crash.software
Projects
Pull Requests
Issues
Builds
Cipherops
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Cipherops Commits 18a437f8
🤬
  • .gitbook/assets/API Hacking - RESTful API.pdf
    Binary file.
  • .gitbook/assets/image (5).png
  • .gitbook/assets/image (6).png
  • ■ ■ ■ ■ ■
    SUMMARY.md
    skipped 8 lines
    9 9  ## Overview
    10 10   
    11 11  * [ℹ Recon Tips](overview/recon-tips/README.md)
    12  - * [Best Recon Technique For Active Subdomain Enumeration](overview/recon-tips/best-recon-technique-for-active-subdomain-enumeration.md)
    13  - * [Mastering the Art of Information Gathering](overview/recon-tips/mastering-the-art-of-information-gathering.md)
     12 + * [Subdomain Enumeration](overview/recon-tips/subdomain-enumeration.md)
    14 13   * [One Liner from Awesome bug bounty](overview/recon-tips/one-liner-from-awesome-bug-bounty.md)
    15 14   * [Resources](overview/recon-tips/resources/README.md)
     15 + * [Best Recon Technique For Active Subdomain Enumeration](overview/recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md)
     16 + * [Mastering the Art of Information Gathering](overview/recon-tips/resources/mastering-the-art-of-information-gathering.md)
    16 17   * [Introducing 20 web-application hacking tools🔥🤩🌵](overview/recon-tips/resources/introducing-20-web-application-hacking-tools.md)
     18 + * [All DAMN vulnerable resources](overview/recon-tips/resources/all-damn-vulnerable-resources.md)
     19 + 
     20 +***
     21 + 
     22 +* [PORT SCANNING](port-scanning.md)
    17 23   
  • ■ ■ ■ ■ ■ ■
    overview/recon-tips/resources/all-damn-vulnerable-resources.md
     1 +# All DAMN vulnerable resources
     2 + 
     3 +### Web application <a href="#web-application" id="web-application"></a>
     4 + 
     5 +* [Damn Vulnerable Web Application (DVWA)](https://github.com/ethicalhack3r/DVWA])
     6 +* [Buggy Web Application (bWAPP)](https://sourceforge.net/projects/bwapp/files/bWAPP/)
     7 +* [JuiceShop](https://github.com/bkimminich/juice-shop)
     8 +* [Multilidae II](https://github.com/webpwnized/mutillidae)
     9 +* [Damn Vulnerable WordPress Site (DVWPS)](https://github.com/vianasw/dvwps)
     10 +* [Damn Small Vulnerable Web (DSVW)](https://github.com/stamparm/DSVW)
     11 +* [WebGoat](https://github.com/WebGoat/WebGoat)
     12 +* [WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET)
     13 +* [Peruggia](https://sourceforge.net/projects/peruggia/)
     14 +* [PuzzleMail](https://code.google.com/archive/p/puzzlemall/)
     15 +* [Bricks](https://sechow.com/bricks/download.html)
     16 +* [Damn Vulnerable Web-Socket (DVWS)](https://github.com/interference-security/DVWS/)
     17 +* [Damn Vulnerable Node.JS Application (DVNA)](https://github.com/appsecco/dvna)
     18 +* [Damn Vulnerable Python Web App (DVPWA)](https://github.com/anxolerd/dvpwa)
     19 +* [Damn Vulnerable Rails App (DVRA)](https://github.com/guilleiguaran/dvra)
     20 +* [NodeGoat (WebGoat + NodeJS)](https://github.com/OWASP/NodeGoat)
     21 +* [RailsGoat (WebGoat + Ruby & Rails)](https://github.com/OWASP/railsgoat)
     22 +* [OWASP - SecurityShepherd](https://github.com/OWASP/SecurityShepherd)
     23 + 
     24 +#### Web Service/API <a href="#web-serviceapi" id="web-serviceapi"></a>
     25 + 
     26 +* [Damn Vulnerable Web Service (DVWS)](https://github.com/snoopysecurity/dvws)
     27 +* [Tiredful API](https://github.com/payatu/Tiredful-API/)
     28 +* [Python Vulnerable API](https://github.com/mattvaldes/vulnerable-api)
     29 +* [Websheep](https://github.com/wishtack/wishtack-websheep)
     30 +* [Damn Vulnerable C# API (DVCsharp-API)](https://github.com/appsecco/dvcsharp-api)
     31 +* [GraphQL security 101](https://github.com/twseptian/graphql-security-labs)
     32 + 
     33 +### Mobile Application <a href="#mobile-application" id="mobile-application"></a>
     34 + 
     35 +#### Android <a href="#android" id="android"></a>
     36 + 
     37 +* [Damn Insecure and Vulnerable App (DIVA)](https://github.com/payatu/diva-android)
     38 +* [OWASP MSTG Hacking Playground](https://github.com/OWASP/MSTG-Hacking-Playground)
     39 +* [Damn Vulnerable Android App (DVAA)](https://code.google.com/p/dvaa/)
     40 +* [Damn Vulnerable FirefoxOS Application (DVFA)](https://github.com/arroway/dvfa)
     41 +* [ExploitMe Mobile Android Labs](https://securitycompass.github.io/AndroidLabs/)
     42 +* [Hacme Bank Android](https://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx)
     43 +* [InsecureBank](https://www.paladion.net/downloadapp.html)
