All Projects → danilabs → Tools Tbhm

danilabs / Tools Tbhm

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Programming Languages

shell
77523 projects

Projects that are alternatives of or similar to Tools Tbhm

Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-63.74%)
Mutual labels:  security-tools, bugbounty
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-5.26%)
Mutual labels:  security-tools, bugbounty
Gitgraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+580.7%)
Mutual labels:  security-tools, bugbounty
Subdomainizer
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915 (+435.09%)
Mutual labels:  security-tools, bugbounty
Swiftness
A note-taking macOS app for penetration-testers.
Stars: ✭ 124 (-27.49%)
Mutual labels:  security-tools, bugbounty
Jaeles
The Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+527.49%)
Mutual labels:  security-tools, bugbounty
Arl
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+693.57%)
Mutual labels:  security-tools, bugbounty
Stacoan
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (+313.45%)
Mutual labels:  security-tools, bugbounty
Dns Discovery
DNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (-33.33%)
Mutual labels:  security-tools, bugbounty
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: ✭ 113 (-33.92%)
Mutual labels:  security-tools, bugbounty
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+348.54%)
Mutual labels:  security-tools, bugbounty
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+1027.49%)
Mutual labels:  security-tools, bugbounty
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+344.44%)
Mutual labels:  security-tools, bugbounty
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-8.77%)
Mutual labels:  security-tools, bugbounty
Bypass Firewalls By Dns History
Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
Stars: ✭ 739 (+332.16%)
Mutual labels:  security-tools, bugbounty
Awesome Bugbounty Tools
A curated list of various bug bounty tools
Stars: ✭ 96 (-43.86%)
Mutual labels:  security-tools, bugbounty
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+149.71%)
Mutual labels:  security-tools, bugbounty
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+197.66%)
Mutual labels:  security-tools, bugbounty
Deksterecon
Web Application recon automation
Stars: ✭ 109 (-36.26%)
Mutual labels:  security-tools, bugbounty
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+974.27%)
Mutual labels:  security-tools, bugbounty

Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"

Discovery

  • Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
  • Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
  • Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
  • Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
  • massdns (A high-performance DNS stub resolver).
  • ListSubs.txt (A list with a lot of subs).
  • EyeWitness (EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible).
  • GoBuster (Directory/file & DNS busting tool written in Go).
  • RobotsDisallowed (The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt).
  • Parameth (This tool can be used to brute discover GET and POST parameters).

Web Content

  • GroundControl (A collection of scripts that run on my web server).
  • Sleepy-Puppy (Sleepy Puppy XSS Payload Management Framework).
  • XSSHunter (The XSS Hunter service - a portable version of XSSHunter.com).
  • TPLMap (Code and Server-Side Template Injection Detection and Exploitation Tool).
  • PsychoPATH (Hunting file uploads & LFI in the dark).
  • Commix (Automated All-in-One OS command injection and exploitation tool)

Miscellaneous

  • AutoSubTakeover (A tool used to check if a CNAME resolves to the scope adress).
  • HostileSubBruteforcer (This app will bruteforce for exisiting subdomains)
  • Tko-Subs (A tool that can help detect and takeover subdomains with dead DNS records).
  • SandCastle (Python script for AWS S3 bucket enumeration).
  • GitRob (Reconnaissance tool for GitHub organizations).
  • TruffleHog (Searches through git repositories for high entropy strings, digging deep into commit history)

Plugins BurpSuite

Credits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].