Pentest Notes
  • 🏠/home/x3m1Sec/.pt-notes
  • πŸ“Pentest Notes
    • πŸ”Information Gathering
    • πŸ“œProtocols and Services
      • DNS
      • FTP
      • IMAP
      • IPMI
      • MSSQL
      • MySQL
      • NFS
      • Oracle TNS
      • POP3
      • RDP
      • SMB
      • SMTP
      • SNMP
    • πŸ•ΈοΈWeb Applications
      • Web Attacks
        • Cross Site Scripting (XSS)
        • SQL Injection (SQLi)
        • File Upload Vulnerabilities
        • Insecure Direct Object References (IDOR)
        • OS Command Injection
        • Local File Inclusion (LFI)
        • Remote File Inclusion (RFI)
        • XML External Entities (XXE)
        • HTTP Verb Tampering
      • Web Technologies
        • Tomcat
        • CGI Applications
        • WordPress
        • SAP Netweaver
        • Joomla
        • Drupal
        • Gitlab
        • Jenkins
        • Microsoft IIS
        • osTicket
        • PRTG Network Monitor
        • Splunk
      • Fuzzing
    • πŸ“‚Active Directory
      • Initial Access
      • Internal Enumeration & Lateral Movement
      • Privilege Escalation to Domain Admin using Known Exploits
      • Domain Trusts
    • 🐧Linux Privilege Escalation
      • Enumerating Attack Vectors
      • Privileged Groups
      • Environment Variables Abuse
      • Capabilities Abuse
      • Programs, Jobs and Services
      • Miscellaneous Techniques
      • Recent CVEs
    • πŸͺŸWindows Privilege Escalation
      • Enumerating Attack Vectors
      • Excessive User Rights Abuse
      • Built-in Groups Abuse
      • File System ACLs
      • Services Hijacking
      • User Account Control (UAC) Bypass
      • Living off the Land
    • πŸ›Bug Bounty Hunting
      • Bug Bounty Tools
    • πŸ‘ΎUtilities, Scripts and Payloads
      • Shells and Payloads
      • Metasploit Framework
      • File Transfers
      • Pivoting, Tunneling, Port Forwarding
      • Password Attacks
  • πŸŽ“My Certifications
    • eJPTv2
      • My review
    • CPTS
      • CheatSheet
Powered by GitBook
On this page
  • Before you move on
  • Auto Tools
  • Subdomain & VHost Discovery
  • Information Gathering
  • Scanning for Vulnerabilities
  1. Pentest Notes
  2. Bug Bounty Hunting

Bug Bounty Tools

PreviousBug Bounty HuntingNextUtilities, Scripts and Payloads

Last updated 13 days ago

Before you move on

Before moving on, refer to the to try to use leverage Google Dorks, OSINT and information gathering techniques against your target.

Remember to use rate-limiting and user-headers according to the specific program's guideline.

Auto Tools

Notice - This page is Incomplete - more tools will be added

Subdomain & VHost Discovery

Information Gathering

Scanning for Vulnerabilities

πŸ“
πŸ›
information gathering page
https://github.com/edoardottt/scilla
https://pentest-tools.com/information-gathering/find-subdomains-of-domain
https://pentest-tools.com/information-gathering/find-virtual-hosts
https://github.com/edoardottt/cariddi
https://github.com/j3ssie/metabigor
https://github.com/BullsEye0/dorks-eye
https://pentest-tools.com/information-gathering/google-hacking
https://github.com/six2dez/reconftw
https://pentest-tools.com/website-vulnerability-scanning/website-scanner
https://pentest-tools.com/cms-vulnerability-scanning/wordpress-scanner-online-wpscan