We've released a bunch of tools recently, and we haven't really introduced them properly on Twitter, so for the next 5 days, we'll be featuring one tool each day!
Today, check out mksub, a tool to generate tens of thousands of subdomain combinations in seconds. 👇🧵
Introducingggggg... 🥁
Generate thousands of URL path combos in seconds, perfect for generating brute force wordlists!
mkpath! This tool is similar to mksub, but it works for URL path combinations instead of subdomains.
Need to resolve a massive list of subdomains, but the lack of enough resolvers is slowing you down?
Presenting the most exhaustive list of reliable DNS resolvers with more than 9000 validated nameservers!
#infosec
#recon
#bugbountytips
#redteam
Accidentally discovering hundreds of SSRFs 💥
During his latest Cloudflare bypass research,
@carlospolopm
ran into 551 vulnerable servers and a vulnerable version of Amazon Lightsale.
Details in our latest blog post 🐞
#securityresearch
#infosec
Releasing our latest project, CVEs! A constantly updated collection of 𝘢𝘭𝘮𝘰𝘴𝘵 every publicly available CVE PoC.
👉 Browse, find a PoC, and test away!
👉 Search for a specific product.
👉 Watch the repo to be notified when new PoCs go public!
If you're a bug bounty hunter, you will 💚 this GitHub repository.
It contains all assets that we uncover on public bug bounty targets, and it is updated automatically, frequently 😎
Enjoy! 🚀
Asset Inventory of public bug bounty programs
🏃♂️ help bug bounty hunters get up and running as quickly as possible.
👀 give security teams better visibility into their assets.
⛈️ reduce the load and noise that some programs face from automated tools.
New subdomain enumeration wordlist 🚀
We took the hostnames dataset we have on Inventory, unfurl'ed it (thanks
@tomnomnom
!) to extract subdomains, sorted them, and combined them into this 1.4 million-word list.
What wordlist do you wish existed?
Hey bug hunters 👋
We constantly update a repository with recon data of public bug bounty programs, and we just added a bunch of new programs to the workflow for you to steal! 😎
Check out Inventory 2.0 with the data of over 50 programs! 🤯
We are proud to publish the process we're currently using to find Log4j-related vulnerabilities!
Many of the building blocks we're using here were created by remarkable people from the community.
Thanks, everyone!
New addition to our Scanner tools:
Introducing "Socialhunter" 🎯
This tool scans websites and finds broken social media links that can be hijacked.
Try it on your automation workflow on Trickest! 🤖
Are you a security researcher or pentester looking for quick access to CVE proof-of-concepts? Check out this repository!
In a nutshell, here's how it can be useful to you 🧵👇
Did you know that the subdomain and parameter wordlists available here are actually based on real data we've enumerated as part of our inventory workflows?
When it comes to generating subdomain permutations, we turn to gotator, mksub, and dsieve 90% of the time.
These tools are reliable and useful, but don't forget to use their lesser-known flags ⚒️
Quick thread on one standout feature of each tool 🧵
Discover the fascinating story of uncovering hundreds of SSRF vulnerabilities on AWS! 🔓
Dive into the investigation of methods to reveal IP addresses of webpages protected by Cloudflare 🌐
Read more:
We are excited to announce our collaboration with awesome
@Six2dez1
!
Automated
@trick3st
workflow will structure all of the available fuzzing wordlists!
Send us PRs for new source repositories. The workflow will pick 'em up.
Are you looking to shake things up in your subdomain, endpoint, and parameter discovery processes? Consider trying out some new wordlists!
The Wordlists project features 4 types of wordlists 👇
We designed a workflow that constantly scans popular CMS systems for new paths, and adds them to the associated wordlists.
Perrrrrfect for brute forcing! Here are the results 👇
🚨 Attention bug bounty hunters 🚨
Here is excellent recon data for all public bug bounty programs. It is updated regularly, automatically.
✅ Subdomains
✅ URLs
✅ Web servers (and response details)
✅ Cloud assets
✅ More
Go squash some bugs! 🐛🔫
📃 New wordlists 📃
We've added Laravel to the list of technologies that the Wordlists workflow enumerates. Find the new lists here
What wordlist would you like to get next?
Bug bounty hunters! 🥳Celebrate the Trickest community with us and win 1 of 5 monthly PRO licenses! 🎁
#GIVEAWAY
To win:
✅ Like, retweet, and follow
@trick3st
✅Tag 2 of your best bug bounty buddies in the comment 👇
Winners will be randomly selected in 24 hours. Good luck!🤞
Ever wished to scale 403 endpoint bypass tests? 🚀
Dive into our latest blog post with
@remonsec
to learn how to automate these methods using Trickest workflows!
