform a vertical correlation on eff.org
This is done with tools like Sublist3r, amass or aquatone. You should keep in mind that there are many open source tools for enumerating subdomains that give poor results. The information security professional comments that it is better to use “meta-sub-domain enumeration” that combines results from multiple enumeration services.
Sample output of Sublist3r.
Tumblr media
Stop the next step, you should perform a horizontal correlation on eff.org. This step can be a little complicated. You cannot rely on a syntactic match like in the previous step. Surely, abcabcabc.com and cbacbacba.com will be owned by the same entity; however, they do not match syntactically. For this we can use WHOIS data. These are inverse services that allow you to search based on the common value of the WHOIS database.
Tumblr media
An email address is provided as a registration contact, says the security expert. At this point you can do a reverse WHOIS search to reveal other domains with the same email.
Tumblr media
For reverse WHOIS, the expert recommends using the viewdns.info service.
In step number three, it is necessary to identify the interesting domains of step two and execute a vertical correlation.
Must have a large list of domain names linked to your goal, says the information security professional.
With any luck, your goal will have registered a range of dedicated IP addresses. To verify this, the easiest way is to execute the translation from IP to ASN in three IP addresses that are in the domain names.
Tumblr media
Now it seems that EFF.org does not have dedicated IP space. As a counterexample, let’s look at Google.
Tumblr media
Google operates on AS15169 which is one of its AS.
Obtaining a dedicated IP range makes things easier: the company has IP ranges listed in the AS. With this information, we can compile a list of IP addresses from the CIDR notation.
If our goal does not have dedicated space, we must trust the domain names compiled previously. From this, we will solve the IP addresses. Even if the objective has a dedicated IP range, it is recommended to follow the process. There is a possibility that part of the infrastructure is already running in the cloud.
The information security researcher tells us that it is important to keep in mind that there is a possibility of false positives with this approach. The target can use shared hosting, p. for a landing page. The IP address of this host will be included in your list, this address is clearly not dedicated to your goal.
For DNS resolution, the expert recommended massdns. It will resolve the domain names in the compiled list to the IP addresses of its corresponding registers.
Tumblr media
A list of IP addresses corresponding to the FQDNs of the target will be generated. Now, you can add the result set to the IP addresses of the CIDR blocks. You must have a list of IP addresses linked to your goal.
Now the most interesting part, services. The reason for collecting domain names and then IP addresses is to reveal what services is the target that is exposed to the Internet. For this, we need to scan the hosts, commented the information security professional.
We have two options:
Active scanning: traditional nmap approach. For a list of hosts, it can also be Masscan. It is important to note that active scanning consumes more time and can trigger IDS for the public. But you get more accurate representation of open services.
Passive analysis: it is based on data collected from another source. These sources include, for example, Shodan or Censys. The drawback is that the results may take several days and some services may already be closed. On the other hand, this “stealth” mode is generally preferred when performing APT simulations.
Shodan offers dork for this purpose. You can search for a specific IP range like this:
net: 64,233,160.0/19
Also, we can filter according to the organization in the WHOIS database:
org: “Google”
Tumblr media
Censys offers the same functionality:
ip: 64.233.160.0/19
For the organization / filter ASN:
autonomous_system.asn: 15169
autonomous_system.organization: “Google Inc.”
Tumblr media
For stealth mode, you can use Project Sonar to recover everything.
Now, you must have very good visibility in your goal.
Tumblr media
The final set must contain IP port that belongs to the target.
Information security experts comment that post-processing tasks can be performed to reveal the most interesting services; you can run the screen capture tool of the massive site, such as Snapper, which will provide an overview of the running of websites in one place.
Source:https:// 0xpatrik.com/asset-discovery/
#tech news#tecnologia#noticias tecnologicas#technology#tech#techblog#hacker news
0 notes
thehackernewsco · 5 years
Photo
Tumblr media
LiveTargetsFinder: automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts | TheHackerNews.Co #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #thehackernews
0 notes
mrhackerco · 5 years
Photo
Tumblr media
LiveTargetsFinder: automating the usage of MassDNS, Masscan and nmap to filter out unreachable hosts | MrHacker.Co #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker
0 notes
Photo
Tumblr media
Diferentes formas de enumeración de subdominios
Un profesional de seguridad de la información escribió una lista de los métodos más populares, el experto intentó hacer una lista de algunas herramientas y recursos en línea para explotarlos. Por supuesto, esta lista no es exhaustiva, hay muchas cosas nuevas todos los días, pero aún así es un buen comienzo.
Métodos
Fuerza bruta
La forma más fácil. Pruebe millones y millones de palabras como subdominios y compruebe cuáles están vivos con una solicitud de DNS de reenvío.
Transferencia de zona también conocida como AXFR
La transferencia de zona es un mecanismo que los administradores pueden usar para replicar bases de datos DNS, pero a veces el DNS no está bien configurado y esta operación es permitida por cualquiera, revelando todos los subdominios configurados.
Caché de DNS husmeando
El rastreo de caché DNS es una forma específica de consultar un servidor DNS para verificar si existe un registro en su caché.
