Content Discovery or Directory brute forcing / fuzzing is a big part in the life of a penetration tester, hacker, Bug Bounty Hunter
Here are some of the tools / wordlist / persons events in a nonspecific order that we talked about during this episode of BOUNTY THURSDAYS:
https://chrome.google.com/webstore/detail/openlist/nkpjembldfckmdchbdiclhfedcngbgnl?hl=sv
https://www.intigriti.com/
https://github.com/epi052/feroxbuster
https://wfuzz.readthedocs.io/en/latest/
https://github.com/ffuf/ffuf
https://github.com/OJ/gobuster
https://nmap.org/nsedoc/scripts/http-enum.html
https://github.com/PortSwigger/turbo-intruder
https://github.com/irsdl/IIS-ShortName-Scanner
https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
https://github.com/GerbenJavado/LinkFinder
https://github.com/six2dez/reconftw
https://wordlists.assetnote.io/
https://github.com/hakluke/hakrawler
https://github.com/PortSwigger/param-miner
https://github.com/tomnomnom/unfurl
https://github.com/lc/gau
https://www.nahamcon.com/
https://soroush.secproject.com/blog/2012/11/file-in-the-hole/
Comments