     44 +* [NcN Wargame](https://github.com/NocONName/Wargame\_NcN2012)
     45 +* [OWASP Goatdroid](https://github.com/jackMannino/OWASP-GoatDroid-Project)
     46 + 
     47 +#### IO <a href="#ios" id="ios"></a>
     48 + 
     49 +* [Damn Vulnerable iOS App (DVIA)](https://github.com/prateek147/DVIA)
     50 +* [Damn VUlnerable iOS App + Swift (DVIA-v2)](https://github.com/prateek147/DVIA-v2)
     51 +* [OWASP MSTG Hacking Playground](https://github.com/OWASP/MSTG-Hacking-Playground)
     52 +* [ExploitMe Mobile iPhone Labs](https://securitycompass.github.io/iPhoneLabs/)
     53 +* [OWASP iGoat](https://code.google.com/p/owasp-igoat/)
     54 + 
     55 +#### Hybrid technology <a href="#hybrid-technology" id="hybrid-technology"></a>
     56 + 
     57 +* [Damn Vulnerable Hybrid Mobile (DVHMA)](https://github.com/logicalhacking/DVHMA)
     58 +* [VyAPI - cloud based app as a backend](https://github.com/appsecco/VyAPI)
     59 + 
     60 +### Thick Client <a href="#thick-client" id="thick-client"></a>
     61 + 
     62 +* [Thick Client Application](https://github.com/secvulture/dvta)
     63 +* [Java EE](https://github.com/appsecco/dvja)
     64 + 
     65 +### OS and Hardware <a href="#os-and-hardware" id="os-and-hardware"></a>
     66 + 
     67 +* [Damn Vulnerable Device Driver (DVDD)](https://github.com/pwk4m1/Damn\_Vulnerable\_Device\_Driver)
     68 +* [Damn Vulnerable IoT Device (DVID)](https://github.com/Vulcainreo/DVID)
     69 +* [Damn Vulnerable Router Firmware (DVRF)](https://github.com/praetorian-code/DVRF)
     70 +* [Damn Vulnerable Raspberry Pi (Sticky Fingers DV-PI)](https://whitedome.com.au/re4son/sticky-fingers-dv-pi/)
     71 + 
     72 +### Cyber Physical System <a href="#cyber-physical-system" id="cyber-physical-system"></a>
     73 + 
     74 +* [Damn Vulnerable Chemical Process — Tenneese Eastman (DVCP-TE) — SCADA](https://github.com/satejnik/DVCP-TE)
     75 + 
     76 +### Cloud Infrastructure <a href="#cloud-infrastructure" id="cloud-infrastructure"></a>
     77 + 
     78 +* [Damn Vulnerable Cloud Application (DVCA)](https://github.com/m6a-UdS/dvca)
     79 +* [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat)
     80 +* [Damn Vulnerable Function as a Service (DVFaaS)](https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service)
     81 +* [Damn Vulnerable Serverless Application (DVSA)](https://github.com/OWASP/DVSA)
     82 + 
     83 +### Cryptocurrency and Blockchain <a href="#cryptocurrency-and-blockchain" id="cryptocurrency-and-blockchain"></a>
     84 + 
     85 +* [Damn Vulnerable Crypto Wallet (DVCW)](https://gitlab.com/badbounty/dvcw)
     86 +* [Damn Vulnerable Wallet App (DVWA)](https://github.com/genecyber/Damn-Vulnerable-Wallet-App)
     87 +* [Damn Vulnerable Blockchain App (DVBA)](https://github.com/subashsn/dvba)
     88 +* [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) **New Added - 31 August 2021**
     89 + 
     90 +### Vulnerability as a Service <a href="#vulnerability-as-a-service" id="vulnerability-as-a-service"></a>
     91 + 
     92 +* [Heartbleed - cve-2014-0160](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/) **docker**
     93 +* [SambaCry - cve-2017-7494](https://hub.docker.com/r/vulnerables/cve-2017-7494/) **docker**
     94 +* [Shellshock - cve-2014-6271](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/) **docker**
     95 + 
     96 +### OWASP vulnerability Projects <a href="#owasp-vulnerability-projects" id="owasp-vulnerability-projects"></a>
     97 + 
     98 +* [OWASP Vulnerable Web Applications Directory](https://owasp.org/www-project-vulnerable-web-applications-directory/)
     99 + 
     100 +### IoT <a href="#iot" id="iot"></a>
     101 + 
     102 +* [IoTGoat Project](https://github.com/scriptingxss/IoTGoat)
     103 +* [ByteSweep Project](https://gitlab.com/bytesweep/bytesweep)
     104 + 
     105 + 
     106 + 
     107 +credit :arrow\_down:
     108 + 
     109 +[https://twseptian.github.io/penetration%20testing/pentest/Vulnerable-Resource/#web-application](https://twseptian.github.io/penetration%20testing/pentest/Vulnerable-Resource/#web-application)
     110 + 
  • ■ ■ ■ ■ ■ ■
    overview/recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md
     1 +# Best Recon Technique For Active Subdomain Enumeration
     2 + 
     3 +\
     4 +In this article, we will explore some effective reconnaissance techniques that can assist you in discovering valuable information. Let's dive into these techniques for a comprehensive recon experience.
