Hey Cyberpunks, I hope you all are doing good and if not then I am here to eliminate all the confusion that you have of which tool to choose for gathering information about your target. I see a-lot of aspiring hackers forget or, I should probably say ignore the power of Reckoning. What they usually do in their hacking phase, whether its bug bounty or testing for an organization, they jump directly onto the target.

But I think, we all remember that very famous quote of Abraham Lincoln

If I had 8 hours to chop down a tree. I would spend 6 hours sharpening my axe.

So, is the importance of gathering information before attacking your target. In today’s article we are going to list down tools that you can use for specific purpose, to make your exploitation a-lot easier. But, we also know that we can never ignore the power of manual reckoning. As of now we’ll be focusing fully on automation to save our time and effort. Now, without wasting anytime let’s just get straight into it.

Note: This is going to be straight forward as I’ll be listing the tools that you need with easy description. Rest, you can click on the tool name to know more. You can add this article as the bookmark. It’ll be your go to notes whenever you’ll test the target. It’ll make sure that you don’t miss any endpoint.

• Amass- This is the best you can ask for enumerating the subdomains of your target. It uses different techniques to gather information for you. For more info, Click here.
• Knock- This is another beast written in python language that you can use for OSINT. For more info, Click here.
• Sublist3r- Another fast scanner written in python. For more info, Click here.

These three tools are enough for you to cross verify, if any of them shows false positive results to you.

The one word answer to this is Github itself. Use your creativity and search techniques to get most out of it. If you want to check out the search techniques then click here. But as promised, I’ll tell you the best tool, & the tool is GitDorker.

• Shodan- This is probably the best for the purpose of enumerating public IP’s. Also, you can add this as your extension. To check out more about this tool. Click here.

• Google Hacking Database : Companies are releasing their dorks since a long time now. Don’t forget to use this as a powerful tool for finding out any sensitive information.

• Nmap

Advantage:- It can scan both IP’s and subdomains.

Drawback:- It is slow.

• Massscan

Advantage:- Much faster than Nmap.

Drawback:- Can scan IP’s only.

The choice is now all yours which one to choose. I personally prefer both of them.😁

• Dirsearch
• Gobuster
• ffuf
• BurpSuite
• wfuzz

These are more than enough for you to Bruteforcing directories. Yes you can also use dirb (Inbuilt tool in Kali)for this purpose. But, I personally prefer all these.

All these tools for different purposes are going to help you a-lot in your hacking journey and make your target more comprehensible.

Before Concluding, I would love to share the list of extensions that I use in my Firefox particularly for Reckoning to save my time and attempts.

• Retire.js- To check out outdated components in your target application.
• Wappalyzer / BuiltWith- To check out technologies used in website.
• Shodan- To check any exposed public IP.
• Cookie Manager / EditThisCookie2- To find out session related vulnerabilities.

Reference- https://thehackerish.com/bug-bounty-tools-from-enumeration-to-reporting

So, this is it for this Article I hope you enjoyed it. I will come back to you with another article. Till then, take care and Keep Hunting for good. Keep Digging and learning new stuffs.😍

If you like the content then, you can support me over here :- @buymeacoffee.com/ethicalkaps✌

See you in the next Article. Until then Cherish your life. Peace!🙌

You can Follow me on Twitter, on Spotify to listen my writeups and on Instagram.

If you enjoyed this story, please click the 👏 button as many time as you want and share to help others find it! Feel free to leave a comment below.