Subdomain Enum
- [-]
shuffledns - [-]
amass
Check if Domain is Online
-
httpx -
httprobe
Visualize Domains
- [-]
aquatone
Subdomain Takeover & Resolver
- [-]
subzy - [-]
dnsreaper - [/]
dnsx
Fetch URLs
-
gau -
waymore
Merge with `anew`Discover Endpoints
Merge with `anew`Extract JS Files
-
subjs: fetch JS files
Extract URLs & Secrets From JS Files
-
linkfinder -
jsluice -
trufflehog -
mantra
Use URLs as Inputs
-
nuclei -
corsy: check CORS misconfig (need URLs so runhttpx/httprobebefore) -
crlfuzz: check CRLF vulns
Source Map Extractor
- [-]
mapperplus
If No Waf
- [-]
ffuf - [-]
gobuster - [-]
arjun
If WordPress
-
wpscan -
wpprobe