Episode 9 - Show Notes

Listen to this episode9 - Automating Recon - Mapping Your Target Effectively
ffuf - ignore 301,302 responses & write output to fileffuf -w SecLists/Discovery/Web-Content/raft-large-directories.txt -u https://example.com/FUZZ -c -v -fc 302,301 -recursion -recursion-depth 2 -o exampleOutput.txt
ffuf - fuzz both the filename and extensionffuf -w SecLists/Discovery/Web-Content/raft-large-directories.txt -u "https://example.com/FUZZ.EXT" -w /Path/To/Discover/Web-Content/ext.txt:EXT
recursebuster /root/go/bin/recursebuster -u https://example.com/ -w SecLists/Discovery/Web-Content/big.txt
dirsearchhttps://github.com/maurosoria/dirsearch
dirsearch.py -u https://example.com/ -e html,json,js
dnsvalidatorhttps://github.com/vortexau/dnsvalidator
dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 20 -o resolver.txt
findomainhttps://github.com/Edu4rdSHL/findomain.git
findomain -t https://example.com
subjackhttps://github.com/haccer/subjack.git
https://github.com/EdOverflow/can-i-take-over-xyz
/root/go/bin/subjack -w subdomains.txt -t 100 -timeout 30 -c fingerprints.json -v -a
cloud_enumhttps://github.com/initstring/cloud_enum.git
cloud_enum.py -k setup -k auth -k config -t 10 -l output.txt --disable-azure