STRLCPY/Cipherops

GITBOOK-12: change request with no subject merged in GitBook
Adwaith committed with gitbook-bot 1 year ago

dc27ada5

1 parent fbf097dd

■ ■ ■ ■ ■ ■

SUMMARY.md

		skipped 27 lines
28	28		* [cybersecurity YouTube channels](cybersecurity-youtube-channels.md)
29	29		* [Try-Hack-me Roadmap](try-hack-me-roadmap.md)
30	30		* [OSINT](osint.md)
	31	+	* [Screenshots](screenshots.md)
	32	+	* [Technology Identification](technology-identification.md)
	33	+	* [Content Discovery Tools](content-discovery-tools.md)
	34	+	* [Link Extraction Tools](link-extraction-tools.md)
	35	+	* [Parameter and web fuzzing tools](parameter-and-web-fuzzing-tools.md)
31	36

■ ■ ■ ■ ■ ■

content-discovery-tools.md

1	+	# Content Discovery Tools
2	+
3	+	```markdown
4	+	Here's the list of content discovery tools:
5	+
6	+	1. [gobuster](https://github.com/OJ/gobuster) - Directory/File, DNS, and VHost busting tool written in Go.
7	+	2. [recursebuster](https://github.com/C-Sto/recursebuster) - Rapid content discovery tool for recursively querying webservers, useful in pentesting and web application assessments.
8	+	3. [feroxbuster](https://github.com/epi052/feroxbuster) - A fast, simple, recursive content discovery tool written in Rust.
9	+	4. [dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner.
10	+	5. [dirsearch](https://github.com/evilsocket/dirsearch) - Go implementation of dirsearch.
11	+	6. [filebuster](https://github.com/henshin/filebuster) - Extremely fast and flexible web fuzzer.
12	+	7. [dirstalk](https://github.com/stefanoj3/dirstalk) - Modern alternative to dirbuster/dirb.
13	+	8. [dirbuster-ng](https://github.com/digination/dirbuster-ng) - C CLI implementation of the Java dirbuster tool.
14	+	9. [gospider](https://github.com/jaeles-project/gospider) - Gospider is a fast web spider written in Go.
15	+	10. [hakrawler](https://github.com/hakluke/hakrawler) - Simple, fast web crawler designed for easy and quick discovery of endpoints and assets within a web application.
16	+	11. [crawley](https://github.com/s0rg/crawley) - Fast, feature-rich unix-way web scraper/crawler written in Golang.
17	+
18	+	```
19	+

■ ■ ■ ■ ■ ■

link-extraction-tools.md

1	+	# Link Extraction Tools
2	+
3	+	```markdown
4	+	Here's the list of link extraction tools:
5	+
6	+	1. [LinkFinder](https://github.com/GerbenJavado/LinkFinder) - A Python script that finds endpoints in JavaScript files.
7	+	2. [JS-Scan](https://github.com/zseano/JS-Scan) - A JavaScript scanner built in PHP, designed to scrape URLs and other information.
8	+	3. [LinksDumper](https://github.com/arbazkiraak/LinksDumper) - Extracts links or possible endpoints from responses and filters them via decoding/sorting.
9	+	4. [GoLinkFinder](https://github.com/0xsha/GoLinkFinder) - A fast and minimal JS endpoint extractor written in Go.
10	+	5. [BurpJSLinkFinder](https://github.com/InitRoot/BurpJSLinkFinder) - A Burp Extension for passive scanning of JS files to find endpoint links.
11	+	6. [urlgrab](https://github.com/IAmStoxe/urlgrab) - A Golang utility to spider through a website searching for additional links.
12	+	7. [waybackurls](https://github.com/tomnomnom/waybackurls) - Fetches all the URLs that the Wayback Machine knows about for a domain.
13	+	8. [gau](https://github.com/lc/gau) - Fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
14	+	9. [getJS](https://github.com/003random/getJS) - A tool to quickly retrieve all JavaScript sources/files.
15	+	10. [linx](https://github.com/riza/linx) - Reveals invisible links within JavaScript files.
16	+
17	+	```
18	+

■ ■ ■ ■ ■ ■

osint.md

		skipped 30 lines
31	31		- [Ocearch Shark Tracker](https://www.ocearch.org/tracker): Click on a shark on the world map and find out its name, size, and travel log
32	32		- [Surging Seas: Risk Zone Map](https://riskfinder.climatecentral.org): Map of points with a risk of significant sea level rise in the event of melting glaciers
33	33		- [USA Fishermap](https://www.usafishermap.org): Detailed map of freshwater bodies in the USA, including depth at different points
34		-	- [Mind
35		-
36		-	at.org](https://www.mindat.org): Mineral maps for different countries
	34	+	- [Mindat.org](https://www.mindat.org): Mineral maps for different countries
37	35		- [Ventusky.com](https://www.ventusky.com): Collection of weather maps (wind, rain, temperature, air pressure, humidity, waves, etc.)
38	36		- [Wunderground](https://www.wunderground.com): Weather history data
39	37		- [Rain Alarm](https://www.rain-alarm.com): Shows where it is raining on the map and provides notifications of approaching rain
		skipped 29 lines

