Hacking Websockets: SQL injection
WebSocket application may be susceptible to all kinds of vulnerabilities. ffuf works great for enumerating and fuzzing and enumerating, sqlmap is the state of the art tool for SQL injection. Both of them support HTTP, neither of them supports WebSockets. In this article we develop a tool that allows us to use these awesome tools in WebSocket applications.
ClusterShell: parallel SSH on many hosts
How do you gather uptime information from a large number of remote hosts? Open a bunch of terminals and paste the command to each of them? Loop over the hosts with a shell script? Thankfully, there is a better way.
Port forwarding with SSH
Port forwarding is a foundational skill for any penetration tester or red teamer. This article covers the basics and discusses a few practical examples of port forwarding with SSH.
Incremental search with Feroxbuster
Feroxbuster is a great forced-browsing / directory-busting tool. In this article, I explore making the search more efficient by scanning at a low depth and filtering the found directories.