Hey friends here is Toxic Boys Team this Article is Written By me
Using My Mobile with the Help of www.blogger.com/blog_this.pyra in
which you can Access your Blog and Write Article or any Post and Post
it without Image . so this Article is Wihout Image .
So here are some Tools which Bug Hunters are using Most Useful Online
Tools are Here Most experience bug hunters already know most of these
tools but this is mostly for starters. So Lets Start.
Before starting you must Read That Our Pakistani Guy Found Bug at
American web and Got Bounty here is link
toxicmask.blogspot.in/2013/04/dnn-hacking.html
ok now lets Start
For SSL validation
URL : https://www.ssllabs.com/ssltest/
Quality provides a free online tool that runs a complete test on a
target SSL. Heartbleed, OpenSSL CCS vuln, BEAST, POODLE, etc all of
these are covered in this online test.
Missing SPF? Let's test it…
URL: http://www.kitterman.com/spf/validate.html
These tools are meant to help you check SPF records on your target.
For many bug bounties participants this is one of the first things to
try. Usually get's the minimum payout if in-scope. On HackerOne,
Shopify already paid $500 on this missing email security header –
https://hackerone.com/reports/54779
lets Test X-FRAME-Options
URL: http://savanttools.com/test-frame
This tool is useful for detecting sites that use the X-FRAME-OPTIONS
header to block framing, or use frame-breaking / frame-busting
Javascript. Click jacking attacks can be achieved with the help of
this tool.
Find subdomains of a domain
URL: https://pentest-tools.com/information-gathering/find- subdomains-of-domain
pentest-tools.com offers 40 credits every day to a user for free and
using this information gathering information on the subdomains will
take you 20 credits so you can use it twice a day. This is very
usefull to find other domain targets.
Online fuzzer
URL: https://pentest-tools.com/website-vulnerability-
scanning/discover-hidden- directories-and-files
With only 10 credits [you have 40 credits every day] this online URL
Fuzzer can be used to find hidden files and directories on a web
server.
This is a discovery activity which allows you to discover resources
that were not meant to be publicly accessible (ex. /backups,
/index.php.old, /archive.tgz, /source_code.zip, etc).
With a file/direcotry fuzzer you can always find interesting stuff. I
already found a couple of phpinfo.php files on major companies and got
few bounties with them.
Using Drupal?
URL: https://hackertarget.com/drupal-security-scan/
With this online you get a overview of the Drupal version used,
template name, if directory indexing is enabled, etc. Some of this
information you could use to run further tests and determine if you
can get someting vulnerable from the Drupal instalation.
Using WordPress?
URL: https://hackertarget.com/wordpress-security-scan/
I'm a big fan of wp-scan but if you need a free online tool
HackerTarget will do a good job for you.
This tool will check the version of WordPress, check directory
indexing, list plugins [and if new updates are available], user
enumeration, etc. With this information you can check for vulnerable
plugins and provide a good report about that.
Using Joomla?
URL: https://hackertarget.com/joomla-security-scan/
Like the previous tools this one also checks for Joomla instalattions
information. Take a look into the plugins/components. Usually there
are something to look for. Compare versions and Google for changelogs
about vulnerabilities. Very often in the changelog the vulnerability
is not public but if it says CSRF on options-windows.php. Just try to
download that version and audit it yourself. I'll do that
Target store using Magento?
URL: https://www.magereport.com/
Scan your targets Magento shop for known security vulnerabilities.
This is a very useful tool that can get a few vulnerabilities in your
bounty quest.
I would like to add that there are better tools that could be
installed on your operating system but that could be on another
article. Remeber me in ur prayers . Thanks
--
*کابینہ منیب *میل موصول ہونے پر برائے کرم رپلائی کریں۔ جزاک اللہ
نوٹ: مکتب ٹائم
صبح 9:00 سے شام 5:00
مدنی التجا مکتب ٹائم کے علاوہ کال اٹنیڈ نہ ہونے کی صورت میں (sms) فرما دیجئے
Using My Mobile with the Help of www.blogger.com/blog_this.pyra in
which you can Access your Blog and Write Article or any Post and Post
it without Image . so this Article is Wihout Image .
