Share this page!

πŸ‡·πŸ‡΄ cristi Profile picture
Twitter logo
Mar 9 β€’ 3 tweets β€’ 3 min read
Often times to simplify my work I build scripts.πŸ‘‡

I recently discovered katana by @pdiscoveryio. And I turned this:

katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u <https://tld> -cs "regex-to-restrict-to-tld-and-subdomains"

into this:

kata <tld>
1. The long command does the following:

-d => depth 5
-c => concurrency 50
-p => threads in parallel 20
-ef => exclude these
-u => supply the top level domain (i.e. twitter.com)
-cs => scope for this regex (limited to the tld and its subdomains)
2. You can download the kata bash script from my repo below. Use it as:

kata <tld>

Do me a favor and star the repo, thanks!

#pentesting #infosec #cybersecurity #ethicalhacking #bugbounty #bugbountytips

github.com/CristiVlad25/s…

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with πŸ‡·πŸ‡΄ cristi

πŸ‡·πŸ‡΄ cristi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CristiVlad25

πŸ‡·πŸ‡΄ cristi Profile picture
Mar 8
Large language models exhibit emergent abilities πŸ‘‡
1. Large language models (LLMs) exhibit emergent abilities after crossing a critical value of effective parameters
2. Emergent abilities include performing arithmetic, answering questions, summarizing passages, and more
Read 6 tweets
πŸ‡·πŸ‡΄ cristi Profile picture
Mar 7
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? πŸ‘‡
1. Inspired by @NahamSec recent video.

First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
Read 9 tweets
πŸ‡·πŸ‡΄ cristi Profile picture
Mar 4
More practice, less theory (but not 0 theory)

In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.

My point was not understood and I got a lot of hate for it. Image
1. Again, there's less value in being Top 1% if your experience is purely theoretical.

Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.

Get your daily real-world experience from VDPs (and not paid bounties).
Read 4 tweets
πŸ‡·πŸ‡΄ cristi Profile picture
Feb 27
SSH local port forwarding, explained to humans:

ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
1.πŸŒπŸ’» Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
2.πŸ›£οΈπŸ“¬ Think of it like a mail forwarding service: just as you'd tell the service to forward your mail to your new address, you can tell SSH to forward traffic from a remote server to your local machine.
Read 7 tweets
πŸ‡·πŸ‡΄ cristi Profile picture
Feb 26
Not a paid sponsorship, but I'd love to @HelloPaperspace :) πŸ‘‡

For the last 3-4 years, I had a VPS with 16 GB of RAM and 8 CPUs for which I paid $0.16 per hour of usage.
1. A few days ago I said I'd upgrade to a VPS with 30 GB of RAM and 12 CPUs.

Definitely a dramatically huge increase in performance! Still quite cheap at $0.3/h.

My usual monthly usage so far has been 100 hours or less.
2. I use it for cybersecurity research and for machine learning. I'll probably get an A100 in the future, which is about $3 per hour, but it's the best GPU in town. Need to make more money first.
Read 7 tweets
πŸ‡·πŸ‡΄ cristi Profile picture
Feb 3
The following technique can be used to bypass AI text detection. Use it for ethical purposes only!πŸ‘‡
1. Generate whatever text you want with ChatGPT. Then reply to ChatGPT with the following:

"When it comes to writing content, two factors are crucial, "perplexity" and "burstiness." Perplexity measures the complexity of text. Separately, burstiness compares the variationsπŸ‘‡
of sentences. Humans tend to write with greater burstiness, for example, with some longer or complex sentences alongside shorter ones. AI sentences tend to be more uniform. πŸ‘‡
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(