Issue for tracking some Discord topics

[six2dez]

• Fuzzing wordlist https://github.com/reewardius/bbFuzzing.txt
  • Added to onelistforallshort
• Arjun on deep mode?
• Recheck ffuf post processing cuz -ach apparently works wrong
• Check Docker container
• CloudHunter https://github.com/belane/CloudHunter (plus or instead of) cloud_enum + piping to trufflehog
  • Improved cloud_enum + pipping to trufflehog on a new exploitation mode
• https://github.com/Rnalter/ThunderCloud
  • Requires so much automation for Cognito detection and others :/
• Remove shodan init (key) suggestion, read from config
• https://github.com/BishopFox/jsluice
• https://github.com/OffXec/brutecms
• https://github.com/g0ldencybersec/CloudRecon
• https://github.com/faiyazahmad07/xss_vibes
• https://github.com/ferreiraklet/airixss
• https://github.com/devanshbatham/heaptruffle
• https://github.com/YouGina/wordlistweaver/
• https://github.com/xnl-h4ck3r/knoxnl
• https://github.com/c3l3si4n/quickcert
• https://github.com/RapidDNS/Afuzz
• https://github.com/hahwul/a2sv
• ppmap
• https://github.com/MayankPandey01/Jira-Lens

[kleozzy]

Origin ip flow: discover origin ip for domains and subs there are a bunch of tools that do this but I think reconftw already does this, not sure how well though.
So the idea is to match ips to subdomains and append dicovered paths/uris from subs to origin ips. Then run vuln scan on the ip based urls bypassing wafs and maybe other security restrictions. Can be also dont for fuzzing. Fuzz the origin ip as well.

Add Fuzzing paths to the main url list : Do we append discovered paths from fuzzing to the urls for further processing? For example for running them through gf and other tools and eventually end up with more targets for vuln testing. If not, we should append 200 hits on fuzzing in the url list from crawling and other sources and then proceed with the rest.

Verbose mode: A flag that will show the full output from each tool while they run so you can troubleshoot and find issues and tools that stuck . Also good to check on why some tools take to long and be able to see the progress of them.

[kleozzy]

Another nice tool for when Jira is detected : https://github.com/MayankPandey01/Jira-Lens

[kleozzy]

Maybe also have a look into brokenlinks, from what ive checked the current tool provides broken links only within the target scope , domain/subdomain but it doesnt detect thirdparty broken links which are good to find takeovers on and takeover broken links .

Maybe use another tool that can do that or adjust the flags.

[kleozzy]

Another workflow for IIS : Detect IIS servers , using nuclei or any other tool then run them against https://github.com/bitquark/shortscan for detecting diretories and file names for further exploitation.