As a security researcher, having the right toolkit is essential to efficiently identify vulnerabilities in web applications. Over the years, I have experimented with various tools and techniques, and I have found a few key tools that have become essential in my work.
Note that I utilize a Digital Ocean VPS for most of the CLI tools. I rely on XMind and Obsidian to stay organized.
Subfinder enables me to quickly discover subdomains associated with the target. To get the most out of the tool, I include my third party API keys.
Once I have the subdomains, I probe the ports 80, 81, 443, 900, 3000, 3001, 5000, 7070, 8000, 8008, 8080, 8443, 9090, 9200, with httpx to identify any potential web applications running on these ports.
Ffuf is a versatile web fuzzing tool that I use to discover files, directories, subdomains, virtual hosts and suspicious behaviour in web applications.
Seclists provides a range of lists, including wordlists such as “big-list-of-naughty-strings.txt” and the Raft wordlists, which I use based on the target. Another great resource is Assetnote which offers regularly updated wordlists.
PayloadsAllTheThings is a useful resource to comprehend attack techniques, bypasses and payloads.
Burp Suite is an essential part of my toolkit. The Repeater tab has become a favored feature, as it allows me to manually modify and resend requests.
My primary browser is Firefox which I use along with the following extensions:
FoxyProxy: A must have when utilizing Burp Suite as it allows me to switch between proxy settings in Firefox with a single click.
Wappalyzer: Quick way to identify the technologies used by a website.
Open Multiple URLs: Handy extension to open multiple URLs in separate tabs.
Firefox Multi-Account Containers: Enables me to have different accounts on separate tabs, useful for when I need to test different user accounts or roles.
Firefox Developer Tools: I often find myself using DevTools for discovering interesting elements, analyzing behavior, and debugging.
The right tools are essential for efficient web application testing. However, it’s crucial to also develop a solid methodology rather than relying solely on tools.
By combining the right tools with a well thought out methodology, you can improve your web application security testing skills.
I hope the insights from my methodology and tooling have provided valuable knowledge and inspiration for your own web application security testing efforts.