Welcome to Operator Notes: the periodic newsletter that delivers the latest techniques, tools, detections, and resources for the cybersecurity operator distilled into copyable cheat sheets.
👇 Subscribe to Operator Notes newsletter and updates 👇
RED
Nuclei by Project Discovery
Nuclei is a tool that allows users to send requests to targets based on a template, in order to perform fast scans on a large number of hosts. It supports a range of protocols, including TCP, DNS, HTTP, SSL, and Whois, as well as specialized protocols like Websockets and Headless. Its templating system allows it to be used for a wide variety of security checks, and it is designed to produce zero false positives.
INSTALL
#git clone https://github.com/projectdiscovery/nuclei.git
#brew install nuclei
#git clone https://github.com/projectdiscovery/nuclei-templates.git
#git clone https://github.com/projectdiscovery/uncover
#git clone https://github.com/projectdiscovery/httpx
#git clone https://github.com/projectdiscovery/subfinder
>Scan single target
#nuclei -u https://netmux.com
>Scanning multiple targets contained with a URL text file
#nuclei -l urls.txt
>Cat out targets list from file into nuclei and use the templates in directory, rate limit to 100 requests a second
#cat targets.txt | nuclei -t -rl 100
>Piped targeted domain enumeration to vuln discovery
This will run 'subfinder' a subdomain discovery tool that returns valid subdomains for websites, using passive online sources. Piped into the 'httpx' tool against all the hosts and subdomains found and returns URLs running HTTP webserver. Piped into 'nuclei' in silent mode to find high and critical vulns. Export those results in Markdown report.
#subfinder -d http://example.com | httpx -silent | nuclei -silent -severity high,critical -me report.md
>Piped broader Org enumeration to vuln discovery
This will run 'uncover' tool, a go wrapper using APIs of well known search engines (Shodan, Censys, FOFA, ZoomEye, etc...) to quickly discover exposed hosts on the internet. Piped into the 'httpx' tool against all the hosts and subdomains found and returns URLs running HTTP webserver. Piped into 'nuclei' in silent mode to find high and critical vulns. Export those results in Markdown report.
#uncover -q 'org:"Strikingly"' | httpx -silent | nuclei -silent -severity high,critical -me report.md
!TIP! Uncover is now integrated into Nuclei:
-uc, -uncover enable uncover engine
-uq, -uncover-query string[] uncover search query
-ue, -uncover-engine string[] uncover search engine (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye)
-uf, -uncover-field string uncover fields to return (ip,port,host) (default "ip:port")
>Nuclei uncover integration against organization
#nuclei -uq 'org:Strikingly' -ue shodan -t
>ChatGPT to create Nuclei templates
In ChatGPT give the following prompt (substitute 'Jenkins' for desired server):
"write a nuclei script for detecting Jenkins servers"
REF:
BLUE
HardeningKitty
HardeningKitty was created to simplify the hardening of Windows.
The HardeningKitty is a checklist for hardening the security and privacy of Windows 10 systems. The checklist can also be used for other versions of Windows, but some adjustments may need to be made using the registry instead of the Group Policy Editor in Windows 10 Home. It is important to consider the potential impact on the usability of key functions and infrastructure when implementing the recommendations on the checklist. The project began as a simple checklist for Windows 10, but has since expanded to include support for various frameworks and benchmarks, including CIS benchmarks and Microsoft Security Baselines. The HailMary mode allows users to apply any hardening checklist to a Windows system.
OSINT
VATINT - Vehicle and transportation intelligence
Resources for conducting OSINT for planes, trains, automobiles, and maritime vessels.
TIPS
Open Source Security Index
The Most Popular & Fastest Growing Open Source Security Projects on GitHub
The Open Source Security Index is a tool that helps users find open source security projects on Github. It uses the Github API to identify projects based on popular security topics and also includes manually added projects that may not have relevant tags. The project is ongoing and relies on the input of the open source security community for improvement.
FOLLOW
Michael Schneider @0x6d69636b on Twitter
MEME
👇 Subscribe to Operator Notes newsletter and updates 👇