https://res.cloudinary.com/bugbountynotes/image/upload/v1549217303/ui9yezliemrkgrtrxz6f.jpg

Your tools for detecting new attack surface on old website
Posted in Tool Discussion by @neolex




neolex

Researcher

Hi! I would like to know what tools do you use to know when a bug bounty program have new content ?

Do you know how to detect changes on website ? Is there a good way to know if a php website have new content ? We can't use the md5sum of the files because of news feeds and things like that...


Posted on 2019-02-03



zseano

Administrator Researcher

Detect changes as in code changes to .js files or new features?

For features:

  1. Find any blogs they have, enigneering, changelog, updates, news etc
  2. Check for any future plans
  3. Just keep hunting & testing:D

For code changes: I don't believe there's any public tool available to monitor & notify of code changes to .js files etc. Would be awesome to see one :D


Posted on 2019-02-11 at 02:09:10pm (GMT)




neolex

Researcher

My question was about both. I didnt thought of the dev blog, it's actually a pretty good idea to follow it !

For js files, I may try to code a tool for that when I got the time to do it. Thanks !


Posted on 2019-02-13 at 03:51:06pm (GMT)