top of page

Mysite Group

Public·81 members
Rezo Udin
Rezo Udin


this rule is useful to filter out those pages where user is authenticated and still can view sensitive content. for instance, authentication may have been based on cookie or basic http auth. as http basic auth is not that great, it can be bypassed and vulnerable basic auth function may become available. this rule lets you filter out all urls where user doesn't have permissions to view them. you can read more about this type of bypassing in previous blog post. read this pdf to learn more about basic authentication.


  • remove vulnerabilities from files for all datasets vulnerability file names are prefixed with 2 underscores: 2_

  • remove empty (0 bytes) and non-printable (predictable) files before inspection

  • sort (ascending) cve, cvss, ecs, and emht

  • no data cleanup

  • the following tools were used: sed (for searching vulnerability file names)

  • awk (for sorting cve, cvss, ecs, emht)

  • awk (again, for sorting)

  • uniq (for 1-char, no blank space, remove duplicate) cve, cvss, ecs, emht

  • s skipping the loop on the dv. return to directory at #1

  • create a directory for all data to be stored in

  • remove all data from that directory

  • sort all data to be stored

  • copy back all data to the original directory

a pdf creation link for any mime types that can be signed or encrypted via the pdf/a standard. the file will be created with the ?security value. to view the file go to the offensive-security-pwk-pdf-17 project on:


Welcome to the group! You can connect with other members, ge...


bottom of page