     5 + 
     6 +<mark style="color:green;">**Technique 1:**</mark> Active Subdomain Enumeration Active subdomain enumeration is a powerful technique often overlooked in favor of passive methods. There are two ways to perform active subdomain enumeration:
     7 + 
     8 +1. <mark style="color:green;">Brute Forcing Subdomains Using Wordlist:</mark> By utilizing a DNS wordlist and tools like FFuF and Best DNS Wordlist, you can effectively brute force subdomains. Execute the following command:
     9 + 
     10 +```
     11 +Command: ffuf -u “https://FUZZ.target.com" -w <path_to_wordlist> -mc 200,301,302,403
     12 +```
     13 + 
     14 +<figure><img src="https://miro.medium.com/max/720/1*6dHXrt4y2JSwyUbn2UufIQ.png" alt="Active Subdomain Enumeration Using FFUF"><figcaption><p>Active Subdomain Enumeration Using FFUF</p></figcaption></figure>
     15 + 
     16 +<mark style="color:green;">Permutation Brute force</mark>: Create a new list of resolved subdomains by employing permutation, mutation, and alteration techniques with a wordlist. The tool altdns simplifies this process. Execute the following command:
     17 + 
     18 +```markup
     19 +Command: altdns -i hackerone.txt -o data_output -r -s final.txt -w words.txt
     20 +```
     21 + 
     22 +<figure><img src="../../../.gitbook/assets/image (4).png" alt="Active Subdomain Enumeration Using FFUF"><figcaption><p>Active Subdomain Enumeration Using FFUF</p></figcaption></figure>
     23 + 
     24 +<mark style="color:green;">Technique 2:</mark> Favicon Hashes Favicons, the icons representing your website, possess unique hash values that can aid in discovering domains sharing the same hash function. Use the FavFreak tool to calculate favicon hashes. Execute the following command:
     25 + 
     26 +```
     27 +Command: cat urls.txt | python3 favfreak.py
     28 +```
     29 + 
     30 +<figure><img src="../../../.gitbook/assets/image (1).png" alt="Favicon hash detecting using FavFreak"><figcaption><p>Favicon hash detecting using FavFreak</p></figcaption></figure>
     31 + 
     32 +Once the hash is calculated, you can use the same on internet search engines such as **shodan** to get the mass websites.
     33 + 
     34 +<figure><img src="https://miro.medium.com/max/720/1*WXdimyHXCrOkWW_YtDTDOQ.png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>Using shodan Search Engine to detect site that have same favicon hashed</p></figcaption></figure>
     35 + 
     36 +More About this Tool [here](https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139).
     37 + 
     38 +<mark style="color:green;">Technique 3</mark>: Nrich is an excellent command-line tool for analyzing IPs in a file for CVEs, open ports, and vulnerabilities. Note that Nrich only accepts IP addresses as input, not domain names. To find IP addresses of hostnames, use the dnsx tool. Execute the following command:
     39 + 
     40 +```
     41 +command: cat subdomains.txt | dnsx -a -resp-only | nrich -
     42 +```
     43 + 
     44 +<figure><img src="../../../.gitbook/assets/image (5).png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
     45 + 
     46 +<mark style="color:green;">Technique 4:</mark> Choosing the Right Target When dealing with applications that have numerous subdomains, selecting the right subdomain to start hunting can be challenging. Utilize the interesting subs gf pattern list to identify interesting subdomains worth investigating. Execute the following command:
     47 + 
     48 +```
     49 +cat subdoma.txt | gf interestingsubs
     50 +```
     51 + 
     52 +<figure><img src="https://miro.medium.com/max/720/1*TsN_DOGqFOX-CYv7G-Sbjw.png" alt="gf interestingsubs pattern list to find interesting subdomains"><figcaption><p>gf interestingsubs <strong>pattern list to find interesting subdomains</strong></p></figcaption></figure>
     53 + 
     54 +####
     55 + 
     56 +<figure><img src="https://miro.medium.com/max/720/1*Dz43T4JUM49M4vdpgSlCYw.png" alt="Performing whoislookup on target domain"><figcaption><p>Performing whoislookup on target domain</p></figcaption></figure>
     57 + 
     58 + 
     59 + 
     60 +<figure><img src="https://miro.medium.com/max/720/1*bVYAtg61mEC2Hg_oO1cevA.jpeg" alt="Searching For Tech Emails"><figcaption><p>Searching For Tech Emails</p></figcaption></figure>
     61 + 
     62 +<mark style="color:green;">Technique 5</mark>: Reverse Whoislookup Performing a WHOIS lookup on a target domain and checking for Tech Emails can provide WHOIS registration results. This information can be utilized to gather all assets associated with an organization. Follow these steps: A. Perform a WHOIS lookup on the target domain and check for Tech Emails. B. Visit drs.whoisxmlapi.com, sign up/login (500 free credits initially), and search with the Tech Email to discover all assets belonging to the target organization.
