# Wiki ## Wiki - [Introduction](https://wiki.smhuda.com/master.md): This page serves as an introduction to what this Wiki is about and what content it will (or potentially will) consist of. - [Application Security](https://wiki.smhuda.com/pentesting/application-security.md) - [Mobile App Security](https://wiki.smhuda.com/pentesting/application-security/mobile-security.md) - [Android Application Testing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing.md) - [Security Checklist](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/security-checklist.md): A checklist with security considerations for designing, testing, and releasing secure Android apps. It is based on the OWASP Mobile Application Security Verification Standard, Mobile Application Secur - [SSL Pinning Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/ssl-pinning-bypasses.md) - [Non-Proxy Aware Applications](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/non-proxy-aware-applications.md) - [Setting up VPN Server](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/non-proxy-aware-applications/setting-up-vpn-server.md) - [Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/non-proxy-aware-applications/bypasses.md) - [Common Proxying Issues](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/common-proxying-issues.md) - [Android Local Storage Checks](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/android-local-storage-checks.md) - [Android Task Hijacking](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/android-task-hijacking.md) - [Kiosk Mode / Breakout Testing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/kiosk-mode-breakout-testing.md) - [Magisk on GenyMotion](https://wiki.smhuda.com/pentesting/application-security/mobile-security/android-application-testing/magisk-on-genymotion.md) - [iOS Application Testing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios.md) - [iOS Testing Using Objection](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-testing-using-objection.md) - [IPA Analysis Using MobSF](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ipa-analysis-using-mobsf.md) - [iOS Jailbreak Bypass](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreak-bypass.md) - [Decrypting iOS Apps](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/decrypting-ios-apps.md) - [iOS Reverse Engineering](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-reverse-engineering.md) - [Jailbreak Detection Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/jailbreak-detection-bypasses.md) - [iOS Local Storage Checks](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-local-storage-checks.md) - [Installing IPA](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/installing-ipa.md) - [ATS Auditing](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ats-auditing.md) - [iOS Jailbreaking](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking.md) - [Frida Pinning Bypasses](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/frida-pinning-bypasses.md) - [iOS Jailbreaking](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1.md) - [Performing a Jailbreak with Palera1n](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1/performing-a-jailbreak-with-palera1n.md): Palera1n is a semi-tethered jailbreak for iOS. This guide walks you through the full process of jailbreaking your iOS device using Palera1n. - [Palera1n Cheatsheet](https://wiki.smhuda.com/pentesting/application-security/mobile-security/ios/ios-jailbreaking-1/palera1n-cheatsheet.md) - [Code Security](https://wiki.smhuda.com/pentesting/application-security/mobile-security/code-security.md) - [Frida on Windows](https://wiki.smhuda.com/pentesting/application-security/mobile-security/frida-on-windows.md) - [Web Application Security](https://wiki.smhuda.com/pentesting/application-security/web-application-security.md) - [Web Shells](https://wiki.smhuda.com/pentesting/application-security/web-application-security/web-shells.md) - [CSV Injection](https://wiki.smhuda.com/pentesting/application-security/web-application-security/csv-injection.md): A collection of CSV Injection templates and payloads - [Measure Response Time using