yogeshojha / rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

https://yogeshojha.github.io/rengine/

GNU General Public License v3.0

7.19k stars 1.09k forks source link

Commands and tools #131

Closed Fawadkhanfk closed 3 years ago

Fawadkhanfk commented 3 years ago

cat SecLists/Discovery/DNS/dns-Jhaddix.txt | subgen -d DOMAIN.TLD | zdns A --name-servers 1.1.1.1 --threads 500 | jq -r "select(.data.answers[0].name) | .name"

bugbountytips

python3 dirsearch.py -e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bak,bkp,cache,cgi,conf,csv,html,inc,jar,js,json,jsp,jsp~,lock,log,rar,old,sql,sql.gz,http://sql.zip,sql.tar.gz,sql~,swp,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js.,.json -u https://coderedmarketing.eccouncil.org/ -t 100 -w /root/tools/bruteforce/ffufplus/wordlist/dicc.txt -b

marz-hunter commented 3 years ago

I think dir scan is faster using ffuf

ffuf -mc 200 -t 200 -c -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" -u $sites -w wordlist/dicc.txt -D -e js,php,bak,txt,asp,aspx,jsp,html,zip,jar,sql,json,old,gz,shtml,log,swp,yaml,yml,config,save,rsa,ppk

marz-hunter commented 3 years ago

I also suggest to filter only the 200OK directory that is displayed. because if you display it all there will be a lot of garbage that fills the directory listing