Did you know that you can find out what CVEs have been submitted to
@Hacker0x01
's bug bounty programs by searching the trickest/cve GitHub repository?
Bug bounty hunters, take note!
If you are currently participating or planning to participate in any of these companies' bug bounty programs, be sure to review their datasets on the trickest/inventory GitHub repository and save yourself some valuable time ✨
Today - we are featuring dsieve!
This tools allow you to enrich your existing lists of subdomains by guessing what other subdomains are likely to exist. 🤪
It's easier to explain with an image!
👇
Fresh wordlists alert 🚨
The trickest/wordlists repo got updated with ~80 new lists for a bunch of technologies. Fingerprint your targets, pick the right wordlist, and find hidden content and vulnerabilities 🚀
#bugbounty
#pentesting
#wordlists
📜 New wordlists alert 📜
We've seen great results from subdomain levels enumeration, so we're taking it a step further. Introducing our latest wordlists generated from the trickest/cloud dataset!
More useful resources in the thread 🧵👇"
Releasing find-gh-poc, the centerpiece of trickest/cve 🚀
Find-gh-poc can help you:
👉search GitHub for a CVE’s PoCs/exploits
👉build an archive of PoCs (like we did!)
👉find all PoCs of a specific off-the-shelf piece of software
Bug bounty hunters 🔊
We maintain a public GitHub repository with heaps of recon data from over 60 programs. Free for you to use and updated regularly 👇
🚀 Big News! Trickest launches Community Edition 🌐 with Self-Hosted Execution, welcomes cybersecurity guru
@NahamSec
to the team, and introduces 24/7 open access!
Explore state-of-the-art security orchestration. Made for bug bounty hunters, educators & researchers. More info:
The Robots workflow:
1️⃣ Takes the top 100, 1000 and 10,000 websites from the Top 10M domains.
2️⃣ Uses
@tomnomnom
's
#meg
tool to fetch their robots.txt files.
3️⃣ Cleans the paths and pushes them to this
#wordlists
#repository
.
Check out the results👇
A quick automation workflow using mostly
@pdiscoveryio
tools, created in < 30 minutes.
🚀 Subfinder to get subdomains
🚀 DNSx to pull DNS records
🚀 HTTPx to get HTTP server details
🚀 WAFw00f to detect WAFs
🚀 Nuclei for vuln scanning
Blog coming soon!
Need to find CVE proof-of-concepts for specific vulnerabilities? You're in luck! We've enumerated the PoCs of every CVE from 1999 to 2023 in this repository
#cve
#poc
📜 New wordlists alert 📜
You've probably noticed how much we talk about going the extra mile and brute-forcing subdomains *multiple levels deep*
So we wanted to make this more effective for everyone by publishing these tailored
✨level-specific wordlists✨
Quick thread 🧵👇
Blacklisting IP addresses does NOT work for SSRF mitigation. Here are a few ways to represent 127.0.0.1 that might bypass the blacklist 😈
127.0.1
127.1
0
0x7f000001
2130706433
017700000001
It has been 🖐 five months since log4shell dropped.
Since then, we've found some pretty interesting ways of exploiting it. In this blog post, we cover "How to find Log4j Vulnerabilities in Every Possible Way".
Read on, hackers!
👇
We have a repository with the details (and POCs) of almost every publicly available CVE!
We just added a 🔥 Hottest CVEs 🔥 table to our CVEs repository that shows the most viewed CVEs according to our analytics, and it is updated regularly!
Check it 👉
Afraid of leaking your company’s sensitive data?
Employees are more likely to expose secrets than official brand accounts.
Trickest Insiders workflow collects the data of over 450 companies!
#infosec
#recon
#bugbountytips
#redteam
It’s always a good idea to customize your content discovery wordlist for your target 📜
One part of this is using technology-specific wordlists, like the ones here
Bug bounty hunters 👋
Just a quick note to let you all know we've got a public GitHub repo with a ton of recon data for these programs on trickest/inventory
We help teams build and automate workflows for:
⏰External Attack Surface Management
🥷Red Team engagements
💻Penetration tests
🧭 SecOps management
🪲Bug bounty hunting
🔗Container security scans
Get Access today -
⚒️ New tool alert ⚒️
We've released our Elasticsearch client. Now you can import/export the attack surface and vulnerability data discovered by Trickest workflows into Elasticsearch for analysis, just like we do!
Being able to write your own
@pdnuclei
templates is a superpower 🦸
1️⃣ Find a 1day web exploit that doesn’t have a public template yet
2️⃣ Create a template
3️⃣ Collect bug bounty program hosts
4️⃣ Run nuclei
5️⃣ ???
