tools-tbhm
Tools
Shell
Tools of The Bug Hunters Methodology V2
NOTE: The following list has been created based on the PPT “The Bug Hunters Methodology V2 by @jhaddix”
Discovery
- Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
- Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
- Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
- Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
- massdns (A high-performance DNS stub resolver).
- ListSubs.txt (A list with a lot of subs).
- EyeWitness (EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible).
- GoBuster (Directory/file & DNS busting tool written in Go).
- RobotsDisallowed (The RobotsDisallowed project is a harvest of the Disallowed directories from the robots.txt).
- Parameth (This tool can be used to brute discover GET and POST parameters).
Web Content
- GroundControl (A collection of scripts that run on my web server).
- Sleepy-Puppy (Sleepy Puppy XSS Payload Management Framework).
- XSSHunter (The XSS Hunter service – a portable version of XSSHunter.com).
- TPLMap (Code and Server-Side Template Injection Detection and Exploitation Tool).
- PsychoPATH (Hunting file uploads & LFI in the dark).
- Commix (Automated All-in-One OS command injection and exploitation tool)
Miscellaneous
- AutoSubTakeover (A tool used to check if a CNAME resolves to the scope adress).
- HostileSubBruteforcer (This app will bruteforce for exisiting subdomains)
- Tko-Subs (A tool that can help detect and takeover subdomains with dead DNS records).
- SandCastle (Python script for AWS S3 bucket enumeration).
- GitRob (Reconnaissance tool for GitHub organizations).
- TruffleHog (Searches through git repositories for high entropy strings, digging deep into commit history)
Plugins BurpSuite
- VulnersCom: https://github.com/vulnersCom/burp-vulners-scanner
- BackSlash-powered-scanner: https://github.com/PortSwigger/backslash-powered-scanner
- Header Checks: https://github.com/eonlight/BurpExtenderHeaderChecks
- pyschPATH: https://github.com/ewilded/psychopath
- HUNT Burp Suite Extension: https://github.com/bugcrowd/HUNT
Credits
- GitHub Jhaddix https://github.com/jhaddix/tbhm
- Bug Bounty Forum https://bugbountyforum.com/tools/
- “The Bug Hunter Methodology V2 by @jhaddix” https://docs.google.com/presentation/d/1p8QiqbGndcEx1gm4_d3ne2fqeTqCTurTC77Lxe82zLY