So here are some Tools which Bug Hunters are using Most Useful Online
Tools are Here Most experience bug hunters already know most of these
tools but this is mostly for starters. So Lets Start.
Before starting you must Read That Our Pakistani Guy Found Bug at
American web and Got Bounty here is link
toxicmask.blogspot.in/2013/04/dnn-hacking.html
ok now lets Start
For SSL validation
URL : https://www.ssllabs.com/ssltest/
Quality provides a free online tool that runs a complete test on a
target SSL. Heartbleed, OpenSSL CCS vuln, BEAST, POODLE, etc all of
these are covered in this online test.
Missing SPF? Let's test it…
URL: http://www.kitterman.com/spf/validate.html
These tools are meant to help you check SPF records on your target.
For many bug bounties participants this is one of the first things to
try. Usually get's the minimum payout if in-scope. On HackerOne,
Shopify already paid $500 on this missing email security header –
https://hackerone.com/reports/54779
lets Test X-FRAME-Options
URL: http://savanttools.com/test-frame
This tool is useful for detecting sites that use the X-FRAME-OPTIONS
header to block framing, or use frame-breaking / frame-busting
Javascript. Click jacking attacks can be achieved with the help of
this tool.
Find subdomains of a domain
URL: https://pentest-tools.com/information-gathering/find- subdomains-of-domain
pentest-tools.com offers 40 credits every day to a user for free and
using this information gathering information on the subdomains will
take you 20 credits so you can use it twice a day. This is very
usefull to find other domain targets.
Online fuzzer
URL: https://pentest-tools.com/website-vulnerability-
scanning/discover-hidden- directories-and-files
With only 10 credits [you have 40 credits every day] this online URL
Fuzzer can be used to find hidden files and directories on a web
server.
This is a discovery activity which allows you to discover resources
that were not meant to be publicly accessible (ex. /backups,
/index.php.old, /archive.tgz, /source_code.zip, etc).
With a file/direcotry fuzzer you can always find interesting stuff. I
already found a couple of phpinfo.php files on major companies and got
few bounties with them.
Using Drupal?
URL: https://hackertarget.com/drupal-security-scan/
With this online you get a overview of the Drupal version used,
template name, if directory indexing is enabled, etc. Some of this
information you could use to run further tests and determine if you
can get someting vulnerable from the Drupal instalation.
Using WordPress?
URL: https://hackertarget.com/wordpress-security-scan/
I'm a big fan of wp-scan but if you need a free online tool
HackerTarget will do a good job for you.
This tool will check the version of WordPress, check directory
indexing, list plugins [and if new updates are available], user
enumeration, etc. With this information you can check for vulnerable
plugins and provide a good report about that.
Using Joomla?
URL: https://hackertarget.com/joomla-security-scan/
Like the previous tools this one also checks for Joomla instalattions
information. Take a look into the plugins/components. Usually there
are something to look for. Compare versions and Google for changelogs
about vulnerabilities. Very often in the changelog the vulnerability
is not public but if it says CSRF on options-windows.php. Just try to
download that version and audit it yourself. I'll do that
Target store using Magento?
URL: https://www.magereport.com/
Scan your targets Magento shop for known security vulnerabilities.
This is a very useful tool that can get a few vulnerabilities in your
bounty quest.
I would like to add that there are better tools that could be
installed on your operating system but that could be on another
article. Remeber me in ur prayers . Thanks
--
*کابینہ منیب *میل موصول ہونے پر برائے کرم رپلائی کریں۔ جزاک اللہ
نوٹ: مکتب ٹائم
صبح 9:00 سے شام 5:00
مدنی التجا مکتب ٹائم کے علاوہ کال اٹنیڈ نہ ہونے کی صورت میں (sms) فرما دیجئے