❄️Setting Up Environment

Update Kali

Once you have your Kali VM up and running, open the Kali Linux Terminal and use the following commands to update your system:

sudo apt update -y

sudo apt upgrade -y

sudo apt dist-upgrade -y

-------------------------------------------------------------

Install Postman

sudo wget https://dl.pstmn.io/download/latest/linux64 -O postman-linux-x64.tar.gz && sudo tar -xvzf postman-linux-x64.tar.gz -C /opt && sudo ln -s /opt/Postman/Postman /usr/bin/postman

-------------------------------------------------------------

Install mitmproxy2swagger

$ sudo pip3 install mitmproxy2swagger

-------------------------------------------------------------

Install Git

sudo apt-get install git

-------------------------------------------------------------

Install Docker

sudo apt-get install docker.io docker-compose

-------------------------------------------------------------

Install Go

sudo apt install golang-go

-------------------------------------------------------------

The JSON Web Token Toolkit v2

$ cd /opt
$ sudo git clone https://github.com/ticarpi/jwt_tool
$ cd jwt_tool
$ python3 -m pip install termcolor cprint pycryptodomex requests
(Optional) Make an alias for jwt_tool.py
$ sudo chmod +x jwt_tool.py
$ sudo ln -s /opt/jwt_tool/jwt_tool.py /usr/bin/jwt_tool

-------------------------------------------------------------

Install Sublime Text

Install the GPG key:

wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/sublimehq-archive.gpg > /dev/null

Select the Stable channel:

echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list

Update apt sources and install Sublime Text:

$ sudo apt-get update
$ sudo apt-get install sublime-text

-------------------------------------------------------------

Install Kiterunner

$ sudo git clone https://github.com/assetnote/kiterunner.git
$ cd kiterunner
$ sudo make build
$ sudo ln -s /opt/kiterunner/dist/kr /usr/bin/kr

-------------------------------------------------------------

Install Arjun

Sudo apt-get install arjun
or
sudo git clone https://github.com/s0md3v/Arjun.git

-------------------------------------------------------------

Useful Wordlists

SecLists (https://github.com/danielmiessler/SecLists)

$ sudo wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& sudo unzip SecList.zip \
&& sudo rm -f SecList.zip

Hacking-APIs (https://github.com/hAPI-hacker/Hacking-APIs)

$ sudo wget -c 
https://github.com/hAPI-hacker/Hacking-APIs/archive/refs/heads/main.zip
 -O HackingAPIs.zip \
&& sudo unzip HackingAPIs.zip \
&& sudo rm -f HackingAPIs.zip

-------------------------------------------------------------

PreviousAPI Reconnaissance NextMy Open Redirect Methodology

Last updated 1 year ago