## Hussein Tips and Tricks
This will contain the most useful tips and tricks from Hussain stream with Nahamsec which i find one of the best stream as Hussein are sharing too much valuable information for bug bounty hunters ;)


### subdomain discovery and info-gathering using free online tools
- https://bounty.offensiveai.com (it provide data of all subdomains)
- https://www.venkon.us/subdomain-lister/ (very fast subdomain discoverer) 
- https://suip.biz/?act-finalrecon (free online OSINT tool)

### subdomain discover using brute-force
``ffuf -u http://FUZZ.example.com -w /path/to/wordlist`` (subdomain fuzzer using wordlist)

### Atlas Tamper scripts to find blind SQL Injection
https://pentesttools.net/atlas-quick-sqlmap-tamper-suggester/ (open source tool that can suggest sqlmap tampers t)

### Find broken links, redirects & site Crawl Tool
- https://www.internetmarketingninjas.com/seo-tools/google-sitemap-generator/
- https://app.deepcrawl.com/login **require registration**

### Search engine on the Internet
- https://fofa.so/ (Similar to Shodan tool)

### Parameters brute-forcing
- https://github.com/s0md3v/Arjun (HTTP parameter discovery suite)
- https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943 (Param Miner)