Skip to content

References

Vanquish

Vanquish is Kali Linux based Enumeration Orchestrator.

| NMap | Hydra | Nikto | Metasploit | | Gobuster | Dirb | Exploitdb | Nbtscan | | Ntpq | Enum4linux | Smbclient | Rpcclient | | Onesixtyone | Sslscan | Sslyze | Snmpwalk | | Ident-user-enum | Smtp-user-enum | Snmp-check | Cisco-torch | | Dnsrecon | Dig | Whatweb | Wafw00f | | Wpscan | Cewl | Curl | Mysql | Nmblookup | Searchsploit | | Nbtscan-unixwiz | Xprobe2 | Blindelephant | Showmount |

LazyRecon

An automated approach to performing recon for bug bounty hunting and penetration testing.

chomp-scan

Streamline the bug bounty/penetration test reconnaissance phase

  • Subdomain Discovery (3 different sized wordlists)
    • dnscan
    • subfinder
    • sublist3r
    • massdns + altdns
    • subjack
  • Screenshots (optional)
    • aquatone
  • Port Scanning (optional)
    • masscan and/or nmap
  • Content Discovery (optional) (4 different sized wordlists)
    • ffuf
    • bfac
    • nikto
    • whatweb
  • Wordlists
    • Subdomain Bruteforcing
      • subdomains-top1mil-20000.txt - 22k words - From Seclists
      • sortedcombined-knock-dnsrecon-fierce-reconng.txt - 102k words - From Seclists
      • huge-200k - 199k words - A combination I made of various wordlists, including Seclists
    • Content Discovery
      • big.txt - 20k words - From Seclists
      • raft-large-combined.txt - 167k words - A combination of the raft wordlists in Seclists
      • seclists-combined.txt - 215k words - A larger combination of all the Discovery/DNS lists in Seclists
      • haddix_content_discovery_all.txt - 373k words - Jason Haddix's all content discovery list
      • haddix-seclists-combined.txt - 486k words - A combination of the two previous lists
    • Misc.
      • altdns-words.txt - 240 words - Used for creating domain permutations for masscan to resolve. Borrowed from altdns.
      • interesting.txt - 42 words - A list I created of potentially interesting words appearing in domain names.

pown-recon

A powerful target reconnaissance framework powered by graph theory.