Personally, I mainly use it for content discovery, admin account takeovers and enumerating endpoints vulnerable to IDOR. wfuzz is a very versatile tool that can be used for a lot of things. The tools I’m about to share should help you both with CTFs and bug bounties alike.įirst of all, I told myself I would get Burp Suite Pro after my first big bounty which came 3 months ago using wfuzz. However, do be warned that these will create some noise and might get you blacklisted across CDNs or even ISPs, so try to not go too crazy with your testing. Even though these are not revolutionary tips I believe they are criminally underutilized. Over the past month I’ve tried to distinguish my recon game from other hackers.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |