-
Asset Discovery
-
Dns Brute Forcing and Resolving
- str-replace
- puredns
- massdns
-
Subdomain Discovery
- Amass
- subfinder
- findomain
- github-domains
-
Fingerprint
-
HTTP Discovery
- httprpobe
- httpx
- SSame
-
Technology fingerprint
- httpx
- webanalyze-mod
-
Screenshot
- aquatone
- goverview
-
Spider Links
- gospider
-
OSINT
-
Finding more links
- ourl
- github-endpoints
-
IP Discovery
- metabigor
- cdnstrip
-
Vulnerability Scan
-
Nuclei
- Subdomain takeover
- Scanning with all templates
-
Jaeles
- Scanning with all signatures
- Looking for interesting endpoints
-
Content Discovery
- Filtering and Beautify the output format
- Special Wordlists
-
ffuf-mod
- Looping for each domain and run ffuf-mod on it
- ffuf-mod is a custom version of ffuf which add a way to filtering only interesting result
-
Port Scan
-
Full port scan
- rustscan
-
Service Fingerprint
- metabigor
- Vulnerability Scan
- Content Discovery
- Scanning based on open ports