Published Nov 3, 2025 • 5 min read
Core tools I use
- Burp Suite (manual analysis, Intruder, repeater)
- nmap — quick host & port discovery
- gobuster/ffuf — directory & file enumeration
- Nikto — quick misconfiguration checks
- Custom Bash/Python scripts — for automated recon flows (like ENUMO)
Quick command snippets
nmap -sC -sV -T4 -p- target.example.com
gobuster dir -u https://target.example.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Workflow tips
- Start with discovery — DNS, subdomains, ports.
- Fingerprin t technologies (Wappalyzer, builtwith).
- Run focused web checks (dir brute, parameter discovery).
- Manual validation in Burp — avoid noisy, destructive checks until authorized.
Keep a clean, reproducible notes file (Markdown) with PoCs and remediation suggestions — it saves time during reporting and retesting.