#Methodology

• https://medium.com/@phirojshah20/bug-hunting-methodology-a-comprehensive-guide-619978852f89

• https://www.intigriti.com/researchers/blog/hacking-tools/crafting-your-bug-bounty-methodology-a-complete-guide-for-beginners

• https://rs0n.xyz/pages/methodology

• https://www.monke.ie/p/monkes-guide-bug-bounty-methodology

• https://oreobiscuit.gitbook.io/introduction/mains/build-your-own-bug-bounty-methodology

• https://www.hivefive.community/p/the-best-bug-bounty-recon-methodology

• https://github.com/ngalongc/bug-bounty-reference

​​

#Resources

• https://github.com/swisskyrepo/PayloadsAllTheThings

• https://github.com/appsecco/bugcrowd-levelup-subdomain-enumeration

• https://offsec.tools/tag/resources

• https://trickest.io/auth/login?returnUrl=%2F

#Bug Bounty References

• https://github.com/jhaddix/bug-bounty-reference?tab=readme-ov-file

• https://github.com/djadmin/awesome-bug-bounty

• https://www.bugbountyhunter.com/

#Report Writing and Note Taking

• https://obsidian.md

​​

#Operating System Setups

• Kali Linux VM - https://www.kali.org/get-kali/#kali-virtual-machines

• Kali Linux WSL - https://www.kali.org/docs/wsl/wsl-preparations

• PowerShell - Uses WSL

​

#WEAREHACKERONE Email Addresses for use on HackerOne (creating accounts on targets, ideal for IDOR's)

• name+demo1@wearehackerone.com

• name+demo2@wearehackerone.com

​

#Anonymity

• VPN - https://protonvpn.com

• Browser - https://www.torproject.org

• Virtual Machine - https://www.whonix.org

• Proxy - https://proxyscrape.com/free-proxy-list

#Code Editors

• Visual Studio Code - https://code.visualstudio.com

#OWASP Web Security testing Guide

• OWASP Testing Checklist - https://github.com/tanprathan/OWASP-Testing-Checklist

• WSTG - v4.2 - https://owasp.org/www-project-web-security-testing-guide/v42

• https://www.youtube.com/watch?v=1GJ_LwNw6sc

#Autonomous System Numbers

• Internet Services - https://bgp.he.net

#Azure

• azurehound - BloodHound data collector for Microsoft Azure

#Subdomain Finders

• subfinder - Find subdomains

• sublist3r - Subdomain enumeration

• dnsgen - Subdomain discovery

• chaos - Subdomain enumeration

• github - Subdomains

• assetfinder - Find domains and subdomains

• Rubikrecon - Bug Bounty and Reconnaissance tool designed to automate various tasks involved in the reconnaissance phase of security testing and bug bounty hunting

• subranger - Subdomain finder

• Knock - Enumerate subdomains

• findomain - Find subdomains

#Domain Flyovers

• aquatone - Domain flyovers

#Subdomain takeovers

• NtHiM - Subdomain takeovers, must add export PATH=/home/unknown/.cargo/bin:$PATH to .bashrc fileif .bashrc file corrupts - cp ~/.bashrc ~/.bashrc.bak cp /etc/skel/.bashrc ~/ source ~/.bashrc

• takeover.py - Sub-Domain TakeOver Vulnerability Scanner

• subzy - Subdomain takeover tool

• tko-subs - Check subdomain takeover

• https://www.youtube.com/watch?v=CCICEKuYchw

#Vulnerability Scanner

• nuclei - Vulnerability Scanner

• dirsearch - Web Path Scanner

• sn1per - Discover hidden assets and vulnerabilities in your environment

​​​​

#Wordlists

• seclists

• bopscrk

• https://wordlists.assetnote.io

​​

#Web Proxy

• ZAP - https://www.zaproxy.org

• Burp Suite - https://portswigger.net

#Port Scanner

• naabu - Port Scanner

• rustscan - Modern Port Scanner

• nmap - Port Scanner

• smap - Port Scanner

#Web Scanners

• whatweb - Website Identifier

• jaeles - Build your own web app scanner

#Web Brute Forcer

• gobuster - Command-line tool used for brute-forcing hidden paths on web servers

