Fuzzing / Wordlists

  1. 9.
    Content Discovery - https://twitter.com/Alra3ees/status/1208502084246671366 (Also downloaded the same)
  2. 11.
    Dirbuster - When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:
    dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u - https://twitter.com/i/status/1221792235215151104
  3. 16.
    Status codes - hakul/hakcrawl - gofetch , statusparser
  4. 17.
    What are your normal testing steps when you see a 401? - https://twitter.com/nomanAli181/status/1146411693590736896
  5. 19.
    https://github.com/deibit/cansina - web content discovery
  6. 24.
    Jhaddix -
Tools - Fast web fuzzer written in Go - https://github.com/ffuf/ffuf
When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:
dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u
Any tool to dedupe a list of urls according their parameters? I mean keep only 1 url if it appears several times with same params no matter their values - https://twitter.com/gwendallecoguic/status/1207435306410168322
https://twitter.com/Mah3Sec_/status/1325030700039368709
Exploiting: