Tips & Tricks

This tool is very versatile and can be used in countless of situations. Here is a list of ideas that you can try to implement.

DNS Brute-forcing

Use the list generator inside the URL parameter as part of the target hostname subdomain, i.e List.target.com. That way you can use the values from the list to brute-force and discover web applications hosted on the subdomains.

Deep nesting

Generators can be used in combinations with transforms to achieve very interesting and powerful results. For example, you can use List generator in combination with the JWT transform to crate a JWT token with a key from the list. You may be able to crack the JWT token secret key.

Authentication brute-forcing

Generators can be used to crack any authentication system. Create a list for the username and a list for the password. Plug both list for the username and password fields. If you like to crack basic authentication simply wrap both lists with the base64 encoder transform.

Bug Bounty Hunter

This tool is very useful for discovering vulnerabilities across multiple domains. Create a list of various bug bounty URLs. Create a fuzz for testing for a particular vulnerability across all bug bounties. Profit!