P4n1cThreads
CtrlK
Purple Book of Tricks
Purple Book of Tricks
  • 🏴‍☠️Welcome!
    • 🔮Prelude
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Stepping Stone
    • Arch Linux (On Construction :))
    • Git
    • Code
      • Flutter/Dart
      • Python Essentials
      • C & C++
      • GO
    • Steganography
    • 💾Regex
    • Wordlists
    • 🌐Network Protocols
      • Telnet
      • ICMP
      • SSH
      • IMAP
      • DNS
      • FTP
      • WebDAV
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
      • JDWP
    • Network Analysis
      • tcpdump
      • Nmap
      • 🦈Wireshark
    • Shells/TTYs
    • Databases
      • SQLite
      • MySQL
      • NoSQL
        • MongoDB
        • Redis
    • Metasploit
    • OPSEC
      • VPS Hardening
      • Metadata Removal
  • Web Exploitation
    • Web Reconnaissance
      • Curl Commands
      • Dorks
      • Shodan
      • Registrants & Certificates
      • User Endpoints
      • Web Fuzzing
        • ffuf
        • feroxbuster
        • Gobuster
        • GoWitness
      • CORS
      • Middleware Security
      • Python Web Shells
    • Servers & Proxies
      • Apache
      • Nginx
      • Werkzeug
      • Squid Proxy
    • Web APIs
      • API Endpoint Enumeration
      • GraphQL
    • Java-based web application
      • JAR
      • Apache Struts
      • .WAR
    • Web Services/Frameworks
      • Spring-Boot
      • Neo4j
      • Ghost CMS
      • BackDrop CMS
      • DaloRADIUS
      • Gitea
      • Wordpress
      • Laravel
      • Express
      • Magento
      • AIOHTTP
      • HashiCorp
      • Tiny File Manager
      • Joomla
      • CMS Made Simple
      • Cacti
      • Tomcat
      • ImageMagick
      • LimeSurvey
    • Vulnerabilities
      • Broken Access Control and Application Logic Errors
        • Path Traversal
        • LFI
        • IDOR
        • Email Verification Bypass
      • Client-Side Attacks
        • HTML Injection
        • XSS
        • Clickjacking
      • Server-Side Attacks
        • Command Injection
        • SSRF
        • SQLi
          • NoSQLi
          • SQLite
          • SQLmap
        • SSTI
        • SSI
        • XXE
        • Log Poisoning
        • Deserialization
        • SSRF
        • Prototype Pollution
      • Session Hijacking
      • Template Manipulation
    • Password Spray
  • Cloud Exploitation
    • Kubernetes
    • AWS
  • Linux Exploitation
    • Confirming and Verifying RCE
    • File Transfer
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
      • Abusing Wildcards
  • Wireless Exploitation
    • NFC
  • Android Exploitation
    • Android Debug Bridge
    • Create Malicious Applications
  • Social Engineering
    • Phishing Attacks
  • Reverse Engineering
    • Binaries
    • GDB
    • radare2
  • Cryptanalysis
    • Cryptosystems
    • Investigation Methodology
    • Chinese Remainder Theorem Applications
    • Pollard's Rho
    • RSA Attacks
Powered by GitBook
On this page
Edit
  1. Web Exploitation

Web APIs

API Endpoint EnumerationGraphQL
PreviousSquid ProxyNextAPI Endpoint Enumeration

Last updated 12 days ago