-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
3cc3440
commit 7858eae
Showing
2 changed files
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{ | ||
"name": "gobuster", | ||
"tool_description": "Gobuster is a tool used to brute-force:\n - URIs (directories and files) in web sites.\n - DNS subdomains (with wildcard support).\n - Virtual Host names on target web servers.\n - Open Amazon S3 buckets\n - TFTP servers", | ||
"args_description": [ | ||
"command: gobuster [mode] ...\n", | ||
"\n", | ||
"Available Modes:\n", | ||
" completion Generate the autocompletion script for the specified shell.\n", | ||
" dir Uses directory/file enumeration mode.\n", | ||
" Example: gobuster dir -u http://example.com -w wordlist.txt\n", | ||
" dns Uses DNS subdomain enumeration mode.\n", | ||
" Example: gobuster dns -d example.com -w subdomains.txt\n", | ||
" fuzz Uses fuzzing mode. Replaces the keyword FUZZ in the URL, Headers, and the request body.\n", | ||
" Example: gobuster fuzz -u http://example.com/FUZZ -w fuzzlist.txt\n", | ||
" s3 Uses AWS S3 bucket enumeration mode.\n", | ||
" Example: gobuster s3 -w bucketlist.txt\n", | ||
" tftp Uses TFTP enumeration mode.\n", | ||
" Example: gobuster tftp -u tftp://example.com -w wordlist.txt\n", | ||
" version Shows the current version of gobuster.\n", | ||
" Example: gobuster version\n", | ||
" vhost Uses virtual host enumeration mode (you most probably want to use the IP address as the URL parameter).\n", | ||
" Example: gobuster vhost -u http://192.168.1.1 -w vhostlist.txt\n" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{ | ||
"name": "sqlmap", | ||
"tool_description": "sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.", | ||
"args_description": [ | ||
"command: The primary command to run sqlmap. It includes the script name 'sqlmap.py' followed by various options and arguments to specify the target and the desired actions.", | ||
"-u <URL>: The target URL to scan for SQL injection vulnerabilities.", | ||
"--level=<LEVEL>: The level of tests to perform (default is 1). Levels range from 1 to 5, with higher levels being more exhaustive.", | ||
"--risk=<RISK>: The risk level of tests to perform (default is 1). Risk levels range from 1 to 3, with higher levels being more aggressive.", | ||
"--dbs: Enumerate the databases on the target server.", | ||
"-D <DATABASE_NAME>: Specify the database name for further enumeration or data extraction.", | ||
"--tables: Enumerate the tables in a specified database.", | ||
"-T <TABLE_NAME>: Specify the table name for further enumeration or data extraction.", | ||
"--columns: Enumerate the columns in a specified table.", | ||
"-C <COLUMN_NAME>: Specify the column name for data extraction.", | ||
"--dump: Dump the entries of the specified database, table, or column.", | ||
"--batch: Automatically accept all prompts and run non-interactively.", | ||
"--proxy=<PROXY>: Route all HTTP requests through a specified proxy.", | ||
"--tamper=<TAMPER_SCRIPTS>: Use tamper scripts to bypass WAF/IPS protections.", | ||
"--technique=<TECHNIQUES>: Specify which SQL injection techniques to use (e.g., B for boolean-based, E for error-based, T for time-based, U for UNION query-based, S for stacked queries).", | ||
"--cookie=<COOKIE>: Use specified cookie for HTTP requests.", | ||
"--headers=<HEADERS>: Add additional headers to HTTP requests.", | ||
"--auth-type=<AUTH_TYPE>: Specify the authentication type (e.g., Basic, Digest, NTLM).", | ||
"--auth-cred=<AUTH_CRED>: Specify authentication credentials (e.g., username:password)." | ||
] | ||
} |