Reference List
EyeWitness – Automates taking screenshots of websites and provide server headers [Link].
sudo apt install eyewitness eyewitness -f list.txt
rbndr – I a single file code written in C that allow a pentester to test software against TOCTOU (time of check, time of use) vulnerability with this DNS rebinding application [Link].
Installation for self-hosting:
git clone https://github.com/taviso/rbndr.git cd rbndr gcc rebinder.c -o rebinder
Note: your real domain needs to be pointed to the server that will run this application. Change the proprieties of static const struct root kExpectedDomain
(line #42) to match your domain before compilation. Do not be disappointed if your build fails because this decade old app need a few code changes to work (out of the scope of this post).
Using a free online server (.rbndr.us
) to get the job done:
- The domain syntax is:
<ipv4 in base-16>.<ipv4 in base-16>.rbndr.us
- In reality it would look like:
7f000001.c0a80001.rbndr.us
7f000001
> from hex to decimal > 127 0 0 1.c0a80001
> from hex to decimal > 192 168 0 1.
Here is a syntax helper for easy of use [Link].