My notes from different sources.
- Hostname based
- IP based
- Port based
Hostname based : Multiple (logical) websites pointing to the same IP address. The content delivered depends on the hostname passed from the webclient. The constraint is when configuring SSL/TLS to the sites as the server may not have single wildcard certificate for all the virtually hosted websites. However, Server Name Indication (SNI) extension in SSL/TLS allows hostname indication which solves the issue to some extent.
IP based : One server man have multiple network interfaces (one IP address per network interface). Each website points to a unique IP address but all those IPs belong to the same server.
Port based : Different websites hosted on one IP address but on different ports.
Hosting temporary server to listen on ports
For HTTP connections:
sudo nc -lvp 80
For SSL/TLS connections:
sudo ncat -v --listen --ssl -p 443.
This command creates an SSL certificate for localhost.
Create a self signed SSL certificate:
openssl req -x509 -newkey rsa:2048 -keyout test-key.pem -out test-cert.pem -days 365 -nodes
To host a SSL/TLS server with self signed certificate:
sudo openssl s_server -key test-key.pem -cert test-cert.pem -accept 443 -www
- Generate GPG keys:
- List all keys (public or private) :
- List all keypairs (which has both public and private keys) :
- Import keys :
gpg --import <key>
- Get list of stored GPG keys using email:
gpg --fingerprint <email>
- Export GPG keypair :
gpg --export-secret-keys <ID> > my-privatekey.asc
- Delete GPG public key:
gpg --delete-keys <ID>
- Delete GPG private key:
gpg --delete-secret-keys <ID>
Generating GPG keys non-interactive way: https://gist.github.com/woods/8970150
Generate entropy for GPG creation on terminal machines (Source)
sudo apt-get install rng-tools sudo rngd -r /dev/urandom
Syncthing is available as snap package. If syncthing is run as a binary the config files are stored at
~/.config/syncthing but if it is installed using snap the config files are stored at
To attach TOTP with KeyPass, use the plugin KeeOTP. Copying the TOTP is simple as Ctrl + T
FoxyProxy profile for pentesters (can be used in both Firefox and Chrome): https://gist.github.com/liamosaur/a527d285b5394180c4bf3197dc7d8035
- To see all commits in a git repo along with the changes:
git log -p
- To see all changes made to a single file in git repo:
git log -p filename
To set proxy (like BurpSuite) for command line programs in Linux, execute the following:
export http_proxy=http://127.0.0.1:8080 export https_proxy=http://127.0.0.1:8080
To remove them, use
unset http_proxy and
Find hosts using ARP scan :
nmap -sP -PR 192.168.56.1/24
pip install pyjwt
- Create JWT with None alg:
pyjwt --alg=none --key=none encode user=test1 admin=false iat=1564989485 exp=1565075885
- Create JWT with secret:
pyjwt --key=secret encode user=test1 admin=false iat=1564989485 exp=1565075885
- Check if a secret is valid:
pyjwt --key=secret decode "json.web.token"
Bruteforce JWT tokens (using https://github.com/AresS31/jwtcat):
python3 jwtcat.py -t "json.web.token" -w worlist.txt