This will contain the most useful tips and tricks from Hussain stream with Nahamsec which i find one of the best stream as Hussein are sharing too much valuable information for bug bounty hunters ;)
- https://bounty.offensiveai.com (it provide data of all subdomains)
- https://www.venkon.us/subdomain-lister/ (very fast subdomain discoverer)
- https://suip.biz/?act-finalrecon (free online OSINT tool)
ffuf -u http://FUZZ.example.com -w /path/to/wordlist
(subdomain fuzzer using wordlist)
https://pentesttools.net/atlas-quick-sqlmap-tamper-suggester/ (open source tool that can suggest sqlmap tampers t)
- https://www.internetmarketingninjas.com/seo-tools/google-sitemap-generator/
- https://app.deepcrawl.com/login require registration
- https://fofa.so/ (Similar to Shodan tool)
- https://github.com/s0md3v/Arjun (HTTP parameter discovery suite)
- https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943 (Param Miner)