Jun 9, 2021

Basics Penetration Testing Tools

Subdomain enumeration tools assetfinder subfinder amass sublist3r Findomain Check for live hosts httpx Web fuzzer/ Content Discovery ffuf (parameter fuzzing, content discovery, etc.) gobuster Probe for working http and https servers httprobe Linked Discovery GoSpider Hakrawler Vulnerability Scanner Nikto nuclei Other Tools: EyeWitness S3 Scanner wfuzz Arjun (find hidden parameters) waybackurls (cat subdomains | waybackurls > urls)

Pentest Tools

1 min read

Basics Penetration Testing Tools

Subdomain enumeration tools

assetfinder
subfinder
amass
sublist3r
Findomain

Check for live hosts

httpx

Web fuzzer/ Content Discovery

ffuf (parameter fuzzing, content discovery, etc.)
gobuster

Probe for working http and https servers

httprobe

Linked Discovery

GoSpider
Hakrawler

Vulnerability Scanner

Nikto
nuclei

Other Tools:

EyeWitness
S3 Scanner
wfuzz
Arjun (find hidden parameters)
waybackurls (cat subdomains | waybackurls > urls)
wpscan
wafw00f

Wordlists:

Seclists
Assetnote
all.txt (Jason Haddix)

Tools for Blind XSS:

XSSHunter
ezXSS (has 2FA, email reports, share reports feature)
bXSS (has slack/ SMS notification feature)
KNOXSS (has email feature)

Burp extensions (BApp Store):

Flow
Active Scan++
JS Link Finder
Retire.js
Hunt Scanner
Burp Bounty, Scan Check Builder
Software Vulnerability Scanner
Additional Scanner Checks
Autorize

Authorization token leak from verify email endpoint

Recon Step/ Methodology

Basics Penetration Testing Tools

Basics Penetration Testing Tools

Subdomain enumeration tools

Check for live hosts

Web fuzzer/ Content Discovery

Probe for working http and https servers

Linked Discovery

Vulnerability Scanner

Other Tools:

Wordlists:

Tools for Blind XSS:

Burp extensions (BApp Store):

Vengeance