Return to site
Return to site

Operator Notes

Nuclei, Uncover, HardeningKitty

· nuclei,red team,osint,blue team,hardeningkitty

Welcome to Operator Notes: the periodic newsletter that delivers the latest techniques, tools, detections, and resources for the cybersecurity operator distilled into copyable cheat sheets.

👇 Subscribe to Operator Notes newsletter and updates 👇

RED

Nuclei by Project Discovery 

Nuclei is a tool that allows users to send requests to targets based on a template, in order to perform fast scans on a large number of hosts. It supports a range of protocols, including TCP, DNS, HTTP, SSL, and Whois, as well as specialized protocols like Websockets and Headless. Its templating system allows it to be used for a wide variety of security checks, and it is designed to produce zero false positives.

INSTALL

#git clone https://github.com/projectdiscovery/nuclei.git

#brew install nuclei

#git clone https://github.com/projectdiscovery/nuclei-templates.git

#git clone https://github.com/projectdiscovery/uncover

#git clone https://github.com/projectdiscovery/httpx

#git clone https://github.com/projectdiscovery/subfinder

>Scan single target

#nuclei -u https://netmux.com

>Scanning multiple targets contained with a URL text file

#nuclei -l urls.txt

>Cat out targets list from file into nuclei and use the templates in directory, rate limit to 100 requests a second

#cat targets.txt | nuclei -t -rl 100

>Piped targeted domain enumeration to vuln discovery

This will run 'subfinder' a subdomain discovery tool that returns valid subdomains for websites, using passive online sources. Piped into the 'httpx' tool against all the hosts and subdomains found and returns URLs running HTTP webserver. Piped into 'nuclei' in silent mode to find high and critical vulns. Export those results in Markdown report.

#subfinder -d http://example.com | httpx -silent | nuclei -silent -severity high,critical -me report.md

>Piped broader Org enumeration to vuln discovery

This will run 'uncover' tool, a go wrapper using APIs of well known search engines (Shodan, Censys, FOFA, ZoomEye, etc...) to quickly discover exposed hosts on the internet. Piped into the 'httpx' tool against all the hosts and subdomains found and returns URLs running HTTP webserver. Piped into 'nuclei' in silent mode to find high and critical vulns. Export those results in Markdown report.

#uncover -q 'org:"Strikingly"' | httpx -silent | nuclei -silent -severity high,critical -me report.md

!TIP! Uncover is now integrated into Nuclei:

-uc, -uncover enable uncover engine

-uq, -uncover-query string[] uncover search query

-ue, -uncover-engine string[] uncover search engine (shodan,shodan-idb,fofa,censys,quake,hunter,zoomeye)

-uf, -uncover-field string uncover fields to return (ip,port,host) (default "ip:port")

>Nuclei uncover integration against organization

#nuclei -uq 'org:Strikingly' -ue shodan -t

>ChatGPT to create Nuclei templates

In ChatGPT give the following prompt (substitute 'Jenkins' for desired server):

"write a nuclei script for detecting Jenkins servers"

broken image

REF:

BLUE

HardeningKitty

HardeningKitty was created to simplify the hardening of Windows.

The HardeningKitty is a checklist for hardening the security and privacy of Windows 10 systems. The checklist can also be used for other versions of Windows, but some adjustments may need to be made using the registry instead of the Group Policy Editor in Windows 10 Home. It is important to consider the potential impact on the usability of key functions and infrastructure when implementing the recommendations on the checklist. The project began as a simple checklist for Windows 10, but has since expanded to include support for various frameworks and benchmarks, including CIS benchmarks and Microsoft Security Baselines. The HailMary mode allows users to apply any hardening checklist to a Windows system.

OSINT

VATINT - Vehicle and transportation intelligence

Resources for conducting OSINT for planes, trains, automobiles, and maritime vessels.

TIPS

Open Source Security Index

The Most Popular & Fastest Growing Open Source Security Projects on GitHub

The Open Source Security Index is a tool that helps users find open source security projects on Github. It uses the Github API to identify projects based on popular security topics and also includes manually added projects that may not have relevant tags. The project is ongoing and relies on the input of the open source security community for improvement.

FOLLOW

Michael Schneider  @0x6d69636b on Twitter

MEME

broken image

👇 Subscribe to Operator Notes newsletter and updates 👇

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save