search

Subn0x / awesome-bbht

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
552 stars 102 forks source link

Current version does not install gf, gau, waybackurls Ubuntu Or Kali Linux. It does not show installation path to add API, or other keys for censys, shodan based scripts or tools. #9

Open CyberGhazi786 opened 1 year ago

CyberGhazi786 commented 1 year ago

Dear Sir,

Current version does not install gf, gau, waybackurls Ubuntu Or Kali Linux. It does not show installation path to add API, or other keys for censys, shodan based scripts or tools.

Second thing, please make it world no.01 web bug hunting installer by adding these top notch bug hunting tools.

Subdomains enumeration:

Amass Assetfinder Crobat Findomain Github-subdomains Subfinder Sudomy subdomainizer sublister findomain

Subdomain Takeover:

Subover Autosubtakeover Tko-subs Subjack

Cloud Workflow: AWS_Recon festin lazys3 s3brute flumberboozle slurp

DNS resolver

dnsx MassDNS PureDNS ShuffleDNS DNSvalidator

Visual Inspection - Screenshots

Aquatone Gowitness httpscreenshot

HTTP probe

httprobe httpx

Web crawler / Content Discovery

Gospider Hakrawler ParamSpider gau waybackurls paramspider GF GF_Pattern Photon

Network scanner

Rustscan Masscan Naabu Nmap Brutespray

HTTP Parameter

Arjun x8 *

Fuzzing tools

Ffuf Gobuster Wfuzz Gobuster Dirsearch Dirb

LFI/RFI tools

LFISuite Fimap

XPR1M3 / sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python https://github.com/XPR1M3/sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python-.git

Spring4Shell: redhuntlabs / Hunt4Spring | https://github.com/redhuntlabs/Hunt4Spring.git

Log4j: log4jscan for Linux | https://github.com/intezer/log4jscan.git

SSRF tools

SSRFmap Gopherus Interactsh

SSTI tools

tplmap *

API hacking tools

Kiterunner + API routes

Wordlists

SecLists

Vulns - XSS

Dalfox Bxss XSpear kxss XSStrike Gxss FinDOM-XSS X5S Xenotix XSS Exploit Framework

Vulns - SQL Injection

SQLbit BSQL hacker SQLMap SQLninja Safe3 SQL injector SQLSus Mole NoSQLMap SQLmate ATLAS (WAF Bypass Suggester for SQLmap) SQLiScanner AutoSQLi Bypass-WAF-SQLMAP KhetaguriDimitri/SQL-Injection Agressiv1njector/psqli-pro AngelSecurityTeam/SQLiDumper-AngelSecurityTeam JohnTroony/Blisqy quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper enjoiz/BSQLinjector lanmaster53/sqli-exploiter Sqliv Havij BBQSQL Leviathan WhiteWidow jSQL Injection

CMS Scanner

WPscan droopescan AEM-Hacker Drupwn Wig

Vulns - Scanner

Jaeles Nikto ** Nuclei

JavaScript hunting

LinkFinder SecretFinder subjs GetJS

Find_Web_Technologies

Wappalyzer CLI

Git Hunting / GIT Enum Tools:

GitDorker gitGraber GitHacker GitTools Githound Trufflehog Gitscanner

Sensitive Stuff Finding

DumpsterDiver EarlyBird Ripgrep

Useful tools

anew anti-burl getallurls gron Interlace jq qsreplace Tmux unfurl Uro

Web Exploitation Frameworks:

Sn1per Vajra Jok3r v3 beta osmedeus cobra Arachni TIDoS Framework sudomy Grabber Vega Zed Attack Proxy Wapiti W3af WebScarab Skipfish Ratproxy Wfuzz Grendel-Scan Watcher

JS Enumeration Tools:

jsscanner jsparser linkfinder

Fingerprint & CVE Tools:

nuclei webtech waf

Subn0x commented 7 months ago

I'm really late to this....1 year late, but will definitely look into revamping the script, thanks for the suggestions! (if you're still around)