■ ■ ■ ■ ■ ■

parameter-and-web-fuzzing-tools.md

1	+	# Parameter and web fuzzing tools
2	+
3	+	```markdown
4	+	Here's the list of tools for parameter discovery:
5	+
6	+	1. [Parameth](https://github.com/maK-/parameth) - This tool can be used to brute discover GET and POST parameters.
7	+	2. [Param-miner](https://github.com/PortSwigger/param-miner) - This extension identifies hidden, unlinked parameters and is particularly useful for finding web cache poisoning vulnerabilities.
8	+	3. [ParamPamPam](https://github.com/Bo0oM/ParamPamPam) - ParamPamPam is a tool for brute discovering GET and POST parameters.
9	+	4. [Arjun](https://github.com/s0md3v/Arjun) - Arjun is an HTTP parameter discovery suite.
10	+	5. [ParamSpider](https://github.com/devanshbatham/ParamSpider) - ParamSpider is a tool for mining parameters from the dark corners of Web Archives.
11	+	6. [x8](https://github.com/Sh1Yo/x8) - x8 is a hidden parameters discovery suite written in Rust.
12	+
13	+	```
14	+
15	+	```markdown
16	+	Here's the list of web fuzzing tools:
17	+
18	+	1. [Fuzzingwfuzz](https://github.com/xmendez/wfuzz) - Web application fuzzer
19	+	2. [ffuf](https://github.com/ffuf/ffuf) - Fast web fuzzer written in Go
20	+	3. [fuzzdb](https://github.com/fuzzdb-project/fuzzdb) - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
21	+	4. [IntruderPayloads](https://github.com/1N3/IntruderPayloads) - Collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads, and web pentesting methodologies and checklists.
22	+	5. [fuzz.txt](https://github.com/Bo0oM/fuzz.txt) - Potentially dangerous files fuzz list.
23	+	6. [fuzzilli](https://github.com/googleprojectzero/fuzzilli) - JavaScript Engine Fuzzer.
24	+	7. [fuzzapi](https://github.com/Fuzzapi/fuzzapi) - Tool for REST API pentesting using the API_Fuzzer gem.
25	+	8. [qsfuzz](https://github.com/ameenmaali/qsfuzz) - Query String Fuzzer for building custom rules and identifying vulnerabilities.
26	+	9. [vaf](https://github.com/d4rckh/vaf) - Very advanced (web) fuzzer written in Nim.
27	+	rr
28	+	```
29	+

■ ■ ■ ■ ■ ■

screenshots.md

1	+	# Screenshots
2	+
3	+	```markdown
4	+	Here's the list of website screenshot tools:
5	+
6	+	1. [ScreenshotsEyeWitness](https://github.com/FortyNorthSecurity/EyeWitness) - EyeWitness is designed to take screenshots of websites, provide server header info, and identify default credentials if possible.
7	+	2. [Aquatone](https://github.com/michenriksen/aquatone) - Aquatone is a tool for visual inspection of websites across a large number of hosts, allowing for a quick overview of the HTTP-based attack surface.
8	+	3. [Screenshoteer](https://github.com/vladocar/screenshoteer) - Screenshoteer enables making website screenshots and mobile emulations from the command line.
9	+	4. [Gowitness](https://github.com/sensepost/gowitness) - Gowitness is a web screenshot utility written in Go, utilizing Chrome Headless.
10	+	5. [WitnessMe](https://github.com/byt3bl33d3r/WitnessMe) - WitnessMe is a web inventory tool that takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and offers additional features to simplify the process.
11	+	6. [Eyeballer](https://github.com/BishopFox/eyeballer) - Eyeballer is a convolutional neural network for analyzing pentest screenshots.
12	+	7. [Scrying](https://github.com/nccgroup/scrying) - Scrying is a tool for collecting RDP, web, and VNC screenshots, consolidating them in one place.
13	+	8. [Depix](https://github.com/beurtschipper/Depix) - Depix is a tool for recovering passwords from pixelized screenshots.
14	+	9. [HTTPScreenshot](https://github.com/breenmachine/httpscreenshot/) - HTTPScreenshot is a tool for capturing screenshots and HTML from a large number of websites.
15	+
16	+	```
17	+

■ ■ ■ ■ ■ ■

technology-identification.md

1	+	# Technology Identification
2	+
3	+	```markdown
4	+	Here's the list of technology identification and web scanning tools:
5	+
6	+	1. [Wappalyzer](https://github.com/AliasIO/wappalyzer) - Wappalyzer is a tool that identifies technologies used on websites.
7	+	2. [Webanalyze](https://github.com/rverton/webanalyze) - Webanalyze is a port of Wappalyzer that automates mass scanning to uncover technologies used on websites.
8	+	3. [Python-builtwith](https://github.com/claymation/python-builtwith) - Python-builtwith is a client for the BuiltWith API, allowing you to retrieve technology information about websites.
9	+	4. [WhatWeb](https://github.com/urbanadventurer/whatweb) - WhatWeb is a next-generation web scanner that identifies technologies and gathers information about websites.
10	+	5. [Retire.js](https://github.com/RetireJS/retire.js) - Retire.js is a scanner that detects the use of JavaScript libraries with known vulnerabilities.
11	+	6. [Httpx](https://github.com/projectdiscovery/httpx) - Httpx is a fast and versatile HTTP toolkit that allows running multiple probers using the retryablehttp library. It is designed to maintain result reliability with increased threads.
12	+	7. [Fingerprintx](https://github.com/praetorian-inc/fingerprintx) - Fingerprintx is a standalone utility for service discovery on open ports. It works well with other popular bug bounty command-line tools.
13	+
14	+	```
15	+

GITBOOK-12: change request with no subject merged in GitBook