Bug Bounty & Agile Pentesting Platform

EyeWitness – Hacker Tools: Hacking through screenshots 👩‍💻

EyeWitness is an incredibly tool that allows you to quickly get a feel for what assets to target first. We all know hundreds of content discovery tools that give us vast amounts of data, but do we ever focus on efficiently parsing all that data? How do you go through hundreds of endpoints? If you’re doing it manually, then be sure to read this article as EyeWitness may be of great help to you!

Continue reading Continue reading

CRLFuzz – Hacker Tools: Injecting CRLF for bounties 👩‍💻

A CRLF injection is the injection of newlines in places where the server doesn’t expect newlines. This can cause a plethora of vulnerabilities including XSS, session fixation, cookie injection, open redirect, and much more! What are we waiting for? Let’s check out CRLFuzz, the tool that can help you! 🙋‍♂️ What is CRLFuzz? CRLFuzz is […]

Continue reading Continue reading

KiteRunner – Hacker Tools: Next-level API hacking 👩‍💻

When facing API endpoints, older tools for directory busting tend to be very ineffective. The days where a webserver is just a directory tree are over. The more modern ‘routes’ have taken over and just wildly bruteforcing filenames isn’t effective anymore. We need to be smarter and scan based on popular API layouts. Let’s look at how KiteRunner can help with that!

Continue reading Continue reading