Pentest Tips
  • ABOUT
  • Information Shares
  • CTF
    • Stego
    • Memory
  • Blue Team
    • Tools/Resources
    • One Liners
    • Threat Hunting
    • Scripts
    • Intrusion
  • Web
    • Resources
    • General Web
    • Subdomain Discovery
    • Content Discovery
    • MYSQL
    • Burpsuite
  • Network Exploitation
    • Resources
    • Kerberos
    • Network Based
    • Phishing
    • Metasploit
    • Weaponization
    • Password Cracking
    • Shell Upgrades
    • Linux PrivEsc
    • Windows PrivEsc
    • Windows Persistence
    • Exfiltration
  • Windows Internals
    • Kernal
  • Recon
    • Nmap
    • OSINT
    • SMB Enumeration
    • LDAP
    • Physical
  • Malware
    • Obfuscation
  • Scripting
    • Bash Basics
    • Powershell Basics
  • Cloud
    • AWS
  • Game Hacking
    • Resources
Powered by GitBook
On this page
  • BurpSuite Extensions
  • Web Recon
Edit on GitHub
  1. Web

Resources

PreviousIntrusionNextGeneral Web

Last updated 2 years ago

  • OWASP Favicon DB:

  • Find Sites Tech Stack:

  • Fuff, Fast Fuzzer:

  • Command Injection Cheatsheet:

  • File Format Magic Numbers:

  • List of MiME Media Types:

BurpSuite Extensions

This is a GitHub Infoshare that lists a ton of useful burp suite extensions

Web Recon

  • URL Gatherer:

  • Find attack surfaces:

  • Http probe:

  • Check valid sites httpx:

  • Asset Discovery: [https://github.com/OWASP/Amass]

  • Site Rep and info:

https://wiki.owasp.org/index.php/OWASP_favicon_database
https://www.wappalyzer.com/
https://github.com/ffuf/ffuf
https://github.com/payloadbox/command-injection-payload-list
https://en.wikipedia.org/wiki/List_of_file_signatures
https://www.iana.org/assignments/media-types/media-types.xhtml
https://github.com/snoopysecurity/awesome-burp-extensions
https://github.com/hakluke/hakrawler
https://github.com/michenriksen/aquatone
https://github.com/tomnomnom/httprobe
https://github.com/projectdiscovery/httpx
https://urlscan.io/