tegon icon indicating copy to clipboard operation
tegon copied to clipboard
Published 9 months ago verified publisher icon RedPlanetHQ

[feature request]. Project Templates

Open tracure1337 opened this issue 10 months ago • 2 comments

[feature request]. Project Templates

Wonderful project. I am really digging it.

It would be really neat if one could create full project templates with workspaces , issues and sub tasks.

My projects are always the same (expanding and iterating on the issues though).

But when creating a new project I'd like to have the different workspaces , issues and sub-tasks already all filled out/ created with one click.

Thank you for your consideration.

tracure1337 avatar Feb 20 '25 23:02 tracure1337

Hey @cocoonkid projects templates sounds interesting. Can you give us one brief example of a kind of project template you would want to create along with pre-populate issues and sub-issues?

AggManik avatar Feb 21 '25 08:02 AggManik

Apology for the late reply.

For example a pen test/ vulnerability research project.

Here is an example for a re-occuring template.

Initial Subdomain Enumeration

  • [ ] Run subfinder with recursive option
subfinder -d domain.com -all -recursive > subs_domain.com.txt

Live Host Detection

  • [ ] Filter live hosts using httpx
cat subs_domain.com.txt | httpx -td -title -sc -ip > httpx_domain.com.txt
cat httpx_domain.com.txt | awk '{print $1}' > live_subs_domain.txt

Automated Vulnerability Scanning

  • [ ] Run Nuclei with rate limiting
nuclei -l live_subs_domain.com.txt -rl 10 -bs 2 -c 2 -as -silent -s critical,high,medium

WAF Detection

  • [ ] Identify hosts with WAF (403 responses)
cat httpx_domain.com.txt | grep 403
  • [ ] Check for common WAFs:
    • [ ] Amazon Cloudfront
    • [ ] Cloudflare
    • [ ] Imperva
    • [ ] Akamai
    • [ ] F5
    • [ ] Barracuda
    • [ ] Fortinet
    • [ ] Azure WAF
    • [ ] Radware
    • [ ] Sucuri

Non-WAF Analysis

  • [ ] Filter subdomains without WAF
cat httpx_domain.com.txt | grep -v -i -E 'cloudfront|imperva|cloudflare' > nowaf_subs_domain.com.txt
  • [ ] Extract 403 responses from non-WAF subdomains
cat nowaf_subs_domain.com.txt | grep 403 | awk '{print $1}' > 403_subs_domain.txt

Fuzzing

  • [ ] Run default wordlist fuzzing
dirsearch -u https://sub.domain.com -x 403,404,500,400,502,503,429 --random-agent
  • [ ] Perform extension-based fuzzing
dirsearch -u https://sub.domain.com -e xml,json,sql,db,log,yml,yaml,bak,txt,tar.gz,zip -x 403,404,500,400,502,503,429 --random-agent

Exploit Research

  • [ ] Search for public exploits
  • [ ] Use ChatGPT for exploit assistance
  • [ ] Google dork for specific vulnerabilities

Targeted Wordlist Fuzzing

  • [ ] Install and locate appropriate wordlists
sudo apt install seclists
  • [ ] Run service-specific fuzzing
  • [ ] Perform database file fuzzing
mkdir db_wordlists
wget https://raw.githubusercontent.com/dkcyberz/Harpy/refs/heads/main/Hidden/database.txt

Manual Review

  • [ ] Visit non-WAF subdomains manually
  • [ ] Check interesting 403 responses
  • [ ] Document potential vulnerabilities

Initial URL Extraction

  • [ ] Run waymore
waymore -i domain.com -mode U -oU waymore_domain.com.txt
  • [ ] Backup method: waybackurls
waybackurls domain.com > wayback_domain.com.txt

Pattern Searching

Identity Patterns

  • [ ] Search for UUIDs
grep -Eo '[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}'
  • [ ] Find JWT tokens
grep "eyJ"
  • [ ] Check SSNs
grep -Eo '\b[0-9]{3}-[0-9]{2}-[0-9]{4}\b'

Sensitive Data

  • [ ] Credit card numbers
grep -Eo '\b[0-9]{13,16}\b'
  • [ ] Session IDs/cookies
grep -Eo '[a-zA-Z0-9]{32,}'
  • [ ] Tokens and secrets
    • [ ] Search "token"
    • [ ] Search "code"
    • [ ] Search "secret"

Network Information

  • [ ] Private IP addresses
  • [ ] IPv4 addresses
  • [ ] IPv6 addresses

Payment Information

  • [ ] Check for:
    • [ ] payment
    • [ ] order/orderid
    • [ ] payid
    • [ ] invoice

API Endpoints

  • [ ] Look for:
    • [ ] /api/
    • [ ] api.
    • [ ] graphql
  • [ ] Check API versions:
    • [ ] /v1/
    • [ ] /v2/
    • [ ] /v3/
    • [ ] /v4/
    • [ ] /v5/

Authentication Systems

  • [ ] Search for:
    • [ ] sso
    • [ ] saml
    • [ ] oauth
    • [ ] auth
    • [ ] callback

File Exposures

  • [ ] Check for sensitive files:
    • [ ] .env
    • [ ] .yaml/.yml
    • [ ] .json
    • [ ] .xml
    • [ ] .log
    • [ ] .sql
    • [ ] .backup
    • [ ] .key
    • [ ] .pem
    • [ ] .conf
    • [ ] .pdf
    • [ ] .xlsx

Google Dork Searches

  • [ ] Run dorks for file extensions
  • [ ] Search for confidential markers:
    • [ ] "CONFIDENTIAL"
    • [ ] "INTERNAL USE ONLY"
    • [ ] "HIGHLY CONFIDENTIAL"
    • [ ] "PRIVATE USE ONLY"
  • [ ] Translate and search confidential markers in other languages

Documentation

  • [ ] Document all findings
  • [ ] Screenshot evidence
  • [ ] Prepare report
  • [ ] Test findings for active vulnerabilities

tracure1337 avatar Mar 13 '25 22:03 tracure1337