HackTricks
80,443 - Pentesting Web Methodology
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Taarifa za Msingi
Web service ni huduma inayotumika zaidi na yenye wigo mpana na kuna aina mbalimbali za vulnerabilities.
Porti chaguo-msingi: 80 (HTTP), 443(HTTPS)
PORT STATE SERVICE
80/tcp open http
443/tcp open ssl/https
nc -v domain.com 80 # GET / HTTP/1.0
openssl s_client -connect domain.com:443 # GET / HTTP/1.0
Mwongozo wa Web API
Muhtasari wa Mbinu
Katika methodology hii tutaweka dhana kwamba unataka kuattack domain (au subdomain) na hiyo tu. Kwa hivyo, unapaswa kutumia methodology hii kwa kila domain, subdomain au IP iliyogunduliwa ndani ya scope ikiwa kuna web server isiyojulikana ndani yake.
- Anza kwa kutambua technologies zinazotumika na web server. Tafuta tricks za kuzingatia wakati wa mtihani ikiwa utaweza kutambua tech kwa ufanisi.
- Kuna known vulnerability yoyote ya version ya technology?
- Unatumia well known tech? Kuna useful trick yoyote ya kupata taarifa zaidi?
- Kuna specialised scanner yoyote ya kuendesha (kama wpscan)?
- Endesha general purposes scanners. Hujui kabisa kama zitatoka na kitu au zitakuletea taarifa za kuvutia.
- Anza na initial checks: robots, sitemap, 404 error na SSL/TLS scan (ikiwa HTTPS).
- Anza spidering tovuti: Ni wakati wa kutafuta faili zote, folda na parameters being used. Pia, angalia kwa special findings.
- Kumbuka kwamba kila wakati directory mpya inapogunduliwa wakati wa brute-forcing au spidering, inapaswa ku-spider.
- Directory Brute-Forcing: Jaribu kuvunja (brute force) folders zote zilizogunduliwa ukitafuta files na directories mpya.
- Kumbuka kwamba kila wakati directory mpya inapogunduliwa wakati wa brute-forcing au spidering, inapaswa kufanyiwa Brute-Force.
- Backups checking: Jaribu kama unaweza kupata backups za discovered files kwa kuongezea extensions za backup za kawaida.
- Brute-Force parameters: Jaribu kutafuta hidden parameters.
- Ukimaliza kutambua endpoint zote zinazoweza kupokea user input, angalia aina zote za vulnerabilities zinazohusiana nazo.
- Fuata orodha hii ya ukaguzi
Server Version (Vulnerable?)
Tambua
Angalia kama kuna known vulnerabilities kwa server version inayokimbia.
The HTTP headers and cookies of the response zinaweza kuwa muhimu sana kutambua technologies na/au version zinazotumika. Nmap scan inaweza kutambua server version, lakini inaweza pia kuwa muhimu kutumia zana kama whatweb, webtech au https://builtwith.com/ :
whatweb -a 1 <URL> #Stealthy
whatweb -a 3 <URL> #Aggresive
webtech -u <URL>
webanalyze -host https://google.com -crawl 2
Tafuta kwa vulnerabilities of the web application version
Angalia kama kuna WAF
- https://github.com/EnableSecurity/wafw00f
- https://github.com/Ekultek/WhatWaf.git
- https://nmap.org/nsedoc/scripts/http-waf-detect.html
Mbinu za teknolojia za wavuti
Baadhi ya mbinu za kutafuta udhaifu katika teknolojia mbalimbali maarufu zinazotumika:
- AEM - Adobe Experience Cloud
- Apache
- Artifactory
- Buckets
- CGI
- Custom UDP RPC Protocols
- Dotnet SOAP WSDL client exploitation
- Drupal
- Flask
- Fortinet FortiWeb
- Git
- Golang
- GraphQL
- H2 - Java SQL database
- ISPConfig
- IIS tricks
- Microsoft SharePoint
- JBOSS
- Jenkins
- Jira
- Joomla
- JSP
- Laravel
- Moodle
- Nginx
- PHP (php has a lot of interesting tricks that could be exploited)
- Python
- Roundcube
- Spring Actuators
- Symphony
- Tomcat
- VMWare
- Web API Pentesting
- WebDav
- Werkzeug
- Wordpress
- Electron Desktop (XSS to RCE)
- Sitecore
- Zabbix
Chukua katika akaunti kwamba domaini ile ile inaweza kutumia teknolojia tofauti katika bandari, folda na subdomains.
