🔎My top 5 bookmarks that I consistently use for bug bounty and penetration testing.
source: https://medium.com/@atikqur007/5-must-need-bookmark-for-bug-bounty-hunters-penetration-testers-5941e4588488
Last updated
source: https://medium.com/@atikqur007/5-must-need-bookmark-for-bug-bounty-hunters-penetration-testers-5941e4588488
Last updated
Hello Folks,
I'd like to share my top 5 personal bookmarks that I repeatedly use while performing penetration testing. Without further ado, let's dive into the topic.
This website features a wide list of bug bounty tools, conveniently sorted by category. If you're looking for subdomain enumeration tools, simply click on the #subdomains category to access the latest tools without having to spend a lot of time searching on Google.
2. PayloadsAllTheThings
Sometimes, you might struggle to track down payloads for a particular category or simply need to conduct a speedy test with some straightforward payloads. This is when I turn to the PayloadsAllTheThings repository. It contains an extensive collection of basic to advanced payloads covering nearly all types of bugs, including SQL injection, XSS, SSRF, open redirect, and more.
https://github.com/swisskyrepo/PayloadsAllTheThings
3. keyhacks
Do you ever come across an API key that you find during your bug bounty but struggle to figure out how to use it? Or maybe the documentation is too complex to understand? I have a solution for you - the Keyhacks repository. It provides simple commands for using API keys for various web services. Check it out!
https://github.com/streaak/keyhacks
4. Domain and IP bulk lookup tool
When checking the cname or DNS history of subdomains, I prefer to use the Domain and IP bulk lookup tool. The interface is straightforward and the results are displayed beautifully, which is why I tend to use it more often.
https://www.infobyip.com/ipbulklookup.php
5. Can-i-take-over-xyz
This is probably my most frequently used and favorite resource. I tend to have a lot of questions and uncertainties regarding subdomain takeover, so I am grateful for how well EdOverflow manages the repository. I hope that all of your inquiries related to subdomain takeover can be answered here. In the event that I can't find what I'm looking for, I check both the issue section and the comments section of each issue. Often times, someone else has already provided a solution to my problem.
https://github.com/EdOverflow/can-i-take-over-xyz
Thank you
