Видео

Thank you so much. Stay tuned. Will be posting more videos. Currently occupied in other projects. Regards.

hello there, the config file at default location - $HOME/.config/subfinder/config.yaml This file is not present on the fresh installation. However, you can create this file as per your requirement and list out the sources as per the documentation and put your keys into the config file. You can then put the config file at any of your preferred location and put the path of configuration file or put that file on the default path and proceed. The reference link for the sample config file - github.com/projectdiscovery/subfinder/blob/main/README.md Hope this helps. Regards.

Thank you so much Regards.

Thank you so much for appreciating.

Hello Tony, External services like VirusTotal, Censys, Chaos, Shodan, etc. that help us fetch more information in our information gathering stage need us to have registered with them and get our specific API keys to call the respective services to query and gather information from them. By using the API keys from the respective sources in subfinder, you can get more information and utilise this information suiting your task. In the demonstration, you can see that by using the API keys, we were able to get more subdomains for the same target in contrast to the tool running without any API keys. I hope this clarifies. Regards.

@@cyberbytes6653 Thanks man for your prompt reply. Can you please make a video on waybackurls and also show me what endpoints are really good for penetrate?

@@TonyAsh-rp6fp Most welcome and glad that it helped. Sure, will note it down and work on content for waybackurls.

@@cyberbytes6653 Cheers mate.👍

Thanks for the input. Noted.

Hello @CodeSaif - As from the project page, i can see that in the config.json file of knockpy, only Google, DuckDuckgo and VirusTotal seems to be supported. i think the code needs further modules to handle the queries from shodan and censys. That will be a good idea. I think this has already been added from your end as a feature request. Regards,

Hey @@cyberbytes6653 thanks for your response "200 OK"

Hey there. Thanks for the inputs and appreciation. I am yet to try out feroxbuster. But i will certainly try it out and put up a video tutorial for feroxbuster. Added to my to-do list Cheers.

Many thanks for taking time reply... Appreciate it sir 😌🙏

Hello there, Thsnks for your query. For checking passwords, there can be 2 ways: 1. The case where you want nuclei to check for default passwords for any web application. Here, you can assume that the web application framework's login panel path (in case you have discovered during the earlier phases of information gathering.) or any other login page, you need to have a list of default credentials that you can use to check for the use of any default accounts/credentials. You can create a scan template for the same based on the behaviour of the web apps request/response cycle and you can check that accordingly. 2. The case where we want to ascertain weather the application has any mechanism to check for password complexity. Here, too first you need to first understand how the application behaves and responds to the password inputs you give. eg. the password length where the application logic limits you to have a minimum password length. Try out with a smallest length password and feed the input to the application and see how the application responds. Based on that you can print out the response using the YAML template and also you can nest the query with regard to the complexity and character lengths and test accordingly. I would request you to try out and create a test template based on the logic flow. Would love to hear from you in this regard. I will also try to see if i can create something similar for testing, but it will take some time, as i am fully occupied in other tasks. I hope that i have answered your query. Regards.

@@cyberbytes6653 thanks for the response sir that was very helpful !i am waiting impatiently for the next video

Hello there, thank you. Sure, i will be uploading more content. Regards.

Thank you very much

Hey there, upon starting u mean that when you issue the command to start directory search, right? I have not come across such situation till now. I would however recommend you to try to install and run the tool on a fresh kali linux install to set up a baseline and see how it behaves. have a go and see, Let me know the results. I am curious too. Regards.

Hello there, nuclei supports passive scanning for HTTP based templates and performs scans for HTTP response data. This feature is lesser known, however, i will explore this and try to add a video in nuclei tutorial. Thanks for the input.

Thanks.

Hi Rio. Yes you can filter through status codes, just include the -i option to include the status codes of your choice or use -x to exclude the status codes of your choice (seperate status codes using commas. eg. 200,302,404) I hope this helps. Regards.

Hello Jitu. Thank you for your response. Will certainly create more videos. Just stuck in some tasks. Will create as i get free. Can you please tell what part of web application security testing you are interested in?? Some inputs will help. Thanks.

@@cyberbytes6653 I am Interested in Bug Hunting .

Kindly reply please

@@karthik3913 Let me have a look and get back to you soon.

@Karthik - can you pls tell which options you are running and what is the exact difference you get? As i have just tried out with the recent version of the tool, v5.3.0 the results are consistent. Awaiting your response.

Dear Piyush, thank you for your response. I will be adding more of such useful videos soon. Stay tuned. Please do share the channel and content with your circle. Regards.

Hello there, have you tried to see if there are any shares available? Enumerate the Netbios shares if available, you can use the tool 'nbtscan' or use nmap's script nbtstat.nse to see if there is anything useful or any specific shares available. For SMB, you can try out nmap's script - smb-brute.nse and see if you can bruteforce your way if you are unable to guess any credentials. Alternately, you can also use the metasploit's auxiliary module - smb_login for the same purpose. you can also use - hydra & ncrack for this task too.

Thanks a lot, more videos on the way

Thank you. More videos coming up

Thank you. Stay tuned, more videos coming soon.

Thank you very much.

Most welcome.

Can you please tell me what is the exact error message you are getting??

@@cyberbytes6653 Oi, Thanks, I found the problem,.

@@TheNikakz Great.

Thank a lot. will certainly keep the videos coming. Cheers.

Yes. There are lots of useful security tools that can be demonstrated. The catch is that i have to create videos single-handedly. I also have to look that the tools video does not violate community rules. I create the demonstration in that line. Rest assured, i will be creating educational contents and will upload gradually. Thanks.

Hello there, I am a Pentester & security consultant. I am glad that you liked the video. Please do share and subscribe the channel. Thanks.

@@cyberbytes6653 already subscribed you channel from 4 months ago. Are u web or network pentester ?

Ok. I do both network and web apps.

@@cyberbytes6653 can you please come up with web pentesting, try too cover owash top 10 and important tools like sqlmap, burpsuite, owash zap, etc...

Yes. I am working on this and will take a bit of time. The tools you have mentioned are already in pipeline and will come up with a proper format. Please stay tuned. I will be putting up videos on this channel. Regards.

Thank you very much for the response. Stay tuned, more contents coming soon.

Thank you very much for your response. I am glad that the video was helpful to you. Subscribe to channel and please do share the video and channel to your circles. I will be soon uploading more useful educational videos on the channel. Stay tuned.

Yes. I will certainly make good quality educational contents. But it will take some time as i am very peculiar about creating detailed videos, i will certainly plan out and create helpful content. Regards.

Will check the tool out and put on the queue.

you can create free account on virustotal.com and then in in your profile section on top right, you can get your API key by visiting API key section. You can refer - support.virustotal.com/hc/en-us/articles/115002088769-Please-give-me-an-API-key Hope this helps. Regards.

Noted! Will create for sure. Thanks a lot.

There is a complete step by step TryHackMe room dedicated to this issue. I would highly recommend this. Link: tryhackme.com/room/solar

Sure, will try my level best to post videos regularly. Your request is noted.

Hello Soham, there are various sources from where you can begin. From basics, you can start from tryhackme there are lots of free rooms available to try out. Also you can use portswigger web security academy. Learn the fundamentals of computers, networking. There are lots of amazing learning channels on RUclips. Keep learning and growing. Regards.