Ikiwa web application inatumia yoyote ya tech/platform iliyojulikana iliyoorodheshwa hapo juu au nyingine yoyote, usisahau kutafuta mtandaoni mbinu mpya (na nijulishe!).
Mapitio ya Source Code
Ikiwa source code ya application inapatikana kwenye github, mbali na kufanya mwenyewe White box test ya application kuna maelezo kadhaa ambayo yanaweza kuwa muhimu kwa Black-Box testing ya sasa:
- Je, kuna faili ya Change-log au Readme au Version au kitu chochote chenye taarifa za version zinazopatikana kupitia wavuti?
- Je, credentials zinawekwa wapi na jinsi gani? Je, kuna file (inayopatikana?) yenye credentials (usernames au passwords)?
- Je, passwords ziko kwa plain text, encrypted, au ni algorithmi gani ya hashing inayotumika?
- Je, inatumia master key ili ku-encrypt kitu chochote? Ni algorithm gani inayotumika?
- Je, unaweza kupata faili yoyote kati ya hizi ukitumia udhaifu wowote?
- Je, kuna maelezo ya kuvutia kwenye github (issues zilizotatuliwa na zisizotatuliwa)? Au katika commit history (labda kuna password iliyowekwa katika commit ya zamani)?
Source code Review / SAST Tools
Scanners za otomatiki
Scanners za madhumuni ya jumla automatic scanners
nikto -h <URL>
whatweb -a 4 <URL>
wapiti -u <URL>
W3af
zaproxy #You can use an API
nuclei -ut && nuclei -target <URL>
# https://github.com/ignis-sec/puff (client side vulns fuzzer)
node puff.js -w ./wordlist-examples/xss.txt -u "http://www.xssgame.com/f/m4KKGHi2rVUN/?query=FUZZ"
Skana za CMS
Ikiwa CMS inatumiwa, usisahau endesha scanner, labda utakuta kitu cha kuvutia:
Clusterd: JBoss, ColdFusion, WebLogic, Tomcat, Railo, Axis2, Glassfish
CMSScan: WordPress, Drupal, Joomla, vBulletin tovuti kwa masuala ya usalama. (GUI)
VulnX: Joomla, Wordpress, Drupal, PrestaShop, Opencart
CMSMap: (W)ordpress, (J)oomla, (D)rupal au (M)oodle
droopscan: Drupal, Joomla, Moodle, Silverstripe, Wordpress
cmsmap [-f W] -F -d <URL>
wpscan --force update -e --url <URL>
joomscan --ec -u <URL>
joomlavs.rb #https://github.com/rastating/joomlavs
Katika hatua hii unapaswa tayari kuwa na baadhi ya taarifa kuhusu web server inayotumika na client (ikiwa data yoyote imetolewa) na mbinu za kuzingatia wakati wa test. Ikiwa una bahati unaweza hata kuwa umepata CMS na kumfanya scanner.
Ugunduzi wa Programu za Wavuti hatua kwa hatua
Kuanzia hapa tutaanza kuingiliana na web application.
Ukaguzi wa awali
Kurasa za chaguo-msingi zilizo na taarifa za kuvutia:
- /robots.txt
- /sitemap.xml
- /crossdomain.xml
- /clientaccesspolicy.xml
- /.well-known/
- Angalia pia maoni kwenye kurasa kuu na za ziada.
Kulazimisha makosa
Web servers zinaweza kutenda kwa njia isiyotegemewa wakati data ya ajabu inapotumwa kwao. Hii inaweza kufungua vulnerabilities au kuonyesha taarifa nyeti.
- Fikia kurasa za uongo kama /whatever_fake.php (.aspx,.html,.etc)
- Ongeza “[]”, “]]”, na “[[” katika cookie values na parameter values ili kusababisha makosa
- Tengeneza kosa kwa kutoa input kama
/~randomthing/%smwishoni mwa URL - Jaribu HTTP Verbs tofauti kama PATCH, DEBUG au hata mbaya kama FAKE
Check if you can upload files (PUT verb, WebDav)
If you find that WebDav is enabled but you don’t have enough permissions for uploading files in the root folder try to:
- Brute Force credentials
- Upload files via WebDav to the rest of found folders inside the web page. You may have permissions to upload files in other folders.
Udhaifu za SSL/TLS
- Ikiwa application hainalazimisha matumizi ya HTTPS sehemu yoyote, basi iko vulnerable to MitM
- Ikiwa application inatuma data nyeti (nywila) kwa kutumia HTTP, basi ni vulnerability kubwa.
Use testssl.sh to checks for vulnerabilities (In Bug Bounty programs probably these kind of vulnerabilities won’t be accepted) and use a2sv to recheck the vulnerabilities:
./testssl.sh [--htmlfile] 10.10.10.10:443
#Use the --htmlfile to save the output inside an htmlfile also
# You can also use other tools, by testssl.sh at this momment is the best one (I think)
sslscan <host:port>
sslyze --regular <ip:port>
Information about SSL/TLS vulnerabilities:
- https://www.gracefulsecurity.com/tls-ssl-vulnerabilities/
- https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/
Spidering
Lanzua aina fulani ya spider ndani ya tovuti. Lengo la spider ni kupata njia nyingi iwezekanavyo kutoka kwa application inayoendekwa. Kwa hiyo, web crawling na vyanzo vya nje vinapaswa kutumika kupata njia nyingi sahihi iwezekanavyo.
- gospider (go): HTML spider, LinkFinder in JS files and external sources (Archive.org, CommonCrawl.org, VirusTotal.com).
- hakrawler (go): HML spider, with LinkFider for JS files and Archive.org as external source.
- dirhunt (python): HTML spider, also indicates “juicy files”.
- evine (go): Interactive CLI HTML spider. It also searches in Archive.org
- meg (go): This tool isn’t a spider but it can be useful. You can just indicate a file with hosts and a file with paths and meg will fetch each path on each host and save the response.
- urlgrab (go): HTML spider with JS rendering capabilities. However, it looks like it’s unmaintained, the precompiled version is old and the current code doesn’t compile
- gau (go): HTML spider that uses external providers (wayback, otx, commoncrawl)
- ParamSpider: This script will find URLs with parameter and will list them.
- galer (go): HTML spider with JS rendering capabilities.
- LinkFinder (python): HTML spider, with JS beautify capabilities capable of search new paths in JS files. It could be worth it also take a look to JSScanner, which is a wrapper of LinkFinder.
- goLinkFinder (go): To extract endpoints in both HTML source and embedded javascript files. Useful for bug hunters, red teamers, infosec ninjas.
- JSParser (python2.7): A python 2.7 script using Tornado and JSBeautifier to parse relative URLs from JavaScript files. Useful for easily discovering AJAX requests. Looks like unmaintained.
- relative-url-extractor (ruby): Given a file (HTML) it will extract URLs from it using nifty regular expression to find and extract the relative URLs from ugly (minify) files.
- JSFScan (bash, several tools): Gather interesting information from JS files using several tools.
- subjs (go): Find JS files.
- page-fetch (go): Load a page in a headless browser and print out all the urls loaded to load the page.
- Feroxbuster (rust): Content discovery tool mixing several options of the previous tools
- Javascript Parsing: A Burp extension to find path and params in JS files.
- Sourcemapper: A tool that given the .js.map URL will get you the beatified JS code
- xnLinkFinder: This is a tool used to discover endpoints for a given target.
- waymore: Discover links from the wayback machine (also downloading the responses in the wayback and looking for more links)
- HTTPLoot (go): Crawl (even by filling forms) and also find sensitive info using specific regexes.
- SpiderSuite: Spider Suite is an advance multi-feature GUI web security Crawler/Spider designed for cyber security professionals.
