From 1a615e77778edca88a242c4f4bc1035748f6633a Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Tue, 2 Feb 2021 09:28:03 +0000
Subject: [PATCH] GitBook: [master] 3 pages modified

---
 external-recon-methodology.md               | 4 ++++
 pentesting/pentesting-web/README.md         | 3 ++-
 pentesting/pentesting-web/buckets/aws-s3.md | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/external-recon-methodology.md b/external-recon-methodology.md
index 439c364c6..833614608 100644
--- a/external-recon-methodology.md
+++ b/external-recon-methodology.md
@@ -243,6 +243,10 @@ Once you have finished looking for subdomains you can use [**dnsgen** ](https://
 While looking for **subdomains** keep an eye to see if it is **pointing** to any type of **bucket**, and in that case [**check the permissions**](pentesting/pentesting-web/buckets/)**.**  
 Also, as at this point you will know all the domains inside the scope, try to [**brute force possible bucket names and check the permissions**](pentesting/pentesting-web/buckets/).
 
+### Monitorization
+
+You can **monitor** if **new subdomains** of a domain are created by monitoring the **Certificate Transparency** Logs [**sublert** ](https://github.com/yassineaboukir/sublert/blob/master/sublert.py)does.
+
 ### Looking for vulnerabilities
 
 Check for possible [**subdomain takeovers**](pentesting-web/domain-subdomain-takeover.md#subdomain-takeover).  
diff --git a/pentesting/pentesting-web/README.md b/pentesting/pentesting-web/README.md
index b4f2012fb..b7da07fdf 100644
--- a/pentesting/pentesting-web/README.md
+++ b/pentesting/pentesting-web/README.md
@@ -184,7 +184,8 @@ Information about SSL/TLS vulnerabilities:
 
 Launch some kind of **spider** inside the web. The goal of the spider is:
 
-* Find all **files** and **folders** \([**gospider**](https://github.com/jaeles-project/gospider)**,** [**dirhunt**](https://github.com/Nekmo/dirhunt)**,** [**envie**](https://github.com/saeeddhqan/evine)\). [Broken link checker](https://github.com/stevenvachon/broken-link-checker) \(lets see if you can takeover something\). You can also find links using [**urlgrab**](https://github.com/IAmStoxe/urlgrab), which supports JS rendering.
+* Find all **files** and **folders** \([**gospider**](https://github.com/jaeles-project/gospider)**,** [**dirhunt**](https://github.com/Nekmo/dirhunt)**,** [**envie**](https://github.com/saeeddhqan/evine)**,** [**hakrawler**](https://github.com/hakluke/hakrawler)\). [Broken link checker](https://github.com/stevenvachon/broken-link-checker) \(lets see if you can takeover something\). You can also find links using [**urlgrab**](https://github.com/IAmStoxe/urlgrab), which supports JS rendering.
+* You can also find paths without accessing the web page using [**meg**](https://github.com/tomnomnom/meg), [**gau**](https://github.com/lc/gau)**.**
 * Find all **possible parameters** for each executable file. You can help yourself in this matter using [ParamSpider](https://github.com/devanshbatham/ParamSpider).
 * Read the next section "**Special Findings**" to search for more information on each file found.
 * [hakrawler](https://github.com/hakluke/hakrawler) can also be interesting
diff --git a/pentesting/pentesting-web/buckets/aws-s3.md b/pentesting/pentesting-web/buckets/aws-s3.md
index 722dcc1c8..af47bd3f3 100644
--- a/pentesting/pentesting-web/buckets/aws-s3.md
+++ b/pentesting/pentesting-web/buckets/aws-s3.md
@@ -263,6 +263,8 @@ If you want to read about how can you exploit meta-data in AWS [you should read
 
 {% embed url="https://github.com/smaranchand/bucky" %}
 
+{% embed url="https://github.com/tomdev/teh\_s3\_bucketeers" %}
+
 \*\*\*\*
 
 ## **List of Open Buckets**