Having the right toolkit is key, and after years of experimentation, I’ve found a few tools that have proven useful for my work.
Note that I utilize a Digital Ocean VPS for most of the CLI tools. I rely on XMind and Obsidian to stay organized.
Subfinder enables me to quickly discover subdomains associated with the target. To get the most out of the tool, I include my third party API keys.
Once I have the subdomains, I probe multiple ports with httpx to identify any potential web applications running on them.
Ffuf is a versatile web fuzzing tool that I use to discover files, directories, subdomains, virtual hosts and suspicious behaviour in web applications.
Seclists provides a range of lists, including wordlists such as “big-list-of-naughty-strings.txt” and the Raft wordlists, which I use based on the target. Another great resource is Assetnote which offers regularly updated wordlists.
PayloadsAllTheThings is a useful resource to comprehend attack techniques, bypasses and payloads.
Caido is an essential part of my toolkit. The Replay page has become a favored feature, as it allows me to manually modify and replay requests.
My primary browser is Firefox which I use along with the following extensions:
FoxyProxy: A must have when utilizing Burp Suite as it allows me to switch between proxy settings in Firefox with a single click.
Wappalyzer: Quick way to identify the technologies used by a website.
Open Multiple URLs: Handy extension to open multiple URLs in separate tabs.
Firefox Multi-Account Containers: Enables me to have different accounts on separate tabs, useful for when I need to test different user accounts or roles.
Firefox Developer Tools: I often find myself using DevTools for discovering interesting elements, analyzing behavior, and debugging.