Git Product home page Git Product logo

tools-tbhm's Introduction

Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"

Discovery

  • Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
  • Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
  • Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
  • Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
  • massdns (A high-performance DNS stub resolver).
  • ListSubs.txt (A list with a lot of subs).
  • EyeWitness (EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible).
  • GoBuster (Directory/file & DNS busting tool written in Go).
  • RobotsDisallowed (The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt).
  • Parameth (This tool can be used to brute discover GET and POST parameters).

Web Content

  • GroundControl (A collection of scripts that run on my web server).
  • Sleepy-Puppy (Sleepy Puppy XSS Payload Management Framework).
  • XSSHunter (The XSS Hunter service - a portable version of XSSHunter.com).
  • TPLMap (Code and Server-Side Template Injection Detection and Exploitation Tool).
  • PsychoPATH (Hunting file uploads & LFI in the dark).
  • Commix (Automated All-in-One OS command injection and exploitation tool)

Miscellaneous

  • AutoSubTakeover (A tool used to check if a CNAME resolves to the scope adress).
  • HostileSubBruteforcer (This app will bruteforce for exisiting subdomains)
  • Tko-Subs (A tool that can help detect and takeover subdomains with dead DNS records).
  • SandCastle (Python script for AWS S3 bucket enumeration).
  • GitRob (Reconnaissance tool for GitHub organizations).
  • TruffleHog (Searches through git repositories for high entropy strings, digging deep into commit history)

Plugins BurpSuite

Credits

tools-tbhm's People

Contributors

danilabs avatar

Watchers

James Cloos avatar Dipak Kumar Das avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.