- jsluice (go): It’s a Go package and command-line tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.
- ParaForge: ParaForge is a simple Burp Suite extension to extract the paramters and endpoints from the request to create custom wordlist for fuzzing and enumeration.
- katana (go): Awesome tool for this.
- Crawley (go): Print every link it’s able to find.
Brute Force directories and files
Anza kufanya brute-forcing kutoka kwenye root folder na hakikisha kufufua brute-force kwenye directories zote zilizopatikana ukitumia hii method na pia directories zote zilizoonekana wakati wa Spidering (unaweza kufanya brute-forcing hii recursively na kuongezea mwanzoni wa wordlist iliyotumika majina ya directories uliyopata).
Tools:
- Dirb / Dirbuster - Included in Kali, old (and slow) but functional. Allow auto-signed certificates and recursive search. Too slow compared with th other options.
- Dirsearch (python): It doesn’t allow auto-signed certificates but allows recursive search.
- Gobuster (go): It allows auto-signed certificates, it doesn’t have recursive search.
- Feroxbuster - Fast, supports recursive search.
- wfuzz
wfuzz -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt https://domain.com/api/FUZZ - ffuf - Fast:
ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.10/FUZZ - uro (python): This isn’t a spider but a tool that given the list of found URLs will to delete “duplicated” URLs.
- Scavenger: Burp Extension to create a list of directories from the burp history of different pages
- TrashCompactor: Remove URLs with duplicated functionalities (based on js imports)
- Chamaleon: It uses wapalyzer to detect used technologies and select the wordlists to use.
Dictionaries zinazopendekezwa:
- https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/bf_directories.txt
- Dirsearch included dictionary
- http://gist.github.com/jhaddix/b80ea67d85c13206125806f0828f4d10
- Assetnote wordlists
- https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- raft-large-directories-lowercase.txt
- directory-list-2.3-medium.txt
- RobotsDisallowed/top10000.txt
- https://github.com/random-robbie/bruteforce-lists
- https://github.com/google/fuzzing/tree/master/dictionaries
- https://github.com/six2dez/OneListForAll
- https://github.com/random-robbie/bruteforce-lists
- https://github.com/ayoubfathi/leaky-paths
- /usr/share/wordlists/dirb/common.txt
- /usr/share/wordlists/dirb/big.txt
- /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Kumbuka kuwa kila wakati katalogi mpya inapogunduliwa wakati wa brute-forcing au spidering, inapaswa kufanyiwa Brute-Force.
What to check on each file found
- Broken link checker: Find broken links inside HTMLs that may be prone to takeovers
- File Backups: Mara utakapo pata mafaili yote, angalia backups za mafaili yote yanayoendeshwa (“.php”, “.aspx”…). Vipengele vya kawaida vya majina ya backup ni: file.ext~, #file.ext#, ~file.ext, file.ext.bak, file.ext.tmp, file.ext.old, file.bak, file.tmp and file.old. Unaweza pia kutumia tool bfac au backup-gen.
- Discover new parameters: Unaweza kutumia zana kama Arjun, parameth, x8 na Param Miner kutambua vigezo vifichwa. Ikiwa inawezekana, jaribu kutafuta vigezo vilivyofichwa kwenye kila faili za web zinazotekelezwa.
- Arjun all default wordlists: https://github.com/s0md3v/Arjun/tree/master/arjun/db
- Param-miner “params” : https://github.com/PortSwigger/param-miner/blob/master/resources/params
- Assetnote “parameters_top_1m”: https://wordlists.assetnote.io/
- nullenc0de “params.txt”: https://gist.github.com/nullenc0de/9cb36260207924f8e1787279a05eb773
- Comments: Kagua comments za mafaili yote, unaweza kupata credentials au hidden functionality.
- Ikiwa unapiga CTF, mbinu ya kawaida ni kuficha taarifa ndani ya comments upande wa kulia wa page (kutumia mashauri mia za spaces ili usione data ukiifungua source code kwa browser). Njia nyingine ni kutumia mitaala mingi ya newline na kuficha taarifa katika comment chini ya ukurasa wa web.