DNS inverso
Intenta encontrar el nombre de dominio asociado con una dirección IP, es lo opuesto a Forward DNS.
Nombres alternativos
Una vez que haya finalizado la primera ronda de su reconocimiento, aplique permutaciones y transformaciones (¿basadas en otra lista de palabras tal vez?) A todos los subdominios descubiertos con el fin de encontrar nuevos.
Herramientas DNS en línea
Hay muchos sitios web que permiten consultar bases de datos DNS y su historial.
Certificados SSL
Solicite información sobre todos los certificados vinculados a un dominio específico y obtenga una lista de los subdominios cubiertos por estos certificados.
Los motores de búsqueda
Busque un dominio específico en su motor de búsqueda favorito y luego menos los sitios descubiertos de los sudomains uno por uno: example.com -www -dev
Herramientas técnicas / motores de búsqueda
Cada vez más empresas alojan su código en línea en la plataforma pública, la mayoría de las veces estos servicios tienen una barra de búsqueda.
Análisis de texto
Analice el código HTML de un sitio web para encontrar nuevos subdominios, esto se puede aplicar a todos los recursos de la empresa, documentos de oficina también.
Descubrimiento de VHost
Intenta encontrar cualquier otro subdominio configurado en el mismo servidor web forzando bruta el encabezado del host.
Herramientas
Altdns: nombres alternativos de fuerza bruta
Amasar: fuerza bruta, Google, VirusTotal, nombres alt
aquatone-discover: Fuerza bruta, Riddler, PassiveTotal, Threat Crowd, Google, VirusTotal, Shodan, Certificados SSL, Netcraft, HackerTarget, DNSDB
BiLE-suite: análisis de HTML, nombres alt, DNS inverso
blacksheepwall: AXFR, fuerza bruta, DNS inverso, Censys, Yandex, Bing, Shodan, Logontube, certificados SSL, virus total
Bluto: AXFR, netcraft, fuerza bruta
brutesubs: enumall, Sublist3r, Altdns
cloudflare_enum: Cloudflare DNS
CTFR: certificados SSL
DNS-Discovery: fuerza bruta
DNS Parallel Prober: resolución de DNS
dnscan: AXFR, fuerza bruta
dnsrecon: AXFR, fuerza bruta, DNS inverso, almacenamiento en caché de snoop, Google
dnssearch: fuerza bruta
domained: Sublist3r, enumall, Knockpy, SubBrute, MassDNS, recon-ng
enumall: recon-ng -> Google, Bing, Baidu, Netcraft, fuerza bruta
Feroz: AXFR, fuerza bruta, DNS inverso
Knockpy: AXFR, virustotal, fuerza bruta
MassDNS: resolución de DNS
Segundo pedido: análisis de HTML
Sonar: AXFR, fuerza bruta
SubBrute: fuerza bruta
Sublist3r: Baidu, Yahoo, Google, Bing, Ask, Netcraft, DNSdumpster, VirusTotal, Threat Crowd, Certificados SSL, PassiveDNS
theHarvester: DNS inverso, fuerza bruta, Google, Bing, Dogpile, Yahoo, Baidu, Shodan, Exalead
TXDNS: nombres alt (typo / tld)
vhost-brute: descubrimiento vhost
VHostScan: descubrimiento vhost
virtual-host-discovery: descubrimiento de vhost
Herramientas DNS en línea
https://hackertarget.com/
http://searchdns.netcraft.com/
https://dnsdumpster.com/
https://www.threatcrowd.org/
https://riddler.io/
https://api.passivetotal.org
https://www.censys.io
https://api.shodan.io
http://www.dnsdb.org/f/
https://www.dnsdb.info/
https://scans.io/
https://findsubdomains.com/
https://securitytrails.com/dns-trails
https://crt.sh/
https://certspotter.com/api/v0/certs?domain=example.com
https://transparencyreport.google.com/https/certificates
https://developers.facebook.com/tools/ct
Los motores de búsqueda
http://www.baidu.com/
http://www.yahoo.com/
http://www.google.com/
http://www.bing.com/
https://www.yandex.ru/
https://www.exalead.com/search/
http://www.dogpile.com/
https://www.zoomeye.org/
https://fofa.so/
Herramientas técnicas / motores de búsqueda
https://github.com/
https://gitlab.com/
https://www.virustotal.com/fr/
Caché de DNS husmeando
nslookup -norecursive domain.com
nmap -sU -p 53 –script dns-cache-snoop.nse –script-args ‘dns-cache-snoop.mode = temporizado, dns-cache-snoop.domains = {dominio1, dominio2, dominio3}’ <ip >
Otros recursos en línea
https://ask.fm/
http://logontube.com/
http://commoncrawl.org/
http://www.sitedossier.com/
#technology#tech#noticias tecnologicas#techblog#tecnologia#tech news#news
0 notes
Last Seen Blogs
alvi451
mandoraalamawicpa-blog
MANDORA AL AMAWI CPA
tazzd313
Untitled
aftab46
Weight Loss
dafttrash
FLOUR SOUP.