How often do you find yourself running scans that take ages to complete? How often do you cancel a scan because it has been taking too long? But what if you left it to run for 3 more minutes? Would that have given you a breakthrough result?
EyeWitness is an incredibly tool that allows you to quickly get a feel for what assets to target first. We all know hundreds of content discovery tools that give us vast amounts of data, but do we ever focus on efficiently parsing all that data? How do you go through hundreds of endpoints? If you’re doing it manually, then be sure to read this article as EyeWitness may be of great help to you!
The past can tell stories, show things that should’ve never been uncovered and today we will be looking at that past. We can go hunt for subdomains, secret endpoints, tokens, and secrets, all with the help of Waybackurls. 🙋♂️ What is Waybackurls? Waybackurls by @TomNomNom is a small utility written in Go that will fetch […]
Finding XSS can sometimes be a repetitive and laborious task. Many attempts at automating the process have been made, yet very little actually come close to getting it right. Today, we’re covering Dalfox, a tool that did get it right. Let’s find some cross-site scripting vulnerabilities! 🙋♂️ What is Dalfox? DalFox is a fast, powerful […]
When facing API endpoints, older tools for directory busting tend to be very ineffective. The days where a webserver is just a directory tree are over. The more modern ‘routes’ have taken over and just wildly bruteforcing filenames isn’t effective anymore. We need to be smarter and scan based on popular API layouts. Let’s look at how KiteRunner can help with that!
Have you ever come across an encoded string, hash, or encrypted message and wondered: “What type of encoding is this?”? Then Ciphey is the tool for you! What is Ciphey? “What type of encryption is this?”, “What hashing algorithm produced this hash?”, “What cipher is being used?”. The answer to those questions, that’s what Ciphey […]
On any website we visit, we’re stuck in a net of security measures keeping us from doing whatever we want. Bug bounty programs give us a unique opportunity to attempt to slip through the tiny holes in that net. However, whilst being focused on fine-grained hunting, we can often lose sight of the bigger picture.
This week, we’re going to discover how Aquatone can help us with that! Are you ready to take a deep dive into this amazing tool?