     63 + 
     64 +<mark style="color:green;">Technique 6</mark>: Uncover, a powerful tool developed by the Projectdisovery team, enables you to swiftly discover exposed hosts on the internet. It leverages Shodan, Censys, and Fofa for host discovery. To make the most of Uncover, create a dorks list and provide it as input. Execute the following command:
     65 + 
     66 +```
     67 +Command: cat dorks.txt | uncover
     68 +```
     69 + 
     70 +<figure><img src="../../../.gitbook/assets/image (10).png" alt=""><figcaption><p>uncover tool link <a href="https://github.com/projectdiscovery/uncover">https://github.com/projectdiscovery/uncover</a></p></figcaption></figure>
     71 + 
     72 + 
     73 + 
     74 +: Finding Hidden Paths Using Meg Discovering hidden paths or directories is a crucial reconnaissance technique. Meg is a powerful tool that facilitates quick and efficient directory brute-forcing without overwhelming network traffic. Execute the following command:
     75 + 
     76 +```
     77 +Command: meg paths.txt hosts.txt output
     78 +```
     79 + 
     80 +<figure><img src="https://miro.medium.com/max/720/1*hQwOzRPoo7zWDYUWvO0aoQ.png" alt="File List Created for the host xyz.com with request and response"><figcaption><p>File List Created for the host xyz.com with request and response</p></figcaption></figure>
     81 + 
     82 +<mark style="color:green;">Technique 8</mark>: Finding Open Ports and Services Identifying open ports and services running on them is essential for web application assessment. Naabu is a fast port scanner that simplifies the process and even allows running Nmap scans. Execute the following command:
     83 + 
     84 +```
     85 +Command: naabu -host target.com
     86 +```
     87 + 
     88 +<figure><img src="../../../.gitbook/assets/image (9).png" alt=""><figcaption><p>Finding open ports and service running using naabu</p></figcaption></figure>
     89 + 
     90 +:clap:Thank you for taking the time to explore these amazing reconnaissance techniques. :smile:We hope you found this blog informative and useful in your endeavors.
     91 + 
  • ■ ■ ■ ■ ■ ■
    overview/recon-tips/resources/mastering-the-art-of-information-gathering.md
     1 +---
     2 +description: 'NOTE: This is just a information, for further reading do check the article'
     3 +---
     4 + 
     5 +# Mastering the Art of Information Gathering
     6 + 
     7 +### <mark style="color:green;">Introduction</mark>
     8 + 
     9 +* Article source: [Recon Everything](https://infosecwriteups.com/recon-everything-48aafbb8987)
     10 +* Key focus: Comprehensive notes on mastering the art of information gathering through reconnaissance techniques.
     11 + 
     12 +### <mark style="color:green;">Table of Contents</mark>:
     13 + 
     14 +1. What is Reconnaissance?
     15 +2. Passive Reconnaissance Techniques
     16 + * WHOIS Lookup
     17 + * Google Dorking
     18 + * OSINT (Open-Source Intelligence)
     19 +3. Active Reconnaissance Techniques
     20 + * Port Scanning
     21 + * Banner Grabbing
     22 + * DNS Enumeration
     23 +4. Web Reconnaissance Techniques
     24 + * Website Crawling
     25 + * Subdomain Enumeration
     26 + * Web Application Fingerprinting
     27 +5. Network Reconnaissance Techniques
     28 + * Network Scanning
     29 + * ARP Scanning
     30 + * SNMP Enumeration
     31 +6. Social Engineering Reconnaissance Techniques
     32 + * Social Media Profiling
     33 + * Phishing
     34 + * Dumpster Diving
     35 +7. Tools and Resources for Reconnaissance
     36 + * Nmap
     37 + * theHarvester
     38 + * Shodan
     39 + * Recon-ng
     40 + * Maltego
     41 + * SpiderFoot
     42 +8. Reconnaissance Best Practices
     43 + * Legal and Ethical Considerations
     44 + * Information Gathering Methodology
     45 + * Documentation and Reporting
     46 +9. Conclusion
     47 + 
     48 +### <mark style="color:green;">Summary and Key Takeaways:</mark>
     49 + 
     50 +* Reconnaissance is the process of gathering information to gain insight into a target system or organization.
     51 +* Passive techniques involve collecting publicly available data without directly interacting with the target.
     52 +* Active techniques involve direct interaction and probing of the target system.
     53 +* Web reconnaissance focuses on gathering information about websites, subdomains, and web applications.
     54 +* Network reconnaissance aims to discover hosts, open ports, and network vulnerabilities.
     55 +* Social engineering reconnaissance involves collecting information through social manipulation techniques.
     56 +* Various tools and resources are available to streamline the reconnaissance process.
     57 +* Adhering to legal and ethical guidelines is crucial during reconnaissance activities.
     58 +* A structured methodology and proper documentation enhance the effectiveness of reconnaissance efforts.
     59 + 
     60 +### <mark style="color:green;">Conclusion</mark>
     61 + 
     62 +Reconnaissance serves as the foundation for successful information gathering in the field of cybersecurity. By understanding the various techniques and tools available, security professionals can gain valuable insights into their targets. However, it is essential to remember the importance of legal and ethical considerations when conducting reconnaissance activities. With a comprehensive approach and proper documentation, the art of reconnaissance can be mastered, leading to more effective cybersecurity strategies.
     63 + 
     64 +Note: This article was created based on the content from [Recon Everything](https://infosecwriteups.com/recon-everything-48aafbb8987) as a reference source.
     65 + 
  • ■ ■ ■ ■ ■ ■
    overview/recon-tips/subdomain-enumeration.md
     1 +# Subdomain Enumeration
     2 + 
     3 +1. Sublist3r - Fast subdomains enumeration tool for penetration testers
     4 + * Repository: [Sublist3r](https://github.com/aboul3la/Sublist3r)
     5 +2. Amass - In-depth Attack Surface Mapping and Asset Discovery
     6 + * Repository: [Amass](https://github.com/OWASP/Amass)
     7 +3. massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
     8 + * Repository: [massdns](https://github.com/blechschmidt/massdns)
     9 +4. Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time.
     10 + * Repository: [Findomain](https://github.com/Findomain/Findomain)
     11 +5. Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
     12 + * Repository: [Sudomy](https://github.com/Screetsec/Sudomy)
     13 +6. chaos-client - Go client to communicate with Chaos DNS API. domained
     14 + * Repository: [chaos-client](https://github.com/projectdiscovery/chaos-client)
     15 +7. domained - Multi Tool Subdomain Enumeration
     16 + * Repository: [domained](https://github.com/TypeError/domained)
     17 +8. bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
     18 + * Repository: [bugcrowd-levelup-subdomain-enumeration](https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration)
     19 +9. shuffledns - shuffleDNS is a wrapper around massdns written in Go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…
     20 + * Repository: [shuffledns](https://github.com/projectdiscovery/shuffledns)
     21 +10. censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
     22 + * Repository: [censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder)
     23 +11. Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains
     24 + * Repository: [Turbolist3r](https://github.com/fleetcaptain/Turbolist3r)
     25 +12. censys-enumeration - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
     26 + * Repository: [censys-enumeration](https://github.com/0xbharath/censys-enumeration)
     27 +13. tugarecon - Fast subdomains enumeration tool for penetration testers.
     28 + * Repository: [tugarecon](https://github.com/LordNeoStark/tugarecon)
     29 +14. as3nt - Another Subdomain ENumeration Tool
     30 + * Repository: [as3nt](https://github.com/cinerieus/as3nt)
     31 +15. Subra - A Web-UI for subdomain enumeration (subfinder)
     32 + * Repository: [Subra](https://github.com/si9int/Subra)
     33 +16. Substr3am - Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
     34 + * Repository: [Substr3am](https://github.com/nexxai/Substr3am)
     35 +17. domain - enumall.py Setup script for Regon-ng
     36 + * Repository: [domain](https://github.com/jhaddix/domain/)
     37 +18. altdns - Generates permutations, alterations, and mutations of subdomains and then resolves them
     38 + * Repository: [altdns](https://github.com/infosec-au/altdns)
     39 +19. brutesubs - An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
     40 + * Repository: [brutesubs](https://github.com/anshumanbh/brutesubs)
     41 +20. dns-parallel-prober - This is a parallelized domain name prober to find as many subdomains of a given domain as fast as possible.
     42 + * Repository: [dns-parallel-prober](https://github.com/lorenzog/dns-parallel-prober)
     43 +21. dnscan - dnscan is a python wordlist-based DNS subdomain scanner.
