Go To ReconDock

Special Tools

Resolution

  • http://dnsbin.zhack.ca (DNS)

  • http://pingb.in (DNS)

  • http://requestb.in (HTTP)

  • https://www.mockbin.org/ (HTTP)

Wildcard DNS

  • http://xip.io

10.0.0.1.xip.io
www.10.0.0.1.xip.io
mysite.10.0.0.1.xip.io
foo.bar.10.0.0.1.xip.io

  • http://nip.io

10.0.0.1.nip.io
app.10.0.0.1.nip.io
customer1.app.10.0.0.1.nip.io
customer2.app.10.0.0.1.nip.io
otherapp.10.0.0.1.nip.io

Reconnaissance

  • https://dnsdumpster.com (DNS and subdomain recon)

  • Reverse IP Lookup (Domainmonitor)

  • Security headers (Security Report, missing headers)

  • http://threatcrowd.org (WHOIS, DNS, email, and subdomain recon)

  • https://mxtoolbox.com (wide range of DNS-related recon tools)

  • https://publicwww.com/ (Source Code Search Engine)

  • http://ipv4info.com/ (Find domains in the IP block owned by a Company/Organization)

  • HackerTarget Tools (DNS recon, site lookup, and scanning tools)

  • VirusTotal (WHOIS, DNS, and subdomain recon)

  • crt.sh (SSL certificate search)

  • Google CT (SSL certificate transparency search)

  • PenTest Tools (Google dorks)

  • Wayback Machine (Find stuff which was hosted on the domain in past)

  • FindSubdomains (Find subdomains using domain or keywords)

Report Templates

  • https://github.com/fransr/template-generator

  • https://github.com/ZephrFish/BugBountyTemplates

PreviousSQLINextAccount Takeover

Last updated