1
00:00:07,770 --> 00:00:12,690
All right, Tom, the last lecture we talked about is DNA scan, which is basically a wrapper from that

2
00:00:12,690 --> 00:00:18,540
scan, let you scan domains and translate them into IP addresses so that you can see which parts are

3
00:00:18,540 --> 00:00:19,060
available.

4
00:00:19,350 --> 00:00:21,600
And now I want to show you guys go, Spider.

5
00:00:21,610 --> 00:00:24,510
So this is a really fast Web spider.

6
00:00:25,140 --> 00:00:29,370
What you can do with this is you can use it to spider web applications.

7
00:00:29,970 --> 00:00:32,430
So, of course, you know, you can use to do this.

8
00:00:32,700 --> 00:00:37,920
But the nice thing about Spider that, you know, it'll actually verify links from JavaScript files.

9
00:00:37,930 --> 00:00:43,410
It'll find the links, it'll pass it out, and it will run it against, you know, various intelligence

10
00:00:43,410 --> 00:00:47,730
sources, such as the Wayback Machine virus total in Alien Vault.

11
00:00:48,600 --> 00:00:50,370
So you can see some of the goodness here.

12
00:00:50,700 --> 00:00:51,060
Right.

13
00:00:51,950 --> 00:00:56,450
So I want to show you guys how you can install this and how we can get going with.

14
00:00:56,870 --> 00:00:59,940
Spider, it's really easy to use and you'll see how awesome it is in a second.

15
00:01:00,260 --> 00:01:00,890
So here we go.

16
00:01:00,890 --> 00:01:03,440
We're just going to grab this control.

17
00:01:03,440 --> 00:01:05,300
See in.

18
00:01:08,380 --> 00:01:14,800
Go right to that, finished rather quickly and you can see we have got Spider, so let's again split

19
00:01:14,800 --> 00:01:22,430
the pain so we can type out the command and learn what commands or what flags we want to use.

20
00:01:24,130 --> 00:01:24,460
All right.

21
00:01:24,460 --> 00:01:27,730
So we've got go spider and we've got some flags, right?

22
00:01:27,770 --> 00:01:28,700
What flags will we use?

23
00:01:29,050 --> 00:01:32,950
So I think the best approach for us will be to use a sites list to crawl.

24
00:01:33,310 --> 00:01:44,890
Right, so we can do tech capital as PayPal combined and then we can output everything into another

25
00:01:44,890 --> 00:01:45,220
file.

26
00:01:45,340 --> 00:01:46,480
We'll call it PayPal.

27
00:01:46,960 --> 00:01:47,710
Go, Spider.

28
00:01:51,170 --> 00:01:52,850
All right, and that was way too fast.

29
00:01:54,050 --> 00:01:55,520
Let's take a look at PayPal combined.

30
00:01:58,730 --> 00:01:59,210
All right.

31
00:01:59,210 --> 00:02:03,710
So the problem here, of course, is we're missing the protocols.

32
00:02:07,480 --> 00:02:08,330
All right.

33
00:02:08,330 --> 00:02:08,960
So let's pipe in.

34
00:02:10,900 --> 00:02:15,220
Into you go, Spider, since we have the protocols in front.

35
00:02:17,230 --> 00:02:18,030
I think that's what it was.

36
00:02:18,190 --> 00:02:19,210
It was a waiting for.

37
00:02:19,570 --> 00:02:21,400
So you can see now we're going to get everything we need here.

38
00:02:21,400 --> 00:02:26,230
It's going to go out and spider this stuff and it just gives us, you know, more files to look at.

39
00:02:26,230 --> 00:02:26,530
Right.

40
00:02:26,530 --> 00:02:28,880
More more resources to attack.

41
00:02:28,880 --> 00:02:30,190
And you can actually see where it's coming from.

42
00:02:30,190 --> 00:02:31,520
You can see link finder in here.

43
00:02:31,550 --> 00:02:34,210
You can see JavaScript, all these different sources.

44
00:02:34,600 --> 00:02:40,150
And it's going to compile it into one huge file that we can then use to assess and then we can get through

45
00:02:40,150 --> 00:02:40,210
it.