CURL](https://wiki.smhuda.com/pentesting/application-security/web-application-security/measure-response-time-using-curl.md) - [OSINT](https://wiki.smhuda.com/pentesting/application-security/web-application-security/osint.md) - [EyeWitness](https://wiki.smhuda.com/pentesting/application-security/web-application-security/osint/eyewitness.md) - [GraphQL Hacking](https://wiki.smhuda.com/pentesting/application-security/web-application-security/graphql-hacking.md) - [API Security](https://wiki.smhuda.com/pentesting/application-security/api-security.md): This section consits of best practices, security checklists, common vulnerability writeups and other API security related content. - [Security Checklist](https://wiki.smhuda.com/pentesting/application-security/api-security/untitled.md): This security checklist consists of security countermeasures when designing, testing, and releasing your API. - [Postman and Burp](https://wiki.smhuda.com/pentesting/application-security/api-security/postman-and-burp.md) - [CURL via BurpSuite](https://wiki.smhuda.com/pentesting/application-security/api-security/curl-via-burpsuite.md) - [SOAP API Pentesting](https://wiki.smhuda.com/pentesting/application-security/api-security/soap-api-pentesting.md) - [Infrastructure Security](https://wiki.smhuda.com/pentesting/infrastructure-security.md) - [Network Infrastructure](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure.md) - [Red Team Powershell Scripts](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/red-team-powershell-scripts.md) - [Mounting NFS Shares](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/mounting-nfs-shares.md) - [Password Cracking/Auditing](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/password-cracking-auditing.md) - [Remote Access Sheet](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/remote-access-sheet.md) - [Password Cracking Using Hashcat](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/password-cracking-using-hashcat.md) - [Calculate IP Addresses from CIDR](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/calculate-ip-addresses-from-cidr.md) - [Grep IP addresses or IP Ranges from a File](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/grep-ip-addresses-or-ip-ranges-from-a-file.md) - [Default Credentials Checking](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/default-credentials-checking.md) - [Check SSL/TLS Certificates](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/check-ssl-tls-certificates.md) - [Log a terminal session](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/log-a-terminal-session.md) - [Unauthenticated Mongo DB](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/unauthenticated-mongo-db.md) - [Microsoft SQL Server (MSSQL)](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/microsoft-sql-server-mssql.md) - [NTP Mode 6 Vulnerabilities](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ntp-mode-6-vulnerabilities.md) - [BloodHound](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/bloodhound.md) - [AD Offensive Testing](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ad-offensive-testing.md) - [CrackMapExec](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/crackmapexec.md) - [Select all IP addresses in Sublime Text](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/select-all-ip-addresses-in-sublime-text.md) - [Convert CIDRs to an IP address list](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/convert-cidrs-to-an-ip-address-list.md) - [Microsoft Exchange Client Access Server Information Disclosure](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/microsoft-exchange-client-access-server-information-disclosure.md) - [Web Server HTTP Header Internal IP Disclosure](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/web-server-http-header-internal-ip-disclosure.md) - [smbclient.py](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/smbclient.py.md) - [GetUserSPNs.py](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/getuserspns.py.md) - [Get-GPPPassword.py](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/get-gpppassword.py.md) - [SMBMap](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/smbmap.md) - [Mounting Shares](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/mounting-shares.md) - [mitm6](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/mitm6.md) - [AD