Skip to content

Tools

  • Karma V2 (Shodan): https://github.com/Dheerajmadhukar/karma_v2
  • Shosubgo (Subdomain Discovery using Shodan): https://github.com/incogbyte/shosubgo
  • wtfis (Passive Lookup): https://github.com/pirxthepilot/wtfis
  • JWT SECRET Decode -> GitHub
  • BBOT: https://github.com/blacklanternsecurity/bbot

Burp Extensions

  • AuthMatrix/AuthZ/Autorize - Authorization checks
  • Backslash Powered Scanner - Advanced payloads while active scanner
  • Collaborator Everywhere - OOB requests
  • Hackvertor - Advanced Encoder/Decoder
  • Java Serial Killer - payload generation tool for Java object deserialization
  • Handy Collaborator - OOB requests while manual test using Repeater
  • HUNT Suite - Identify common parameters for known vulnerabilities
  • JEEScan - Scanner for Java based application
  • Logger++ - Keeps logs of everything
  • Protobuf Decoder - Protobuf protocol
  • Retire.js - Check for outdated software
  • SAML Editor/SAML Encoder-Decoder/SAML Raider - SAML requests

  • WSDLER/WSDL Wizard - Web service automation

  • GitGraber

  • Subdomains Enumeration using FFUF

    • https://github.com/rajesh6927/subdomain-bruteforce-wordlist/blob/main/Subdomain-wordlist.txt
    • ffuf -w