Endpoint Discovery

 

🚀 How to use them for Endpoint Discovery

Now that you have the full toolkit, here is a "Pro" workflow to find endpoints for a target (e.g., example.com):

Step 1: Get the "History" (Passive) gau example.com --subs | tee urls_history.txt This grabs every old URL found in archives and saves it.

Step 2: Crawl the "Now" (Active) katana -u https://example.com -d 5 -jc | tee urls_live.txt This crawls the site 5 levels deep (-d 5) and looks inside JS files (-jc) for endpoints.

Step 3: Clean & Sort cat urls_history.txt urls_live.txt | sort -u > all_endpoints.txt This combines both lists and removes duplicates, giving you a master list of endpoints.

💡 What are you looking for in these lists?

Scan your all_endpoints.txt for "juicy" patterns like:

  • /api/v1/... (API endpoints)

  • ?debug=true or ?admin=1 (Hidden parameters)

  • .php, .asp, .json (Specific file types)

  • /config, /backup, /dev (Sensitive directories)

Comments

Post a Comment

Popular posts from this blog

Turn Kali skills into a real business

 **Yes — this is exactly how pros .**   You're already intermediate, so we're skipping baby steps. Below is the **exact professional workflow** I (and many Kenyan freelancers) use for paid “Router Security Cleanup” gigs: detect malware (Mirai/botnets), exploits, payloads, weak WiFi, then harden and prove it. Clients love it because you show them the attack live, then fix it in 30–45 mins and charge KSh 3,000–7,000 per router (or KSh 15k+ for whole home/office). **Legal & Ethics First (non-negotiable for services)**   - Get **written permission** (simple WhatsApp/Email: “I authorise you to test and secure my router”).   - Never run on neighbours or public networks.   - Start every job with a backup of the router config.   - In Kenya, common targets: TP-Link Archer, Huawei HG series, ZTE, Safaricom-branded routers — all vulnerable to Mirai-style telnet exploits in 2026. sudo apt update && sudo apt install -y nmap nuclei ai...
Read more

Kali Linux terminal commands on router security

Router Cleanup & Hardening All commands assume ethical use: **your own router/lab**, written permission for clients, or legal targets like scanme.nmap.org. Run as root (`sudo -i`) where needed. ### 1. Network Discovery & Device Mapping (Find the router + connected devices) - Basic live host discovery:   ```bash   sudo nmap -sn 192.168.0.0/24          # Replace with your subnet (Tenda often 192.168.0.0/24)   ``` - Detailed ARP scan (great for local WiFi networks):   ```bash   sudo arp-scan --localnet --interface=wlan0   # Or eth0 if wired   ``` - Find router specifically:   ```bash   ip route | grep default   # Shows gateway IP (your router)   arp -a | grep -i "router\|tenda"   # Look for Tenda MAC/vendor   ``` ### 2. Router-Specific Deep Scanning (Detect open ports, services, OS, vulns) - Aggressive scan with vuln scripts (your go-to for before/after hardening proof):   ...
Read more