Bug Bounty Hunting – Tools I Use

Tools I use for security assessments

• Burpsuite - Intercepting proxy 
• Firefox or chrome - 
      -> Foxyproxy, cookie manager and builtwith
• OWASP Zap - alternative to burp

• Wfuzz- fuzzer and discovery tool - allows the discovery of web content by using wordlists 
• Dirb/dirbuster - brute force directories and files names on web/application servers.
• Knockpy - subdomain enum using wordlists
• Sublist3r - Subdomain enumeration with the use of search engines or OSINT
• Seclists - great lists for assessments, usernames, passwords, URLs, fuzzing strings,common directories/files/sub domains 

• Scrapy -Web crawling framework that allows you to create your own web crawlers
• Cyberchef - encoding & decoding
• Google dorks
• What CMS - discover what cms is being used
• sqlmap
• Striker - Striker is an offensive information and vulnerability scanner. Mainly DNS

 

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *