From 4f31118f3e8fb5b40bd7a912bfbea88347f96dfe Mon Sep 17 00:00:00 2001
From: Mehdi <pentest.co@gmail.com>
Date: Thu, 7 Sep 2023 12:57:12 +0330
Subject: [PATCH] Update Recon.md

---
 Recon.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Recon.md b/Recon.md
index 597ece1..77ee6b6 100644
--- a/Recon.md
+++ b/Recon.md
@@ -524,6 +524,7 @@ VHostScan -t example.com
 
 ### CORS Brute Force
 Sometimes you will find pages that only return the header Access-Control-Allow-Origin when a valid domain/subdomain is set in the Origin header. In these scenarios, you can abuse this behaviour to discover new subdomains!
+* [ffuf](https://github.com/ffuf/ffuf)
 ```bash
 ffuf -w subdomains-top1million-5000.txt -u http://10.20.30.40 -H 'Origin: http://FUZZ.target.com' -mr "Access-Control-Allow-Origin" -ignore-body