Attacks](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/ad-attacks.md) - [Weak IKE Security Configurations](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/weak-ike-security-configurations.md) - [Locked BIOS Password Bypass](https://wiki.smhuda.com/pentesting/infrastructure-security/network-infrastructure/locked-bios-password-bypass.md) - [Wireless Security](https://wiki.smhuda.com/pentesting/infrastructure-security/wireless-security.md) - [Cached Wireless Keys](https://wiki.smhuda.com/pentesting/infrastructure-security/wireless-security/cached-wireless-keys.md): A Powershell one liner to retrieve all the WiFi passwords stored on a computer: - [Aircrack Suite](https://wiki.smhuda.com/pentesting/infrastructure-security/wireless-security/aircrack-suite.md): A quick wireless testing guide using wireless security Aircrack suite. - [SSL/TLS Security](https://wiki.smhuda.com/pentesting/ssl-tls-security.md) - [Secure Code Review](https://wiki.smhuda.com/pentesting/secure-code-review.md): Secure code review is a manual or automated process that examines an application's source code. The goal of this examination is to identify any existing security flaws or vulnerabilities. Code review - [Python](https://wiki.smhuda.com/pentesting/secure-code-review/python.md) - [Semgrep](https://wiki.smhuda.com/pentesting/secure-code-review/semgrep.md) - [Semgrep to HTML Report](https://wiki.smhuda.com/pentesting/secure-code-review/semgrep/semgrep-to-html-report.md) - [Cloud Security](https://wiki.smhuda.com/pentesting/cloud-security.md) - [Cloud Penetration Testing](https://wiki.smhuda.com/pentesting/cloud-security/cloud-penetration-testing.md) - [Social Engineering](https://wiki.smhuda.com/pentesting/social-engineering.md) - [Simulated Phishing](https://wiki.smhuda.com/pentesting/social-engineering/simulated-phishing.md) - [GoPhish](https://wiki.smhuda.com/pentesting/social-engineering/simulated-phishing/gophish.md) - [Tool Usage](https://wiki.smhuda.com/pentesting/tool-usage.md): This section consists of a set usage instructions or commands relating to a bunch of tools or scripts that are frequently used as part of security assessments. - [Docker](https://wiki.smhuda.com/pentesting/tool-usage/docker.md) - [Split](https://wiki.smhuda.com/pentesting/tool-usage/split.md): The split command or utility allows you to split by lines, size or the number of smaller files you need. Another related utility is csplit than can also be used. - [PhantomJS](https://wiki.smhuda.com/pentesting/tool-usage/ph.md) - [Aquatone](https://wiki.smhuda.com/pentesting/tool-usage/aquatone.md): Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. - [Tmux](https://wiki.smhuda.com/pentesting/tool-usage/tmux.md) - [Ipainstaller](https://wiki.smhuda.com/pentesting/tool-usage/ipainstaller.md): A tool to pull IPA files from an iOS device - [Public IP From Command Line](https://wiki.smhuda.com/pentesting/tool-usage/ip-from-command-line.md): Derive public IP address of a host from command line - [Wifite](https://wiki.smhuda.com/pentesting/tool-usage/wifite.md) - [IKE Scan](https://wiki.smhuda.com/pentesting/tool-usage/ike-scan.md): A basic use of ike-scan with different command based scenarios - [Grep](https://wiki.smhuda.com/pentesting/tool-usage/grep.md): Optimising use of grep in different scenarios - [Pulling APKs](https://wiki.smhuda.com/pentesting/tool-usage/pulling-apks.md): A guide to pulling APK files from an Android device - [Bitsadmin](https://wiki.smhuda.com/pentesting/tool-usage/bitsadmin.md): Using bitsadmin to download files using Windows command prompt - [Drozer](https://wiki.smhuda.com/pentesting/tool-usage/drozer.md): An installation and wiki guide to using Drozer for Android application testing - [Iptables](https://wiki.smhuda.com/pentesting/tool-usage/iptables.md): A mini wiki to refer to adding, delete or amending Iptables rules - [Python Web Server](https://wiki.smhuda.com/pentesting/tool-usage/python-web-server.md): A usage wiki on how to create a Python web server on different operating systems - [Crackmapexec](https://wiki.smhuda.com/pentesting/tool-usage/crackmapexec.md): A basic wiki to use different alias and attributes of crackmapexec - [Impacket](https://wiki.smhuda.com/pentesting/tool-usage/impacket.md): A wiki