Environment Setup
This page lists down the commands for setting up the environment for Web Security Assessment
Create a Amazon Linux instance.
bashrc config
# Assessment Exports
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH# Update
sudo yum update
# Docker
sudo yum search docker
sudo yum info docker
sudo yum install docker
sudo usermod -a -G docker ec2-user
newgrp docker
sudo systemctl enable docker.service
sudo systemctl start docker.service
sudo systemctl status docker.service
# Docker Compose
# Download latest release from: https://github.com/docker/compose/releases/
mkdir -p ~/.docker/cli-plugins/
curl -SL https://github.com/docker/compose/releases/download/v2.24.4/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
chmod +x ~/.docker/cli-plugins/docker-compose
docker compose version
# Install golang
wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.21.6.linux-amd64.tar.gz
rm go1.21.6.linux-amd64.tar.gz
Out of Bound Testing
We will use interact.sh for the testing
# Install interactsh server and client
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
# Generate certificates
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
# Run interact-sh server
sudo ~/go/bin/interactsh-server -d <domain> -cert domain.crt -privkey domain.key -t <token> -wc -hd ./payloads &
# Accessing the server (CLI)
interactsh-client -s <domain> -t <token>
# Accessing the server (Web)
docker pull projectdiscovery/interactsh-web
docker run -it -p 3000:3000 projectdiscovery/interactsh-web
# Kill the interactsh server
killall interactsh-server
Reference
https://ott3rly.medium.com/mass-blind-server-side-testing-setup-for-bug-bounty-fa03213b1ec9
Last updated