Getting to know tools

Using the right tool for the job is considered good practice, but with the plethora of "right tools" that have different pros and cons.

Digging into a tools capabilities and features

Having followed tutorials and learnt to use ffuf I would use as part of standard reconnaissance to search for subdomains, directories and files. But having listened to Critical Thinking a Bug Bounty Podcast Episode 147 there is so much more to the tool than I had intially realised.

The interupting of a scan using enter and then applying a filter, see the help menu for how and what else you can do mid-scan. Before this I would kill the scan and restart with a filter as an additional argument. The -c flag to colourise results, which makes picking out interesting results a bit easier.

Traditionally I had always used the parameter FUZZ for all of my single wordlist reconnaissance scans, but naming the wordlist file with a parameter -w /path/to/wordlist/file.txt:YOURFUZZ. With this used in combination with the -request feature, where you save a request to file and can then use it instead of the -u http://<url>/ standard.

Sometimes the most powerful upgrades in your workflow aren’t new tools at all — just rediscovering the ones you already use.