Comment on page
More Tools
- https://www.nmmapper.com/sys/tools/subdomainfinder/ : 8 Subdomain finder tools, sublist3r, amass and more
- https://github.com/gwen001/github-search/blob/master/github-subdomains.py : Subdomain discovery in github
- https://github.com/TypeError/Bookmarks/blob/master/README.md : BurpExtension to avoid dozens repeater tabs
- https://github.com/prodigysml/Dr.-Watson : Burp plugin, offline analysis to discover domains, subdomains and IPs
- https://github.com/fransr/postMessage-tracker : Chrome extension for tracking post-messages functions
- https://github.com/Quitten/Autorize : Automatic authentication tests (remove cookies and try to send the request)
- https://github.com/pikpikcu/xrcross: XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
- https://github.com/l0ss/Grouper2 : find security-related misconfigurations in Active Directory Group Policy.
- https://www.wietzebeukema.nl/blog/powershell-obfuscation-using-securestring : Securestring obfuscation
- https://bestestredteam.com/2018/10/02/tracking-pixel-in-microsoft-office-document/ : Track who open a document
- https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet : Active Directory Cheat Sheet
Tools q veo q pueden molar para analizar firmares (automaticas):
Post-crema:
- IFS (Interplanetary File System) for phising: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/using-the-interplanetary-file-system-for-offensive-operations/
- IP rotation services: https://medium.com/@lokeshdlk77/how-to-rotate-ip-address-in-brute-force-attack-e66407259212
- https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/ : Resources for starting on BugBounties
- https://github.com/doyensec/awesome-electronjs-hacking : This list aims to cover Electron.js security related topics.
Last modified 2yr ago