Home Blogs Ama's Resources Tools Getting started Team

Bug Bounty Forum

Join the group Join the public Facebook group
Intro Recon Exploiting & Scanning Fuzzing & bruteforcing Fingerprinting Decompilers Proxy plugins Monitoring JS Parsing Mobile testing

Recon

DNS Discovery

Name Link
Sublist3r https://github.com/aboul3la/Sublist3r
enumall https://github.com/jhaddix/domain/
massdns https://github.com/blechschmidt/massdns
altdns https://github.com/infosec-au/altdns
brutesubs https://github.com/anshumanbh/brutesubs
dns-parallel-prober https://github.com/lorenzog/dns-parallel-prober
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock

Port scan

Name Link
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan

Screenshots

Name Link
EyeWitness https://github.com/ChrisTruncer/EyeWitness
httpscreenshot https://github.com/breenmachine/httpscreenshot/

Web Discovery

Name Link
DirBuster https://sourceforge.net/projects/dirbuster/
dirb http://dirb.sourceforge.net/
ilebuster https://github.com/henshin/filebuster
gobuster https://github.com/OJ/gobuster
dirsearch https://github.com/maurosoria/dirsearch

Github

Name Link
Gitrob https://github.com/michenriksen/gitrob
git-all-secrets https://github.com/anshumanbh/git-all-secrets
truffleHog https://github.com/dxa4481/truffleHog
git-secrets https://github.com/awslabs/git-secrets
repo-supervisor https://github.com/auth0/repo-supervisor

S3

Name Link
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php

Google Dorks

Name Link
Goohak https://github.com/1N3/Goohak/
GoogD0rker https://github.com/ZephrFish/GoogD0rker/

Hidden parameters

Name Link
parameth https://github.com/mak-/parameth

Old content

Name Link
Wayback Machine https://web.archive.org
waybackrobots https://gist.github.com/mhmdiaa/2742c5e147d49a804b408bfed3d32d07
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Google (with the time filter on) https://google.com

Asset identification

Name Link
Shodan https://shodan.io/
Internet Wide Scan Data http://Repositoryscans.io
censys https://censys.io
Hurricane Electric http://bgp.he.net/

Frameworks

Name Link
Kubebot https://github.com/anshumanbh/kubebot
Intrigue https://github.com/intrigueio/intrigue-core
Sn1per https://github.com/1N3/Sn1per/
scantastic-tool https://github.com/maK-/scantastic-tool/
XRay https://github.com/evilsocket/xray
datasploit https://github.com/DataSploit/datasploit
Inquisitor https://github.com/penafieljlm/inquisitor
Spiderfoot https://github.com/smicallef/spiderfoot
Bug Bounty Forum - Thank you @mhmdiaa for helping to create this tools page