15 effective websites for pentesting research:

Thread🧵👇

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
1. #SecurityTrails
Numerous DNS records.
Link: lnkd.in/dXMTMmWs
2. ExploitDB
collection of past expolitations.
Link: lnkd.in/dTAXTUQa
3. #ZoomEye
Collect intelligence on potential targets.
Link: zoomeye.org
4. #Pulsedive
Seek out intelligence on possible risks.
Link:
5. #PolySwarm
Threats can be detected by scanning both files and URLs.
Link: polyswarm.io
6. #LeakIX
Do a search of data that has been made available to the public.
Link: leakix.net
7. #DNSDumpster
Quickly look up DNS information.
Link: dnsdumpster.com
8. #FullHunt
Targets of search and investigation threats.
Link: fullhunt.io
9. #ONYPHE
Information about cyber threats is gathered.
Link: onyphe.io
10. #URL Scan
This tool is a free website scanner and site audit.
Link: urlscan.io
11. #WayBackMachine
Look at data from erased websites.
Link: archive.org/web/
12. #Netlas
Locate and track anything online.
Link: netlas.io
13. #CRT sh
Find CT-logged certifications using this search.
Link: crt.sh
14. #Wigle
Statistics-filled wireless network database.
Link: wigle.net
15. #BinaryEdge
Searches the web for threat information.
Link: binaryedge.io

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cyber Security Topics

Cyber Security Topics Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Mawg0ud

Oct 17
Another new idea for #PenetrationTesting and #Bug-hunting:

Tester:
Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
To the contrary, changing the #payload allowed me to transform it into a reflected #XSS #vulnerability. Is this the final question?
Obviously not if I have any hope of carrying on.
This web app used #JWT tokens that were transmitted in the bearer header, and for some reason, there were three more cookies that also contained this token.
Only two of them were secure with #HTTP Only.
Just a wild guess.
Read 5 tweets
Oct 16
Here's a list of free #PenetrationTesting and #RedTeam Labs you may set up in your own home to enhance your #hacking abilities :
1) Red Team Attack Lab
A simulated setting where red teams can practice exploiting #vulnerabilities in various operating systems.
lnkd.in/ernefQv8
2) Capsulecorp Pentest
#Capsulecorp is a lightweight virtual infrastructure operated using Vagrant and Ansible. One #Linux attacking system running #Xubuntu is included, along with four #Windows 2019 servers hosting a variety of #exploitable services.

lnkd.in/eYfGmNBe
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(