Finding XSS can sometimes be a repetitive and laborious task. Many attempts at automating the process have been made, yet very little actually come close to getting it right. Today, we’re covering Dalfox, a tool that did get it right. Let’s find some cross-site scripting vulnerabilities! 🙋♂️ What is Dalfox? DalFox is a fast, powerful […]
When facing API endpoints, older tools for directory busting tend to be very ineffective. The days where a webserver is just a directory tree are over. The more modern ‘routes’ have taken over and just wildly bruteforcing filenames isn’t effective anymore. We need to be smarter and scan based on popular API layouts. Let’s look at how KiteRunner can help with that!
Have you ever come across an encoded string, hash, or encrypted message and wondered: “What type of encoding is this?”? Then Ciphey is the tool for you! What is Ciphey? “What type of encryption is this?”, “What hashing algorithm produced this hash?”, “What cipher is being used?”. The answer to those questions, that’s what Ciphey […]
On any website we visit, we’re stuck in a net of security measures keeping us from doing whatever we want. Bug bounty programs give us a unique opportunity to attempt to slip through the tiny holes in that net. However, whilst being focused on fine-grained hunting, we can often lose sight of the bigger picture.
This week, we’re going to discover how Aquatone can help us with that! Are you ready to take a deep dive into this amazing tool?