听说bug bounty 最近很流行 于是想在YouTube上找一些视频自学,记录一些学习笔记。
- 选择什么样的virtual hosting software
- VirtualBox 开始不错 但后面要花钱
- VMware (60天免费)
- 扫描工具
为了防止被封IP 选择扫描工具是必须的, 尽量减慢扫描速度
-
Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich).Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
-
ffuf is a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing.
-
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses(慢,安全)
-
SecLists is the security tester’s companion. It’s a collection