Special Tools

Resolution

• http://dnsbin.zhack.ca (DNS)

• http://pingb.in (DNS)

• http://requestb.in (HTTP)

• https://www.mockbin.org/ (HTTP)

Wildcard DNS

• http://xip.io

10.0.0.1.xip.io
www.10.0.0.1.xip.io
mysite.10.0.0.1.xip.io
foo.bar.10.0.0.1.xip.io

• http://nip.io

10.0.0.1.nip.io
app.10.0.0.1.nip.io
customer1.app.10.0.0.1.nip.io
customer2.app.10.0.0.1.nip.io
otherapp.10.0.0.1.nip.io

Reconnaissance

• https://dnsdumpster.com (DNS and subdomain recon)

• Reverse IP Lookup (Domainmonitor)

• Security headers (Security Report, missing headers)

• http://threatcrowd.org (WHOIS, DNS, email, and subdomain recon)

• https://mxtoolbox.com (wide range of DNS-related recon tools)

• https://publicwww.com/ (Source Code Search Engine)

• http://ipv4info.com/ (Find domains in the IP block owned by a Company/Organization)

• HackerTarget Tools (DNS recon, site lookup, and scanning tools)

• VirusTotal (WHOIS, DNS, and subdomain recon)

• crt.sh (SSL certificate search)

• Google CT (SSL certificate transparency search)

• PenTest Tools (Google dorks)

• Wayback Machine (Find stuff which was hosted on the domain in past)

• FindSubdomains (Find subdomains using domain or keywords)

Report Templates

• https://github.com/fransr/template-generator

• https://github.com/ZephrFish/BugBountyTemplates