- API keys: Ikiwa unapata API key kuna mwongozo unaoelezea jinsi ya kutumia API keys za platform mbalimbali: keyhacks, zile, truffleHog, SecretFinder, RegHex, DumpsterDive, EarlyBird
- Google API keys: Ikiwa unapata API key inayofanana na AIzaSyA-qLheq6xjDiEIRisP_ujUseYLQCHUjik unaweza kutumia project gmapapiscanner kubaini ni APIs gani key inaweza kufikia.
- S3 Buckets: Wakati wa spidering angalia kama subdomain au link yoyote inahusiana na S3 bucket. Katika kesi hiyo, check the permissions of the bucket.
Special findings
Wakati unafanya spidering na brute-forcing unaweza kugundua vitu vya kusisimua ambavyo unapaswa kuyatambua.
Interesting files
- Tafuta links kwenda kwa mafaili mengine ndani ya mafaili ya CSS.
- If you find a .git file some information can be extracted
- Ikiwa unapata .env taarifa kama api keys, dbs passwords na taarifa nyingine zinaweza kupatikana.
- Ikiwa unapata API endpoints unapaswa pia kuyaweka kwenye test. Haya sio mafaili, lakini huenda “yaonekana kama” mafaili.
- JS files: Katika sehemu ya spidering zilitajwa zana kadhaa zinazoweza kutoa path kutoka kwa JS files. Pia, itakuwa muhimu kufuatilia kila JS file iliyopatikana, kwa sababu kwenye matukio kadhaa, mabadiliko yanaweza kuonyesha kuwa udhaifu mpya umeingizwa kwenye code. Unaweza kutumia kwa mfano JSMon.
- Pia unapaswa kuangalia JS files zilizogunduliwa na RetireJS au JSHole kuona kama zina udhaifu.
- Javascript Deobfuscator and Unpacker: https://lelinhtinh.github.io/de4js/, https://www.dcode.fr/javascript-unobfuscator
- Javascript Beautifier: http://jsbeautifier.org/, http://jsnice.org/
- JsFuck deobfuscation (javascript with chars:“[]!+” https://enkhee-osiris.github.io/Decoder-JSFuck/)
- TrainFuck:
+72.+29.+7..+3.-67.-12.+55.+24.+3.-6.-8.-67.-23. - Katika matukio mengi, utahitaji kuelewa regular expressions zinazotumika. Hii itakuwa muhimu: https://regex101.com/ au https://pythonium.net/regex
- Unaweza pia kufuatilia mafaili ambapo fomu ziligunduliwa, kwani mabadiliko kwenye parameter au kuonekana kwa fomu mpya kunaweza kuashiria functionality mpya yenye udhaifu.
403 Forbidden/Basic Authentication/401 Unauthorized (bypass)
502 Proxy Error
Ikiwa ukurasa wowote unarepond na code hiyo, kawaida ni proxy iliyopangwa vibaya. Ikiwa utatuma HTTP request kama: GET https://google.com HTTP/1.1 (na host header na vichwa vingine vya kawaida), proxy itajaribu kufikia google.com na utakuwa umepata SSRF.
NTLM Authentication - Info disclosure
Ikiwa server inayouliza authentication ni Windows au ukiona login inayouliza credentials zako (na kuonyesha jina la domain), unaweza kusababisha information disclosure.
Tuma header: “Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=” na kutokana na jinsi NTLM authentication inavyofanya kazi, server itajibu na info za ndani (version ya IIS, version ya Windows…) ndani ya header “WWW-Authenticate”.
Unaweza kuendesha kiotomatiki hili ukiwa unatumia nmap plugin “http-ntlm-info.nse”.
HTTP Redirect (CTF)
Inawezekana kuweka content ndani ya Redirection. Content hii haitaonyeshwa kwa mtumiaji (kwa sababu browser itatekeleza redirection) lakini kitu kinaweza kufichwa ndani yake.
