Skip to content

Instantly share code, notes, and snippets.

@bl4de
Created July 25, 2017 10:16
Show Gist options
  • Save bl4de/5e005c867fc3aadaf1d9325c27123d61 to your computer and use it in GitHub Desktop.
Save bl4de/5e005c867fc3aadaf1d9325c27123d61 to your computer and use it in GitHub Desktop.

Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"

Discovery

  • Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
  • Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
  • Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
  • Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
  • massdns (A high-performance DNS stub resolver).
  • ListSubs.txt (A list with a lot of subs).
  • EyeWitness (EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible).
  • GoBuster (Directory/file & DNS busting tool written in Go).
  • RobotsDisallowed (The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt).
  • Parameth (This tool can be used to brute discover GET and POST parameters).

Web Content

  • GroundControl (A collection of scripts that run on my web server).
  • Sleepy-Puppy (Sleepy Puppy XSS Payload Management Framework).
  • XSSHunter (The XSS Hunter service - a portable version of XSSHunter.com).
  • TPLMap (Code and Server-Side Template Injection Detection and Exploitation Tool).
  • PsychoPATH (Hunting file uploads & LFI in the dark).
  • Commix (Automated All-in-One OS command injection and exploitation tool)

Miscellaneous

  • AutoSubTakeover (A tool used to check if a CNAME resolves to the scope adress).
  • HostileSubBruteforcer (This app will bruteforce for exisiting subdomains)
  • Tko-Subs (A tool that can help detect and takeover subdomains with dead DNS records).
  • SandCastle (Python script for AWS S3 bucket enumeration).
  • GitRob (Reconnaissance tool for GitHub organizations).
  • TruffleHog (Searches through git repositories for high entropy strings, digging deep into commit history)

Plugins BurpSuite

Credits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment