Web

Upgrade Burp

Extensions

BApp Store:

GitHub:

Tools

gobuster

$ gobuster dir -ku 'https://127.0.0.1' -w /usr/share/wordlists/dirbuster/directory-list[-lowercase]-2.3-medium.txt -x php,asp,aspx,jsp,ini,config,cfg,xml,htm,html,json,bak,txt -t 50 -a 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0' -s 200,204,301,302,307,401 -o gobuster/127.0.0.1
$ gobuster dir -ku 'https://127.0.0.1' -w /usr/share/seclists/Discovery/Web-Content/raft-small-words[-lowercase].txt -x php,asp,aspx,jsp,ini,config,cfg,xml,htm,html,json,bak,txt -t 50 -a 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0' -s 200,204,301,302,307,401 -o gobuster/127.0.0.1

wfuzz

$ wfuzz -e encoders
$ wfuzz -c -u 'http://10.10.13.37/index.php?id=FUZZ' -w /usr/share/seclists/Fuzzing/4-digits-0000-9999.txt -f wfuzz.out --hh 1337
$ wfuzz -c -u 'http://10.10.13.37' --basic 'FUZZ:FUZ2Z' -w /usr/share/seclists/Usernames/top-usernames-shortlist.txt -w /usr/share/seclists/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt --hc 1337

aquatone

Default ports:

$ cat targets.txt | ./aquatone -ports 80,443,8000,8080,8443 -out 10.0-255.0-255.0-255

From Nmap XML:

$ ports=`cat nmap/tcp.gnmap | grep -ioP '\d+/open/tcp//http' | awk -F/ '{print $1}' | sort -u | awk 1 ORS=',' | sed 's/.$//'`
$ cat targets.txt | ./aquatone -ports $ports -out 10.0-255.0-255.0-255_nmap
Or
$ cat nmap/tcp.xml | ./aquatone -out 10.0-255.0-255.0-255_nmap

amass

$ amass intel -active -config config.ini -whois -df domains.txt -ipv4 -src -v -o intel.out
$ amass enum -active -brute -config config.ini -df domains.txt -ipv4 -src -v -o enum.out

subfinder

$ subfinder -all -config config.yaml -d hackerone.com -o subdomains.txt [-oI -nW]

shuffledns

$ shuffledns -d hackerone.com -r /opt/dnsvalidator/resolvers.txt -w /usr/share/commonspeak2-wordlists/subdomains/subdomains.txt -o subdomains.txt -t 500

massdns

$ massdns -r /opt/dnsvalidator/resolvers.txt domains.txt -w domains-resolved.txt -o S

chaos

$ chaos -d megacorp.com -key <API_KEY> -http-status-code -http-title -http-url -o chaos.out

nuclei

$ nuclei -update-templates
$ nuclei -l domains.txt -t cves/ -o nuclei.out

httpx

$ httpx -l domains.txt -vhost -http2 -pipeline -title -content-length -status-code -follow-redirects -tls-probe -content-type -location -csp-probe -web-server -stats -ip -cname -cdn -ports 80,81,300,443,591,593,832,981,1010,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5800,6543,7000,7396,7474,8000,8001,8008,8014,8042,8069,8080,8081,8088,8090,8091,8118,8123,8172,8222,8243,8280,8281,8333,8443,8500,8834,8880,8888,8983,9000,9043,9060,9080,9090,9091,9200,9443,9800,9981,12443,16080,18091,18092,20720,28017 -threads 300 -o httpx.out

nikto

$ nikto -h http://127.0.0.1 -Cgidirs all