bl4de

Tools of The Bug Hunters Methodology V2

NOTE: The following list has been created based on the PPT "The Bug Hunters Methodology V2 by @jhaddix"

Discovery

• Sublist3r (Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT).
• Brutesubs (An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose).
• Cloudflare_enum (Cloudflare DNS Enumeration Tool for Pentesters).
• Censys.py (Quick and Dirty script to use the Censys API to query subdomains of a target domain).
• massdns (A high-performance DNS stub resolver).

manasmbellani

#!/usr/bin/python

from argparse import ArgumentParser, RawTextHelpFormatter
import subprocess
import shlex
import requests


USER_AGENT_STR = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"

paulirish

What forces layout / reflow

All of the below properties or methods, when requested/called in JavaScript, will trigger the browser to synchronously calculate the style and layout*. This is also called reflow or layout thrashing, and is common performance bottleneck.

Generally, all APIs that synchronously provide layout metrics will trigger forced reflow / layout. Read on for additional cases and details.

Element APIs

Getting box metrics

• elem.offsetLeft, elem.offsetTop, elem.offsetWidth, elem.offsetHeight, elem.offsetParent