Mirrors/My-Methodologies
2
0
Fork 0
mirror of https://github.com/xalgord/My-Methodologies.git synced 2024-11-22 03:33:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-81: change request with no subject merged in GitBook

Browse source
This commit is contained in:
Xalgord 2023-08-27 16:49:37 +00:00 committed by gitbook-bot
parent ee3218ef1b
commit cd440700f4
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 58 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
SUMMARY.md
View file

@ -9,6 +9,7 @@
* [🔧 Tools and their Uses](tools-and-their-uses.md)
* [🎯 XSS nuclei template CVE-2023-24488.yaml](xss-nuclei-template-cve-2023-24488.yaml.md)
* [🕵 Recon strategies by other Hackers](recon-strategies-by-other-hackers/README.md)
* [🔎 My top 5 bookmarks that I consistently use for bug bounty and penetration testing.](recon-strategies-by-other-hackers/my-top-5-bookmarks-that-i-consistently-use-for-bug-bounty-and-penetration-testing..md)
* [🔎 Find the treasure hidden inside JavaScript](recon-strategies-by-other-hackers/find-the-treasure-hidden-inside-javascript.md)
* [🔎 Deep-Subdomains-Enumeration-Methodology](recon-strategies-by-other-hackers/deep-subdomains-enumeration-methodology.md)
* [🔎 Extensive Recon Guide For Bug Hunting](recon-strategies-by-other-hackers/extensive-recon-guide-for-bug-hunting.md)

57
recon-strategies-by-other-hackers/my-top-5-bookmarks-that-i-consistently-use-for-bug-bounty-and-penetration-testing..md Normal file
View file

@ -0,0 +1,57 @@
---
description: >-
source:
https://medium.com/@atikqur007/5-must-need-bookmark-for-bug-bounty-hunters-penetration-testers-5941e4588488
---
# 🔎 My top 5 bookmarks that I consistently use for bug bounty and penetration testing.
Hello Folks,
I'd like to share my top 5 personal bookmarks that I repeatedly use while performing penetration testing. Without further ado, let's dive into the topic.
1. [**offsec.tools**](https://offsec.tools/)
<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*j_oKgiEgyuwHPedqXeQB3g.png" alt="" height="364" width="700"><figcaption><p>offsec.tools Dashboard</p></figcaption></figure>
This website features a wide list of bug bounty tools, conveniently sorted by category. If you're looking for subdomain enumeration tools, simply click on the #subdomains category to access the latest tools without having to spend a lot of time searching on Google.
[https://offsec.tools/](https://offsec.tools/)
2\. **PayloadsAllTheThings**
<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*P5PDoDq4mQ72yL7ImujneQ.png" alt="" height="360" width="700"><figcaption></figcaption></figure>
Sometimes, you might struggle to track down payloads for a particular category or simply need to conduct a speedy test with some straightforward payloads. This is when I turn to the PayloadsAllTheThings repository. It contains an extensive collection of basic to advanced payloads covering nearly all types of bugs, including SQL injection, XSS, SSRF, open redirect, and more.
[https://github.com/swisskyrepo/PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
3\. **keyhacks**
<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*On_-gxz_4IcpA85UHGeY1A.png" alt="" height="527" width="700"><figcaption></figcaption></figure>
Do you ever come across an API key that you find during your bug bounty but struggle to figure out how to use it? Or maybe the documentation is too complex to understand? I have a solution for you - the Keyhacks repository. It provides simple commands for using API keys for various web services. Check it out!
[https://github.com/streaak/keyhacks](https://github.com/streaak/keyhacks)
4\. **Domain and IP bulk lookup tool**
<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*HZEQKbLYDu15o1IOfX9yzA.png" alt="" height="404" width="700"><figcaption></figcaption></figure>
When checking the cname or DNS history of subdomains, I prefer to use the Domain and IP bulk lookup tool. The interface is straightforward and the results are displayed beautifully, which is why I tend to use it more often.
[https://www.infobyip.com/ipbulklookup.php](https://www.infobyip.com/ipbulklookup.php)
5\. **Can-i-take-over-xyz**
<figure><img src="https://miro.medium.com/v2/resize:fit:875/1*-XAiKVPRf8FWObxD0LEPFw.png" alt="" height="536" width="700"><figcaption></figcaption></figure>
This is probably my most frequently used and favorite resource. I tend to have a lot of questions and uncertainties regarding subdomain takeover, so I am grateful for how well [**EdOverflow**](https://twitter.com/EdOverflow) manages the repository. I hope that all of your inquiries related to subdomain takeover can be answered here. In the event that I can't find what I'm looking for, I check both the issue section and the comments section of each issue. Often times, someone else has already provided a solution to my problem.
[https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)
Thank you
Reach me:\
[Twitter](https://twitter.com/atikqur007)\
[Facebook](https://facebook.com/kind.atik)