Doubling back to share some more notes about web application security adjacent stuff. This is a bash script for reconnaissance that uses some tooling from Project Discovery - mapcidr and tlsx - in combination with jq and Bash, to enumerate TLS certificates.
Showing posts with label appsec. Show all posts
Showing posts with label appsec. Show all posts
Monday, October 09, 2023
Sunday, August 13, 2023
API Endpoints
While scrolling twitter recently I saw Intigriti linked to some JavaScript bookmarklet for discovering API endpoints. When doing reconnaissance, sometimes tools like ffuf aren't fine-grained enough for enumerating API endpoints.
Labels:
api,
appsec,
endpoints,
javascript,
reconnaissance,
security
Subscribe to:
Comments (Atom)
Using Python To Access archive.today, July 2025
It seems like a lot of the previous software wrappers to interact with archive.today (and archive.is, archive.ph, etc) via the command-line ...
-
Latin1 was the early default character set for encoding documents delivered via HTTP for MIME types beginning with /text . Today, only ...
-
From "Overfitting and the strong version of Goodhart's law" : Increased efficiency can sometimes, counterintuitively, lead to ...
-
Playing around with writing malware proof-of-concepts, running red and blue team simulations in my computer lab against Windows Home edition...