-) AUR package: yay -S android-apktool
-) sudo pacman -S android-tools
-) I personally would recommend installing android-studio (it comes with the SDK — including all platform-tools)
o) sudo pacman -S andriod-studio
-) sudo pacman -S bettercap
-) .NET decompiler (in case of Xamarin Apps)
i) apk decompiler for lazy: https://github.com/b-mueller/apkx
===================== 1) MANUAL STATIC ANALYSIS ==========================
1a) RETRIEVE APK
FROM THE DEVICE ITSELF
o) adb shell pm list packages (list all installed packages)
o) adb shell pm path…
Last month there was some news stating that True Caller Data was breached. Actually
After the news come in public domain Truecaller denied and says all its data is safe such a big company will not lie if they suffer a data breach. And this makes me more curious about what actually happened and I tried to get access to the database.
After a few days fortunately with…
Hi, last year i learn about this technique well these techniques were present for a long time but very few people focus on this so i started to learn and taking interest in it.
The region for this is my love for the dataset It was originally an OSINT project on which i was working when it comes to my mind that yah i can report this and it changed my mind and that OSINT project was converted into a BugBounty project.
Before i start telling you about the vulnerability let me tell you about myself I am Nitesh Pandey…
Nowadays how careless people are shows by these leaks and how 3rd party websites that taking the data like aadhaar is handling it last weak several reports come that Indian aadhaar card data was leaked and was curious to know about what the leak contained.
So, I decided to take a look and do the complete research on what that data contains, and the most important thing i was thinking as a citizen is my data was also in the leak.
The most difficult task is to find the source where data was uploaded so i started to see the…
In this part, I will teach you how to extract endpoints from the WSDL file so let's get started.
So for finding the endpoint you need a WSDL file and if you are reading this you must have read my previous parts of API hacking and i assume that you have the WSDL file. If you don’t know how to find the WSDL file you can go to the API hacking secret part three and you will know how to find the WSDL file.
So, Let's get started……………………….
For parsing the endpoint from WSDL file you need three things
finding the WSDL file to extract ENDPOINTS
The most important thing in API is endpoints, most the time you will just play with the endpoint to find a vulnerability. So in this part we will learn how to extract endpoints from the WSDL file.
The first thing you need to do is you need to do recon and API recon is the easiest you only need to find the documentation and few google search and your task is done.
Suppose you have a target website example.com.
which you want to hack and as mentioned above we need to do…
In part 1 we have covered basic of API and Learn the basic difference between soap and rest API.
Now let us take a quick look at the WEB SERVICE COMPONENT before we move forward and see the real hacking methods.
Basically there are three web components that are used but for web application API we will be using only two one for SOAP and other for Rest API.
The documentation standard that is used for SOAP is called WSDL and the documentation standard used for REST API is WADL
WSDL -Documentation Standard for SOAP
WADL-Documentation Standard for REST
In this series, i will be teaching you my methodology of hacking API. I will share all my knowledge that i learned in the past 3 years and make 1000 dollar hacking web applications and mobile API.
Let's get started…………….
In this series, i will tell you from the very basics of hacking API the secrets that were hidden from past decades. I will share my reports and other people apis report to give you the 360-degree view of API hacking
Before moving forward let us first know the basics of API.
Because if you want to hack something you…
In this, you will learn how to properly use tomnom nom httprobe
STEP 1: To use the tomnomnom httprobe you need to have a list of subdomains.
So, now you have the subdomain list and you need to find out which of the domains are live and which are down
It divides into two phases first you will run cat command to see all the subdomains are present. so suppose you run cat subdomains.txt you will get the result of all the subdomains present in that file in your terminal
So now you have…
In this tutorial, we will learn how to install OWASP amass using go lang
So let us see how to install amass into Linux and ubuntu system.
The first thing you need is you need to install golang in your system and we can easily do it using the script in the description and the step shown below if then also you face any issue you can check the video above.
STEP 1: Download the script to your system using the command shown below:
git clone https://github.com/mrnitesh/amass.git
STEP 2: you need to go to the folder you have downloaded…