本文介绍了自学Bug Bounty过程中使用的各种工具,包括虚拟主机软件如VirtualBox和VMware,扫描工具如Nmap、ffuf和DIRB,以及安全测试平台如Burp Suite和Shodan。此外,还提到了DNS查询工具dig、WHOIS查询、子域名枚举工具和WordPress安全扫描器WPScan。文章还建议通过HackerOne等平台进行实践,并推荐了CTF挑战来提升技能。
听说bug bounty 最近很流行 于是想在YouTube上找一些视频自学,记录一些学习笔记。
- 选择什么样的virtual hosting software
- VirtualBox 开始不错 但后面要花钱
- VMware (60天免费)
- 扫描工具
为了防止被封IP 选择扫描工具是必须的, 尽量减慢扫描速度
-
Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich).Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
-
ffuf is a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.
-
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses(慢,安全)
-
SecLists is the security tester’s companion. It’s a collection
最低0.47元/天 解锁文章
扫一扫
410
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
