Search

Content Discovery, the ART of finding secrets on public websites.

Content Discovery or Directory brute forcing / fuzzing is a big part in the life of a penetration tester, hacker, Bug Bounty Hunter


Here are some of the tools / wordlist / persons events in a nonspecific order that we talked about during this episode of BOUNTY THURSDAYS:



https://chrome.google.com/webstore/detail/openlist/nkpjembldfckmdchbdiclhfedcngbgnl?hl=sv

https://www.intigriti.com/

https://github.com/epi052/feroxbuster

https://wfuzz.readthedocs.io/en/latest/

https://github.com/ffuf/ffuf

https://github.com/OJ/gobuster

https://nmap.org/nsedoc/scripts/http-enum.html

https://github.com/PortSwigger/turbo-intruder

https://github.com/irsdl/IIS-ShortName-Scanner

https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content

https://github.com/GerbenJavado/LinkFinder

https://github.com/six2dez/reconftw

https://wordlists.assetnote.io/

https://github.com/hakluke/hakrawler

https://github.com/PortSwigger/param-miner

https://github.com/tomnomnom/unfurl

https://github.com/lc/gau

https://www.nahamcon.com/

https://soroush.secproject.com/blog/2012/11/file-in-the-hole/