bugbounty-cheatsheet/cheatsheets/special-tools.md

Special Tools

Resolution

• http://dnsbin.zhack.ca (DNS)
• http://pingb.in (DNS)
• http://requestb.in (HTTP)
• https://www.mockbin.org/ (HTTP)

Wildcard DNS

• http://xip.io

10.0.0.1.xip.io
www.10.0.0.1.xip.io
mysite.10.0.0.1.xip.io
foo.bar.10.0.0.1.xip.io

• http://nip.io

10.0.0.1.nip.io
app.10.0.0.1.nip.io
customer1.app.10.0.0.1.nip.io
customer2.app.10.0.0.1.nip.io
otherapp.10.0.0.1.nip.io

Reconnaissance

• https://spyse.com (fully-fledged recon service)
• https://dnsdumpster.com (DNS and subdomain recon)
• Reverse IP Lookup (Domainmonitor)
• Security headers (Security Report, missing headers)
• http://threatcrowd.org (WHOIS, DNS, email, and subdomain recon)
• https://mxtoolbox.com (wide range of DNS-related recon tools)
• https://publicwww.com/ (Source Code Search Engine)
• http://ipv4info.com/ (Find domains in the IP block owned by a Company/Organization)
• HackerTarget Tools (DNS recon, site lookup, and scanning tools)
• VirusTotal (WHOIS, DNS, and subdomain recon)
• crt.sh (SSL certificate search)
• Google CT (SSL certificate transparency search)
• PenTest Tools (Google dorks)
• Wayback Machine (Find stuff which was hosted on the domain in past)
• FindSubdomains (Find subdomains using domain or keywords)

Report Templates

• https://github.com/fransr/template-generator
• https://github.com/ZephrFish/BugBountyTemplates