> For the complete documentation index, see [llms.txt](https://methodological-notes.gitbook.io/methodology/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://methodological-notes.gitbook.io/methodology/recon-strategies-by-other-hackers/my-top-5-bookmarks-that-i-consistently-use-for-bug-bounty-and-penetration-testing..md).

# My top 5 bookmarks that I consistently use for bug bounty and penetration testing.

Hello Folks,

I'd like to share my top 5 personal bookmarks that I repeatedly use while performing penetration testing. Without further ado, let's dive into the topic.

1. [**offsec.tools**](https://offsec.tools/)

<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*j_oKgiEgyuwHPedqXeQB3g.png" alt="" height="364" width="700"><figcaption><p>offsec.tools Dashboard</p></figcaption></figure>

This website features a wide list of bug bounty tools, conveniently sorted by category. If you're looking for subdomain enumeration tools, simply click on the #subdomains category to access the latest tools without having to spend a lot of time searching on Google.

<https://offsec.tools/>

2\. **PayloadsAllTheThings**

<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*P5PDoDq4mQ72yL7ImujneQ.png" alt="" height="360" width="700"><figcaption></figcaption></figure>

Sometimes, you might struggle to track down payloads for a particular category or simply need to conduct a speedy test with some straightforward payloads. This is when I turn to the PayloadsAllTheThings repository. It contains an extensive collection of basic to advanced payloads covering nearly all types of bugs, including SQL injection, XSS, SSRF, open redirect, and more.

<https://github.com/swisskyrepo/PayloadsAllTheThings>

3\. **keyhacks**

<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*On_-gxz_4IcpA85UHGeY1A.png" alt="" height="527" width="700"><figcaption></figcaption></figure>

Do you ever come across an API key that you find during your bug bounty but struggle to figure out how to use it? Or maybe the documentation is too complex to understand? I have a solution for you - the Keyhacks repository. It provides simple commands for using API keys for various web services. Check it out!

<https://github.com/streaak/keyhacks>

4\. **Domain and IP bulk lookup tool**

<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*HZEQKbLYDu15o1IOfX9yzA.png" alt="" height="404" width="700"><figcaption></figcaption></figure>

When checking the cname or DNS history of subdomains, I prefer to use the Domain and IP bulk lookup tool. The interface is straightforward and the results are displayed beautifully, which is why I tend to use it more often.

<https://www.infobyip.com/ipbulklookup.php>

5\. **Can-i-take-over-xyz**

<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*-XAiKVPRf8FWObxD0LEPFw.png" alt="" height="536" width="700"><figcaption></figcaption></figure>

This is probably my most frequently used and favorite resource. I tend to have a lot of questions and uncertainties regarding subdomain takeover, so I am grateful for how well [**EdOverflow**](https://twitter.com/EdOverflow) manages the repository. I hope that all of your inquiries related to subdomain takeover can be answered here. In the event that I can't find what I'm looking for, I check both the issue section and the comments section of each issue. Often times, someone else has already provided a solution to my problem.

<https://github.com/EdOverflow/can-i-take-over-xyz>

Thank you

Reach me:\
[Twitter](https://twitter.com/atikqur007)\
[Facebook](https://facebook.com/kind.atik)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://methodological-notes.gitbook.io/methodology/recon-strategies-by-other-hackers/my-top-5-bookmarks-that-i-consistently-use-for-bug-bounty-and-penetration-testing..md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.