     44 + * Repository: [dnscan](https://github.com/rbsec/dnscan)
     45 +22. knock - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
     46 + * Repository: [knock](https://github.com/guelfoweb/knock)
     47 +23. hakrevdns - Small, fast tool for performing reverse DNS lookups enmass
     48 + * Repository: [hakrevdns](https://github.com/hakluke/hakrevdns)
     49 +24. dnsx - Dnsx is a fast and multi-purpose DNS toolkit that allows you to run multiple DNS queries of your choice with a list of user-supplied resolvers.
     50 + * Repository: [dnsx](https://github.com/projectdiscovery/dnsx)
     51 +25. subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites.
     52 + * Repository: [subfinder](https://github.com/projectdiscovery/subfinder)
     53 +26. assetfinder - Find domains and subdomains related to a given domain
     54 + * Repository: [assetfinder](https://github.com/tomnomnom/assetfinder)
     55 +27. crtndstry - Yet another subdomain finder
     56 + * Repository: [crtndstry](https://github.com/nahamsec/crtndstry)
     57 +28. VHostScan - A virtual host scanner that performs reverse lookups
     58 + * Repository: [VHostScan](https://github.com/codingo/VHostScan)
     59 +29. scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
     60 + * Repository: [scilla](https://github.com/edoardottt/scilla)
     61 +30. sub3suite - A research-grade suite of tools for subdomain enumeration, intelligence gathering, and attack surface mapping.
     62 + * Repository: [sub3suite](https://github.com/3nock/sub3suite)
     63 + 
     64 +## Subdomain Enumeration Tools
     65 + 
     66 +Below is a list of powerful subdomain enumeration tools that can aid in reconnaissance and penetration testing:
     67 + 
     68 +1. Sublist3r - Fast subdomains enumeration tool for penetration testers
     69 + * Repository: [Sublist3r](https://github.com/aboul3la/Sublist3r)
     70 +2. Amass - In-depth Attack Surface Mapping and Asset Discovery
     71 + * Repository: [Amass](https://github.com/OWASP/Amass)
     72 +3. massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
     73 + * Repository: [massdns](https://github.com/blechschmidt/massdns)
     74 +4. Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time.
     75 + * Repository: [Findomain](https://github.com/Findomain/Findomain)
     76 +5. Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
     77 + * Repository: [Sudomy](https://github.com/Screetsec/Sudomy)
     78 +6. chaos-client - Go client to communicate with Chaos DNS API. domained
     79 + * Repository: [chaos-client](https://github.com/projectdiscovery/chaos-client)
     80 +7. domained - Multi Tool Subdomain Enumeration
     81 + * Repository: [domained](https://github.com/TypeError/domained)
     82 +8. bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
     83 + * Repository: [bugcrowd-levelup-subdomain-enumeration](https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration)
     84 +9. shuffledns - shuffleDNS is a wrapper around massdns written in Go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…
     85 + * Repository: [shuffledns](https://github.com/projectdiscovery/shuffledns)
     86 +10. censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
     87 + * Repository: [censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder)
     88 +11. Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains
     89 + * Repository: [Turbolist3r](https://github.com/fleetcaptain/Turbolist3r)
     90 +12. censys-enumeration - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
     91 + * Repository: [censys-enumeration](https://github.com/0xbharath/censys-enumeration)
     92 +13. tugarecon - Fast subdomains enumeration tool for penetration testers.
     93 + * Repository: [tugarecon](https://github.com/LordNeoStark/tugarecon)
     94 +14. as3nt - Another Subdomain ENumeration Tool
     95 + * Repository: [as3nt](https://github.com/cinerieus/as3nt)
     96 +15. Subra - A Web-UI for subdomain enumeration (subfinder)
     97 + * Repository: [Subra](https://github.com/si9int/Subra)
     98 +16. Substr3am - Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
     99 + * Repository: [Substr3am](https://github.com/nexxai/Substr3am)
     100 +17. domain - enumall.py Setup script for Regon-ng
     101 + * Repository: [domain](https://github.com/jhaddix/domain/)
     102 +18. altdns - Generates permutations, alterations, and mutations of subdomains and then resolves them
     103 + * Repository: [altdns](https://github.com/infosec-au/altdns)
     104 +19. brutesubs - An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
     105 + * Repository: [brutesubs](https://github.com/anshumanbh/brutesubs)
     106 +20. dns-parallel-prober - This is a parallelized domain name prober to find as many subdomains of a given domain as fast as possible.
     107 + * Repository: [dns-parallel-prober](https://github.com/lorenzog/dns-parallel-prober)
     108 +21. dnscan - dnscan is a python wordlist-based DNS subdomain scanner.
