Pentest Book
Search…
Webs recon

Resolution

1
# https://github.com/projectdiscovery/httpx
2
cat subdomains/subdomains.txt | httpx -follow-host-redirects -random-agent -status-code -silent -retries 2 -title -web-server -tech-detect -location -no-color -o websites.txt
Copied!

WAF Checks

1
# https://github.com/EnableSecurity/wafw00f
2
wafw00f -i websites.txt
Copied!

CMS

1
# https://github.com/Tuhinshubhra/CMSeeK
2
tr '\n' ',' < websites.txt > cms_test.txt
3
python3 cmseek.py -l cms_test.txt --batch -r
Copied!

Web screenshot

1
# https://github.com/sensepost/gowitness
2
gowitness file -f websites.txt
3
gowitness report serve -D gowitness.sqlite3
Copied!

Fuzzing

1
# https://github.com/ffuf/ffuf
2
ffuf -mc all -fc 404 -ac -sf -s -w wordlist.txt -u https://www.domain.com/FUZZ
Copied!

URLs

URL extraction

1
# https://github.com/jaeles-project/gospider
2
gospider -S websites.txt --js -t 20 -d 2 --sitemap --robots -w -r > urls.txt
3
4
# https://github.com/lc/gau
5
cat websites.txt | gau -subs
6
7
# https://github.com/tomnomnom/waybackurls
8
cat websites.txt | waybackurls
9
10
# https://github.com/gwen001/github-endpoints
11
github-endpoints -q -k -d united.com -t tokens_github.txt
12
13
# https://github.com/Josue87/roboxtractor
14
cat webs.txt | roboxtractor -m 1 -wb
Copied!

Filtering

1
# https://github.com/tomnomnom/qsreplace
2
cat urls.txt | qsreplace -a
3
4
# https://github.com/s0md3v/uro
5
cat urls.txt | uro
Copied!
Patterns
1
# https://github.com/tomnomnom/gf
2
# https://github.com/1ndianl33t/Gf-Patterns
3
gf sqli urls.txt
Copied!

JS

1
# https://github.com/w9w/JSA
2
cat urls.txt | python3 jsa.py
3
4
# https://github.com/lc/subjs
5
cat js.txt | subjs | httpx
6
7
# https://github.com/GerbenJavado/LinkFinder
8
python3 linkfinder.py -d -i https://domain.com/whatever.js -o cli
Copied!

Wordlists generation

1
# https://github.com/tomnomnom/unfurl
2
cat urls.txt | unfurl -u keys
3
cat urls.txt | unfurl -u values
Copied!