Hacking Tools

🔍
Subfinder Intermediate
Subdomain discovery tool (multiple hosts via txt, single host, Github discovery).
subfinder -dL root-domains.txt -o subfinder-company.txt
#subdomain #automation
Github Subdomains Intermediate
Discover subdomains from Github using company name and API token.
github-subdomains -d company.com -t [git-api-token]
#subdomain #github
AltDNS Intermediate
Subdomain brute-force and permutations.
altdns -i all-subdomains.txt -o results -w words.txt -r -s all-dns-domains.txt
#subdomain #dns
HTTProbe Beginner
Probe for HTTP(s) services on multiple/critical ports.
cat all-hosts.txt | httprobe -p https:8089 ... -c 50 > httprobe-allCriticalPorts.txt
#ports #http
Naabu Beginner
Port scanner excluding CDN hosts.
sudo ./naabu -iL scp-httprobe-allHTTPs.txt -p - --exclude-cdn -o naabu-results.txt -v
#ports #scan
Gospider Beginner
Web spider for endpoints and URLs from list of hosts.
gospider -S httprobe-hosts.txt -o gospider-results --other-source --include-subs
#urls #crawler
GAU Beginner
Get All URLs from domains/subdomains.
for sub in $(cat domains.txt); do curl -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$sub?limit=100&page=1" | jq -r '.url_list[].url' done | sort -u | tee -a file.txt
#urls #recon
ffuf Intermediate
Fuzzing endpoints/parameters.
ffuf -w daniel-v-compilation.txt -u http://company.com.br/FUZZ -fc 401,403
#urls #fuzz
Alienvault Passive URLs Intermediate
Discover passive URLs from Alienvault OTX for multiple domains.
for sub in $(cat domains.txt); do
  curl -s "https://otx.alienvault.com/otxapi/indicator/hostname/url_list/$sub?limit=100&page=1" | jq -r '.url_list[].url'
done | sort -u | tee -a file.txt
#urls #passive
Subjack Intermediate
Detect subdomain takeover vulnerabilities.
subjack -w all-hosts.txt -t 100 -timeout 30 -o subjack-results.txt -ssl
#takeover #subdomain
Nuclei Intermediate
Automated vulnerability scanner & active takeover templates.
nuclei -l allhosts.txt -t takeovers/ -etags info -H "User-Agent: Mozilla/5.0 Windows NT 10.0"
#takeover #automation
EyeWitness Beginner
Automated screenshot tool for recon.
./EyeWitness.py -f all-domains.txt --timeout 8
#screenshot #recon
Webscreenshot Beginner
Take screenshots of multiple websites automatically.
python webscreenshot.py -i all-domains.txt -w 40
#screenshot #automation
FFUF Multi-host Intermediate
Fuzzing multiple hosts at the same time with custom wordlist.
ffuf -w "https-domains.txt:DOMAIN" -w daniel_v_compilation.txt -u DOMAIN/FUZZ -t 50 -fc 301,401,403 -v -od ffuf-multipleHosts-results -of md
#multi #fuzz

Daniel_v
Ethical Hacker at
Bugcrowd | Hackerone | YWH HackenProof
Penetration Tester

Awards

Bugcrowd MVP Q4-2022
On Patrol award for #HackUS government campaign at H1
Bugcrowd MVP Q2-2019
Bugcrowd Bounty Slayer Q3-19
Bugcrowd MVP Q3-2019
Bugcrowd MVP Q4-2019
Bugcrowd MVP Q2-2020

View more

Statistics

Top 110 hacker on Bugcrowd
~650 validated reports
~195 companies in Hall of Fame

View more