https://github.com/stringmanolo/methodology

Hacking Methodology
https://github.com/stringmanolo/methodology

Last synced: 7 months ago
JSON representation

Hacking Methodology

• Host: GitHub
• URL: https://github.com/stringmanolo/methodology
• Owner: StringManolo
• Created: 2022-06-07T03:55:05.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-06-07T03:58:08.000Z (over 3 years ago)
• Last Synced: 2025-02-07T17:45:02.660Z (12 months ago)
• Size: 1000 Bytes
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Methodology

Hacking Methodology Self-Explanatory

# Flaws

## auth (passwords, tokens, cookies, ...)

* autogen pass predictable

* bruteforce resistence

* insecure protocol

* insecure storage

* insuficient session expiration

* missing hsts

* password quality

* unsafe distribution

* unsafe transmision

* username enumeration

* username uniqueness

## best practices

* csp

* directory listing

* mixed content over https

* inline scripts/css

## clickjacking

## command injection

## csfr

## csti

## default config known insecure

## DOS

* lack of resources

* rate limiting

* slowloris (keep-alive)

## hpp

## htmli

* form

* dangling

## IDOR

## information leakage

* credentials in source code

* metadata

* private data disclosure

## insecure certificates

## ldap

* wildcard credentials

## logic flaws

* priv bypass

* priv scalation

* race condition

## open redir

## path traversal

## referrer leak

## response smuggling

## response splitting

## rce

## smtp crlf

## ssfr

## ssti

## sub/domain takeover

## sqli

## xss

* Stored

* Reflected

* Dom

## xxe

# Post Exploitation

* clear credentials in browser

* clear credentials in memory