to detail usage of different modules in the Impacket tool set - [Nessus](https://wiki.smhuda.com/pentesting/tool-usage/nessus.md): A small wiki about Nessus usage and associated plugins. - [Adding SUDO User](https://wiki.smhuda.com/pentesting/tool-usage/adding-sudo-user.md): Adding a user as a sudoer using command line. - [Nmap](https://wiki.smhuda.com/pentesting/tool-usage/nmap.md): A short wiki of Nmap scripts and tricks to use on different scenarios - [Metasploit Payloads](https://wiki.smhuda.com/pentesting/tool-usage/metasploit-payloads.md): A collection of Metasploit payloads using msfvenom, collected from different sources on the internet. - [SMTP Open Relay](https://wiki.smhuda.com/pentesting/tool-usage/smtp-open-relay.md): A short walkthrough of how to use manual SMTP open relay manually and also through an nmap script. - [SQLMap](https://wiki.smhuda.com/pentesting/tool-usage/sqlmap.md): This serves as a mini SQLMap usage wiki - [Screen](https://wiki.smhuda.com/pentesting/tool-usage/screen.md): Screen or GNU Screen is a terminal multiplexer. In other words, it means that you can start a screen session and then open any number of windows (virtual terminals) inside that session. Processes runn - [Remove All After Colon](https://wiki.smhuda.com/pentesting/tool-usage/remove-all-after-colon.md): This one-liner uses the cut command to removing everything on a line after the occurrence of a colon. - [Remove Old Linux Kernels](https://wiki.smhuda.com/pentesting/tool-usage/remove-old-linux-kernels.md): This guide will help you remove old and unused Linux kernels on your Ubuntu system. - [CURL](https://wiki.smhuda.com/pentesting/tool-usage/curl.md): If you are working as a security professional support function, you must be aware of curl command usage to test for security issues across web applications, services and APIs. - [Hashcat](https://wiki.smhuda.com/pentesting/tool-usage/hashcat.md): Hashcat is a password recovery and cracking tool. This is a quick go-to command wiki for it, although you should check the hashcat manual for extensive usage. - [Secure Copy Protocol (SCP)](https://wiki.smhuda.com/pentesting/tool-usage/secure-copy-protocol-scp.md): Secure copy protocol is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell protocol. "SCP" commonly ref - [SSH & PGP Tools](https://wiki.smhuda.com/pentesting/tool-usage/ssh-and-pgp-tools.md): A short command list on how to use PGP or GPG, SSH key generation and how to install APT packages relating to them. - [IP Calculator](https://wiki.smhuda.com/pentesting/tool-usage/ip-calculator.md): ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. - [BloodHound](https://wiki.smhuda.com/pentesting/tool-usage/bloodhound.md): BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. - [Netcat File Transfer](https://wiki.smhuda.com/pentesting/tool-usage/netcat-file-transfer.md) - [OpenVAS](https://wiki.smhuda.com/pentesting/tool-usage/openvas.md) - [BurpSuite](https://wiki.smhuda.com/pentesting/tool-usage/burpsuite.md) - [Exiftool](https://wiki.smhuda.com/pentesting/tool-usage/exiftool.md) - [Python Virtual Environments](https://wiki.smhuda.com/pentesting/tool-usage/python-virtual-environments.md) - [OpenVPN 3](https://wiki.smhuda.com/pentesting/tool-usage/openvpn-3.md) - [Errors and Solutions](https://wiki.smhuda.com/pentesting/errors-and-solutions.md): This page contains random technical errors I come across and any associated solutions I've found that would have known to be either a temporary or permanent (patch or manual) fix/workaround. - [Kill Process On Specific Port](https://wiki.smhuda.com/pentesting/errors-and-solutions/kill-process-on-specific-port.md): Killing a background process running on a specific port - [Kill SSH Port Forwarding](https://wiki.smhuda.com/pentesting/errors-and-solutions/kill-ssh-port-forwarding.md): A small wiki to kill an SSH port forwarding process running in the background. - [SSH Key](https://wiki.smhuda.com/pentesting/errors-and-solutions/ssh-key.md): Error relating to no matching host key for SSH connection - [Expanding Disk on Kali VM](https://wiki.smhuda.com/pentesting/errors-and-solutions/expanding-disk-on-kali-vm.md) - [Scoping](https://wiki.smhuda.com/pentesting/scoping.md) - [Scoping