Subdomain enumeration
- https://github.com/projectdiscovery/subfinder
- https://dnsdumpster.com/
- https://www.shodan.io/
- https://github.com/fwaeytens/dnsenum/
- https://github.com/tomnomnom/assetfinder
- https://crt.sh/
- amass
- findomain
Checking if our subdomains are live
(optional if you don't httprobe) Putting HTTPS in front of subdomains
Subdomain flyover
- https://github.com/FortyNorthSecurity/EyeWitness
- https://github.com/michenriksen/aquatone
Vulnerability scanners
- https://cirt.net/Nikto2
- nuclei
- https://github.com/heilla/SecurityTesting/blob/master/initialScan.sh
Directory brute forcing
- https://github.com/OJ/gobuster
- Burp pro content discovery
- https://github.com/ffuf/ffuf
- https://github.com/maurosoria/dirsearch
Javascript analyses
Port scanning
- Masscan
- Naabu
- Nmap