danielmiessler.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2025-08-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2025-08-14 2025 | A ffuf Primer | Daniel MiesslerBug Bounty | Tool for command-line web attacks, ffuf emulates functionality similar to Burp Intruder and Dirbuster. This Go-based utility leverages input files to fuzz parts of URLs, including GET parameters and POST data, for discovering vulnerabilities like disallowed paths and credential stuffing. It offers extensive options for matching responses based on HTTP codes, line counts, or size, and can be used with wordlists such as curated.txt from the RobotsDisallowed project to enhance the likelihood of finding sensitive information. |
| 2025-08-14 2025 | amass — Automated Attack Surface Mapping | Daniel MiesslerBug Bounty | Tool for mapping attack surfaces, amass automates information gathering across multiple dimensions, integrating data from DNS enumeration, scraping various search engines, certificate transparency logs, and numerous APIs. It offers subcommands like `intel` for initial reconnaissance, `enum` for subdomain discovery and attack surface mapping, `viz` for visualizing results (including D3 and Maltego formats), `track` for historical analysis, and `db` for database management. Amass prioritizes diverse input sources and consistent developer attention, making it a robust solution for both offensive and defensive security operations. |
| 2023-05-18 2023 | The AI Attack Surface Map v1.0AI | Framework for thinking about AI system attack surfaces, this resource maps components like AI Assistants, Agents, Tools, Models, and Storage. It highlights natural language as a primary attack vector, detailing techniques such as prompt injection against Agents and Tools to execute arbitrary commands or access sensitive data. Model attacks focus on subtle manipulation, while Storage vulnerabilities, particularly in Vector Databases, allow for data extraction and potential compromise of embeddings. The framework aims to clarify the evolving landscape of AI vulnerabilities beyond just machine learning models. |
| 2022-01-10 2022 | A @TomNomNom Recon Tools PrimerRecon | Library of reconnaissance tools by @tomnomnom, including `gf` for security-pattern matching, `httprobe` for webserver detection, `unfurl` for URL parsing, `meg` for parallel requests, `anew` for de-duplicating lists, and `waybackurls` for archived URLs, all designed with the Unix philosophy for granular, composable workflows. |
| 2021-02-16 2021 | A ffuf Primer | Daniel MiesslerBug Bounty | Tool, ffuf, is a flexible CLI-based web attack utility written in Go, often compared to Burp Intruder on the command line. It excels at fuzzing by injecting input from wordlists into various parts of a web application, including URLs, GET parameters, and POST data. ffuf can emulate tools like Dirbuster and even perform password guessing, making it a versatile addition to a web tester's toolkit, especially when combined with curated wordlists like those found in RobotsDisallowed. |
| 2019-11-12 2019 | amass — Automated Attack Surface Mapping | Daniel MiesslerBug Bounty | Tool for automated attack surface mapping, `amass` gathers information across multiple dimensions, leveraging various input sources like DNS enumeration, scraping from search engines (Baidu, Bing, Google), certificate transparency logs (Censys, Crtsh), APIs (Shodan, VirusTotal), and web archives. Its modules include `intel` for information gathering, `enum` for attack surface mapping, `viz` for visualization, `track` for historical data, and `db` for database manipulation. Examples showcase finding organizations via `-org` and discovering domains within CIDR ranges using `-cidr`. |