Resources

OWASP Favicon DB: https://wiki.owasp.org/index.php/OWASP_favicon_database
Find Sites Tech Stack: https://www.wappalyzer.com/
Fuff, Fast Fuzzer: https://github.com/ffuf/ffuf
Command Injection Cheatsheet: https://github.com/payloadbox/command-injection-payload-list
File Format Magic Numbers: https://en.wikipedia.org/wiki/List_of_file_signatures
List of MiME Media Types: https://www.iana.org/assignments/media-types/media-types.xhtml

BurpSuite Extensions

This is a GitHub Infoshare that lists a ton of useful burp suite extensions https://github.com/snoopysecurity/awesome-burp-extensions

Web Recon

URL Gatherer: https://github.com/hakluke/hakrawler
Find attack surfaces: https://github.com/michenriksen/aquatone
Http probe: https://github.com/tomnomnom/httprobe
Check valid sites httpx: https://github.com/projectdiscovery/httpx
Asset Discovery: [https://github.com/OWASP/Amass]
Site Rep and info: https://urlscan.io/

PreviousIntrusion NextGeneral Web

Last updated 2 years ago