Enumeracion en Endpoints

Fuzz de Endpoints

https://domain.site/api/v1/FUZZ1.FUZZ2

actionObject
ActionObject
action_Object
action-object
action.object
...

GitHub - chrislockard/api_wordlist: A wordlist of API names for web application assessmentsGitHub

JS Minning

Extension de burpsuite.

GitHub - PortSwigger/js-miner: This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.GitHub

Fuzz de parametros

arjun -u URL

GitHub - s0md3v/Arjun: HTTP parameter discovery suite.GitHub

Kite Runner

kr scan hosts.txt -w routes.kite -x 20 -j 100

GitHub - assetnote/kiterunner: Contextual Content Discovery ToolGitHub

Last updated 1 year ago