Update URLs

Author: Jimmy

src/SUMMARY.md

@@ -3,8 +3,8 @@
 # 👽 Welcome!
 
 - [HackTricks Cloud](README.md)
-- [About the Author$$external:https://book.hacktricks.xyz/welcome/about-the-author$$]()
-- [HackTricks Values & faq$$external:https://book.hacktricks.xyz/welcome/hacktricks-values-and-faq$$]()
+- [About the Author$$external:https://book.hacktricks.wiki/en/welcome/about-the-author.html$$]()
+- [HackTricks Values & faq$$external:https://book.hacktricks.wiki/en/welcome/hacktricks-values-and-faq.html$$]()
 
 # 🏭 Pentesting CI/CD
 
@@ -510,8 +510,8 @@
 
 # 🛫 Pentesting Network Services
 
-- [HackTricks Pentesting Network$$external:https://book.hacktricks.xyz/generic-methodologies-and-resources/pentesting-network$$]()
-- [HackTricks Pentesting Services$$external:https://book.hacktricks.xyz/network-services-pentesting/pentesting-ssh$$]()
+- [HackTricks Pentesting Network$$external:https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html$$]()
+- [HackTricks Pentesting Services$$external:https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-ssh.html$$]()
 
 
 

src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md

@@ -24,7 +24,7 @@ In each TLD configured in Cloudflare there are some **general settings and servi
 - [ ] Check that **DNSSEC** is **enabled**
 - [ ] Check that **CNAME Flattening** is **used** in **all CNAMEs**
   - This is could be useful to **hide subdomain takeover vulnerabilities** and improve load timings
-- [ ] Check that the domains [**aren't vulnerable to spoofing**](https://book.hacktricks.xyz/network-services-pentesting/pentesting-smtp#mail-spoofing)
+- [ ] Check that the domains [**aren't vulnerable to spoofing**](https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-smtp/index.html#mail-spoofing)
 
 ### **Email**
 

src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

@@ -553,7 +553,7 @@ docker pull ghcr.io/<org-name>/<repo_name>:<tag>
 Then, the user could search for **leaked secrets in the Docker image layers:**
 
 {{#ref}}
-https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics
+https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html
 {{#endref}}
 
 ### Sensitive info in Github Actions logs

src/pentesting-cloud/aws-security/README.md

@@ -37,7 +37,7 @@ From a Red Team point of view, the **first step to compromise an AWS environment
 - **Social** Engineering
 - **Password** reuse (password leaks)
 - Vulnerabilities in AWS-Hosted Applications
-  - [**Server Side Request Forgery**](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf) with access to metadata endpoint
+  - [**Server Side Request Forgery**](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html) with access to metadata endpoint
   - **Local File Read**
     - `/home/USERNAME/.aws/credentials`
     - `C:\Users\USERNAME\.aws\credentials`
@@ -67,7 +67,7 @@ aws-permissions-for-a-pentest.md
 If you found a SSRF in a machine inside AWS check this page for tricks:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
 {{#endref}}
 
 ### Whoami
@@ -147,7 +147,7 @@ As pentester/red teamer you should always check if you can find **sensitive info
 In this book you should find **information** about how to find **exposed AWS services and how to check them**. About how to find **vulnerabilities in exposed network services** I would recommend you to **search** for the specific **service** in:
 
 {{#ref}}
-https://book.hacktricks.xyz/
+https://book.hacktricks.wiki/
 {{#endref}}
 
 ## Compromising the Organization

src/pentesting-cloud/aws-security/aws-basic-information/aws-federation-abuse.md

@@ -7,7 +7,7 @@
 For info about SAML please check:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/saml-attacks
+https://book.hacktricks.wiki/en/pentesting-web/saml-attacks/index.html
 {{#endref}}
 
 In order to configure an **Identity Federation through SAML** you just need to provide a **name** and the **metadata XML** containing all the SAML configuration (**endpoints**, **certificate** with public key)

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ec2-ebs-ssm-and-vpc-post-exploitation/README.md

@@ -113,7 +113,7 @@ One of the scenarios where this is useful is pivoting from a [Bastion Host](http
 aws ssm start-session --target "$INSTANCE_ID"
 ```
 
-3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#abusing-ssrf-in-aws-ec2-environment) script
+3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#abusing-ssrf-in-aws-ec2-environment) script
 4. Transfer the credentials to your own machine in the `$HOME/.aws/credentials` file as `[bastion-ec2]` profile
 5. Log in to EKS as the Bastion EC2:
 

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md

@@ -51,7 +51,7 @@ aws ecr get-download-url-for-layer \
 After downloading the images you should **check them for sensitive info**:
 
 {{#ref}}
-https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics
+https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html
 {{#endref}}
 
 ### `ecr:PutLifecyclePolicy` | `ecr:DeleteRepository` | `ecr-public:DeleteRepository` | `ecr:BatchDeleteImage` | `ecr-public:BatchDeleteImage`

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecs-post-exploitation.md

@@ -16,7 +16,7 @@ In ECS an **IAM role can be assigned to the task** running inside the container.
 Which means that if you manage to **compromise** an ECS instance you can potentially **obtain the IAM role associated to the ECR and to the EC2 instance**. For more info about how to get those credentials check:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
 {{#endref}}
 
 > [!CAUTION]

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-lambda-privesc.md

@@ -194,7 +194,7 @@ aws --profile none-priv lambda update-function-configuration --function-name <fu
 For other scripting languages there are other env variables you can use. For more info check the subsections of scripting languages in:
 
 {{#ref}}
-https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse
+https://book.hacktricks.wiki/en/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/index.html
 {{#endref}}
 
 #### RCE via Lambda Layers

src/pentesting-cloud/aws-security/aws-services/aws-documentdb-enum.md

@@ -26,7 +26,7 @@ aws --region us-east-1 --profile ad docdb describe-db-cluster-snapshot-attribute
 As DocumentDB is a MongoDB compatible database, you can imagine it's also vulnerable to common NoSQL injection attacks:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/nosql-injection
+https://book.hacktricks.wiki/en/pentesting-web/nosql-injection.html
 {{#endref}}
 
 ### DocumentDB