     109 + * Repository: [dnscan](https://github.com/rbsec/dnscan)
     110 +22. knock - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
     111 + * Repository: [knock](https://github.com/guelfoweb/knock)
     112 +23. hakrevdns - Small, fast tool for performing reverse DNS lookups enmass
     113 + * Repository: [hakrevdns](https://github.com/hakluke/hakrevdns)
     114 +24. dnsx - Dnsx is a fast and multi-purpose DNS toolkit that allows you to run multiple DNS queries of your choice with a list of user-supplied resolvers.
     115 + * Repository: [dnsx](https://github.com/projectdiscovery/dnsx)
     116 +25. subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites.
     117 + * Repository: [subfinder](https://github.com/projectdiscovery/subfinder)
     118 +26. assetfinder - Find domains and subdomains related to a given domain
     119 + * Repository: [assetfinder](https://github.com/tomnomnom/assetfinder)
     120 +27. crtndstry - Yet another subdomain finder
     121 + * Repository: [crtndstry](https://github.com/nahamsec/crtndstry)
     122 +28. VHostScan - A virtual host scanner that performs reverse lookups
     123 + * Repository: [VHostScan](https://github.com/codingo/VHostScan)
     124 +29. scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
     125 + * Repository: [scilla](https://github.com/edoardottt/scilla)
     126 +30. sub3suite - A research-grade suite of tools for subdomain enumeration, intelligence gathering, and attack surface mapping.
     127 + * Repository: [sub3suite](https://github.com/3nock/sub3suite)
     128 + 
     129 +```markdown
     130 +# Subdomain Enumeration Tools
     131 + 
     132 +Below is a list of powerful subdomain enumeration tools that can aid in reconnaissance and penetration testing:
     133 + 
     134 +1. Sublist3r - Fast subdomains enumeration tool for penetration testers
     135 + - Repository: [Sublist3r](https://github.com/aboul3la/Sublist3r)
     136 + 
     137 +2. Amass - In-depth Attack Surface Mapping and Asset Discovery
     138 + - Repository: [Amass](https://github.com/OWASP/Amass)
     139 + 
     140 +3. massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
     141 + - Repository: [massdns](https://github.com/blechschmidt/massdns)
     142 + 
     143 +4. Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time.
     144 + - Repository: [Findomain](https://github.com/Findomain/Findomain)
     145 + 
     146 +5. Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
     147 + - Repository: [Sudomy](https://github.com/Screetsec/Sudomy)
     148 + 
     149 +6. chaos-client - Go client to communicate with Chaos DNS API. domained
     150 + - Repository: [chaos-client](https://github.com/projectdiscovery/chaos-client)
     151 + 
     152 +7. domained - Multi Tool Subdomain Enumeration
     153 + - Repository: [domained](https://github.com/TypeError/domained)
     154 + 
     155 +8. bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
     156 + - Repository: [bugcrowd-levelup-subdomain-enumeration](https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration)
     157 + 
     158 +9. shuffledns - shuffleDNS is a wrapper around massdns written in Go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…
     159 + - Repository: [shuffledns](https://github.com/projectdiscovery/shuffledns)
     160 + 
     161 +10. censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.
     162 + - Repository: [censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder)
     163 + 
     164 +11. Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains
     165 + - Repository: [Turbolist3r](https://github.com/fleetcaptain/Turbolist3r)
     166 + 
     167 +12. censys-enumeration - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
     168 + - Repository: [censys-enumeration](https://github.com/0xbharath/censys-enumeration)
     169 + 
     170 +13. tugarecon - Fast subdomains enumeration tool for penetration testers.
     171 + - Repository: [tugarecon](https://github.com/LordNeoStark/tugarecon)
     172 + 
     173 +14. as3nt - Another Subdomain ENumeration Tool
     174 + - Repository: [as3nt](https://github.com/cinerieus/as3nt)
     175 + 
     176 +15. Subra - A Web-UI for subdomain enumeration (subfinder)
     177 + - Repository: [Subra](https://github.com/si9int/Subra)
     178 + 
     179 +16. Substr3am - Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued
     180 + - Repository: [Substr3am](https://github.com/nexxai/Substr3am)
     181 + 
     182 +17. domain - enumall.py Setup script for Regon-ng
     183 + - Repository: [domain](https://github.com/jhaddix/domain/)
     184 + 
     185 +18. altdns - Generates permutations, alterations, and mutations of subdomains and then resolves them
     186 + - Repository: [altdns](https://github.com/infosec-au/altdns)
     187 + 
     188 +19. brutesubs - An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose
     189 + - Repository: [brutesubs](https://github.com/anshumanbh/brutesubs)
     190 + 
     191 +20. dns-parallel-prober - This is a parallelized domain name prober to find as many subdomains of a given domain as fast as possible.
     192 + - Repository: [dns-parallel-prober](https://github.com/lorenzog/dns-parallel-prober)
     193 + 
     194 +21. dnscan - dnscan is a python wordlist-based DNS subdomain scanner.
     195 + - Repository: [dnscan](https://github.com/rbsec/dnscan)
     196 + 
     197 +22. knock - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
     198 + - Repository: [knock](https://github.com/guelfoweb/knock)
     199 + 
     200 +23. hakrevdns - Small, fast tool for performing reverse DNS lookups enmass
     201 + - Repository: [hakrevdns](https://github.com/hakluke/hakrevdns)
     202 + 
     203 +24. dnsx - Dnsx is a fast and multi-purpose DNS toolkit that allows you to run multiple DNS queries of your choice with a list of user-supplied resolvers.
     204 + - Repository: [dnsx](https://github.com/projectdiscovery/dnsx)
     205 + 
     206 +25. subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites.
     207 + - Repository: [subfinder](https://github.com/projectdiscovery/subfinder)
     208 + 
     209 +26. assetfinder - Find domains and subdomains related to a given domain
     210 + - Repository: [assetfinder](https://github.com/tomnomnom/assetfinder)
     211 + 
     212 +27. crtndstry - Yet another subdomain finder
     213 + - Repository: [crtndstry](https://github.com/nahamsec/crtndstry)
     214 + 
     215 +28. VHostScan - A virtual host scanner that performs reverse lookups
     216 + - Repository: [VHostScan](https://github.com/codingo/VHostScan)
     217 + 
     218 +29. scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
     219 + - Repository: [scilla](https://github.com/edoardottt/scilla)
     220 + 
     221 +30. sub3suite - A research-grade suite of tools for subdomain enumeration, intelligence gathering, and attack surface mapping.
     222 + - Repository: [sub3suite](https://github.com/3nock/sub3suite)
     223 + 
     224 +```
     225 + 
     226 +Feel free to explore these tools and choose the one that best fits your needs for subdomain enumeration. <mark style="color:green;">Happy hunting!</mark>:smile:
     227 + 
  • ■ ■ ■ ■ ■ ■
    port-scanning.md
     1 +# PORT SCANNING
     2 + 
     3 +1. masscan - TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
     4 + * Repository: [masscan](https://github.com/robertdavidgraham/masscan)
     5 +2. RustScan - The Modern Port Scanner
     6 + * Repository: [RustScan](https://github.com/RustScan/RustScan)
     7 +3. naabu - A fast port scanner written in Go with a focus on reliability and simplicity.
     8 + * Repository: [naabu](https://github.com/projectdiscovery/naabu)
     9 +4. nmap - Nmap - the Network Mapper. Github mirror of the official SVN repository.
     10 + * Repository: [nmap](https://github.com/nmap/nmap)
     11 +5. sandmap - Nmap on steroids. Simple CLI with the ability to run the pure Nmap engine, 31 modules with 459 scan profiles.
     12 + * Repository: [sandmap](https://github.com/trimstray/sandmap)
     13 +6. ScanCannon - Combines the speed of masscan with the reliability and detailed enumeration of nmap.
     14 + * Repository: [ScanCannon](https://github.com/johnnyxmas/ScanCannon)
     15 + 
     16 +{% code overflow="wrap" %}
     17 +```markdown
     18 +## Port Scanning
     19 + 
     20 +1. **masscan** - TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
     21 + - Repository: [masscan](https://github.com/robertdavidgraham/masscan)
     22 + 
     23 +2. **RustScan** - The Modern Port Scanner
     24 + - Repository: [RustScan](https://github.com/RustScan/RustScan)
     25 + 
     26 +3. **naabu** - A fast port scanner written in Go with a focus on reliability and simplicity.
     27 + - Repository: [naabu](https://github.com/projectdiscovery/naabu)
     28 + 
     29 +4. **nmap** - Nmap - the Network Mapper. Github mirror of the official SVN repository.
     30 + - Repository: [nmap](https://github.com/nmap/nmap)
     31 + 
     32 +5. **sandmap** - Nmap on steroids. Simple CLI with the ability to run the pure Nmap engine, 31 modules with 459 scan profiles.
     33 + - Repository: [sandmap](https://github.com/trimstray/sandmap)
     34 + 
     35 +6. **ScanCannon** - Combines the speed of masscan with the reliability and detailed enumeration of nmap.
     36 + - Repository: [ScanCannon](https://github.com/johnnyxmas/ScanCannon)
     37 + 
     38 +These tools provide efficient port scanning capabilities with varying features and performance. Choose the one that best suits your requirements for port scanning tasks.
     39 + 
     40 +```
     41 +{% endcode %}
     42 + 
     43 +These tools provide efficient port scanning capabilities with varying features and performance. Choose the one that best suits your requirements for port scanning tasks.
     44 + 
Please wait...
Page is in error, reload to recover