Author: Lipson Thomas Philip

What is a SemiAutoRecon tool? SemiAutoRecon is a multi-threaded network reconnaissance tool. It is used for semi-automated service enumeration. The features of this tool are all very customizable. It is meant to be used as a time-saving tool in CTFs and other penetration testing scenarios, for example, the OSCP exam). It is most emphatically useless in real-world interactions. This fantastic tool was created by Tib3rius, and it is the successor of the autorecon tool. Why use the SemiAutoRecon tool? SemiAutoRecon was inspired by three tools used during the OSCP labs by the author: Reconnoitre, ReconScan, and bscan. While all three…

What is the subfinder tool? Subfinder is used to discover or extract the subdomain of any website. Subfinder is developed and managed by Project Discovery. It uses passive online sources to locate good subdomains for websites. The passive online sources like Censys, Chaos, Recon.dev, Shodan, Spyse, Virustotal, and many other passive online sources. This tool is designed to do passive subdomain enumeration, and it does it exceptionally well. It was projected to be a successor to the sublist3r tool. Project Discovery created a subdomain finder tool to integrate all passive source licenses and usage limitations. It maintains a consistently passive…

The most essential part for any website is about HTTP security headers. The first thing the server sends in response to the user is HTTP headers that define whether the website is safe or not for the user. What is the header? A header is a section of a document, data packet, or message that carries crucial information in addition to the data itself. The header’s contents differ from document to document. The header contains metadata which means data about data. Headers are seen in any type of file such as email, HTML document, software, and even in word or…

What is DirBuster? DirBuster is a content discovery application within the Kali Linux and Parrot OS repository. DirBuster was created OWASP Foundation and managed by Kali Developers. It is widely used to brute force and extracts juicy lists of directories and files. This tool is written in the Java programming language. It uses multi-thread functionality, which gives users the advantage of extracting directories and files faster or slower. We will provide you an overview of the tool and its fundamental functionalities in this post. How to download DirBuster in Linux? DirBuster comes preinstalled in both Kali Linux and Parrot Security…

Nmap, or Network Mapper, is an open-source security auditing and network scanning program created by Gordon Lyon. It is built in such a way that it can quickly diagnose massive networks and single hosts. Network managers often use it to identify: The devices that are now running on the system, The port number to which the devices are connected, and The open and available ports. What is Nmap? Nmap stands for Network Mapper, is a free network discovery application and open-source vulnerability detection. Network administrators use Nmap to determine: It can find the host that is connected to the network.…

When we hear about cybersecurity, we all learn by self-taught and standalone. But when we get a job in any company we have to work in teams. Teams in cybersecurity are different from other fields such as Data Science, Artificial Intelligence, etc. Because in cybersecurity, there are numerous teams whose objectives to each one’s responsibility is different. This article will discuss How the red team is differs from the blue team. Two important teams are the Red team and Blue team. There are three types of teams in cybersecurity: Red Team (Attacker) Blue Team (Defensive) Purple Team (Attacker and Defensive)…

What is a race condition? A race condition is unacceptable when a device or system seeks to simultaneously conduct two or more operations. However, the activities must still be performed in the proper sequence depending upon the nature of the device or system. They arise when two processes, or threads of software programs, attempt to access the same resource simultaneously, causing system problems. Race situations are a prevalent problem in multithreaded programs. Race condition vulnerability occurs in both web applications as well as mobile applications. What is a race condition vulnerability? Race condition attacks are also known as Time of…

Raven 1 vulnhub machine is a boot2root machine for beginners and intermediates. There are four flags to look for and two suggested methods of gaining root.

What is Cross-site scripting (XSS)? Cross-Site Scripting (XSS) attacks introduce malicious code into online applications, often known as injection attacks. An attacker will exploit a vulnerability in a target online application to deliver malicious code to an end-user, most typically client-side JavaScript. XSS attacks target the application’s users directly rather than the application’s host. Organizations and businesses that deploy web apps risk exposing themselves to cross site scripting attacks. If they show material from users or untrusted sources without sufficient escaping or validation. For a long time, cross site scripting vulnerabilities have been one of the OWASP Top 10 security…

What is the clear command? The clear command is a basic Unix computer operating system command for cleaning the terminal screen. This command first searches the environment for a terminal type, then explores the terminfo database for information on cleaning the screen. Besides that, any command-line options that may be present will be ignored by this command. Furthermore, this command does not accept any arguments. This command was developed by the Computer Systems Research Group. Why clear command used? To do the task in Linux, every user should know all the commands of Linux. And this command is one of…