Questionnaires](https://wiki.smhuda.com/pentesting/scoping/scoping-questionnaires.md) - [Mobile App Testing](https://wiki.smhuda.com/pentesting/scoping/scoping-questionnaires/mobile-app-testing.md) - [OSINT](https://wiki.smhuda.com/pentesting/osint.md): Open-source intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence. - [Dark Web OSINT](https://wiki.smhuda.com/pentesting/osint/dark-web-osint.md): OSINT Tools for the Dark Web - [Certificate Chain Check](https://wiki.smhuda.com/pentesting/osint/certificate-chain-check.md) - [EyeWitness - Web Service Screenshot](https://wiki.smhuda.com/pentesting/osint/eyewitness-web-service-screenshot.md) - [Tor to Browse Onion Links](https://wiki.smhuda.com/pentesting/osint/tor-to-browse-onion-links.md) - [DarkDump - Scan Dark Web for Onion Links](https://wiki.smhuda.com/pentesting/osint/darkdump-scan-dark-web-for-onion-links.md) - [Domain related File Search](https://wiki.smhuda.com/pentesting/osint/domain-related-file-search.md) - [Google Dorking](https://wiki.smhuda.com/pentesting/osint/google-dorking.md) - [IP / Network Blocks owned by a Company](https://wiki.smhuda.com/pentesting/osint/ip-network-blocks-owned-by-a-company.md) - [Automation](https://wiki.smhuda.com/programming/automation.md) - [Running a Service at Boot](https://wiki.smhuda.com/programming/automation/untitled.md) - [Network Connectivity Cron](https://wiki.smhuda.com/programming/automation/network-connectivity-cron.md) - [Python](https://wiki.smhuda.com/programming/python.md) - [Adding Columns in Pandas](https://wiki.smhuda.com/programming/python/adding-columns-in-pandas.md) - [Copy Entire Column Data To New Column Pandas](https://wiki.smhuda.com/programming/python/copy-entire-column-data-to-new-column-pandas.md) - [Loading Progress Bar](https://wiki.smhuda.com/programming/python/loading-progress-bar.md) - [Reorder Columns in Pandas](https://wiki.smhuda.com/programming/python/reorder-columns-in-pandas.md) - [Filename with Date/Time Stamp](https://wiki.smhuda.com/programming/python/filename-with-date-time-stamp.md) - [Command Line Arguments](https://wiki.smhuda.com/programming/python/command-line-arguments.md) - [Changing Date Format](https://wiki.smhuda.com/programming/python/changing-date-format.md) - [Removing Index Column Pandas](https://wiki.smhuda.com/programming/python/removing-index-column-pandas.md) - [Regex - Remove HTML Tags](https://wiki.smhuda.com/programming/python/regex-remove-html-tags.md) - [Column Header Mapping](https://wiki.smhuda.com/programming/python/column-header-mapping.md) - [Scripts](https://wiki.smhuda.com/misc/scripts.md): A collection of inhouse, open-source and also some third-party script collected over time to include their usage and walkthrough. - [Clickjacking Checker](https://wiki.smhuda.com/misc/scripts/clickjacking-checker.md): An HTML POC to ensure if a web page supports iFraming. - [Bulk WHOIS](https://wiki.smhuda.com/misc/scripts/bulk-whois.md) - [SMB Signing Check](https://wiki.smhuda.com/misc/scripts/smb-signing-check.md): Script to run and parse SMB message signing results - [FDQN to IP Address](https://wiki.smhuda.com/misc/scripts/fdqn-from-ip-address.md): Lookup IP Address from FQDN - [Grep IP Addresses](https://wiki.smhuda.com/misc/scripts/grep-ip-addresses.md): A grep command to get all IP addresses contained in a text file - [Nessus Parser](https://wiki.smhuda.com/misc/scripts/nessus-parser.md): This is a program to parse a series of Nessus XMLv2 files into a XLSX file. The data from the XML file is placed into a series of tabs to for easier review and reporting. - [Build Review Audit](https://wiki.smhuda.com/misc/scripts/build-review-audit.md): This script checks for various security settings / controls / policies applied on the host machine. - [Nessus Merger](https://wiki.smhuda.com/misc/scripts/nessus-merger.md): Merge multiple Nessus DB output files to a single one without repetition of hosts and findings. - [Nmap2CSV](https://wiki.smhuda.com/misc/scripts/nmap2csv.md): Nmap2CSV is a simple Python script to convert XML Nmap or Masscan output files to a single CSV spreadsheet which summarizes all hosts and open ports in a table - [Remove Audio From Videos](https://wiki.smhuda.com/misc/scripts/remove-audio-from-videos.md): Remove audio from video files in bulk - [Compressing PDF Files using MacOS or Linux](https://wiki.smhuda.com/misc/scripts/compressing-pdf-files-using-macos-or-linux.md) - [Favourite Reads/Links](https://wiki.smhuda.com/misc/favourite-reads-links.md): A collated list of my favourite cybersecurity reads/links I like to refer to and keep myself enlightened with. - [Hacking Posters](https://wiki.smhuda.com/misc/hacking-posters.md) - [Windows Developer VMs](https://wiki.smhuda.com/misc/windows-developer-vms.md) - [Windows Workspaces](https://wiki.smhuda.com/misc/windows-workspaces.md): A mini guide on usage of windows workspaces - [GitHub Pages](https://wiki.smhuda.com/misc/github-pages.md): A short walkthrough of how to setup GitHub pages for local editing and some references of similar GitHub based websites and portals. - [Interview Prep](https://wiki.smhuda.com/misc/interview-prep.md) - [Senior Penetration Tester](https://wiki.smhuda.com/misc/interview-prep/senior-penetration-tester.md) - [CVSS Formula](https://wiki.smhuda.com/misc/cvss-formula.md) - [Android Rooting](https://wiki.smhuda.com/misc/android-rooting.md) - [Lineage OS 18.1 on OnePlus X](https://wiki.smhuda.com/misc/android-rooting/lineage-os-18.1-on-oneplus-x.md) - [TWRP Recover on OnePlus X](https://wiki.smhuda.com/misc/android-rooting/twrp-recover-on-oneplus-x.md) - [Magisk Rooting](https://wiki.smhuda.com/misc/android-rooting/magisk-rooting.md) - [Presentation Slides](https://wiki.smhuda.com/misc/presentation-slides.md) - [BlackHat - USA \[2022\]](https://wiki.smhuda.com/misc/presentation-slides/blackhat-usa-2022.md) - [APPLICATION LEVEL](https://wiki.smhuda.com/vulnerability-wiki/application-level.md) - [AUTHENTICATION](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication.md) - [Authentication Bypass](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/authentication-bypass.md) - [Lack of Password Confirmation](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/lack-of-password-confirmation.md) - [2FA Code Brute-forceable](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/2fa-code-brute-forceable.md) - [Lack of Verification](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/lack-of-verification.md) - [Lack of Throttling on Form Submissions](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/lack-of-throttling-on-form-submissions.md) - [Lack of Rate Limiting on Login](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/lack-of-rate-limiting-on-login.md) - [Weak Password Complexity Rules](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/weak-password-complexity-rules.md) - [SESSION MANAGEMENT](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/session-management.md) - [ACCESS CONTROL](https://wiki.smhuda.com/vulnerability-wiki/application-level/authentication/access-control.md) - [INPUT VALIDATION](https://wiki.smhuda.com/vulnerability-wiki/application-level/input-validation.md) - [CRYPTOGRAPHY](https://wiki.smhuda.com/vulnerability-wiki/application-level/cryptography.md) - [LOGGING](https://wiki.smhuda.com/vulnerability-wiki/application-level/logging.md) - [DATA PROTECTION](https://wiki.smhuda.com/vulnerability-wiki/application-level/data-protection.md) - [COMMUNICATION](https://wiki.smhuda.com/vulnerability-wiki/application-level/communication.md) - [MALICIOUS CODE](https://wiki.smhuda.com/vulnerability-wiki/application-level/malicious-code.md) - [LOGIC](https://wiki.smhuda.com/vulnerability-wiki/application-level/logic.md) - [FILE UPLOAD](https://wiki.smhuda.com/vulnerability-wiki/application-level/file-upload.md) - [API ISSUES](https://wiki.smhuda.com/vulnerability-wiki/application-level/api-issues.md) - [CONFIGURATIONS](https://wiki.smhuda.com/vulnerability-wiki/application-level/configurations.md) - [INFRASTRUCTURE LEVEL](https://wiki.smhuda.com/vulnerability-wiki/infrastructure-level.md) - [ICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524)](https://wiki.smhuda.com/vulnerability-wiki/infrastructure-level/icmp-timestamp-request-remote-date-disclosure-cve-1999-0524.md) - [ASP.NET Debug Mode Validation](https://wiki.smhuda.com/vulnerability-wiki/infrastructure-level/asp.net-debug-mode-validation.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://wiki.smhuda.com/master.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.