ToolSet – TheLabda

Welcome to my ToolSet collection. Please keep in mind, that at BugBounties, you are not always allowed to use automated scanners. Also don’t forget, that these findings, marked by these scanners can be false-positive as well. Always validate them by manually exploiting the marked vulnerability!

The list was updated at 2020.04.08 06:11 PM.

Enumeration and Recon phase

I made a list for you guys with the tools I use for different type of enumration and recon processes.

DNS Discovery

Web Discovery

Old Content Discovery

OSINT tools

Simply go for the https://osintframework.com/

There is a huge collection of tools there, and you can find various opportunities for any special needs.

XSS

SQL Injection

The best tool for sqli, is obviously sqlmap. You don’t really need anything else.

https://github.com/epsylon/xsser

XXE - XML External Entity Injection

SSRF - Server Side Request Forgery

SSTI - Server-Side Template Injection

tplmap

LFI - Local File Inclusion

LFISuit

Scanning and Exploitation

In this section, I give you some idea for automated testing of different types of vulnerabilities where possible.

Please remember, that not all of the BugBounty programs let you to scan their assets with automated scanners!