6️⃣ Profit
Our DMs have been buzzing: "Which workflows does Eric
@codecancare
use on Trickest?"
🤔 Well, here are his current faves:
🔍 Levels-deep Subdomain Enumeration
📜 Enumerate AWS SSL Certificates
🔗 Resolve and port scan a list of hosts
🖥 Inventory 2.0 - Web Servers... 👇
We scanned the Internet's most popular domains for security.txt files 🙂
Check out the results, including a statistics breakdown, and details on exactly how we did it 👇
🎉 Welcoming Sourcemapper to our 300+ tools club!
🛠️ A Golang gem, Sourcemapper parses sourcemaps from webpack, revealing the original JavaScript files and source tree.
For eep-diving into JS file structures 👌
Try Sourcemapper in your next workflow!
We've recently added jsluice by
@bishopfox
to our library, a great tool for uncovering URLs, paths, secrets and more from JavaScript with ease.
Have you used it before? Reply about your experience 🗣️
When you run
@owaspamass
like this, you're not making the best use of this amazing tool
```
amass enum -d
````
5 tips to improve your usage of `amass enum` 🧵👇
Celebrating Trickest 2.0 and the lightening-fast ⚡️ new workflow engine with a
#giveaway
! 🥳
We're giving away 5 monthly PRO licenses!
Here's how to enter:
1️⃣Like & retweet this post
2️⃣Follow
@trick3st
3️⃣Tag 2 fellow
#bugbounty
hunters in comments
⏰ 7 days to enter!
We want to help bug bounty hunters quickly tackle new programs & empower security teams with improved asset visibility. 🛡️💨
Dive into our updated Inventory repo, keeping an eye on 800+ companies' assets! 🌐👁️
📜 New wordlist alert 📜
We've just released version 1 of the Inventory *parameters* wordlist 🚀
70 targets -> 350 domains -> 250k URLs -> 2500 unique parameters
Fuzz smarter, not harder ⚒️
While fuzzing for hidden parameters, you can use gau to grab a list of URLs, run them through unfurl to extract parameters, sort them by popularity, and now you have a custom wordlist and a much bigger chance of getting a hit ✨
#bugbountytips
What's your go-to note-taking method when you are hacking?
🤔 Notion?
🤔 Obsidian?
🤔 Plain text files?
🤔 Xmind?
🤔 Pen and paper?
🤔 Something else?
Let us know 👇
Get secrets from WayBack HTTP responses 🕵️♂️
👀 Exposed credentials, API keys and private company data could be leaked in HTTP responses.
Find all of the URLs for specified hostnames and search for strings with high entropy🔍👇
Finding vulnerabilities and assets has never been so easy 🍰
Using 🔥GitHub and Trickest🔥 build your own
#Recon
&
#VulnerabilityScanner
workflow and the automation will do the work for you 🤖
How trickest/inventory finds hostnames 🔦
👀 Amass and Subfinder for passive results
🤙🏼 dsieve to get environments
🙃 mksub to generate custom environment wordlists
🤜🏼 Puredns and Trickest Resolvers for active brute-force
🎱 Gotator for permutations
👉🏼 Merge all results
Links👇🏼
How to use mksub: Beyond the basics 🔎
mksub is a simple tool. It generates subdomains by combining words from a wordlist with a target domain. But why settle for just the basics? Let's explore ways to create more combinations and find more hidden subdomains!
Thread 🧵
Here's what
@codecancare
,
#1
Bug Bounty Hunter on Hackerone and Bugcrowd, has to say about Trickest:
"The platform was able to find assets others miss, quickly, with amazing support and genuinely kind and skilled team." 🚀
Level up your
#infosec
game with our Wordlists repo! 🚀
It houses real-world
#wordlists
, updated daily to give you an edge in your
#pentesting
or
#bugbounty
hunting, and features 4 types of wordlists 👇
Today we are featuring a quality-of-life tool that allows you to easily list the repositories associated with one or more GitHub usernames. It's called enumrepo.
Super handy for automating searching for secrets 🕵️♂️ in GitHub repositories belonging to your target.
👇🧵
Shell script repositories are extra juicy when it comes to finding leaked secrets 🦪
Environment variables, http requests, and command authentication (things you’d find in an average dotfiles repo) are opportunities for things to go wrong.
Penetration testers and bug bounty hunters 📡
After you set up this repository, you can simply `git commit` any new assets you find, and your Trickest workflows will take care of scanning them and updating your recon/vulnerabilities database 🤖