How often do you find yourself running scans that take ages to complete? How often do you cancel a scan because it has been taking too long? But what if you left it to run for 3 more minutes? Would that have given you a breakthrough result?
EyeWitness is an incredibly tool that allows you to quickly get a feel for what assets to target first. We all know hundreds of content discovery tools that give us vast amounts of data, but do we ever focus on efficiently parsing all that data? How do you go through hundreds of endpoints? If you’re doing it manually, then be sure to read this article as EyeWitness may be of great help to you!
As a bug bounty hunter, you need to get a good view of all the pages and endpoints your targets host. Manually enumerating these can become labour intensive, boring and on top of that, is prone to errors. Today we’re going to look at GoSpider, a tool that can do all this for us! 🙋♂️ […]
A CRLF injection is the injection of newlines in places where the server doesn’t expect newlines. This can cause a plethora of vulnerabilities including XSS, session fixation, cookie injection, open redirect, and much more! What are we waiting for? Let’s check out CRLFuzz, the tool that can help you! 🙋♂️ What is CRLFuzz? CRLFuzz is […]
The past can tell stories, show things that should’ve never been uncovered and today we will be looking at that past. We can go hunt for subdomains, secret endpoints, tokens, and secrets, all with the help of Waybackurls. 🙋♂️ What is Waybackurls? Waybackurls by @TomNomNom is a small utility written in Go that will fetch […]
Finding XSS can sometimes be a repetitive and laborious task. Many attempts at automating the process have been made, yet very little actually come close to getting it right. Today, we’re covering Dalfox, a tool that did get it right. Let’s find some cross-site scripting vulnerabilities! 🙋♂️ What is Dalfox? DalFox is a fast, powerful […]
When facing API endpoints, older tools for directory busting tend to be very ineffective. The days where a webserver is just a directory tree are over. The more modern ‘routes’ have taken over and just wildly bruteforcing filenames isn’t effective anymore. We need to be smarter and scan based on popular API layouts. Let’s look at how KiteRunner can help with that!
WordPress is huge! Some even estimate 30% of public websites run it in some way or another. In fact, you’re reading this on a WordPress page. Are all of these sites secure? No! Not at all. While the latest up to date version of WordPress is very likely to be secure (until someone finds a […]
Every bug bounty journey starts in the same way: Reconnaissance. We need to scope out our target. Find out what they are hosting, what services are running, what ports are open and so on. This can be extremely time-consuming when done manually, not to think of the nightmare to organise all these insights. Luckily ReNgine […]