Bug Bounty & Agile Pentesting Platform

EyeWitness – Hacker Tools: Hacking through screenshots 👩‍💻

EyeWitness is an incredibly tool that allows you to quickly get a feel for what assets to target first. We all know hundreds of content discovery tools that give us vast amounts of data, but do we ever focus on efficiently parsing all that data? How do you go through hundreds of endpoints? If you’re doing it manually, then be sure to read this article as EyeWitness may be of great help to you!

Continue reading Continue reading

KiteRunner – Hacker Tools: Next-level API hacking 👩‍💻

When facing API endpoints, older tools for directory busting tend to be very ineffective. The days where a webserver is just a directory tree are over. The more modern ‘routes’ have taken over and just wildly bruteforcing filenames isn’t effective anymore. We need to be smarter and scan based on popular API layouts. Let’s look at how KiteRunner can help with that!

Continue reading Continue reading

Hacker Tools: Aquatone – Visualize your attack surface

On any website we visit, we’re stuck in a net of security measures keeping us from doing whatever we want. Bug bounty programs give us a unique opportunity to attempt to slip through the tiny holes in that net. However, whilst being focused on fine-grained hunting, we can often lose sight of the bigger picture.

This week, we’re going to discover how Aquatone can help us with that! Are you ready to take a deep dive into this amazing tool?

Continue reading Continue reading