Vengeance

Subdomain enumeration tools

  • assetfinder
  • subfinder
  • amass
  • sublist3r
  • Findomain

Check for live hosts

  • httpx

Web fuzzer/ Content Discovery

  • ffuf (parameter fuzzing, content discovery, etc.)
  • gobuster

Probe for working http and https servers

  • httprobe

Linked Discovery

  • GoSpider
  • Hakrawler

Vulnerability Scanner

Other Tools:

  • EyeWitness
  • S3 Scanner
  • wfuzz
  • Arjun (find hidden parameters)
  • waybackurls (cat subdomains | waybackurls > urls)
  • wpscan
  • wafw00f

Wordlists:

  • Seclists
  • Assetnote
  • all.txt (Jason Haddix)

Tools for Blind XSS:

  • XSSHunter
  • ezXSS (has 2FA, email reports, share reports feature)
  • bXSS (has slack/ SMS notification feature)
  • KNOXSS (has email feature)

Burp extensions (BApp Store):

  • Flow
  • Active Scan++
  • JS Link Finder
  • Retire.js
  • Hunt Scanner
  • Burp Bounty, Scan Check Builder
  • Software Vulnerability Scanner
  • Additional Scanner Checks
  • Autorize

--

--