Open in app

Sign In

Write

Sign In

Luke Stephens (@hakluke)
Luke Stephens (@hakluke)

5.4K Followers

Home

About

Jul 21, 2021

How to achieve enterprise-grade attack-surface monitoring with open source software

Attack surface monitoring has become increasingly important and popular in recent years as the internet footprint of organizations has increased. Hackers are utilizing advanced recon methods for discovering and monitoring internet-facing assets of an organisation. As changes occur in the attack surface, it is beneficial for hackers to be notified…

9 min read

How to achieve enterprise-grade attack-surface monitoring with open source software
How to achieve enterprise-grade attack-surface monitoring with open source software

9 min read


Mar 17, 2021

Introducing Haktrails: A Small CLI Tool Harnessing the Power of SecurityTrails

Yes, I made a logo for my tool. It’s a wolf with a moon on it’s head. It has nothing to do with the tool but if you like wolves then you will probably enjoy it. I am quite talented at graphic design, I changed the text to “haktrails” all…

Bug Bounty

5 min read

Introducing Haktrails: A Small CLI Tool Harnessing the Power of SecurityTrails
Introducing Haktrails: A Small CLI Tool Harnessing the Power of SecurityTrails
Bug Bounty

5 min read


Aug 26, 2020

Hakluke’s Guide to Nmap — Port Scanning is Just The Beginning

A while back, I posted a Twitter thread that described the Nmap features that I actually use. It really blew up! Nearly 80,000 people saw that thread, so I thought it would be good to put it into a blog post that can be searched and referred to over the…

Hacking

5 min read

Hakluke’s Guide to Nmap — Port Scanning is Just The Beginning
Hakluke’s Guide to Nmap — Port Scanning is Just The Beginning
Hacking

5 min read


Aug 23, 2020

Hakluke’s Guide to Amass — How to Use Amass More Effectively for Bug Bounties

Amass has a lot of features. It’s a bit of a weird tool because despite being synonymous with bug bounty recon, and despite being extremely well known, most people don’t know how to use it to it’s full advantage. Most people that I see using Amass are just doing this: …

Amas

7 min read

Hakluke’s Guide to Amass — How to Use Amass More Effectively for Bug Bounties
Hakluke’s Guide to Amass — How to Use Amass More Effectively for Bug Bounties
Amas

7 min read


Jan 3, 2020

Introducing Hakrawler: A Fast Web Crawler for Hackers

Hakrawler? For a long time, I’ve wanted a tool that can extract all URL endpoints from an application and simply dump them to the command-line. So I created one! Here’s the tool: https://github.com/hakluke/hakrawler The URLs are extracted by spidering the application, querying wayback machine, parsing robots.txt files and parsing sitemap.xml files. …

Golang

3 min read

Introducing Hakrawler: A Fast Web Crawler for Hackers
Introducing Hakrawler: A Fast Web Crawler for Hackers
Golang

3 min read


Dec 3, 2019

Maintaining the Motivation to Learn

I’m an ethical computer hacker, and I follow a lot of others in the same profession on Twitter. In many ways it is a demanding job because it requires constant learning. Every day there are new techniques and vulnerabilities to exploit. To be a reasonable ethical hacker, you need to…

Hacking

4 min read

The Motivation Secret: How to Maintain Intense Motivation as a Hacker
The Motivation Secret: How to Maintain Intense Motivation as a Hacker
Hacking

4 min read


May 21, 2019

How to Upgrade Your XSS Bugs from Medium to Critical

TL;DR: Before you report an XSS, look for ways it can be leveraged to increase severity. Here’s my repo containing weaponised JavaScript payloads for popular platforms like Wordpress and Drupal. More will be added in the coming weeks. It feels like every day that I see another under-leveraged XSS writeup…

Security

5 min read

How to Upgrade Your XSS Bug from Medium to Critical
How to Upgrade Your XSS Bug from Medium to Critical
Security

5 min read


Feb 3, 2019

Interlace: A Tool to Easily Automate and Multithread Your Pentesting & Bug Bounty Workflow Without Any Coding

Before we start, I need to get something off my chest. I’m an efficiency junkie. I’m one of those people who spends 4 hours configuring the perfect tmux/vim/sublime/bash configuration to save 4 milliseconds on a common task. If I could take one skill into the afterlife it would be automation…

Interlace

5 min read

Interlace: A Productivity Tool For Pentesters and Bug Hunters - Automate and Multithread Your…
Interlace: A Productivity Tool For Pentesters and Bug Hunters - Automate and Multithread Your…
Interlace

5 min read


Oct 19, 2018

I’m A Hacker, Here’s How I Break Into Your Company’s Network | How Phishing Attacks Work

Have you ever received an email from a Nigerian prince or a non-existent distant relative who is offering you an absurd amount of money? It was a phishing scam, albeit an extremely unsophisticated one. These unsophisticated phishing emails are generally sent to a huge number of people, in the hundreds…

Security

5 min read

I’m A Hacker, Here’s How I Break Into Your Company’s Network | How Phishing Attacks Work
I’m A Hacker, Here’s How I Break Into Your Company’s Network | How Phishing Attacks Work
Security

5 min read


Aug 21, 2018

How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes

Sub-domain takeovers are all the rage in the bug bounty scene at the moment. You’ve probably heard about some bug bounty legends who are raking in the dough because they’ve managed to set up an automated sub-domain takeover scanner, if you haven’t, Google “Frans Rosén”. …

Bug Bounty

4 min read

How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
Bug Bounty

4 min read

Luke Stephens (@hakluke)

Luke Stephens (@hakluke)

5.4K Followers

Pentester | Hubby | Musician

Following
  • d0nut

    d0nut

  • Sean (zseano)

    Sean (zseano)

  • caseyjohnellis

    caseyjohnellis

  • Inti De Ceukelaire

    Inti De Ceukelaire

  • Inside ProjectDiscovery

    Inside ProjectDiscovery

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech