There are many things that every Penetration Tester and Bug Bounty Hunter does during blackbox testing of web application. These repetitive things cost a lot of time during penetration testing, and the time is usually short. Facing these obstacles, I have created a tool that automates many activities and increases work efficiency (it is still in development phase).

This article describes workflow that I am using during Web Application Penetration Testing with scope “*.domain.com”. My research is based on the OWASP methodology and the methodology contained in the book “Hack Tricks” written by Carlos Polop. For the purposes of this…


This article is a continuation of the previous one available at this link and it is the final article in the reconnaissance automation trilogy. After enumerating subdomains, and then selecting one of them and further enumerating in the direction of finding endpoints and queries, it is time to look for bugs.

In this episode, you will learn about the various techniques and tools that will help you detect those misconfigurations of the application being tested. You will also learn how to use them and automate the entire process.

Described research is based on the OWASP methodology and the methodology contained…


This article is a continuation of the previous one available in this link.
After the first phase of reconnaissance, which was subdomains enumeration, you should have a lot of information about the company you are attacking.

The next step is to select one subdomain and perform a detailed reconnaissance strictly on it. In this article, you’ll learn about the path and queries enumeration tools. You will also learn how to use them and automate the entire process. Described research is based on the OWASP methodology and the methodology contained in the book “Hack Tricks” written by Carlos Polop.

Generally speaking…

Karol Mazurek

Penetration Tester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store