#Web Content Scanner

• dirb - Web Content Scanner

• https-toolkit - httpx toolkit

• gospider - Web Spider

• hakrawler - Web Crawler

• nikto - Web Application Scanner

• bbot - internet scanner

• httprobe - Take a list of domains and probe for working http and https servers

• httpx - Fast and multi-purpose HTTP toolkit

• aquatone - Visual inspection of websites

• katana - Web Crawler

• whatruns - A free browser extension that helps you identify technologies used on any website

#Content Discovery

• kiterunner - Content discovery

• amass - Attack surface mapping and asset discovery

​​​

#Shodan Enumeration

• shosubgo - Small tool to Grab subdomains using Shodan api

#GITHUB Enumeration

• Gdorklinks.sh - [https://gist.github.com/jhaddix/1fb7ab2409ab579178d2a79959909b33](https://gist.github.com/jhaddix/1fb7ab2409ab579178d2a79959909b33)

• Github Subdomains - go install github.com/gwen001/github-subdomains@latest

• takeover.py - git clone https://github.com/edoardottt/takeover.git

• Github Search - https://github.com/gwen001/github-search

• Github Endpoints - go install github.com/gwen001/github-endpoints@latest

• gitxray - Scan GitHub repositories and contributors to collect data

• GitDorker - https://github.com/obheda12/GitDorker, GitHub Search API and an extensive list of GitHub dorks

#Template Injection

• Tinja - CLI tool for testing web pages for template injection

#CRLF

• crlfuzz - Fast tool to scan CRLF vulnerability

#Javascript

• LinkFinder - Javascript endpoints

• SecretFinder - Discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files

• xnlinkfinder - Discover endpoints (and potential parameters) for a given target

• getJS - Javascript links

• Relative URL Extratcor - git clone https://github.com/jobertabma/relative-url-extractor

• GoLinkFinder -  go install github.com/0xsha/GoLinkFinder@latest

#DNS Recon

• dig

• dnsrecon

• massdns - High-performance DNS stub resolver

#403 Bypass

• 403bypass - git clone https://github.com/diiablo00/403-bypass, 403 bypass scripts

• 403-bypass - git clone https://github.com/thediablo1337/403-bypass

• bypass403 - https://github.com/iamj0ker/bypass-403, 403 bypass script

• 4-ZERO-3 - https://github.com/Dheerajmadhukar/4-ZERO-3

• 403bypasser - https://github.com/yunemse48/403bypasser, circumvent access control restrictions

​​

#Wayback

• waybackurls - Archived websites

• webanalyze - Wappalyzer

• waymore - Web archive scanner

• getallurls - getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, Common Crawl, and URLScan for any given domain. Inspired by Tomnomnom's waybackurls

​​​

#XSS Finders

• xsssniper - Handy xss discovery tool

• Dalfox - Scan for XSS flaws and analyzing parameters

​​​

#Web Fuzzer

• ffuf - Web fuzzer

• wfuzz - Web application bruteforcer

• feroxbuster - Tool designed to perform Forced Browsing

​

#SQLi Scanner

• sqlmap

#Misc

• jq

• lolcat

• figlet

• Interlace - Turn single threaded command line applications into a fast, multi-threaded application

• scopify - Analyze infrastructure information

• cvemap - go install github.com/projectdiscovery/cvemap/cmd/cvemap@latest

• anew - Append lines from stdin to a file

• CloudRecon - Finding assets from certificates

• csrf poc generator –

• unfurl - Pull out bits of URLs provided on stdin

• check_mdi.py - Find exchange based apex domains

• karma v2 - Publicly exposed leaks and many more about their target

• Spiderfoot - Gather information

• oniux - https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces

• postMessage-tracker - https://github.com/fransr/postMessage-tracker

• Postman - curl -o- "https://dl-cli.pstmn.io/install/linux64.sh" | sh

• Meg - go install github.com/tomnomnom/meg@latest

• Gowitness - Website screenshot utility

• bat - cat enhancement

​​

#Language Installers

​​

• go

• pip

• pipx

• python3-setuptools

• cargo

• ruby-full

• python-dnspython

• git