bugbounty-cheatsheet/cheatsheets/special-tools.md

## Special Tools

**Resolution**

- http://dnsbin.zhack.ca (DNS)
- http://pingb.in (DNS)
- http://requestb.in (HTTP)
- https://www.mockbin.org/ (HTTP)

**Wildcard DNS**

- http://xip.io

```
10.0.0.1.xip.io
www.10.0.0.1.xip.io
mysite.10.0.0.1.xip.io
foo.bar.10.0.0.1.xip.io
```

- http://nip.io

```
10.0.0.1.nip.io
app.10.0.0.1.nip.io
customer1.app.10.0.0.1.nip.io
customer2.app.10.0.0.1.nip.io
otherapp.10.0.0.1.nip.io
```

**Reconnaissance**

- https://spyse.com (fully-fledged recon service)
- https://dnsdumpster.com (DNS and subdomain recon)
- [Reverse IP Lookup](http://reverseip.domaintools.com/) (Domainmonitor)
- [Security headers](https://securityheaders.io/) (Security Report, missing headers)
- http://threatcrowd.org (WHOIS, DNS, email, and subdomain recon)
- https://mxtoolbox.com (wide range of DNS-related recon tools)
- https://publicwww.com/ (Source Code Search Engine)
- http://ipv4info.com/ (Find domains in the IP block owned by a Company/Organization)
- [HackerTarget Tools](https://hackertarget.com/ip-tools/) (DNS recon, site lookup, and scanning tools)
- [VirusTotal](https://virustotal.com/en-gb/domain/google.com/information/) (WHOIS, DNS, and subdomain recon)
- [crt.sh](https://crt.sh/?q=%25.uber.com) (SSL certificate search)
- [Google CT](https://transparencyreport.google.com/https/certificates) (SSL certificate transparency search)
- [PenTest Tools](https://pentest-tools.com/information-gathering/google-hacking) (Google dorks)
- [Wayback Machine](https://archive.org/web/) (Find stuff which was hosted on the domain in past)
- [FindSubdomains](https://findsubdomains.com/) (Find subdomains using domain or keywords)



**Report Templates**

- https://github.com/fransr/template-generator
- https://github.com/ZephrFish/BugBountyTemplates