- SSH Tunneling - The Cyber Plumber’s Handbook.pdf
- Setup ssh_config file
TODO READ: * A visual guide to SSH tunnels * How Tunneling Works * How Tunneling Works Video * https://en.m.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels * SSH port forwarding - Example, command, server config * Run SSH with command aliases * The pitfalls of using ssh-agent, or how to use an agent safely
- Stand-up a cloud-hosted Kali box, configure OpenVAS, ssh into the box...all encrypted yet run on my local browser. I no longer have to bother with installing VNC.
- Same thing with Dradis...allows a penetration testing team to collaborate on an assignment without having to mess with certificates.
- I wrote a script that launches 10 VMs in DigitalOcean in seconds, then I ssh into them with -D 9050...9059. I have 10 entries in my proxychains.conf file for 127.0.0.1 9050...127.0.0.1 9059, and then launch theHarvester with proxychains. Google no longer accuses me of being a bot.
- I passed a tip along to a network engineer at my company that he should read your book rather than exposing an administrative login page on a public facing website.
- For privacy, I sometimes create a VM on the fly and use it as a proxy in Firefox."
Use selfhosted services¶
Droplets are cheap and only costs money as long as they exists.
Has a very neat pricing model as it allowes to have 3 free VMs with persistent storage (3gb). Creating additional accounts for more free resources is allowed!
In addition, a free postgresql and persistence is available (check docu).
Dockerfile deployment is quite easy and doesn't require docker installed on the machine because it runs the builds on a builder instance.
# login into fly.io flyctl auth login # create a new app fly launch # re/deploy the app fly deploy # restart the app fly restart <app-name> # destroy the app fly destroy <app-name>
Starting from €4.15, pay as you go.
This selfhosted application is capable to connect to a vast range of sql servers like: MySQL, Postgres, SQL Server, Vertica, Crate, ClickHouse, Trino, Presto, SAP HANA, Cassandra, Snowflake, BigQuery, SQLite, and more with ODBC
Powered by the "project discovery".
Able to have a broad OSINT scan on a target from passive to agressive with a lot of modules. Doesn't search for files or vulns.
OSINT and Vuln Scanner with configurable workflows and decentralized cloud scanners (spawn droplets for scanning).
The workflows are written in YAML with a special syntax for scripting. It's essentially a way to tell osmedeus how to run commands and pass information to the next step.
A web ui is available as