46
00:02:40,210 --> 00:02:40,450
Right.

47
00:02:40,450 --> 00:02:45,280
So we can grab and say, hey, I want to look for, you know, password strings or, you know, I want

48
00:02:45,280 --> 00:02:46,870
to look for anything that looks suspicious.

49
00:02:47,730 --> 00:02:49,830
Another tool, it's really good to have caroler.

50
00:02:50,970 --> 00:02:55,980
This is also a really good one for numeration, you know, goes by Nightcrawler are pretty much the

51
00:02:55,980 --> 00:02:57,180
leading applications for this.

52
00:02:57,480 --> 00:03:03,120
This is also written and go and you can discover, you know, forms in point, subdomains, JavaScript

53
00:03:03,120 --> 00:03:06,510
files, which often contain juicy items.

54
00:03:07,820 --> 00:03:12,950
And it's just it's just a really good tool to use, so if you wanted to install Hakala, you would just

55
00:03:12,950 --> 00:03:13,790
run this command right here.

56
00:03:14,270 --> 00:03:14,590
Right.

57
00:03:15,380 --> 00:03:17,240
And it's pretty much the same kind of situation.

58
00:03:18,270 --> 00:03:22,680
Then you can just go through the you know, the usage for track crawler and use it according to your

59
00:03:22,680 --> 00:03:23,090
needs.

60
00:03:24,820 --> 00:03:28,150
So we're done here, see if we can take a look at the file that was resulting.

61
00:03:31,670 --> 00:03:32,890
So we've got a bunch of stuff here.

62
00:03:36,710 --> 00:03:38,060
See if we can look at one of these.

63
00:03:41,810 --> 00:03:47,860
Now, some of these files are zero bytes, but others aren't like, for example, let's take I don't

64
00:03:47,860 --> 00:03:49,050
know, something.

65
00:03:49,120 --> 00:03:49,870
It looks interesting.

66
00:03:51,460 --> 00:03:53,580
About this guy right here, sandbox, right?

67
00:03:55,290 --> 00:03:58,320
So here you can see there's some stuff that might be interesting.

68
00:03:58,650 --> 00:03:59,520
Scroll up a little bit.

69
00:04:00,470 --> 00:04:02,030
That some JavaScript files.

70
00:04:04,450 --> 00:04:10,420
So it's a sandbox, right, so it's a test and you can see it looks like some test commands were inside

71
00:04:10,420 --> 00:04:11,810
of this robot's file, right?

72
00:04:11,830 --> 00:04:16,210
So a lot of times the robots, it's basically telling me files that the developers don't want scraped

73
00:04:16,210 --> 00:04:17,740
by search engines.

74
00:04:18,040 --> 00:04:23,020
So, you know, you might want to explore some of these these endpoints, you know, manually go there

75
00:04:23,020 --> 00:04:25,410
and see if there's anything interesting there, like clean money.

76
00:04:25,420 --> 00:04:25,870
What's that?

77
00:04:26,050 --> 00:04:26,340
Right.

78
00:04:26,380 --> 00:04:27,310
This is on the API.

79
00:04:28,300 --> 00:04:30,790
And, yeah, this is very manual does take some time and some work.

80
00:04:30,790 --> 00:04:32,550
But hey, I mean, bug bounty takes work, right?

81
00:04:32,560 --> 00:04:35,290
There's some things you can automate this other things that require closer attention.

82
00:04:35,740 --> 00:04:40,330
And this is one of those things that requires you to really take your time and to to really think through

83
00:04:40,330 --> 00:04:45,640
how a Web application works and what these JavaScript files are doing.

84
00:04:46,030 --> 00:04:46,320
Right.

85
00:04:46,930 --> 00:04:47,830
And what this means.

86
00:04:48,250 --> 00:04:53,740
So in the next lecture, we're going to get into nuclei and that'll wrap up the reconstruction robot

87
00:04:53,740 --> 00:04:53,960
Betty.

88
00:04:54,390 --> 00:04:54,660
All right.

89
00:04:54,670 --> 00:04:55,540
So you guys are a little bit.