- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Recon
The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!
Feature
ASN Enumeration
metabigor
Subdomain Enumeration
Assetfinder
Subfinder
Amass
Findomain
Sublist3r
Knock
SubDomainizer
GitHub Sudomains
RapidDNS
Riddler
SecurityTrails
Alive Domains
httprobe
httpx
WAF Detect
wafw00f
Domain organization
Regular expressions
Subdomain Takeover
Subjack
DNS Lookup
Discovering IPs
dnsx
DNS Enumeration and Zone Transfer
dnsrecon
dnsenum
Favicon Analysis
favfreak
Shodan
Directory Fuzzing
ffuf
Google Hacking
Some Dorks that I consider important
CredStuff-Auxiliary
Googler
GitHub Dorks
Jhaddix Dorks
Credential Stuffing
CredStuff-Auxiliary
Screenshots
EyeWitness
Port Scan
Masscan
Nmap
Naabu
Link Discovery
Endpoints Enumeration and Finding JS files
Hakrawler
Waybackurls
Gospider
ParamSpider
Vulnerabilities
Nuclei ➔ I used all the default templates
403 Forbidden Bypass
Bypass-403
XSS
XSStrike
Gxss
LFI
Oneliners
gf
ffuf
RCE
My GrepVuln function
Open Redirect
My GrepVuln function
SQLi
Oneliners
gf
sqlmap