Live Hosts
I see lot of people using httpx using for identifying live hosts these days but I prefer httprobe since when using httpx, I see bunch of IP addresses that I don’t know where it is coming from. httpx has advantage that it can look for different ports other than 80 and 443 but modern web applications would rarely have them open.
I usually first look for 403 pages and see if I can bypass it.
Then I check on other status codes such as 404, 400 and check for subdomain takeover.
After that, I check for installation pages such as Apache, IIS and run fuzzing on it.
httprobe
cat subs_final.txt | httprobe > httprobe_result.txt
httprobe identified 1960 assets being live.
httpx - Sort for By Status Code
while read -r url; do
status_code=$(curl -o /dev/null -s -w "%{http_code}" "$url")
echo "$url - $status_code"
done < httprobe_result.txt > status_codes.txt
aquatone
We can use aquatone to take screenshots of the host.