Web Vulnerabilities Checking
Sasa baada ya kuendesha enumeration kamili ya web application ni wakati wa kuangalia udhaifu mwingi unaowezekana. Unaweza kupata checklist hapa:
Web Vulnerabilities Methodology
Pata habari zaidi kuhusu web vulns katika:
- https://six2dez.gitbook.io/pentest-book/others/web-checklist
- https://kennel209.gitbooks.io/owasp-testing-guide-v4/content/en/web_application_security_testing/configuration_and_deployment_management_testing.html
- https://owasp-skf.gitbook.io/asvs-write-ups/kbid-111-client-side-template-injection
Monitor Pages for changes
Unaweza kutumia zana kama https://github.com/dgtlmoon/changedetection.io kufuatilia mabadiliko ya kurasa ambayo yanaweza kuingiza udhaifu.
HackTricks Automatic Commands
HackTricks Automatic Commands
```yaml Protocol_Name: Web #Protocol Abbreviation if there is one. Port_Number: 80,443 #Comma separated if there is more than one. Protocol_Description: Web #Protocol Abbreviation Spelled outEntry_1: Name: Notes Description: Notes for Web Note: | https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/index.html
Entry_2: Name: Quick Web Scan Description: Nikto and GoBuster Command: nikto -host {Web_Proto}://{IP}:{Web_Port} &&&& gobuster dir -w {Small_Dirlist} -u {Web_Proto}://{IP}:{Web_Port} && gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}
Entry_3: Name: Nikto Description: Basic Site Info via Nikto Command: nikto -host {Web_Proto}://{IP}:{Web_Port}
Entry_4: Name: WhatWeb Description: General purpose auto scanner Command: whatweb -a 4 {IP}
Entry_5: Name: Directory Brute Force Non-Recursive Description: Non-Recursive Directory Brute Force Command: gobuster dir -w {Big_Dirlist} -u {Web_Proto}://{IP}:{Web_Port}
Entry_6: Name: Directory Brute Force Recursive Description: Recursive Directory Brute Force Command: python3 {Tool_Dir}dirsearch/dirsearch.py -w {Small_Dirlist} -e php,exe,sh,py,html,pl -f -t 20 -u {Web_Proto}://{IP}:{Web_Port} -r 10
Entry_7: Name: Directory Brute Force CGI Description: Common Gateway Interface Brute Force Command: gobuster dir -u {Web_Proto}://{IP}:{Web_Port}/ -w /usr/share/seclists/Discovery/Web-Content/CGIs.txt -s 200
Entry_8:
Name: Nmap Web Vuln Scan
Description: Tailored Nmap Scan for web Vulnerabilities
Command: nmap -vv –reason -Pn -sV -p {Web_Port} –script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer) {IP}
Entry_9: Name: Drupal Description: Drupal Enumeration Notes Note: | git clone https://github.com/immunIT/drupwn.git for low hanging fruit and git clone https://github.com/droope/droopescan.git for deeper enumeration
Entry_10: Name: WordPress Description: WordPress Enumeration with WPScan Command: | ?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php wpscan –url {Web_Proto}://{IP}{1} –enumerate ap,at,cb,dbe && wpscan –url {Web_Proto}://{IP}{1} –enumerate u,tt,t,vp –passwords {Big_Passwordlist} -e
Entry_11: Name: WordPress Hydra Brute Force Description: Need User (admin is default) Command: hydra -l admin -P {Big_Passwordlist} {IP} -V http-form-post ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location’
Entry_12: Name: Ffuf Vhost Description: Simple Scan with Ffuf for discovering additional vhosts Command: ffuf -w {Subdomain_List}:FUZZ -u {Web_Proto}://{Domain_Name} -H “Host:FUZZ.{Domain_Name}” -c -mc all {Ffuf_Filters}
</details>
> [!TIP]
> Jifunze na fanya mazoezi ya AWS Hacking:<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> Jifunze na fanya mazoezi ya GCP Hacking: <img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)<img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">
> Jifunze na fanya mazoezi ya Azure Hacking: <img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training Azure Red Team Expert (AzRTE)**](https://training.hacktricks.xyz/courses/azrte)<img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">
>
> <details>
>
> <summary>Support HackTricks</summary>
>
> - Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
> - **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
> - **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
>
> </details>